API
Start typing to search…
  1. Networking
  2. Firewalls

Create a firewall

post
https://api.linode.com//networking/firewalls

Creates a Firewall to filter network traffic.

  • Use rules to create inbound and outbound access rules. Rule versions increment from 1 whenever the firewall's rules change.

  • Use devices to assign a firewall to a service such as a Linode that is using legacy config profiles, a Linode interface or a NodeBalancer. The firewall’s rules are then applied to that service.

    • For Linodes using Linode interfaces, firewalls need to be assigned to interfaces and not the linodes. Firewall templates are available for both VPC Linode interfaces and public Linode interfaces, and come with pre-configured protection rules.

    • For Linodes using legacy configuration profiles, firewalls are applied through the Linode. Public and VPC interfaces are subject to the firewall rules, while VLAN interfaces are not.

  • Currently, firewalls can be assigned to Linodes with legacy configuration profiles, Linode interfaces, and NodeBalancers.

    • The same firewall can be assigned to multiple services at a time.

  • Use firewall_id to assign a firewall when creating a Linode or when adding a Linode interface.

  • A service can have one assigned firewall enabled at a time.

  • Assigned Linodes must not have any ongoing live migrations.

  • A firewall_create event is generated when this operation succeeds.

Permissions and scopes

To call this operation, you need permissions, based on the model you're using:

  • Identity and access permissions. Your user needs a role with these permissions. Learn more.

    • Permissions: create_firewall

  • OAuth scopes. Your user needs these scopes assigned. Learn more.

    • Scopes: firewall:read_write

CLI

linode-cli firewalls create \
  --label example-firewall \
  --rules.outbound_policy ACCEPT \
  --rules.inbound_policy DROP \
  --rules.inbound '[{"protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128"]}, "action": "ACCEPT"}]' \
  --rules.outbound '[{"protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"],"ipv6": ["2001:DB8::/128"]}, "action": "DROP", "label": "outbound-rule123", "description": "An example outbound rule description."}]'

Learn more

Language
Credentials