Creates a Firewall to filter network traffic.
-
Use
rules
to create inbound and outbound access rules. Rule versions increment from1
whenever the firewall'srules
change. -
Use
devices
to assign a firewall to a service such as a Linode that is using legacy config profiles, a Linode interface or a NodeBalancer. The firewall’s rules are then applied to that service. Requires aread_write
user grant to the device.-
For Linodes using Linode interfaces, firewalls need to be assigned to
interfaces
and not thelinodes
. Firewall templates are available for both VPC Linode interfaces and public Linode interfaces, and come with pre-configured protection rules. -
For Linodes using legacy configuration profiles, firewalls are applied through the Linode. Public and VPC interfaces are subject to the firewall rules, while VLAN interfaces are not.
-
-
Currently, firewalls can be assigned to Linodes with legacy configuration profiles, Linode interfaces, and NodeBalancers.
- The same firewall can be assigned to multiple services at a time.
-
Use
firewall_id
to assign a firewall when creating a Linode or when adding a Linode interface. -
A service can have one assigned firewall enabled at a time.
-
Assigned Linodes must not have any ongoing live migrations.
-
A
firewall_create
event is generated when this operation succeeds.
linode-cli firewalls create \
--label example-firewall \
--rules.outbound_policy ACCEPT \
--rules.inbound_policy DROP \
--rules.inbound '[{"protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128"]}, "action": "ACCEPT"}]' \
--rules.outbound '[{"protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"],"ipv6": ["2001:DB8::/128"]}, "action": "DROP", "label": "outbound-rule123", "description": "An example outbound rule description."}]'
<https://techdocs.akamai.com/cloud-computing/docs/getting-started-with-the-linode-cli>
firewall:read_write
<https://techdocs.akamai.com/linode-api/reference/get-started#oauth>