API

Get a firewall template

get
https://api.linode.com//networking/firewalls/templates/

Gets a vpc or public firewall template you can use with Linode VPC and public interfaces. Firewall templates come with some protection rules already configured.

The public interface's firewall template allows for login with SSH, and regular networking control data. You should further strengthen these rules by limiting the allowed IPv4 and IPv6 ranges.

The VPC interface's firewall template allows for login with SSH, regular networking control data, and inbound traffic from the VPC address space. You should further strengthen these rules by limiting the allowed IPv4 and IPv6 ranges.

Permissions and scopes

To call this operation, you need permissions, based on the model you're using:

  • Identity and access permissions. Your user needs a role with these permissions. Learn more.

    • Permissions: Internet facing, no permission

  • OAuth scopes. Your user needs these scopes assigned. Learn more.

    • Scopes: firewall:read_only

CLI

linode-cli firewalls template-view vpc

Learn more

Path Params
string
enum
required

Enum Call either the v4 URL, or v4beta for operations still in Beta.

Allowed:
string
enum
required

Enum The firewall template type, available for either vpc or public interfaces.

Allowed:
Query Params
integer
≥ 1
Defaults to 1

The page of a collection to return.

integer
25 to 500
Defaults to 100

The number of items to return per page.

Responses

vpc or public firewall template for interface firewalls.

Response body
object
rules
object

The inbound and outbound access rules for the VPC firewall template.

A firewall can have up to 25 rules across its inbound and outbound rule sets. Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic from the same address, the first rule applies, and inbound traffic from that address is accepted.

inbound
array of objects

The inbound rules for the firewall.

inbound
object
string
enum

Controls whether traffic is accepted or dropped by this rule. Overrides the Firewall's inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.

ACCEPT DROP

addresses
object

The IPv4 or IPv6 addresses affected by this rule. A rule can have up to 255 total addresses or networks listed across its ipv4 and ipv6 arrays. A network and a single IP are treated as equivalent when accounting for this limit.

Must contain ipv4, ipv6, or both.

string
length between 1 and 100

Used to describe this rule. For display purposes only.

string
length between 3 and 32

Used to identify this rule. For display purposes only.

string | null

A string representing the port or ports affected by this rule:

  • The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. A space is permitted following each comma.
  • A range of ports is inclusive of the start and end values for the range. The end value of the range must be greater than the start value.
  • Ports must be within 1 and 65535, and may not contain any leading zeroes. For example, port 080 is not allowed.
  • The ports string can have up to 15 pieces, where a single port is treated as one piece, and a port range is treated as two pieces. For example, the string "22-24, 80, 443" has four pieces.
  • If no ports are configured, all ports are affected.
  • Only allowed for the TCP and UDP protocols. Ports are not allowed for the ICMP and IPENCAP protocols.
string
enum

The type of network traffic affected by this rule.

TCP UDP ICMP IPENCAP

string
enum

The default behavior for inbound traffic. You can override this setting by updating the inbound object's action field.

ACCEPT DROP

outbound
array of objects

The outbound rules for the firewall.

outbound
object
string
enum

Controls whether traffic is accepted or dropped by this rule. Overrides the Firewall's inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.

ACCEPT DROP

addresses
object

The IPv4 or IPv6 addresses affected by this rule. A rule can have up to 255 total addresses or networks listed across its ipv4 and ipv6 arrays. A network and a single IP are treated as equivalent when accounting for this limit.

Must contain ipv4, ipv6, or both.

string
length between 1 and 100

Used to describe this rule. For display purposes only.

string
length between 3 and 32

Used to identify this rule. For display purposes only.

string | null

A string representing the port or ports affected by this rule:

  • The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. A space is permitted following each comma.
  • A range of ports is inclusive of the start and end values for the range. The end value of the range must be greater than the start value.
  • Ports must be within 1 and 65535, and may not contain any leading zeroes. For example, port 080 is not allowed.
  • The ports string can have up to 15 pieces, where a single port is treated as one piece, and a port range is treated as two pieces. For example, the string "22-24, 80, 443" has four pieces.
  • If no ports are configured, all ports are affected.
  • Only allowed for the TCP and UDP protocols. Ports are not allowed for the ICMP and IPENCAP protocols.
string
enum

The type of network traffic affected by this rule.

TCP UDP ICMP IPENCAP

string
enum

The default behavior for outbound traffic. You can override this setting by updating the outbound object's action fields.

ACCEPT DROP

slug
array of strings
enum

Read-only The firewall template types available for VPC and public Linode interfaces.

vpc public

slug

Language
Credentials

Updated 29 days ago

Did this page help you?