Create a firewall

Creates a Firewall to filter network traffic.

  • Use rules to create inbound and outbound access rules. Rule versions increment from 1 whenever the firewall's rules change.

  • Use devices to assign a firewall to a service such as a Linode that is using legacy config profiles, a public Linode interface, a regular VPC Linode interface, or a NodeBalancer. The firewall’s rules are then applied to that service.

    • For Linodes using Linode interfaces, firewalls need to be assigned to interfaces and not the linodes. Firewall templates are available for both regular VPC Linode interfaces and public Linode interfaces, and come with pre-configured protection rules.

    • For Linodes using legacy configuration profiles, firewalls are applied through the Linode. Public and VPC interfaces are subject to the firewall rules, while VLAN interfaces are not.

  • Currently, firewalls can be assigned to Linodes with legacy configuration profiles, public or regular VPC Linode interfaces, and NodeBalancers.

    • The same firewall can be assigned to multiple services at a time.
  • Use firewall_id to assign a firewall when creating a Linode or when adding a Linode interface.

  • A service can have one assigned firewall enabled at a time.

  • Assigned Linodes must not have any ongoing live migrations.

  • A firewall_create event is generated when this operation succeeds.

Permissions and scopes

To call this operation, you need permissions, based on the model you're using:

  • Identity and access permissions. Your user needs a role with these permissions. Learn more.

    • Permissions: create_firewall
  • OAuth scopes. Your user needs these scopes assigned. Learn more.

    • Scopes: firewall:read_write

CLI

linode-cli firewalls create \
  --label example-firewall \
  --rules.outbound_policy ACCEPT \
  --rules.inbound_policy DROP \
  --rules.inbound '[{"protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128"]}, "action": "ACCEPT"}]' \
  --rules.outbound '[{"protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"],"ipv6": ["2001:DB8::/128"]}, "action": "DROP", "label": "outbound-rule123", "description": "An example outbound rule description."}]'

Learn more

Path Params
string
enum
required

Enum Call either the v4 URL, or v4beta for operations still in Beta.

Allowed:
Body Params

A resource that controls incoming and outgoing network traffic to a compute service. Only one enabled Firewall can be attached to a particular service at any given time. Create a firewall device to assign a Firewall to a service. Currently, Firewalls can assigned to Linode compute instances and NodeBalancers.

devices
object

Devices you can create for this firewall. When you create a device, the firewall is assigned to a service. You can currently create devices for:

  • Linodes using legacy configuration profiles.
  • Linode interfaces including public and regular VPC.
  • NodeBalancers.

You can't create firewall devices for individual interfaces within legacy configuration profiles.

Additional devices can be assigned after firewall creation by using the Create a firewall device operation.

rules
object
required

The inbound and outbound access rules to apply to the Firewall.

A Firewall may have up to 25 rules across its inbound and outbound rulesets.

Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.

string
required
length between 3 and 32

Filterable The Firewall's label, for display purposes only.

Firewall labels have the following constraints:

  • Must begin and end with an alphanumeric character.
  • May only consist of alphanumeric characters, hyphens (-), underscores (_) or periods (.).
  • Cannot have two hyphens (--), underscores (__) or periods (..) in a row.
  • Must be between 3 and 32 characters.
  • Must be unique.
tags
array of strings

Filterable An array of tags applied to this object. Tags are for organizational purposes only.

tags
Responses

Language
Credentials
LoadingLoading…
Response
Choose an example:
application/json