ServerMania logo

Edit Firewall Rule

Ensure that the following permissions are enabled before setting firewall rules for your virtual server:

  • Create own firewall rules
  • Destroy own firewall rules
  • Read own firewall rules
  • Update own firewall rules

To edit a firewall rule, use the following request:

PUT /virtual_machines/:virtual_machine_id/firewall_rules/:id.xml
PUT /virtual_machines/:virtual_machine_id/firewall_rules/:id.json

XML Request Example

curl -i -X PUT -H 'Accept: application/xml' -H 'Content-type: application/xml' -u user:userpass -d '<firewall_rule><address>192.168.128.133</address><command>ACCEPT</command><port>70</port><protocol>TCP</protocol><network_interface_id>105</network_interface_id><comment>This is a comment</comment></firewall_rule>' http://test/virtual_machines/23/firewall_rules/211.xml

JSON Request Example

curl -i -X PUT -H 'Accept: application/json' -H 'Content-type: application/json' -u user:userpass -d '{"firewall_rule":{"address":"192.168.128.133","command":"ACCEPT","port":"70","protocol":"TCP","network_interface_id":"105","comment":"This is a comment"}}' -url http://test/virtual_machines/23/firewall_rules/211.json

Where:

address* - Set the IP address for which this rule is active.

  • Leave the empty field to apply this rule to all IPs
  • Enter hyphen-separated IPs to apply the rule to an IP range (e.g. 192.168.1.1-192.168.1.10)
  • Enter the IPs with slash to apply the rule to CIDR (e.g. 192.168.1.1/24)

command - sets the command to ACCEPT or DROP the abovementioned IPs

port - sets the port addresses

  • Leave the empty field to apply the rule to all ports
  • Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028)
  • Enter comma-separated ports to apply the rule to the list of ports (e.g. 80,443,21)

protocol - protocol type (TCP or UDP)

network_interface_id - interface of the network

(lightbulb) comment - the comment added to the firewall rule

You will get a 204 status response on success, and 404 if there is no firewall rule with a requested ID or you entered incorrect URL.


Protocols:

For IPv4, only the ICMP, IPV6-ICMP, TCP, UDP, DCCP, SCTP protocols are available by default. However, if required, you can enable other protocols for IPv4.

  1. Go to the /interface/config/network_protocols.yml file.
  2. The list contains all protocols available (IPv4). Set 'true' for the required protocols.
  3. Restart httpd by running one of the following commands:

    service httpd restart

    or

    /etc/init.d/httpd restart
  4. The protocols you have enabled are now available while adding new firewall rules.

The following protocols can be enabled in the /interface/config/network_protocols.yml file:

  • IP

  • HOPOPT

  • ICMP

  • IGMP

  • GGP

  • IP-ENCAP

  • ST

  • TCP

  • CBT

  • EGP

  • IGP

  • BBN-RCC-MON

  • NVP-II

  • PUP

  • ARGUS

  • EMCON

  • XNET

  • CHAOS

  • UDP

  • MUX

  • DCN-MEAS

  • HMP

  • PRM

  • XNS-IDP

  • TRUNK-1

  • TRUNK-2

  • LEAF-1

  • LEAF-2

  • RSVP-E2E-IGNORE
  • FC
  • SCTP
  • IPLT
  • RDP

  • IRTP

  • ISO-TP4

  • NETBLT

  • MFE-NSP

  • MERIT-INP

  • DCCP

  • 3PC

  • IDPR

  • XTP

  • DDP

  • IDPR-CMTP

  • TP

  • IL

  • SDRP

  • IDRP

  • RSVP

  • GRE

  • DSR

  • BNA

  • ESP

  • AH

  • I-NLSP

  • SWIPE

  • NARP

  • MOBILE

  • HIP
  • manet
  • MPLS-in-IP
  • UDPLite
  • PIPE
  • SSCOPMCE
  • TLSP

  • SKIP

  • CFTP

  • SAT-EXPAK

  • KRYPTOLAN

  • RVD

  • IPPC

  • SAT-MON

  • VISA

  • IPCV

  • CPNX

  • CPHB

  • WSN

  • PVP

  • BR-SAT-MON

  • SUN-ND

  • WB-MON

  • WB-EXPAK

  • ISO-IP

  • VMTP

  • SECURE-VMTP

  • VINES

  • TTP

  • NSFNET-IGP

  • DGP, TCF

  • EIGRP

  • OSPFIGP

  • Sprite-RPC

  • LARP

  • MTP

  • SPS
  • CRUDP
  • AX.25

  • IPIP

  • MICP

  • SCC-SP

  • ETHERIP

  • ENCAP

  • GMTP

  • IFMP

  • PNNI

  • PIM

  • ARIS

  • SCPS

  • QNX

  • A/N

  • IPComp

  • SNP

  • Compaq-Peer

  • IPX-in-IP

  • VRRP

  • PGM

  • L2TP

  • DDX

  • IATP

  • STP

  • SRP

  • UTI

  • SMP

  • SM

  • PTP

  • ISIS

  • FIRE

  • CRTP


Page History

v. 6.1 

  • added the comment parameter