Firewalls
This section details Firewall-related Linode CLI commands.
list
Aliases: ls
Returns a paginated list of accessible Firewalls.
Usage
The format accepted by this command.
linode-cli firewalls list [-h] [--tags [tags] ] [--id id]
[--created created] [--label label] [--updated updated]
[--order-by {tags,id,created,label,updated}]
[--order {asc,desc}]
Sample
Examples of how this command might be used.
linode-cli firewalls list
Filterable Attributes
Arguments used to define a filter for response entries.
Name |
Type |
Description |
|---|---|---|
--created |
str |
When this Firewall was created. |
--id |
int |
The Firewall’s unique ID. |
--label |
str |
The Firewall’s label, for display purposes only. |
--tags |
[]str |
An array of tags applied to this object. |
--updated |
str |
When this Firewall was last updated. |
Result Attributes
The attributes returned by this command.
Name |
Type |
Example |
Description |
|---|---|---|---|
created |
str |
2018-01-01T00:01:01 |
When this Firewall was created. |
id |
int |
123 |
The Firewall’s unique ID. |
label |
str |
firewall123 |
The Firewall’s label, for display purposes only. |
status |
str |
enabled |
The status of this Firewall. |
tags |
[]str |
[“example ta…er example”] |
An array of tags applied to this object. |
updated |
str |
2018-01-02T00:01:01 |
When this Firewall was last updated. |
rules
Name |
Type |
Example |
Description |
|---|---|---|---|
rules.inbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
rules.inbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
rules.inbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
rules.inbound.description |
str |
An example fi…description. |
Used to describe this rule. |
rules.inbound.label |
str |
firewallrule123 |
Used to identify this rule. |
rules.inbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
rules.inbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
rules.inbound_policy |
str |
DROP |
The default behavior for inbound traffic. |
rules.outbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
rules.outbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
rules.outbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
rules.outbound.description |
str |
An example fi…description. |
Used to describe this rule. |
rules.outbound.label |
str |
firewallrule123 |
Used to identify this rule. |
rules.outbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
rules.outbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
rules.outbound_policy |
str |
DROP |
The default behavior for outbound traffic. |
view
Get a specific Firewall resource by its ID.
Usage
The format accepted by this command.
linode-cli firewalls view [-h] [--created created] [--tags [tags] ]
[--id id] [--updated updated] [--label label]
[--order-by {created,tags,id,updated,label}]
[--order {asc,desc}] firewallId
Sample
Examples of how this command might be used.
linode-cli firewalls view 123
Parameters
Positional parameters used to define the resource this command should target.
Name |
Type |
Description |
|---|---|---|
firewallId |
int |
ID of the Firewall to access. |
Result Attributes
The attributes returned by this command.
Name |
Type |
Example |
Description |
|---|---|---|---|
created |
str |
2018-01-01T00:01:01 |
When this Firewall was created. |
id |
int |
123 |
The Firewall’s unique ID. |
label |
str |
firewall123 |
The Firewall’s label, for display purposes only. |
status |
str |
enabled |
The status of this Firewall. |
tags |
[]str |
[“example ta…er example”] |
An array of tags applied to this object. |
updated |
str |
2018-01-02T00:01:01 |
When this Firewall was last updated. |
rules
Name |
Type |
Example |
Description |
|---|---|---|---|
rules.inbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
rules.inbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
rules.inbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
rules.inbound.description |
str |
An example fi…description. |
Used to describe this rule. |
rules.inbound.label |
str |
firewallrule123 |
Used to identify this rule. |
rules.inbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
rules.inbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
rules.inbound_policy |
str |
DROP |
The default behavior for inbound traffic. |
rules.outbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
rules.outbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
rules.outbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
rules.outbound.description |
str |
An example fi…description. |
Used to describe this rule. |
rules.outbound.label |
str |
firewallrule123 |
Used to identify this rule. |
rules.outbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
rules.outbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
rules.outbound_policy |
str |
DROP |
The default behavior for outbound traffic. |
create
Creates a Firewall to filter network traffic.
Usage
The format accepted by this command.
linode-cli firewalls create [-h] [--rules.inbound inbound]
[--rules.outbound outbound]
[--rules.inbound_policy inbound_policy]
[--rules.outbound_policy outbound_policy]
[--devices.linodes linodes]
[--devices.nodebalancers nodebalancers] [--label label]
[--tags tags]
Sample
Examples of how this command might be used.
linode-cli firewalls create \
--label example-firewall \
--rules.outbound_policy ACCEPT \
--rules.inbound_policy DROP \
--rules.inbound '[{"protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128"]}, "action": "ACCEPT"}]' \
--rules.outbound '[{"protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"],"ipv6": ["2001:DB8::/128"]}, "action": "DROP", "label": "outbound-rule123", "description": "An example outbound rule description."}]'
Arguments
Additional fields used to execute this request.
Name |
Type |
Example |
Description |
|---|---|---|---|
--label * |
str |
firewall123 |
The Firewall’s label, for display purposes only. |
--rules.inbound_policy * |
str |
DROP |
The default behavior for inbound traffic. |
--rules.outbound_policy * |
str |
DROP |
The default behavior for outbound traffic. |
--tags |
[]str |
example tag |
An array of tags applied to this object. |
--devices.linodes |
[]int |
123 |
An array of Linode IDs. |
--devices.nodebalancers |
[]int |
321 |
An array containing a NodeBalancer ID. |
--rules.inbound |
json |
N/A |
The inbound rules for the firewall, as a JSON array. |
--rules.outbound |
json |
N/A |
The outbound rules for the firewall, as a JSON array. |
Result Attributes
The attributes returned by this command.
Name |
Type |
Example |
Description |
|---|---|---|---|
created |
str |
2018-01-01T00:01:01 |
When this Firewall was created. |
id |
int |
123 |
The Firewall’s unique ID. |
label |
str |
firewall123 |
The Firewall’s label, for display purposes only. |
status |
str |
enabled |
The status of this Firewall. |
tags |
[]str |
[“example ta…er example”] |
An array of tags applied to this object. |
updated |
str |
2018-01-02T00:01:01 |
When this Firewall was last updated. |
rules
Name |
Type |
Example |
Description |
|---|---|---|---|
rules.inbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
rules.inbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
rules.inbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
rules.inbound.description |
str |
An example fi…description. |
Used to describe this rule. |
rules.inbound.label |
str |
firewallrule123 |
Used to identify this rule. |
rules.inbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
rules.inbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
rules.inbound_policy |
str |
DROP |
The default behavior for inbound traffic. |
rules.outbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
rules.outbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
rules.outbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
rules.outbound.description |
str |
An example fi…description. |
Used to describe this rule. |
rules.outbound.label |
str |
firewallrule123 |
Used to identify this rule. |
rules.outbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
rules.outbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
rules.outbound_policy |
str |
DROP |
The default behavior for outbound traffic. |
update
Updates information for a Firewall.
Usage
The format accepted by this command.
linode-cli firewalls update [-h] [--tags tags] [--label label]
[--status status] firewallId
Sample
Examples of how this command might be used.
linode-cli firewalls update 123 \
--status disabled
Parameters
Positional parameters used to define the resource this command should target.
Name |
Type |
Description |
|---|---|---|
firewallId |
int |
ID of the Firewall to access. |
Arguments
Additional fields used to execute this request.
Name |
Type |
Example |
Description |
|---|---|---|---|
--label |
str |
firewall123 |
The Firewall’s label, for display purposes only. |
--status |
str |
enabled |
The status to be applied to this Firewall. |
--tags |
[]str |
example tag |
An array of tags applied to this object. |
Result Attributes
The attributes returned by this command.
Name |
Type |
Example |
Description |
|---|---|---|---|
created |
str |
2018-01-01T00:01:01 |
When this Firewall was created. |
id |
int |
123 |
The Firewall’s unique ID. |
label |
str |
firewall123 |
The Firewall’s label, for display purposes only. |
status |
str |
enabled |
The status of this Firewall. |
tags |
[]str |
[“example ta…er example”] |
An array of tags applied to this object. |
updated |
str |
2018-01-02T00:01:01 |
When this Firewall was last updated. |
rules
Name |
Type |
Example |
Description |
|---|---|---|---|
rules.inbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
rules.inbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
rules.inbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
rules.inbound.description |
str |
An example fi…description. |
Used to describe this rule. |
rules.inbound.label |
str |
firewallrule123 |
Used to identify this rule. |
rules.inbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
rules.inbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
rules.inbound_policy |
str |
DROP |
The default behavior for inbound traffic. |
rules.outbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
rules.outbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
rules.outbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
rules.outbound.description |
str |
An example fi…description. |
Used to describe this rule. |
rules.outbound.label |
str |
firewallrule123 |
Used to identify this rule. |
rules.outbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
rules.outbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
rules.outbound_policy |
str |
DROP |
The default behavior for outbound traffic. |
delete
Aliases: rm
Delete a Firewall resource by its ID.
Usage
The format accepted by this command.
linode-cli firewalls delete [-h] firewallId
Sample
Examples of how this command might be used.
linode-cli firewalls delete 123
Parameters
Positional parameters used to define the resource this command should target.
Name |
Type |
Description |
|---|---|---|
firewallId |
int |
ID of the Firewall to access. |
device-view
Returns information for a Firewall Device, which assigns a Firewall to a service (referred to as the Device’s entity).
Usage
The format accepted by this command.
linode-cli firewalls device-view [-h] [--updated updated]
[--created created] [--id id]
[--order-by {updated,created,id}] [--order {asc,desc}]
firewallId deviceId
Sample
Examples of how this command might be used.
linode-cli firewalls device-view \
123 456
Parameters
Positional parameters used to define the resource this command should target.
Name |
Type |
Description |
|---|---|---|
firewallId |
int |
ID of the Firewall to access. |
deviceId |
int |
ID of the Firewall Device to access. |
Result Attributes
The attributes returned by this command.
Name |
Type |
Example |
Description |
|---|---|---|---|
created |
str |
2018-01-01T00:01:01 |
When this Device was created. |
id |
int |
123 |
The Device’s unique ID. |
updated |
str |
2018-01-02T00:01:01 |
When this Device was last updated. |
entity
Name |
Type |
Example |
Description |
|---|---|---|---|
entity.id |
int |
123 |
The entity’s ID. |
entity.label |
str |
my-linode |
The entity’s label. |
entity.type |
str |
linode |
The entity’s type. |
entity.url |
str |
/v4/linode/instances/123 |
The API URL path you can use to access this entity. |
device-create
Creates a Firewall Device, which assigns a Firewall to a service (referred to as the Device’s entity) and applies the Firewall’s Rules to the device.
Usage
The format accepted by this command.
linode-cli firewalls device-create [-h] [--id id] [--type type]
firewallId
Sample
Examples of how this command might be used.
linode-cli firewalls device-create 123 \
--id 456 \
--type "linode"
Parameters
Positional parameters used to define the resource this command should target.
Name |
Type |
Description |
|---|---|---|
firewallId |
int |
ID of the Firewall to access. |
Arguments
Additional fields used to execute this request.
Name |
Type |
Example |
Description |
|---|---|---|---|
--id * |
int |
123 |
The entity’s ID. |
--type * |
str |
linode |
The entity’s type. |
Result Attributes
The attributes returned by this command.
Name |
Type |
Example |
Description |
|---|---|---|---|
created |
str |
2018-01-01T00:01:01 |
When this Device was created. |
id |
int |
123 |
The Device’s unique ID. |
updated |
str |
2018-01-02T00:01:01 |
When this Device was last updated. |
entity
Name |
Type |
Example |
Description |
|---|---|---|---|
entity.id |
int |
123 |
The entity’s ID. |
entity.label |
str |
my-linode |
The entity’s label. |
entity.type |
str |
linode |
The entity’s type. |
entity.url |
str |
/v4/linode/instances/123 |
The API URL path you can use to access this entity. |
device-delete
Removes a Firewall Device, which removes a Firewall from the service it was assigned to by the Device.
Usage
The format accepted by this command.
linode-cli firewalls device-delete [-h] firewallId deviceId
Sample
Examples of how this command might be used.
linode-cli firewalls device-delete 123 456
Parameters
Positional parameters used to define the resource this command should target.
Name |
Type |
Description |
|---|---|---|
firewallId |
int |
ID of the Firewall to access. |
deviceId |
int |
ID of the Firewall Device to access. |
devices-list
Returns a paginated list of a Firewall’s Devices.
Usage
The format accepted by this command.
linode-cli firewalls devices-list [-h] [--id id]
[--updated updated] [--created created]
[--order-by {id,updated,created}] [--order {asc,desc}]
firewallId
Sample
Examples of how this command might be used.
linode-cli firewalls devices-list 123
Parameters
Positional parameters used to define the resource this command should target.
Name |
Type |
Description |
|---|---|---|
firewallId |
int |
ID of the Firewall to access. |
Filterable Attributes
Arguments used to define a filter for response entries.
Name |
Type |
Description |
|---|---|---|
--created |
str |
When this Device was created. |
--id |
int |
The Device’s unique ID. |
--updated |
str |
When this Device was last updated. |
Result Attributes
The attributes returned by this command.
Name |
Type |
Example |
Description |
|---|---|---|---|
created |
str |
2018-01-01T00:01:01 |
When this Device was created. |
id |
int |
123 |
The Device’s unique ID. |
updated |
str |
2018-01-02T00:01:01 |
When this Device was last updated. |
entity
Name |
Type |
Example |
Description |
|---|---|---|---|
entity.id |
int |
123 |
The entity’s ID. |
entity.label |
str |
my-linode |
The entity’s label. |
entity.type |
str |
linode |
The entity’s type. |
entity.url |
str |
/v4/linode/instances/123 |
The API URL path you can use to access this entity. |
rules-list
Returns the inbound and outbound Rules for a Firewall.
Usage
The format accepted by this command.
linode-cli firewalls rules-list [-h] [--order-by {}]
[--order {asc,desc}] firewallId
Sample
Examples of how this command might be used.
linode-cli firewalls rules-list 123
Parameters
Positional parameters used to define the resource this command should target.
Name |
Type |
Description |
|---|---|---|
firewallId |
int |
ID of the Firewall to access. |
Result Attributes
The attributes returned by this command.
Name |
Type |
Example |
Description |
|---|---|---|---|
inbound_policy |
str |
DROP |
The default behavior for inbound traffic. |
outbound_policy |
str |
DROP |
The default behavior for outbound traffic. |
inbound
Name |
Type |
Example |
Description |
|---|---|---|---|
inbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
inbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
inbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
inbound.description |
str |
An example fi…description. |
Used to describe this rule. |
inbound.label |
str |
firewallrule123 |
Used to identify this rule. |
inbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
inbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
outbound
Name |
Type |
Example |
Description |
|---|---|---|---|
outbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
outbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
outbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
outbound.description |
str |
An example fi…description. |
Used to describe this rule. |
outbound.label |
str |
firewallrule123 |
Used to identify this rule. |
outbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
outbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
rules-update
Updates the inbound and outbound Rules for a Firewall.
Usage
The format accepted by this command.
linode-cli firewalls rules-update [-h] [--outbound outbound]
[--inbound inbound] [--outbound_policy outbound_policy]
[--inbound_policy inbound_policy] firewallId
Sample
Examples of how this command might be used.
linode-cli firewalls rules-update 123 \
--inbound '[{"action":"ACCEPT", "protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128"]}}]' \
--outbound '[{"action":"DROP","protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128`"]}}]'
Parameters
Positional parameters used to define the resource this command should target.
Name |
Type |
Description |
|---|---|---|
firewallId |
int |
ID of the Firewall to access. |
Arguments
Additional fields used to execute this request.
Name |
Type |
Example |
Description |
|---|---|---|---|
--inbound |
json |
N/A |
The inbound rules for the firewall, as a JSON array. |
--inbound_policy |
str |
DROP |
The default behavior for inbound traffic. |
--outbound |
json |
N/A |
The outbound rules for the firewall, as a JSON array. |
--outbound_policy |
str |
DROP |
The default behavior for outbound traffic. |
Result Attributes
The attributes returned by this command.
Name |
Type |
Example |
Description |
|---|---|---|---|
inbound_policy |
str |
DROP |
The default behavior for inbound traffic. |
outbound_policy |
str |
DROP |
The default behavior for outbound traffic. |
inbound
Name |
Type |
Example |
Description |
|---|---|---|---|
inbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
inbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
inbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
inbound.description |
str |
An example fi…description. |
Used to describe this rule. |
inbound.label |
str |
firewallrule123 |
Used to identify this rule. |
inbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
inbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |
outbound
Name |
Type |
Example |
Description |
|---|---|---|---|
outbound.action |
str |
ACCEPT |
Controls whether traffic is accepted or dropped by this rule. |
outbound.addresses.ipv4 |
[]str |
[“192.0.2.0/2…1.100.2/32”] |
A list of IPv4 addresses or networks. |
outbound.addresses.ipv6 |
[]str |
[“2001:DB8::/128”] |
A list of IPv6 addresses or networks. |
outbound.description |
str |
An example fi…description. |
Used to describe this rule. |
outbound.label |
str |
firewallrule123 |
Used to identify this rule. |
outbound.ports |
str |
22-24, 80, 443 |
A string representing the port or ports affected by this rule: - The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. |
outbound.protocol |
str |
TCP |
The type of network traffic affected by this rule. |