Skip to content

Commit a8595c9

Browse files
bbiggerrbbiggerr
authored
Merge pull request #844 from bbiggerr/firewallrulesconfig-fixes
Fixed inaccuracies regarding FirewallRulesConfig
2 parents 4de7848 + 23261b6 commit a8595c9

File tree

1 file changed

+38
-24
lines changed

1 file changed

+38
-24
lines changed

openapi.yaml

Lines changed: 38 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -13070,10 +13070,11 @@ paths:
1307013070
"ports": "22, 80, 443",
1307113071
"addresses": {
1307213072
"ipv4": [
13073-
"192.0.2.0/24"
13073+
"192.0.2.0/24",
13074+
"198.51.100.2/32"
1307413075
],
1307513076
"ipv6": [
13076-
"2001:DB8::/32"
13077+
"2001:DB8::/128"
1307713078
]
1307813079
},
1307913080
"action": "ACCEPT",
@@ -13088,10 +13089,11 @@ paths:
1308813089
"ports": "49152-65535",
1308913090
"addresses": {
1309013091
"ipv4": [
13091-
"192.0.2.0/24"
13092+
"192.0.2.0/24",
13093+
"198.51.100.2/32"
1309213094
],
1309313095
"ipv6": [
13094-
"2001:DB8::/32"
13096+
"2001:DB8::/128"
1309513097
]
1309613098
},
1309713099
"action": "ACCEPT",
@@ -13117,8 +13119,8 @@ paths:
1311713119
--label example-firewall \
1311813120
--rules.outbound_policy ACCEPT \
1311913121
--rules.inbound_policy DROP \
13120-
--rules.inbound '[{"protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.1", "192.0.2.0/24"], "ipv6": ["2001:DB8::/32"]}, "action": "ACCEPT"}]' \
13121-
--rules.outbound '[{"protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.0/24"],"ipv6": ["2001:DB8::/32"]}, "action": "DROP", "label": "outbound-rule123", "description": "An example outbound rule description."}]'
13122+
--rules.inbound '[{"protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128"]}, "action": "ACCEPT"}]' \
13123+
--rules.outbound '[{"protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"],"ipv6": ["2001:DB8::/128"]}, "action": "DROP", "label": "outbound-rule123", "description": "An example outbound rule description."}]'
1312213124
/networking/firewalls/{firewallId}:
1312313125
parameters:
1312413126
- name: firewallId
@@ -13545,7 +13547,7 @@ paths:
1354513547
description: |
1354613548
Updates the inbound and outbound Rules for a Firewall.
1354713549

13548-
**Note:** This command replaces all of a Firewall's `inbound` and/or `outbound` rulesets with the values specified in your request.
13550+
**Note:** This command replaces all of a Firewall's `inbound` and `outbound` rulesets with the values specified in your request.
1354913551
operationId: updateFirewallRules
1355013552
x-linode-cli-action: rules-update
1355113553
security:
@@ -13592,10 +13594,11 @@ paths:
1359213594
"ports": "22, 80, 443",
1359313595
"addresses": {
1359413596
"ipv4": [
13595-
"192.0.2.0/24"
13597+
"192.0.2.0/24",
13598+
"198.51.100.2/32"
1359613599
],
1359713600
"ipv6": [
13598-
"2001:DB8::/32"
13601+
"2001:DB8::/128"
1359913602
]
1360013603
},
1360113604
"action": "ACCEPT",
@@ -13610,10 +13613,11 @@ paths:
1361013613
"ports": "49152-65535",
1361113614
"addresses": {
1361213615
"ipv4": [
13613-
"192.0.2.0/24"
13616+
"192.0.2.0/24",
13617+
"198.51.100.2/32"
1361413618
],
1361513619
"ipv6": [
13616-
"2001:DB8::/32"
13620+
"2001:DB8::/128"
1361713621
]
1361813622
},
1361913623
"action": "ACCEPT",
@@ -13626,8 +13630,8 @@ paths:
1362613630
- lang: CLI
1362713631
source: >
1362813632
linode-cli firewalls rules-update 123 \
13629-
--inbound '[{"action":"ACCEPT", "protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.1/32", "192.0.2.0/24"], "ipv6": ["2001:DB8::/32"]}}]' \
13630-
--outbound '[{"action":"DROP","protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.1/32", "192.0.2.0/24"], "ipv6": ["2001:DB8::/32"]}}]'
13633+
--inbound '[{"action":"ACCEPT", "protocol": "TCP", "ports": "22, 80, 8080, 443", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128"]}}]' \
13634+
--outbound '[{"action":"DROP","protocol": "TCP", "ports": "49152-65535", "addresses": {"ipv4": ["192.0.2.0/24", "198.51.100.2/32"], "ipv6": ["2001:DB8::/128`"]}}]'
1363113635
/networking/vlans:
1363213636
x-linode-cli-command: vlans
1363313637
get:
@@ -20953,6 +20957,8 @@ components:
2095320957
The inbound and outbound access rules to apply to the Firewall.
2095420958

2095520959
A Firewall may have up to 25 rules across its inbound and outbound rulesets.
20960+
20961+
Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.
2095620962
properties:
2095720963
inbound:
2095820964
type: array
@@ -21009,41 +21015,49 @@ components:
2100921015
- ICMP
2101021016
- IPENCAP
2101121017
description: >
21012-
The type of network traffic to allow.
21018+
The type of network traffic affected by this rule.
2101321019
example: TCP
2101421020
ports:
2101521021
type: string
21022+
nullable: true
2101621023
description: |
21017-
A string representing the port or ports on which traffic will be allowed:
21024+
A string representing the port or ports affected by this rule:
2101821025

2101921026
- The string may be a single port, a range of ports, or a comma-separated list of single ports and port ranges. A space is permitted following each comma.
2102021027
- A range of ports is inclusive of the start and end values for the range. The end value of the range must be greater than the start value.
2102121028
- Ports must be within 1 and 65535, and may not contain any leading zeroes. For example, port "080" is not allowed.
21022-
- Ports may not be specified if a rule's protocol is `ICMP` or `IPENCAP`.
21023-
- At least one port must be specified if a rule's protocol is `TCP` or `UDP`.
2102421029
- The ports string can have up to 15 *pieces*, where a single port is treated as one piece, and a port range is treated as two pieces. For example, the string "22-24, 80, 443" has four pieces.
21030+
- If no ports are configured, all ports are affected.
21031+
- Only allowed for the TCP and UDP protocols. Ports are not allowed for the ICMP and IPENCAP protocols.
2102521032
example: '22-24, 80, 443'
2102621033
addresses:
2102721034
type: object
21028-
description: >
21029-
Allowed IPv4 or IPv6 addresses. A Rule can have up to 255 addresses
21030-
or networks listed across its IPv4 and IPv6 arrays. A network and a single IP
21031-
are treated as equivalent when accounting for this limit.
21035+
description: |
21036+
The IPv4 and/or IPv6 addresses affected by this rule. A Rule can have up to 255 total addresses or networks listed across its IPv4 and IPv6 arrays. A network and a single IP are treated as equivalent when accounting for this limit.
21037+
21038+
Must contain `ipv4`, `ipv6`, or both.
2103221039
properties:
2103321040
ipv4:
21034-
description: A list of IPv4 addresses or networks. Must be in IP/mask format.
21041+
description: |
21042+
A list of IPv4 addresses or networks. Addresses must be in IP/mask format. Must not be an empty list.
21043+
21044+
If "0.0.0.0/0" is included in this list, all IPv4 addresses are affected by this rule.
2103521045
type: array
2103621046
items:
2103721047
type: string
2103821048
example:
2103921049
- 192.0.2.0/24
21050+
- 198.51.100.2/32
2104021051
ipv6:
21041-
description: A list of IPv6 addresses or networks. Must be in IP/mask format.
21052+
description: |
21053+
A list of IPv6 addresses or networks. Addresses must be in IP/mask format. Must not be an empty list.
21054+
21055+
If "::/0" is included in this list, all IPv6 addresses are affected by this rule.
2104221056
type: array
2104321057
items:
2104421058
type: string
2104521059
example:
21046-
- 2001:DB8::/32
21060+
- 2001:DB8::/128
2104721061
action:
2104821062
type: string
2104921063
enum:

0 commit comments

Comments
 (0)