Skip to content

[Update] Firewalls endpoints #405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 9, 2021
Merged

[Update] Firewalls endpoints #405

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c696db3
Update firewalls endoints
bbiggerr Mar 9, 2021
828f11c
Update firewall rule action description
bbiggerr Mar 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
129 changes: 80 additions & 49 deletions openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9787,14 +9787,12 @@ paths:
Firewall to a Linode service. Currently, Firewalls can only be assigned to Linode
instances.

A Firewall can be assigned to multiple Linode services, and up to five active Firewalls
can be assigned to a single Linode service.
A Firewall can be assigned to a single Linode service at a time.

A `firewall_create` Event is generated when this endpoint returns successfully.

This endpoint is in **beta**.


* Gain access to [Linode Cloud Firewall](https://www.linode.com/products/firewall/) by signing up for our [Greenlight Beta program](https://www.linode.com/green-light/#sign-up-form).
* During the beta, Cloud Firewall is not available in every [data center region](/docs/api/regions). For the current list of availability, see the [Cloud Firewall Product Documentation](https://www.linode.com/docs/products/networking/cloud-firewall/).
* Please make sure to prepend all requests with
Expand All @@ -9812,25 +9810,22 @@ paths:
content:
application/json:
schema:
type: object
allOf:
- $ref: '#/components/schemas/Firewall'
required:
- label
- rules
- label
- rules
- inbound_policy
- outbound_policy
- action
Comment on lines +9816 to +9820
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do these need to be indented slightly more?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to, though it looks like indents in these cases do follow correct yaml conventions. We've been historically inconsistent with this. Would rather fix them all in one go if I'm going to do it.

properties:
label:
$ref: '#/components/schemas/Firewall/properties/label'
rules:
$ref: '#/components/schemas/Firewall/properties/rules'
tags:
$ref: '#/components/schemas/Firewall/properties/tags'
devices:
type: object
description: >
A Firewall Device assigns a Firewall to a Linode service. Currently, Firewalls
can only be assigned to Linode instances.

* A Firewall can be assigned to multiple Linode services, and up to five active Firewalls can
be assigned to a single Linode service.
* A Firewall can be assigned to a single Linode service at a time.

* Additional disabled Firewalls can be assigned to a service, but they cannot be enabled if five other active Firewalls
are already assigned to the same service.
Expand Down Expand Up @@ -9866,41 +9861,46 @@ paths:
-X POST -d '{
"label": "firewall123",
"rules": {
"inbound_policy": "DROP",
"inbound": [
{
"protocol": "TCP",
"ports": "22, 80, 443",
"addresses": {
"ipv4": [
"192.0.2.1",
"192.0.2.0/24"
],
"ipv6": [
"2001:DB8::/32"
]
}
},
"action": "ACCEPT",
"label": "inbound-rule123",
"description": "An example inbound rule description."
}
],
"outbound_policy": "DROP"
"outbound": [
{
"protocol": "TCP",
"ports": "49152-65535",
"addresses": {
"ipv4": [
"192.0.2.1",
"192.0.2.0/24"
],
"ipv6": [
"2001:DB8::/32"
]
}
},
"action": "ACCEPT",
"label": "outbound-rule123",
"description": "An example outbound rule description."
}
]
},
"devices": {
"linodes": [
123,
456
123
]
},
"tags": [
Expand Down Expand Up @@ -10172,10 +10172,9 @@ paths:
description: |
Creates a Firewall Device, which assigns a Firewall to a Linode service (referred to
as the Device's `entity`). Currently, only Devices with an entity of type `linode` are accepted.
A Firewall can be assigned to multiple Linode services, and up to five active Firewalls can
be assigned to a single Linode service. Additional disabled Firewalls can be
assigned to a service, but they cannot be enabled if five other active Firewalls
are already assigned to the same service.
A Firewall can be assigned a single Linode service at a time. Additional disabled Firewalls can be
assigned to a service, but they cannot be enabled if another active Firewall
is already assigned to the same service.

Creating a Firewall Device will apply the Rules from a Firewall to a Linode service.
A `firewall_device_add` Event is generated when the Firewall Device is added successfully.
Expand Down Expand Up @@ -10443,34 +10442,40 @@ paths:
curl -H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-X PUT -d '{
"inbound_policy": "DROP",
"inbound": [
{
"protocol": "TCP",
"ports": "22, 80, 443",
"addresses": {
"addresses": {
"ipv4": [
"192.0.2.1",
"192.0.2.0/24"
],
"ipv6": [
"2001:DB8::/32"
]
}
},
"action": "ACCEPT",
"label": "inbound-rule123",
"description": "An example inbound rule description."
}
],
"outbound_policy": "DROP"
"outbound": [
{
"protocol": "TCP",
"ports": "49152-65535",
"addresses": {
"ipv4": [
"192.0.2.1",
"192.0.2.0/24"
],
"ipv6": [
"2001:DB8::/32"
]
}
},
"action": "ACCEPT",
"label": "outbound-rule123",
"description": "An example outbound rule description."
}
]
}' \
Expand Down Expand Up @@ -16521,8 +16526,7 @@ components:
Firewall:
type: object
description: >
A resource that controls incoming and outgoing network traffic to a Linode service. A Firewall can
be assigned to multiple Linode services, and up to five active Firewalls can be assigned to a single Linode service.
A resource that controls incoming and outgoing network traffic to a Linode service. Only one Firewall can be attached to a Linode at any given time.
[Create a Firewall Device](/docs/api/networking/#firewall-create)
to assign a Firewall to a Linode service. Currently, Firewalls can only be assigned to Linode instances.
properties:
Expand All @@ -16537,7 +16541,7 @@ components:
label:
x-linode-filterable: true
type: string
description: >
description: |
The Firewall's label, for display purposes only.

Firewall labels have the following constraints:
Expand Down Expand Up @@ -16576,7 +16580,7 @@ components:
The status of this Firewall.

* When a Firewall is first created its status is `enabled`.
* Use the [Update Firewall](/docs/api/networking/#firewall-update) endpoint to set a Firewall's status to `enbaled` or `disabled`.
* Use the [Update Firewall](/docs/api/networking/#firewall-update) endpoint to set a Firewall's status to `enabled` or `disabled`.
* Use the [Delete Firewall](/docs/api/networking/#firewall-delete) endpoint to delete a Firewall.
enum:
- enabled
Expand All @@ -16589,13 +16593,6 @@ components:
description: |
The inbound and outbound access rules to apply to the Firewall.

* A minimum of one open inbound rule is required. Any inbound
traffic that is not permitted by your rules will be blocked.
* Outbound rules are optional. When no outbound rules are specified,
all outbound traffic is allowed. If one or more outbound rules are
specified, all outbound traffic that is not permitted by your rules
will be blocked.

A Firewall may have up to 25 rules across its inbound and outbound rulesets.
properties:
inbound:
Expand All @@ -16606,8 +16603,22 @@ components:
type: array
items:
$ref: '#/components/schemas/FirewallRuleConfig'
required:
- inbound
inbound_policy:
type: string
enum:
- ACCEPT
- DROP
description: |
The default behavior for inbound traffic. This setting can be overridden by [updating](/docs/api/networking/#firewall-rules-update) the `inbound.action` property of the Firewall Rule.
example: DROP
outbound_policy:
type: string
enum:
- ACCEPT
- DROP
description: |
The default behavior for outbound traffic. This setting can be overridden by [updating](/docs/api/networking/#firewall-rules-update) the `action` property for an individual Firewall Rule.
example: DROP
tags:
x-linode-filterable: true
description: >
Expand Down Expand Up @@ -16660,28 +16671,48 @@ components:
are treated as equivalent when accounting for this limit.
properties:
ipv4:
description: A list of IPv4 addresses or networks.
description: A list of IPv4 addresses or networks. Must be in IP/mask format.
type: array
items:
type: string
example:
- 192.0.2.1
- 192.0.2.0/24
ipv6:
description: A list of IPv6 addresses or networks.
description: A list of IPv6 addresses or networks. Must be in IP/mask format.
type: array
items:
type: string
example:
- 2001:DB8::/32
action:
type: string
enum:
- ACCEPT
- DROP
description: |
Controls whether traffic is accepted or dropped by this rule. Overrides the Firewall's `inbound_policy` if this is an inbound rule, or the `outbound_policy` if this is an outbound rule.
example: ACCEPT
label:
type: string
description: |
Used to identify this rule. For display purposes only.
example: firewallrule123
minLength: 3
maxLength: 32
description:
type: string
description: |
Used to describe this rule. For display purposes only.
example: 'An example firewall rule description.'
minLength: 1
maxLength: 100
FirewallDevices:
type: object
description: >
Associates a Firewall with a Linode service. A Firewall can be assigned
to multiple Linode services, and up to five active Firewalls can
be assigned to a single Linode service. Additional disabled Firewalls can be
assigned to a service, but they cannot be enabled if five other active Firewalls
are already assigned to the same service.
to a single Linode service at a time. Additional disabled Firewalls can be
assigned to a service, but they cannot be enabled if another active Firewall
is already assigned to the same service.
properties:
id:
x-linode-filterable: true
Expand Down