.. role:: green Firewalls ========= Manage firewalls via API. Create a Firewall ----------------- **Type:** :guilabel:`POST` .. py:function:: https://cloud.syminet.com/api/v1/firewalls/create Create a new firewall. **Required JSON Properties:** firewall_name Name for new firewall. .. code-block:: shell :caption: Curl curl --request POST \ --url https://cloud.syminet.com/api/v1/firewalls/create \ --header "content-type: application/json" \ --header "authorization:bearer $API_TOKEN" \ --data ' { "firewall_name": "mynewfirewall" } ' .. code-block:: json :caption: Response { "created" : "2025-02-06 17:19:36.925397", "id" : 124, "name" : "mynewfirewall", "perms" : "rw" } .. Note:: Default Inbound firewall rules will be created: * ICMP (All) * SSH port 22 (All) * HTTP port 80 (All) * HTTPS port 443 (All) These can be cleared or updated with a call to :ref:`Update Firewall Rules` List All Firewalls ------------------ **Type:** :guilabel:`GET` .. py:function:: https://cloud.syminet.com/api/v1/firewalls Return a paginated list of all firewalls. **Optional URL Parameters:** ?query=FIREWALL_NAME Filter on SLICE_NAME (partial match okay) ?page=PAGE_NUMBER Return page PAGE_NUMBER .. code-block:: shell :caption: Curl curl --request GET \ --url https://cloud.syminet.com/api/v1/firewalls \ --header "authorization:bearer $API_TOKEN" .. code-block:: json :caption: Response { "data" : [ { "created" : "2025-02-06 17:19:36.925397", "id" : 102, "name" : "fwtest", "rules_count" : 7, "slices_count" : 0 }, { "created" : "2025-01-14 08:22:36.925397", "id" : 124, "name" : "mynewfirewall", "rules_count" : 7, "slices_count" : 0 } ] } Delete a Firewall ----------------- **Type:** :guilabel:`DELETE` .. py:function:: https://cloud.syminet.com/api/v1/firewalls/{FIREWALL_ID}/delete Delete firewall ``FIREWALL_ID``. **Required URL Parameters:** FIREWALL_ID Firewall ID to delete. .. code-block:: shell :caption: Curl curl --request DELETE \ --url https://cloud.syminet.com/api/v1/firewalls/FIREWALL_ID/delete \ --header "authorization:bearer $API_TOKEN" **Response:** :green:`202 OK` .. _Fetch Firewall: Fetch a Firewall ---------------- **Type:** :guilabel:`GET` .. py:function:: https://cloud.syminet.com/api/v1/firewalls/{FIREWALL_ID} Return details of firewall. **Required URL Parameters:** FIREWALL_ID Firewall ID to fetch. .. code-block:: shell :caption: Curl curl --request GET \ --url https://cloud.syminet.com/api/v1/firewalls/FIREWALL_ID \ --header "authorization:bearer $API_TOKEN" .. code-block:: json :caption: Response { "created": "2025-02-06 17:19:36.925397", "id": 125, "inbound_rules": [ { "destination": null, "fw_id": 125, "id": 1076, "name": "ICMP", "outbound": null, "pending": null, "ports": "0", "protocol": "icmp", "rule_type": "ACCEPT", "source": "0.0.0.0/0", "status": null, "user_id": 1 }, { "destination": null, "fw_id": 125, "id": 1073, "name": "SSH", "outbound": null, "pending": null, "ports": "22", "protocol": "tcp", "rule_type": "ACCEPT", "source": "0.0.0.0/0", "status": null, "user_id": 1 }, { "destination": null, "fw_id": 125, "id": 1074, "name": "HTTP", "outbound": null, "pending": null, "ports": "80", "protocol": "tcp", "rule_type": "ACCEPT", "source": "0.0.0.0/0", "status": null, "user_id": 1 }, { "destination": null, "fw_id": 125, "id": 1075, "name": "HTTPS", "outbound": null, "pending": null, "ports": "443", "protocol": "tcp", "rule_type": "ACCEPT", "source": "0.0.0.0/0", "status": null, "user_id": 1 } ], "name": "mynewfirewall", "outbound_rules": [ { "destination": "0.0.0.0/0", "fw_id": 125, "id": 1079, "name": "ICMP", "outbound": true, "pending": null, "ports": "0", "protocol": "icmp", "rule_type": "ACCEPT", "source": null, "status": null, "user_id": 1 }, { "destination": "0.0.0.0/0", "fw_id": 125, "id": 1077, "name": "All TCP", "outbound": true, "pending": null, "ports": "0", "protocol": "tcp", "rule_type": "ACCEPT", "source": null, "status": null, "user_id": 1 }, { "destination": "0.0.0.0/0", "fw_id": 125, "id": 1078, "name": "All UDP", "outbound": true, "pending": null, "ports": "0", "protocol": "udp", "rule_type": "ACCEPT", "source": null, "status": null, "user_id": 1 } ], "perms": "rw", "slices": [ { "slice_id": 3828 } ], "slices_count": 1 } Rename a Firewall ----------------- **Type:** :guilabel:`PUT` .. py:function:: https://cloud.syminet.com/api/v1/firewalls/{FIREWALL_ID}/rename Rename ``FIREWALL_ID`` to new ``firewall_name``. **Required URL Parameters:** FIREWALL_ID Firewall ID to modify. **Required JSON Properties:** firewall_name New firewall name. .. code-block:: shell :caption: Curl curl --request PUT \ --url https://cloud.syminet.com/api/v1/firewalls/FIREWALL_ID/rename \ --header "content-type: application/json" \ --header "authorization:bearer $API_TOKEN" \ --data ' { "firewall_name": "mynewfirewallname" } ' **Response:** :green:`202 OK` Assign Firewall --------------- **Type:** :guilabel:`POST` .. py:function:: https://cloud.syminet.com/api/v1/firewalls/{FIREWALL_ID}/assign/{SLICE_ID} Assign ``FIREWALL_ID`` to ``SLICE_ID``. **Required URL Parameters:** FIREWALL_ID Firewall ID to assign. SLICE_ID Slice ID to assign ``FIREWALL_ID`` to. .. code-block:: shell :caption: Curl curl --request POST \ --url https://cloud.syminet.com/api/v1/firewalls/FIREWALL_ID/assign/SLICE_ID \ --header "content-type: application/json" \ --header "authorization:bearer $API_TOKEN" **Response:** :green:`202 OK` Unassign Firewall ----------------- **Type:** :guilabel:`POST` .. py:function:: https://cloud.syminet.com/api/v1/firewalls/{FIREWALL_ID}/unassign/{SLICE_ID} Unssign ``FIREWALL_ID`` from ``SLICE_ID``. **Required URL Parameters:** FIREWALL_ID Firewall ID to unassign. SLICE_ID Slice ID to unassign from ``FIREWALL_ID``. .. code-block:: shell :caption: Curl curl --request POST \ --url https://cloud.syminet.com/api/v1/firewalls/FIREWALL_ID/unassign/SLICE_ID \ --header "content-type: application/json" \ --header "authorization:bearer $API_TOKEN" **Response:** :green:`202 OK` .. _Update Firewall Rules: Update Firewall Rules --------------------- **Type:** :guilabel:`PUT` .. py:function:: https://cloud.syminet.com/api/v1/firewalls/{FIREWALL_ID}/rules Update firewall ``FIREWALL_ID`` rules via JSON payload. **Required URL Parameters:** FIREWALL_ID Firewall ID to update. **Required JSON Properties:** inbound_rules: Inbound rules. The following JSON properties are required per-rule: rule_name Name of the rule. ports Integer between 1 - 65535. Or a range, specified by a hyphen e.g. ``2000-3000`` protocol Protocol: "tcp", "udp", or "icmp". Ports are ignored for "icmp". source The word ``All``, a single IP address, or a CIDR masked IP range. rule_type ``DROP`` or ``ACCEPT``. outbound_rules Outbound rules. The following JSON properties are required per-rule: rule_name Name of the rule. ports An integer between 1 - 65535. Or a range, specified by a hyphen e.g. ``2000-3000`` protocol Protocol: "tcp", "udp", or "icmp". Ports are ignored for "icmp". destination The word ``All`` to spcify all. Or a single IP address or CIDR masked IP range. rule_type ``DROP`` or ``ACCEPT``. The typical workflow is to retrieve existing rules via an API call to :ref:`Fetch Firewall`. Modify the returned JSON, and :guilabel:`PUT` it back using this call. Only the above JSON properties are used when updating rules; others are silently ignored. To clear *all* rules for a firewall, :guilabel:`PUT` a JSON payload with empty values for ``inbound_rules`` and ``outbound_rules``, like so: .. code-block:: shell :caption: Curl - clear **all** rules curl --request PUT \ --url https://cloud.syminet.com/api/v1/firewalls/FIREWALL_ID/rules \ --header "content-type: application/json" \ --header "authorization:bearer $API_TOKEN" \ --data ' { "inbound_rules": [{}], "outbound_rules": [{}] } ' The following will update a slice to the following default firewall rules: * ICMP (All) * SSH port 22 (All) * HTTP port 80 (All) * HTTPS port 443 (All) .. Note:: Only traffic you specify is allowed. All other traffic is dropped. .. Note:: A maximum of **100** rules are allowed per firewall. .. code-block:: shell :caption: Curl - set default rules curl --request PUT \ --url https://cloud.syminet.com/api/v1/firewalls/FIREWALL_ID/rules \ --header "content-type: application/json" \ --header "authorization:bearer $API_TOKEN" \ --data ' { "inbound_rules": [ { "name": "ICMP", "ports": "0", "protocol": "icmp", "rule_type": "ACCEPT", "source": "0.0.0.0/0" }, { "name": "SSH", "ports": "22", "protocol": "tcp", "rule_type": "ACCEPT", "source": "0.0.0.0/0" }, { "name": "HTTP", "ports": "80", "protocol": "tcp", "rule_type": "ACCEPT", "source": "0.0.0.0/0" }, { "name": "HTTPS", "ports": "443", "protocol": "tcp", "rule_type": "ACCEPT", "source": "0.0.0.0/0" } ], "outbound_rules": [ { "destination": "0.0.0.0/0", "name": "ICMP", "ports": "0", "protocol": "icmp", "rule_type": "ACCEPT" }, { "destination": "0.0.0.0/0", "name": "All TCP", "ports": "0", "protocol": "tcp", "rule_type": "ACCEPT" }, { "destination": "0.0.0.0/0", "name": "All UDP", "ports": "0", "protocol": "udp", "rule_type": "ACCEPT" } ] } '