User GuidesAPIs, SDKs & ToolsSupportFAQ

Firewall Rule

firewall_rule

This module allows you to create, update or remove a firewall rule.

Example Syntax


name: Create a firewall rule
ionoscloudsdk.ionoscloud.firewall_rule:
  datacenter: 'AnsibleAutoTestCompute'
  server: 'AnsibleAutoTestCompute'
  nic: 'AnsibleAutoTestCompute'
  name: SSH
  protocol: ICMPv6
  source_mac: 01:23:45:67:89:00
  ip_version: IPv6
  state: present


name: Update firewall rule
ionoscloudsdk.ionoscloud.firewall_rule:
  datacenter: 'AnsibleAutoTestCompute'
  server: 'AnsibleAutoTestCompute'
  nic: 'AnsibleAutoTestCompute'
  firewall_rule: SSH
  port_range_start: 22
  port_range_end: 23
  state: update


name: Remove firewall rule
ionoscloudsdk.ionoscloud.firewall_rule:
  datacenter: 'AnsibleAutoTestCompute'
  server: 'AnsibleAutoTestCompute'
  nic: 'AnsibleAutoTestCompute'
  firewall_rule: SSH
  wait: true
  wait_timeout: '500'
  state: absent

Returned object

{
    "changed": true,
    "failed": false,
    "action": "create",
    "firewall_rule": {
        "href": "https://api.ionos.com/cloudapi/v6/datacenters/f6e15460-e5eb-451a-9da7-08c9da65a179/servers/78ce195d-147b-48d8-a20e-57104b99badd/nics/6e9dd9af-5132-4f8d-a285-62c86956a5da/firewallrules/d48500c7-3483-455b-9f63-9c091a9c73a2",
        "id": "d48500c7-3483-455b-9f63-9c091a9c73a2",
        "metadata": {
            "created_by": "<USER_EMAIL>",
            "created_by_user_id": "<USER_ID>",
            "created_date": "2023-05-29T09:29:40+00:00",
            "etag": "de89018f9d0664828d9170c632db291a",
            "last_modified_by": "<USER_EMAIL>",
            "last_modified_by_user_id": "<USER_ID>",
            "last_modified_date": "2023-05-29T09:29:40+00:00",
            "state": "BUSY"
        },
        "properties": {
            "icmp_code": null,
            "icmp_type": null,
            "ip_version": null,
            "name": "SSH",
            "port_range_end": 24,
            "port_range_start": 22,
            "protocol": "TCP",
            "source_ip": null,
            "source_mac": "<MAC>",
            "target_ip": null,
            "type": null
        },
        "type": "firewall-rule"
    }
}

For more examples please check out the tests here.

state: present

  
name: Create a firewall rule
ionoscloudsdk.ionoscloud.firewall_rule:
  datacenter: 'AnsibleAutoTestCompute'
  server: 'AnsibleAutoTestCompute'
  nic: 'AnsibleAutoTestCompute'
  name: SSH
  protocol: ICMPv6
  source_mac: 01:23:45:67:89:00
  ip_version: IPv6
  state: present

Available parameters for state present:

Name
Required
Description

datacenter str

True

The datacenter name or UUID in which to operate.

server str

True

The server name or UUID.

nic str

True

The NIC name or UUID.

name str

True

The name of the resource.

protocol str

True

The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests). Options: ['TCP', 'UDP', 'ICMP', 'ICMPv6', 'GRE', 'VRRP', 'ESP', 'AH', 'ANY']

source_mac str

False

Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.

source_ip str

False

Only traffic originating from the respective IP address (or CIDR block) is allowed. Value null allows traffic from any IP address (according to the selected ipVersion).

target_ip str

False

If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address (or CIDR block) of the NIC is allowed. Value null allows traffic to any target IP address (according to the selected ipVersion).

port_range_start int

False

Defines the start range of the allowed port (from 1 to 65535) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd value null to allow all ports.

port_range_end int

False

Defines the end range of the allowed port (from 1 to 65535) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.

icmp_type int

False

Defines the allowed type (from 0 to 254) if the protocol ICMP or ICMPv6 is chosen. Value null allows all types.

icmp_code int

False

Defines the allowed code (from 0 to 254) if protocol ICMP or ICMPv6 is chosen. Value null allows all codes.

ip_version str

False

The IP version for this rule. If sourceIp or targetIp are specified, you can omit this value - the IP version will then be deduced from the IP address(es) used; if you specify it anyway, it must match the specified IP address(es). If neither sourceIp nor targetIp are specified, this rule allows traffic only for the specified IP version. If neither sourceIp, targetIp nor ipVersion are specified, this rule will only allow IPv4 traffic. Options: ['IPv4', 'IPv6']

api_url str

False

The Ionos API base URL.

certificate_fingerprint str

False

The Ionos API certificate fingerprint.

username str

False

The Ionos username. Overrides the IONOS_USERNAME environment variable.

password str

False

The Ionos password. Overrides the IONOS_PASSWORD environment variable.

token str

False

The Ionos token. Overrides the IONOS_TOKEN environment variable.

wait bool

False

Wait for the resource to be created before returning. Default: True Options: [True, False]

wait_timeout int

False

How long before wait gives up, in seconds. Default: 600

state str

False

Indicate desired state of the resource. Default: present Options: ['present', 'absent', 'update']

state: absent

  
name: Remove firewall rule
ionoscloudsdk.ionoscloud.firewall_rule:
  datacenter: 'AnsibleAutoTestCompute'
  server: 'AnsibleAutoTestCompute'
  nic: 'AnsibleAutoTestCompute'
  firewall_rule: SSH
  wait: true
  wait_timeout: '500'
  state: absent

Available parameters for state absent:

Name
Required
Description

datacenter str

True

The datacenter name or UUID in which to operate.

server str

True

The server name or UUID.

nic str

True

The NIC name or UUID.

firewall_rule str

True

The Firewall Rule name or UUID.

api_url str

False

The Ionos API base URL.

certificate_fingerprint str

False

The Ionos API certificate fingerprint.

username str

False

The Ionos username. Overrides the IONOS_USERNAME environment variable.

password str

False

The Ionos password. Overrides the IONOS_PASSWORD environment variable.

token str

False

The Ionos token. Overrides the IONOS_TOKEN environment variable.

wait bool

False

Wait for the resource to be created before returning. Default: True Options: [True, False]

wait_timeout int

False

How long before wait gives up, in seconds. Default: 600

state str

False

Indicate desired state of the resource. Default: present Options: ['present', 'absent', 'update']

state: update

  
name: Update firewall rule
ionoscloudsdk.ionoscloud.firewall_rule:
  datacenter: 'AnsibleAutoTestCompute'
  server: 'AnsibleAutoTestCompute'
  nic: 'AnsibleAutoTestCompute'
  firewall_rule: SSH
  port_range_start: 22
  port_range_end: 23
  state: update

Available parameters for state update:

Name
Required
Description

datacenter str

True

The datacenter name or UUID in which to operate.

server str

True

The server name or UUID.

nic str

True

The NIC name or UUID.

firewall_rule str

True

The Firewall Rule name or UUID.

name str

False

The name of the resource.

protocol str

False

The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests). Options: ['TCP', 'UDP', 'ICMP', 'ICMPv6', 'GRE', 'VRRP', 'ESP', 'AH', 'ANY']

source_mac str

False

Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.

source_ip str

False

Only traffic originating from the respective IP address (or CIDR block) is allowed. Value null allows traffic from any IP address (according to the selected ipVersion).

target_ip str

False

If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address (or CIDR block) of the NIC is allowed. Value null allows traffic to any target IP address (according to the selected ipVersion).

port_range_start int

False

Defines the start range of the allowed port (from 1 to 65535) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd value null to allow all ports.

port_range_end int

False

Defines the end range of the allowed port (from 1 to 65535) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.

icmp_type int

False

Defines the allowed type (from 0 to 254) if the protocol ICMP or ICMPv6 is chosen. Value null allows all types.

icmp_code int

False

Defines the allowed code (from 0 to 254) if protocol ICMP or ICMPv6 is chosen. Value null allows all codes.

ip_version str

False

The IP version for this rule. If sourceIp or targetIp are specified, you can omit this value - the IP version will then be deduced from the IP address(es) used; if you specify it anyway, it must match the specified IP address(es). If neither sourceIp nor targetIp are specified, this rule allows traffic only for the specified IP version. If neither sourceIp, targetIp nor ipVersion are specified, this rule will only allow IPv4 traffic. Options: ['IPv4', 'IPv6']

api_url str

False

The Ionos API base URL.

certificate_fingerprint str

False

The Ionos API certificate fingerprint.

username str

False

The Ionos username. Overrides the IONOS_USERNAME environment variable.

password str

False

The Ionos password. Overrides the IONOS_PASSWORD environment variable.

token str

False

The Ionos token. Overrides the IONOS_TOKEN environment variable.

wait bool

False

Wait for the resource to be created before returning. Default: True Options: [True, False]

wait_timeout int

False

How long before wait gives up, in seconds. Default: 600

state str

False

Indicate desired state of the resource. Default: present Options: ['present', 'absent', 'update']

PreviousDatacenterNextImage

Last updated