Create Firewall rule for a Network Security Group

Note: Only contract administrators, owners, and users with permissions to the VDC concerned can create and manage NSGs via API.

Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.

To create a firewall rule for a NSG, you need to use the following Cloud API POST request providing the datacenterId and securityGroupId:

POST /datacenters/{datacenterId}/securitygroups/{securityGroupId}/rules

Request

curl --location 'https://api.ionos.com/cloudapi/v6/datacenters/5a88aa8b-8aa1-51f6-XXd1-XXXXXe9f31/securitygroups/bxxxx-axXX-0008-8888-99k0444e5555/rules' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YYXabCDeFmLMO0c2hyYUBpb25vcy5jb206I1Bha2lzdGFuXzE=' \
--data '{
    "properties":{
        "name": "My FWR",
        "protocol": "TCP",
        "sourceMac": "00:0a:95:9d:68:16",
        "ipVersion": "IPv4",
        "sourceIp": "22.231.113.12",
        "targetIp": "22.231.113.64",
        "portRangeStart": 8,
        "portRangeEnd": 8,
        "type": "INGRESS"
        }
}'

Response

202 Accepted

{
    "id": "0XX070155-XXaf-XXbb-XX20-088x8f0f8137",
    "type": "firewall-rule",
    "href": "https://api.ionos.com/cloudapi/v6/datacenters/5a88aa8b-8aa1-51f6-XXd1-XXXXXe9f31/securitygroups/bxxxx-axXX-0008-8888-99k0444e5555/rules/0d070155-85af-4abb-9120-058c4f0f8137",
    "metadata": {
        "etag": "aca11533be9480b3df9324a7976dd42a",
        "createdDate": "2024-05-21T14:20:32Z",
        "createdBy": "test.test@ionos.com",
        "createdByUserId": "a5af0375-1c1d-4387-9ef1-6ee95d30e54a",
        "lastModifiedDate": "2024-05-21T14:20:32Z",
        "lastModifiedBy": "test.test@ionos.com",
        "lastModifiedByUserId": "a5af0375-1c1d-4387-9ef1-6ee95d30e54a",
        "state": "BUSY"
    },
    "properties": {
        "name": "My FWR",
        "protocol": "TCP",
        "sourceMac": "00:0a:95:9d:68:16",
        "sourceIp": "22.231.113.12",
        "targetIp": "22.231.113.64",
        "icmpCode": null,
        "icmpType": null,
        "portRangeStart": 8,
        "portRangeEnd": 8,
        "ipVersion": "IPv4",
        "type": "INGRESS"
    }
}

Note: For CloudAPI, some resources are created asynchronously. You can check for the progress via the Status URL that is returned in the response header of the POST or PUT call.

Last updated