1 of 1

Create Firewall rule for a Network Security Group

Note: Only contract administrators, owners, and users with permissions to the VDC concerned can create and manage NSGs via API.

Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.

To create a firewall rule for a NSG, you need to use the following Cloud API POST request providing the datacenterId and securityGroupId:

POST /datacenters/{datacenterId}/securitygroups/{securityGroupId}/rules

Request

curl --location 'https://api.ionos.com/cloudapi/v6/datacenters/5a88aa8b-8aa1-51f6-XXd1-XXXXXe9f31/securitygroups/bxxxx-axXX-0008-8888-99k0444e5555/rules' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YYXabCDeFmLMO0c2hyYUBpb25vcy5jb206I1Bha2lzdGFuXzE=' \
--data '{
    "properties":{
        "name": "My FWR",
        "protocol": "TCP",
        "sourceMac": "00:0a:95:9d:68:16",
        "ipVersion": "IPv4",
        "sourceIp": "22.231.113.12",
        "targetIp": "22.231.113.64",
        "portRangeStart": 8,
        "portRangeEnd": 8,
        "type": "INGRESS"
        }
}'

Response

202 Accepted

{
    "id": "0XX070155-XXaf-XXbb-XX20-088x8f0f8137",
    "type": "firewall-rule",
    "href": "https://api.ionos.com/cloudapi/v6/datacenters/5a88aa8b-8aa1-51f6-XXd1-XXXXXe9f31/securitygroups/bxxxx-axXX-0008-8888-99k0444e5555/rules/0d070155-85af-4abb-9120-058c4f0f8137",
    "metadata": {
        "etag": "aca11533be9480b3df9324a7976dd42a",
        "createdDate": "2024-05-21T14:20:32Z",
        "createdBy": "test.test@ionos.com",
        "createdByUserId": "a5af0375-1c1d-4387-9ef1-6ee95d30e54a",
        "lastModifiedDate": "2024-05-21T14:20:32Z",
        "lastModifiedBy": "test.test@ionos.com",
        "lastModifiedByUserId": "a5af0375-1c1d-4387-9ef1-6ee95d30e54a",
        "state": "BUSY"
    },
    "properties": {
        "name": "My FWR",
        "protocol": "TCP",
        "sourceMac": "00:0a:95:9d:68:16",
        "sourceIp": "22.231.113.12",
        "targetIp": "22.231.113.64",
        "icmpCode": null,
        "icmpType": null,
        "portRangeStart": 8,
        "portRangeEnd": 8,
        "ipVersion": "IPv4",
        "type": "INGRESS"
    }
}

Note: For CloudAPI, some resources are created asynchronously. You can check for the progress via the Status URL that is returned in the response header of the POST or PUT call.