Create Firewall rule for a Network Security Group
Note: Only contract administrators, owners, and users with permissions to the VDC concerned can create and manage NSGs via API.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To create a firewall rule for a NSG, you need to use the following Cloud API POST
request providing the datacenterId
and securityGroupId
:
POST /datacenters/{datacenterId}/securitygroups/{securityGroupId}/rules
Request
Copy curl --location 'https://api.ionos.com/cloudapi/v6/datacenters/5a88aa8b-8aa1-51f6-XXd1-XXXXXe9f31/securitygroups/bxxxx-axXX-0008-8888-99k0444e5555/rules' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YYXabCDeFmLMO0c2hyYUBpb25vcy5jb206I1Bha2lzdGFuXzE=' \
--data '{
"properties":{
"name": "My FWR",
"protocol": "TCP",
"sourceMac": "00:0a:95:9d:68:16",
"ipVersion": "IPv4",
"sourceIp": "22.231.113.12",
"targetIp": "22.231.113.64",
"portRangeStart": 8,
"portRangeEnd": 8,
"type": "INGRESS"
}
}'
Response
202 Accepted
Copy {
"id" : "0XX070155-XXaf-XXbb-XX20-088x8f0f8137" ,
"type" : "firewall-rule" ,
"href": "https://api.ionos.com/cloudapi/v6/datacenters/5a88aa8b-8aa1-51f6-XXd1-XXXXXe9f31/securitygroups/bxxxx-axXX-0008-8888-99k0444e5555/rules/0d070155-85af-4abb-9120-058c4f0f8137",
"metadata" : {
"etag" : "aca11533be9480b3df9324a7976dd42a" ,
"createdDate" : "2024-05-21T14:20:32Z" ,
"createdBy" : "test.test@ionos.com" ,
"createdByUserId" : "a5af0375-1c1d-4387-9ef1-6ee95d30e54a" ,
"lastModifiedDate" : "2024-05-21T14:20:32Z" ,
"lastModifiedBy" : "test.test@ionos.com" ,
"lastModifiedByUserId" : "a5af0375-1c1d-4387-9ef1-6ee95d30e54a" ,
"state" : "BUSY"
} ,
"properties" : {
"name" : "My FWR" ,
"protocol" : "TCP" ,
"sourceMac" : "00:0a:95:9d:68:16" ,
"sourceIp" : "22.231.113.12" ,
"targetIp" : "22.231.113.64" ,
"icmpCode" : null ,
"icmpType" : null ,
"portRangeStart" : 8 ,
"portRangeEnd" : 8 ,
"ipVersion" : "IPv4" ,
"type" : "INGRESS"
}
}
Note: For CloudAPI, some resources are created asynchronously. You can check for the progress via the Status URL that is returned in the response header of the POST or PUT call.