# Firewall rules

## List firewall rules

> List all firewall rules for the specified NIC.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"Firewall rules"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"FirewallRules":{"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"items":{"type":"array","description":"Array of items in the collection.","readOnly":true,"items":{"$ref":"#/components/schemas/FirewallRule"}},"offset":{"$ref":"#/components/schemas/PaginationOffsetOptional"},"limit":{"$ref":"#/components/schemas/PaginationLimitOptional"},"_links":{"$ref":"#/components/schemas/PaginationLinks"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"FirewallRule":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/FirewallruleProperties"}}},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"FirewallruleProperties":{"required":["protocol"],"type":"object","properties":{"name":{"type":"string","description":"The name of the  resource."},"protocol":{"type":"string","description":"The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests).","enum":["TCP","UDP","ICMP","ICMPv6","GRE","VRRP","ESP","AH","ANY"]},"sourceMac":{"type":"string","description":"Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.","nullable":true},"ipVersion":{"type":"string","description":"The IP version for this rule. If sourceIp or targetIp are specified, you can omit this value - the IP version will then be deduced from the IP address(es) used; if you specify it anyway, it must match the specified IP address(es). If neither sourceIp nor targetIp are specified, this rule allows traffic only for the specified IP version. If neither sourceIp, targetIp nor ipVersion are specified, this rule will only allow IPv4 traffic.","nullable":true,"enum":["IPv4","IPv6"]},"sourceIp":{"type":"string","description":"Only traffic originating from the respective IP address (or CIDR block) is allowed. Value null allows traffic from any IP address (according to the selected ipVersion).","nullable":true},"targetIp":{"type":"string","description":"If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address (or CIDR block) of the NIC is allowed. Value null allows traffic to any target IP address (according to the selected ipVersion).","nullable":true},"icmpCode":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed code (from 0 to 254) if protocol ICMP or ICMPv6 is chosen. Value null allows all codes.","format":"int32","nullable":true},"icmpType":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed type (from 0 to 254) if the protocol ICMP or ICMPv6 is chosen. Value null allows all types.","format":"int32","nullable":true},"portRangeStart":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the start range of the allowed port (from 1 to 65535) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd value null to allow all ports.","format":"int32"},"portRangeEnd":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the end range of the allowed port (from 1 to 65535) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.","format":"int32"},"type":{"type":"string","description":"The type of the firewall rule. If not specified, the default INGRESS value is used.","enum":["INGRESS","EGRESS"]}}},"PaginationOffsetOptional":{"type":"number","description":"The offset (if specified in the request)."},"PaginationLimitOptional":{"type":"number","description":"The limit (if specified in the request)."},"PaginationLinks":{"type":"object","properties":{"prev":{"type":"string","description":"URL (with offset and limit parameters) of the previous page; only present if offset is greater than 0.","format":"uri","readOnly":true},"self":{"type":"string","description":"URL (with offset and limit parameters) of the current page.","format":"uri","readOnly":true},"next":{"type":"string","description":"URL (with offset and limit parameters) of the next page; only present if offset + limit is less than the total number of elements.","format":"uri","readOnly":true}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/datacenters/{datacenterId}/servers/{serverId}/nics/{nicId}/firewallrules":{"get":{"tags":["Firewall rules"],"summary":"List firewall rules","description":"List all firewall rules for the specified NIC.","operationId":"datacentersServersNicsFirewallrulesGet","parameters":[{"name":"datacenterId","in":"path","description":"The unique ID of the data center.","required":true,"schema":{"type":"string"}},{"name":"serverId","in":"path","description":"The unique ID of the server.","required":true,"schema":{"type":"string"}},{"name":"nicId","in":"path","description":"The unique ID of the NIC.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. \nGET /datacenters/[ID]\n\t- depth=0: Only direct properties are included; children (servers and other elements) are not included.\n\t- depth=1: Direct properties and children references are included.\n\t- depth=2: Direct properties and children properties are included.\n\t- depth=3: Direct properties and children properties and children's children are included.\n\t- depth=... and so on","schema":{"maximum":10,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}},{"name":"offset","in":"query","description":"The first element (from the complete list of the elements) to include in the response (used together with <b><i>limit</i></b> for pagination).","schema":{"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"limit","in":"query","description":"The maximum number of elements to return (use together with offset for pagination).","schema":{"maximum":10000,"minimum":1,"type":"integer","format":"int32","default":1000}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/FirewallRules"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Create a Firewall Rule

> Creates a firewall rule for the specified NIC.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"Firewall rules"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"FirewallRule":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/FirewallruleProperties"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"FirewallruleProperties":{"required":["protocol"],"type":"object","properties":{"name":{"type":"string","description":"The name of the  resource."},"protocol":{"type":"string","description":"The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests).","enum":["TCP","UDP","ICMP","ICMPv6","GRE","VRRP","ESP","AH","ANY"]},"sourceMac":{"type":"string","description":"Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.","nullable":true},"ipVersion":{"type":"string","description":"The IP version for this rule. If sourceIp or targetIp are specified, you can omit this value - the IP version will then be deduced from the IP address(es) used; if you specify it anyway, it must match the specified IP address(es). If neither sourceIp nor targetIp are specified, this rule allows traffic only for the specified IP version. If neither sourceIp, targetIp nor ipVersion are specified, this rule will only allow IPv4 traffic.","nullable":true,"enum":["IPv4","IPv6"]},"sourceIp":{"type":"string","description":"Only traffic originating from the respective IP address (or CIDR block) is allowed. Value null allows traffic from any IP address (according to the selected ipVersion).","nullable":true},"targetIp":{"type":"string","description":"If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address (or CIDR block) of the NIC is allowed. Value null allows traffic to any target IP address (according to the selected ipVersion).","nullable":true},"icmpCode":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed code (from 0 to 254) if protocol ICMP or ICMPv6 is chosen. Value null allows all codes.","format":"int32","nullable":true},"icmpType":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed type (from 0 to 254) if the protocol ICMP or ICMPv6 is chosen. Value null allows all types.","format":"int32","nullable":true},"portRangeStart":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the start range of the allowed port (from 1 to 65535) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd value null to allow all ports.","format":"int32"},"portRangeEnd":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the end range of the allowed port (from 1 to 65535) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.","format":"int32"},"type":{"type":"string","description":"The type of the firewall rule. If not specified, the default INGRESS value is used.","enum":["INGRESS","EGRESS"]}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/datacenters/{datacenterId}/servers/{serverId}/nics/{nicId}/firewallrules":{"post":{"tags":["Firewall rules"],"summary":"Create a Firewall Rule","description":"Creates a firewall rule for the specified NIC.","operationId":"datacentersServersNicsFirewallrulesPost","parameters":[{"name":"datacenterId","in":"path","description":"The unique ID of the data center.","required":true,"schema":{"type":"string"}},{"name":"serverId","in":"path","description":"The unique ID of the server.","required":true,"schema":{"type":"string"}},{"name":"nicId","in":"path","description":"The unique ID of the NIC.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. \nGET /datacenters/[ID]\n\t- depth=0: Only direct properties are included; children (servers and other elements) are not included.\n\t- depth=1: Direct properties and children references are included.\n\t- depth=2: Direct properties and children properties are included.\n\t- depth=3: Direct properties and children properties and children's children are included.\n\t- depth=... and so on","schema":{"maximum":10,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The firewall rule to create.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FirewallRule"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/FirewallRule"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Retrieve firewall rules

> Retrieve the properties of the specified firewall rule.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"Firewall rules"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"FirewallRule":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/FirewallruleProperties"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"FirewallruleProperties":{"required":["protocol"],"type":"object","properties":{"name":{"type":"string","description":"The name of the  resource."},"protocol":{"type":"string","description":"The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests).","enum":["TCP","UDP","ICMP","ICMPv6","GRE","VRRP","ESP","AH","ANY"]},"sourceMac":{"type":"string","description":"Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.","nullable":true},"ipVersion":{"type":"string","description":"The IP version for this rule. If sourceIp or targetIp are specified, you can omit this value - the IP version will then be deduced from the IP address(es) used; if you specify it anyway, it must match the specified IP address(es). If neither sourceIp nor targetIp are specified, this rule allows traffic only for the specified IP version. If neither sourceIp, targetIp nor ipVersion are specified, this rule will only allow IPv4 traffic.","nullable":true,"enum":["IPv4","IPv6"]},"sourceIp":{"type":"string","description":"Only traffic originating from the respective IP address (or CIDR block) is allowed. Value null allows traffic from any IP address (according to the selected ipVersion).","nullable":true},"targetIp":{"type":"string","description":"If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address (or CIDR block) of the NIC is allowed. Value null allows traffic to any target IP address (according to the selected ipVersion).","nullable":true},"icmpCode":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed code (from 0 to 254) if protocol ICMP or ICMPv6 is chosen. Value null allows all codes.","format":"int32","nullable":true},"icmpType":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed type (from 0 to 254) if the protocol ICMP or ICMPv6 is chosen. Value null allows all types.","format":"int32","nullable":true},"portRangeStart":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the start range of the allowed port (from 1 to 65535) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd value null to allow all ports.","format":"int32"},"portRangeEnd":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the end range of the allowed port (from 1 to 65535) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.","format":"int32"},"type":{"type":"string","description":"The type of the firewall rule. If not specified, the default INGRESS value is used.","enum":["INGRESS","EGRESS"]}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/datacenters/{datacenterId}/servers/{serverId}/nics/{nicId}/firewallrules/{firewallruleId}":{"get":{"tags":["Firewall rules"],"summary":"Retrieve firewall rules","description":"Retrieve the properties of the specified firewall rule.","operationId":"datacentersServersNicsFirewallrulesFindById","parameters":[{"name":"datacenterId","in":"path","description":"The unique ID of the data center.","required":true,"schema":{"type":"string"}},{"name":"serverId","in":"path","description":"The unique ID of the server.","required":true,"schema":{"type":"string"}},{"name":"nicId","in":"path","description":"The unique ID of the NIC.","required":true,"schema":{"type":"string"}},{"name":"firewallruleId","in":"path","description":"The unique ID of the firewall rule.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. \nGET /datacenters/[ID]\n\t- depth=0: Only direct properties are included; children (servers and other elements) are not included.\n\t- depth=1: Direct properties and children references are included.\n\t- depth=2: Direct properties and children properties are included.\n\t- depth=3: Direct properties and children properties and children's children are included.\n\t- depth=... and so on","schema":{"maximum":10,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"200":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/FirewallRule"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Modify a Firewall Rule

> Modifies the properties of the specified firewall rule.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"Firewall rules"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"FirewallRule":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/FirewallruleProperties"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"FirewallruleProperties":{"required":["protocol"],"type":"object","properties":{"name":{"type":"string","description":"The name of the  resource."},"protocol":{"type":"string","description":"The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests).","enum":["TCP","UDP","ICMP","ICMPv6","GRE","VRRP","ESP","AH","ANY"]},"sourceMac":{"type":"string","description":"Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.","nullable":true},"ipVersion":{"type":"string","description":"The IP version for this rule. If sourceIp or targetIp are specified, you can omit this value - the IP version will then be deduced from the IP address(es) used; if you specify it anyway, it must match the specified IP address(es). If neither sourceIp nor targetIp are specified, this rule allows traffic only for the specified IP version. If neither sourceIp, targetIp nor ipVersion are specified, this rule will only allow IPv4 traffic.","nullable":true,"enum":["IPv4","IPv6"]},"sourceIp":{"type":"string","description":"Only traffic originating from the respective IP address (or CIDR block) is allowed. Value null allows traffic from any IP address (according to the selected ipVersion).","nullable":true},"targetIp":{"type":"string","description":"If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address (or CIDR block) of the NIC is allowed. Value null allows traffic to any target IP address (according to the selected ipVersion).","nullable":true},"icmpCode":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed code (from 0 to 254) if protocol ICMP or ICMPv6 is chosen. Value null allows all codes.","format":"int32","nullable":true},"icmpType":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed type (from 0 to 254) if the protocol ICMP or ICMPv6 is chosen. Value null allows all types.","format":"int32","nullable":true},"portRangeStart":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the start range of the allowed port (from 1 to 65535) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd value null to allow all ports.","format":"int32"},"portRangeEnd":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the end range of the allowed port (from 1 to 65535) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.","format":"int32"},"type":{"type":"string","description":"The type of the firewall rule. If not specified, the default INGRESS value is used.","enum":["INGRESS","EGRESS"]}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/datacenters/{datacenterId}/servers/{serverId}/nics/{nicId}/firewallrules/{firewallruleId}":{"put":{"tags":["Firewall rules"],"summary":"Modify a Firewall Rule","description":"Modifies the properties of the specified firewall rule.","operationId":"datacentersServersNicsFirewallrulesPut","parameters":[{"name":"datacenterId","in":"path","description":"The unique ID of the data center.","required":true,"schema":{"type":"string"}},{"name":"serverId","in":"path","description":"The unique ID of the server.","required":true,"schema":{"type":"string"}},{"name":"nicId","in":"path","description":"The unique ID of the NIC.","required":true,"schema":{"type":"string"}},{"name":"firewallruleId","in":"path","description":"The unique ID of the firewall rule.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. \nGET /datacenters/[ID]\n\t- depth=0: Only direct properties are included; children (servers and other elements) are not included.\n\t- depth=1: Direct properties and children references are included.\n\t- depth=2: Direct properties and children properties are included.\n\t- depth=3: Direct properties and children properties and children's children are included.\n\t- depth=... and so on","schema":{"maximum":10,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The modified firewall rule.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FirewallRule"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/FirewallRule"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Delete firewall rules

> Delete the specified firewall rule.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"Firewall rules"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/datacenters/{datacenterId}/servers/{serverId}/nics/{nicId}/firewallrules/{firewallruleId}":{"delete":{"tags":["Firewall rules"],"summary":"Delete firewall rules","description":"Delete the specified firewall rule.","operationId":"datacentersServersNicsFirewallrulesDelete","parameters":[{"name":"datacenterId","in":"path","description":"The unique ID of the data center.","required":true,"schema":{"type":"string"}},{"name":"serverId","in":"path","description":"The unique ID of the server.","required":true,"schema":{"type":"string"}},{"name":"nicId","in":"path","description":"The unique ID of the NIC.","required":true,"schema":{"type":"string"}},{"name":"firewallruleId","in":"path","description":"The unique ID of the firewall rule.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. \nGET /datacenters/[ID]\n\t- depth=0: Only direct properties are included; children (servers and other elements) are not included.\n\t- depth=1: Direct properties and children references are included.\n\t- depth=2: Direct properties and children properties are included.\n\t- depth=3: Direct properties and children properties and children's children are included.\n\t- depth=... and so on","schema":{"maximum":10,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```

## Partially modify firewall rules

> Update the properties of the specified firewall rule.

```json
{"openapi":"3.0.3","info":{"title":"CLOUD API","version":"6.0"},"tags":[{"name":"Firewall rules"}],"servers":[{"url":"https://api.ionos.com/cloudapi/v6"}],"security":[{"BasicAuthentication":[]},{"TokenAuthentication":[]}],"components":{"securitySchemes":{"BasicAuthentication":{"type":"http","description":"You will need to base64 encode the string containing your credentials. <div style=\"padding: 15px; border: 1px solid #d1ecf1; background-color: #d1ecf1; color: #0c5460; margin-bottom: 15px;\">\n  <strong>Note:</strong><br/><br/>\n  <ul><li><b>Basic Authentication</b> is supported only when <b>2-Factor \n  Authentication</b> is not configured.</li>\n  <li>Users with <b>2-Factor \n  Authentication</b> activated must generate new 2FA-secured tokens in the DCD using [Token Manager](https://docs.ionos.com/cloud/set-up-ionos-cloud/management/identity-access-management/token-manager). \n  These tokens do not inherit the <b>2FA-secured</b> property by default.</li><li>Token deletion is only possible using the <b>Token Manager</b>.</li>\n</div> Separate your username and password with a colon, i.e., username:password and send it as 'Authorization' request header. More details: https://en.wikipedia.org/wiki/Basic_access_authentication","scheme":"basic"},"TokenAuthentication":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"FirewallruleProperties":{"required":["protocol"],"type":"object","properties":{"name":{"type":"string","description":"The name of the  resource."},"protocol":{"type":"string","description":"The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests).","enum":["TCP","UDP","ICMP","ICMPv6","GRE","VRRP","ESP","AH","ANY"]},"sourceMac":{"type":"string","description":"Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.","nullable":true},"ipVersion":{"type":"string","description":"The IP version for this rule. If sourceIp or targetIp are specified, you can omit this value - the IP version will then be deduced from the IP address(es) used; if you specify it anyway, it must match the specified IP address(es). If neither sourceIp nor targetIp are specified, this rule allows traffic only for the specified IP version. If neither sourceIp, targetIp nor ipVersion are specified, this rule will only allow IPv4 traffic.","nullable":true,"enum":["IPv4","IPv6"]},"sourceIp":{"type":"string","description":"Only traffic originating from the respective IP address (or CIDR block) is allowed. Value null allows traffic from any IP address (according to the selected ipVersion).","nullable":true},"targetIp":{"type":"string","description":"If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address (or CIDR block) of the NIC is allowed. Value null allows traffic to any target IP address (according to the selected ipVersion).","nullable":true},"icmpCode":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed code (from 0 to 254) if protocol ICMP or ICMPv6 is chosen. Value null allows all codes.","format":"int32","nullable":true},"icmpType":{"maximum":254,"minimum":0,"type":"integer","description":"Defines the allowed type (from 0 to 254) if the protocol ICMP or ICMPv6 is chosen. Value null allows all types.","format":"int32","nullable":true},"portRangeStart":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the start range of the allowed port (from 1 to 65535) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd value null to allow all ports.","format":"int32"},"portRangeEnd":{"maximum":65535,"minimum":1,"type":"integer","description":"Defines the end range of the allowed port (from 1 to 65535) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.","format":"int32"},"type":{"type":"string","description":"The type of the firewall rule. If not specified, the default INGRESS value is used.","enum":["INGRESS","EGRESS"]}}},"FirewallRule":{"required":["properties"],"type":"object","properties":{"id":{"type":"string","description":"The resource's unique identifier.","readOnly":true},"type":{"type":"string","description":"The type of object that has been created.","allOf":[{"$ref":"#/components/schemas/Type"}]},"href":{"type":"string","description":"URL to the object representation (absolute path).","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/DatacenterElementMetadata"},"properties":{"$ref":"#/components/schemas/FirewallruleProperties"}}},"Type":{"type":"string","enum":["datacenter","server","volume","nic","loadbalancer","location","firewall-rule","flow-log","image","snapshot","lan","ipblock","pcc","contract","user","group","collection","resource","request","request-status","s3key","backupunit","label","k8s","nodepool","template","networkloadbalancer","forwarding-rule","natgateway","natgateway-rule","node","applicationloadbalancer","target-group","security-group","gpu"]},"DatacenterElementMetadata":{"type":"object","properties":{"etag":{"type":"string","description":"Resource's Entity Tag as defined in http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11  Entity Tag is also added as an 'ETag response header to requests which don't use 'depth' parameter.","readOnly":true},"createdDate":{"type":"string","description":"The last time the resource was created.","format":"date-time","readOnly":true},"createdBy":{"type":"string","description":"The user who created the resource.","readOnly":true},"createdByUserId":{"type":"string","description":"The unique ID of the user who created the resource.","readOnly":true},"lastModifiedDate":{"type":"string","description":"The last time the resource was modified.","format":"date-time","readOnly":true},"lastModifiedBy":{"type":"string","description":"The user who last modified the resource.","readOnly":true},"lastModifiedByUserId":{"type":"string","description":"The unique ID of the user who last modified the resource.","readOnly":true},"state":{"type":"string","description":"State of the resource. *AVAILABLE* There are no pending modification requests for this item; *BUSY* There is at least one modification request pending and all following requests will be queued; *INACTIVE* Resource has been de-provisioned; *DEPLOYING* Resource state DEPLOYING - relevant for Kubernetes cluster/nodepool; *ACTIVE* Resource state ACTIVE - relevant for Kubernetes cluster/nodepool; *FAILED* Resource state FAILED - relevant for Kubernetes cluster/nodepool; *SUSPENDED* Resource state SUSPENDED - relevant for Kubernetes cluster/nodepool; *FAILED_SUSPENDED* Resource state FAILED_SUSPENDED - relevant for Kubernetes cluster; *UPDATING* Resource state UPDATING - relevant for Kubernetes cluster/nodepool; *FAILED_UPDATING* Resource state FAILED_UPDATING - relevant for Kubernetes cluster/nodepool; *DESTROYING* Resource state DESTROYING - relevant for Kubernetes cluster; *FAILED_DESTROYING* Resource state FAILED_DESTROYING - relevant for Kubernetes cluster/nodepool; *TERMINATED* Resource state TERMINATED - relevant for Kubernetes cluster/nodepool; *HIBERNATING* Resource state HIBERNATING - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool; *MAINTENANCE* Resource state MAINTENANCE - relevant for Kubernetes cluster/nodepool; *FAILED_HIBERNATING* Resource state FAILED_HIBERNATING - relevant for Kubernetes cluster/nodepool.","readOnly":true,"enum":["AVAILABLE","INACTIVE","BUSY","DEPLOYING","ACTIVE","FAILED","SUSPENDED","FAILED_SUSPENDED","UPDATING","FAILED_UPDATING","DESTROYING","FAILED_DESTROYING","TERMINATED","HIBERNATING","FAILED_HIBERNATING","MAINTENANCE","FAILED_MAINTENANCE","UNKNOWN"]}}},"Error":{"type":"object","properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation.","format":"int32","readOnly":true},"messages":{"type":"array","items":{"$ref":"#/components/schemas/ErrorMessage"}}}},"ErrorMessage":{"type":"object","properties":{"errorCode":{"type":"string","description":"Application internal error code.","readOnly":true},"message":{"type":"string","description":"A human-readable message.","readOnly":true}}}}},"paths":{"/datacenters/{datacenterId}/servers/{serverId}/nics/{nicId}/firewallrules/{firewallruleId}":{"patch":{"tags":["Firewall rules"],"summary":"Partially modify firewall rules","description":"Update the properties of the specified firewall rule.","operationId":"datacentersServersNicsFirewallrulesPatch","parameters":[{"name":"datacenterId","in":"path","description":"The unique ID of the data center.","required":true,"schema":{"type":"string"}},{"name":"serverId","in":"path","description":"The unique ID of the server.","required":true,"schema":{"type":"string"}},{"name":"nicId","in":"path","description":"The unique ID of the NIC.","required":true,"schema":{"type":"string"}},{"name":"firewallruleId","in":"path","description":"The unique ID of the firewall rule.","required":true,"schema":{"type":"string"}},{"name":"pretty","in":"query","description":"Controls whether the response is pretty-printed (with indentations and new lines).","schema":{"type":"boolean","default":true}},{"name":"depth","in":"query","description":"Controls the detail depth of the response objects. \nGET /datacenters/[ID]\n\t- depth=0: Only direct properties are included; children (servers and other elements) are not included.\n\t- depth=1: Direct properties and children references are included.\n\t- depth=2: Direct properties and children properties are included.\n\t- depth=3: Direct properties and children properties and children's children are included.\n\t- depth=... and so on","schema":{"maximum":10,"minimum":0,"type":"integer","format":"int32","default":0}},{"name":"X-Contract-Number","in":"header","description":"Users with multiple contracts must provide the contract number, for which all API requests are to be executed.","schema":{"type":"integer","format":"int32"}}],"requestBody":{"description":"The properties of the firewall rule to be updated.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/FirewallruleProperties"}}},"required":true},"responses":{"202":{"description":"Successful operation","headers":{"X-RateLimit-Remaining":{"description":"The number of requests that can still be made without triggering a failure response.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Limit":{"description":"The average number of requests per minute allowed.","schema":{"type":"integer","format":"int32"}},"X-RateLimit-Burst":{"description":"The maximum number of concurrent API requests allowed.","schema":{"type":"integer","format":"int32"}},"Location":{"description":"Callback URL to poll async operation status.","schema":{"pattern":"https://[apiBaseUri]/requests/[requestId]/status","type":"string"}}},"content":{"application/json":{"schema":{"$ref":"#/components/schemas/FirewallRule"}}}},"default":{"description":"Any erroneous status code: 400 (parse error), 401 (auth error), 402 (trial access), 403 (insufficient privileges), 404 (not found), 405 (unsupported HTTP method), 415 (unsupported content type, 422 (validation error), 429 (request rate limit exceeded), 500 (server error), or 503 (maintenance).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}}}
```