# Create Firewall rule for a Network Security Group

{% hint style="info" %}
**Note:** Only contract administrators, owners, and users with permissions to the VDC concerned can create and manage NSGs via API.
{% endhint %}

{% hint style="info" %}
**Prerequisite:** You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
{% endhint %}

To create a firewall rule for a NSG, you need to use the following [<mark style="color:blue;">Cloud API</mark>](https://api.ionos.com/docs/cloud/) `POST` request providing the `datacenterId` and `securityGroupId`:

`POST /datacenters/{datacenterId}/securitygroups/{securityGroupId}/rules`

### Request

```bash
curl --location 'https://api.ionos.com/cloudapi/v6/datacenters/5a88aa8b-8aa1-51f6-XXd1-XXXXXe9f31/securitygroups/bxxxx-axXX-0008-8888-99k0444e5555/rules' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YYXabCDeFmLMO0c2hyYUBpb25vcy5jb206I1Bha2lzdGFuXzE=' \
--data '{
    "properties":{
        "name": "My FWR",
        "protocol": "TCP",
        "sourceMac": "00:0a:95:9d:68:16",
        "ipVersion": "IPv4",
        "sourceIp": "22.231.113.12",
        "targetIp": "22.231.113.64",
        "portRangeStart": 8,
        "portRangeEnd": 8,
        "type": "INGRESS"
        }
}'
```

### Response

**202 Accepted**

```json
{
    "id": "0XX070155-XXaf-XXbb-XX20-088x8f0f8137",
    "type": "firewall-rule",
    "href": "https://api.ionos.com/cloudapi/v6/datacenters/5a88aa8b-8aa1-51f6-XXd1-XXXXXe9f31/securitygroups/bxxxx-axXX-0008-8888-99k0444e5555/rules/0d070155-85af-4abb-9120-058c4f0f8137",
    "metadata": {
        "etag": "aca11533be9480b3df9324a7976dd42a",
        "createdDate": "2024-05-21T14:20:32Z",
        "createdBy": "test.test@ionos.com",
        "createdByUserId": "a5af0375-1c1d-4387-9ef1-6ee95d30e54a",
        "lastModifiedDate": "2024-05-21T14:20:32Z",
        "lastModifiedBy": "test.test@ionos.com",
        "lastModifiedByUserId": "a5af0375-1c1d-4387-9ef1-6ee95d30e54a",
        "state": "BUSY"
    },
    "properties": {
        "name": "My FWR",
        "protocol": "TCP",
        "sourceMac": "00:0a:95:9d:68:16",
        "sourceIp": "22.231.113.12",
        "targetIp": "22.231.113.64",
        "icmpCode": null,
        "icmpType": null,
        "portRangeStart": 8,
        "portRangeEnd": 8,
        "ipVersion": "IPv4",
        "type": "INGRESS"
    }
}
```

{% hint style="info" %}
**Note:** For CloudAPI, some resources are created asynchronously. You can check for the progress via the **Status URL** that is returned in the response header of the **POST** or **PUT** call.
{% endhint %}