Vps
Firewall
Configure firewall rules and policies to secure your virtual machines.
Firewall
Configure firewall rules and policies to secure your virtual machines.
Get Firewall Configuration
GET /projects/{project}/products/{product}/vps/firewall
Retrieve the complete firewall configuration including policies, rules, and network interfaces.
Path Parameters
| Name | Type | Description |
|---|---|---|
| project | string | Unique project identifier |
| product | string | Unique product/VM identifier |
Headers
| Name | Type | Description |
|---|---|---|
| Authorization | string | Bearer token for authentication |
| Permission | string | READ_FIREWALL |
Response
200 - Success
{
"enabled": true,
"policy_in": "ACCEPT",
"policy_out": "ACCEPT",
"rules": [
{
"pos": 0,
"comment": "SSH Access",
"type": "in",
"enabled": true,
"protocol": "tcp",
"source": "0.0.0.0/0",
"interface": "net0",
"action": "ACCEPT",
"destionation": null,
"ipVersion": null,
"dport": "22",
"sport": null
}
],
"interfaces": [
{
"name": "net0",
"vlan": "111",
"ips": ["192.121.119.100", "2001:67c:bec:b::100/128"]
}
]
}
Update Firewall Policies
POST /projects/{project}/products/{product}/vps/firewall
Update the default firewall policies for incoming and outgoing traffic.
⚠️ Important: Changing the default policy to
DROPorREJECTwithout proper rules may lock you out of your VM. Ensure you have appropriate access rules before applying restrictive policies.
Path Parameters
| Name | Type | Description |
|---|---|---|
| project | string | Unique project identifier |
| product | string | Unique product/VM identifier |
Headers
| Name | Type | Description |
|---|---|---|
| Authorization | string | Bearer token for authentication |
| Permission | string | WRITE_FIREWALL |
Request Body
| Name | Type | Description |
|---|---|---|
| policy_in | string | Default policy for incoming traffic (ACCEPT, DROP, REJECT) |
| policy_out | string | Default policy for outgoing traffic (ACCEPT, DROP, REJECT) |
Policy Options:
ACCEPT- Allow all traffic by defaultDROP- Silently drop unmatched trafficREJECT- Reject unmatched traffic with error response
Example Request:
{
"policy_in": "DROP",
"policy_out": "ACCEPT"
}
Response
200 - Success
{
"success": true
}
Add Firewall Rule
POST /projects/{project}/products/{product}/vps/firewall/rules
Add a new firewall rule to control network traffic.
Path Parameters
| Name | Type | Description |
|---|---|---|
| project | string | Unique project identifier |
| product | string | Unique product/VM identifier |
Headers
| Name | Type | Description |
|---|---|---|
| Authorization | string | Bearer token for authentication |
| Permission | string | WRITE_FIREWALL |
Request Body
| Name | Type | Description |
|---|---|---|
| pos | number | Rule position in the firewall list |
| comment | string | Optional. Description of the rule |
| type | string | Traffic direction (in, out) |
| enabled | boolean | Whether the rule is active |
| protocol | string | Network protocol (tcp, udp, icmp, etc.) |
| source | string | Optional. Source IP address or range |
| interface | string | Network interface name |
| action | string | Action to take (ACCEPT, DROP, REJECT) |
| destionation | string | Optional. Destination IP address or range |
| dport | string | Optional. Destination port(s) |
| sport | string | Optional. Source port(s) |
Common Protocols:
tcp- TCP trafficudp- UDP trafficicmp- ICMP traffic (ping, etc.)
Example Request (Web Traffic):
{
"pos": 1,
"comment": "Web Traffic",
"type": "in",
"enabled": true,
"protocol": "tcp",
"source": "0.0.0.0/0",
"interface": "net0",
"action": "ACCEPT",
"dport": "80,443"
}
Example Request (SSH from Specific IP):
{
"pos": 0,
"comment": "SSH Access from Office",
"type": "in",
"enabled": true,
"protocol": "tcp",
"source": "203.0.113.0/24",
"interface": "net0",
"action": "ACCEPT",
"dport": "22"
}
Response
200 - Success
{
"success": true
}
Update Firewall Rule
PUT /projects/{project}/products/{product}/vps/firewall/rules/{pos}
Update an existing firewall rule.
Path Parameters
| Name | Type | Description |
|---|---|---|
| project | string | Unique project identifier |
| product | string | Unique product/VM identifier |
| pos | number | Rule position to update |
Headers
| Name | Type | Description |
|---|---|---|
| Authorization | string | Bearer token for authentication |
| Permission | string | WRITE_FIREWALL |
Request Body
Use the same request body format as Add Firewall Rule.
Response
200 - Success
{
"success": true
}
Delete Firewall Rule
DELETE /projects/{project}/products/{product}/vps/firewall/rules/{pos}
Remove a firewall rule.
Path Parameters
| Name | Type | Description |
|---|---|---|
| project | string | Unique project identifier |
| product | string | Unique product/VM identifier |
| pos | number | Rule position to delete |
Headers
| Name | Type | Description |
|---|---|---|
| Authorization | string | Bearer token for authentication |
| Permission | string | WRITE_FIREWALL |
Response
200 - Success
{
"success": true
}
Firewall Best Practices
🔒 Security Recommendations
- Start Restrictive: Begin with a
DROPdefault policy and explicitly allow only required traffic - Limit SSH Access: Restrict SSH access to specific IP ranges when possible
- Use Comments: Always add descriptive comments to your firewall rules
- Regular Reviews: Periodically review and remove unused rules
📝 Common Rule Examples
Allow SSH from specific network:
{
"comment": "SSH from office network",
"type": "in",
"protocol": "tcp",
"source": "198.51.100.0/24",
"action": "ACCEPT",
"dport": "22"
}
Allow web traffic:
{
"comment": "HTTP/HTTPS traffic",
"type": "in",
"protocol": "tcp",
"source": "0.0.0.0/0",
"action": "ACCEPT",
"dport": "80,443"
}
Allow ping:
{
"comment": "ICMP ping",
"type": "in",
"protocol": "icmp",
"source": "0.0.0.0/0",
"action": "ACCEPT"
}
Related Topics
- Networking - Manage IP addresses and PTR records
- Virtual Machines - Basic VM information
- VM Management - Control and monitor your VMs