Give Feedback

doctl compute firewall add-rules

Generated on 9 Apr 2025 from doctl version v1.124.0

Usage

doctl compute firewall add-rules <firewall-id> [flags]

Description

Add inbound or outbound rules to a cloud firewall.

Example

The following example adds an inbound rule and an outbound rule to a cloud firewall with the ID f81d4fae-7dec-11d0-a765-00a0c91e6bf6:

doctl compute firewall add-rules f81d4fae-7dec-11d0-a765-00a0c91e6bf6 --inbound-rules "protocol:tcp,ports:22,droplet_id:386734086" --outbound-rules "protocol:tcp,ports:22,address:0.0.0.0/0"

Flags

Option Description

--help, -h Help for this command

Option	Description
`--help`, `-h`	Help for this command
`--inbound-rules`	A comma-separated key-value list that defines an inbound rule. The rule must define a communication protocol, a port number, and a traffic source location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that resources can only receive TCP traffic on port 22 from addresses in the specified CIDR: `protocol:tcp,ports:22,address:192.0.2.0/24`. Available source keys are: `address`, `droplet_id`, `load_balancer_uid`, `kubernetes_id`, and `tag`. Use a quoted string of space-separated values for multiple rules.
`--outbound-rules`	A comma-separate key-value list that defines an outbound rule. The rule must define a communication protocol, a port number, and a destination location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that the firewall only allows traffic to be sent to port 22 of any IPv4 address on the internet: `protocol:tcp,ports:22,address:0.0.0.0/0`. Available destination keys are: `address`, `droplet_id`, `load_balancer_uid`, `kubernetes_id`, and `tag`. Use a quoted string of space-separated values for multiple rules.

--inbound-rules

A comma-separated key-value list that defines an inbound rule. The rule must define a communication protocol, a port number, and a traffic source location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that resources can only receive TCP traffic on port 22 from addresses in the specified CIDR: protocol:tcp,ports:22,address:192.0.2.0/24.

Available source keys are: address, droplet_id, load_balancer_uid, kubernetes_id, and tag.

Use a quoted string of space-separated values for multiple rules.

--outbound-rules

A comma-separate key-value list that defines an outbound rule. The rule must define a communication protocol, a port number, and a destination location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that the firewall only allows traffic to be sent to port 22 of any IPv4 address on the internet: protocol:tcp,ports:22,address:0.0.0.0/0.

Available destination keys are: address, droplet_id, load_balancer_uid, kubernetes_id, and tag.