doctl compute firewall add-rules
Generated on 9 Apr 2025
from doctl
version
v1.124.0
Usage
doctl compute firewall add-rules <firewall-id> [flags]
Description
Add inbound or outbound rules to a cloud firewall.
Example
The following example adds an inbound rule and an outbound rule to a cloud firewall with the ID f81d4fae-7dec-11d0-a765-00a0c91e6bf6
:
doctl compute firewall add-rules f81d4fae-7dec-11d0-a765-00a0c91e6bf6 --inbound-rules "protocol:tcp,ports:22,droplet_id:386734086" --outbound-rules "protocol:tcp,ports:22,address:0.0.0.0/0"
Flags
Option | Description |
---|---|
--help , -h |
Help for this command |
--inbound-rules |
A comma-separated key-value list that defines an inbound rule. The rule must define a communication protocol, a port number, and a traffic source location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that resources can only receive TCP traffic on port 22 from addresses in the specified CIDR: Available source keys are: Use a quoted string of space-separated values for multiple rules. |
--outbound-rules |
A comma-separate key-value list that defines an outbound rule. The rule must define a communication protocol, a port number, and a destination location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that the firewall only allows traffic to be sent to port 22 of any IPv4 address on the internet: Available destination keys are: Use a quoted string of space-separated values for multiple rules. |
Related Commands
Command | Description |
---|---|
doctl compute firewall | Display commands to manage cloud firewalls |
Global Flags
Option | Description |
---|---|
--access-token , -t |
API V2 access token |
--api-url , -u |
Override default API endpoint |
--config , -c |
Specify a custom config file Default: |
--context |
Specify a custom authentication context name |
--http-retry-max |
Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5 |
--http-retry-wait-max |
Set the minimum number of seconds to wait before retrying a failed request
Default: 30 |
--http-retry-wait-min |
Set the maximum number of seconds to wait before retrying a failed request
Default: 1 |
--interactive |
Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false |
--output , -o |
Desired output format [text|json] Default: text |
--trace |
Show a log of network activity while performing a command Default: false |
--verbose , -v |
Enable verbose output Default: false |