doctl compute firewall create

Go to Navigation

Usage

doctl compute firewall create [flags]

Aliases

c

Description

Creates a cloud firewall. This command must contain at least one inbound or outbound access rule.

Example

The following example creates a cloud firewall named example-firewall that contains an inbound rule and an outbound rule and applies them to the specified Droplet:

doctl compute firewall create --name "example-firewall" --inbound-rules "protocol:tcp,ports:22,droplet_id:386734086" --outbound-rules "protocol:tcp,ports:22,address:0.0.0.0/0" --droplet-ids "386734086,391669331"

Flags

Option Description
--droplet-ids A comma-separated list of Droplet IDs to place behind the cloud firewall, for example: 386734086,391669331
--format Columns for output in a comma-separated list. Possible values: ID, Name, Status, Created, InboundRules, OutboundRules, DropletIDs, Tags, PendingChanges.
--help , -h Help for this command
--inbound-rules

A comma-separated key-value list that defines an inbound rule. The rule must define a communication protocol, a port number, and a traffic source location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that resources can only receive TCP traffic on port 22 from addresses in the specified CIDR: protocol:tcp,ports:22,address:192.0.2.0/24.

Available source keys are: address, droplet_id, load_balancer_uid, kubernetes_id, and tag.

Use a quoted string of space-separated values for multiple rules.

--name The firewall’s name (required)
--no-header Return raw data with no headers
Default: false
--outbound-rules

A comma-separate key-value list that defines an outbound rule. The rule must define a communication protocol, a port number, and a destination location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that the firewall only allows traffic to be sent to port 22 of any IPv4 address on the internet: protocol:tcp,ports:22,address:0.0.0.0/0.

Available destination keys are: address, droplet_id, load_balancer_uid, kubernetes_id, and tag.

Use a quoted string of space-separated values for multiple rules.

--tag-names A comma-separated list of existing tags, for example: frontend,backend. Droplets with these tags will be placed behind the cloud firewall
Command Description
doctl compute firewall Display commands to manage cloud firewalls

Global Flags

Option Description
--access-token, -t API V2 access token
--api-url, -u Override default API endpoint
--config, -c Specify a custom config file
Default:
  • macOS: ${HOME}/Library/Application Support/doctl/config.yaml
  • Linux: ${XDG_CONFIG_HOME}/doctl/config.yaml
  • Windows: %APPDATA%\doctl\config.yaml
--context Specify a custom authentication context name
--http-retry-max Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5
--http-retry-wait-max Set the minimum number of seconds to wait before retrying a failed request
Default: 30
--http-retry-wait-min Set the maximum number of seconds to wait before retrying a failed request
Default: 1
--interactive Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false
--output, -o Desired output format [text|json]
Default: text
--trace Show a log of network activity while performing a command
Default: false
--verbose, -v Enable verbose output
Default: false