doctl compute firewall create [flags]
c
Creates a cloud firewall. This command must contain at least one inbound or outbound access rule.
The following example creates a cloud firewall named example-firewall
that contains an inbound rule and an outbound rule and applies them to the specified Droplet:
doctl compute firewall create --name "example-firewall" --inbound-rules "protocol:tcp,ports:22,droplet_id:386734086" --outbound-rules "protocol:tcp,ports:22,address:0.0.0.0/0" --droplet-ids "386734086,391669331"
Option | Description |
---|---|
--droplet-ids
|
A comma-separated list of Droplet IDs to place behind the cloud firewall, for example: 386734086,391669331
|
--format
|
Columns for output in a comma-separated list. Possible values: ID , Name , Status , Created , InboundRules , OutboundRules , DropletIDs , Tags , PendingChanges .
|
--help
, -h
|
Help for this command |
--inbound-rules
|
A comma-separated key-value list that defines an inbound rule. The rule must define a communication protocol, a port number, and a traffic source location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that resources can only receive TCP traffic on port 22 from addresses in the specified CIDR: Available source keys are: Use a quoted string of space-separated values for multiple rules. |
--name
|
The firewall’s name (required) |
--no-header
|
Return raw data with no headers
Default: false
|
--outbound-rules
|
A comma-separate key-value list that defines an outbound rule. The rule must define a communication protocol, a port number, and a destination location, such as a Droplet ID, IP address, or a tag. For example, the following rule defines that the firewall only allows traffic to be sent to port 22 of any IPv4 address on the internet: Available destination keys are: Use a quoted string of space-separated values for multiple rules. |
--tag-names
|
A comma-separated list of existing tags, for example: frontend,backend . Droplets with these tags will be placed behind the cloud firewall
|
Command | Description |
---|---|
doctl compute firewall | Display commands to manage cloud firewalls |
Option | Description |
---|---|
--access-token , -t
|
API V2 access token |
--api-url , -u
|
Override default API endpoint |
--config , -c
|
Specify a custom config file
Default:
|
--context
|
Specify a custom authentication context name |
--http-retry-max
|
Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5
|
--http-retry-wait-max
|
Set the minimum number of seconds to wait before retrying a failed request
Default: 30
|
--http-retry-wait-min
|
Set the maximum number of seconds to wait before retrying a failed request
Default: 1
|
--interactive
|
Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false
|
--output , -o
|
Desired output format [text|json]
Default: text
|
--trace
|
Show a log of network activity while performing a command
Default: false
|
--verbose , -v
|
Enable verbose output
Default: false
|