doctl databases firewalls replace
Generated on 10 Jun 2025
from doctl
version
v1.130.0
Usage
doctl databases firewalls replace <database-cluster-id> --rules type:value [--rule type:value] [flags]
Aliases
r
Description
Replace the firewall rules for a specified database. This command requires the --rule
flag.
You can configure multiple rules for the firewall by passing additional arguments in a comma-separated list with the --rule
flag. Each rule passed using the --rule
flag must be in a <type>:<value>
format where:
type
is the type of resource that the firewall rule allows to access the database cluster. Possible values are: droplet
, k8s
, ip_addr
, tag
, app
- value
is either the ID of a specific resource, the name of a tag applied to a group of resources, or the IP address that the firewall rule allows to access the database cluster.
Example
The following example replaces the firewall rules for a database cluster, with the ID ca9f591d-f38h-5555-a0ef-1c02d1d1e35
, with rules that allow a specific Droplet, a specific IP address, and any resources with the example-tag
to access the database:
doctl databases firewalls replace ca9f591d-f38h-5555-a0ef-1c02d1d1e35 --rules droplet:f81d4fae-7dec-11d0-a765-00a0c91e6bf6,ip_addr:192.168.1.1,tag:example-tag
Flags
Option | Description |
---|---|
--help , -h |
Help for this command |
--rule |
A comma-separated list of firewall rules, in type:value format. (required) |
Related Commands
Command | Description |
---|---|
doctl databases firewalls | Display commands to manage firewall rules (called`trusted sources` in the control panel) for database clusters |
Global Flags
Option | Description |
---|---|
--access-token , -t |
API V2 access token |
--api-url , -u |
Override default API endpoint |
--config , -c |
Specify a custom config file Default: |
--context |
Specify a custom authentication context name |
--http-retry-max |
Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5 |
--http-retry-wait-max |
Set the minimum number of seconds to wait before retrying a failed request
Default: 30 |
--http-retry-wait-min |
Set the maximum number of seconds to wait before retrying a failed request
Default: 1 |
--interactive |
Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false |
--output , -o |
Desired output format [text|json] Default: text |
--trace |
Show a log of network activity while performing a command Default: false |
--verbose , -v |
Enable verbose output Default: false |