Skip to content
DigitalOcean Gradient™ AI Agentic Cloud SDK Docs
  • Auto
  • Light
  • Dark

Update

API Reference
GPU Droplets
Firewalls
Update a Firewall
put/v2/firewalls/{firewall_id}

To update the configuration of an existing firewall, send a PUT request to /v2/firewalls/$FIREWALL_ID. The request should contain a full representation of the firewall including existing attributes. Note that any attributes that are not provided will be reset to their default values.

You must have read access (e.g. droplet:read) to all resources attached to the firewall to successfully update the firewall.

Path ParametersExpand Collapse
firewall_id: string
formatuuid
Body ParametersExpand Collapse
firewall: Firewall { id, created_at, droplet_ids, 6 more }
id: optional string

A unique ID that can be used to identify and reference a firewall.

created_at: optional string

A time value given in ISO8601 combined date and time format that represents when the firewall was created.

formatdate-time
droplet_ids: optional array of number

An array containing the IDs of the Droplets assigned to the firewall.

Requires droplet:read scope.

inbound_rules: optional array of object { ports, protocol, sources }
ports: string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "0" when all ports are open for a protocol. For ICMP rules this parameter will always return "0".

protocol: "tcp" or "udp" or "icmp"

The type of traffic to be allowed. This may be one of tcp, udp, or icmp.

Accepts one of the following:
"tcp"
"udp"
"icmp"
sources: FirewallRuleTarget { addresses, droplet_ids, kubernetes_ids, 2 more }

An object specifying locations from which inbound traffic will be accepted.

addresses: optional array of string

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the firewall will allow traffic.

droplet_ids: optional array of number

An array containing the IDs of the Droplets to which the firewall will allow traffic.

kubernetes_ids: optional array of string

An array containing the IDs of the Kubernetes clusters to which the firewall will allow traffic.

load_balancer_uids: optional array of string

An array containing the IDs of the load balancers to which the firewall will allow traffic.

tags: optional array of string

A flat array of tag names as strings to be applied to the resource. Tag names must exist in order to be referenced in a request.

Requires tag:create and tag:read scopes.

name: optional string

A human-readable name for a firewall. The name must begin with an alphanumeric character. Subsequent characters must either be alphanumeric characters, a period (.), or a dash (-).

outbound_rules: optional array of object { destinations, ports, protocol }
destinations: FirewallRuleTarget { addresses, droplet_ids, kubernetes_ids, 2 more }

An object specifying locations to which outbound traffic that will be allowed.

addresses: optional array of string

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the firewall will allow traffic.

droplet_ids: optional array of number

An array containing the IDs of the Droplets to which the firewall will allow traffic.

kubernetes_ids: optional array of string

An array containing the IDs of the Kubernetes clusters to which the firewall will allow traffic.

load_balancer_uids: optional array of string

An array containing the IDs of the load balancers to which the firewall will allow traffic.

tags: optional array of string

A flat array of tag names as strings to be applied to the resource. Tag names must exist in order to be referenced in a request.

Requires tag:create and tag:read scopes.

ports: string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "0" when all ports are open for a protocol. For ICMP rules this parameter will always return "0".

protocol: "tcp" or "udp" or "icmp"

The type of traffic to be allowed. This may be one of tcp, udp, or icmp.

Accepts one of the following:
"tcp"
"udp"
"icmp"
pending_changes: optional array of object { droplet_id, removing, status }

An array of objects each containing the fields "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

droplet_id: optional number
removing: optional boolean
status: optional string
status: optional "waiting" or "succeeded" or "failed"

A status string indicating the current state of the firewall. This can be "waiting", "succeeded", or "failed".

Accepts one of the following:
"waiting"
"succeeded"
"failed"
tags: optional array of string

A flat array of tag names as strings to be applied to the resource. Tag names must exist in order to be referenced in a request.

Requires tag:create and tag:read scopes.

ReturnsExpand Collapse
firewall: optional Firewall { id, created_at, droplet_ids, 6 more }
id: optional string

A unique ID that can be used to identify and reference a firewall.

created_at: optional string

A time value given in ISO8601 combined date and time format that represents when the firewall was created.

formatdate-time
droplet_ids: optional array of number

An array containing the IDs of the Droplets assigned to the firewall.

Requires droplet:read scope.

inbound_rules: optional array of object { ports, protocol, sources }
ports: string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "0" when all ports are open for a protocol. For ICMP rules this parameter will always return "0".

protocol: "tcp" or "udp" or "icmp"

The type of traffic to be allowed. This may be one of tcp, udp, or icmp.

Accepts one of the following:
"tcp"
"udp"
"icmp"
sources: FirewallRuleTarget { addresses, droplet_ids, kubernetes_ids, 2 more }

An object specifying locations from which inbound traffic will be accepted.

addresses: optional array of string

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the firewall will allow traffic.

droplet_ids: optional array of number

An array containing the IDs of the Droplets to which the firewall will allow traffic.

kubernetes_ids: optional array of string

An array containing the IDs of the Kubernetes clusters to which the firewall will allow traffic.

load_balancer_uids: optional array of string

An array containing the IDs of the load balancers to which the firewall will allow traffic.

tags: optional array of string

A flat array of tag names as strings to be applied to the resource. Tag names must exist in order to be referenced in a request.

Requires tag:create and tag:read scopes.

name: optional string

A human-readable name for a firewall. The name must begin with an alphanumeric character. Subsequent characters must either be alphanumeric characters, a period (.), or a dash (-).

outbound_rules: optional array of object { destinations, ports, protocol }
destinations: FirewallRuleTarget { addresses, droplet_ids, kubernetes_ids, 2 more }

An object specifying locations to which outbound traffic that will be allowed.

addresses: optional array of string

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the firewall will allow traffic.

droplet_ids: optional array of number

An array containing the IDs of the Droplets to which the firewall will allow traffic.

kubernetes_ids: optional array of string

An array containing the IDs of the Kubernetes clusters to which the firewall will allow traffic.

load_balancer_uids: optional array of string

An array containing the IDs of the load balancers to which the firewall will allow traffic.

tags: optional array of string

A flat array of tag names as strings to be applied to the resource. Tag names must exist in order to be referenced in a request.

Requires tag:create and tag:read scopes.

ports: string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "0" when all ports are open for a protocol. For ICMP rules this parameter will always return "0".

protocol: "tcp" or "udp" or "icmp"

The type of traffic to be allowed. This may be one of tcp, udp, or icmp.

Accepts one of the following:
"tcp"
"udp"
"icmp"
pending_changes: optional array of object { droplet_id, removing, status }

An array of objects each containing the fields "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

droplet_id: optional number
removing: optional boolean
status: optional string
status: optional "waiting" or "succeeded" or "failed"

A status string indicating the current state of the firewall. This can be "waiting", "succeeded", or "failed".

Accepts one of the following:
"waiting"
"succeeded"
"failed"
tags: optional array of string

A flat array of tag names as strings to be applied to the resource. Tag names must exist in order to be referenced in a request.

Requires tag:create and tag:read scopes.

Update a Firewall
  • http
  • typescript
  • python
curl https://api.digitalocean.com/v2/firewalls/$FIREWALL_ID \
    -X PUT \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $DIGITALOCEAN_ACCESS_TOKEN" \
    -d '{
          "droplet_ids": [
            8043964
          ],
          "inbound_rules": [
            {
              "ports": "8080",
              "protocol": "tcp",
              "sources": {
                "addresses": [
                  "1.2.3.4",
                  "18.0.0.0/8"
                ],
                "droplet_ids": [
                  8043964
                ],
                "kubernetes_ids": [
                  "41b74c5d-9bd0-5555-5555-a57c495b81a3"
                ],
                "load_balancer_uids": [
                  "4de7ac8b-495b-4884-9a69-1050c6793cd6"
                ],
                "tags": [
                  "base-image",
                  "prod"
                ]
              }
            },
            {
              "ports": "22",
              "protocol": "tcp",
              "sources": {
                "addresses": [
                  "18.0.0.0/8"
                ],
                "droplet_ids": [
                  8043964
                ],
                "kubernetes_ids": [
                  "41b74c5d-9bd0-5555-5555-a57c495b81a3"
                ],
                "load_balancer_uids": [
                  "4de7ac8b-495b-4884-9a69-1050c6793cd6"
                ],
                "tags": [
                  "gateway"
                ]
              }
            }
          ],
          "name": "frontend-firewall",
          "outbound_rules": [
            {
              "destinations": {
                "addresses": [
                  "0.0.0.0/0",
                  "::/0"
                ],
                "droplet_ids": [
                  8043964
                ],
                "kubernetes_ids": [
                  "41b74c5d-9bd0-5555-5555-a57c495b81a3"
                ],
                "load_balancer_uids": [
                  "4de7ac8b-495b-4884-9a69-1050c6793cd6"
                ],
                "tags": [
                  "base-image",
                  "prod"
                ]
              },
              "ports": "8080",
              "protocol": "tcp"
            }
          ],
          "tags": [
            "frontend"
          ]
        }'
{
  "firewall": {
    "id": "bb4b2611-3d72-467b-8602-280330ecd65c",
    "created_at": "2020-05-23T21:24:00Z",
    "droplet_ids": [
      8043964
    ],
    "inbound_rules": [
      {
        "ports": "8000",
        "protocol": "tcp",
        "sources": {
          "addresses": [
            "1.2.3.4",
            "18.0.0.0/8"
          ],
          "droplet_ids": [
            8043964
          ],
          "kubernetes_ids": [
            "41b74c5d-9bd0-5555-5555-a57c495b81a3"
          ],
          "load_balancer_uids": [
            "4de7ac8b-495b-4884-9a69-1050c6793cd6"
          ],
          "tags": [
            "base-image",
            "prod"
          ]
        }
      }
    ],
    "name": "firewall",
    "outbound_rules": [
      {
        "destinations": {
          "addresses": [
            "1.2.3.4",
            "18.0.0.0/8"
          ],
          "droplet_ids": [
            8043964
          ],
          "kubernetes_ids": [
            "41b74c5d-9bd0-5555-5555-a57c495b81a3"
          ],
          "load_balancer_uids": [
            "4de7ac8b-495b-4884-9a69-1050c6793cd6"
          ],
          "tags": [
            "base-image",
            "prod"
          ]
        },
        "ports": "8000",
        "protocol": "tcp"
      }
    ],
    "pending_changes": [
      {
        "droplet_id": 8043964,
        "removing": false,
        "status": "waiting"
      }
    ],
    "status": "waiting",
    "tags": [
      "base-image",
      "prod"
    ]
  }
}
Returns Examples
{
  "firewall": {
    "id": "bb4b2611-3d72-467b-8602-280330ecd65c",
    "created_at": "2020-05-23T21:24:00Z",
    "droplet_ids": [
      8043964
    ],
    "inbound_rules": [
      {
        "ports": "8000",
        "protocol": "tcp",
        "sources": {
          "addresses": [
            "1.2.3.4",
            "18.0.0.0/8"
          ],
          "droplet_ids": [
            8043964
          ],
          "kubernetes_ids": [
            "41b74c5d-9bd0-5555-5555-a57c495b81a3"
          ],
          "load_balancer_uids": [
            "4de7ac8b-495b-4884-9a69-1050c6793cd6"
          ],
          "tags": [
            "base-image",
            "prod"
          ]
        }
      }
    ],
    "name": "firewall",
    "outbound_rules": [
      {
        "destinations": {
          "addresses": [
            "1.2.3.4",
            "18.0.0.0/8"
          ],
          "droplet_ids": [
            8043964
          ],
          "kubernetes_ids": [
            "41b74c5d-9bd0-5555-5555-a57c495b81a3"
          ],
          "load_balancer_uids": [
            "4de7ac8b-495b-4884-9a69-1050c6793cd6"
          ],
          "tags": [
            "base-image",
            "prod"
          ]
        },
        "ports": "8000",
        "protocol": "tcp"
      }
    ],
    "pending_changes": [
      {
        "droplet_id": 8043964,
        "removing": false,
        "status": "waiting"
      }
    ],
    "status": "waiting",
    "tags": [
      "base-image",
      "prod"
    ]
  }
}