Skip to content
DigitalOcean Gradient™ AI Agentic Cloud SDK Docs
  • Auto
  • Light
  • Dark

Add

API Reference
GPU Droplets
Firewalls
Rules
Add Rules to a Firewall
post/v2/firewalls/{firewall_id}/rules

To add additional access rules to a firewall, send a POST request to /v2/firewalls/$FIREWALL_ID/rules. The body of the request may include an inbound_rules and/or outbound_rules attribute containing an array of rules to be added.

No response body will be sent back, but the response code will indicate success. Specifically, the response code will be a 204, which means that the action was successful with no returned body data.

Path ParametersExpand Collapse
firewall_id: string
Body ParametersExpand Collapse
inbound_rules: optional array of object { ports, protocol, sources }
ports: string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "0" when all ports are open for a protocol. For ICMP rules this parameter will always return "0".

protocol: "tcp" or "udp" or "icmp"

The type of traffic to be allowed. This may be one of tcp, udp, or icmp.

Accepts one of the following:
"tcp"
"udp"
"icmp"
sources: FirewallRuleTarget { addresses, droplet_ids, kubernetes_ids, 2 more }

An object specifying locations from which inbound traffic will be accepted.

addresses: optional array of string

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the firewall will allow traffic.

droplet_ids: optional array of number

An array containing the IDs of the Droplets to which the firewall will allow traffic.

kubernetes_ids: optional array of string

An array containing the IDs of the Kubernetes clusters to which the firewall will allow traffic.

load_balancer_uids: optional array of string

An array containing the IDs of the load balancers to which the firewall will allow traffic.

tags: optional array of string

A flat array of tag names as strings to be applied to the resource. Tag names must exist in order to be referenced in a request.

Requires tag:create and tag:read scopes.

outbound_rules: optional array of object { destinations, ports, protocol }
destinations: FirewallRuleTarget { addresses, droplet_ids, kubernetes_ids, 2 more }

An object specifying locations to which outbound traffic that will be allowed.

addresses: optional array of string

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the firewall will allow traffic.

droplet_ids: optional array of number

An array containing the IDs of the Droplets to which the firewall will allow traffic.

kubernetes_ids: optional array of string

An array containing the IDs of the Kubernetes clusters to which the firewall will allow traffic.

load_balancer_uids: optional array of string

An array containing the IDs of the load balancers to which the firewall will allow traffic.

tags: optional array of string

A flat array of tag names as strings to be applied to the resource. Tag names must exist in order to be referenced in a request.

Requires tag:create and tag:read scopes.

ports: string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "0" when all ports are open for a protocol. For ICMP rules this parameter will always return "0".

protocol: "tcp" or "udp" or "icmp"

The type of traffic to be allowed. This may be one of tcp, udp, or icmp.

Accepts one of the following:
"tcp"
"udp"
"icmp"
Add Rules to a Firewall
  • http
  • typescript
  • python
curl https://api.digitalocean.com/v2/firewalls/$FIREWALL_ID/rules \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $DIGITALOCEAN_ACCESS_TOKEN"
Returns Examples