Networking v4.175.0

Firewalls List

GET https://api.linode.com/v4/networking/firewalls

Returns a paginated list of accessible Firewalls.

Authorizations

personalAccessToken
oauthfirewall:read_only

Query Parameters

page
Type:
[integer] >= 1
Default: 1
Default:
1

The page of a collection to return.

page_size
Type:
[integer] 25..500
Default: 100
Default:
100

The number of items to return per page.

Request Samples

Response Samples

Responses

Firewall Create

POST https://api.linode.com/v4/networking/firewalls

Creates a Firewall to filter network traffic.

  • Use the rules property to create inbound and outbound access rules.

  • Use the devices property to assign the Firewall to a service and apply its Rules to the device. Requires read_write User’s Grants to the device. Currently, Firewalls can be assigned to Linode compute instances and NodeBalancers.

  • A Firewall can be assigned to multiple services at a time.

  • A Firewall can be assigned during Linode creation by utilizing the firewall_id Linode Create Request property.

  • A service can have one active, assigned Firewall at a time.

Additional disabled Firewalls can be assigned to a service, but they cannot be enabled if another active Firewall is already assigned to the same service.

  • Firewalls apply to all of a Linode’s non-vlan purpose Configuration Profile Interfaces.

  • Assigned Linodes must not have any ongoing live migrations.

  • A firewall_create Event is generated when this endpoint returns successfully.

Authorizations

personalAccessToken
oauthfirewall:read_write

Request Samples

Request Body Schema

devices
[object]

Devices to create for this Firewall. When a Device is created, the Firewall is assigned to its associated service. Currently, Devices can be created for Linode compute instances and NodeBalancers.

Additional devices can be assigned after Firewall creation by using the Firewall Device Create command.

linodes
[array]

An array of Linode IDs. A Firewall Device is created for each ID.

nodebalancers
[array]

An array containing a NodeBalancer ID. A Firewall Device is created for the ID.

  • Only one NodeBalancer can be assigned to a Firewall at a time.
  • Firewalls only apply to inbound TCP traffic to NodeBalancers.

label
Required
[string] 3..32 characters

The Firewall’s label, for display purposes only.

Firewall labels have the following constraints:

  • Must begin and end with an alphanumeric character.
  • May only consist of alphanumeric characters, hyphens (-), underscores (_) or periods (.).
  • Cannot have two hyphens (--), underscores (__) or periods (..) in a row.
  • Must be between 3 and 32 characters.
  • Must be unique.

rules
Required
[object]

The inbound and outbound access rules to apply to the Firewall.

A Firewall may have up to 25 rules across its inbound and outbound rulesets.

Multiple rules are applied in order. If two rules conflict, the first rule takes precedence. For example, if the first rule accepts inbound traffic from an address, and the second rule drops inbound traffic the same address, the first rule applies and inbound traffic from that address is accepted.

inbound
[array]

The inbound rules for the firewall, as a JSON array.

inbound_policy
Required
[string]
Enum: ACCEPT DROP

The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule.

outbound
[array]

The outbound rules for the firewall, as a JSON array.

outbound_policy
Required
[string]
Enum: ACCEPT DROP

The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property of the Firewall Rule.

tags
[array]

An array of tags applied to this object. Tags are for organizational purposes only.

Response Samples

Responses

Firewall Delete

DELETE https://api.linode.com/v4/networking/firewalls/{firewallId}

Delete a Firewall resource by its ID. This removes all of the Firewall’s Rules from any services that the Firewall was assigned to.

  • Assigned Linodes must not have any ongoing live migrations.

  • A firewall_delete Event is generated when this endpoint returns successfully.

Authorizations

personalAccessToken
oauthfirewall:read_write

Path Parameters

firewallId[integer]
Required

ID of the Firewall to access.

Request Samples

Response Samples

Responses

Firewall View

GET https://api.linode.com/v4/networking/firewalls/{firewallId}

Get a specific Firewall resource by its ID. The Firewall’s Devices will not be returned in the response. Instead, use the List Firewall Devices endpoint to review them.

Authorizations

personalAccessToken
oauthfirewall:read_only

Path Parameters

firewallId[integer]
Required

ID of the Firewall to access.

Request Samples

Response Samples

Responses

Firewall Update

PUT https://api.linode.com/v4/networking/firewalls/{firewallId}

Updates information for a Firewall.

  • Assigned Linodes must not have any ongoing live migrations.

  • If a Firewall’s status is changed with this endpoint, a corresponding firewall_enable or firewall_disable Event will be generated.

Some parts of a Firewall’s configuration cannot be manipulated by this endpoint:

  • A Firewall’s Devices cannot be set with this endpoint. Instead, use the Create Firewall Device and Delete Firewall Device endpoints to assign and remove this Firewall from services.

  • A Firewall’s Rules cannot be changed with this endpoint. Instead, use the Update Firewall Rules endpoint to update your Rules.

  • A Firewall’s status can be set to enabled or disabled by this endpoint, but it cannot be set to deleted. Instead, use the Delete Firewall endpoint to delete a Firewall.

Authorizations

personalAccessToken
oauthfirewall:read_write

Path Parameters

firewallId[integer]
Required

ID of the Firewall to access.

Request Samples

Request Body Schema

label
[string] 3..32 characters

The Firewall’s label, for display purposes only.

Firewall labels have the following constraints:

  • Must begin and end with an alphanumeric character.
  • May only consist of alphanumeric characters, hyphens (-), underscores (_) or periods (.).
  • Cannot have two hyphens (--), underscores (__) or periods (..) in a row.
  • Must be between 3 and 32 characters.
  • Must be unique.

status
[string]
Enum: enabled disabled

The status to be applied to this Firewall.

  • When a Firewall is first created its status is enabled.
  • Use the Delete Firewall endpoint to delete a Firewall.

tags
[array]

An array of tags applied to this object. Tags are for organizational purposes only.

Response Samples

Responses

Firewall Devices List

GET https://api.linode.com/v4/networking/firewalls/{firewallId}/devices

Returns a paginated list of a Firewall’s Devices. A Firewall Device assigns a Firewall to a service (referred to as the Device’s entity).

Authorizations

personalAccessToken
oauthfirewall:read_only

Path Parameters

firewallId[integer]
Required

ID of the Firewall to access.

Query Parameters

page
Type:
[integer] >= 1
Default: 1
Default:
1

The page of a collection to return.

page_size
Type:
[integer] 25..500
Default: 100
Default:
100

The number of items to return per page.

Request Samples

Response Samples

Responses

Firewall Device Create

POST https://api.linode.com/v4/networking/firewalls/{firewallId}/devices

Creates a Firewall Device, which assigns a Firewall to a service (referred to as the Device’s entity) and applies the Firewall’s Rules to the device.

  • Currently, Devices with linode and nodebalancer entity types are accepted.

  • Firewalls only apply to inbound TCP traffic to NodeBalancers.

  • A Firewall can be assigned to multiple services at a time.

  • A service can have one active, assigned Firewall at a time. Additional disabled Firewalls can be assigned to a service, but they cannot be enabled if another active Firewall is already assigned to the same service.

  • Assigned Linodes must not have any ongoing live migrations.

  • A firewall_device_add Event is generated when the Firewall Device is added successfully.

Authorizations

personalAccessToken
oauthfirewall:read_write

Path Parameters

firewallId[integer]
Required

ID of the Firewall to access.

Request Samples

Request Body Schema

id
Required
[integer]

The entity’s ID

type
Required
[string]
Enum: linode nodebalancer

The entity’s type.

Response Samples

Responses

Firewall Device Delete

DELETE https://api.linode.com/v4/networking/firewalls/{firewallId}/devices/{deviceId}

Removes a Firewall Device, which removes a Firewall from the service it was assigned to by the Device. This removes all of the Firewall’s Rules from the service. If any other Firewalls have been assigned to the service, then those Rules remain in effect.

  • Assigned Linodes must not have any ongoing live migrations.

  • A firewall_device_remove Event is generated when the Firewall Device is removed successfully.

Authorizations

personalAccessToken
oauthfirewall:read_write

Path Parameters

firewallId[integer]
Required

ID of the Firewall to access.

deviceId[integer]
Required

ID of the Firewall Device to access.

Request Samples

Response Samples

Responses

Firewall Device View

GET https://api.linode.com/v4/networking/firewalls/{firewallId}/devices/{deviceId}

Returns information for a Firewall Device, which assigns a Firewall to a service (referred to as the Device’s entity).

Authorizations

personalAccessToken
oauthfirewall:read_only

Path Parameters

firewallId[integer]
Required

ID of the Firewall to access.

deviceId[integer]
Required

ID of the Firewall Device to access.

Request Samples

Response Samples

Responses

Firewall Rules List

GET https://api.linode.com/v4/networking/firewalls/{firewallId}/rules

Returns the inbound and outbound Rules for a Firewall.

Authorizations

personalAccessToken
oauthfirewall:read_only

Path Parameters

firewallId[integer]
Required

ID of the Firewall to access.

Request Samples

Response Samples

Responses

Firewall Rules Update

PUT https://api.linode.com/v4/networking/firewalls/{firewallId}/rules

Updates the inbound and outbound Rules for a Firewall.

  • Assigned Linodes must not have any ongoing live migrations.

  • Note: This command replaces all of a Firewall’s inbound and outbound rulesets with the values specified in your request.

Authorizations

personalAccessToken
oauthfirewall:read_write

Path Parameters

firewallId[integer]
Required

ID of the Firewall to access.

Request Samples

Request Body Schema

inbound
[array]

The inbound rules for the firewall, as a JSON array.

inbound_policy
[string]
Enum: ACCEPT DROP

The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule.

outbound
[array]

The outbound rules for the firewall, as a JSON array.

outbound_policy
[string]
Enum: ACCEPT DROP

The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property of the Firewall Rule.

Response Samples

Responses

IP Addresses List

GET https://api.linode.com/v4/networking/ips

Returns a paginated list of IP Addresses on your Account, excluding private addresses.

We recommend utilizing the “skip_ipv6_rdns” option to improve performance if your application frequently accesses this command and does not require IPv6 RDNS data.

Authorizations

personalAccessToken
oauthips:read_only

Request Samples

Request Body Schema

skip_ipv6_rdns
[boolean]
Default: false

When true, the “rdns” property for any “ipv6” type addresses always returns null regardless of whether RDNS data exists for the address.

The default value is false.

Response Samples

Responses

IP Address Allocate

POST https://api.linode.com/v4/networking/ips

Allocates a new IPv4 Address on your Account. The Linode must be configured to support additional addresses - please open a support ticket requesting additional addresses before attempting allocation.

Authorizations

personalAccessToken
oauthips:read_write,linodes:read_write

Request Samples

Request Body Schema

linode_id
Required
[integer]

The ID of a Linode you you have access to that this address will be allocated to.

public
Required
[boolean]

Whether to create a public or private IPv4 address.

type
Required
[string]
Enum: ipv4

The type of address you are requesting. Only IPv4 addresses may be allocated through this endpoint.

Response Samples

Responses

IP Addresses Assign

POST https://api.linode.com/v4/networking/ips/assign

Assign multiple IPv4 addresses and/or IPv6 ranges to multiple Linodes in one Region. This allows swapping, shuffling, or otherwise reorganizing IPs to your Linodes.

The following restrictions apply:

  • All Linodes involved must have at least one public IPv4 address after assignment.
  • Linodes may have no more than one assigned private IPv4 address.
  • Linodes may have no more than one assigned IPv6 range.
  • Shared IP addresses cannot be swapped between Linodes.

Open a Support Ticket to request additional IPv4 addresses or IPv6 ranges beyond standard account limits.

Note: Removing an IP address that has been set as a Managed Linode’s ssh.ip causes the Managed Linode’s SSH access settings to reset to their default values. To view and configure Managed Linode SSH settings, use the following commands:

Note: Addresses with an active 1:1 NAT to a VPC Interface address cannot be assigned to other Linodes.

Authorizations

personalAccessToken
oauthips:read_write,linodes:read_write

Request Samples

Request Body Schema

assignments
Required
[array]

The list of assignments to make. You must have read_write access to all IPs being assigned and all Linodes being assigned to in order for the assignments to succeed.

region
Required
[string]

The ID of the Region in which these assignments are to take place. All IPs and Linodes must exist in this Region.

Response Samples

Responses

IP Addresses Share

POST https://api.linode.com/v4/networking/ips/share

Configure shared IPs.

IP sharing allows IP address reassignment (also referred to as IP failover) from one Linode to another if the primary Linode becomes unresponsive. This means that requests to the primary Linode’s IP address can be automatically rerouted to secondary Linodes at the configured shared IP addresses.

IP failover requires configuration of a failover service (such as Keepalived) within the internal system of the primary Linode.

Note: A public IPv4 address cannot be shared if it is configured for a 1:1 NAT on a vpc purpose Configuration Profile Interface.

Authorizations

personalAccessToken
oauthips:read_write,linodes:read_write

Request Samples

Request Body Schema

ips
Required
[array]

A list of secondary Linode IPs to share with the primary Linode.

  • Can include both IPv4 addresses and IPv6 ranges (omit /56 and /64 prefix lengths)
  • Can include both private and public IPv4 addresses.
  • You must have access to all of these addresses and they must be in the same Region as the primary Linode.
  • Enter an empty array to remove all shared IP addresses.

linode_id
Required
[integer]

The ID of the primary Linode that the addresses will be shared with.

Response Samples

Responses

IP Address View

GET https://api.linode.com/v4/networking/ips/{address}

Returns information about a single IP Address on your Account.

Authorizations

personalAccessToken
oauthips:read_only

Path Parameters

address[string]<ip>
Required

The address to operate on.

Request Samples

Response Samples

Responses

IP Address RDNS Update

PUT https://api.linode.com/v4/networking/ips/{address}

Sets RDNS on an IP Address. Forward DNS must already be set up for reverse DNS to be applied. If you set the RDNS to null for public IPv4 addresses, it will be reset to the default ip.linodeusercontent.com RDNS value.

Authorizations

personalAccessToken
oauthips:read_write

Path Parameters

address[string]<ip>
Required

The address to operate on.

Request Samples

Request Body Schema

rdns
Nullable
Required
[string]

The reverse DNS assigned to this address. For public IPv4 addresses, this will be set to a default value provided by Linode if not explicitly set.

Response Samples

Responses

Linodes Assign IPv4s

POST https://api.linode.com/v4/networking/ipv4/assign

This command is equivalent to IP Addresses Assign (POST /networking/ips/assign).

Assign multiple IPv4 addresses and/or IPv6 ranges to multiple Linodes in one Region. This allows swapping, shuffling, or otherwise reorganizing IPs to your Linodes.

The following restrictions apply:

  • All Linodes involved must have at least one public IPv4 address after assignment.
  • Linodes may have no more than one assigned private IPv4 address.
  • Linodes may have no more than one assigned IPv6 range.

Open a Support Ticket to request additional IPv4 addresses or IPv6 ranges beyond standard account limits.

Note: Removing an IP address that has been set as a Managed Linode’s ssh.ip causes the Managed Linode’s SSH access settings to reset to their default values. To view and configure Managed Linode SSH settings, use the following commands:

Authorizations

personalAccessToken
oauthips:read_write,linodes:read_write

Request Samples

Request Body Schema

assignments
Required
[array]

The list of assignments to make. You must have read_write access to all IPs being assigned and all Linodes being assigned to in order for the assignments to succeed.

region
Required
[string]

The ID of the Region in which these assignments are to take place. All IPs and Linodes must exist in this Region.

Response Samples

Responses

IPv4 Sharing Configure

POST https://api.linode.com/v4/networking/ipv4/share

This command is equivalent to IP Addresses Share (POST /networking/ips/share).

Configure shared IPs.

IP sharing allows IP address reassignment (also referred to as IP failover) from one Linode to another if the primary Linode becomes unresponsive. This means that requests to the primary Linode’s IP address can be automatically rerouted to secondary Linodes at the configured shared IP addresses.

IP failover requires configuration of a failover service (such as Keepalived) within the internal system of the primary Linode.

Authorizations

personalAccessToken
oauthips:read_write,linodes:read_write

Request Samples

Request Body Schema

ips
Required
[array]

A list of secondary Linode IPs to share with the primary Linode.

  • Can include both IPv4 addresses and IPv6 ranges (omit /56 and /64 prefix lengths)
  • Can include both private and public IPv4 addresses.
  • You must have access to all of these addresses and they must be in the same Region as the primary Linode.
  • Enter an empty array to remove all shared IP addresses.

linode_id
Required
[integer]

The ID of the primary Linode that the addresses will be shared with.

Response Samples

Responses

IPv6 Pools List

GET https://api.linode.com/v4/networking/ipv6/pools

Displays the IPv6 pools on your Account. A pool of IPv6 addresses are routed to all of your Linodes in a single Region. Any Linode on your Account may bring up any address in this pool at any time, with no external configuration required.

Authorizations

personalAccessToken
oauthips:read_only

Query Parameters

page
Type:
[integer] >= 1
Default: 1
Default:
1

The page of a collection to return.

page_size
Type:
[integer] 25..500
Default: 100
Default:
100

The number of items to return per page.

Request Samples

Response Samples

Responses

IPv6 Ranges List

GET https://api.linode.com/v4/networking/ipv6/ranges

Displays the IPv6 ranges on your Account.

  • An IPv6 range is a /64 or /54 block of IPv6 addresses routed to a single Linode in a given Region.

  • Your Linode is responsible for routing individual addresses in the range, or handling traffic for all the addresses in the range.

  • Access the IPv6 Range Create ( POST /networking/ipv6/ranges) endpoint to add a /64 or /56 block of IPv6 addresses to your account.

Authorizations

personalAccessToken
oauthips:read_only

Query Parameters

page
Type:
[integer] >= 1
Default: 1
Default:
1

The page of a collection to return.

page_size
Type:
[integer] 25..500
Default: 100
Default:
100

The number of items to return per page.

Request Samples

Response Samples

Responses

IPv6 Range Create

POST https://api.linode.com/v4/networking/ipv6/ranges

Creates an IPv6 Range and assigns it based on the provided Linode or route target IPv6 SLAAC address. See the ipv6 property when accessing the Linode View ( GET /linode/instances/{linodeId}) endpoint to view a Linode’s IPv6 SLAAC address.

  • Either linode_id or route_target is required in a request.
  • linode_id and route_target are mutually exclusive. Submitting values for both properties in a request results in an error.
  • Upon a successful request, an IPv6 range is created in the Region that corresponds to the provided linode_id or route_target.
  • Your Linode is responsible for routing individual addresses in the range, or handling traffic for all the addresses in the range.
  • Access the IP Addresses Assign ( POST /networking/ips/assign) endpoint to re-assign IPv6 Ranges to your Linodes.

Note: The following restrictions apply:

  • A Linode can only have one IPv6 range targeting its SLAAC address.
  • An account can only have one IPv6 range in each Region.
  • Open a Support Ticket to request expansion of these restrictions.

Authorizations

personalAccessToken
oauthips:read_write,linodes:read_write

Request Samples

Request Body Schema

linode_id
[integer]

The ID of the Linode to assign this range to. The SLAAC address for the provided Linode is used as the range’s route_target.

  • Required if route_target is omitted from the request.

  • Mutually exclusive with route_target. Submitting values for both properties in a request results in an error.

prefix_length
Required
[integer]
Enum: 56 64

The prefix length of the IPv6 range.

route_target
[string]<ipv6>

The IPv6 SLAAC address to assign this range to.

  • Required if linode_id is omitted from the request.

  • Mutually exclusive with linode_id. Submitting values for both properties in a request results in an error.

  • Note: Omit the /128 prefix length of the SLAAC address when using this property.

Response Samples

Responses

IPv6 Range Delete

DELETE https://api.linode.com/v4/networking/ipv6/ranges/{range}

Removes this IPv6 range from your account and disconnects the range from any assigned Linodes.

Note: Shared IPv6 ranges cannot be deleted at this time. Please contact Customer Support for assistance.

Authorizations

personalAccessToken
oauthips:read_write

Path Parameters

range[string]<ipv6>
Required

The IPv6 range to access. Corresponds to the range property of objects returned from the IPv6 Ranges List ( GET /networking/ipv6/ranges) command.

Note: Omit the prefix length of the IPv6 range.

Request Samples

Response Samples

Responses

IPv6 Range View

GET https://api.linode.com/v4/networking/ipv6/ranges/{range}

View IPv6 range information.

Authorizations

personalAccessToken
oauthips:read

Path Parameters

range[string]<ipv6>
Required

The IPv6 range to access. Corresponds to the range property of objects returned from the IPv6 Ranges List ( GET /networking/ipv6/ranges) command.

Note: Omit the prefix length of the IPv6 range.

Request Samples

Response Samples

Responses

VLANs List

GET https://api.linode.com/v4/networking/vlans

Returns a list of all Virtual Local Area Networks (VLANs) on your Account. VLANs provide a mechanism for secure communication between two or more Linodes that are assigned to the same VLAN and are both within the same Layer 2 broadcast domain.

VLANs are created and attached to Linodes by using the interfaces property for the following endpoints:

There are several ways to detach a VLAN from a Linode:

  • Update the active Configuration Profile to remove the VLAN Interface, then reboot the Linode.
  • Create a new Configuration Profile without the VLAN Interface, then reboot the Linode into the new Configuration Profile.
  • Delete the Linode.

Note: Only Next Generation Network (NGN) data centers support VLANs. Use the Regions ( /regions) endpoint to view the capabilities of data center regions. If a VLAN is attached to your Linode and you attempt to migrate or clone it to a non-NGN data center, the migration or cloning will not initiate. If a Linode cannot be migrated because of an incompatibility, you will be prompted to select a different data center or contact support.

Note: See the VLANs Overview to view additional specifications and limitations.

Authorizations

personalAccessToken
oauthlinodes:read_only

Query Parameters

page
Type:
[integer] >= 1
Default: 1
Default:
1

The page of a collection to return.

page_size
Type:
[integer] 25..500
Default: 100
Default:
100

The number of items to return per page.

Request Samples

Response Samples

Responses