firewall_rules.go raw
1 package linodego
2
3 import (
4 "context"
5 "encoding/json"
6 )
7
8 // NetworkProtocol enum type
9 type NetworkProtocol string
10
11 // NetworkProtocol enum values
12 const (
13 TCP NetworkProtocol = "TCP"
14 UDP NetworkProtocol = "UDP"
15 ICMP NetworkProtocol = "ICMP"
16 IPENCAP NetworkProtocol = "IPENCAP"
17 )
18
19 // NetworkAddresses are arrays of ipv4 and v6 addresses
20 type NetworkAddresses struct {
21 IPv4 *[]string `json:"ipv4,omitempty"`
22 IPv6 *[]string `json:"ipv6,omitempty"`
23 }
24
25 // A FirewallRule is a whitelist of ports, protocols, and addresses for which traffic should be allowed.
26 // The ipv4/ipv6 address lists may contain Prefix List tokens (for example, "pl::..." or "pl:system:...")
27 // in addition to literal IP addresses.
28 type FirewallRule struct {
29 Action string `json:"action"`
30 Label string `json:"label"`
31 Description string `json:"description,omitempty"`
32 Ports string `json:"ports,omitempty"`
33 Protocol NetworkProtocol `json:"protocol"`
34 Addresses NetworkAddresses `json:"addresses"`
35
36 // FirewallRule references one `Rule Set` by ID. When provided, this entry
37 // represents a reference and should be mutually exclusive with ordinary
38 // rule fields according to the API contract.
39 RuleSet int `json:"ruleset,omitempty"`
40 }
41
42 // MarshalJSON ensures that when a rule references a Rule Set (RuleSet != 0),
43 // only the reference shape { "ruleset": <id> } is emitted. Otherwise, the
44 // ordinary rule fields are emitted without the ruleset key.
45 func (r FirewallRule) MarshalJSON() ([]byte, error) {
46 if r.RuleSet != 0 {
47 type rulesetOnly struct {
48 RuleSet int `json:"ruleset"`
49 }
50
51 return json.Marshal(rulesetOnly{RuleSet: r.RuleSet})
52 }
53
54 type normal struct {
55 Action string `json:"action"`
56 Label string `json:"label"`
57 Description string `json:"description,omitempty"`
58 Ports string `json:"ports,omitempty"`
59 Protocol NetworkProtocol `json:"protocol"`
60 Addresses NetworkAddresses `json:"addresses"`
61 }
62
63 return json.Marshal(normal{
64 Action: r.Action,
65 Label: r.Label,
66 Description: r.Description,
67 Ports: r.Ports,
68 Protocol: r.Protocol,
69 Addresses: r.Addresses,
70 })
71 }
72
73 // FirewallRuleSet is a pair of inbound and outbound rules that specify what network traffic should be allowed.
74 type FirewallRuleSet struct {
75 Inbound []FirewallRule `json:"inbound"`
76 InboundPolicy string `json:"inbound_policy"`
77 Outbound []FirewallRule `json:"outbound"`
78 OutboundPolicy string `json:"outbound_policy"`
79 }
80
81 // GetFirewallRules gets the FirewallRuleSet for the given Firewall.
82 func (c *Client) GetFirewallRules(ctx context.Context, firewallID int) (*FirewallRuleSet, error) {
83 e := formatAPIPath("networking/firewalls/%d/rules", firewallID)
84 return doGETRequest[FirewallRuleSet](ctx, c, e)
85 }
86
87 // GetFirewallRulesExpansion gets the expanded FirewallRuleSet for the given Firewall.
88 func (c *Client) GetFirewallRulesExpansion(ctx context.Context, firewallID int) (*FirewallRuleSet, error) {
89 e := formatAPIPath("networking/firewalls/%d/rules/expansion", firewallID)
90 return doGETRequest[FirewallRuleSet](ctx, c, e)
91 }
92
93 // UpdateFirewallRules updates the FirewallRuleSet for the given Firewall
94 func (c *Client) UpdateFirewallRules(ctx context.Context, firewallID int, rules FirewallRuleSet) (*FirewallRuleSet, error) {
95 e := formatAPIPath("networking/firewalls/%d/rules", firewallID)
96 return doPUTRequest[FirewallRuleSet](ctx, c, e, rules)
97 }
98