I’m a little confused with how the API accepts ports. If I iterate through my current firewalls’ inbound rules, I can see this:
[29] pry(#<DigitalOceanAPI>)> @firewalls["PivotSSH"].inbound_rules
=> [<DropletKit::FirewallInboundRule {:@protocol=>"tcp", :@ports=>"8443", :@sources=>{"addresses"=>["redcacted"], "droplet_ids"=>[redacted]}}>,
<DropletKit::FirewallInboundRule {:@protocol=>"tcp", :@ports=>"31000-32000", :@sources=>{"addresses"=>["redacted"], "droplet_ids"=>[redacted]}}>]
As you can see above, it looks like the ports is set to “31000-32000” which just looks like a string. However, if I take an existing firewall object and modify its ports to the same thing, the API doesn’t like it when calling the .update function:
[30] pry(#<DigitalOceanAPI>)> firewall
=> <DropletKit::Firewall {:@id=>"redacted, :@name=>"vPenTestAgents", :@status=>"succeeded", :@created_at=>"2020-06-22T03:24:05Z", :@inbound_rules=><DropletKit::FirewallInboundRule {:@protocol=>"tcp", :@ports=>[31000, 32000], :@sources=>{:addresses=>["192.168.1.1"]}}>, :@outbound_rules=>[<DropletKit::FirewallOutboundRule {:@protocol=>"icmp", :@ports=>"0", :@destinations=>{"addresses"=>["0.0.0.0/0", "::/0"]}}>, <DropletKit::FirewallOutboundRule {:@protocol=>"tcp", :@ports=>"0", :@destinations=>{"addresses"=>["0.0.0.0/0", "::/0"]}}>, <DropletKit::FirewallOutboundRule {:@protocol=>"udp", :@ports=>"0", :@destinations=>{"addresses"=>["0.0.0.0/0", "::/0"]}}>], :@droplet_ids=>[redacted], :@tags=>[], :@pending_changes=>[]}>
[32] pry(#<DigitalOceanAPI>)> @client.firewalls.update(firewall)
DropletKit::FailedUpdate: You must specify a positive value for ports.
from /usr/local/rvm/gems/ruby-2.5.8/gems/droplet_kit-3.8.0/lib/droplet_kit/mappings/error_mapping.rb:16:in `fail_with'
[33] pry(#<DigitalOceanAPI>)>
Any idea what could be going on here? It’s weird that I just can’t update the value from what it is currently to the same object type (string) and have it work.
I can’t even take an unmodified firewall and update itself without getting an error about the ports. I can’t understand why this would happen.
If I do something like firewall = client.firewalls.find(id: "xyz"); client.firewalls.update(firewall) then it gives me the same error about the ports. Makes no sense.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I ran into this same thing and just figured out the issue. It’s definitely a bug on their end. When you call something like client.firewalls.find(id: "xyz"), if you inspect the firewall that’s returned, the default outbound rules have the ports set as “0” which is not a positive number so when you go to update any part of the firewall resource, it submits those outbound rules with it and thus getting the error stated above.
My workaround for this was emptying out the outbound_rules array on my firewall by setting it to [] and then submitting the update request. This works for me because I am only interested in the inbound rules.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.