Hello,
I’m attempting to remove multiple rules from a DO firewall using the API but I keep getting a 422 response.
Given the following firewall definition:
{
"firewall": {
"id": "[REDACTED]",
"name": "test-firewall",
"status": "succeeded",
"inbound_rules": [{
"protocol": "tcp",
"ports": "80",
"sources": {
"addresses": [
"192.80.22.1"
]
}
},
{
"protocol": "tcp",
"ports": "443",
"sources": {
"addresses": [
"192.80.22.1"
]
}
}
],
"outbound_rules": [],
"created_at": "2019-08-19T15: 41: 53Z",
"droplet_ids": [],
"tags": [],
"pending_changes": []
}
}
I attempt to remove both of the inbound rules with the following request:
curl -X DELETE https://api.digitalocean.com/v2/firewalls/$ID/rules \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer $TOKEN' \
-d '{
"inbound_rules": [{
"protocol": "tcp",
"ports": "80",
"sources": {
"addresses": ["192.80.22.1"]
}
}, {
"protocol": "tcp",
"ports": "443",
"sources": {
"addresses": ["192.80.22.1"]
}
}]
}'
The response I get is:
{"id":"unprocessable_entity","message":"must have at least one rule","request_id":"[REDACTED]"}
If I attempt to delete just one of the rules instead of both with the following request:
curl -X DELETE https://api.digitalocean.com/v2/firewalls/$ID/rules \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer $TOKEN' \
-d '{
"inbound_rules": [{
"protocol": "tcp",
"ports": "443",
"sources": {
"addresses": ["192.80.22.1"]
}
}]
}'
The request succeeds.
My understanding from the docs is that I should be able to send an array of rules for deletion, however this doesn’t seem to work in practice. Does anyone have any ideas on a solution or is this a bug?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Accepted Answer
Thanks for the reply Bobby, but after sleeping on this I’ve come to a solution. The problem is that a DO firewall isn’t valid if it has no rules (inbound or outbound). When running my first request to delete all inbound rules the firewall goes into an invalid state since it has no rules at all and therefore the request is not completed. Ensuring that I add rules before removing rules solves this issue.
Hello,
I’ve just just tested this with the example from the documentation and it worked for me:
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -d '
{
"outbound_rules": [
{
"protocol": "tcp",
"ports": "80",
"destinations": {
"addresses": [
"192.168.1.1"
]
}
},
{
"protocol": "tcp",
"ports": "443",
"destinations": {
"addresses": [
"192.168.1.1"
]
}
}
]
} ' "https://api.digitalocean.com/v2/firewalls/$ID/rules"
I would suggest adjusting your curl request so that it matches the one above.
Hope that this helps! Regards, Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Start building today
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
