Hello,
I’m attempting to remove multiple rules from a DO firewall using the API but I keep getting a 422 response.
Given the following firewall definition:
{
"firewall": {
"id": "[REDACTED]",
"name": "test-firewall",
"status": "succeeded",
"inbound_rules": [{
"protocol": "tcp",
"ports": "80",
"sources": {
"addresses": [
"192.80.22.1"
]
}
},
{
"protocol": "tcp",
"ports": "443",
"sources": {
"addresses": [
"192.80.22.1"
]
}
}
],
"outbound_rules": [],
"created_at": "2019-08-19T15: 41: 53Z",
"droplet_ids": [],
"tags": [],
"pending_changes": []
}
}
I attempt to remove both of the inbound rules with the following request:
curl -X DELETE https://api.digitalocean.com/v2/firewalls/$ID/rules \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer $TOKEN' \
-d '{
"inbound_rules": [{
"protocol": "tcp",
"ports": "80",
"sources": {
"addresses": ["192.80.22.1"]
}
}, {
"protocol": "tcp",
"ports": "443",
"sources": {
"addresses": ["192.80.22.1"]
}
}]
}'
The response I get is:
{"id":"unprocessable_entity","message":"must have at least one rule","request_id":"[REDACTED]"}
If I attempt to delete just one of the rules instead of both with the following request:
curl -X DELETE https://api.digitalocean.com/v2/firewalls/$ID/rules \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer $TOKEN' \
-d '{
"inbound_rules": [{
"protocol": "tcp",
"ports": "443",
"sources": {
"addresses": ["192.80.22.1"]
}
}]
}'
The request succeeds.
My understanding from the docs is that I should be able to send an array of rules for deletion, however this doesn’t seem to work in practice. Does anyone have any ideas on a solution or is this a bug?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Thanks for the reply Bobby, but after sleeping on this I’ve come to a solution. The problem is that a DO firewall isn’t valid if it has no rules (inbound or outbound). When running my first request to delete all inbound rules the firewall goes into an invalid state since it has no rules at all and therefore the request is not completed. Ensuring that I add rules before removing rules solves this issue.
Hello,
I’ve just just tested this with the example from the documentation and it worked for me:
curl -X DELETE -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -d '
{
"outbound_rules": [
{
"protocol": "tcp",
"ports": "80",
"destinations": {
"addresses": [
"192.168.1.1"
]
}
},
{
"protocol": "tcp",
"ports": "443",
"destinations": {
"addresses": [
"192.168.1.1"
]
}
}
]
} ' "https://api.digitalocean.com/v2/firewalls/$ID/rules"
I would suggest adjusting your curl request so that it matches the one above.
Hope that this helps! Regards, Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.