godo icon indicating copy to clipboard operation
godo copied to clipboard
verified publisher icon digitalocean

Firewall portrange inconsistent for create and list

Open prateekgogia opened this issue 8 years ago • 5 comments

When using the Firewalls.Create command, it doesn't accept TCP port range to be 0, needs to be all. Doing a list of firewalls, returns portRange to be "all", instead of 0. This makes it harder to reconcile, whether configuration is consistent and on the client side needs to create a mapping to create with portRange set to all, and expect return to be set to 0.

 Sample response after creating a firewall --
godo.InboundRule{Protocol:"tcp", PortRange:"0", Sources:godo.Sources{Addresses:["0.0.0.0/0"]}}]

 Sample request for creating a firewall --
godo.InboundRule{Protocol:"tcp", PortRange:"all", Sources:godo.Sources{Addresses:["0.0.0.0/0"]}}]

prateekgogia avatar Aug 16 '17 22:08 prateekgogia

This is also causing issues for the Terraform provider: https://github.com/terraform-providers/terraform-provider-digitalocean/issues/30

andrewsomething avatar Aug 17 '17 00:08 andrewsomething

@prateekgogia thank you for raising this issue. We're actively looking into it and discussing a solution. We'll keep you updated when a fix is in place.

viola avatar Aug 17 '17 15:08 viola

Are there any info regards this issue or any ETA perhaps?

pinepain avatar Mar 01 '18 23:03 pinepain

No ETA so far, unfortunately. We are still considering this issue, the problem is that it will break the API and we need to figure out how to minimize the impact. I know this is taking long, sorry about that.

rafaelrosafu avatar Mar 07 '18 14:03 rafaelrosafu

@rafaelrosafu Any further update?

benjamin-maynard avatar May 30 '18 19:05 benjamin-maynard

Hello,

Firewalls.create now accepts the TCP range port to be 0

running the following curl command:

$ curl -X POST   -H "Content-Type: application/json"   -H "Authorization: Bearer $DO_TOKEN"   -d '{"name":"open-firewall","inbound_rules":[{"protocol": "tcp","ports": "0","sources":{"tags": ["open"]}}], "tag": "open"}'   "https://api.digitalocean.com/v2/firewalls" | jq .
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   402  100   283  100   119    715    300 --:--:-- --:--:-- --:--:--  1015
{
  "firewall": {
    "id": "2cae47d8-5c69-415f-b5ab-b73e32a9",
    "name": "open-firewall",
    "status": "succeeded",
    "inbound_rules": [
      {
        "protocol": "tcp",
        "ports": "0",
        "sources": {
          "tags": [
            "open"
          ]
        }
      }
    ],
    "outbound_rules": [],
    "created_at": "2023-05-03T20:01:31Z",
    "droplet_ids": [],
    "tags": [],
    "pending_changes": []
  }
}

yields a TCP port of 0

$ curl -s -H "Authorization: bearer $DO_TOKEN" "https://api.digitalocean.com/v2/firewalls/2cae-5c69-415f-b5ab-b73e6bbe32a9"  | jq .firewall.inbound_rules[0].ports
"0"

Thank you all for your patience.

ChiefMateStarbuck avatar May 03 '23 21:05 ChiefMateStarbuck