linode-cli icon indicating copy to clipboard operation
linode-cli copied to clipboard
verified publisher icon linode

Option to update one firewall rule?

Open ofersadan85 opened this issue 3 years ago • 5 comments

I'm able to update all firewall rules at once through the CLI but it seems like there's no option to edit/add just one rule, without exposing yourself to messing up the whole firewall configuration. Is there any workaround for this? Is this planned for the future?

In any case, thanks for the great work

ofersadan85 avatar Mar 13 '22 14:03 ofersadan85

I believe that, in order to avoid a situation where rules are applied while still being edited, and to ensure the rules we return for a firewall always match what has been applied, all firewall rules must be updated at once. To edit or add a single rule, the entire set of rules should be sent in again with the desired changes made.

I'd be open to making this easier to accomplish in the CLI if you had something in mind that would help.

Dorthu avatar Mar 14 '22 11:03 Dorthu

Adding, deleting, or updating a rule must occur in 3 steps:

  • Manually getting the list of rules from the server
  • Manually editing it accordingly
  • Pushing it back through the cli or API

All I suggest is to remove the word "Manually" in these steps, with some helper functions. I'd be happy to write a proof of concept for it if needed

ofersadan85 avatar Mar 14 '22 17:03 ofersadan85

The CLI supports a plugin interface; I imagine an interactive plugin that retrieves current rules, allows rules to be changed/inserted/removed/reordered, and then submits the resulting ruleset would be a good way to implement this. The only downside would be that it would occupy a different namespace than the main firewall commands.

Dorthu avatar Mar 14 '22 17:03 Dorthu

The CLI supports a plugin interface; I imagine an interactive plugin that retrieves current rules, allows rules to be changed/inserted/removed/reordered, and then submits the resulting ruleset would be a good way to implement this. The only downside would be that it would occupy a different namespace than the main firewall commands.

I'll create a plugin and send a pull request, if you have any suggestions on making it "native" instead I'll be happy to do that too

ofersadan85 avatar Mar 14 '22 18:03 ofersadan85

The main CLI is generated off of our OpenAPI spec, so a plugin is about as native as it's likely to get unfortunately, as all of the normal commands/actions, what they accept, and how they display is is controlled by the spec.

Dorthu avatar Mar 14 '22 18:03 Dorthu

Closing as the this functionality is not currently planned to be officially supported.

Let us know if you have any other feature suggestions 🙂

lgarber-akamai avatar Nov 30 '22 16:11 lgarber-akamai