Skip to content
qibdo qibdo
v1
API version
  • v1
Theme
Book a demo

Get Firewall Policy

GET
/network/v1/workspaces/{workspace}/engines/qibdo/vpcs/{vpc}/firewall-policies/{id}
curl --request GET \
--url https://example.com/network/v1/workspaces/example/engines/qibdo/vpcs/example/firewall-policies/example

Returns a firewall policy by unique ID under the parent VPC.

workspace
required
string

The unique identifier of the workspace that the policy belongs to

vpc
required
string

The unique identifier of the parent VPC

id
required
string

The unique identifier of the firewall policy to retrieve

OK

Media type application/json

QibdoFirewallPolicy — an OVN-backed named collection of firewall rules that governs network traffic for a VPC.

object
id

Unique identifier for this firewall policy.

stringOutput only
vpc_id

The VPC that this firewall policy is associated with.

stringOutput only
name
required

The display name of the firewall policy.

string
description

An optional human-readable description of the firewall policy.

string
disabled

Whether this firewall policy is disabled. When true, none of its rules are enforced.

boolean
provider_resource_id

OVN-assigned policy identifier. Populated once OVN provisions the policy.

stringOutput only
created

When this firewall policy was created.

string format: date-time Output only
updated

When this firewall policy was last updated.

string format: date-time Output only
rules

The list of rules attached to this policy. Server-populated: GetQibdoFirewallPolicy returns this list; ListQibdoFirewallPolicies does not.

Array<object>Output only

QibdoFirewallPolicyRule — an OVN-shaped traffic control rule within a QibdoFirewallPolicy. The match syntax (protocol + port ranges, source/destination CIDR arrays) is OVN-specific; future engines (AWS SG, GCP firewall) will introduce their own rule schema.

object
id

Unique identifier for this rule.

stringOutput only
description

An optional human-readable description of the rule.

string
direction
required

The traffic direction this rule applies to (INGRESS or EGRESS).

string
action
required

The action to take when this rule matches (ALLOW or DENY).

string
matches
required

Protocol + port-range matches describing which traffic this rule applies to. A rule matches if ANY listed ProtocolMatch matches. At least one match is required.

Array<object>

ProtocolMatch describes one protocol + port-range combination that a QibdoFirewallPolicyRule can match. A rule carries a list of these to support multi-protocol / multi-port matching (GCP-style allowed[] / denied[]).

object
protocol
required

IANA protocol name (e.g., “tcp”, “udp”, “icmp”) or number. Use “all” for any.

string
port_ranges

Port ranges this match applies to. Empty list means “all ports for this protocol”. Not applicable when protocol is “icmp”, “icmpv6”, or “all”.

Array<object>

PortRange is an inclusive range of transport-layer port numbers.

object
min

Lowest port in the range (inclusive). 0–65535.

integer format: int32
max

Highest port in the range (inclusive). 0–65535. Must be >= min.

integer format: int32
source_cidrs

Source CIDR blocks for INGRESS rules. OR semantics; empty = any source.

Array<object>

IpAddress — an IPv4 or IPv6 address, disambiguated by the address string format. prefix carries the CIDR prefix length (0-32 for IPv4, 0-128 for IPv6); set to 32 or 128 for single-host addresses such as a subnet gateway.

object
address
string
prefix
integer format: uint32
destination_cidrs

Destination CIDR blocks for EGRESS rules. OR semantics; empty = any destination.

Array<object>

IpAddress — an IPv4 or IPv6 address, disambiguated by the address string format. prefix carries the CIDR prefix length (0-32 for IPv4, 0-128 for IPv6); set to 32 or 128 for single-host addresses such as a subnet gateway.

object
address
string
prefix
integer format: uint32
priority
required

The priority of this rule. Lower numbers indicate higher priority. Range: 0-32767.

integer format: int32
disabled

Whether this rule is disabled. When true, the rule is not enforced.

boolean
logging_enabled

Whether traffic matching this rule should be logged for security auditing.

boolean
provider_resource_id

OVN-assigned rule identifier. Populated once OVN provisions the rule.

stringOutput only
created

When this rule was created.

string format: date-time Output only
updated

When this rule was last updated.

string format: date-time Output only
Example generated
{
"name": "example",
"description": "example",
"disabled": true
}

Default error response

Media type application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

object
code

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

integer format: int32
message

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

string
details

A list of messages that carry the error details. There is a common set of message types for APIs to use.

Array<object>

Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.

object
@type

The type of the serialized message.

string
key
additional properties
any
Example generated
{
"code": 1,
"message": "example",
"details": [
{
"@type": "example"
}
]
}