List Firewall Policies
const url = 'https://example.com/network/v1/workspaces/example/engines/qibdo/vpcs/example/firewall-policies';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/network/v1/workspaces/example/engines/qibdo/vpcs/example/firewall-policiesReturns a paginated list of firewall policies under the parent VPC. Supports AIP-160 filtering and AIP-132 ordering.
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”The unique identifier of the workspace that the policies belong to
The unique identifier of the parent VPC
Query Parameters
Section titled “Query Parameters ”The maximum number of firewall policies to return. The service may return fewer than this value. If unspecified, at most 20 policies will be returned. The maximum value is 100; values above 100 will be coerced to 100.
A page token, received from a previous ListQibdoFirewallPolicies call.
AIP-160 filter expression
AIP-132 order_by expression
Responses
Section titled “ Responses ”OK
ListQibdoFirewallPoliciesResponse
Response message for ListQibdoFirewallPolicies.
Note: This API intentionally omits total_size from list responses.
object
The list of firewall policies
QibdoFirewallPolicy — an OVN-backed named collection of firewall rules that governs network traffic for a VPC.
object
Unique identifier for this firewall policy.
The VPC that this firewall policy is associated with.
The display name of the firewall policy.
An optional human-readable description of the firewall policy.
Whether this firewall policy is disabled. When true, none of its rules are enforced.
OVN-assigned policy identifier. Populated once OVN provisions the policy.
When this firewall policy was created.
When this firewall policy was last updated.
The list of rules attached to this policy. Server-populated: GetQibdoFirewallPolicy returns this list; ListQibdoFirewallPolicies does not.
QibdoFirewallPolicyRule — an OVN-shaped traffic control rule within a QibdoFirewallPolicy. The match syntax (protocol + port ranges, source/destination CIDR arrays) is OVN-specific; future engines (AWS SG, GCP firewall) will introduce their own rule schema.
object
Unique identifier for this rule.
An optional human-readable description of the rule.
The traffic direction this rule applies to (INGRESS or EGRESS).
The action to take when this rule matches (ALLOW or DENY).
Protocol + port-range matches describing which traffic this rule applies to. A rule matches if ANY listed ProtocolMatch matches. At least one match is required.
ProtocolMatch describes one protocol + port-range combination that a QibdoFirewallPolicyRule can match. A rule carries a list of these to support multi-protocol / multi-port matching (GCP-style allowed[] / denied[]).
object
IANA protocol name (e.g., “tcp”, “udp”, “icmp”) or number. Use “all” for any.
Port ranges this match applies to. Empty list means “all ports for this protocol”. Not applicable when protocol is “icmp”, “icmpv6”, or “all”.
PortRange is an inclusive range of transport-layer port numbers.
object
Lowest port in the range (inclusive). 0–65535.
Highest port in the range (inclusive). 0–65535. Must be >= min.
Source CIDR blocks for INGRESS rules. OR semantics; empty = any source.
IpAddress — an IPv4 or IPv6 address, disambiguated by the address string
format. prefix carries the CIDR prefix length (0-32 for IPv4, 0-128 for
IPv6); set to 32 or 128 for single-host addresses such as a subnet gateway.
object
Destination CIDR blocks for EGRESS rules. OR semantics; empty = any destination.
IpAddress — an IPv4 or IPv6 address, disambiguated by the address string
format. prefix carries the CIDR prefix length (0-32 for IPv4, 0-128 for
IPv6); set to 32 or 128 for single-host addresses such as a subnet gateway.
object
The priority of this rule. Lower numbers indicate higher priority. Range: 0-32767.
Whether this rule is disabled. When true, the rule is not enforced.
Whether traffic matching this rule should be logged for security auditing.
OVN-assigned rule identifier. Populated once OVN provisions the rule.
When this rule was created.
When this rule was last updated.
A token, which can be sent as page_token to retrieve the next page.
If this field is empty, there are no subsequent pages.
Example generated
{ "firewall_policies": [ { "name": "example", "description": "example", "disabled": true } ], "next_page_token": "example"}default
Section titled “default ”Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
object
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
A list of messages that carry the error details. There is a common set of message types for APIs to use.
Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.
object
The type of the serialized message.
Example generated
{ "code": 1, "message": "example", "details": [ { "@type": "example" } ]}