Skip to content
qibdo qibdo
v1
API version
  • v1
Theme
Book a demo

List Firewall Policy Rules

GET
/network/v1/workspaces/{workspace}/engines/qibdo/vpcs/{vpc}/firewall-policies/{id}:listRules
curl --request GET \
--url https://example.com/network/v1/workspaces/example/engines/qibdo/vpcs/example/firewall-policies/example:listRules

Returns a paginated list of firewall rules under the parent policy. Supports AIP-160 filtering and AIP-132 ordering.

workspace
required
string

The unique identifier of the workspace that the policy belongs to

vpc
required
string

The unique identifier of the parent VPC

id
required
string

The unique identifier of the parent firewall policy

page_size
integer format: int32

The maximum number of firewall rules to return. The service may return fewer than this value. If unspecified, at most 20 rules will be returned. The maximum value is 100; values above 100 will be coerced to 100.

page_token
string

A page token, received from a previous ListQibdoFirewallPolicyRules call.

filter
string

AIP-160 filter expression

order_by
string

AIP-132 order_by expression

OK

Media type application/json

ListQibdoFirewallPolicyRulesResponse

Response message for ListQibdoFirewallPolicyRules. Note: This API intentionally omits total_size from list responses.

object
firewall_policy_rules

The list of firewall rules

Array<object>

QibdoFirewallPolicyRule — an OVN-shaped traffic control rule within a QibdoFirewallPolicy. The match syntax (protocol + port ranges, source/destination CIDR arrays) is OVN-specific; future engines (AWS SG, GCP firewall) will introduce their own rule schema.

object
id

Unique identifier for this rule.

stringOutput only
description

An optional human-readable description of the rule.

string
direction
required

The traffic direction this rule applies to (INGRESS or EGRESS).

string
action
required

The action to take when this rule matches (ALLOW or DENY).

string
matches
required

Protocol + port-range matches describing which traffic this rule applies to. A rule matches if ANY listed ProtocolMatch matches. At least one match is required.

Array<object>

ProtocolMatch describes one protocol + port-range combination that a QibdoFirewallPolicyRule can match. A rule carries a list of these to support multi-protocol / multi-port matching (GCP-style allowed[] / denied[]).

object
protocol
required

IANA protocol name (e.g., “tcp”, “udp”, “icmp”) or number. Use “all” for any.

string
port_ranges

Port ranges this match applies to. Empty list means “all ports for this protocol”. Not applicable when protocol is “icmp”, “icmpv6”, or “all”.

Array<object>

PortRange is an inclusive range of transport-layer port numbers.

object
min

Lowest port in the range (inclusive). 0–65535.

integer format: int32
max

Highest port in the range (inclusive). 0–65535. Must be >= min.

integer format: int32
source_cidrs

Source CIDR blocks for INGRESS rules. OR semantics; empty = any source.

Array<object>

IpAddress — an IPv4 or IPv6 address, disambiguated by the address string format. prefix carries the CIDR prefix length (0-32 for IPv4, 0-128 for IPv6); set to 32 or 128 for single-host addresses such as a subnet gateway.

object
address
string
prefix
integer format: uint32
destination_cidrs

Destination CIDR blocks for EGRESS rules. OR semantics; empty = any destination.

Array<object>

IpAddress — an IPv4 or IPv6 address, disambiguated by the address string format. prefix carries the CIDR prefix length (0-32 for IPv4, 0-128 for IPv6); set to 32 or 128 for single-host addresses such as a subnet gateway.

object
address
string
prefix
integer format: uint32
priority
required

The priority of this rule. Lower numbers indicate higher priority. Range: 0-32767.

integer format: int32
disabled

Whether this rule is disabled. When true, the rule is not enforced.

boolean
logging_enabled

Whether traffic matching this rule should be logged for security auditing.

boolean
provider_resource_id

OVN-assigned rule identifier. Populated once OVN provisions the rule.

stringOutput only
created

When this rule was created.

string format: date-time Output only
updated

When this rule was last updated.

string format: date-time Output only
next_page_token

A token, which can be sent as page_token to retrieve the next page. If this field is empty, there are no subsequent pages.

string
Example generated
{
"firewall_policy_rules": [
{
"description": "example",
"direction": "example",
"action": "example",
"matches": [
{
"protocol": "example",
"port_ranges": [
{
"min": 1,
"max": 1
}
]
}
],
"source_cidrs": [
{
"address": "example",
"prefix": 1
}
],
"destination_cidrs": [
{
"address": "example",
"prefix": 1
}
],
"priority": 1,
"disabled": true,
"logging_enabled": true
}
],
"next_page_token": "example"
}

Default error response

Media type application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

object
code

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

integer format: int32
message

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

string
details

A list of messages that carry the error details. There is a common set of message types for APIs to use.

Array<object>

Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.

object
@type

The type of the serialized message.

string
key
additional properties
any
Example generated
{
"code": 1,
"message": "example",
"details": [
{
"@type": "example"
}
]
}