- h1 firewall list - List firewall
- h1 firewall show - Show firewall
- h1 firewall delete - Delete firewall
- h1 firewall create - Create firewall
- h1 firewall attach - Attach firewall to a network
- h1 firewall detach - Detach firewall from network
- h1 firewall ingress - Manage ingress rules of firewall
- h1 firewall ingress list - List rule ingress of firewall
- h1 firewall ingress add - Add rule ingress of firewall
- h1 firewall ingress delete - Add rule ingress of firewall
- h1 firewall egress - Manage egress rules of firewall
- h1 firewall egress list - List rule egress of firewall
- h1 firewall egress add - Add rule egress of firewall
- h1 firewall egress delete - Add rule egress of firewall
Manage your firewall
List firewall
h1 firewall list |
Show firewall
h1 firewall show | --firewall FIREWALL
Name | Default | Description |
---|---|---|
--firewall FIREWALL |
Firewall ID or name |
Delete firewall
h1 firewall delete | --firewall FIREWALL
Name | Default | Description |
---|---|---|
--firewall FIREWALL |
Firewall ID or name |
Create firewall
h1 firewall create | --name NAME
h1 firewall create --name secure-zone-fw
Name | Default | Description |
---|---|---|
--name NAME |
Name |
Attach firewall to a network
h1 firewall attach | --firewall FIREWALL --network NETWORK
h1 firewall attach --firewall secure-zone-fw --network my-safe-net
Hint: Use h1 network list
to list available networks or h1 network create
to create a new one.
Name | Default | Description |
---|---|---|
--firewall FIREWALL |
Firewall ID or name | |
--network NETWORK |
Network ID or name |
Detach firewall from network
h1 firewall detach | --firewall FIREWALL
$ h1 firewall detach --firewall secure-zone-fw
Name | Default | Description |
---|---|---|
--firewall FIREWALL |
Firewall ID or name |
Manage ingress rules of firewall
h1 firewall create --name secure-zone-fw
h1 firewall ingress list --firewall secure-zone-fw
h1 firewall egress list --firewall secure-zone-fw
TODO: Default policy of firewall
h1 firewall ingress add --firewall secure-zone-fw --action allow \
--priority 300 \
--filter tcp:80 \
--external 0.0.0.0/0 --internal 10.177.2.2 \
--name 'Allow HTTP'
### Required options
| Name | Default | Description |
| ---- | ------- | ----------- |
| ```--firewall FIREWALL``` | | Firewall ID or name |
## h1 firewall ingress list
List rule ingress of firewall
### Syntax
```h1 firewall ingress list | --firewall FIREWALL```
### Examples
#### List firewall ingress rules
h1 firewall ingress list --firewall secure-zone-fw
#### List firewall egress rules
h1 firewall egress list --firewall secure-zone-fw
### Required options
| Name | Default | Description |
| ---- | ------- | ----------- |
| ```--firewall FIREWALL``` | | Firewall ID or name |
## h1 firewall ingress add
Add rule ingress of firewall
### Syntax
```h1 firewall ingress add | --firewall FIREWALL --name NAME --action ACTION --priority PRIORITY --filter FILTER [--filter FILTER ...] --external EXTERNAL [--external EXTERNAL ...] --internal INTERNAL [--internal INTERNAL ...]```
### Examples
#### Add firewall to allow any incoming HTTP traffic to 10.177.2.2
h1 firewall ingress add --firewall secure-zone-fw --action allow
--priority 300
--filter tcp:80 \
--external 0.0.0.0/0 --internal 10.177.2.2
--name 'Allow HTTP'
Name | Default | Description |
---|---|---|
--firewall FIREWALL |
Firewall ID or name | |
--name NAME |
Name | |
--action ACTION |
Action | |
--priority PRIORITY |
Number between 100 and 999 representing priority | |
--filter FILTER [--filter FILTER ...] |
The filter rule in the form of "protocol:format [, protocol:format...]". Protocol as "icmp" / "udp" / "tcp" / "any". Port as numeric value. Example: "tcp:83". The parameter may occur repeatedly | |
--external EXTERNAL [--external EXTERNAL ...] |
IP address or network on external side. The parameter may occur repeatedly | |
--internal INTERNAL [--internal INTERNAL ...] |
Resource tags or * for all. The parameter may occur repeatedly |
Add rule ingress of firewall
h1 firewall ingress delete | --firewall FIREWALL --rule RULE
h1 firewall ingress delete --firewall secure-zone-fw --rule 5b1e8988cdfb072cb51dc843
Hint: Use h1 firewall ingress list
or h1 firewall egress list
to list available rules.
Name | Default | Description |
---|---|---|
--firewall FIREWALL |
Firewall ID or name | |
--rule RULE |
Rule identifier |
Manage egress rules of firewall
h1 firewall create --name secure-zone-fw
h1 firewall ingress list --firewall secure-zone-fw
h1 firewall egress list --firewall secure-zone-fw
TODO: Default policy of firewall
h1 firewall ingress add --firewall secure-zone-fw --action allow \
--priority 300 \
--filter tcp:80 \
--external 0.0.0.0/0 --internal 10.177.2.2 \
--name 'Allow HTTP'
### Required options
| Name | Default | Description |
| ---- | ------- | ----------- |
| ```--firewall FIREWALL``` | | Firewall ID or name |
## h1 firewall egress list
List rule egress of firewall
### Syntax
```h1 firewall egress list | --firewall FIREWALL```
### Examples
#### List firewall ingress rules
h1 firewall ingress list --firewall secure-zone-fw
#### List firewall egress rules
h1 firewall egress list --firewall secure-zone-fw
### Required options
| Name | Default | Description |
| ---- | ------- | ----------- |
| ```--firewall FIREWALL``` | | Firewall ID or name |
## h1 firewall egress add
Add rule egress of firewall
### Syntax
```h1 firewall egress add | --firewall FIREWALL --name NAME --action ACTION --priority PRIORITY --filter FILTER [--filter FILTER ...] --external EXTERNAL [--external EXTERNAL ...] --internal INTERNAL [--internal INTERNAL ...]```
### Examples
#### Add firewall to allow any incoming HTTP traffic to 10.177.2.2
h1 firewall ingress add --firewall secure-zone-fw --action allow
--priority 300
--filter tcp:80 \
--external 0.0.0.0/0 --internal 10.177.2.2
--name 'Allow HTTP'
Name | Default | Description |
---|---|---|
--firewall FIREWALL |
Firewall ID or name | |
--name NAME |
Name | |
--action ACTION |
Action | |
--priority PRIORITY |
Number between 100 and 999 representing priority | |
--filter FILTER [--filter FILTER ...] |
The filter rule in the form of "protocol:format [, protocol:format...]". Protocol as "icmp" / "udp" / "tcp" / "any". Port as numeric value. Example: "tcp:83". The parameter may occur repeatedly | |
--external EXTERNAL [--external EXTERNAL ...] |
IP address or network on external side. The parameter may occur repeatedly | |
--internal INTERNAL [--internal INTERNAL ...] |
Resource tags or * for all. The parameter may occur repeatedly |
Add rule egress of firewall
h1 firewall egress delete | --firewall FIREWALL --rule RULE
h1 firewall ingress delete --firewall secure-zone-fw --rule 5b1e8988cdfb072cb51dc843
Hint: Use h1 firewall ingress list
or h1 firewall egress list
to list available rules.
Name | Default | Description |
---|---|---|
--firewall FIREWALL |
Firewall ID or name | |
--rule RULE |
Rule identifier |