metalctl firewall create

creates the firewall

metalctl firewall create [flags]

Options

      --bulk-output                  when used with --file (bulk operation): prints results at the end as a list. default is printing results intermediately during the operation, which causes single entities to be printed in a row.
  -d, --description string           Description of the firewall to create. [optional]
      --dnsservers strings           dns servers to add to the machine or firewall. [optional]
  -f, --file string                  filename of the create or update request in yaml format, or - for stdin.
                                     
                                     Example:
                                     $ metalctl firewall describe firewall-1 -o yaml > firewall.yaml
                                     $ vi firewall.yaml
                                     $ # either via stdin
                                     $ cat firewall.yaml | metalctl firewall create -f -
                                     $ # or via file
                                     $ metalctl firewall create -f firewall.yaml
                                     
                                     the file can also contain multiple documents and perform a bulk operation.
                                     	
      --filesystemlayout string      Filesystemlayout to use during machine installation. [optional]
      --firewall-rules-file string   firewall rules specified in a yaml file
                                     
                                     Example:
                                     
                                     $ metalctl firewall create ..mandatory args.. --firewall-rules-file rules.yaml
                                     
                                     rules.yaml
                                     ---
                                     egress:
                                     - comment: allow outgoing https
                                       ports:
                                       - 443
                                       protocol: TCP
                                       to:
                                       - 0.0.0.0/0
                                     - comment: allow outgoing dns via tcp
                                       ports:
                                       - 53
                                       protocol: TCP
                                       to:
                                       - 0.0.0.0/0
                                     - comment: allow outgoing dns and ntp via udp
                                       ports:
                                       - 53
                                       - 123
                                       protocol: UDP
                                       to:
                                       - 0.0.0.0/0
                                     ingress:
                                     - comment: allow incoming ssh only to one ip
                                       ports:
                                       - 22
                                       protocol: TCP
                                       from:
                                       - 0.0.0.0/0
                                       - 1.2.3.4/32
                                       to:
                                       - 212.34.83.19/32
                                     - comment: allow incoming https to all targets
                                       ports:
                                       - 80
                                       - 433
                                       protocol: TCP
                                       from:
                                       - 0.0.0.0/0
                                     
                                     
  -h, --help                         help for create
  -H, --hostname string              Hostname of the firewall. [required]
  -I, --id string                    ID of a specific firewall to allocate, if given, size and partition are ignored. Need to be set to reserved (--reserve) state before.
  -i, --image string                 OS Image to install. [required]
      --ips strings                  Sets the firewall's IP address. Usage: [--ips[=IPV4-ADDRESS[,IPV4-ADDRESS]...]]...
                                     IPV4-ADDRESS specifies the IPv4 address to add.
                                     It can only be used in conjunction with --networks.
  -n, --name string                  Name of the firewall. [optional]
      --networks strings             Adds network(s). Usage: --networks NETWORK[:MODE][,NETWORK[:MODE]]... [--networks NETWORK[:MODE][,
                                     NETWORK[:MODE]]...]...
                                     NETWORK specifies the id of an existing network.
                                     MODE can be omitted or one of:
                                     	auto	IP address is automatically acquired from the given network
                                     	noauto	No automatic IP address acquisition
      --ntpservers strings           ntp servers to add to the machine or firewall. [optional]
  -S, --partition string             partition/datacenter where the firewall is created. [required, except for reserved machines]
  -P, --project string               Project where the firewall should belong to. [required]
  -s, --size string                  Size of the firewall. [required, except for reserved machines]
      --skip-security-prompts        skips security prompt for bulk operations
  -p, --sshpublickey string          SSH public key for access via ssh and console. [optional]
                                     Can be either the public key as string, or pointing to the public key file to use e.g.: "@~/.ssh/id_rsa.pub".
                                     If ~/.ssh/[id_ed25519.pub | id_rsa.pub | id_dsa.pub] is present it will be picked as default, matching the first one in this order.
      --tags strings                 tags to add to the firewall, use it like: --tags "tag1,tag2" or --tags "tag3".
      --timestamps                   when used with --file (bulk operation): prints timestamps in-between the operations
      --userdata string              cloud-init.io compatible userdata. [optional]
                                     Can be either the userdata as string, or pointing to the userdata file to use e.g.: "@/tmp/userdata.cfg".

Options inherited from parent commands

      --api-token string       api token to authenticate. Can be specified with METALCTL_API_TOKEN environment variable.
      --api-url string         api server address. Can be specified with METALCTL_API_URL environment variable.
  -c, --config string          alternative config file path, (default is ~/.metalctl/config.yaml).
                               Example config.yaml:
                               
                               ---
                               apitoken: "alongtoken"
                               ...
                               
                               
      --debug                  debug output
      --force-color            force colored output even without tty
      --kubeconfig string      Path to the kube-config to use for authentication and authorization. Is updated by login. Uses default path if not specified.
      --no-headers             do not print headers of table output format (default print headers)
  -o, --output-format string   output format (table|wide|markdown|json|yaml|template), wide is a table with more columns. (default "table")
      --template string        output template for template output-format, go template format.
                               For property names inspect the output of -o json or -o yaml for reference.
                               Example for machines:
                               
                               metalctl machine list -o template --template "{{ .id }}:{{ .size.id  }}"
                               
                               
      --yes-i-really-mean-it   skips security prompts (which can be dangerous to set blindly because actions can lead to data loss or additional costs)

SEE ALSO