Enable / disable specific firewall rule via cli

[alexander-potemkin]

Is your feature request related to a problem? Please describe. I would like to be able to enable/disable not the whole firewall, as I can do now, but just a specific enable/disable rule, that is already existing and preconfigured.

Describe the solution you'd like upctl server modify $SERVER_ID --enable-firewall-rule=10

Describe alternatives you've considered Currently I have to disable the whole firewall to make an automation that requires 80 port wide opened.

Additional context Required for let's encrypt work.

[alexander-potemkin]

I can see some works has been done for firewall, but I'm not sure I understand the meaning: https://github.com/UpCloudLtd/upcloud-cli/pull/27/commits/0df702c69b5e278e854bb0e218fee34ce81a30c4#diff-0a18f2b58a3724f6b484341f277285f5aac8dd03be23bf1b8e3a9dbe8b6081b5

And another feature request - somehow clarify in the documentation that firewall configuration is happening through server configuration.

Ideally, I would like to have that separate. And in account permissions as well.

[kangasta]

Hello, thank you for the improvement ideas!

Unfortunately, our API does not currently support enabling or disabling individual firewall rules. The best alternative at the moment would be to remove that specific rule with upctl server firewall delete and later re-create it with upctl server firewall create.

[alexander-potemkin]

Hello @kangasta ! Yeah, I'm aware of that, thank you! I just believe that it would make sense to have that. Probably, altogether with a separate ACL that enables me to only let my service account to deal with firewall of the server, but not with the server itself - that permission feels quite vague (and not quite secure).