> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cloudblast.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Add Firewall Rule

> Adds a firewall rule to a security group. If the group is already deployed to Proxmox, the rule will be synced automatically.



## OpenAPI

````yaml POST /security-groups/{id}/rules
openapi: 3.0.3
info:
  title: CloudBlast API
  description: >-
    The CloudBlast V2 API provides a modern RESTful interface for managing your
    cloud infrastructure programmatically. All responses follow a consistent `{
    "data": ... }` or `{ "error": ... }` format.
  version: 2.0.0
servers:
  - url: https://console.cloudblast.io/api/v2
    description: Production
security:
  - bearerAuth: []
paths:
  /security-groups/{id}/rules:
    post:
      tags:
        - Security Groups
      summary: Add a firewall rule
      description: >-
        Adds a firewall rule to a security group. If the group is already
        deployed to Proxmox, the rule will be synced automatically.
      operationId: createFirewallRule
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: integer
          description: Security group ID
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateFirewallRuleRequest'
      responses:
        '201':
          description: Firewall rule created
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    $ref: '#/components/schemas/FirewallRule'
        '401':
          $ref: '#/components/responses/Unauthenticated'
        '404':
          $ref: '#/components/responses/NotFound'
        '422':
          $ref: '#/components/responses/ValidationError'
components:
  schemas:
    CreateFirewallRuleRequest:
      type: object
      required:
        - type
        - action
        - protocol
      properties:
        type:
          type: string
          enum:
            - inbound
            - outbound
          example: inbound
        action:
          type: string
          enum:
            - ACCEPT
            - REJECT
            - DROP
          example: ACCEPT
        protocol:
          type: string
          description: Protocol (e.g., `tcp`, `udp`, `icmp`)
          maxLength: 20
          example: tcp
        source:
          type: string
          nullable: true
          description: Source IP/CIDR
          example: 0.0.0.0/0
        destination:
          type: string
          nullable: true
          description: Destination IP/CIDR
        source_port:
          type: string
          nullable: true
          description: Source port or range
          maxLength: 50
        destination_port:
          type: string
          nullable: true
          description: Destination port or range (e.g., `80`, `8000:9000`, `80,443`)
          maxLength: 50
          example: '443'
        comment:
          type: string
          nullable: true
          description: Optional description
          example: Allow HTTPS
        priority:
          type: integer
          nullable: true
          description: Rule priority (lower = higher priority). Defaults to 0.
          minimum: 0
          example: 0
    FirewallRule:
      type: object
      properties:
        id:
          type: integer
          example: 1
        type:
          type: string
          enum:
            - inbound
            - outbound
          example: inbound
        action:
          type: string
          enum:
            - ACCEPT
            - REJECT
            - DROP
          example: ACCEPT
        protocol:
          type: string
          example: tcp
        source:
          type: string
          nullable: true
          example: null
        destination:
          type: string
          nullable: true
          example: null
        source_port:
          type: string
          nullable: true
          example: null
        destination_port:
          type: string
          nullable: true
          example: 80,443
        comment:
          type: string
          nullable: true
          example: Allow HTTP/HTTPS
        priority:
          type: integer
          example: 0
    Error:
      type: object
      properties:
        error:
          type: object
          properties:
            code:
              type: string
              description: Machine-readable error code
            message:
              type: string
              description: Human-readable error message
          required:
            - code
            - message
  responses:
    Unauthenticated:
      description: Authentication failed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error:
              code: UNAUTHENTICATED
              message: >-
                Missing or invalid Authorization header. Use: Authorization:
                Bearer <token>
    NotFound:
      description: Resource not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error:
              code: NOT_FOUND
              message: Server not found.
    ValidationError:
      description: Validation failed
      content:
        application/json:
          schema:
            type: object
            properties:
              error:
                type: object
                properties:
                  code:
                    type: string
                    example: VALIDATION_ERROR
                  message:
                    type: string
                    example: The given data was invalid.
                  details:
                    type: object
                    additionalProperties:
                      type: array
                      items:
                        type: string
                    example:
                      name:
                        - The name field is required.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        API token from your CloudBlast account settings. Pass as `Authorization:
        Bearer <token>`.

````