List VPS firewall rules

Return VPS firewall protection state, rules, rule limits, and action gates. Get {id} from GET /api/v2/vps. Use rules[].pos as {pos} for rule update/delete only when rules[].editable is true. Per-VPS v2 writes manage inbound rules only: type: "in" can be editable, while upstream type: "out" rules and type: "group" shared/group references are read-only on this endpoint.

VPS Services Firewall

Authentication

Required API scope: read:vm

Use Authorization: Bearer <token> for API keys. Dashboard sessions may also use hostup_session.

Context

Related endpoints

POST /api/v2/vps/{id}/firewall Add VPS firewall rule PUT /api/v2/vps/{id}/firewall/{pos} Replace VPS firewall rule DELETE /api/v2/vps/{id}/firewall/{pos} Delete VPS firewall rule

Path Parameters

id string required Example: vps_01hxa3b4c5d6e7f8g9h0j1k2m3

Public VPS ID from `GET /api/v2/vps` `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response.

Headers

Accept Example

Content-Type Example

Responses

200 VPS firewall state and rules.

available boolean required · Example: true

reason stringnull required · Example: null

enabled boolean required · Example: true

summary stringnull required · Example: Firewall protection is on. Incoming traffic must match an allow rule to pass.

detail stringnull required · Example: Traffic that does not match one of the rules below is blocked before it reaches the VM.

limits object required

limits.maxRules integer required · Example: 100

limits.currentRules integer required · Example: 1

limits.remainingRules integer required · Example: 99

rules array<object> required

rules[].pos integernull required · Example: 0

rules[].type stringnull · enum required · Example: in

`in` is the customer-writable inbound rule type. `out` and `group` can appear from upstream reads but are read-only through this per-VPS endpoint.

in

out

group

rules[].action stringnull · enum required · Example: ACCEPT

ACCEPT

DROP

REJECT

rules[].enabled boolean required · Example: true

rules[].proto stringnull required · Example: tcp

rules[].dport stringnull required · Example: 22

rules[].sport stringnull required · Example: null

rules[].source stringnull required · Example: 198.51.100.10

rules[].dest stringnull required · Example: null

rules[].description stringnull required · Example: Allow SSH from office

rules[].isSystem boolean required · Example: false

rules[].editable boolean required · Example: true

ruleCount integer required · Example: 1

actions object required

actions.canAddRule object required

actions.canAddRule.allowed boolean required · Example: true

actions.canAddRule.reason stringnull required · Example: null

actions.canAddRule.code stringnull · Example: pending_order

Machine-readable reason code when an action is blocked.

actions.canToggleFirewall object required

actions.canToggleFirewall.allowed boolean required · Example: true

actions.canToggleFirewall.reason stringnull required · Example: null

actions.canToggleFirewall.code stringnull · Example: pending_order

Machine-readable reason code when an action is blocked.

400 Invalid request. The response body is an RFC 7807 Problem Details document.

type string · Example: https://developer.hostup.se/errors/invalid_request

title string · Example: Validation failed

status integer · Example: 400

detail string · Example: The request body failed validation.

code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders

requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3

timestamp string · Example: 2026-04-27T12:34:56.000Z

errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode

errors[].detail string required · Example: `eppCode` is required for this transfer.

errors[].code string required · Example: missing_required

extensions object

401 Unauthorized. Authentication is required.

type string · Example: https://developer.hostup.se/errors/invalid_request

title string · Example: Validation failed

status integer · Example: 400

detail string · Example: The request body failed validation.

code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders

requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3

timestamp string · Example: 2026-04-27T12:34:56.000Z

errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode

errors[].detail string required · Example: `eppCode` is required for this transfer.

errors[].code string required · Example: missing_required

extensions object

403 Forbidden. The caller lacks a required scope or does not own the resource.

type string · Example: https://developer.hostup.se/errors/invalid_request

title string · Example: Validation failed

status integer · Example: 400

detail string · Example: The request body failed validation.

code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders

requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3

timestamp string · Example: 2026-04-27T12:34:56.000Z

errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode

errors[].detail string required · Example: `eppCode` is required for this transfer.

errors[].code string required · Example: missing_required

extensions object

404 Not found. The resource does not exist or is not owned by the caller.

type string · Example: https://developer.hostup.se/errors/invalid_request

title string · Example: Validation failed

status integer · Example: 400

detail string · Example: The request body failed validation.

code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders

requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3

timestamp string · Example: 2026-04-27T12:34:56.000Z

errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode

errors[].detail string required · Example: `eppCode` is required for this transfer.

errors[].code string required · Example: missing_required

extensions object

429 Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.

type string · Example: https://developer.hostup.se/errors/invalid_request

title string · Example: Validation failed

status integer · Example: 400

detail string · Example: The request body failed validation.

code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders

requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3

timestamp string · Example: 2026-04-27T12:34:56.000Z

errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode

errors[].detail string required · Example: `eppCode` is required for this transfer.

errors[].code string required · Example: missing_required

extensions object

500 Internal error. Retry later or contact support if the issue persists.

type string · Example: https://developer.hostup.se/errors/invalid_request

title string · Example: Validation failed

status integer · Example: 400

detail string · Example: The request body failed validation.

code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders

requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3

timestamp string · Example: 2026-04-27T12:34:56.000Z

errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode

errors[].detail string required · Example: `eppCode` is required for this transfer.

errors[].code string required · Example: missing_required

extensions object

GET https://cloud.hostup.se/api/v2/vps/{id}/firewall

For AI assistants

View as Markdown

cURL

curl -X GET "https://cloud.hostup.se/api/v2/vps/vps_01hxa3b4c5d6e7f8g9h0j1k2m3/firewall" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"

Response

{
  "available": true,
  "reason": null,
  "enabled": true,
  "summary": "Firewall protection is on. Incoming traffic must match an allow rule to pass.",
  "detail": "Traffic that does not match one of the rules below is blocked before it reaches the VM.",
  "limits": {
    "maxRules": 100,
    "currentRules": 1,
    "remainingRules": 99
  },
  "rules": [
    {
      "pos": 0,
      "type": "in",
      "action": "ACCEPT",
      "enabled": true,
      "proto": "tcp",
      "dport": "22",
      "sport": null,
      "source": "198.51.100.10",
      "dest": null,
      "description": "Allow SSH from office",
      "isSystem": false,
      "editable": true
    }
  ],
  "ruleCount": 1,
  "actions": {
    "canAddRule": {
      "allowed": true,
      "reason": null
    },
    "canToggleFirewall": {
      "allowed": true,
      "reason": null
    }
  }
}

{
  "type": "object",
  "properties": {
    "available": {
      "type": "boolean"
    },
    "reason": {
      "type": [
        "string",
        "null"
      ]
    },
    "enabled": {
      "type": "boolean"
    },
    "summary": {
      "type": [
        "string",
        "null"
      ]
    },
    "detail": {
      "type": [
        "string",
        "null"
      ]
    },
    "limits": {
      "type": "object",
      "properties": {
        "maxRules": {
          "type": "integer"
        },
        "currentRules": {
          "type": "integer"
        },
        "remainingRules": {
          "type": "integer"
        }
      }
    },
    "rules": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "pos": {
            "type": [
              "integer",
              "null"
            ]
          },
          "type": {
            "type": [
              "string",
              "null"
            ],
            "description": "`in` is the customer-writable inbound rule type. `out` and `group` can appear from upstream reads but are read-only through this per-VPS endpoint.",
            "enum": [
              "in",
              "out",
              "group",
              null
            ]
          },
          "action": {
            "type": [
              "string",
              "null"
            ],
            "enum": [
              "ACCEPT",
              "DROP",
              "REJECT",
              null
            ]
          },
          "enabled": {
            "type": "boolean"
          },
          "proto": {
            "type": [
              "string",
              "null"
            ]
          },
          "dport": {
            "type": [
              "string",
              "null"
            ]
          },
          "sport": {
            "type": [
              "string",
              "null"
            ]
          },
          "source": {
            "type": [
              "string",
              "null"
            ]
          },
          "dest": {
            "type": [
              "string",
              "null"
            ]
          },
          "description": {
            "type": [
              "string",
              "null"
            ]
          },
          "isSystem": {
            "type": "boolean"
          },
          "editable": {
            "type": "boolean"
          }
        }
      }
    },
    "ruleCount": {
      "type": "integer"
    },
    "actions": {
      "type": "object",
      "properties": {
        "canAddRule": {
          "type": "object",
          "properties": {
            "allowed": {
              "type": "boolean"
            },
            "reason": {
              "type": [
                "string",
                "null"
              ]
            },
            "code": {
              "type": [
                "string",
                "null"
              ],
              "description": "Machine-readable reason code when an action is blocked."
            }
          }
        },
        "canToggleFirewall": {
          "type": "object",
          "properties": {
            "allowed": {
              "type": "boolean"
            },
            "reason": {
              "type": [
                "string",
                "null"
              ]
            },
            "code": {
              "type": [
                "string",
                "null"
              ],
              "description": "Machine-readable reason code when an action is blocked."
            }
          }
        }
      }
    }
  }
}