Skip to content

Manage ingress and egress firewall rules for a container. These endpoints let you list, add, toggle, remove, and reset firewall rules that control inbound and outbound traffic.

Each rule specifies an action (allow, reject, or drop), a protocol (tcp, udp, or icmp4), and matching criteria such as ports and CIDR ranges. Rules default to state: "enabled" when created.


GET /api/v1/containers/{id}/firewall/rules

Get all ingress and egress firewall rules for a container.

NameInTypeRequiredDescription
idpathstringYesContainer ID
Terminal window
curl -X GET "https://api.hoody.com/api/v1/containers/c_abc123def456/firewall/rules" \
-H "Authorization: Bearer <token>"

POST /api/v1/containers/{id}/firewall/ingress

Add a new ingress (inbound) firewall rule to a container. Use this endpoint to control which traffic can reach your container. All rules default to state: "enabled" if not specified.

NameInTypeRequiredDescription
idpathstringYesContainer ID
NameTypeRequiredDescription
actionstringYesAction to take: allow (permit), reject (deny with response), drop (deny silently).
protocolstringYesNetwork protocol. One of tcp, udp, icmp4.
descriptionstringYesHuman-readable rule description.
destination_portstringNoPort number, range (e.g. 80-90), or comma-separated list (e.g. 80,443). Required for TCP/UDP.
sourcestringNoSource IPv4 address or CIDR range. Use 0.0.0.0/0 for any source.
source_portstringNoSource port filter (rarely used).
statestringNoRule state. One of enabled, disabled. Defaults to enabled.
icmp_typestringNoICMP type number (e.g. 8 for echo request/ping).
icmp_codestringNoICMP code number.
Terminal window
curl -X POST "https://api.hoody.com/api/v1/containers/c_abc123def456/firewall/ingress" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{
"action": "allow",
"protocol": "tcp",
"description": "Allow HTTPS",
"destination_port": "443",
"source": "0.0.0.0/0"
}'

POST /api/v1/containers/{id}/firewall/egress

Add a new egress (outbound) firewall rule to a container. Use this endpoint to control which traffic your container can send. All rules default to state: "enabled" if not specified.

NameInTypeRequiredDescription
idpathstringYesContainer ID
NameTypeRequiredDescription
actionstringYesAction to take: allow (permit), reject (deny with response), drop (deny silently).
protocolstringYesNetwork protocol. One of tcp, udp, icmp4.
descriptionstringYesHuman-readable rule description.
destination_portstringNoPort number, range (e.g. 80-90), or comma-separated list (e.g. 80,443). Required for TCP/UDP.
destinationstringNoDestination IPv4 address or CIDR range. Use 0.0.0.0/0 for any destination.
source_portstringNoSource port filter (rarely used).
statestringNoRule state. One of enabled, disabled. Defaults to enabled.
icmp_typestringNoICMP type number.
icmp_codestringNoICMP code number.
Terminal window
curl -X POST "https://api.hoody.com/api/v1/containers/c_abc123def456/firewall/egress" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{
"action": "allow",
"protocol": "tcp",
"description": "Allow outbound HTTPS",
"destination_port": "443",
"destination": "0.0.0.0/0"
}'

PATCH /api/v1/containers/{id}/firewall/ingress

Enable or disable an ingress (inbound) firewall rule without deleting it. Provide filters to identify which rule to toggle. Useful for temporarily disabling rules.

NameInTypeRequiredDescription
idpathstringYesContainer ID
NameTypeRequiredDescription
statestringYesNew state for the rule. One of enabled, disabled.
actionstringNoAction for matching traffic. One of allow, reject, drop. Used as a filter.
protocolstringNoProtocol type. One of tcp, udp, icmp4. Used as a filter.
destination_portstringNoDestination port, range (e.g. 80-90), or list (e.g. 80,443). Used as a filter.
source_portstringNoSource port, range, or list. Used as a filter.
sourcestringNoSource IPv4/CIDR address(es). Used as a filter.
descriptionstringNoRule description. Used as a filter.
icmp_typestringNoICMP type number for icmp4 protocol. Used as a filter.
icmp_codestringNoICMP code number for icmp4 protocol. Used as a filter.
Terminal window
curl -X PATCH "https://api.hoody.com/api/v1/containers/c_abc123def456/firewall/ingress" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{
"state": "disabled",
"protocol": "tcp",
"destination_port": "443"
}'

PATCH /api/v1/containers/{id}/firewall/egress

Enable or disable an egress (outbound) firewall rule without deleting it. Provide filters to identify which rule to toggle. Useful for temporarily disabling rules.

NameInTypeRequiredDescription
idpathstringYesContainer ID
NameTypeRequiredDescription
statestringYesNew state for the rule. One of enabled, disabled.
actionstringNoAction for matching traffic. One of allow, reject, drop. Used as a filter.
protocolstringNoProtocol type. One of tcp, udp, icmp4. Used as a filter.
destination_portstringNoDestination port, range (e.g. 80-90), or list (e.g. 80,443). Used as a filter.
source_portstringNoSource port, range, or list. Used as a filter.
destinationstringNoDestination IPv4/CIDR address(es). Used as a filter.
descriptionstringNoRule description. Used as a filter.
icmp_typestringNoICMP type number for icmp4 protocol. Used as a filter.
icmp_codestringNoICMP code number for icmp4 protocol. Used as a filter.
Terminal window
curl -X PATCH "https://api.hoody.com/api/v1/containers/c_abc123def456/firewall/egress" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{
"state": "disabled",
"protocol": "tcp",
"destination_port": "25"
}'

DELETE /api/v1/containers/{id}/firewall/ingress

Remove one or more ingress (inbound) firewall rules. Provide filters to match specific rules, or use all: true to remove all ingress rules. Not equivalent to reset — this only deletes rules and leaves the firewall/ACL attached.

NameInTypeRequiredDescription
idpathstringYesContainer ID
NameTypeRequiredDescription
allbooleanNoRemove all matching rules (default: first match only). Set to true with no other filters to remove all ingress rules.
actionstringNoAction for matching traffic. One of allow, reject, drop. Used as a filter.
protocolstringNoProtocol type. One of tcp, udp, icmp4. Used as a filter.
destination_portstringNoDestination port, range (e.g. 80-90), or list (e.g. 80,443). Used as a filter.
sourcestringNoSource IPv4/CIDR address(es). Used as a filter.
source_portstringNoSource port, range, or list. Used as a filter.
descriptionstringNoRule description. Used as a filter.
statestringNoRule state. One of enabled, disabled. Defaults to enabled. Used as a filter.
icmp_typestringNoICMP type number for icmp4 protocol. Used as a filter.
icmp_codestringNoICMP code number for icmp4 protocol. Used as a filter.
Terminal window
curl -X DELETE "https://api.hoody.com/api/v1/containers/c_abc123def456/firewall/ingress" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{
"protocol": "tcp",
"destination_port": "22",
"source": "192.168.1.0/24"
}'

DELETE /api/v1/containers/{id}/firewall/egress

Remove one or more egress (outbound) firewall rules. Provide filters to match specific rules, or use all: true to remove all egress rules. Not equivalent to reset — this only deletes rules and leaves the firewall/ACL attached.

NameInTypeRequiredDescription
idpathstringYesContainer ID
NameTypeRequiredDescription
allbooleanNoRemove all matching rules (default: first match only). Set to true with no other filters to remove all egress rules.
actionstringNoAction for matching traffic. One of allow, reject, drop. Used as a filter.
protocolstringNoProtocol type. One of tcp, udp, icmp4. Used as a filter.
destination_portstringNoDestination port, range (e.g. 80-90), or list (e.g. 80,443). Used as a filter.
destinationstringNoDestination IPv4/CIDR address(es). Used as a filter.
source_portstringNoSource port, range, or list. Used as a filter.
descriptionstringNoRule description. Used as a filter.
statestringNoRule state. One of enabled, disabled. Defaults to enabled. Used as a filter.
icmp_typestringNoICMP type number for icmp4 protocol. Used as a filter.
icmp_codestringNoICMP code number for icmp4 protocol. Used as a filter.
Terminal window
curl -X DELETE "https://api.hoody.com/api/v1/containers/c_abc123def456/firewall/egress" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{ "all": true }'

POST /api/v1/containers/{id}/firewall/reset

Delete ACL and detach from bridge, returning the container to an open state.

NameInTypeRequiredDescription
idpathstringYesContainer ID

This endpoint takes no request body.

Terminal window
curl -X POST "https://api.hoody.com/api/v1/containers/c_abc123def456/firewall/reset" \
-H "Authorization: Bearer <token>"