change: [UIE-9888] - Make firewall selection mandatory while creating linode and its interfaces

[grevanak-akamai]

Description 📝

Make firewall selection mandatory while creating linode and its interfaces. If there are no firewalls or user doesn't wants to assign a firewall to a linode, "No firewall" option can be selected but the firewall field cannot be left blank.

Changes 🔄

List any change(s) relevant to the reviewer.

• Firewall selection is made mandatory while creating linode and adding interfaces to linode.
• Added new option "No firewalls" under select firewall dropdown to allow users to not assign a firewall(Not recommended though). Added a warning notice if "No firewall" option is selected.
• Updated linode schema to make firewall field mandatory.

Scope 🚢

Upon production release, changes in this PR will be visible to:

• All customers
• Some customers (e.g. in Beta or Limited Availability)
• No customers / Not applicable

Target release date 🗓️

Mar 2026

Preview 📷

1. If no firewall is selected
2. "No firewall" option in the dropdown

How to test 🧪

Prerequisites

• Navigate to Create linode page.

Verification steps

• Ensure create linode submission fails if no option is selected under firewall dropdown.
• Select any firewall or select "No Firewall" option in the dropdown and ensure linode is created/cloned.

Author Checklists

As an Author, to speed up the review process, I considered 🤔

👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support

• I have read and considered all applicable items listed above.

As an Author, before moving this PR from Draft to Open, I confirmed ✅

• All tests and CI checks are passing
• TypeScript compilation succeeded without errors
• Code passes all linting rules

[grevanak-akamai]

API accepts both -1 and null(will be deprecated soon and will be utilized only to assign default firewall if any) to not to assign a firewall to a linode and hence firewall field has been made mandatory in UI.

[linode-gh-bot]

Cloud Manager UI test results

🔺 3 failing tests on test run #5 ↗︎

❌ Failing	✅ Passing	↪️ Skipped	🕐 Duration
3 Failing	865 Passing	11 Skipped	40m 58s

Details

Failing Tests
	Spec	Test
❌	search-images.spec.ts	Cloud Manager Cypress Tests→Search Images » creates two images and make sure they show up in the table and are searchable
❌	account-switching.spec.ts	Cloud Manager Cypress Tests→Parent/Child account switching→From Parent to Child » can search child accounts
❌	smoke-community-stackscripts.spec.ts	Cloud Manager Cypress Tests→Community Stackscripts integration tests » deploys a new linode as expected

Troubleshooting

Use this command to re-run the failing tests:

pnpm cy:run -s "cypress/e2e/core/images/search-images.spec.ts,cypress/e2e/core/parentChild/account-switching.spec.ts,cypress/e2e/core/stackscripts/smoke-community-stackscripts.spec.ts"

[grevanak-akamai]

In future, default firewalls will also support "No Firewalls" option.

[grevanak-akamai]

Cloud Manager UI test results

🔺 3 failing tests on test run #5 ↗︎

❌ Failing ✅ Passing ↪️ Skipped 🕐 Duration
3 Failing 865 Passing 11 Skipped 40m 58s

Details

Failing Tests
Spec Test
❌ search-images.spec.ts Cloud Manager Cypress Tests→Search Images » creates two images and make sure they show up in the table and are searchable
❌ account-switching.spec.ts Cloud Manager Cypress Tests→Parent/Child account switching→From Parent to Child » can search child accounts
❌ smoke-community-stackscripts.spec.ts Cloud Manager Cypress Tests→Community Stackscripts integration tests » deploys a new linode as expected

Troubleshooting

Use this command to re-run the failing tests:

pnpm cy:run -s "cypress/e2e/core/images/search-images.spec.ts,cypress/e2e/core/parentChild/account-switching.spec.ts,cypress/e2e/core/stackscripts/smoke-community-stackscripts.spec.ts"

Failure in smoke-community-stackscripts.spec.ts is related I guess. Rest 2 are unrelated.

[coliu-akamai]

Thanks @grevanak-akamai! Had a couple of questions/comments below.

Also, this PR is missing a changeset - do we still need changesets for the release process? looked at some other open PRs and they had changesets - could we add one to this PR?

[coliu-akamai]

Should we just have this part say 'Select an option.' only? There's no option to create a firewall on the Add Interface drawer:

[grevanak-akamai]

Agree but user can create a firewall from firewalls page if no option is available. So suggesting this message. I can check with our techwriter too.

[coliu-akamai]

maybe out of scope for this PR, but given that we're making firewall selection mandatory while creating a linode & its interfaces, should we also make it mandatory when editing an interface?

[grevanak-akamai]

Ideally yes but the API is not supporting selection of "No firewall" option currently. Also product team is of the opinion that we don't need to make it mandatory in edit interface flow.

[coliu-akamai]

lines 41-43 look the same as lines 72-75 - do we need this check here underneath if (context?.isLinodeInterfacesEnabled) if we're running it anyway at lines 72-75?

Also, regarding this comment:
The Clone Linode flow does not have the firewall_id field under interfaces object, so we set firewall_id to -1 to bypass the firewall requirement in the validation schema.

just to double check - since we're keeping the original firewall schema which lets us have undefined values, do we still need this condition & the ones below?

[grevanak-akamai]

I agree lines 41-43 is redundant so removed it. However we still need conditions to override firewall_id as we are making it mandatory in CreateLinodeInterfaceSchema. Let me know if I'm missing something here.

[coliu-akamai]

should we add back in the notRequired() for this schema, since the API will accept undefined? (Referring to Banks' earlier comment here - #13410 (comment))

[Copilot]

Pull request overview

This PR enforces an explicit firewall choice during Linode creation and when adding Linode interfaces by introducing a “No firewall” selectable option (represented by firewall_id = -1) and showing a warning notice when that option is chosen.

Changes:

• Make firewall selection required in Linode Create (legacy config) and Add Interface flows, while still allowing an explicit “No firewall” selection.
• Extend FirewallSelect to include a “No firewall (not recommended)” option and an optional warning notice message.
• Update unit tests and a broad set of Cypress E2E flows to select a firewall (or “No firewall”) to satisfy the new requirement.

Reviewed changes

Copilot reviewed 45 out of 45 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
packages/validation/src/linodes.schema.ts	Adjusts Create Linode schema firewall field definition (nullable).
packages/manager/src/features/VPCs/VPCDetail/SubnetAssignLinodesDrawer.tsx	Passes “No firewall” warning message into firewall selection for VPC interface assignment.
packages/manager/src/features/Linodes/constants.ts	Adds shared warning message string for “No firewall” selections.
packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/EditInterfaceDrawer/EditInterfaceFirewall.tsx	Disables “No firewall” option in edit-interface firewall selection.
packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/utilities.ts	Makes firewall_id required in Add Interface form schema.
packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/InterfaceType.tsx	Sets firewall_id to -1 for VLAN interfaces (no firewall support).
packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/InterfaceFirewall.tsx	Updates placeholder and passes warning message prop to FirewallSelect.
packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/AddInterfaceForm.tsx	Changes default firewall value handling and adjusts validation resolver inputs.
packages/manager/src/features/Linodes/LinodeCreate/utilities.test.tsx	Updates tests to include firewall_id in interface fixtures.
packages/manager/src/features/Linodes/LinodeCreate/schemas.ts	Adds conditional firewall requirement for legacy config create flow.
packages/manager/src/features/Linodes/LinodeCreate/resolvers.ts	Adds -1 sentinel assignments to satisfy validation (incl. Clone flow handling).
packages/manager/src/features/Linodes/LinodeCreate/Summary/Summary.tsx	Treats firewall_id = -1 as “no firewall” when computing “Firewall Assigned”.
packages/manager/src/features/Linodes/LinodeCreate/Networking/InterfaceType.tsx	Sets per-interface firewall_id to -1 for VLAN interface type.
packages/manager/src/features/Linodes/LinodeCreate/Networking/InterfaceFirewall.tsx	Updates placeholder and passes warning message prop to FirewallSelect.
packages/manager/src/features/Linodes/LinodeCreate/Networking/Firewall.tsx	Updates placeholder and passes warning message prop to FirewallSelect.
packages/manager/src/features/Linodes/LinodeCreate/Firewall.tsx	Updates placeholder and passes warning message prop to FirewallSelect.
packages/manager/src/features/Kubernetes/NodePoolFirewallSelect.tsx	Hides “No firewall” option in Kubernetes node pool firewall selection.
packages/manager/src/features/Firewalls/components/FirewallSelect.tsx	Adds “No firewall” option, warning notice rendering, and related props.
packages/manager/src/features/Firewalls/components/FirewallSelect.test.tsx	Adds unit tests for “No firewall” option and warning notice behavior.
packages/manager/src/features/Account/DefaultFirewalls.tsx	Hides “No firewall” option in account default firewall selection fields.
packages/manager/cypress/support/util/linodes.ts	Updates test Linode creation payload to use firewall_id = -1.
packages/manager/cypress/support/ui/pages/linode-create-page.ts	Adds a reusable Cypress helper to select a firewall from the dropdown.
packages/manager/cypress/e2e/core/stackscripts/smoke-community-stackscripts.spec.ts	Mocks firewalls and selects one during Linode creation flow.
packages/manager/cypress/e2e/core/stackscripts/create-stackscripts.spec.ts	Mocks firewalls and selects firewall / “No firewall” in create flows.
packages/manager/cypress/e2e/core/placementGroups/create-linode-with-placement-groups.spec.ts	Mocks and selects firewall as part of placement group creation scenarios.
packages/manager/cypress/e2e/core/oneClickApps/one-click-apps.spec.ts	Mocks and selects firewall in Marketplace/one-click app create flow.
packages/manager/cypress/e2e/core/linodes/create-linode.spec.ts	Mocks and selects firewall across multiple Linode create scenarios.
packages/manager/cypress/e2e/core/linodes/create-linode-with-vpc.spec.ts	Mocks and selects firewall in VPC-related Linode create flows.
packages/manager/cypress/e2e/core/linodes/create-linode-with-vlan.spec.ts	Mocks and selects firewall in VLAN-related Linode create flows.
packages/manager/cypress/e2e/core/linodes/create-linode-with-user-data.spec.ts	Mocks and selects firewall for user-data Linode creation.
packages/manager/cypress/e2e/core/linodes/create-linode-with-ssh-key.spec.ts	Mocks and selects firewall for SSH-key Linode creation scenarios.
packages/manager/cypress/e2e/core/linodes/create-linode-with-firewall.spec.ts	Refactors firewall selection steps to use the shared page helper.
packages/manager/cypress/e2e/core/linodes/create-linode-with-disk-encryption.spec.ts	Mocks and selects firewall for disk encryption Linode creation.
packages/manager/cypress/e2e/core/linodes/create-linode-with-add-ons.spec.ts	Mocks and selects firewall in add-ons creation flows (incl. legacy selection).
packages/manager/cypress/e2e/core/linodes/create-linode-vm-host-maintenance.spec.ts	Mocks and selects firewall in VM host maintenance create flow.
packages/manager/cypress/e2e/core/linodes/create-linode-view-code-snippet.spec.ts	Mocks and selects firewall before opening code snippet modal.
packages/manager/cypress/e2e/core/linodes/create-linode-mobile.spec.ts	Mocks and selects firewall in mobile viewport create flow.
packages/manager/cypress/e2e/core/linodes/create-linode-in-distributed-region.spec.ts	Mocks and selects firewall in distributed region create flow.
packages/manager/cypress/e2e/core/linodes/create-linode-in-core-region.spec.ts	Mocks and selects firewall in core region create flow.
packages/manager/cypress/e2e/core/linodes/create-linode-blackwell.spec.ts	Mocks and selects firewall in Blackwell GPU create smoke test.
packages/manager/cypress/e2e/core/linodes/clone-linode.spec.ts	Mocks and selects firewall during clone-related test flow.
packages/manager/cypress/e2e/core/linodes/alerts-create.spec.ts	Mocks and selects firewall in alerts-create related flows.
packages/manager/cypress/e2e/core/images/create-linode-from-image.spec.ts	Mocks and selects firewall in “create from image” flow.
packages/manager/cypress/e2e/core/helpAndSupport/open-support-ticket.spec.ts	Mocks and selects firewall to satisfy create form in support-ticket scenario.
packages/manager/cypress/e2e/core/general/gdpr-agreement.spec.ts	Mocks and selects firewall in GDPR agreement gating flow.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.