Skip to main content
Resource management is the core feature of NetBird Selfservice, allowing you to create, update, enable/disable, and delete network resources that define what endpoints users can access through the VPN.

What Are Resources?

Resources in NetBird represent network endpoints that users can access. Each resource consists of:
  • Name: A descriptive identifier for the resource
  • Address: The network address (IP, CIDR, or domain)
  • Description: Optional details about the resource
  • Enabled/Disabled: Control whether the resource is active
  • Owner: The user who created the resource

Supported Address Types

NetBird Selfservice supports three types of resource addresses:

IP Addresses

Individual IPv4 or IPv6 addressesExamples:
  • 192.168.1.100
  • 2001:db8::1

CIDR Ranges

Network ranges in CIDR notationExamples:
  • 10.50.0.0/24
  • 192.168.1.0/28

Domain Names

Fully qualified domain names with optional wildcardsExamples:
  • api.example.com
  • *.internal.company.com

Address Validation Rules

When adding or editing resources, addresses are validated using the ValidResourceAddress rule to ensure network security:

Blocked Address Ranges

The following address ranges are blocked to prevent security issues: 
// Blocked CIDR ranges (from ValidResourceAddress.php:17-30)
'0.0.0.0/0'      // All IPv4 traffic
'::/0'           // All IPv6 traffic
'0.0.0.0/1'      // Half of all IPv4 traffic
'128.0.0.0/1'    // Other half of IPv4 traffic
'10.0.0.0/8'     // Private network (Class A)
'172.16.0.0/12'  // Private network (Class B)
'192.168.0.0/16' // Private network (Class C)
'127.0.0.0/8'    // Loopback
'169.254.0.0/16' // Link-local
'224.0.0.0/4'    // Multicast
'240.0.0.0/4'    // Reserved
'255.255.255.255/32' // Broadcast
Wildcard patterns like *, *.*, *.*.*.* are also blocked as they would match all traffic.

Domain Validation

Domain names must meet these requirements:
  • Valid DNS format with proper labels
  • Maximum 253 characters total length
  • Each label maximum 63 characters
  • No consecutive dots (.)
  • Support for wildcard subdomains (*.example.com)

Creating Resources

1

Navigate to Resources

From the dashboard, click on the “Resources” section to view all your resources.
2

Add New Resource

Click the “Add Resource” button to open the creation form.
3

Fill in Details

Enter the resource information:
  • Name: Choose a descriptive name (e.g., “Production API Server”)
  • Address: Enter a valid IP, CIDR, or domain
  • Description: Add optional details about the resource
  • Enabled: Toggle whether the resource should be active immediately
4

Submit or Request

  • Admin users: Resources are created immediately
  • Non-admin users: A request is submitted for admin approval
When you create a resource, it’s logged in the activity log with action type created for audit purposes.

Updating Resources

You can modify existing resources to change their configuration:
1

Select Resource

From the resources list, find the resource you want to edit.
2

Edit Details

Click the edit button to modify:
  • Resource name
  • Network address
  • Description
  • Enabled/disabled status
3

Save Changes

Submit your changes. The resource will be updated in NetBird immediately.
Each update is tracked in the activity log, preserving a complete history of all changes to the resource.

Enabling and Disabling Resources

You can quickly toggle resources on or off without deleting them:
  • Enable: Makes the resource accessible through the VPN
  • Disable: Temporarily blocks access to the resource
This is implemented via the ToggleResourceAction which flips the enabled status and logs the action. 
// From ToggleResourceAction.php:38
ResourceLog::logAction(
    action: $newEnabled ? ResourceAction::Enabled->value : ResourceAction::Disabled->value,
    resourceName: $resourceData['name'],
    netbirdId: $resourceId,
    resourceAddress: $resourceData['address'],
    performedBy: $user->name,
    changes: ['enabled' => $newEnabled]
);

Deleting Resources

To permanently remove a resource:
1

Select Resource

Identify the resource you want to delete from your resources list.
2

Confirm Deletion

Click the delete button and confirm the action.
3

Resource Removed

The resource is deleted from both NetBird and the local database.
Resource deletion is permanent and cannot be undone. Make sure you really want to remove the resource before confirming.

Ownership Controls

Resource ownership is tracked to ensure proper access control:
  • Every resource is associated with a user_id (the owner)
  • Resources also track created_by (the name of the creator)
  • Ownership is checked via the isOwnedBy() method on the Resource model
// From Resource.php:22-25
public function isOwnedBy(User $user): bool
{
    return $this->user_id === $user->id;
}
This ensures that users can only manage their own resources, unless they have admin privileges.

Implementation Details

Resources are managed through dedicated action classes that handle the business logic:
ActionClassDescription
CreateCreateResourceActionCreates a new resource in NetBird
UpdateUpdateResourceActionModifies an existing resource
DeleteDeleteResourceActionRemoves a resource
ToggleToggleResourceActionEnables/disables a resource
All actions:
  • Interact with the NetBird API via NetbirdService
  • Log activities using ResourceLog::logAction()
  • Track changes for audit purposes
  • Associate resources with the acting user

Best Practices

Use Descriptive Names

Name resources clearly so team members can identify them easily (e.g., “Production DB Cluster” instead of “DB1”)

Validate Before Creating

Double-check IP addresses and domain names to avoid typos that could create security issues

Document with Descriptions

Use the description field to note important details like purpose, owner team, or access requirements

Disable Instead of Delete

For temporary changes, disable resources rather than deleting them to preserve configuration

Build docs developers (and LLMs) love

Get started for freeTalk to us