objects¶
Manage fireall objects
read¶
Input¶
The read API requires an action field. Valid actions:
hostsserviceswansprotocolszonestime-conditionsinterfacesapplicationslocal-servicesmacs
hosts¶
Return the list of hosts from hosts database.
Example:
{
"action": "hosts"
}
services¶
Return the list of services from fwservices db.
Example:
{
"action": "services"
}
wans¶
Return the list of red IPs.
Example:
{
"action": "wans"
}
protocols¶
Return the list of protocols from /etc/protocols.
Example:
{
"action": "protocols"
}
zones¶
Return the list of zones from networks db.
Example:
{
"action": "zones"
}
applications¶
Return the list of NDPI applications/protocols.
Example:
{
"action": "applications"
}
time-conditions¶
Return the list of time conditions from fwtimes db.
Example:
{
"action": "time-conditions"
}
interfaces¶
Return the list of interfaces from networks db.
Example:
{
"action": "interfaces"
}
local-services¶
Return the list of services running on the firewall itself (from configuration db).
Example:
{
"action": "local-services"
}
macs¶
Return the list of mac addresses objects from macs db.
Example:
{
"action": "macs"
}
Output¶
hosts¶
Output example:
{
"hosts": [
{
"IpAddress": "192.168.1.1",
"name": "a123",
"Description": "123",
"type": "local"
},
...
]
}
services¶
Example:
{
"services": [
{
"Ports": [
"67",
"68"
],
"name": "dhcp",
"Protocol": "tcpudp",
"type": "fwservice",
"Description": ""
},
...
]
}
wans¶
Example:
{
"wans": [
"192.168.100.194",
"10.0.0.212",
"1.2.3.4"
]
}
protocols¶
Example:
{
"protocols": [
"gre",
"ah",
"tcp",
...
]
}
zones¶
Example:
{
"zones": [
{
"Network": "192.168.66.3/14",
"name": "test",
"Description": "test",
"Interface": "eth0"
},
...
]
}
time-conditions¶
Example:
{
"time-conditions": [
{
"WeekDays": [
"Mon",
"Tue",
"Wed",
"Thu",
"Fri",
"Sat",
"Sun"
],
"TimeStart": "00:00",
"TimeStop": "02:30",
"name": "test",
"Description": "test"
},
...
]
}
interfaces¶
Example:
{
"interfaces": [
"eth0",
"eth1",
...
]
}
applications¶
Return the list of NDPI applications/protocols.
Each protocol has an associated icon, icon mapping is configured inside the ndpi-icons.json file.
Example:
{
"applications": [
{
"icon": "fa-circle",
"name": "Unknown",
"id": "00"
},
{
"icon": "fa-cloud-download",
"name": "FTP_CONTROL",
"id": "01"
},
...
]
}
local-services¶
Return the list of services running on the firewall itself.
Example:
{
"local-services": [
{
"Ports": [
"123"
],
"name": "chronyd",
"Protocol": "udp",
"type": "service",
"Description": ""
},
...
]
}
macs¶
Return the list of mac address objects.
Example:
{
"macs": [
{
"Address": "52:54:00:05:2d:c3",
"name": "m1",
"type": "mac",
"Zone": "green",
"Description": "test"
},
...
]
}
validate¶
Constraints¶
The request must contain an action field. Valid actions are:
create-hostupdate-hostdelete-hostcreate-serviceupdate-servicedelete-servicecreate-zoneupdate-zonedelete-zonecreate-time-conditionupdate-time-conditiondelete-time-conditioncreate-cidr-subupdate-cidr-subdelete-cidr-subcreate-ip-rangeupdate-ip-rangedelete-ip-rangecreate-host-groupupdate-host-groupdelete-host-groupcreate-macupdate-macdelete-mac
Constraints for create-host:
- name: must be a non-existing class
- IpAddress: must be valid ipv4
- Description: optional description
- portforwards: optional list of valid portforwards to set host as
DstHost - rules: optional, if set to "1" substitute all IpAddress inside the fwrules db with newly created host object
Constraints for update-host:
- name: must be an existing host
- IpAddress: must be valid ipv4
- Description: optional description
Constraints for delete-host:
- name: must be an existing host
Constraints for create-service:
- name: must be a non-existing service
- Ports: must be a port range or a valid list of ports
- Protocol: must be one this vaules: 'tcp','udp','tcpudp'
- Description: optional description
Constraints for update-service:
- name: must be a existing service
- Ports: must be a port range or a valid list of ports
- Protocol: must be one this vaules: 'tcp','udp','tcpudp'
- Description: optional description
Constraints for delete-service:
- name: must be an existing service
Constraints for create-zone:
- name: must be a non-existing zone
- Network: must be a valid CIDR block
- Interface: must be an existing interface name
- Description: optional description
Constraints for update-zone:
- name: must be a existing zone
- Network: must be a valid CIDR block
- Interface: must be an existing interface name
- Description: optional description
Constraints for delete-zone:
- name: must be an existing zone
Constraints for create-time-condition:
- name: must be a non-existing time condition
- WeekDays: a list of day where apply the time condition, valid values:
Mon,Tue,Wed,Thu,Fri,Sat,Sun - TimeStart: time to start the time condition
- TimeStop: time to stop the time condition
- Description: optional description
Constraints for update-time-condition:
- name: must be a existing time condition
- WeekDays: a list of day where apply the time condition, valid values:
Mon,Tue,Wed,Thu,Fri,Sat,Sun - TimeStart: time to start the time condition
- TimeStop: time to stop the time condition
- Description: optional description
Constraints for delete-time-condition:
- name: must be an existing time condition
Constraints for create-cidr-sub:
- name: must be a non-existing cidr subnet
- Address: must be a valid CIDR block
- Description: optional description
- rules: optional, if set to "1" substitute all IpAddress inside the fwrules db with newly created host object
Constraints for update-cidr-sub:
- name: must be a existing cidr subnet
- Address: must be a valid CIDR block
- Description: optional description
Constraints for delete-cidr-sub:
- name: must be an existing cidr subnet
Constraints for create-ip-range:
- name: must be a non-existing ip range
- Start: start of the range, must be a valid ipv4
- End: end of the range, must be a valid ipv4
- Description: optional description
Constraints for update-ip-range:
- name: must be a existing ip range
- Start: start of the range, must be a valid ipv4
- End: end of the range, must be a valid ipv4
- Description: optional description
Constraints for delete-ip-range:
- name: must be an existing ip range
Constraints for create-host-group:
- name: must be a non-existing host group
- Members: must be a list of existing host
- Description: optional description
Constraints for update-host-group:
- name: must be a existing host group
- Members: must be a list of existing host
- Description: optional description
Constraints for delete-host-group:
- name: must be an existing host group
Constraints for create-mac:
- name: must be a non-existing mac
- Address: a valid MAC address
- Zone: a role or a custom zone
- Description: optional description
Constraints for update-mac:
- name: must be a existing host mac
- Address: a valid MAC address
- Zone: a role or a custom zone
- Description: optional description
Constraints for delete-mac:
- name: must be an existing mac
Input¶
create-host¶
Example:
{
"action": "create-host",
"IpAddress": "192.168.1.1",
"name": "a123",
"Description": "123",
"portforwards": [1,3],
"rules": 1
}
update-host¶
Example:
{
"action": "update-host",
"IpAddress": "192.168.1.3",
"name": "a123",
"Description": "123",
}
delete-host¶
Example:
{
"action": "delete-host",
"name": "a123"
}
create-service¶
Example:
{
"action": "create-service",
"Ports": ["80"],
"name": "httpd",
"Protocol": "tcp",
"Description": ""
}
update-service¶
Example:
{
"action": "create-service",
"Ports": ["80","443"],
"name": "httpd",
"Protocol": "tcp",
"Description": ""
}
delete-service¶
Example:
{
"action": "delete-service",
"name": "httpd"
}
create-zone¶
Example:
{
"action": "create-zone",
"Network": "192.168.66.3/14",
"name": "test",
"Description": "test",
"Interface": "eth0"
}
update-zone¶
Example:
{
"action": "update-zone",
"Network": "192.168.66.7/14",
"name": "test",
"Description": "test",
"Interface": "eth1"
}
delete-zone¶
Example:
{
"action": "delete-zone",
"name": "test"
}
create-time-condition¶
Example:
{
"action": "create-time-condition",
"WeekDays": [
"Mon",
"Tue",
"Wed",
"Thu",
"Fri",
"Sat",
"Sun"
],
"TimeStart": "01:30",
"TimeStop": "02:00",
"name": "test",
"Description": "test"
}
update-time-condition¶
Example:
{
"action": "update-time-condition",
"WeekDays": [
"Thu",
"Fri",
"Sat",
"Sun"
],
"TimeStart": "01:30",
"TimeStop": "05:00",
"name": "test",
"Description": "test"
}
delete-time-condition¶
Example:
{
"action": "delete-time-condition",
"name": "test"
}
create-cidr-sub¶
Example:
{
"action": "create-cidr-sub",
"Address": "10.10.10.0/24",
"name": "cidr1",
"Description": "",
"rules": 0
}
update-cidr-sub¶
Example:
{
"action": "update-cidr-sub",
"Address": "10.10.30.0/24",
"name": "cidr1",
"Description": ""
}
delete-cidr-sub¶
Example:
{
"action": "delete-cidr-sub",
"name": "cidr1"
}
create-ip-range¶
Example:
{ "action": "create-ip-range",
"End": "192.168.1.10",
"name": "range1",
"Start": "192.168.1.100",
"Description": ""
}
update-ip-range¶
Example:
{ "action": "update-ip-range",
"End": "192.168.1.10",
"name": "range1",
"Start": "192.168.1.100",
"Description": ""
}
delete-ip-range¶
Example:
{
"action": "delete-ip-range",
"name": "range1"
}
create-host-group¶
Example:
{ "action": "create-host-group",
"Members": [
"host1"
],
"name": "g1",
"Description": ""
}
update-host-group¶
Example:
{ "action": "update-host-group",
"Members": [
"host1"
],
"name": "g1",
"Description": ""
}
delete-host-group¶
Example:
{
"action": "delete-host-group",
"name": "g1"
}
create-mac¶
Example:
{
"action": "create-mac",
"name": "mac1",
"Zone": "green",
"Address": "52:54:00:05:2d:c2",
"Description": ""
}
update-mac¶
Example:
{
"action": "update-mac",
"name": "mac1",
"Zone": "green",
"Address": "52:54:00:05:2d:c2",
"Description": ""
}
delete-mac¶
Example:
{
"action": "delete-mac",
"name": "mac1"
}
update¶
Same input format from validate action.
create¶
It uses the same format from input action.
delete¶
It uses the same format from input action.