7.0
7.0
Docs menu
MENU

Create vCloud Firewall Rule

To create a firewall rule, use the following request:

1
2

POST /firewall_services/:firewall_service_id/firewall_rules.xml
POST /firewall_services/:firewall_service_id/firewall_rules.json

XML Request Example

1

curl -i -X POST http://onapp.test/firewall_services/12/firewall_rules.xml -H 'Accept: application/xml' -H 'Content-type: application/xml' -u user:userpass -d '<vcloud_firewall_rule><enabled>1</enabled><description>Description</description><command/>ACCEPT<address>0.0.0.0</address><source_port>80</source_port><destination_ip>0.0.0.0</destination_ip><port>80</port><protocol>TCP</protocol><enable_logging>0</enable_logging></vcloud_firewall_rule>'

JSON Request Example

1

curl -i -X POST http://onapp.test/firewall_services/12/firewall_rules.json -H 'Accept: application/json' -H 'Content-type: application/json' -u user:userpass -d '{"vcloud_firewall_rule":{"enabled":"1","description":"Description","command":"ACCEPT","address":"0.0.0.0","source_port":"80","destination_ip":"0.0.0.0","port":"80","protocol":"TCP","enable_logging":"0"},"firewall_service_id":"2"}'

Where:

description - fill in the description of the firewall rule

enabled - set the enabled as 1 if you want the firewall rule to be enabled or 0 if you want it to be disabled

command - sets the command to ACCEPT or DROP the indicated IPs

address - set the traffic source IP address for which this rule is active

  • Enter any to apply this rule to all IPs

  • Enter hyphen-separated IPs to apply the rule to an IP range (e.g. 192.168.1.1-192.168.1.10)

  • Enter the IPs with slash to apply the rule to CIDR (e.g. 192.168.1.1/24)

  • Enter internal to apply the rule to IP address from the current network

  • Enter external to apply the rule to IP address outside the current network

source_port - set the traffic source port for which this rule is active

  • Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028)

  • Enter any to apply the rule to all ports

destination_ip -set the traffic destination IP address for which this rule is active

  • Enter any to apply this rule to all IPs

  • Enter hyphen-separated IPs to apply the rule to an IP range (e.g. 192.168.1.1-192.168.1.10)

  • Enter the IPs with slash to apply the rule to CIDR (e.g. 192.168.1.1/24)

  • Enter internal to apply the rule to IP address from the current network

  • Enter external to apply the rule to IP address outside the current network

port - set the traffic destination port for which this rule is active

  • Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028)

  • Enter any to apply the rule to all ports

protocol - protocol type (TCP or UDP)

enable_logging - set to true if you want the system to log when the rule drops or accepts traffic