7.0
7.0
Docs menu
MENU

Edit vCloud Firewall Rules

To edit a firewall rule, use the following request:

1
2

PUT /firewall_services/:firewall_service_id/firewall_rules/:id.xml
PUT /firewall_services/:firewall_service_id/firewall_rules/:id.json

XML Request Example

1

curl -i -X PUT http://onapp.test/firewall_services/12/firewall_rules/1.xml -H 'Accept: application/xml' -H 'Content-type: application/xml' -u user:userpass -d '<vcloud_firewall_rule><enabled>1</enabled><description>ICMP</description><command/>ACCEPT<address>internal</address><source_port>-1</source_port><destination_ip>external</destination_ip><port><protocol>ICMP</protocol><enable_logging>0</enable_logging></port></vcloud_firewall_rule>'

JSON Request Example

1

curl -i -X PUT http://onapp.test/firewall_services/12/firewall_rules/1.json -H 'Accept: application/json' -H 'Content-type: application/json' -u user:userpass -d '{"vcloud_firewall_rule":{"enabled":"1","description":"ICMP","command":"ACCEPT","address":"internal","source_port":"-1","destination_ip":"external","port":"","protocol":"ICMP","enable_logging":"0"},"firewall_service_id":"2","id":"4"}'

Where:

enabled - set the enabled as 1 if you want the firewall rule to be enabled or 0 if you want it to be disabled

description - fill in the description of the firewall rule

command - set the command to ACCEPT or DROP the indicated IPs

address - set the traffic source IP address for which this rule is active

  • Enter any to apply this rule to all IPs

  • Enter hyphen-separated IPs to apply the rule to an IP range (e.g. 192.168.1.1-192.168.1.10)

  • Enter the IPs with slash to apply the rule to CIDR (e.g. 192.168.1.1/24)

  • Enter internal to apply the rule to IP address from the current network

  • Enter external to apply the rule to IP address outside the current network

source_port - set the traffic source port for which this rule is active

  • Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028)

  • Enter any to apply the rule to all ports

destination_ip - set the traffic destination IP address for which this rule is active

  • Enter any to apply this rule to all IPs

  • Enter hyphen-separated IPs to apply the rule to an IP range (e.g. 192.168.1.1-192.168.1.10)

  • Enter the IPs with slash to apply the rule to CIDR (e.g. 192.168.1.1/24)

  • Enter internal to apply the rule to IP address from the current network

  • Enter external to apply the rule to IP address outside the current network

port - set the traffic destination port for which this rule is active

  • Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028)

  • Enter any to apply the rule to all ports

protocol - protocol type (TCP or UDP)

enable_logging - set to true if you want the system to log when the rule drops or accepts traffic