I need to create a softlayer network firewall rule through REST API. I have referred the Softlayer documents but still I'm unabe to create a firewall rule.
Please Advice.
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Please try this REST request to add Firewall rules (SoftLayer_Network_Firewall_Update_Request::createObject):
URL:
https://[username]:[apikey]@api.softlayer.com/rest/v3/SoftLayer_Network_Firewall_Update_Request/createObject
Method: POST
{
"parameters": [
{
"firewallContextAccessControlListId": 2854,
"rules": [
{
"action": "permit",
"destinationIpAddress": "any",
"destinationIpCidr": 0,
"destinationPortRangeEnd": 80,
"destinationPortRangeStart": 80,
"notes": "This is a test",
"orderValue": 1,
"protocol": "tcp",
"sourceIpAddress": "0.0.0.0",
"sourceIpCidr": 0,
"version": 4
},
{
"action": "permit",
"destinationIpAddress": "50.97.51.242",
"destinationIpCidr": 32,
"destinationPortRangeEnd": 80,
"destinationPortRangeStart": 80,
"notes": "This is an API test 2",
"orderValue": 2,
"protocol": "tcp",
"sourceIpAddress": "0.0.0.0",
"sourceIpCidr": 0,
"version": 4
},
{
"action": "permit",
"destinationIpAddress": "50.97.51.240",
"destinationIpCidr": 32,
"destinationPortRangeEnd": 80,
"destinationPortRangeStart": 80,
"notes": "This is an API test 3",
"orderValue": 3,
"protocol": "tcp",
"sourceIpAddress": "0.0.0.0",
"sourceIpCidr": 0,
"version": 4
},
{
"action": "permit",
"destinationIpAddress": "any",
"destinationIpCidr": 0,
"destinationPortRangeEnd": 8080,
"destinationPortRangeStart": 8080,
"notes": "This is an API test 4",
"orderValue": 4,
"protocol": "tcp",
"sourceIpAddress": "2001:db8:85a3:8d3:1319:8a2e:370:7339",
"sourceIpCidr": 128,
"version": 6
}
]
}
]
}
Where: The old rules have to configured in the above body request and add the new rule. In my case, I ‘m adding this new rule:
{
"action": "permit",
"destinationIpAddress": "50.97.51.240",
"destinationIpCidr": 32,
"destinationPortRangeEnd": 80,
"destinationPortRangeStart": 80,
"notes": "This is an API test 3",
"orderValue": 3,
"protocol": "tcp",
"sourceIpAddress": "0.0.0.0",
"sourceIpCidr": 0,
"version": 4
}
To know the meaning of properties in rules section, please see: SoftLayer_Network_Firewall_Update_Request_Rule
Update 1:
Also, to get firewallContextAccessControlListId, please see:
If you know the firewall_id, please execute:
https://[username]:[apikey]@api.softlayer.com/rest/v3/SoftLayer_Network_Vlan_Firewall/[firewall_id]/getNetworkVlans?objectMask=mask[id,firewallRules,firewallInterfaces[id,firewallContextAccessControlLists]]
Method: GET
The response in my case is:
{
"id": 204016
"firewallInterfaces": [2]
0: {
"id": 5678
"firewallContextAccessControlLists": [0]
}-
1: {
"id": 5679
"firewallContextAccessControlLists": [1]
0: {
"direction": "in"
"firewallContextInterfaceId": 5679
"id": 2854
}
}
…
Reference: SoftLayer_Network_Vlan_Firewall::getNetworkVlans
Otherwise, if you don't know the firewall_id, you can list all Network_Vlan_Firewall adding some masks:
https://[username]:[apikey]@api.softlayer.com/rest/v3.1/SoftLayer_Search/advancedSearch?objectMask=mask[resource(SoftLayer_Network_Vlan_Firewall)[id,primaryIpAddress,networkVlans[id,firewallInterfaces[firewallContextAccessControlLists]]]]
Method: POST
Json Payload:
{
"parameters": [
"_objectType:SoftLayer_Network_Vlan_Firewall"
]
}
The response should be similar to the last request, but for all items.
Note: In this case we are using v3.1 instead of v3 in the request because advancedSearch service works only for v3.1.
回答2:
take a look this codes let me know if you need more information
# Edit Vlan firewall rule.
#
# A firewall's ruleset is modified by passing a SoftLayer_Network_Firewall_Update_Request template
# object to SoftLayer_Network_Firewall_Update_Request::createObject. The entire ruleset is rewritten
# with each update request. This means it is necessary to include all past unchanged rules along with any
# modifications or additions. This is easily accomplished by pulling in the existing rules as described above
# then modifying the gathered array.
# Each SoftLayer_Network_Component_Firewall_Update_Request_Rule object requires:
#
# action - permit or deny
# destinationIpAddress - destination address
# destinationIpSubnetMask - subnet mask for destination
# sourceIpAddress - originating address
# sourceIpSubnetMask - subnet mask for origin address
# protocol - tcp/udp
# destinationPortRangeStart - first port the rule will effect
# destinationPortRangeEnd - last port the rule will effect
# orderValue - order in which rules are applied (lower is sooner)
#
# Important manual pages:
# http://sldn.softlayer.com/reference/services/SoftLayer_Network_Firewall_Update_Request
# http://sldn.softlayer.com/reference/services/SoftLayer_Network_Firewall_Update_Request/createObject
# @License: http://sldn.softlayer.com/article/License
# @Author: SoftLayer Technologies, Inc. <sldn@softlayer.com>
# So we can talk to the SoftLayer API:
import SoftLayer.API
# For nice debug output:
import pprint
# Your SoftLayer API username and key.
#
# Generate an API key at the SoftLayer Customer Portal
API_USERNAME = 'set me'
API_KEY = 'set me'
vlanId = 211163
# Create the client object
client = SoftLayer.Client(username=API_USERNAME, api_key=API_KEY)
objectMask = 'mask[firewallRules,firewallInterfaces[firewallContextAccessControlLists]]'
vlan = client['SoftLayer_Network_Vlan'].getObject(mask=objectMask, id=vlanId)
rules = vlan['firewallRules']
firewallContextAccessControlListId = ''
# Getting the ID of Access Control List.
# Each VLAN will have two types of firewallInterface: 'inside' and 'outside'.
# firewallContextAccessControlLists are organized by a direction of 'in' or 'out'.
# Currently the SoftLayer Platform supports the 'outside' firewallInterfaces
for firewall in vlan['firewallInterfaces']:
if firewall['name'] == 'inside':
continue
for controlList in firewall['firewallContextAccessControlLists']:
if controlList['direction'] == 'out':
continue
firewallContextAccessControlListId = controlList['id']
try:
# Modifying a rule
ipToAllow = '119.81.91.198 '
index = 0
for rule in rules:
if rule['sourceIpAddress'] == ipToAllow:
rule['action'] = 'permit'
rules[index] = rule
index += 1
updateRequestTemplate = {
'firewallContextAccessControlListId': firewallContextAccessControlListId,
'rules': rules
}
updateRequestClient = client['SoftLayer_Network_Firewall_Update_Request'].createObject(updateRequestTemplate)
pprint.pprint('Rule updated!')
except SoftLayer.SoftLayerAPIError as e:
print("Error updating the rule faultCode=%s, faultString=%s"
% (e.faultCode, e.faultString))
exit(1)
..
# Edit Standard Rule
# A rule set of a firewall is modified by passing a SoftLayer_Network_Firewall_Update_Request template object
# to SoftLayer_Network_Firewall_Update_Request::createObject. The entire rule set is rewritten with each
# update request. This means it is necessary to include all past unchanged rules along with any modifications
# or additions. This is easily accomplished by pulling in the existing rules as described above then modifying
# the gathered array.
# Each SoftLayer_Network_Component_Firewall_Update_Request_Rule object requires:
#
# action - permit or deny
# destinationIpAddress - destination address
# destinationIpSubnetMask - subnet mask for destination
# sourceIpAddress - originating address
# sourceIpSubnetMask - subnet mask for origin address
# protocol - tcp/udp
# destinationPortRangeStart - first port the rule will effect
# destinationPortRangeEnd - last port the rule will effect
# orderValue - order in which rules are applied (lower is sooner)
#
# Important manual pages:
# http://sldn.softlayer.com/reference/services/SoftLayer_Network_Firewall_Update_Request
# http://sldn.softlayer.com/reference/services/SoftLayer_Network_Firewall_Update_Request/createObject
# @License: http://sldn.softlayer.com/article/License
# @Author: SoftLayer Technologies, Inc. <sldn@softlayer.com>
# So we can talk to the SoftLayer API:
import SoftLayer
# Your SoftLayer API username and key.
#
# Generate an API key at the SoftLayer Customer Portal
API_USERNAME = 'set me'
API_KEY = 'set me'
# Create the client object
client = SoftLayer.Client(username=API_USERNAME, api_key=API_KEY)
serverId = 5439388
objectMask = "mask[firewallServiceComponent[rules]]"
server = client['Virtual_Guest'].getObject(mask=objectMask, id=serverId)
try:
# Modifying a rule
if 'firewallServiceComponent' in server:
ipToAllow = '192.168.1.1'
index = 0
if 'rules' in server['firewallServiceComponent']:
rules = server['firewallServiceComponent']['rules']
for rule in rules:
if rule['sourceIpAddress'] == ipToAllow:
rule['action'] = 'deny'
rules[index] = rule
index += 1
updateRequestTemplate = {
'networkComponentFirewallId': server['firewallServiceComponent']['id'],
'rules': rules
}
updateRequestClient = client['SoftLayer_Network_Firewall_Update_Request'].createObject(
updateRequestTemplate)
print("Rule updated!")
else:
print("The server does not have firewall component")
except SoftLayer.SoftLayerAPIError as e:
print("Error updating the rule faultCode=%s, faultString=%s"
% (e.faultCode, e.faultString))
exit(1)
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《I need to create a softlayer network firewall rule》','https://www.manongdao.com/article-278149.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}