Text only | Text with Images

OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: ble on April 27, 2023, 09:33:54 AM

Title: api/firewall/filter/addRule add filter rules by API [Solved]
Post by: ble on April 27, 2023, 09:33:54 AM
Hello everybody,
I work with opnsense 23.1.6 the plugin os-firewall is installed.
I work with api since severals Days. But i can't create a new filter rule!!

I read the faq and i search in forum.

Code Select
curl -m 5 -k -u "$key":"$secret" https://$urlOpn/api/core/firmware/status        work fine


Code Select
curl -m5 -k -u "$key":"$secret" https://"$urlOpn"/api/firewall/filter/searchRule?searchPhrase=$Filtre     

              work fine, if i have manual created a rules in Firewall-->Rules-->automation-->filter

but the script bash above  return {"result" :"failed"}

Code Select
#!/bin/bash
# Configuration de l'API OPNsense
OPNSENSE_API_KEY=$key
OPNSENSE_API_SECRET=$secret
OPNSENSE_API_URL="https://$urlOpn/api"

# Configuration de la règle de filtrage
RULE_NAME="block 192.168.20.50"
RULE_ACTION="reject"
RULE_INTERFACE="LanWifiTV"
RULE_PROTOCOL="tcp"
RULE_SOURCE="192.168.20.45"
RULE_SOURCE_PORT="*"
RULE_DESTINATION="any"
RULE_DESTINATION_PORT="any"

# Création de la règle de filtrage via l'API OPNsense
response=$(curl -k -u "$key":"$secret" -X POST \
-H "Content-Type: application/json" \
-d '{
    "action": "$RULE_ACTION",
    "interface": "$RULE_INTERFACE",
    "protocol": "$RULE_PROTOCOL",
    "source": "$RULE_SOURCE",
    "sourceport": "$RULE_SOURCE_PORT",
    "destination": "$RULE_DESTINATION",
    "dstport": "$RULE_DESTINATION_PORT",
    "descr": "$RULE_NAME"
  }' \
"$OPNSENSE_API_URL/firewall/filter/addRule")
#*********************
# Vérification de la réponse de l'API
echo $response | grep failed
if [ $? -eq 0 ]; then
  echo "Une erreur s'est produite lors de l'ajout de la règle de filtrage."
else
  echo "La règle de filtrage a été ajoutée avec succès."
fi

some kind soul would be kind enough to guide me to the right solution?

best regards













Title: Re: api/firewall/filter/addRule add filter rules by API [SOLVED]
Post by: ble on April 27, 2023, 04:13:30 PM
 je me repond à moi même

Il faut en plus  ajouter  les droits :
    dans System-->Access-->Users--> [user qui a la key] --> effective Privilèges GUI Firewall: Rules:API

Code Select
ip='192.168.20.50'

# Configuration de l'API OPNsense
OPNSENSE_API_KEY=$key
OPNSENSE_API_SECRET=$secret
OPNSENSE_API_URL="https://$urlOpn/api"

# Configuration de la règle de filtrage

RULE_NAME="block $ip"
RULE_ACTION="reject"
RULE_INTERFACE="opt3"
RULE_PROTOCOL="TCP"
RULE_SOURCE="$ip"

# Création de la règle de filtrage via l'API OPNsense
response=$(curl -k -u "$key":"$secret" -X POST $OPNSENSE_API_URL/firewall/filter/addRule -H "Content-Type: application/json" -d '{
"rule" : {"action": "'"$RULE_ACTION"'", "interface": "'"$RULE_INTERFACE"'", "description": "'"$RULE_NAME"'", "source_net": "'"$RULE_SOURCE"'", "protocol": "'"$RULE_PROTOCOL"'"}}')
#*********************
# Vérification de la réponse de l'API
echo $response > retaddrule.json
cat retaddrule.json | jq

cat retaddrule.json | grep failed
if [ $? -eq 0 ]; then
  echo "Une erreur s'est produite lors de l'ajout de la règle de filtrage."
else
  echo "La règle de filtrage a été ajoutée avec succès."
fi

merci pour tout
Text only | Text with Images