OPNsense Forum
Archive => 20.1 Legacy Series => Topic started by: DevanNull on April 25, 2020, 02:20:54 am
-
Now, I will definitely be the first to admit I'm NOT A PROGRAMMER! ;D Usually, if I need to do something with an API, I can eventually figure it out, but not this time (I've spent the majority of the day and have not got very far).
Now, what I need to do is be able to query a firewall rule to see if it's enabled or not and I also need to be able to enable/disable that rule. I have found the the correct endpoint for getting the rule, but I do not know how to choose the correct rule. When I use "/api/firewall/filter/getRule", it indeed returns a rule, but I do not know how to specify the rule I'm interested in (I'm assuming there's a parameter I'm missing) I've even tried "/api/firewall/filter/getRule/(insert the UUID of the rule in question here)" and various other parameters (I'm kind of stumbling around in the dark here).
So, once I check to see if the rule is enabled/disabled, I will need to toggle it, which is a POST command using "/api/firewall/filter/toggleRule" (or so I'm assuming this will enable/disable it). I didn't even get around to testing this because I can't figure out how to use the "getRule" command.
I'm also assuming I will need to use the "/api/firewall/filter_base/apply" after enabling/disabling the rule.
I will be using curl in a bash script to get/set these options.
This is the documentation I've been trying to use https://docs.opnsense.org/development/api/plugins/firewall.html (https://docs.opnsense.org/development/api/plugins/firewall.html)
I'm using version 20.1.5
Thank you!
******** SOLVED *********
Alright, my OCD would not let me give up on this and after figuring a few stupid mistakes on my end, I thought I would share what I learned.
With the new plugin on version 20.1.5 for the firewall API, it adds a new menu item under the "Firewall" section called "Automation" under that is the "Filter" and "Source NAT" menu items. You create your firewall rule under "Filter", then you need to get the UUID of this rule (I just looked at the config.xml Although there is a search parameter you can use with the API). Now, these firewall rules are above all other rules, even floating. (so the order of execution for the firewall rules goes: Automation->Floating->Interface)
I am using curl, so I will list my examples using that.
To see if one of the automation rules are enabled/disabled, or any other information you use:
curl -k -u "$KEY":"$SECRET" https://opnsenseIP/api/firewall/filter/getRule/$UUID
I'm using a bash script here, so $KEY is a variable for your, well, key and $SECRET is of course the secret that goes with the key. $UUID is the uuid of the automation rule.
To enable/disable the rule (it's a toggle switch):
curl -k -u "$KEY":"$SECRET" -X POST "https://opnsenseIP/api/firewall/filter/toggleRule//$UUID" -d ""
Then, to apply it, you will use this command:
curl -k -u "$KEY":"$SECRET" -X POST "https://opnsenseIP/api/firewall/filter/apply" -d ""
This last command confused me, since in the documentation it says the "apply" uses the "filter_base" controller. Anytime I would try usinging "filter_base", I would get an exception error Although, since I really don't understand much about APIs or programming, I might have just misunderstood it.
I hope this helps someone!
-
oops, I had multiple tabs open and posted my reply in the wrong thread..
I wanted to post in https://forum.opnsense.org/index.php?topic=6415.0 to link to this thread.
Thanks for these instructions :-)
-
Thanks for the help.
The documentation on the topic is a bit cryptic (at least for me)!