OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: JeGr on November 07, 2017, 03:03:35 pm

Title: Any possibilities on CLI/API?
Post by: JeGr on November 07, 2017, 03:03:35 pm
Hi there,

as a new devel series is starting I just wanted to ask about ways to make OPNsense less dependent on the UI part. Don't take me wrong, I like the *senses for their UI, but for doing tasks over and over again multiple time, clicking simply sucks ;)
A CLI part would make the whole thing less UI dependent for quick things like adding a route, adding a VIP/IP or VLAN in a way that is saved in the configuration (and visible in the audit log). An API would mean less implementation overhead for either GUI or CLI (or even remote controls, deployment systems etc.) to reimplement and perhaps to loose the heavy-UI part completely (PHP and you custom scripts! I'm pointing at you! ;))

So I thought I'd throw it in here to ask if there's something on the horizon or planned or even thought about as that is one feature I usually get asked quite often when it comes to *sense support/tech and as we manage quite a bigger installation ourselves, it would mean big improvements in workflow :)

Greets
Title: Re: Any possibilities on CLI/API?
Post by: mimugmail on November 07, 2017, 03:22:49 pm
It's on the horizon and whishlist. For routing Fabian has already a merged PR which needs more intensive testing.
API for Interfaces, Firewallrules and NAT is still missing.

Title: Re: Any possibilities on CLI/API?
Post by: franco on November 08, 2017, 06:15:42 pm
Firmware, web proxy, ids, shaper, reporting, diagnostics and most plugins already do API.

Logging and firewall are next. Firewall is a lot of work though. We have begun to make pluggable rules via plugin, currently missing for NAT. Alias updates may be possible for 18.1 via API.

All else is subject to available team time and community help on top of that.


Cheers,
Franco
Title: Re: Any possibilities on CLI/API?
Post by: JeGr on November 09, 2017, 11:34:33 am
> Firewall is a lot of work though

Oh I hear you ;)
As we are using bigger systems in a hosting environment, creating VLANs + associated rules + rules for the customers incoming traffic on WAN + NATtings + CARP VIPs for the VLAN etc. etc. stacks up to lots of fun ;)

Being able to do a few (or any) of that via API would indeed decrease workload (and by automating it make it less error-prone for manual mistakes).

If I/we can be of any help testing-wise, give me a shout :)

Greets
Title: Re: Any possibilities on CLI/API?
Post by: franco on December 13, 2017, 09:13:50 pm
Hi Jens,

We've done a bit of accounting for the changes that are now staged for 18.1 and I found these to be more or less relevant to your interest:

o Migration of system routes UI and backend to MVC (also available as API)
o Reverse DNS support for insight reporting (also available as API)
o Written from scratch firewall live log in MVC (also available as API)

You can preview / test all of these on opnsense-devel. It's just a start, but things are moving more and more into the firewall core territory...

If you have any questions let me know.


Cheers,
Franco