Alias via API: type address geht -> type host nicht

[c-mu]

Hallo,
ich versuche die Aliases per API zu füttern und nehme dazu diesen Befehl:

Code: [Select]

curl \
--header "Content-Type: application/json" \
--basic \
--user "xxxxxyxyxxyxyxyxyxyxMDlLHy9IEsZwQNCjm/A2GIL8iYHmAS108cpt:VtObjrajnR7TfRutrImPgeVfcDD37GMrJZM13YKEx3qAwQ4hzKyxyxyx+2FNEmzX5F1BWkv" \
--request POST \
--insecure \
--verbose \
--data  '{"host":"gitlab-ci-21.domain.de"}' \
https://gw01.domain.de/api/firewall/alias_util/add/SRV_gitlab_CI_QS_Hosts
Das schlägt fehl mit:

Code: [Select]

Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 172.x.x.x...
* TCP_NODELAY set
* Connected to gw01.domain.de (172.x.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=DE; ST=Bremen; L=Bremen; O=domain; OU=IT; CN=*.domain.de
*  start date: Apr 25 00:00:00 2020 GMT
*  expire date: Apr 25 12:00:00 2022 GMT
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018
*  SSL certificate verify ok.
* Server auth using Basic with user 'WSq6eT64dkHv6o496O5XKxDP0rjEVcvfOAZXvxzW6ChXMDlLHy9IEsZwQNCjm/A2GIL8iYHmAS108cpt'
> POST /api/firewall/alias_util/add/test HTTP/1.1
> Host: gw01.domain.de
> Authorization: Basic VxxxxxxxxxxxxxxxxUhtQVMxMDhjcHQ6VnRPYmpyYWpuUjdUZlJ1dHJJbVBnZVZmY0REMzdHTXJKWk0xM1lLRXgzcUF3UTRoektZNzF6ekJ4dFNJVGJIMVorMkZORW16WDVGMUJXa3Y=
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 35
>
* upload completely sent off: 35 out of 35 bytes
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Content-Length: 19
< Date: Tue, 20 Oct 2020 10:30:35 GMT
< Server: OPNsense
<
* Connection #0 to host gw01.domain.de left intact
{"status":"failed"}* Closing connection 0

nutze ich anstatt "host" den type "address" klappt es und wird mit

Code: [Select]

{"status":"done"}* Closing connection 0 quittiert.

Nutze ich den CURL Befehl falsch?

[supern00b]

Du brauchst mindestens name und content.
Ich hab das alles in einer csv datei drin, bei mir sieht das ganze so aus:

Code: [Select]

while IFS=',' read name IPv4 description;  do  curl --header "Content-Type: application/json" --basic --user "<API-User-Key>:<API-User-secret>" --request POST --insecure  --data '{"alias":  { "name": "'"${name}"'", "content": "'"${IPv4}"'", "description": "'"${description}"'", "enabled" : "1", "type" : "host"}}' https://<IP-von-FW>/api/firewall/alias/additem/; done < fw_hosts.csv
relevant dürfte für dich dann folgendes sein:

Code: [Select]

curl --header "Content-Type: application/json" --basic --user "<API-User-Key>:<API-User-secret>" --request POST --insecure  --data '{"alias":  { "name": "'"${name}"'", "content": "'"${IPv4}"'", "description": "'"${description}"'", "enabled" : "1", "type" : "host"}}' https://<IP-von-FW>/api/firewall/alias/additem/