API Firewall Rule management

Started by ansibleguy, August 28, 2022, 02:18:30 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
September 06, 2022, 09:05:55 PM #15
Hi
hm. its phalcon getHTTPReferer() function. need some time to check how it works with api calls )
anyway i agree its worth opening a github ticket
September 06, 2022, 09:09:30 PM #16
Hi.

We solved it somehow.

It seems if you target the deprecated 'addDot' API endpoints - it works.
Code Select

REQUEST: POST | HEADERS: '{'Referer': 'https://FW/ui/unbound/forward', 'Content-Type': 'application/json'}' | URL: https://FW/api/unbound/settings/addDot | DATA: {'dot': {'type': 'forward', 'enabled': 1, 'domain': 'tmp.at', 'server': '1.1.1.1', 'port': 53}}


The type seems to only be set to the 'Referer' value if the target method does not exist.. (?)  :-\

- AnsibleGuy
September 06, 2022, 09:22:07 PM #17
QuoteWe solved it somehow.
looks like i need to sleep .. did not notice endpoint on previous post.
addDot not deprecated. this is correct endpoint imho. then the call is intercepted and forwarded to ***ForwardAction (not "***forwardAction") functions, considering Referer header value.
September 06, 2022, 09:41:55 PM #18 Last Edit: September 14, 2022, 09:05:14 PM by ansibleguy
Hi.

If 'dot*' are non-deprecated methods/endpoints we should add it to the docs: https://docs.opnsense.org/development/api/core/unbound.html

I'm satisfied - it works ;D

- AnsibleGuy
September 14, 2022, 09:03:57 PM #19
Hi.

I'm back again ;D

Today I have a question regarding the automation/api-managed rules.

API reference: https://docs.opnsense.org/development/api/plugins/firewall.html


Someone reported to me that in those rules one cannot choose a gateway group as target-gateway.

Per example:
1. Using the automation rules:


2. Using the default web-ui rules:


Can someone tell me whether this is intentional or that's a bug/missing functionality?  ???

Anyway - this is a very commonly used functionality and therefore would be nice to be available using the API.

- AnsibleGuy
September 20, 2022, 09:07:55 PM #20
Hi.

The missing GW-Groups make the API 'unusable' for many practical use-cases.  :'(

@Fright would you know something about that functionality?

As I have not got much experience developing PHP I'm not really able to read into the OPNSense code  :-\

- AnsibleGuy
September 22, 2022, 08:45:33 PM #21
Hi!
No, as far as I understand the model, now the use of groups is not possible: the field is validated based on the /scripts/routes/gateways.php return and it does not return groups.

If you'll excuse me, I think you're doing a great job.
I just think it might be more efficient to open a github ticket with all the accumulated questions?
There we could listen to the opinion of the developers about the API development direction and possibly (personally, I would be happy to, if circumstances permit) to participate.
This IMHO definitely contributed to the improvement of the product and, who knows, in the future it would allow migrating the firewall to the MVC )
September 24, 2022, 09:26:34 PM #22 Last Edit: September 24, 2022, 11:02:00 PM by ansibleguy
Hi.

Thank you for your response.  :)

You are right - I'll open tickets regarding my findings. Makes sense.

I just wanted to ask beforehand as I could've overlooked something.

- AnsibleGuy
September 24, 2022, 11:04:21 PM #23
Hi.

FYI:

- AnsibleGuy
Print
Go Up Pages 1 2
User actions