API /api/firewall/filter/delRule always gives "Endpoint not found"

[ehe]

Hi,

I wanted to remove an Filter Rule i created via the API, however this fails. The documentation shows:
API Firewall

But when i do:

Code Select Expand

curl -u "thekey:thesecret" -X POST "https://192.168.x.x/api/firewall/filter/delRule?uuid=92e3870d-f888-44ed-97c8-943a0d90029a" -d ""
I get

Code Select Expand

{"errorMessage":"Endpoint not found"}
Even when i remove the uuid parameter

The documentation is also not clear if i should use "uuid=" before the uuid, but with or without doesn't make a difference.

Regards

[Monviech (Cedrik)]

Can you try this?

/api/firewall/filter/getRule/92e3870d-f888-44ed-97c8-943a0d90029a

Can also try that directly from your browser when logged in, e.g.:

https://172.16.1.110:4444/api/firewall/filter/getRule/92e3870d-f888-44ed-97c8-943a0d90029a

If you can get the rule you should be able to delete it the same way I think?

[ehe]

Hi Cedrik,

The /api/firewall/filter/getRule/92e3870d-f888-44ed-97c8-943a0d90029a worked using curl and in the browser (logged in as admin).

Doing the same syntax with delRule gave the "Endpoint not found" using curl and in the browser (logged in as admin).

The problem is that i can't delete this Rule from the GUI, because it is created by an automation.

Regards

[ehe]

I'm using OPNsense 24.7.12

[Monviech (Cedrik)]

When checking with the Network Development Browser tools and deleting something in the GUI, this seems to be the endpoint:

Request URL: https://172.16.1.110:4444/api/firewall/filter/del_rule/d638cfb0-d681-49f1-99d0-7c73dec6fe63
Request Method: POST
Status Code: 200 OK

[ehe]

Hi Cedrik,

Thanks. Indeed using api/firewall/filter/del_rule/92e3870d-f888-44ed-97c8-943a0d90029a worked

Also toggleRule?92e3870d-f888-44ed-97c8-943a0d90029a failed, but changing this to toggle_rule/92e3870d-f888-44ed-97c8-943a0d90029a worked

One other question.
An GET api/firewall/alias/searchItem?current=1&rowCount=10&searchPhrase=sometext works, but when i want to do the same as described in the documentation on Filter Rules by doing: /api/firewall/filter/searchRule?current=1&rowCount=10&searchPhrase=sometext it doesn't give back any rows, although i have a rule with "sometext" in the description.
Is my syntax incorrect or do i need to search also on the interface, and how do i specify this?

And a final question. Is there an API to create a NAT Port-Forward?

Regards

[Monviech (Cedrik)]

1. I cannot answer that question directly.

Best thing to investigate the API is using a browser like Chrome, opening the "Development Tools" and going to the "Network" tab. Then click or execute the things you want in the GUI, and see which kind of Endpoints are called with what kind of payloads.

2. There is no API for Destination NAT yet, only Source NAT is available in Automation right now.

[ehe]

Hi Cedrik,

I already figured it out. /api/firewall/filter/searchRule?current=1&rowCount=10&searchPhrase=sometext only works on rules created by the addItem API call. It will not return any rules created manually in the GUI. Is this by design?

Not able to automate port-forwarding is an issue for me. Is it on the roadmap?

Regards

[Monviech (Cedrik)]

Good job figuring it out.

Sorry I don't know yet. The current roadmap is always visible here:

https://opnsense.org/about/road-map/

[franco]

"addRule" and friends are the deprecated way of calling the endpoints. The MVC framework will expect "add_rule" et al which is also what the volt template uses and wants to enforce it under certain circumstances even. The traffic shaper volt file doesn't agree yet but that can be fixed (just a side note).


Cheers,
Franco