Firewall Rule API Issues in OPNsense 25.4.3 Business

Started by derhelge, September 23, 2025, 03:19:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 23, 2025, 03:19:22 PM
Environment:
- OPNsense Version: 25.4.3 Business
- API Documentation: https://docs.opnsense.org/development/api.html
- Python requests library with proper authentication

The firewall rule API endpoints exhibit two critical issues that prevent proper automation of firewall rule management.

Problem 1: searchrule API only returns enabled rules
Only enabled rules are returned. Disabled rules are completely omitted from the search results, even when using `"show_all": True` parameter.

Code Select
search_data = {
    "current": 0,
    "rowCount": 1000,
    "sort": {},
    "interface": "lan",
    "show_all": True,
}

r = requests.post(
    f"{remote_uri}/api/firewall/filter/searchrule",
    auth=(api_key, api_secret),
    json=search_data,
    verify=certifi.where()
)

Problem 2: toggle_rule API fails with "result": "failed"
The endpoint consistently returns {"result": "failed"} regardless of valid UUID and state parameters.


Code Select
r = requests.post(
    f"{remote_uri}/api/firewall/filter/toggle_rule/{valid_uuid}/0",
    auth=(api_key, api_secret),
    verify=certifi.where()
)
# Always returns: {"result": "failed"}

Additional Context:
- API key authentication works correctly for other endpoints
- UUIDs are valid and obtained from successful searchrule calls
- Similar issues reported in community forums without resolution
- Documentation examples do not work as described


Your help is appreciated :-)
September 23, 2025, 05:09:57 PM #1
Can you compare your expectations to the API with what the browser development console in the network tab does when you toggle rules or search rules?

The GUI (Firewall - Automation - Filter) uses the same API.

https://docs.opnsense.org/development/how-tos/api.html#using-browser-console-to-inspect-api
Hardware:
DEC740
September 24, 2025, 09:02:15 AM #2
Quote from: Monviech (Cedrik) on September 23, 2025, 05:09:57 PMThe GUI (Firewall - Automation - Filter) uses the same API.
Hi Cedrik,

Thanks for the response. The suggested approach doesn't quite work:

* Web-UI uses POST /firewall_rules.php with act=toggle&id=x (id not uuid)
* /firewall_rules.php not accessible via API authentication

Code Select
data = {
    "act": "toggle",
    "id": "238",
}
r = requests.get(
    f"{remote_uri}/firewall_rules.php",
    auth=(api_key, api_secret),
    json=data,
    verify=certifi.where()
)

gives a bad request.
September 24, 2025, 09:06:54 AM #3
I see where the issue stems from, read the documentation here please:

https://docs.opnsense.org/manual/firewall_automation.html

firewall_rules.php cannot be influenced by any API calls, only rules in "Firewall - Automation - Filter" can.
Hardware:
DEC740
September 24, 2025, 10:09:10 AM #4
Quote from: Monviech (Cedrik) on September 24, 2025, 09:06:54 AMfirewall_rules.php cannot be influenced by any API calls, only rules in "Firewall - Automation - Filter" can.

Oh. Thanks for the correct hint. Rules in automation can be processed as described in the documentation.
Print
Go Up Pages1
User actions