CreateFirewallRuleFromConfigFile
API Request
URLs
POST zstack/v1/vpcfirewalls/rules/from-fileHeaders
Authorization: OAuth the-session-uuidBody
Note: In
the preceding sample, both systemTags and userTags are optional.
These two fields can be included in the body structure.
{
"params": {
"ruleInfo": "[{\"ruleNumber\":1004,\"action\":\"accept\",\"allowStates\":\"new,established,invalid,related\",\"protocol\":\"ICMP\",\"tcpFlag\":null,\"icmpTypeName\":\"echo-reply\",\"sourcePort\":null,\"destPort\":null,\"sourceIp\":\"192.168.0.41\",\"destIp\":\"192.168.0.50\",\"description\":null,\"state\":\"disable\", \"ruleSetUuid\": \"${defaultRuleSet.uuid}\"},{\"ruleNumber\":1003,\"action\":\"reject\",\"allowStates\":\"new,established,invalid,related\",\"protocol\":\"UDP\",\"tcpFlag\":null,\"icmpTypeName\":null,\"sourcePort\":\"77\",\"destPort\":\"88\",\"sourceIp\":\"192.168.0.31\",\"destIp\":\"192.168.0.40\",\"description\":null,\"state\":\"disable\", \"ruleSetUuid\": \"${defaultRuleSet.uuid}\"},{\"ruleNumber\":1002,\"action\":\"drop\",\"allowStates\":\"new,invalid,related\",\"protocol\":\"TCP\",\"tcpFlag\":\"SYN,ACK\",\"icmpTypeName\":null,\"sourcePort\":\"55\",\"destPort\":\"66\",\"sourceIp\":\"192.168.0.21\",\"destIp\":\"192.168.0.30\",\"description\":null,\"state\":\"disable\", \"ruleSetUuid\": \"${defaultRuleSet.uuid}\"},{\"ruleNumber\":1001,\"action\":\"accept\",\"allowStates\":\"new,established,invalid,related\",\"protocol\":\"ALL\",\"tcpFlag\":null,\"icmpTypeName\":null,\"sourcePort\":null,\"destPort\":null,\"sourceIp\":\"192.168.0.10\",\"destIp\":\"192.168.0.20\",\"description\":null,\"state\":\"enable\", \"ruleSetUuid\": \"${defaultRuleSet.uuid}\"}]"
},
"systemTags": [],
"userTags": []
}Curl
Sample
curl -H "Content-Type: application/json;charset=UTF-8" \
-H "Authorization: OAuth b86c9016b4f24953a9edefb53ca0678c" \
-X PUT -d '{"params":{"ruleInfo":"[{\"ruleNumber\":1004,\"action\":\"accept\",\"allowStates\":\"new,established,invalid,related\",\"protocol\":\"ICMP\",\"tcpFlag\":null,\"icmpTypeName\":\"echo-reply\",\"sourcePort\":null,\"destPort\":null,\"sourceIp\":\"192.168.0.41\",\"destIp\":\"192.168.0.50\",\"description\":null,\"state\":\"disable\", \"ruleSetUuid\": \"${defaultRuleSet.uuid}\"},{\"ruleNumber\":1003,\"action\":\"reject\",\"allowStates\":\"new,established,invalid,related\",\"protocol\":\"UDP\",\"tcpFlag\":null,\"icmpTypeName\":null,\"sourcePort\":\"77\",\"destPort\":\"88\",\"sourceIp\":\"192.168.0.31\",\"destIp\":\"192.168.0.40\",\"description\":null,\"state\":\"disable\", \"ruleSetUuid\": \"${defaultRuleSet.uuid}\"},{\"ruleNumber\":1002,\"action\":\"drop\",\"allowStates\":\"new,invalid,related\",\"protocol\":\"TCP\",\"tcpFlag\":\"SYN,ACK\",\"icmpTypeName\":null,\"sourcePort\":\"55\",\"destPort\":\"66\",\"sourceIp\":\"192.168.0.21\",\"destIp\":\"192.168.0.30\",\"description\":null,\"state\":\"disable\", \"ruleSetUuid\": \"${defaultRuleSet.uuid}\"},{\"ruleNumber\":1001,\"action\":\"accept\",\"allowStates\":\"new,established,invalid,related\",\"protocol\":\"ALL\",\"tcpFlag\":null,\"icmpTypeName\":null,\"sourcePort\":null,\"destPort\":null,\"sourceIp\":\"192.168.0.10\",\"destIp\":\"192.168.0.20\",\"description\":null,\"state\":\"enable\", \"ruleSetUuid\": \"${defaultRuleSet.uuid}\"}]"}}' http://localhost:8080/zstack/v1/vpcfirewalls/rules/from-fileRequest Parameters
| Name | Type | Location | Description | Optional Value | Starting Version |
|---|---|---|---|---|---|
| ruleInfo | String | body (contained in the params structure) | The firewall rule information. | 4.4.0 | |
| resourceUuid | String | body (contained in the params structure) | Optional. The resource UUID. | 4.4.0 | |
| tagUuids | List | body (contained in the params structure) | Optional. The tag UUID. | 4.4.0 | |
| systemTags | List | body | Optional. The system tags. | 4.4.0 | |
| userTags | List | body | Optional. The user tags. | 4.4.0 |
API Response
Sample
Response
{
"inventory": [
{
"name": "name",
"actionType": "drop",
"description": "example-des",
"enableDefaultLog": false,
"isDefault": false,
"isApplied": true
}
]
}| Name | Type | Description | Starting Version |
|---|---|---|---|
| success | boolean | 4.4.0 | |
| error | ErrorCode | The error code. If not null, the operation fails, or vice versa. For more information, see error. | 4.4.0 |
| inventory | VpcFirewallRuleSetInventory | See inventory. | 4.4.0 |
#error
| Name | Type | Description | Starting Version |
|---|---|---|---|
| code | String | The error code, which is a numbered or alphanumeric code that specifies an error. For example, SYS.1000, HOST.1001. | 4.4.0 |
| description | String | The brief description of the error. | 4.4.0 |
| details | String | The details about the error. | 4.4.0 |
| elaboration | String | The reserved field. Default value: null. | 4.4.0 |
| opaque | LinkedHashMap | The reserved field. Default value: null. | 4.4.0 |
| cause | ErrorCode | The root error, which is the associated root cause of the current error. If no root error exists, this parameter is null. | 4.4.0 |
#inventory
| Name | Type | Description | Starting Version |
|---|---|---|---|
| uuid | String | The resource UUID. | 4.4.0 |
| name | String | The resource name. | 4.4.0 |
| description | String | The detailed description of the resource. | 4.4.0 |
| isDefault | boolean | 4.4.0 | |
| isApplied | boolean | 4.4.0 | |
| createDate | Timestamp | The creation time. | 4.4.0 |
| lastOpDate | Timestamp | The last operation time. | 4.4.0 |
| actionType | ActionType | See actionType. | 4.4.0 |
#actionType
| Name | Type | Description | Starting Version |
|---|---|---|---|
| drop | ActionType | 4.4.0 | |
| reject | ActionType | 4.4.0 | |
| accept | ActionType | 4.4.0 |
SDK Sample
Java
SDK
CreateFirewallRuleFromConfigFileAction action = new CreateFirewallRuleFromConfigFileAction();
action.ruleInfo = "[{"ruleNumber":1004,"action":"accept","allowStates":"new,established,invalid,related","protocol":"ICMP","tcpFlag":null,"icmpTypeName":"echo-reply","sourcePort":null,"destPort":null,"sourceIp":"192.168.0.41","destIp":"192.168.0.50","description":null,"state":"disable", "ruleSetUuid": "${defaultRuleSet.uuid}"},{"ruleNumber":1003,"action":"reject","allowStates":"new,established,invalid,related","protocol":"UDP","tcpFlag":null,"icmpTypeName":null,"sourcePort":"77","destPort":"88","sourceIp":"192.168.0.31","destIp":"192.168.0.40","description":null,"state":"disable", "ruleSetUuid": "${defaultRuleSet.uuid}"},{"ruleNumber":1002,"action":"drop","allowStates":"new,invalid,related","protocol":"TCP","tcpFlag":"SYN,ACK","icmpTypeName":null,"sourcePort":"55","destPort":"66","sourceIp":"192.168.0.21","destIp":"192.168.0.30","description":null,"state":"disable", "ruleSetUuid": "${defaultRuleSet.uuid}"},{"ruleNumber":1001,"action":"accept","allowStates":"new,established,invalid,related","protocol":"ALL","tcpFlag":null,"icmpTypeName":null,"sourcePort":null,"destPort":null,"sourceIp":"192.168.0.10","destIp":"192.168.0.20","description":null,"state":"enable", "ruleSetUuid": "${defaultRuleSet.uuid}"}]";
action.sessionId = "b86c9016b4f24953a9edefb53ca0678c";
CreateFirewallRuleFromConfigFileAction.Result res = action.call();Python
SDK
CreateFirewallRuleFromConfigFileAction action = CreateFirewallRuleFromConfigFileAction()
action.ruleInfo = "[{"ruleNumber":1004,"action":"accept","allowStates":"new,established,invalid,related","protocol":"ICMP","tcpFlag":null,"icmpTypeName":"echo-reply","sourcePort":null,"destPort":null,"sourceIp":"192.168.0.41","destIp":"192.168.0.50","description":null,"state":"disable", "ruleSetUuid": "${defaultRuleSet.uuid}"},{"ruleNumber":1003,"action":"reject","allowStates":"new,established,invalid,related","protocol":"UDP","tcpFlag":null,"icmpTypeName":null,"sourcePort":"77","destPort":"88","sourceIp":"192.168.0.31","destIp":"192.168.0.40","description":null,"state":"disable", "ruleSetUuid": "${defaultRuleSet.uuid}"},{"ruleNumber":1002,"action":"drop","allowStates":"new,invalid,related","protocol":"TCP","tcpFlag":"SYN,ACK","icmpTypeName":null,"sourcePort":"55","destPort":"66","sourceIp":"192.168.0.21","destIp":"192.168.0.30","description":null,"state":"disable", "ruleSetUuid": "${defaultRuleSet.uuid}"},{"ruleNumber":1001,"action":"accept","allowStates":"new,established,invalid,related","protocol":"ALL","tcpFlag":null,"icmpTypeName":null,"sourcePort":null,"destPort":null,"sourceIp":"192.168.0.10","destIp":"192.168.0.20","description":null,"state":"enable", "ruleSetUuid": "${defaultRuleSet.uuid}"}]"
action.sessionId = "b86c9016b4f24953a9edefb53ca0678c"
CreateFirewallRuleFromConfigFileAction.Result res = action.call()