cloudflash-firewall
v0.1.4
Published
Shorewall is a easy to use module that exposes endpoints to configure openvpn on any linux system
Downloads
5
Readme
cloudflash-firewall
Shorewall Central Administrative Server :
Shorewall is a gateway/firewall/router/server/'standalone system' configuration tool for GNU/Linux systems. it is a high-level tool for configuring Netfilter on firewall requirements using entries in a set of configuration files. Shorewall has the capability to compile a Shorewall configuration and produce a runnable firewall program script. The script is a complete program which can be placed on a system with Shorewall-Lite installed and can serve as the firewall creation script for that system(Shorewall Lite), Shorewall is not a daemon/process.
Shorewall-lite(clients):
Shorewall Lite is a companion product to Shorewall and is designed to allow you to maintain all Shorewall configuration information on a single system within our network. Also called as firewall system.
Shorewall supports JSON data serialization format. The format for both the request and the response should be specified by using the Content-Type header, the Accept header.
List of APIs :
NEW API's LIST
- POST /firewall/:group/shorewall
- POST /firewall/:group/masq
- POST /firewall/:group/tcrules
- POST /firewall/:group/rules
- GET /firewall/:group/shorewall
- GET /firewall/:group/masq
- GET /firewall/:group/tcrules
- GET /firewall/:group/rules
- GET /firewall/:group
- DELETE /firewall/:group/masq
- DELETE /firewall/:group/tcrules
- DELETE /firewall/:group/rules
- DELETE /firewall/:group/shorewall
POST /firewall/:group/shorewall
This API configures the shorewall.conf, interfaces, zones, policy, tcdevices, tcclasses, tunnels and capabilities
Describe Service:
Verb URI Description
POST /firewall/cpn-client1/shorewall Creates/updates the configurations of shorewall config files for cpn-client1
###Request JSON :
{
"interfaces":
[
{
"ZONE": "net",
"INTERFACE": "wan0",
"BROADCAST": "detect",
"OPTIONS": "dhcp,tcpflags,logmartians,nosmurfs"
}
],
"zones":
[
{
"ZONES": "fw",
"TYPE": "firewall",
"OPTIONS": "-",
"IN-OPTIONS": "-",
"OUT-OPTIONS": "-"
},
{
"ZONES": "net",
"TYPE": "ipv4",
"OPTIONS": "-",
"IN-OPTIONS": "-",
"OUT-OPTIONS": "-"
}
],
"policy":
[
{
"SRC_ZONE": "$FW",
"DEST_ZONE": "net",
"POLICY": "ACCEPT",
"LOG_LEVEL": "info",
"LIMIT_BURST": "-"
},
{
"SRC_ZONE": "net",
"DEST_ZONE": "all",
"POLICY": "ACCEPT",
"LOG_LEVEL": "info",
"LIMIT_BURST": "-"
}
],
"tcdevices":
[
{
"INTERFACE": "wan0",
"IN_BANDWIDTH": "0",
"OUT_BANDWIDTH": "100mbit"
}
],
"tcclasses":
[
{
"INTERFACE": "wan0",
"MARK": "2",
"RATE": "full*5/100",
"CEIL": "full*100/100",
"PRIORITY": "4",
"OPTIONS": "default"
}
],
"tunnels":
[
{
"TYPE": "openvpnserver:6000",
"ZONE": "net",
"GATEWAY": "0.0.0.0/0"
}
],
"capabilities":
[
{
"content": "IwojIFNob3Jld2FsbCA0LjQuMjYuMSBkZXRlY3RlZCB0aGUgZm9sbG93aW5nIGlwdGFibGVzL25ldGZpbHRlciBjYXBhYmlsaXRpZXMgLSBUdWUgT2N0IDMwIDE3OjAzOjUyIElTVCAyMDEyCiMKTkFUX0VOQUJMRUQ9WWVzCk1BTkdMRV9FTkFCTEVEPVllcwpNVUxUSVBPUlQ9WWVzClhNVUxUSVBPUlQ9WWVzCkNPTk5UUkFDS19NQVRDSD1ZZXMKTkVXX0NPTk5UUkFDS19NQVRDSD1ZZXMKT0xEX0NPTk5UUkFDS19NQVRDSD0KVVNFUEtUVFlQRT1ZZXMKUE9MSUNZX01BVENIPVllcwpQSFlTREVWX01BVENIPVllcwpQSFlTREVWX0JSSURHRT1ZZXMKTEVOR1RIX01BVENIPVllcwpJUFJBTkdFX01BVENIPVllcwpSRUNFTlRfTUFUQ0g9WWVzCk9XTkVSX01BVENIPVllcwpJUFNFVF9NQVRDSD0KT0xEX0lQU0VUX01BVENIPQpDT05OTUFSSz1ZZXMKWENPTk5NQVJLPVllcwpDT05OTUFSS19NQVRDSD1ZZXMKWENPTk5NQVJLX01BVENIPVllcwpSQVdfVEFCTEU9WWVzClJBV1BPU1RfVEFCTEU9CklQUDJQX01BVENIPQpPTERfSVBQMlBfTUFUQ0g9CkNMQVNTSUZZX1RBUkdFVD1ZZXMKRU5IQU5DRURfUkVKRUNUPVllcwpLTFVER0VGUkVFPVllcwpNQVJLPVllcwpYTUFSSz1ZZXMKRVhNQVJLPVllcwpNQU5HTEVfRk9SV0FSRD1ZZXMKQ09NTUVOVFM9WWVzCkFERFJUWVBFPVllcwpUQ1BNU1NfTUFUQ0g9WWVzCkhBU0hMSU1JVF9NQVRDSD1ZZXMKT0xEX0hMX01BVENIPQpORlFVRVVFX1RBUkdFVD1ZZXMKUkVBTE1fTUFUQ0g9WWVzCkhFTFBFUl9NQVRDSD1ZZXMKQ09OTkxJTUlUX01BVENIPVllcwpUSU1FX01BVENIPVllcwpHT1RPX1RBUkdFVD1ZZXMKTE9HTUFSS19UQVJHRVQ9CklQTUFSS19UQVJHRVQ9CkxPR19UQVJHRVQ9WWVzClVMT0dfVEFSR0VUPVllcwpORkxPR19UQVJHRVQ9WWVzClBFUlNJU1RFTlRfU05BVD1ZZXMKVFBST1hZX1RBUkdFVD1ZZXMKRkxPV19GSUxURVI9WWVzCkZXTUFSS19SVF9NQVNLPVllcwpNQVJLX0FOWVdIRVJFPVllcwpIRUFERVJfTUFUQ0g9CkFDQ09VTlRfVEFSR0VUPQpBVURJVF9UQVJHRVQ9WWVzCklQU0VUX1Y1PQpDT05ESVRJT05fTUFUQ0g9CklQVEFCTEVTX1M9WWVzCkJBU0lDX0ZJTFRFUj1ZZXMKQ0FQVkVSU0lPTj00MDQyNgpLRVJORUxWRVJTSU9OPTMwMjAwCg=="
}
],
"shorewallconf":
[
{
"STARTUP_ENABLED": "Yes",
"VERBOSITY": "1",
"LOGFILE": "/var/log/messages",
"STARTUP_LOG": "/var/log/shorewall-init.log",
"LOG_VERBOSITY": "2",
"LOGFORMAT": "Shorewall:%s:%s:",
"LOGTAGONLY": "No",
"LOGRATE": "",
"LOGBURST": "",
"LOGALLNEW": "",
"BLACKLIST_LOGLEVEL": "",
"MACLIST_LOG_LEVEL": "info",
"TCP_FLAGS_LOG_LEVEL": "info",
"SMURF_LOG_LEVEL": "info",
"LOG_MARTIANS": "Yes",
"IPTABLES": "",
"IP": "",
"TC": "",
"IPSET": "",
"PERL": "/usr/bin/perl",
"PATH": "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin",
"SHOREWALL_SHELL": "/bin/sh",
"SUBSYSLOCK": "",
"MODULESDIR": "",
"CONFIG_PATH": "/etc/shorewall:/usr/share/shorewall",
"RESTOREFILE": "",
"IPSECFILE": "zones",
"LOCKFILE": "",
"DROP_DEFAULT": "Drop",
"REJECT_DEFAULT": "Reject",
"ACCEPT_DEFAULT": "none",
"QUEUE_DEFAULT": "none",
"NFQUEUE_DEFAULT": "none",
"RSH_COMMAND": "'ssh ${root}@${system} ${command}'",
"RCP_COMMAND": "'scp ${files} ${root}@${system}:${destination}'",
"IP_FORWARDING": "Keep",
"ADD_IP_ALIASES": "No",
"ADD_SNAT_ALIASES": "No",
"RETAIN_ALIASES": "No",
"TC_ENABLED": "Internal",
"TC_EXPERT": "No",
"TC_PRIOMAP": "2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2",
"CLEAR_TC": "Yes",
"MARK_IN_FORWARD_CHAIN": "No",
"CLAMPMSS": "No",
"ROUTE_FILTER": "Yes",
"DETECT_DNAT_IPADDRS": "No",
"MUTEX_TIMEOUT": "60",
"ADMINISABSENTMINDED": "Yes",
"BLACKLISTNEWONLY": "Yes",
"DELAYBLACKLISTLOAD": "No",
"MODULE_SUFFIX": "ko",
"DISABLE_IPV6": "No",
"BRIDGING": "No",
"DYNAMIC_ZONES": "No",
"PKTTYPE": "Yes",
"NULL_ROUTE_RFC1918": "No",
"MACLIST_TABLE": "filter",
"MACLIST_TTL": "",
"SAVE_IPSETS": "No",
"MAPOLDACTIONS": "No",
"FASTACCEPT": "No",
"IMPLICIT_CONTINUE": "No",
"HIGH_ROUTE_MARKS": "No",
"USE_ACTIONS": "Yes",
"OPTIMIZE": "0",
"EXPORTPARAMS": "Yes",
"EXPAND_POLICIES": "Yes",
"KEEP_RT_TABLES": "No",
"DELETE_THEN_ADD": "Yes",
"MULTICAST": "No",
"DONT_LOAD": "",
"AUTO_COMMENT": "Yes",
"MANGLE_ENABLED": "Yes",
"USE_DEFAULT_RT": "No",
"RESTORE_DEFAULT_ROUTE": "Yes",
"AUTOMAKE": "No",
"WIDE_TC_MARKS": "No",
"TRACK_PROVIDERS": "No",
"ZONE2ZONE": "2",
"ACCOUNTING": "Yes",
"DYNAMIC_BLACKLIST": "Yes",
"OPTIMIZE_ACCOUNTING": "No",
"LOAD_HELPERS_ONLY": "No",
"REQUIRE_INTERFACE": "No",
"FORWARD_CLEAR_MARK": "Yes",
"BLACKLIST_DISPOSITION": "DROP",
"MACLIST_DISPOSITION": "REJECT",
"TCP_FLAGS_DISPOSITION": "DROP"
}
]
}
}
GET /shorewall/server/:group/conf
This API get the configurations of shorewall.conf, interfaces, zones, policy, tcdevices, tcclasses, tunnels and capabilities
###Request Header :
Describe Service:
Verb URI Description
GET /shorewall/server/cpn-client1/conf Describes the shorewall config files configurations
###Response JSON :
{
"entityid": "shorewallcpn-client1",
"entityName": "shorewall",
"group": "cpn-client1",
"config":
{
"interfaces":
[
{
"ZONE": "net",
"INTERFACE": "wan0",
"BROADCAST": "detect",
"OPTIONS": "dhcp,tcpflags,logmartians,nosmurfs"
}
],
"zones":
[
{
"ZONES": "fw",
"TYPE": "firewall",
"OPTIONS": "-",
"IN-OPTIONS": "-",
"OUT-OPTIONS": "-"
},
{
"ZONES": "net",
"TYPE": "ipv4",
"OPTIONS": "-",
"IN-OPTIONS": "-",
"OUT-OPTIONS": "-"
}
],
"policy":
[
{
"SRC_ZONE": "$FW",
"DEST_ZONE": "net",
"POLICY": "ACCEPT",
"LOG_LEVEL": "info",
"LIMIT_BURST": "-"
},
{
"SRC_ZONE": "net",
"DEST_ZONE": "all",
"POLICY": "ACCEPT",
"LOG_LEVEL": "info",
"LIMIT_BURST": "-"
}
],
"tcdevices":
[
{
"INTERFACE": "wan0",
"IN_BANDWIDTH": "0",
"OUT_BANDWIDTH": "100mbit"
}
],
"tcclasses":
[
{
"INTERFACE": "wan0",
"MARK": "2",
"RATE": "full*5/100",
"CEIL": "full*100/100",
"PRIORITY": "4",
"OPTIONS": "default"
}
],
"tunnels":
[
{
"TYPE": "openvpnserver:6000",
"ZONE": "net",
"GATEWAY": "0.0.0.0/0"
}
],
"capabilities":
[
{
"content": "IwojIFNob3Jld2FsbCA0LjQuMjYuMSBkZXRlY3RlZCB0aGUgZm9sbG93aW5nIGlwdGFibGVzL25ldGZpbHRlciBjYXBhYmlsaXRpZXMgLSBUdWUgT2N0IDMwIDE3OjAzOjUyIElTVCAyMDEyCiMKTkFUX0VOQUJMRUQ9WWVzCk1BTkdMRV9FTkFCTEVEPVllcwpNVUxUSVBPUlQ9WWVzClhNVUxUSVBPUlQ9WWVzCkNPTk5UUkFDS19NQVRDSD1ZZXMKTkVXX0NPTk5UUkFDS19NQVRDSD1ZZXMKT0xEX0NPTk5UUkFDS19NQVRDSD0KVVNFUEtUVFlQRT1ZZXMKUE9MSUNZX01BVENIPVllcwpQSFlTREVWX01BVENIPVllcwpQSFlTREVWX0JSSURHRT1ZZXMKTEVOR1RIX01BVENIPVllcwpJUFJBTkdFX01BVENIPVllcwpSRUNFTlRfTUFUQ0g9WWVzCk9XTkVSX01BVENIPVllcwpJUFNFVF9NQVRDSD0KT0xEX0lQU0VUX01BVENIPQpDT05OTUFSSz1ZZXMKWENPTk5NQVJLPVllcwpDT05OTUFSS19NQVRDSD1ZZXMKWENPTk5NQVJLX01BVENIPVllcwpSQVdfVEFCTEU9WWVzClJBV1BPU1RfVEFCTEU9CklQUDJQX01BVENIPQpPTERfSVBQMlBfTUFUQ0g9CkNMQVNTSUZZX1RBUkdFVD1ZZXMKRU5IQU5DRURfUkVKRUNUPVllcwpLTFVER0VGUkVFPVllcwpNQVJLPVllcwpYTUFSSz1ZZXMKRVhNQVJLPVllcwpNQU5HTEVfRk9SV0FSRD1ZZXMKQ09NTUVOVFM9WWVzCkFERFJUWVBFPVllcwpUQ1BNU1NfTUFUQ0g9WWVzCkhBU0hMSU1JVF9NQVRDSD1ZZXMKT0xEX0hMX01BVENIPQpORlFVRVVFX1RBUkdFVD1ZZXMKUkVBTE1fTUFUQ0g9WWVzCkhFTFBFUl9NQVRDSD1ZZXMKQ09OTkxJTUlUX01BVENIPVllcwpUSU1FX01BVENIPVllcwpHT1RPX1RBUkdFVD1ZZXMKTE9HTUFSS19UQVJHRVQ9CklQTUFSS19UQVJHRVQ9CkxPR19UQVJHRVQ9WWVzClVMT0dfVEFSR0VUPVllcwpORkxPR19UQVJHRVQ9WWVzClBFUlNJU1RFTlRfU05BVD1ZZXMKVFBST1hZX1RBUkdFVD1ZZXMKRkxPV19GSUxURVI9WWVzCkZXTUFSS19SVF9NQVNLPVllcwpNQVJLX0FOWVdIRVJFPVllcwpIRUFERVJfTUFUQ0g9CkFDQ09VTlRfVEFSR0VUPQpBVURJVF9UQVJHRVQ9WWVzCklQU0VUX1Y1PQpDT05ESVRJT05fTUFUQ0g9CklQVEFCTEVTX1M9WWVzCkJBU0lDX0ZJTFRFUj1ZZXMKQ0FQVkVSU0lPTj00MDQyNgpLRVJORUxWRVJTSU9OPTMwMjAwCg=="
}
],
"shorewallconf":
[
{
"STARTUP_ENABLED": "Yes",
"VERBOSITY": "1",
"LOGFILE": "/var/log/messages",
"STARTUP_LOG": "/var/log/shorewall-init.log",
"LOG_VERBOSITY": "2",
"LOGFORMAT": "Shorewall:%s:%s:",
"LOGTAGONLY": "No",
"LOGRATE": "",
"LOGBURST": "",
"LOGALLNEW": "",
"BLACKLIST_LOGLEVEL": "",
"MACLIST_LOG_LEVEL": "info",
"TCP_FLAGS_LOG_LEVEL": "info",
"SMURF_LOG_LEVEL": "info",
"LOG_MARTIANS": "Yes",
"IPTABLES": "",
"IP": "",
"TC": "",
"IPSET": "",
"PERL": "/usr/bin/perl",
"PATH": "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin",
"SHOREWALL_SHELL": "/bin/sh",
"SUBSYSLOCK": "",
"MODULESDIR": "",
"CONFIG_PATH": "/etc/shorewall:/usr/share/shorewall",
"RESTOREFILE": "",
"IPSECFILE": "zones",
"LOCKFILE": "",
"DROP_DEFAULT": "Drop",
"REJECT_DEFAULT": "Reject",
"ACCEPT_DEFAULT": "none",
"QUEUE_DEFAULT": "none",
"NFQUEUE_DEFAULT": "none",
"RSH_COMMAND": "'ssh ${root}@${system} ${command}'",
"RCP_COMMAND": "'scp ${files} ${root}@${system}:${destination}'",
"IP_FORWARDING": "Keep",
"ADD_IP_ALIASES": "No",
"ADD_SNAT_ALIASES": "No",
"RETAIN_ALIASES": "No",
"TC_ENABLED": "Internal",
"TC_EXPERT": "No",
"TC_PRIOMAP": "2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2",
"CLEAR_TC": "Yes",
"MARK_IN_FORWARD_CHAIN": "No",
"CLAMPMSS": "No",
"ROUTE_FILTER": "Yes",
"DETECT_DNAT_IPADDRS": "No",
"MUTEX_TIMEOUT": "60",
"ADMINISABSENTMINDED": "Yes",
"BLACKLISTNEWONLY": "Yes",
"DELAYBLACKLISTLOAD": "No",
"MODULE_SUFFIX": "ko",
"DISABLE_IPV6": "No",
"BRIDGING": "No",
"DYNAMIC_ZONES": "No",
"PKTTYPE": "Yes",
"NULL_ROUTE_RFC1918": "No",
"MACLIST_TABLE": "filter",
"MACLIST_TTL": "",
"SAVE_IPSETS": "No",
"MAPOLDACTIONS": "No",
"FASTACCEPT": "No",
"IMPLICIT_CONTINUE": "No",
"HIGH_ROUTE_MARKS": "No",
"USE_ACTIONS": "Yes",
"OPTIMIZE": "0",
"EXPORTPARAMS": "Yes",
"EXPAND_POLICIES": "Yes",
"KEEP_RT_TABLES": "No",
"DELETE_THEN_ADD": "Yes",
"MULTICAST": "No",
"DONT_LOAD": "",
"AUTO_COMMENT": "Yes",
"MANGLE_ENABLED": "Yes",
"USE_DEFAULT_RT": "No",
"RESTORE_DEFAULT_ROUTE": "Yes",
"AUTOMAKE": "No",
"WIDE_TC_MARKS": "No",
"TRACK_PROVIDERS": "No",
"ZONE2ZONE": "2",
"ACCOUNTING": "Yes",
"DYNAMIC_BLACKLIST": "Yes",
"OPTIMIZE_ACCOUNTING": "No",
"LOAD_HELPERS_ONLY": "No",
"REQUIRE_INTERFACE": "No",
"FORWARD_CLEAR_MARK": "Yes",
"BLACKLIST_DISPOSITION": "DROP",
"MACLIST_DISPOSITION": "REJECT",
"TCP_FLAGS_DISPOSITION": "DROP"
}
]
}
}
POST /firewall/:group/masq
This API configures the masq configurations
Describe Service:
Verb URI Description
POST /firewall/cpn-client1/masq Creates/updates the configurations of masq file
###Request JSON :
{
"masq":
[
{
"INTERFACE_DEST": "wan0",
"SOURCE": "lan0",
"ADDRESS_OPT": "",
"PROTO": ""
}
]
}
}
GET /firewall/:group/masq
This API to get the masq file configurations
Describe Service:
Verb URI Description
GET /firewall/cpn-client1/masq Get the configurations of masq file
###Response JSON :
{
"id": "masqcpn-client1",
"entityName": "masq",
"group": "cpn-client1",
"config":
{
"masq":
[
{
"INTERFACE_DEST": "wan0",
"SOURCE": "lan0",
"ADDRESS_OPT": "",
"PROTO": ""
}
]
}
}
POST /firewall/:group/tcrules
This API configures the tcrules file configurations
Describe Service:
Verb URI Description
POST /firewall/cpn-client1/tcrules Creates/updates the configurations of tcrules file
###Request JSON :
{
"tcrules":
[
{
"MARK": "1:F",
"SOURCE": "209.182.96.0/19",
"DEST": "wan0",
"PROTO": "tcp",
"PORTS": "-",
"CLIENT_PORTS": "-",
"USER": "-",
"TEST": "-"
},
{
"MARK": "1:T",
"SOURCE": "0.0.0.0/0",
"DEST": "0.0.0.0/0",
"PROTO": "icmp",
"PORTS": "echo-request",
"CLIENT_PORTS": "-",
"USER": "-",
"TEST": "-"
}
]
}
GET /firewall/:group/tcrules
This API to get the tcrules file configurations
Describe Service:
Verb URI Description
GET /firewall/cpn-client1/tcrules Get the configurations of tcrules file
###Response JSON :
{
"id": "tcrulescpn-client1",
"entityName": "tcrules",
"group": "cpn-client1",
"config":
{
"tcrules":
[
{
"MARK": "1:F",
"SOURCE": "209.182.96.0/19",
"DEST": "wan0",
"PROTO": "tcp",
"PORTS": "-",
"CLIENT_PORTS": "-",
"USER": "-",
"TEST": "-"
},
{
"MARK": "1:T",
"SOURCE": "0.0.0.0/0",
"DEST": "0.0.0.0/0",
"PROTO": "icmp",
"PORTS": "echo-request",
"CLIENT_PORTS": "-",
"USER": "-",
"TEST": "-"
}
]
}
}
POST /firewall/:group/rules
This API configures the rules file configurations
Describe Service:
Verb URI Description
POST /firewall/cpn-client1/rules Creates/updates the configurations of rules file
###Request JSON :
{
"rules":
[
{
"ACTION": "DROP:info",
"SOURCE_zone":
[
{
"all": "",
"all+": "",
"all-": "",
"all+-": "",
"any": "",
"WAN": "net",
"LAN": "",
"DMZ": "",
"VPN": "",
"HSB": "",
"WAN:": "",
"LAN:": "",
"DMZ:": "",
"VPN:": "",
"HSB:": ""
}
],
"DEST_zone":
[
{
"all": "",
"all+": "",
"all-": "",
"all+-": "",
"any": "",
"WAN": "",
"LAN": "$FW",
"DMZ": "",
"VPN": "",
"HSB": "",
"WAN:": "",
"LAN:": "",
"DMZ:": "",
"VPN:": "",
"HSB:": ""
}
],
"PROTO":
[
{
"tcp": "",
"udp": "",
"protocol-name": "icmp",
"protocol-number": "",
"tcp:sync": "",
"tcp:ipp2p": "",
"tcp:sync:ipp2p": "",
"tcp:sync:udp": "",
"tcp:ipp2p:udp": "",
"tcp:ipp2p:ipp2p": "",
"all": "",
"tcp:sync:ipp2p:all": "",
"tcp:sync:udp:all": "",
"tcp:ipp2p:udp:all": "",
"tcp:ipp2p:ipp2p:all": "",
"tcp:sync:ipp2p:protocol-name": "",
"tcp:sync:udp:protocol-name": "",
"tcp:ipp2p:ipp2p:protocol-name": "",
"tcp:ipp2p:udp:protocol-name": "",
"tcp:sync:ipp2p:protocol-number": "",
"tcp:sync:udp:protocol-number": "",
"tcp:ipp2p:ipp2p:protocol-number": "",
"tcp:ipp2p:udp:protocol-number": ""
}
],
"DEST_PORT":
[
{
"port-name-number": "",
"port-number-range": ""
}
],
"SOURCE_PORT":
[
{
"port-name-number": "",
"port-number-range": ""
}
],
"Original_DEST": "",
"RATE_LIMIT":
[
{
"s": "",
"d": "",
"s:proto-name": "",
"d:proto-name": "",
"s:proto-name:rate-per-sec": "",
"s:proto-name:rate-per-min": "",
"s:proto-name:rate-per-hour": "",
"s:proto-name:rate-per-day": "",
"d:proto-name:rate-per-sec": "",
"d:proto-name:rate-per-min": "",
"d:proto-name:rate-per-hour": "",
"d:proto-name:rate-per-day": "",
"s:proto-name:rate-per-sec:burst": "",
"s:proto-name:rate-per-min:burst": "",
"s:proto-name:rate-per-hour:burst": "",
"s:proto-name:rate-per-day:burst": "",
"d:proto-name:rate-per-sec:burst": "",
"d:proto-name:rate-per-min:burst": "",
"d:proto-name:rate-per-hour:burst": "",
"d:proto-name:rate-per-day:burst": ""
}
],
"User_Group":
[
{
"user-name-or-number": "",
":group-name-or-number": "",
"user-name-or-number:group-name-or-number": "",
"program-name": ""
}
]
}
]
}
GET /firewall/:group/rules
This API to get the rules file configurations
Describe Service:
Verb URI Description
GET /firewall/cpn-client1/rules Get the configurations of rules file
###Response JSON : { "id": "rulescpn-client1", "entityName": "rules", "group": "cpn-client1", "config": { "rules": [ { "ACTION": "DROP:info", "SOURCE_zone": [ { "all": "", "all+": "", "all-": "", "all+-": "", "any": "", "WAN": "net", "LAN": "", "DMZ": "", "VPN": "", "HSB": "", "WAN:": "", "LAN:": "", "DMZ:": "", "VPN:": "", "HSB:": "" } ], "DEST_zone": [ { "all": "", "all+": "", "all-": "", "all+-": "", "any": "", "WAN": "", "LAN": "$FW", "DMZ": "", "VPN": "", "HSB": "", "WAN:": "", "LAN:": "", "DMZ:": "", "VPN:": "", "HSB:": "" } ], "PROTO": [ { "tcp": "", "udp": "", "protocol-name": "icmp", "protocol-number": "", "tcp:sync": "", "tcp:ipp2p": "", "tcp:sync:ipp2p": "", "tcp:sync:udp": "", "tcp:ipp2p:udp": "", "tcp:ipp2p:ipp2p": "", "all": "", "tcp:sync:ipp2p:all": "", "tcp:sync:udp:all": "", "tcp:ipp2p:udp:all": "", "tcp:ipp2p:ipp2p:all": "", "tcp:sync:ipp2p:protocol-name": "", "tcp:sync:udp:protocol-name": "", "tcp:ipp2p:ipp2p:protocol-name": "", "tcp:ipp2p:udp:protocol-name": "", "tcp:sync:ipp2p:protocol-number": "", "tcp:sync:udp:protocol-number": "", "tcp:ipp2p:ipp2p:protocol-number": "", "tcp:ipp2p:udp:protocol-number": "" } ], "DEST_PORT": [ { "port-name-number": "", "port-number-range": "" } ], "SOURCE_PORT": [ { "port-name-number": "", "port-number-range": "" } ], "Original_DEST": "", "RATE_LIMIT": [ { "s": "", "d": "", "s:proto-name": "", "d:proto-name": "", "s:proto-name:rate-per-sec": "", "s:proto-name:rate-per-min": "", "s:proto-name:rate-per-hour": "", "s:proto-name:rate-per-day": "", "d:proto-name:rate-per-sec": "", "d:proto-name:rate-per-min": "", "d:proto-name:rate-per-hour": "", "d:proto-name:rate-per-day": "", "s:proto-name:rate-per-sec:burst": "", "s:proto-name:rate-per-min:burst": "", "s:proto-name:rate-per-hour:burst": "", "s:proto-name:rate-per-day:burst": "", "d:proto-name:rate-per-sec:burst": "", "d:proto-name:rate-per-min:burst": "", "d:proto-name:rate-per-hour:burst": "", "d:proto-name:rate-per-day:burst": "" } ], "User_Group": [ { "user-name-or-number": "", ":group-name-or-number": "", "user-name-or-number:group-name-or-number": "", "program-name": "" } ] } ] } }
DELETE /firewall/:group/rules
Describe Service:
Verb URI Description
DELETE /firewall/cpn-client1/rules Deletes the configurations of rules in DB with respective config file
###Response code :
204
DELETE /firewall/:group/tcrules
Describe Service:
Verb URI Description
DELETE /firewall/cpn-client1/tcrules Deletes the configurations of tcrules in DB with respective config file
###Response code :
204
DELETE /firewall/:group/masq
Describe Service:
Verb URI Description
DELETE /firewall/cpn-client1/masq Deletes the configurations of masq in DB with respective config file
###Response code :
204
DELETE /firewall/:group/shorewall
This API is basic API to configure firewall rules so while deleteing the DB configurations, this API delete all the configuration files of respective group(cname)
Describe Service:
Verb URI Description
DELETE /firewall/cpn-client1/shorewall Deletes the configurations of shorewall in DB with respective config file
###Response code :
204
Shorewall Configuration API's:
- POST /shorewall/server/:group/conf
- POST /shorewall/server/:group/policy/:id
- POST /shorewall/server/:group/rules/:id
- POST /shorewall/server/:group/zones/:id
- POST /shorewall/server/:group/interfaces/:id
- POST /shorewall/server/:group/routestopped/:id
POST API :
POST /shorewall/server/:group/conf
Conf API will configure the shorewall.conf file, which is a global configuration file for shorewall, This file sets options that apply to Shorewall as a whole.
Describe Service:
Verb URI Description
POST /shorewall/server/cpn-client1/conf Creates/updates the configurations of shorewall.conf file
###Request JSON :
{
"STARTUP_ENABLED": "Yes",
"VERBOSITY": "1",
"LOGFILE": "/var/log/messages",
"STARTUP_LOG": "/var/log/shorewall-init.log",
"LOG_VERBOSITY": "2",
"LOGFORMAT": "Shorewall:%s:%s:",
"LOGTAGONLY": "No",
"LOGRATE": "",
"LOGBURST": "",
"LOGALLNEW": "",
"BLACKLIST_LOGLEVEL": "",
"MACLIST_LOG_LEVEL": "info",
"TCP_FLAGS_LOG_LEVEL": "info",
"SMURF_LOG_LEVEL": "info",
"LOG_MARTIANS": "Yes",
"IPTABLES": "",
"IP": "",
"TC": "",
"IPSET": "",
"PERL": "/usr/bin/perl",
"PATH": "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin",
"SHOREWALL_SHELL": "/bin/sh",
"SUBSYSLOCK": "",
"MODULESDIR": "",
"CONFIG_PATH": "/etc/shorewall:/usr/share/shorewall",
"RESTOREFILE": "",
"IPSECFILE": "zones",
"LOCKFILE": "",
"DROP_DEFAULT": "Drop",
"REJECT_DEFAULT": "Reject",
"ACCEPT_DEFAULT": "none",
"QUEUE_DEFAULT": "none",
"NFQUEUE_DEFAULT": "none",
"RSH_COMMAND": "'ssh ${root}@${system} ${command}'",
"RCP_COMMAND": "'scp ${files} ${root}@${system}:${destination}'",
"IP_FORWARDING": "Keep",
"ADD_IP_ALIASES": "No",
"ADD_SNAT_ALIASES": "No",
"RETAIN_ALIASES": "No",
"TC_ENABLED": "Internal",
"TC_EXPERT": "No",
"TC_PRIOMAP": "2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2",
"CLEAR_TC": "Yes",
"MARK_IN_FORWARD_CHAIN": "No",
"CLAMPMSS": "No",
"ROUTE_FILTER": "Yes",
"DETECT_DNAT_IPADDRS": "No",
"MUTEX_TIMEOUT": "60",
"ADMINISABSENTMINDED": "Yes",
"BLACKLISTNEWONLY": "Yes",
"DELAYBLACKLISTLOAD": "No",
"MODULE_SUFFIX": "ko",
"DISABLE_IPV6": "No",
"BRIDGING": "No",
"DYNAMIC_ZONES": "No",
"PKTTYPE": "Yes",
"NULL_ROUTE_RFC1918": "No",
"MACLIST_TABLE": "filter",
"MACLIST_TTL": "",
"SAVE_IPSETS": "No",
"MAPOLDACTIONS": "No",
"FASTACCEPT": "No",
"IMPLICIT_CONTINUE": "No",
"HIGH_ROUTE_MARKS": "No",
"USE_ACTIONS": "Yes",
"OPTIMIZE": "0",
"EXPORTPARAMS": "Yes",
"EXPAND_POLICIES": "Yes",
"KEEP_RT_TABLES": "No",
"DELETE_THEN_ADD": "Yes",
"MULTICAST": "No",
"DONT_LOAD": "",
"AUTO_COMMENT": "Yes",
"MANGLE_ENABLED": "Yes",
"USE_DEFAULT_RT": "No",
"RESTORE_DEFAULT_ROUTE": "Yes",
"AUTOMAKE": "No",
"WIDE_TC_MARKS": "No",
"TRACK_PROVIDERS": "No",
"ZONE2ZONE": "2",
"ACCOUNTING": "Yes",
"DYNAMIC_BLACKLIST": "Yes",
"OPTIMIZE_ACCOUNTING": "No",
"LOAD_HELPERS_ONLY": "No",
"REQUIRE_INTERFACE": "No",
"FORWARD_CLEAR_MARK": "Yes",
"BLACKLIST_DISPOSITION": "DROP",
"MACLIST_DISPOSITION": "REJECT",
"TCP_FLAGS_DISPOSITION": "DROP"
}
###Response JSON :
{
"id": "cpn-client1",
"entityName": "shorewall",
"group": "cpn-client1",
"config":
{
"STARTUP_ENABLED": "Yes",
"VERBOSITY": "1",
"LOGFILE": "/var/log/messages",
"STARTUP_LOG": "/var/log/shorewall-init.log",
"LOG_VERBOSITY": "2",
"LOGFORMAT": "Shorewall:%s:%s:",
"LOGTAGONLY": "No",
"LOGRATE": "",
"LOGBURST": "",
"LOGALLNEW": "",
"BLACKLIST_LOGLEVEL": "",
"MACLIST_LOG_LEVEL": "info",
"TCP_FLAGS_LOG_LEVEL": "info",
"SMURF_LOG_LEVEL": "info",
"LOG_MARTIANS": "Yes",
"IPTABLES": "",
"IP": "",
"TC": "",
"IPSET": "",
"PERL": "/usr/bin/perl",
"PATH": "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin",
"SHOREWALL_SHELL": "/bin/sh",
"SUBSYSLOCK": "",
"MODULESDIR": "",
"CONFIG_PATH": "/etc/shorewall:/usr/share/shorewall:/config/shorewall/cpn-client1",
"RESTOREFILE": "",
"IPSECFILE": "zones",
"LOCKFILE": "",
"DROP_DEFAULT": "Drop",
"REJECT_DEFAULT": "Reject",
"ACCEPT_DEFAULT": "none",
"QUEUE_DEFAULT": "none",
"NFQUEUE_DEFAULT": "none",
"RSH_COMMAND": "'ssh ${root}@${system} ${command}'",
"RCP_COMMAND": "'scp ${files} ${root}@${system}:${destination}'",
"IP_FORWARDING": "Keep",
"ADD_IP_ALIASES": "No",
"ADD_SNAT_ALIASES": "No",
"RETAIN_ALIASES": "No",
"TC_ENABLED": "Internal",
"TC_EXPERT": "No",
"TC_PRIOMAP": "2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2",
"CLEAR_TC": "Yes",
"MARK_IN_FORWARD_CHAIN": "No",
"CLAMPMSS": "No",
"ROUTE_FILTER": "Yes",
"DETECT_DNAT_IPADDRS": "No",
"MUTEX_TIMEOUT": "60",
"ADMINISABSENTMINDED": "Yes",
"BLACKLISTNEWONLY": "Yes",
"DELAYBLACKLISTLOAD": "No",
"MODULE_SUFFIX": "ko",
"DISABLE_IPV6": "No",
"BRIDGING": "No",
"DYNAMIC_ZONES": "No",
"PKTTYPE": "Yes",
"NULL_ROUTE_RFC1918": "No",
"MACLIST_TABLE": "filter",
"MACLIST_TTL": "",
"SAVE_IPSETS": "No",
"MAPOLDACTIONS": "No",
"FASTACCEPT": "No",
"IMPLICIT_CONTINUE": "No",
"HIGH_ROUTE_MARKS": "No",
"USE_ACTIONS": "Yes",
"OPTIMIZE": "0",
"EXPORTPARAMS": "Yes",
"EXPAND_POLICIES": "Yes",
"KEEP_RT_TABLES": "No",
"DELETE_THEN_ADD": "Yes",
"MULTICAST": "No",
"DONT_LOAD": "",
"AUTO_COMMENT": "Yes",
"MANGLE_ENABLED": "Yes",
"USE_DEFAULT_RT": "No",
"RESTORE_DEFAULT_ROUTE": "Yes",
"AUTOMAKE": "No",
"WIDE_TC_MARKS": "No",
"TRACK_PROVIDERS": "No",
"ZONE2ZONE": "2",
"ACCOUNTING": "Yes",
"DYNAMIC_BLACKLIST": "Yes",
"OPTIMIZE_ACCOUNTING": "No",
"LOAD_HELPERS_ONLY": "No",
"REQUIRE_INTERFACE": "No",
"FORWARD_CLEAR_MARK": "Yes",
"BLACKLIST_DISPOSITION": "DROP",
"MACLIST_DISPOSITION": "REJECT",
"TCP_FLAGS_DISPOSITION": "DROP"
}
}
GET /shorewall/server/:group/conf
###Request Header :
Describe Service:
Verb URI Description
GET /shorewall/server/cpn-client1/conf Describes the shorewall.conf configurations
###Response JSON :
[
{
"id": "cpn-client1",
"config":
{
"STARTUP_ENABLED": "Yes",
"VERBOSITY": "1",
"LOGFILE": "/var/log/messages",
"STARTUP_LOG": "/var/log/shorewall-init.log",
"LOG_VERBOSITY": "2",
"LOGFORMAT": "Shorewall:%s:%s:",
"LOGTAGONLY": "No",
"LOGRATE": "",
"LOGBURST": "",
"LOGALLNEW": "",
"BLACKLIST_LOGLEVEL": "",
"MACLIST_LOG_LEVEL": "info",
"TCP_FLAGS_LOG_LEVEL": "info",
"SMURF_LOG_LEVEL": "info",
"LOG_MARTIANS": "Yes",
"IPTABLES": "",
"IP": "",
"TC": "",
"IPSET": "",
"PERL": "/usr/bin/perl",
"PATH": "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin",
"SHOREWALL_SHELL": "/bin/sh",
"SUBSYSLOCK": "",
"MODULESDIR": "",
"CONFIG_PATH": "/etc/shorewall:/usr/share/shorewall:/config/shorewall/cpn-client1",
"RESTOREFILE": "",
"IPSECFILE": "zones",
"LOCKFILE": "",
"DROP_DEFAULT": "Drop",
"REJECT_DEFAULT": "Reject",
"ACCEPT_DEFAULT": "none",
"QUEUE_DEFAULT": "none",
"NFQUEUE_DEFAULT": "none",
"RSH_COMMAND": "'ssh ${root}@${system} ${command}'",
"RCP_COMMAND": "'scp ${files} ${root}@${system}:${destination}'",
"IP_FORWARDING": "Keep",
"ADD_IP_ALIASES": "No",
"ADD_SNAT_ALIASES": "No",
"RETAIN_ALIASES": "No",
"TC_ENABLED": "Internal",
"TC_EXPERT": "No",
"TC_PRIOMAP": "2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2",
"CLEAR_TC": "Yes",
"MARK_IN_FORWARD_CHAIN": "No",
"CLAMPMSS": "No",
"ROUTE_FILTER": "Yes",
"DETECT_DNAT_IPADDRS": "No",
"MUTEX_TIMEOUT": "60",
"ADMINISABSENTMINDED": "Yes",
"BLACKLISTNEWONLY": "Yes",
"DELAYBLACKLISTLOAD": "No",
"MODULE_SUFFIX": "ko",
"DISABLE_IPV6": "No",
"BRIDGING": "No",
"DYNAMIC_ZONES": "No",
"PKTTYPE": "Yes",
"NULL_ROUTE_RFC1918": "No",
"MACLIST_TABLE": "filter",
"MACLIST_TTL": "",
"SAVE_IPSETS": "No",
"MAPOLDACTIONS": "No",
"FASTACCEPT": "No",
"IMPLICIT_CONTINUE": "No",
"HIGH_ROUTE_MARKS": "No",
"USE_ACTIONS": "Yes",
"OPTIMIZE": "0",
"EXPORTPARAMS": "Yes",
"EXPAND_POLICIES": "Yes",
"KEEP_RT_TABLES": "No",
"DELETE_THEN_ADD": "Yes",
"MULTICAST": "No",
"DONT_LOAD": "",
"AUTO_COMMENT": "Yes",
"MANGLE_ENABLED": "Yes",
"USE_DEFAULT_RT": "No",
"RESTORE_DEFAULT_ROUTE": "Yes",
"AUTOMAKE": "No",
"WIDE_TC_MARKS": "No",
"TRACK_PROVIDERS": "No",
"ZONE2ZONE": "2",
"ACCOUNTING": "Yes",
"DYNAMIC_BLACKLIST": "Yes",
"OPTIMIZE_ACCOUNTING": "No",
"LOAD_HELPERS_ONLY": "No",
"REQUIRE_INTERFACE": "No",
"FORWARD_CLEAR_MARK": "Yes",
"BLACKLIST_DISPOSITION": "DROP",
"MACLIST_DISPOSITION": "REJECT",
"TCP_FLAGS_DISPOSITION": "DROP"
}
}
]
DELETE /shorewall/server/:group/conf
Verb URI Description
DELETE /shorewall/server/cpn-client1/conf Deletes the configurations on shorewall.conf file
Note: The Delete request does not require a message body. on success returns JSON data with the shorewall configuartions deleted on VCG. with deleted as true, Each delete shorewall service is identified by ID
###Response code :
204
Interface API's:
Interfaces API's configures the shorewall interfaces file which serves to define the firewall's network interfaces to Shorewall. The order of entries in this file is not significant in determining zone composition.
POST /shorewall/server/:group/interfaces/:id
Describe Service:
Verb URI Description
POST /shorewall/server/cpn-client1/interfaces/0559950bd0bc0 Configures the interfaces file configs
###Request JSON:
{
"ZONE": "net",
"INTERFACE": "eth0",
"BROADCAST": "detect",
"OPTIONS": "dhcp,tcpflags,logmartians,nosmurfs"
}
###Response JSON :
{
"id": "0559950bd0bc0",
"entityName": "interfaces",
"group": "cpn-client1",
"config":
{
"ZONE": "net",
"INTERFACE": "eth0",
"BROADCAST": "detect",
"OPTIONS": "dhcp,tcpflags,logmartians,nosmurfs"
}
}
GET /shorewall/server/:group/interfaces/:id
Describe Service:
Verb URI Description
GET /shorewall/server/cpn-client1/interfaces/0559950bd0bc0 Describes the configurations in interfaces DB with respective ID
###Response JSON :
{
"id": "0559950bd0bc0",
"entityName": "interfaces",
"group": "cpn-client1",
"config":
{
"ZONE": "net",
"INTERFACE": "eth0",
"BROADCAST": "detect",
"OPTIONS": "dhcp,tcpflags,logmartians,nosmurfs"
}
}
DELETE /shorewall/server/:group/interfaces/:id
Describe Service:
Verb URI Description
DELETE /shorewall/server/cpn-client1/interfaces/0559950bd0bc0 Deletes the configurations of interfaces in DB with respective ID
###Response code :
204
ZONES API :
Creates zones configurations files entry for zones, Zones 4 API"s available API's configures the zones file which declares our network zones. we can specify the hosts in each zone through entries in interfaces file or hosts
- /shorewall/server/:group/zones/:id
POST /shorewall/server/:group/zones/:id
Describe Service:
Verb URI Description
POST /shorewall/server/cpn-client1/zones/0559950bd0bc1 Configures the firewall zones file entry
###Request JSON:
{
"ZONES": "$FW",
"TYPE": "firewall",
"OPTIONS": "",
"IN-OPTIONS": "",
"OUT-OPTIONS": ""
}
###Response JSON :
{
"id": "0559950bd0bc1",
"entityName": "zones",
"group": "cpn-client1",
"config":
{
"ZONES": "$FW",
"TYPE": "firewall",
"OPTIONS": "",
"IN-OPTIONS": "",
"OUT-OPTIONS": ""
}
}
GET /shorewall/server/:group/zones/:id
Describe Service:
Verb URI Description
GET /shorewall/server/cpn-client1/zones/0559950bd0bc1 Describes configurations of the firewall zones file entry
###Response JSON :
{
"id": "0559950bd0bc1",
"entityName": "zones",
"group": "cpn-client1",
"config":
{
"ZONES": "$FW",
"TYPE": "firewall",
"OPTIONS": "",
"IN-OPTIONS": "",
"OUT-OPTIONS": ""
}
}
Policy API :
Policy API's configures the policy file, which defines the high-level policy for connections between zones defined in shorewall-zones. The order of entries in this file is important, This file determines what to do with a new connection request if we don't get a match from the rules file . For each source/destination pair, the file is processed in order until a match is found ("all" will match any client or server).
POST /shorewall/server/:group/policy/:id
Describe Service:
Verb URI Description
POST /shorewall/server/cpn-client1/policy/0559950bd0bc2 Creates Policy configurations files entry for policy
###Request JSON:
{
"SRC_ZONE": "$FW",
"DEST_ZONE": "net",
"POLICY": "ACCEPT",
"LOG_LEVEL": "info",
"LIMIT_BURST": ""
}
###Response JSON :
{
"id": "0559950bd0bc2",
"entityName": "policy",
"group": "cpn-client1",
"config":
{
"SRC_ZONE": "$FW",
"DEST_ZONE": "net",
"POLICY": "ACCEPT",
"LOG_LEVEL": "info",
"LIMIT_BURST": ""
}
}
GET /shorewall/server/:group/policy/:id
Describe Service:
Verb URI Description
GET /shorewall/server/cpn-client1/policy/0559950bd0bc2 Describes the configurations files entry for policy
###Response JSON :
{
"id": "0559950bd0bc2",
"entityName": "policy",
"group": "cpn-client1",
"config":
{
"SRC_ZONE": "$FW",
"DEST_ZONE": "net",
"POLICY": "ACCEPT",
"LOG_LEVEL": "info",
"LIMIT_BURST": ""
}
}
Rules API :
Rules API's will create/updates rules file configurations, Entries in this rules configuration file govern connection establishment by defining exceptions to the policies layed out in shorewall-policy. By default, subsequent requests and responses are automatically allowed using connection tracking. For any particular (source,dest) pair of zones, the rules are evaluated in the order in which they appear in this file and the first terminating match is the one that determines the disposition of the request. All rules are terminating except LOG and COUNT rules.
POST /shorewall/server/:group/rules/:id
Describe Service:
Verb URI Description
POST /shorewall/server/cpn-client1/rules/0559950bd0bc3 Creates the shorewall rules ACCEPT configuration file entry in rules
###Request JSON:
{
"ACTION": "ACCEPT",
"SOURCE_zone": "$FW",
"DEST_zone": "net",
"PROTO": "icmp",
"DEST_PORT": "",
"SOURCE_PORT": "",
"Original_DEST": "",
"RATE_LIMIT": "",
"User_Group": "",
"MARK": "",
"CONNLIMIT": "",
"TIME": "",
"HEADERS": "",
"SWITCH": ""
}
###Response JSON :
{
"id": "0559950bd0bc3",
"entityName": "rules",
"group": "cpn-client1",
"config":
{
"ACTION": "ACCEPT",
"SOURCE_zone": "$FW",
"DEST_zone": "net",
"PROTO": "icmp",
"DEST_PORT": "",
"SOURCE_PORT": "",
"Original_DEST": "",
"RATE_LIMIT": "",
"User_Group": "",
"MARK": "",
"CONNLIMIT": "",
"TIME": "",
"HEADERS": "",
"SWITCH": ""
}
}
GET /shorewall/server/:group/rules/:id
Describe Service:
Verb URI Description
GET /shorewall/server/cpn-client1/rules/0559950bd0bc3 Describes the shorewall rules ACCEPT configuration file entry in rules
###Response JSON :
{
"id": "0559950bd0bc3",
"entityName": "rules",
"group": "cpn-client1",
"config":
{
"ACTION": "ACCEPT",
"SOURCE_zone": "$FW",
"DEST_zone": "net",
"PROTO": "icmp",
"DEST_PORT": "",
"SOURCE_PORT": "",
"Original_DEST": "",
"RATE_LIMIT": "",
"User_Group": "",
"MARK": "",
"CONNLIMIT": "",
"TIME": "",
"HEADERS": "",
"SWITCH": ""
}
}
Routestopped API
This file is used to define the hosts that are accessible when the firewall is stopped or is being stopped.
POST /shorewall/server/:group/routestopped/:id
Describe Service:
Verb URI Description
POST /shorewall/server/cpn-client1/routestopped/0559950bd0bc4 Creates the shorewall routestopped configuration file entry
###Request JSON:
{
"INTERFACE": "eth0",
"HOSTS": "192.168.8.140",
"OPTIONS": "",
"PROTO": "",
"DEST_PORTS": "",
"SOURCE_PORTS": ""
}
###Response JSON :
{
"id": "0559950bd0bc4",
"entityName": "routestopped",
"group": "cpn-client1",
"config":
{
"INTERFACE": "eth0",
"HOSTS": "192.168.8.140",
"OPTIONS": "",
"PROTO": "",
"DEST_PORTS": "",
"SOURCE_PORTS": ""
}
}
**GET /shorewall/server/:group/routestopped/:id **
Describe Service:
Verb URI Description
GET /shorewall/server/cpn-client1/routestopped/0559950bd0bc4 Describes the shorewall routestopped configuration file entry
###Response JSON :
{
"id": "0559950bd0bc4",
"entityName": "routestopped",
"group": "cpn-client1",
"config":
{
"INTERFACE": "eth0",
"HOSTS": "192.168.8.140",
"OPTIONS": "",
"PROTO": "",
"DEST_PORTS": "",
"SOURCE_PORTS": ""
}
}
POST /shorewall/client/:group/:action
Describe Service:
Verb URI Description
POST /shorewall/client/cpn-client1/capabilities Creates the shorewall capabilities configuration file entry in shorewall-lite client
GET /shorewall/client/capabilities/:group
Describe Service:
Verb URI Description
GET /shorewall/client/capabilities/cpn-client1 Describes the shorewall capabilities configuration file entry to orchestration
###Response JSON :
{
"content": "IwojIFNob3Jld2FsbCA0LjQuMjYuMSBkZXRlY3RlZCB0aGUgZm9sbG93aW5nIGlwdGFibGVzL25ldGZpbHRlciBjYXBhYmlsaXRpZXMgLSBUdWUgT2N0IDMwIDE3OjAzOjUyIElTVCAyMDEyCiMKTkFUX0VOQUJMRUQ9WWVzCk1BTkdMRV9FTkFCTEVEPVllcwpNVUxUSVBPUlQ9WWVzClhNVUxUSVBPUlQ9WWVzCkNPTk5UUkFDS19NQVRDSD1ZZXMKTkVXX0NPTk5UUkFDS19NQVRDSD1ZZXMKT0xEX0NPTk5UUkFDS19NQVRDSD0KVVNFUEtUVFlQRT1ZZXMKUE9MSUNZX01BVENIPVllcwpQSFlTREVWX01BVENIPVllcwpQSFlTREVWX0JSSURHRT1ZZXMKTEVOR1RIX01BVENIPVllcwpJUFJBTkdFX01BVENIPVllcwpSRUNFTlRfTUFUQ0g9WWVzCk9XTkVSX01BVENIPVllcwpJUFNFVF9NQVRDSD0KT0xEX0lQU0VUX01BVENIPQpDT05OTUFSSz1ZZXMKWENPTk5NQVJLPVllcwpDT05OTUFSS19NQVRDSD1ZZXMKWENPTk5NQVJLX01BVENIPVllcwpSQVdfVEFCTEU9WWVzClJBV1BPU1RfVEFCTEU9CklQUDJQX01BVENIPQpPTERfSVBQMlBfTUFUQ0g9CkNMQVNTSUZZX1RBUkdFVD1ZZXMKRU5IQU5DRURfUkVKRUNUPVllcwpLTFVER0VGUkVFPVllcwpNQVJLPVllcwpYTUFSSz1ZZXMKRVhNQVJLPVllcwpNQU5HTEVfRk9SV0FSRD1ZZXMKQ09NTUVOVFM9WWVzCkFERFJUWVBFPVllcwpUQ1BNU1NfTUFUQ0g9WWVzCkhBU0hMSU1JVF9NQVRDSD1ZZXMKT0xEX0hMX01BVENIPQpORlFVRVVFX1RBUkdFVD1ZZXMKUkVBTE1fTUFUQ0g9WWVzCkhFTFBFUl9NQVRDSD1ZZXMKQ09OTkxJTUlUX01BVENIPVllcwpUSU1FX01BVENIPVllcwpHT1RPX1RBUkdFVD1ZZXMKTE9HTUFSS19UQVJHRVQ9CklQTUFSS19UQVJHRVQ9CkxPR19UQVJHRVQ9WWVzClVMT0dfVEFSR0VUPVllcwpORkxPR19UQVJHRVQ9WWVzClBFUlNJU1RFTlRfU05BVD1ZZXMKVFBST1hZX1RBUkdFVD1ZZXMKRkxPV19GSUxURVI9WWVzCkZXTUFSS19SVF9NQVNLPVllcwpNQVJLX0FOWVdIRVJFPVllcwpIRUFERVJfTUFUQ0g9CkFDQ09VTlRfVEFSR0VUPQpBVURJVF9UQVJHRVQ9WWVzCklQU0VUX1Y1PQpDT05ESVRJT05fTUFUQ0g9CklQVEFCTEVTX1M9WWVzCkJBU0lDX0ZJTFRFUj1ZZXMKQ0FQVkVSU0lPTj00MDQyNgpLRVJORUxWRVJTSU9OPTMwMjAwCg=="
}
POST /shorewall/capabilities/server/:group
Verb URI Description
POST /shorewall/capabilities/server/cpn-client1 Post the shorewall capabilities configuration file entry to shorewall server
###Request JSON:
{
"content": "IwojIFNob3Jld2FsbCA0LjQuMjYuMSBkZXRlY3RlZCB0aGUgZm9sbG93aW5nIGlwdGFibGVzL25ldGZpbHRlciBjYXBhYmlsaXRpZXMgLSBUdWUgT2N0IDMwIDE3OjAzOjUyIElTVCAyMDEyCiMKTkFUX0VOQUJMRUQ9WWVzCk1BTkdMRV9FTkFCTEVEPVllcwpNVUxUSVBPUlQ9WWVzClhNVUxUSVBPUlQ9WWVzCkNPTk5UUkFDS19NQVRDSD1ZZXMKTkVXX0NPTk5UUkFDS19NQVRDSD1ZZXMKT0xEX0NPTk5UUkFDS19NQVRDSD0KVVNFUEtUVFlQRT1ZZXMKUE9MSUNZX01BVENIPVllcwpQSFlTREVWX01BVENIPVllcwpQSFlTREVWX0JSSURHRT1ZZXMKTEVOR1RIX01BVENIPVllcwpJUFJBTkdFX01BVENIPVllcwpSRUNFTlRfTUFUQ0g9WWVzCk9XTkVSX01BVENIPVllcwpJUFNFVF9NQVRDSD0KT0xEX0lQU0VUX01BVENIPQpDT05OTUFSSz1ZZXMKWENPTk5NQVJLPVllcwpDT05OTUFSS19NQVRDSD1ZZXMKWENPTk5NQVJLX01BVENIPVllcwpSQVdfVEFCTEU9WWVzClJBV1BPU1RfVEFCTEU9CklQUDJQX01BVENIPQpPTERfSVBQMlBfTUFUQ0g9CkNMQVNTSUZZX1RBUkdFVD1ZZXMKRU5IQU5DRURfUkVKRUNUPVllcwpLTFVER0VGUkVFPVllcwpNQVJLPVllcwpYTUFSSz1ZZXMKRVhNQVJLPVllcwpNQU5HTEVfRk9SV0FSRD1ZZXMKQ09NTUVOVFM9WWVzCkFERFJUWVBFPVllcwpUQ1BNU1NfTUFUQ0g9WWVzCkhBU0hMSU1JVF9NQVRDSD1ZZXMKT0xEX0hMX01BVENIPQpORlFVRVVFX1RBUkdFVD1ZZXMKUkVBTE1fTUFUQ0g9WWVzCkhFTFBFUl9NQVRDSD1ZZXMKQ09OTkxJTUlUX01BVENIPVllcwpUSU1FX01BVENIPVllcwpHT1RPX1RBUkdFVD1ZZXMKTE9HTUFSS19UQVJHRVQ9CklQTUFSS19UQVJHRVQ9CkxPR19UQVJHRVQ9WWVzClVMT0dfVEFSR0VUPVllcwpORkxPR19UQVJHRVQ9WWVzClBFUlNJU1RFTlRfU05BVD1ZZXMKVFBST1hZX1RBUkdFVD1ZZXMKRkxPV19GSUxURVI9WWVzCkZXTUFSS19SVF9NQVNLPVllcwpNQVJLX0FOWVdIRVJFPVllcwpIRUFERVJfTUFUQ0g9CkFDQ09VTlRfVEFSR0VUPQpBVURJVF9UQVJHRVQ9WWVzCklQU0VUX1Y1PQpDT05ESVRJT05fTUFUQ0g9CklQVEFCTEVTX1M9WWVzCkJBU0lDX0ZJTFRFUj1ZZXMKQ0FQVkVSU0lPTj00MDQyNgpLRVJORUxWRVJTSU9OPTMwMjAwCg=="
}
###Response JSON :
{
"result": "true"
}
/shorewall/server/:group/:action
This API compiles the configurations for the respective clients directory and creates firewall and firewall.conf in /config/shorewall/:group/ directory we can call by three API's as below.
POST /shorewall/server/:group/capabilities This API will be called only if we dont have capabilities file from respective clients, since it is generic capabilities file for all clients
Describe Service:
Verb URI Description
POST /shorewall/server/cpn-client1/capabilities Creates the capabilities on shorewall server on respective client directory
###Response JSON :
{
"result": "true"
}
POST /shorewall/server/:group/build
Describe Service:
Verb URI Description
POST /shorewall/server/cpn-client1/build Starts the compilation of firewall service on shorewall server to create friewall and firewall.conf files
###Response JSON :
{
"result": "Compiling... Processing /config/shorewall/cpn-client1/shorewall.conf... Compiling /config/shorewall/cpn-client1/zones... Compiling /config/shorewall/cpn-client1/interfaces... Determining Hosts in Zones... Preprocessing Action Files... Compiling ... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Compiling /config/shorewall/cpn-client1/policy... Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling MAC Filtration -- Phase 1... Compiling /config/shorewall/cpn-client1/rules... Generating Transitive Closure of Used-action List... Processing /usr/share/shorewall/action.Reject for chain Reject... Compiling ... Processing /usr/share/shorewall/action.Drop for chain Drop... Compiling MAC Filtration -- Phase 2... Applying Policies... Generating Rule Matrix... Creating iptables-restore input... Compiling iptables-restore input for chain mangle:... Compiling /config/shorewall/cpn-client1/routestopped... Shorewall configuration compiled to /config/shorewall/cpn-client1/firewall "
}
POST /shorewall/server/:group/rebuild
Describe Service:
Verb URI Description
POST /shorewall/server/cpn-client1/rebuild Restarts the compilation of firewall service on shorewall server to create friewall and firewall.conf files
###Response JSON :
{
"result": "Compiling... Processing /config/shorewall/cpn-client1/shorewall.conf... Compiling /config/shorewall/cpn-client1/zones... Compiling /config/shorewall/cpn-client1/interfaces... Determining Hosts in Zones... Preprocessing Action Files... Compiling ... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Compiling /config/shorewall/cpn-client1/policy... Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling MAC Filtration -- Phase 1... Compiling /config/shorewall/cpn-client1/rules... Generating Transitive Closure of Used-action List... Processing /usr/share/shorewall/action.Reject for chain Reject... Compiling ... Processing /usr/share/shorewall/action.Drop for chain Drop... Compiling MAC Filtration -- Phase 2... Applying Policies... Generating Rule Matrix... Creating iptables-restore input... Compiling iptables-restore input for chain mangle:... Compiling /config/shorewall/cpn-client1/routestopped... Shorewall configuration compiled to /config/shorewall/cpn-client1/firewall "
}
GET /shorewall/server/firewall/:group/scripts
This API get Firewall and firewall.conf from server to orchestration
Describe Service:
Verb URI Description
GET /shorewall/server/firewall/cpn-client1/scripts Describes to get the friewall and firewall.conf files from shorewall server to orchestration
###Response JSON :
{
"firewall": "IwojIFNob3Jld2FsbCBhdXhpbGlhcnkgY29uZmlndXJhdGlvbiBmaWxlIGNyZWF0ZWQgYnkgU2hvcmV3YWxsIHZlcnNpb24gNC40LjExLjYgLSBXZWQgT2N0IDMxIDIwOjI4OjM3IDIwMTIKIwpbIC1uICIke1ZFUkJPU0lUWTo9MX0iIF0KWyAtbiAiJHtMT0dGSUxFOj0vdmFyL2xvZy9tZXNzYWdlc30iIF0KWyAtbiAiJHtMT0dGT1JNQVQ6PVNob3Jld2FsbDolczolczp9IiBdClsgLW4gIiR7UEFUSDo9L3NiaW46L2JpbjovdXNyL3NiaW46L3Vzci9iaW46L3Vzci9sb2NhbC9iaW46L3Vzci9sb2NhbC9zYmlufSIgXQpbIC1uICIke1NIT1JFV0FMTF9TSEVMTDo9L2Jpbi9zaH0iIF0KWyAtbiAiJHtSRVNUT1JFRklMRTo9cmVzdG9yZX0iIF0KVENfRU5BQkxFRD0iSW50ZXJuYWwiCg==",
"firewallconf": ""
}
POST /shorewall/firewallfiles/client
Describe Service:
Verb URI Description
POST /shorewall/firewallfiles/client Posts the firewall and firewall.conf files to shorewall-lite clients
###Request JSON :
{
"firewall": "IwojIFNob3Jld2FsbCBhdXhpbGlhcnkgY29uZmlndXJhdGlvbiBmaWxlIGNyZWF0ZWQgYnkgU2hvcmV3YWxsIHZlcnNpb24gNC40LjExLjYgLSBXZWQgT2N0IDMxIDIwOjI4OjM3IDIwMTIKIwpbIC1uICIke1ZFUkJPU0lUWTo9MX0iIF0KWyAtbiAiJHtMT0dGSUxFOj0vdmFyL2xvZy9tZXNzYWdlc30iIF0KWyAtbiAiJHtMT0dGT1JNQVQ6PVNob3Jld2FsbDolczolczp9IiBdClsgLW4gIiR7UEFUSDo9L3NiaW46L2JpbjovdXNyL3NiaW46L3Vzci9iaW46L3Vzci9sb2NhbC9iaW46L3Vzci9sb2NhbC9zYmlufSIgXQpbIC1uICIke1NIT1JFV0FMTF9TSEVMTDo9L2Jpbi9zaH0iIF0KWyAtbiAiJHtSRVNUT1JFRklMRTo9cmVzdG9yZX0iIF0KVENfRU5BQkxFRD0iSW50ZXJuYWwiCg==",
"firewallconf": ""
}
###Response JSON :
{
"result": "true"
}
/shorewall/client/:group/:action, Action API is to start/status/clear/stop/restart the shorewall service on shorewall-lite clients :
POST /shorewall/client/:group/start
Describe Service:
Verb URI Description
POST /shorewall/client/cpn-client1/start Start of the firewall service on shorewall-lite clients
###Response JSON :
{
"result": "Starting Shorewall Lite.... done. "
}
POST /shorewall/client/:group/restart
Describe Service:
Verb URI Description
POST /shorewall/client/cpn-client1/restart Restarts of the firewall service on shorewall-lite clients
###Response JSON :
{
"result": "Starting Shorewall Lite.... done. "
}
POST /shorewall/client/:group/status
Describe Service:
Verb URI Description
POST /shorewall/client/cpn-client1/status Gets the firewall service status on shorewall-lite clients
###Response JSON :
{
"result": "Shorewall Lite-4.4.11.6 Status at clpstpdfc78 - Wed Oct 31 20:45:58 IST 2012 Shorewall Lite is running State:Started (Wed Oct 31 20:45:01 IST 2012) "
}
POST /shorewall/client/:group/stop
Describe Service:
Verb URI Description
POST /shorewall/client/cpn-client1/stop Stops the firewall service on shorewall-lite clients
###Response JSON :
{
"result": "Stopping Shorewall Lite.... done. "
}
POST /shorewall/client/:group/clear
Describe Service:
Verb URI Description
POST /shorewall/client/cpn-client1/clear Clears the firewall service on shorewall-lite clients
###Response JSON :
{
"result": "Clearing Shorewall Lite.... done. "
}
POST /shorewall/client/:group/restart
Describe Service:
Verb URI Description
POST /shorewall/client/cpn-client1/restart Restarts the firewall service on shorewall-lite clients
###Response JSON :
{
"result": "Restarting Shorewall Lite.... done. "
}