Page History

...

SD-EWAN Firewall API provides support to get/create/update/delete Firewall Zone, Redirect, Rule and Forwardings

Zone

GET /cgi-bin/luci/sdewan/firewall/v1/zones

Lists all defined zones

Request: N/A

Response

• Normal response codes: 200

• Response Parameters

  Name	In	Type	Description
  zones	body	array	a list of defined zones

  
  

• Response Example

  
  

  {     "zones": [         {             "name":"wan",             "network":"wan"             "input": "REJECT"             "output": "ACCEPT"             "forward": "REJECT"             "masq": "1"             "mtu_fix": "1"          }     ] }

  
  

GET /cgi-bin/luci/sdewan/firewall/v1/zone/{zone}

Get a zone

Request: N/A

• Request Parameters

  Name	In	Type	Description
  zone	path	string	zone name

  
  

Response

• Normal response codes: 200
• Error response code: 404

• Response Parameters

  Name	In	Type	Description
  name	body	string	(Required) zone name
  network	body	array	List of interfaces attached to this zone
  masq	body	boolean	Specifies whether outgoing zone traffic should be masqueraded. "0" or "1"
  masq_src	body	string	Limit masquerading to the given source subnets.
  masq_dest	body	string	Limit masquerading to the given destination subnets
  masq_allow_invalid	body	boolean	whether add DROP INVALID rules
  mtu_fix	body	boolean	Enable MSS clamping for outgoing zone traffic
  input	body	string	Default policy (ACCEPT, REJECT, DROP) for incoming zone traffic.
  forward	body	string	Default policy (ACCEPT, REJECT, DROP) for forwarded zone traffic.
  output	body	string	Default policy (ACCEPT, REJECT, DROP) for output zone traffic.
  family	body	string	The protocol family (ipv4, ipv6 or any) these iptables rules are for.
  subnet	body	string	List of IP subnets attached to this zone
  extra_src	body	string	Extra arguments passed directly to iptables for source classification rules.
  etra_dest	body	string	Extra arguments passed directly to iptables for destination classification rules.

  
  

• Response Example

  
  

  {       "name":"wan",        "network":"wan"        "input": "REJECT"        "output": "ACCEPT"       "forward": "REJECT"        "masq": "1"        "mtu_fix": "1" }

  
  

POST /cgi-bin/luci/sdewan/firewall/v1/zone

create a new zone

Request:

• Request Parameters: same with GET's response request

• Request Example: same with GET's response example

  
  

Response

• Normal response codes: 201
• Error response codes: 400, 401

PUT /cgi-bin/luci/sdewan/firewall/v1/zone/{zone}

update a zone

Request:

• Request Parameters:

  Name	In	Type	Description
  policy	path	string	policy name
  members	body	array	policy members
  interface	body	string	member interface name
  metric	body	int	(optional) default: 1, members within one policy with a lower metric have precedence over higher metric members
  weight	body	int	(optional) default: 1, members with same metric will distribute load based on this weight value

  
  

• Request Example

  
  

  {        "members": [            {                "interface": "net1",                "metric" 1,                "weight": 2             }             {                 "interface": "net2",                 "metric" 1,                  "weight": 1             }        ] }

  
  

Response

• Normal response codes: 204
• Error response codes: 400, 401, 404

DELETE /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}

delete a policy

Request:

• Request Parameters

  Name	In	Type	Description
  zone	path	string	zone name

  
  

Response

• Normal response codes: 200
• Error response codes: 401, 404

Redirect

Rule

Forwarding