Versions Compared

Old Version 18

changes.mady.by.user Huifeng Le

Saved on

compared with

New Version 19

changes.mady.by.user Huifeng Le

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Normal response codes: 200

  • Response Parameters

    NameInTypeDescription
    rulesbodyarraya list of defined rules


  • Response Example


    {
        "rules": [

            {

                "name":"default_rule",

                "dest_ip": "0.0.0.0/0"

                "policy": "balanced"

            }

         ]

    }


...

  • Normal response codes: 200
  • Error response code: 404

  • Response Parameters

    NameInTypeDescription
    namebodystringrule name
    policybodystringpolicy used for the rule
    src_ipbodystring(optional) source ip address
    src_portbodystring(optional) source port or port range
    dest_ipbodystring(optional) destination ip address
    dest_portbodystring(optional) destination port or port range
    protobody string (optional) protocol for the rule. Valid values: "tcp", "udp", "icmp", "all"
    familybody string (optional) address family. Valid values: "ipv4", "ipv6", "all" 
    stickybody string (optional) default: 0, allow traffic from the same source ip address within the timeout limit to use same wan interface as prior session 
    timeoutbody int (optional) default: 600,  Stickiness timeout value in seconds


  • Response Example


    {

        "name":"default_rule",

        "dest_ip": "0.0.0.0/0"

         "policy": "balanced"

    }


...

  • Request Parameters

    NameInTypeDescription
    rulepathstringrule name
    policybodystringpolicy used for the rule
    src_ipbodystring(optional) source ip address
    src_portbodystring(optional) source port or port range
    dest_ipbodystring(optional) destination ip address
    dest_portbodystring(optional) destination port or port range
    protobody string (optional) protocol for the rule. Valid values: "tcp", "udp", "icmp", "all"
    familybody string (optional) address family. Valid values: "ipv4", "ipv6", "all" 
    stickybody string (optional) default: 0, allow traffic from the same source ip address within the timeout limit to use same wan interface as prior session 
    timeoutbody int (optional) default: 600,  Stickiness timeout value in seconds


  • Request Example


    {

        "dest_ip": "0.0.0.0/0"

         "policy": "balanced"

    }


...

SDEWAN CNF will be created with Default sections initialized. Include section will not be included in this release.

SD-EWAN Firewall API provides support to get/create/update/delete Firewall Zone, Redirect, Rule and Forwardings

...

  • Normal response codes: 200

  • Response Parameters

    NameInTypeDescription
    zonesbodyarraya list of defined zones


  • Response Example


    {
        "zones": [

            {

                "name":"wan",

                "network":"wan"

                "input": "REJECT"

                "output": "ACCEPT"

                "forward": "REJECT"

                "masq": "1"

                "mtu_fix": "1"

             }

        ]

    }


...

  • Normal response codes: 200
  • Error response code: 404

  • Response Parameters

    NameInTypeDescription
    namebodystring(Required) zone name
    networkbodyarrayList of interfaces attached to this zone
    masqbodybooleanSpecifies whether outgoing zone traffic should be masqueraded. "0" or "1"
    masq_srcbodystringLimit masquerading to the given source subnets.
    masq_destbodystringLimit masquerading to the given destination subnets
    masq_allow_invalidbodybooleanwhether add DROP INVALID rules 
    mtu_fix bodybooleanEnable MSS clamping for outgoing zone traffic 
    input body string Default policy (ACCEPT, REJECT, DROP) for incoming zone traffic. 
    forward body string Default policy (ACCEPT, REJECT, DROP) for forwarded zone traffic. 
    outputbody string Default policy (ACCEPT, REJECT, DROP) for output zone traffic. 
    family body string The protocol family (ipv4, ipv6 or any) these iptables rules are for. 
    subnet body string List of IP subnets attached to this zone 
    extra_src body string Extra arguments passed directly to iptables for source classification rules.   
    etra_dest body string Extra arguments passed directly to iptables for destination classification rules.   


  • Response Example


    {

          "name":"wan",

           "network":"wan"

           "input": "REJECT"

           "output": "ACCEPT"

          "forward": "REJECT"

           "masq": "1"

           "mtu_fix": "1"

    }


POST /cgi-bin/luci/sdewan/firewall/v1/zone

...

  • Request Parameters:

    NameInTypeDescription
    policyzonepathstringpolicy zone namemembers
    {other params}bodyarraypolicy members
    interfacebodystringmember interface name
    metricbodyint(optional) default: 1, members within one policy with a lower metric have precedence over higher metric members
    weightbodyint(optional) default: 1, members with same metric will distribute load based on this weight value

    		same with GET response


  • Request Example


    {

           "network":"wan",

           "input": "REJECT",

           "output": "ACCEPT",

          "forward": "REJECT",

           "masq": "1",

           "mtu_fix": "1"

    Request Example

    {

           "members": [

               {

                   "interface": "net1",

                   "metric" 1,

                   "weight": 2

                }

                {

                    "interface": "net2",

                    "metric" 1,

                     "weight": 1

                }

           ]

    }


Response

  • Normal response codes: 204
  • Error response codes: 400, 401, 404

...

DELETE /cgi-bin/luci/sdewan/mwan3firewall/v1/policyzone/{policyzone}

delete a policyzone

Request:

  • Request Parameters

    NameInTypeDescription
    zonepathstringzone name


...