Sign in with
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
SOLVED

Configuration of the firewall during the snap installation

Go to solution

Configuration of the firewall during the snap installation

Go to solution
WolfgangDannert
Established Member

‎03-01-2022 12:02 PM

Hello,

what is the preferred way to customize the firewall configuration of the firewall snap during a third party snap installation?

I have not found a REST API for the installed firewall app on in the API references.

Do I need to manually customize the nftables.conf file in the app data?

Thanks

0 Likes
Reply
3 REPLIES 3

Go to solution
TheCodeCaptain
Community Moderator
Community Moderator

‎03-02-2022 09:52 AM - edited ‎03-02-2022 10:05 AM

Hi WofgangDannert,

we are looking for a description, should be in the description, but seems there is a bug.

Editing the file is allowed, but as it is not the way we suggest there is no description.

In the meantime you can look into reverse engineering by pressing F12 in your browser while creating your rules in the WebUI.

Some first command look like this:

GET Tables

 

GET https://{{Host}}/firewall/api/v2/families/ip/tables

 

GET Chains

 

GET https://{{Host}}/firewall/api/v2/families/ip/tables

 

GET Rule

 

https://{{Host}}/firewall/api/v2/families/ip/tables/{{firewalltableid}}/chains/{{firewallchainid}}/rules

 

POST Create Chain

 

https://{{Host}}/firewall/api/v2/families/ip/tables/{{firewalltableid}}/chains

Body
{
  "hook": "prerouting",
  "name": "MyNetmap",
  "tableId": "awvLHaxkYan9LqsYiYcuvk",
  "id": "id",
  "family": "ip",
  "priority": 200,
  "type": "nat",
  "policy": "accept"
}

 

 POST Create Rule

 

https://{{Host}}/firewall/api/v2/families/ip/tables/{{firewalltableid}}/chains/{{firewallchainid}}/rules

Body
{
  "chainId": "{{firewallchainid}}",
  "name": "MapIPaddress{{ipoctet}}",
  "tableId": "{{firewalltableid}}",
  "action": "",
  "comment": "MapIPaddressRangebyDNAT",
  "handle": 0,
  "id": "",
  "family": "ip",
  "expressions": [
            {
                "left": {
                    "field": "daddr",
                    "protocol": "ip",
                    "type": "payload"
                },
                "operation": "==",
                "right": "192.168.5.{{ipoctet}}",
                "type": "match"
            },
            {
                "addr": "192.168.2.{{ipoctet}}",
                "type": "dnat"
            }
        ]
}

 

0 Likes
Reply

Go to solution
WolfgangDannert
Established Member
In response to TheCodeCaptain

‎03-03-2022 07:38 AM

Hello TheCodeCaptain,

the information helps well.

Are the IDs used in the API calls defined by a specific rule or are they simply unique IDs?

If the description and Swagger UI are scheduled for an RM, could you share it here?

Thanks

0 Likes
Reply

Go to solution
TheCodeCaptain
Community Moderator
Community Moderator
In response to WolfgangDannert

‎03-03-2022 10:08 AM - edited ‎03-03-2022 10:13 AM

Hi WolfgangDannert,

IDs are unique IDs, so you need to read them from the system.

The API description will be available with Version 1.14.

You can find always the newest here:

https://github.com/boschrexroth/rest-api-description/tree/master/ctrlx-automation/ctrlx-core

You can switch notifications on to get the latest updates.

0 Likes
Reply

OK
OK
Icon--AD-black-48x48Icon--address-consumer-data-black-48x48Icon--appointment-black-48x48Icon--back-left-black-48x48Icon--calendar-black-48x48Icon--center-alignedIcon--Checkbox-checkIcon--clock-black-48x48Icon--close-black-48x48Icon--compare-black-48x48Icon--confirmation-black-48x48Icon--dealer-details-black-48x48Icon--delete-black-48x48Icon--delivery-black-48x48Icon--down-black-48x48Icon--download-black-48x48Ic-OverlayAlertIcon--externallink-black-48x48Icon-Filledforward-right_adjustedIcon--grid-view-black-48x48IC_gd_Check-Circle170821_Icons_Community170823_Bosch_Icons170823_Bosch_Icons170821_Icons_CommunityIC-logout170821_Icons_Community170825_Bosch_Icons170821_Icons_CommunityIC-shopping-cart2170821_Icons_CommunityIC-upIC_UserIcon--imageIcon--info-i-black-48x48Icon--left-alignedIcon--Less-minimize-black-48x48Icon-FilledIcon--List-Check-grennIcon--List-Check-blackIcon--List-Cross-blackIcon--list-view-mobile-black-48x48Icon--list-view-black-48x48Icon--More-Maximize-black-48x48Icon--my-product-black-48x48Icon--newsletter-black-48x48Icon--payment-black-48x48Icon--print-black-48x48Icon--promotion-black-48x48Icon--registration-black-48x48Icon--Reset-black-48x48Icon--right-alignedshare-circle1Icon--share-black-48x48Icon--shopping-bag-black-48x48Icon-shopping-cartIcon--start-play-black-48x48Icon--store-locator-black-48x48Ic-OverlayAlertIcon--summary-black-48x48tumblrIcon-FilledvineIc-OverlayAlertwhishlist