Skip to content

Commit e9b5756

Browse files
slayercatslayercat
committed
New API for network rules: network_address_aliases_get / filter_rules_get
--- - Returns address aliaes used by rules. - HTTP: **GET** - Params: none *Example Request* ```bash curl \ -X GET \ --silent \ --insecure \ --header "fauxapi-auth: <auth-value>" \ "https://<host-address>/fauxapi/v1/?action=network_address_aliases_get" ``` *Example Response* ```javascript { "callid": "5e205fc052956", "action": "network_address_aliases_get", "message": "ok", "data": { "aliases": { "alias": [ { "name": "EasyRuleBlockHostsWAN", "type": "network", "address": "1.2.3.4/32 5.6.7.8/32", "descr": "Hosts blocked from Firewall Log view", "detail": "Entry added Fri, 27 Dec 2019 00:53:01 -0800||\u5df2\u6dfb\u52a0\u6761\u76ee Thu, 16 Jan 2020 03:42:37 -0800" } ] } } } ``` --- - Returns address aliaes used by rules. - HTTP: **GET** - Params: none *Example Request* ```bash curl \ -X GET \ --silent \ --insecure \ --header "fauxapi-auth: <auth-value>" \ "https://<host-address>/fauxapi/v1/?action=filter_rules_get" ``` *Example Response* ```javascript { "callid": "5e2060797a602", "action": "filter_rules_get", "message": "ok", "data": { "filter": { "rules": [ { "id": "", "tracker": "1579178400", "type": "pass", "interface": "wan", "ipprotocol": "inet", "tag": "", "tagged": "", "max": "", "max-src-nodes": "", "max-src-conn": "", "max-src-states": "", "statetimeout": "", "statetype": "keep state", "os": "", "protocol": "tcp", "source": { "address": "1.2.1.1" }, "destination": { "any": "", "port": "1-65535" }, "descr": "", "updated": { "time": "1579178400", "username": "[email protected] (Local Database)" }, "created": { "time": "1579178400", "username": "[email protected] (Local Database)" } }, { "type": "block", "interface": "wan", "ipprotocol": "inet", "source": { "address": "EasyRuleBlockHostsWAN" }, "destination": { "any": "" }, "descr": "Easy Rule: Blocked from Firewall Log View", "created": { "time": "1577436781", "username": "Easy Rule" }, "tracker": "1577436781" }, { "type": "drop", "ipprotocol": "inet", "descr": "Default allow LAN to any rule", "interface": "lan", "source": { "network": "lan" }, "destination": { "ip": "192.10.1.1" } } ] } } } ``` Signed-off-by: lilinzhe <[email protected]>
1 parent 74964de commit e9b5756

File tree

3 files changed

+200
-0
lines changed

3 files changed

+200
-0
lines changed

README.md

Lines changed: 130 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ tasks feasible.
2323
- [send_event](#user-content-send_event) - Performs a pfSense "send_event" command to cause various pfSense system actions.
2424
- [system_reboot](#user-content-system_reboot) - Reboots the pfSense system.
2525
- [system_stats](#user-content-system_stats) - Returns various useful system stats.
26+
- [network_address_aliases_get](#user-content-network_address_aliases_get) - Returns address aliaes used by rules.
2627

2728

2829
## Approach
@@ -869,6 +870,135 @@ curl \
869870
}
870871
```
871872
---
873+
### network_address_aliases_get
874+
- Returns address aliaes used by rules.
875+
- HTTP: **GET**
876+
- Params: none
877+
878+
*Example Request*
879+
```bash
880+
curl \
881+
-X GET \
882+
--silent \
883+
--insecure \
884+
--header "fauxapi-auth: <auth-value>" \
885+
"https://<host-address>/fauxapi/v1/?action=network_address_aliases_get"
886+
```
887+
888+
*Example Response*
889+
```javascript
890+
{
891+
"callid": "5e205fc052956",
892+
"action": "network_address_aliases_get",
893+
"message": "ok",
894+
"data": {
895+
"aliases": {
896+
"alias": [
897+
{
898+
"name": "EasyRuleBlockHostsWAN",
899+
"type": "network",
900+
"address": "1.2.3.4/32 5.6.7.8/32",
901+
"descr": "Hosts blocked from Firewall Log view",
902+
"detail": "Entry added Fri, 27 Dec 2019 00:53:01 -0800||\u5df2\u6dfb\u52a0\u6761\u76ee Thu, 16 Jan 2020 03:42:37 -0800"
903+
}
904+
]
905+
}
906+
}
907+
}
908+
```
909+
---
910+
### filter_rules_get
911+
- Returns address aliaes used by rules.
912+
- HTTP: **GET**
913+
- Params: none
914+
915+
*Example Request*
916+
```bash
917+
curl \
918+
-X GET \
919+
--silent \
920+
--insecure \
921+
--header "fauxapi-auth: <auth-value>" \
922+
"https://<host-address>/fauxapi/v1/?action=filter_rules_get"
923+
```
924+
925+
*Example Response*
926+
```javascript
927+
{
928+
"callid": "5e2060797a602",
929+
"action": "filter_rules_get",
930+
"message": "ok",
931+
"data": {
932+
"filter": {
933+
"rules": [
934+
{
935+
"id": "",
936+
"tracker": "1579178400",
937+
"type": "pass",
938+
"interface": "wan",
939+
"ipprotocol": "inet",
940+
"tag": "",
941+
"tagged": "",
942+
"max": "",
943+
"max-src-nodes": "",
944+
"max-src-conn": "",
945+
"max-src-states": "",
946+
"statetimeout": "",
947+
"statetype": "keep state",
948+
"os": "",
949+
"protocol": "tcp",
950+
"source": {
951+
"address": "1.2.1.1"
952+
},
953+
"destination": {
954+
"any": "",
955+
"port": "1-65535"
956+
},
957+
"descr": "",
958+
"updated": {
959+
"time": "1579178400",
960+
"username": "[email protected] (Local Database)"
961+
},
962+
"created": {
963+
"time": "1579178400",
964+
"username": "[email protected] (Local Database)"
965+
}
966+
},
967+
{
968+
"type": "block",
969+
"interface": "wan",
970+
"ipprotocol": "inet",
971+
"source": {
972+
"address": "EasyRuleBlockHostsWAN"
973+
},
974+
"destination": {
975+
"any": ""
976+
},
977+
"descr": "Easy Rule: Blocked from Firewall Log View",
978+
"created": {
979+
"time": "1577436781",
980+
"username": "Easy Rule"
981+
},
982+
"tracker": "1577436781"
983+
},
984+
{
985+
"type": "drop",
986+
"ipprotocol": "inet",
987+
"descr": "Default allow LAN to any rule",
988+
"interface": "lan",
989+
"source": {
990+
"network": "lan"
991+
},
992+
"destination": {
993+
"ip": "192.10.1.1"
994+
}
995+
}
996+
]
997+
}
998+
}
999+
}
1000+
```
1001+
---
8721002
8731003
## Versions and Testing
8741004
The FauxAPI has been developed against pfSense 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.3, 2.4.4 it has

pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -401,6 +401,54 @@ class fauxApiActions {
401401
);
402402
return TRUE;
403403
}
404+
405+
/**
406+
* filter_rules_get()
407+
*
408+
* @return boolean
409+
*/
410+
public function filter_rules_get() {
411+
fauxApiLogger::debug(__METHOD__);
412+
413+
$rules = $this->PfsenseInterface->filter_rules_get();
414+
415+
if (empty($rules)) {
416+
$this->response->http_code = 500;
417+
$this->response->message = 'unable to get filter rule(s)';
418+
return FALSE;
419+
}
420+
$this->response->http_code = 200;
421+
$this->response->message = 'ok';
422+
$this->response->data = array(
423+
'filter' => array(
424+
'rules' => $rules
425+
),
426+
);
427+
return TRUE;
428+
}
429+
430+
/**
431+
* address_aliases_get()
432+
*
433+
* @return boolean
434+
*/
435+
public function network_address_aliases_get() {
436+
fauxApiLogger::debug(__METHOD__);
437+
438+
$alias = $this->PfsenseInterface->network_address_aliases_get();
439+
440+
if (empty($alias)) {
441+
$this->response->http_code = 500;
442+
$this->response->message = 'unable to get address aliases';
443+
return FALSE;
444+
}
445+
$this->response->http_code = 200;
446+
$this->response->message = 'ok';
447+
$this->response->data = array(
448+
'aliases' => $alias,
449+
);
450+
return TRUE;
451+
}
404452

405453
/**
406454
* alias_update_urltables()

pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface.inc

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -719,6 +719,28 @@ class fauxApiPfsenseInterface {
719719
return \pfSense_get_interface_stats($interface);
720720
}
721721

722+
/**
723+
* filter_rules_get()
724+
*
725+
* @return array
726+
*/
727+
public function filter_rules_get(){
728+
global $config;
729+
fauxApiLogger::debug(__METHOD__);
730+
return $config["filter"]["rule"];
731+
}
732+
733+
/**
734+
* network_address_aliases_get()
735+
*
736+
* @return array
737+
*/
738+
public function network_address_aliases_get(){
739+
global $config;
740+
fauxApiLogger::debug(__METHOD__);
741+
return $config["aliases"];
742+
}
743+
722744
/**
723745
* function_call()
724746
*

0 commit comments

Comments
 (0)