Navigation

Firewalling Methods

API for Firewalling services.

This API can be used to retrieve and change firewalling configuration for your servers. Read only methods are provided for all servers. Configuration may only be changed for servers with Self-managed or Memset-managed firewalling.

Firewall rules are grouped together in firewall rule groups. When creating firewall rule groups, the rule group name will be created by the system.

Information about the firewall rule group currently applied to a server can be found in the firewall_rule_group entry of the dictionary returned by server.info().

An example is provided in Python.

firewalling.rule_create()

Create a firewall rule within a rule group. Rules cannot be created in public rule groups.

The rule will be validated to ensure it is not malformed.

Parameters:
  • rule_group_name (String) – The name of the firewall rule group to which this rule is to be added.
  • ip_version (String, Optional) –

    The Internet Protocol version. Defaults to “any”. Acceptable values

    ‘any’
    any
    ‘ipv4’
    IPv4
    ‘ipv6’
    IPv6
  • action (String) – The action for this rule. Acceptable values: ‘ACCEPT’, ‘DROP’, ‘REJECT’.
  • source_ips (String, Optional) – ‘any’ or a comma separated list of source IPv4 addresses without spaces. These can be CIDR notation, eg 1.2.3.4/24.
  • source_ports (String, Optional) – ‘any’ or a comma separated list of port numbers without spaces
  • dest_ips (String, Optional) – ‘any’ or a comma separated list of source IPv4 addresses without spaces.
  • source_ip6s (String, Optional) – ‘any’ or a comma separated list of source IPv6 addresses without spaces. These can be CIDR notation, eg 2001:db8::/120.
  • dest_ip6s (String, Optional) – ‘any’ or a comma separated list of source IPv6 addresses without spaces.
  • dest_ports (String) – ‘any’ or a comma separated list of port numbers without spaces
  • protocols (String, Optional) –

    The protocol(s). If ‘any’, the protocol and dst ports are not used for matching. Acceptable values

    ‘tcp’
    TCP
    ‘udp’
    UDP
    ‘icmp’
    ICMP
    ‘tcp,udp’
    TCP,UDP
    ‘gre’
    GRE
    ‘esp’
    ESP
    ‘ah’
    AH
    ‘ipip’
    IPIP
    ‘sctp’
    SCTP
    ‘any’
    any
  • ordering (Integer) – The ordering for this rule. Ensure this value is greater than or equal to 1. Ensure this value is less than or equal to 30.
  • comment (String, Optional) – Optional comment about this rule.
  • direction (String, Optional) –

    The direction of traffic that this rule should be applied to. Either ‘Inbound’ or ‘Outbound’. Defaults to Inbound Acceptable values

    ‘Inbound’
    Inbound
    ‘Outbound’
    Outbound
Returns:

A dictionary of the newly created rule as described in firewalling.rule_info().
Raises :

May raise:
firewalling.rule_delete()

Delete the firewall rule with id rule_id.

Parameters:

rule_id (String) – The unique id of the rule
Returns:

The id of the successfully deleted rule.
Raises :

May raise:

  • ApiErrorDoesNotExist if the firewall rule with id rule_id does not exist for this account. Rules within public firewall groups may not be deleted and therefore won’t be searched.
firewalling.rule_group_create()

Add a new firewall rule group for this account.

Parameters:
  • nickname (String) – A nickname for this firewall rule group. Ensure this value has at most 225 characters.
  • notes (String, Optional) – Notes about this firewall rule group.
  • rules (List, Optional) – A List of dictionaries describing firewall rules to create as described in firewalling.rule_info() excluding the rule_group_name parameter (which is created automatically). Maximum number of rules per rule group: 30
  • default_outbound_policy (String, Optional) –

    The default policy to be applied to outbound traffic. Supports ‘Accept’, ‘Drop’ or ‘Reject’. Defaults to ‘Accept’. This option is only available for customers using the outbound firewalling beta Acceptable values

    ‘RETURN’
    Accept
    ‘REJECT’
    Reject
    ‘DROP’
    Drop
Returns:

A dictionary as detailed in firewalling.rule_group_info() for the newly created firewall rule group.
Raises :

May raise:
firewalling.rule_group_delete()

Delete a firewall rule group for this account.

Parameters:

rule_group_name (String) – The name of the firewall rule group.
Returns:

the name of the deleted rule group.
Raises :

May raise:
firewalling.rule_group_info()

Get information about a rule group.

Parameters:rule_group_name (String) – The name of the firewall rule group.
Returns:A dictionary with the following keys
name
String: The unique identifier for this rule group.
nickname
String: The nickname of this rule group.
public
Boolean: Whether this rule group is public.
notes
String: Any notes associated with this rule group.
default_outbound_policy
String: The default policy applied to outbound traffic.
rules
Dictionary: As provided by firewalling.rule_info().
Raises :ApiErrorDoesNotExist if the rule group does not exist.
firewalling.rule_group_list()

Retrieve a list of firewall rule groups for this account.

Parameters:include_public (Boolean, Optional) – Include public rule groups. Default: True.
Returns:A list of dictionaries as described in firewalling.rule_group_info().
firewalling.rule_group_status()

Check the status of a rule group for a specific server.

Parameters:
  • name (String) – Name of the service. Service names are 1-64 characters A-Z, a-z, 0-9, -, . and _. Ensure this value has at most 64 characters.
  • rule_group_name (String) – The name of the firewall rule group.
Returns:

String: The status of the rule group for a server. The status may be one of the following:

active

rule group is active and up to date for this server

pending

rule group is active but there are pending changes which are not yet loaded in the firewall

na

rule group is not currently applicable to this server
Raises :

ApiErrorDoesNotExist if the name or rule_group_name does not exist.
firewalling.rule_info()

Retrieve firewall rule information.

Parameters:

rule_id (String) – The unique id of the rule
Returns:

A dictionary with the following keys:

rule_id

String: The unique id of the rule.

rule_group_name

String: The name of the firewall rule group this rule belongs to.

ip_version

String: ‘ipv4’, ‘ipv6’ or ‘all’.

action

String: ‘ACCEPT’, ‘DROP’ or ‘REJECT’.

source_ips

String: ‘any’ or a comma separated list of source IP addresses without spaces. These can be CIDR notation, eg 1.2.3.4/24.

source_ip6s

String: ‘any’ or a comma separated list of source IPv6 addresses without spaces. These can be CIDR notation, eg 2001:db8::/120.

dest_ips

String: ‘any’ or a comma separated list of destination IP addresses without spaces.

dest_ip6s

String: ‘any’ or a comma separated list of destination IPv6 addresses without spaces.

source_ports

String: ‘any’ or a comma separated list of port numbers without spaces.

dest_ports

String: ‘any’ or a comma separated list of port numbers without spaces.

protocols

String: ‘any’ or a comma separated list of protocols without spaces.

ordering

Integer: The position of this rule within the rule group.

comment

String: Any comment associated with the rule.

direction

String: ‘Inbound’ or ‘Outbound’. This option is only supported for customers using the outbound firewalling beta.
Raises :

May raise:
firewalling.rule_update()

Update a firewall rule. Rules which are part of public rule groups may not be changed and therefore will not be searched.

Cannot be used to change the direction of a rule.

Parameters:
  • rule_id (String) – The unique id of the rule
  • ip_version (String, Optional) –

    The Internet Protocol version. Acceptable values

    ‘any’
    any
    ‘ipv4’
    IPv4
    ‘ipv6’
    IPv6
  • action (String, Optional) – The action for this rule. Acceptable values: ‘ACCEPT’, ‘DROP’, ‘REJECT’.
  • source_ips (String, Optional) – ‘any’ or a comma separated list of source IPv4 addresses without spaces. These can be CIDR notation, eg 1.2.3.4/24.
  • dest_ips (String, Optional) – ‘any’ or a comma separated list of source IPv4 addresses without spaces.
  • source_ip6s (String, Optional) – ‘any’ or a comma separated list of source IPv6 addresses without spaces. These can be CIDR notation, eg 2001:db8::/120.
  • dest_ip6s (String, Optional) – ‘any’ or a comma separated list of source IPv6 addresses without spaces.
  • source_ports (String, Optional) – ‘any’ or a comma separated list of port numbers without spaces
  • dest_ports (String, Optional) – ‘any’ or a comma separated list of port numbers without spaces
  • protocols (String, Optional) –

    ‘any’ or a comma separated list of protocols without spaces. If ‘any’, the protocol and dst ports are not used for matching. Acceptable values

    ‘tcp’
    TCP
    ‘udp’
    UDP
    ‘icmp’
    ICMP
    ‘tcp,udp’
    TCP,UDP
    ‘gre’
    GRE
    ‘esp’
    ESP
    ‘ah’
    AH
    ‘ipip’
    IPIP
    ‘sctp’
    SCTP
    ‘any’
    any
  • ordering (Integer, Optional) – The ordering for this rule. Ensure this value is greater than or equal to 1. Ensure this value is less than or equal to 30.
  • comment (String, Optional) – Optional comment about this rule
Returns:

A dictionary as detailed in firewalling.rule_info() for the modified firewall rule.
Raises :

May raise:
firewalling.update()

Apply a different firewall rule group to name.

The specified firewall rule group can be either a private rule group or one of Memset’s public rule groups.

Parameters:
  • name (String) – Name of the service. Service names are 1-64 characters A-Z, a-z, 0-9, -, . and _. Ensure this value has at most 64 characters.
  • rule_group_name (String) – The name of the firewall rule group to apply to this server.
Returns:

A dictionary as provided by firewalling.rule_group_info() for the server.
Raises :

May raise:

Previous topic

DNS Methods

Next topic

Internal Methods

This Page

Navigation

© Copyright 2024, Memset Ltd. Created using Sphinx 1.1.3.