Prev Chapter 13: Controller: /nodeworx/dns/zone Up Part II: NodeWorx API Spec Chapter 15: Controller: /nodeworx/ftp Next

firewall

Required Permissions "FIREWALL"

Action: addPort

Added in version 4.7.0-339

Description Add a port to the firewall configuration.

Input Parameters

Name	Type	Notes	Required?
port	string	Help Entry Enter the port or ports you wish to add to the firewall. You can enter port ranges as well, ex: 1234-1236.	Yes
tcp_flow_in	string	Example Values open, closed	Yes
tcp_flow_out	string	Example Values open, closed	Yes
udp_flow_in	string	Example Values open, closed	Yes
udp_flow_out	string	Example Values open, closed	Yes
cascade_to_nodes	integer	Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1	No

Action: allowDenyIps

Added in version 4.7.0-339

Description Set firewall ip address allow and deny lists.

Input Parameters

Name	Type	Notes	Required?
trusted_ips	struct (string)	Help Entry The IP address for license.interworx.info (207.32.181.150) must be present for proper function of the InterWorx license authentication system. Example Default Value {"127.0.0.1":"127.0.0.1"}	No
blocked_ips	struct (string)		No

Action: delete

Added in version 4.7.0-339

Description Delete firewall port configuration.

Input Parameters

Name	Type	Notes	Required?
ports	struct (string)	Example Values 21, 22, 23, 25, 80, 110, 143, 443, 993, 995, 2080, 2443, 3306, 50000_51000, 4444, 20, 53	Yes

Action: ipv6Settings

Added in version 5.0.14-579

Description Controls how IPv6 Settings are handled when restarting the firewall.

Input Parameters

Name	Type	Notes	Required?
ip6tables_status	string	Example Values off, manual, managed Example Default Value manual	No*
icmp6_control	string	Example Values default, managed Example Default Value managed	No*
cascade_to_nodes	integer	Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1	No
* indicates that it’s actually required, but probably already has a valid default value

Action: isRunning

Added in version 4.7.0-339

Description Checks if the service is running or not.

Sample output

array (
  ’status’ => 0,

  ’payload’ => false,

)

Action: isRunningOnNode

Added in version 4.7.0-339

Description Checks if the service is running on a specific node (Clustering only).

Input Parameters

Name	Type	Notes	Required?
node_id	string		No*
* indicates that it’s actually required, but probably already has a valid default value

Action: listGeneralName

Added in version 4.7.0-339

Description Lists the "normal" name - ie "web server" instead of "httpd".

Sample output

array (
  ’status’ => 0,

  ’payload’ => ’##LG_FIREWALL##’,

)

Action: listPortNumbers

Added in version 4.7.0-339

Description Lists a string of the port numbers that this service uses, comma-seperated.

Sample output

array (
  ’status’ => 0,

  ’payload’ => ’##LG_NOT_APPLICABLE##’,

)

Action: listPortNumbersArray

Added in version 4.7.0-339

Description Lists array of port numbers and ranges that this service uses.

Sample output

array (
  ’status’ => 0,

  ’payload’ => 

  array (

    0 => ’##LG_NOT_APPLICABLE##’,

  ),

)

Action: listRequiredPermissions

Added in version 4.7.0-339

Description Lists an array of permissions required to control the service.

Sample output

array (
  ’status’ => 0,

  ’payload’ => 

  array (

    0 => ’FIREWALL’,

  ),

)

Action: listServiceInfo

Added in version 4.7.0-339

Description Lists the service name, ports, page, and status.

Sample output

array (
  ’status’ => 0,

  ’payload’ => 

  array (

    ’id’ => ’apf’,

    ’name’ => ’##LG_FIREWALL##’,

    ’ports’ => ’##LG_NOT_APPLICABLE##’,

    ’page’ => ’/nodeworx/firewall’,

    ’ctrl’ => ’/nodeworx/firewall’,

    ’is_running’ => 0,

  ),

)

Action: listServiceName

Added in version 4.7.0-339

Description Lists the service name - ie "httpd" instead of "web server".

Sample output

array (
  ’status’ => 0,

  ’payload’ => ’apf’,

)

Action: listServicePage

Added in version 4.7.0-339

Description Lists the page that controls the service.

Sample output

array (
  ’status’ => 0,

  ’payload’ => ’/nodeworx/firewall’,

)

Action: queryAllowDenyIps

Added in version 5.1.0-838

Description Displays the information available to the action "allowDenyIps".

Sample output

array (
  ’status’ => 0,

  ’payload’ => 

  array (

    ’trusted_ips’ => 

    array (

      ’127.0.0.1’ => ’127.0.0.1’,

    ),

    ’blocked_ips’ => 

    array (

    ),

  ),

)

Action: queryIpv6Settings

Added in version 5.1.0-838

Description Displays the information available to the action "ipv6Settings".

Sample output

array (
  ’status’ => 0,

  ’payload’ => 

  array (

    ’ip6tables_status’ => ’manual’,

    ’icmp6_control’ => ’managed’,

  ),

)

Action: queryPortAccess

Added in version 5.0.14-579

Description Query firewall port options.

Sample output

array (
  ’status’ => 0,

  ’payload’ => 

  array (

    0 => 

    array (

      ’service’ => ’ftp-data’,

      ’port’ => 20,

      ’tcp_in’ => ’closed’,

      ’tcp_out’ => ’closed’,

      ’udp_in’ => ’open’,

      ’udp_out’ => ’open’,

    ),

    1 => 

    array (

      ’service’ => ’ftp’,

      ’port’ => 21,

      ’tcp_in’ => ’open’,

      ’tcp_out’ => ’closed’,

      ’udp_in’ => ’open’,

      ’udp_out’ => ’open’,

    ),

    2 => 

    array (

      ’service’ => ’ssh’,

      ’port’ => 22,

      ’tcp_in’ => ’open’,

      ’tcp_out’ => ’open’,

      ’udp_in’ => ’closed’,

      ’udp_out’ => ’closed’,

    ),

  ),

)

Action: queryUpdateConfig

Added in version 5.1.0-838

Description Displays the information available to the action "updateConfig".

Sample output

array (
  ’status’ => 0,

  ’payload’ => 

  array (

    ’version’ => ’1.7.5 (APF)’,

    ’debug_mode’ => ’0’,

    ’default_tos’ => ’4’,

    ’tcp_drop_policy’ => ’DROP’,

    ’udp_drop_policy’ => ’DROP’,

    ’block_multicast’ => ’0’,

    ’block_private_network’ => ’0’,

    ’set_egress_filter’ => ’0’,

    ’max_sessions’ => ’34576’,

    ’sysctl_tcp’ => ’1’,

    ’if’ => ’eth0’,

    ’tifs’ => 

    array (

    ),

  ),

)

Action: restart

Added in version 4.7.0-339

Description Restarts the service.

Input Parameters

Name	Type	Notes	Required?
cascade_to_nodes	integer	Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1	No

Action: restartOnNode

Added in version 4.7.0-339

Description Restarts the service on a specific node (Clustering only).

Input Parameters

Name	Type	Notes	Required?
node_id	string		No*
* indicates that it’s actually required, but probably already has a valid default value

Action: start

Added in version 4.7.0-339

Description Starts the service.

Input Parameters

Name	Type	Notes	Required?
cascade_to_nodes	integer	Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1	No

Action: startOnBoot

Added in version 4.7.0-339

Description Set the firewall start-on-boot status.

Input Parameters

Name	Type	Notes	Required?
startonboot	integer	Example Values 1, 0 Example Default Value 0	No*
cascade_to_nodes	integer	Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1	No
* indicates that it’s actually required, but probably already has a valid default value

Action: startOnNode

Added in version 4.7.0-339

Description Starts the service on a specific node (Clustering only).

Input Parameters

Name	Type	Notes	Required?
node_id	string		No*
* indicates that it’s actually required, but probably already has a valid default value

Action: stop

Added in version 4.7.0-339

Description Stops the service.

Input Parameters

Name	Type	Notes	Required?
cascade_to_nodes	integer	Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1	No

Action: stopOnNode

Added in version 4.7.0-339

Description Stops the service on a specific node (Clustering only).

Input Parameters

Name	Type	Notes	Required?
node_id	string		No*
* indicates that it’s actually required, but probably already has a valid default value

Action: update

Added in version 4.7.0-339

Description Update a port in the firewall configuration.

Input Parameters

Name	Type	Notes	Required?
tcp_flow_in	string	Example Values none, open, closed	No
tcp_flow_out	string	Example Values none, open, closed	No
udp_flow_in	string	Example Values none, open, closed	No
udp_flow_out	string	Example Values none, open, closed	No

Action: updateConfig

Added in version 4.7.0-339

Description Update basic firewall configuration.

Input Parameters

Name	Type	Notes	Required?
debug_mode	integer	Help Entry When debug mode is enabled, all firewall rules are flushed every 5 minutes to prevent being locked out of the server due to a firewall misconfiguration. Example Values 1, 0 Example Default Value 0	No*
default_tos	integer	Help Entry Defines the default type of service. Example Values 4, 8, 16 Example Default Value 4	No*
tcp_drop_policy	string	Help Entry Defines how to handle TCP packet filtering. ’Reset’ sends a tcp-reset message, ’Drop’ silently drops the packet, and ’Reject’ rejects the packet. Example Values RESET, DROP, REJECT Example Default Value DROP	No*
udp_drop_policy	string	Help Entry Defines how to handle UDP packet filtering. ’Reset’ sends an icmp-port-unreachable message, ’Drop’ will silently drop the packet, ’Reject’ will reject the packet, and ’Prohibit’ will send an icmp-host-prohibited message. Example Values RESET, DROP, REJECT, PROHIBIT Example Default Value DROP	No*
block_multicast	integer	Help Entry Defines if the firewall should block multicast traffic. Example Values 1, 0 Example Default Value 0	No*
block_private_network	integer	Help Entry Defines if the firewall should block all private ipv4 addresses (reserved address space, generally unroutable on the internet). If the server sites behind a NAT or other routing setup that would make use of private addressing, leave this option ’Off’. Example Values 1, 0 Example Default Value 0	No*
set_egress_filter	integer	Help Entry Outbound (egress) filtering provides full outbound packet filtering. NOTE: Port specific outbound rules will not apply if this setting is off. Example Values 1, 0 Example Default Value 0	No*
max_sessions	integer	Help Entry Defines the maximum number of connection tracking entries that can be handled by the firewall simultaneously. Example Default Value 34576	No*
sysctl_tcp	integer	Help Entry Enables or Disables sysctl hook changes to harden the kernel from certain network-based attacks. Example Values 1, 0 Example Default Value 1	No*
if	string	Help Entry All traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interface. Example Values eth0 Example Default Value eth0	No*
tifs	struct (string)	Help Entry All traffic on defined interface(s) will bypass ALL firewall rules. Example Values eth0	No
cascade_to_nodes	integer	Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1	No
* indicates that it’s actually required, but probably already has a valid default value

Prev Chapter 13: Controller: /nodeworx/dns/zone Up Part II: NodeWorx API Spec Chapter 15: Controller: /nodeworx/ftp Next