Chapter 13: Controller: /nodeworx/dns/zone Up Part II: NodeWorx API Spec Chapter 15: Controller: /nodeworx/ftp 

14 Controller: /nodeworx/firewall

Required Permissions "FIREWALL"
Action: addPort
Added in version 4.7.0-339
Description Add a port to the firewall configuration.
Input Parameters
Name Type Notes Required?
port string Help Entry
Enter the port or ports you wish to add to the firewall. You can enter port ranges as well, ex: 1234-1236.
Yes
tcp_flow_in string Example Values
open, closed
Yes
tcp_flow_out string Example Values
open, closed
Yes
udp_flow_in string Example Values
open, closed
Yes
udp_flow_out string Example Values
open, closed
Yes
cascade_to_nodes integer Help Entry
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values
1
No
Action: allowDenyIps
Added in version 4.7.0-339
Description Set firewall ip address allow and deny lists.
Input Parameters
Name Type Notes Required?
trusted_ips struct (string) Help Entry
The IP address for license.interworx.info (207.32.181.150) must be present for proper function of the InterWorx license authentication system.
Example Default Value
{"127.0.0.1":"127.0.0.1"}
No
blocked_ips struct (string) No
Action: delete
Added in version 4.7.0-339
Description Delete firewall port configuration.
Input Parameters
Name Type Notes Required?
ports struct (string) Example Values
21, 22, 23, 25, 80, 110, 143, 443, 993, 995, 2080, 2443, 3306, 50000_51000, 4444, 20, 53
Yes
Action: ipv6Settings
Added in version 5.0.14-579
Description Controls how IPv6 Settings are handled when restarting the firewall.
Input Parameters
Name Type Notes Required?
ip6tables_status string Example Values
off, manual, managed
Example Default Value
manual
No*
icmp6_control string Example Values
default, managed
Example Default Value
managed
No*
cascade_to_nodes integer Help Entry
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values
1
No
* indicates that it’s actually required, but probably already has a valid default value
Action: isRunning
Added in version 4.7.0-339
Description Checks if the service is running or not.
Sample output
array (
’status’ => 0,
’payload’ => false,
)
Action: isRunningOnNode
Added in version 4.7.0-339
Description Checks if the service is running on a specific node (Clustering only).
Input Parameters
Name Type Notes Required?
node_id string No*
* indicates that it’s actually required, but probably already has a valid default value
Action: listGeneralName
Added in version 4.7.0-339
Description Lists the "normal" name - ie "web server" instead of "httpd".
Sample output
array (
’status’ => 0,
’payload’ => ’##LG_FIREWALL##’,
)
Action: listPortNumbers
Added in version 4.7.0-339
Description Lists a string of the port numbers that this service uses, comma-seperated.
Sample output
array (
’status’ => 0,
’payload’ => ’##LG_NOT_APPLICABLE##’,
)
Action: listPortNumbersArray
Added in version 4.7.0-339
Description Lists array of port numbers and ranges that this service uses.
Sample output
array (
’status’ => 0,
’payload’ =>
array (
0 => ’##LG_NOT_APPLICABLE##’,
),
)
Action: listRequiredPermissions
Added in version 4.7.0-339
Description Lists an array of permissions required to control the service.
Sample output
array (
’status’ => 0,
’payload’ =>
array (
0 => ’FIREWALL’,
),
)
Action: listServiceInfo
Added in version 4.7.0-339
Description Lists the service name, ports, page, and status.
Sample output
array (
’status’ => 0,
’payload’ =>
array (
’id’ => ’apf’,
’name’ => ’##LG_FIREWALL##’,
’ports’ => ’##LG_NOT_APPLICABLE##’,
’page’ => ’/nodeworx/firewall’,
’ctrl’ => ’/nodeworx/firewall’,
’is_running’ => 0,
),
)
Action: listServiceName
Added in version 4.7.0-339
Description Lists the service name - ie "httpd" instead of "web server".
Sample output
array (
’status’ => 0,
’payload’ => ’apf’,
)
Action: listServicePage
Added in version 4.7.0-339
Description Lists the page that controls the service.
Sample output
array (
’status’ => 0,
’payload’ => ’/nodeworx/firewall’,
)
Action: queryAllowDenyIps
Added in version 5.1.0-838
Description Displays the information available to the action "allowDenyIps".
Sample output
array (
’status’ => 0,
’payload’ =>
array (
’trusted_ips’ =>
array (
’127.0.0.1’ => ’127.0.0.1’,
),
’blocked_ips’ =>
array (
),
),
)
Action: queryIpv6Settings
Added in version 5.1.0-838
Description Displays the information available to the action "ipv6Settings".
Sample output
array (
’status’ => 0,
’payload’ =>
array (
’ip6tables_status’ => ’manual’,
’icmp6_control’ => ’managed’,
),
)
Action: queryPortAccess
Added in version 5.0.14-579
Description Query firewall port options.
Sample output
array (
’status’ => 0,
’payload’ =>
array (
0 =>
array (
’service’ => ’ftp-data’,
’port’ => 20,
’tcp_in’ => ’closed’,
’tcp_out’ => ’closed’,
’udp_in’ => ’open’,
’udp_out’ => ’open’,
),
1 =>
array (
’service’ => ’ftp’,
’port’ => 21,
’tcp_in’ => ’open’,
’tcp_out’ => ’closed’,
’udp_in’ => ’open’,
’udp_out’ => ’open’,
),
2 =>
array (
’service’ => ’ssh’,
’port’ => 22,
’tcp_in’ => ’open’,
’tcp_out’ => ’open’,
’udp_in’ => ’closed’,
’udp_out’ => ’closed’,
),
),
)
Action: queryUpdateConfig
Added in version 5.1.0-838
Description Displays the information available to the action "updateConfig".
Sample output
array (
’status’ => 0,
’payload’ =>
array (
’version’ => ’1.7.5 (APF)’,
’debug_mode’ => ’0’,
’default_tos’ => ’4’,
’tcp_drop_policy’ => ’DROP’,
’udp_drop_policy’ => ’DROP’,
’block_multicast’ => ’0’,
’block_private_network’ => ’0’,
’set_egress_filter’ => ’0’,
’max_sessions’ => ’34576’,
’sysctl_tcp’ => ’1’,
’if’ => ’eth0’,
’tifs’ =>
array (
),
),
)
Action: restart
Added in version 4.7.0-339
Description Restarts the service.
Input Parameters
Name Type Notes Required?
cascade_to_nodes integer Help Entry
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values
1
No
Action: restartOnNode
Added in version 4.7.0-339
Description Restarts the service on a specific node (Clustering only).
Input Parameters
Name Type Notes Required?
node_id string No*
* indicates that it’s actually required, but probably already has a valid default value
Action: start
Added in version 4.7.0-339
Description Starts the service.
Input Parameters
Name Type Notes Required?
cascade_to_nodes integer Help Entry
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values
1
No
Action: startOnBoot
Added in version 4.7.0-339
Description Set the firewall start-on-boot status.
Input Parameters
Name Type Notes Required?
startonboot integer Example Values
1, 0
Example Default Value
0
No*
cascade_to_nodes integer Help Entry
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values
1
No
* indicates that it’s actually required, but probably already has a valid default value
Action: startOnNode
Added in version 4.7.0-339
Description Starts the service on a specific node (Clustering only).
Input Parameters
Name Type Notes Required?
node_id string No*
* indicates that it’s actually required, but probably already has a valid default value
Action: stop
Added in version 4.7.0-339
Description Stops the service.
Input Parameters
Name Type Notes Required?
cascade_to_nodes integer Help Entry
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values
1
No
Action: stopOnNode
Added in version 4.7.0-339
Description Stops the service on a specific node (Clustering only).
Input Parameters
Name Type Notes Required?
node_id string No*
* indicates that it’s actually required, but probably already has a valid default value
Action: update
Added in version 4.7.0-339
Description Update a port in the firewall configuration.
Input Parameters
Name Type Notes Required?
tcp_flow_in string Example Values
none, open, closed
No
tcp_flow_out string Example Values
none, open, closed
No
udp_flow_in string Example Values
none, open, closed
No
udp_flow_out string Example Values
none, open, closed
No
Action: updateConfig
Added in version 4.7.0-339
Description Update basic firewall configuration.
Input Parameters
Name Type Notes Required?
debug_mode integer Help Entry
When debug mode is enabled, all firewall rules are flushed every 5 minutes to prevent being locked out of the server due to a firewall misconfiguration.
Example Values
1, 0
Example Default Value
0
No*
default_tos integer Help Entry
Defines the default type of service.
Example Values
4, 8, 16
Example Default Value
4
No*
tcp_drop_policy string Help Entry
Defines how to handle TCP packet filtering. ’Reset’ sends a tcp-reset message, ’Drop’ silently drops the packet, and ’Reject’ rejects the packet.
Example Values
RESET, DROP, REJECT
Example Default Value
DROP
No*
udp_drop_policy string Help Entry
Defines how to handle UDP packet filtering. ’Reset’ sends an icmp-port-unreachable message, ’Drop’ will silently drop the packet, ’Reject’ will reject the packet, and ’Prohibit’ will send an icmp-host-prohibited message.
Example Values
RESET, DROP, REJECT, PROHIBIT
Example Default Value
DROP
No*
block_multicast integer Help Entry
Defines if the firewall should block multicast traffic.
Example Values
1, 0
Example Default Value
0
No*
block_private_network integer Help Entry
Defines if the firewall should block all private ipv4 addresses (reserved address space, generally unroutable on the internet). If the server sites behind a NAT or other routing setup that would make use of private addressing, leave this option ’Off’.
Example Values
1, 0
Example Default Value
0
No*
set_egress_filter integer Help Entry
Outbound (egress) filtering provides full outbound packet filtering. NOTE: Port specific outbound rules will not apply if this setting is off.
Example Values
1, 0
Example Default Value
0
No*
max_sessions integer Help Entry
Defines the maximum number of connection tracking entries that can be handled by the firewall simultaneously.
Example Default Value
34576
No*
sysctl_tcp integer Help Entry
Enables or Disables sysctl hook changes to harden the kernel from certain network-based attacks.
Example Values
1, 0
Example Default Value
1
No*
if string Help Entry
All traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interface.
Example Values
eth0
Example Default Value
eth0
No*
tifs struct (string) Help Entry
All traffic on defined interface(s) will bypass ALL firewall rules.
Example Values
eth0
No
cascade_to_nodes integer Help Entry
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values
1
No
* indicates that it’s actually required, but probably already has a valid default value
 Chapter 13: Controller: /nodeworx/dns/zone Up Part II: NodeWorx API Spec Chapter 15: Controller: /nodeworx/ftp 

(C) 2017 by InterWorx LLC