Prev Chapter 13: Controller: /nodeworx/dns/zone
Up Part II: NodeWorx API Spec
Chapter 15: Controller: /nodeworx/ftp Next
14 Controller: /nodeworx/firewall
Required Permissions "FIREWALL"
Added in version 4.7.0-339
Description Add a port to the firewall configuration.
Input Parameters
Name | Type | Notes | Required? |
port | string |
Help Entry Enter the port or ports you wish to add to the firewall. You can enter port ranges as well, ex: 1234-1236. |
Yes |
tcp_flow_in | string |
Example Values open, closed |
Yes |
tcp_flow_out | string |
Example Values open, closed |
Yes |
udp_flow_in | string |
Example Values open, closed |
Yes |
udp_flow_out | string |
Example Values open, closed |
Yes |
cascade_to_nodes | integer |
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1 |
No |
Added in version 4.7.0-339
Description Set firewall ip address allow and deny lists.
Input Parameters
Name | Type | Notes | Required? |
trusted_ips | struct (string) |
Help Entry The IP address for license.interworx.info (207.32.181.150) must be present for proper function of the InterWorx license authentication system. Example Default Value {"127.0.0.1":"127.0.0.1"} |
No |
blocked_ips | struct (string) | No |
Added in version 4.7.0-339
Description Delete firewall port configuration.
Input Parameters
Name | Type | Notes | Required? |
ports | struct (string) |
Example Values 21, 22, 23, 25, 80, 110, 143, 443, 993, 995, 2080, 2443, 3306, 50000_51000, 4444, 20, 53 |
Yes |
Added in version 4.7.0-339
Description Magic function - test for failure mechanism.
Added in version 5.0.14-579
Description Controls how IPv6 Settings are handled when restarting the firewall.
Input Parameters
Name | Type | Notes | Required? |
ip6tables_status | string |
Example Values off, manual, managed Example Default Value manual |
No* |
icmp6_control | string |
Example Values default, managed Example Default Value managed |
No* |
cascade_to_nodes | integer |
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1 |
No |
* indicates that it’s actually required, but probably already has a valid default value |
Added in version 4.7.0-339
Description Checks if the service is running or not.
Sample output
array (’status’ => 0,
’payload’ => false,
)
Added in version 4.7.0-339
Description Checks if the service is running on a specific node (Clustering only).
Input Parameters
Name | Type | Notes | Required? |
node_id | string | No* | |
* indicates that it’s actually required, but probably already has a valid default value |
Added in version 4.7.0-339
Description Lists the "normal" name - ie "web server" instead of "httpd".
Sample output
array (’status’ => 0,
’payload’ => ’##LG_FIREWALL##’,
)
Added in version 4.7.0-339
Description Lists a string of the port numbers that this service uses, comma-seperated.
Sample output
array (’status’ => 0,
’payload’ => ’##LG_NOT_APPLICABLE##’,
)
Added in version 4.7.0-339
Description Lists array of port numbers and ranges that this service uses.
Sample output
array (’status’ => 0,
’payload’ =>
array (
0 => ’##LG_NOT_APPLICABLE##’,
),
)
Added in version 4.7.0-339
Description Lists an array of permissions required to control the service.
Sample output
array (’status’ => 0,
’payload’ =>
array (
0 => ’FIREWALL’,
),
)
Added in version 4.7.0-339
Description Lists the service name, ports, page, and status.
Sample output
array (’status’ => 0,
’payload’ =>
array (
’id’ => ’apf’,
’name’ => ’##LG_FIREWALL##’,
’ports’ => ’##LG_NOT_APPLICABLE##’,
’page’ => ’/nodeworx/firewall’,
’ctrl’ => ’/nodeworx/firewall’,
’is_running’ => 0,
),
)
Added in version 4.7.0-339
Description Lists the service name - ie "httpd" instead of "web server".
Sample output
array (’status’ => 0,
’payload’ => ’apf’,
)
Added in version 4.7.0-339
Description Lists the page that controls the service.
Sample output
array (’status’ => 0,
’payload’ => ’/nodeworx/firewall’,
)
Added in version 5.1.0-838
Description Displays the information available to the action "allowDenyIps".
Sample output
array (’status’ => 0,
’payload’ =>
array (
’trusted_ips’ =>
array (
’127.0.0.1’ => ’127.0.0.1’,
),
’blocked_ips’ =>
array (
),
),
)
Added in version 5.1.0-838
Description Displays the information available to the action "ipv6Settings".
Sample output
array (’status’ => 0,
’payload’ =>
array (
’ip6tables_status’ => ’manual’,
’icmp6_control’ => ’managed’,
),
)
Added in version 5.0.14-579
Description Query firewall port options.
Sample output
array (’status’ => 0,
’payload’ =>
array (
0 =>
array (
’service’ => ’ftp-data’,
’port’ => 20,
’tcp_in’ => ’closed’,
’tcp_out’ => ’closed’,
’udp_in’ => ’open’,
’udp_out’ => ’open’,
),
1 =>
array (
’service’ => ’ftp’,
’port’ => 21,
’tcp_in’ => ’open’,
’tcp_out’ => ’closed’,
’udp_in’ => ’open’,
’udp_out’ => ’open’,
),
2 =>
array (
’service’ => ’ssh’,
’port’ => 22,
’tcp_in’ => ’open’,
’tcp_out’ => ’open’,
’udp_in’ => ’closed’,
’udp_out’ => ’closed’,
),
),
)
Added in version 5.1.0-838
Description Displays the information available to the action "updateConfig".
Sample output
array (’status’ => 0,
’payload’ =>
array (
’version’ => ’1.7.5 (APF)’,
’debug_mode’ => ’0’,
’default_tos’ => ’4’,
’tcp_drop_policy’ => ’DROP’,
’udp_drop_policy’ => ’DROP’,
’block_multicast’ => ’0’,
’block_private_network’ => ’0’,
’set_egress_filter’ => ’0’,
’max_sessions’ => ’34576’,
’sysctl_tcp’ => ’1’,
’if’ => ’eth0’,
’tifs’ =>
array (
),
),
)
Added in version 4.7.0-339
Description Action to re-route from the current controller to a different one.
Input Parameters
Name | Type | Notes | Required? |
controller | string |
Example Values Index, Overview, Users, Lang, Themes, Apikey, Plugins, Twofactorauth, Notice, Siteworx, Shell, Packages, Backup, Import, Simplescripts, Reseller, ResellerPackages, ResellerBandwidthhistory, Http, Ftp, Sshd, MailMta, MailSmtp, MailSmtp2, MailSend, MailMda, MailPop3, MailSpop3, MailImap, MailSimap, MailSpam, MailVirus, MailQueue, Mysql, MysqlRemote, MysqlPhpmyadmin, Dns, DnsZone, DnsRecord, DnsSync, Nfs, NfsExport, NfsMount, Health, Cron, Firewall, Ssl, Logs, Settings, Updates, ... |
Yes |
Added in version 4.7.0-339
Description Restarts the service.
Input Parameters
Name | Type | Notes | Required? |
cascade_to_nodes | integer |
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1 |
No |
Added in version 4.7.0-339
Description Restarts the service on a specific node (Clustering only).
Input Parameters
Name | Type | Notes | Required? |
node_id | string | No* | |
* indicates that it’s actually required, but probably already has a valid default value |
Added in version 4.7.0-339
Description Starts the service.
Input Parameters
Name | Type | Notes | Required? |
cascade_to_nodes | integer |
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1 |
No |
Added in version 4.7.0-339
Description Set the firewall start-on-boot status.
Input Parameters
Name | Type | Notes | Required? |
startonboot | integer |
Example Values 1, 0 Example Default Value 0 |
No* |
cascade_to_nodes | integer |
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1 |
No |
* indicates that it’s actually required, but probably already has a valid default value |
Added in version 4.7.0-339
Description Starts the service on a specific node (Clustering only).
Input Parameters
Name | Type | Notes | Required? |
node_id | string | No* | |
* indicates that it’s actually required, but probably already has a valid default value |
Added in version 4.7.0-339
Description Stops the service.
Input Parameters
Name | Type | Notes | Required? |
cascade_to_nodes | integer |
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1 |
No |
Added in version 4.7.0-339
Description Stops the service on a specific node (Clustering only).
Input Parameters
Name | Type | Notes | Required? |
node_id | string | No* | |
* indicates that it’s actually required, but probably already has a valid default value |
Added in version 4.7.0-339
Description Update a port in the firewall configuration.
Input Parameters
Name | Type | Notes | Required? |
tcp_flow_in | string |
Example Values none, open, closed |
No |
tcp_flow_out | string |
Example Values none, open, closed |
No |
udp_flow_in | string |
Example Values none, open, closed |
No |
udp_flow_out | string |
Example Values none, open, closed |
No |
Added in version 4.7.0-339
Description Update basic firewall configuration.
Input Parameters
Name | Type | Notes | Required? |
debug_mode | integer |
Help Entry When debug mode is enabled, all firewall rules are flushed every 5 minutes to prevent being locked out of the server due to a firewall misconfiguration. Example Values 1, 0 Example Default Value 0 |
No* |
default_tos | integer |
Help Entry Defines the default type of service. Example Values 4, 8, 16 Example Default Value 4 |
No* |
tcp_drop_policy | string |
Help Entry Defines how to handle TCP packet filtering. ’Reset’ sends a tcp-reset message, ’Drop’ silently drops the packet, and ’Reject’ rejects the packet. Example Values RESET, DROP, REJECT Example Default Value DROP |
No* |
udp_drop_policy | string |
Help Entry Defines how to handle UDP packet filtering. ’Reset’ sends an icmp-port-unreachable message, ’Drop’ will silently drop the packet, ’Reject’ will reject the packet, and ’Prohibit’ will send an icmp-host-prohibited message. Example Values RESET, DROP, REJECT, PROHIBIT Example Default Value DROP |
No* |
block_multicast | integer |
Help Entry Defines if the firewall should block multicast traffic. Example Values 1, 0 Example Default Value 0 |
No* |
block_private_network | integer |
Help Entry Defines if the firewall should block all private ipv4 addresses (reserved address space, generally unroutable on the internet). If the server sites behind a NAT or other routing setup that would make use of private addressing, leave this option ’Off’. Example Values 1, 0 Example Default Value 0 |
No* |
set_egress_filter | integer |
Help Entry Outbound (egress) filtering provides full outbound packet filtering. NOTE: Port specific outbound rules will not apply if this setting is off. Example Values 1, 0 Example Default Value 0 |
No* |
max_sessions | integer |
Help Entry Defines the maximum number of connection tracking entries that can be handled by the firewall simultaneously. Example Default Value 34576 |
No* |
sysctl_tcp | integer |
Help Entry Enables or Disables sysctl hook changes to harden the kernel from certain network-based attacks. Example Values 1, 0 Example Default Value 1 |
No* |
if | string |
Help Entry All traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interface. Example Values eth0 Example Default Value eth0 |
No* |
tifs | struct (string) |
Help Entry All traffic on defined interface(s) will bypass ALL firewall rules. Example Values eth0 |
No |
cascade_to_nodes | integer |
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Example Values 1 |
No |
* indicates that it’s actually required, but probably already has a valid default value |
Added in version 4.7.0-339
Description Magic function - test for testing success mechanism.
Prev Chapter 13: Controller: /nodeworx/dns/zone
Up Part II: NodeWorx API Spec
Chapter 15: Controller: /nodeworx/ftp Next
(C) 2019 by InterWorx LLC