Controller: /nodeworx/firewall

Required Permissions

FIREWALL

Action: addPort

Added in Version

4.7.0-339

Description

Add a port to the firewall configuration.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

port

string

Yes

Enter the port or ports you wish to add to the firewall. You can enter port ranges as well, ex: 1234-1236.

tcp_flow_in

string

Yes

open, closed

tcp_flow_out

string

Yes

open, closed

udp_flow_in

string

Yes

open, closed

udp_flow_out

string

Yes

open, closed

cascade_to_nodes

integer

No

1

Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually

Action: allowDenyIps

Added in Version

4.7.0-339

Description

Set firewall ip address allow and deny lists.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

trusted_ips

struct (string)

No

{“209.87.159.14”:”209.87.159.14”}

The IP addresses for license.interworx.info (207.32.181.150 & 209.87.159.14) must be present for proper function of the InterWorx license authentication system.

blocked_ips

struct (string)

No

Action: delete

Added in Version

4.7.0-339

Description

Delete firewall port configuration.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

ports

struct (string)

Yes

21, 22, 24, 25, 80, 110, 143, 443, 993, 995, 2080, 2443, 3306, 50000_51000, 587, 20, 53, 123

Action: fail

Added in Version

4.7.0-339

Description

Magic function - test for failure mechanism.

Action: ipv6Settings

Added in Version

5.0.14-579

Description

Controls how IPv6 Settings are handled when restarting the firewall.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

ip6tables_status

string

No*

off, manual, managed

manual

icmp6_control

string

No*

default, managed

managed

cascade_to_nodes

integer

No

1

Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually

* indicates that it’s actually required, but probably already has a valid default value.

Action: isRunning

Added in Version

4.7.0-339

Description

Checks if the service is running or not.

Sample Output

array (
  'status' => 0,
  'payload' => true,
  'reply_code' => 205,
)

Action: isRunningOnNode

Added in Version

4.7.0-339

Description

Checks if the service is running on a specific node (Clustering only).

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

node_id

string

No*

* indicates that it’s actually required, but probably already has a valid default value.

Action: listGeneralName

Added in Version

4.7.0-339

Description

Lists the “normal” name - ie “web server” instead of “httpd”.

Sample Output

array (
  'status' => 0,
  'payload' => '##LG_FIREWALL##',
  'reply_code' => 205,
)

Action: listPortNumbers

Added in Version

4.7.0-339

Description

Lists a string of the port numbers that this service uses, comma-seperated.

Sample Output

array (
  'status' => 0,
  'payload' => '##LG_NOT_APPLICABLE##',
  'reply_code' => 205,
)

Action: listPortNumbersArray

Added in Version

4.7.0-339

Description

Lists array of port numbers and ranges that this service uses.

Sample Output

array (
  'status' => 0,
  'payload' =>
  array (
    0 => '##LG_NOT_APPLICABLE##',
  ),
  'reply_code' => 205,
)

Action: listRequiredPermissions

Added in Version

4.7.0-339

Description

Lists an array of permissions required to control the service.

Sample Output

array (
  'status' => 0,
  'payload' =>
  array (
    0 => 'FIREWALL',
  ),
  'reply_code' => 205,
)

Action: listServiceInfo

Added in Version

4.7.0-339

Description

Lists the service name, ports, page, and status.

Sample Output

array (
  'status' => 0,
  'payload' =>
  array (
    'id' => 'apf',
    'name' => '##LG_FIREWALL##',
    'ports' => '##LG_NOT_APPLICABLE##',
    'page' => '/nodeworx/firewall',
    'ctrl' => '/nodeworx/firewall',
    'is_running' => 1,
  ),
  'reply_code' => 205,
)

Action: listServiceName

Added in Version

4.7.0-339

Description

Lists the service name - ie “httpd” instead of “web server”.

Sample Output

array (
  'status' => 0,
  'payload' => 'apf',
  'reply_code' => 205,
)

Action: listServicePage

Added in Version

4.7.0-339

Description

Lists the page that controls the service.

Sample Output

array (
  'status' => 0,
  'payload' => '/nodeworx/firewall',
  'reply_code' => 205,
)

Action: queryAllowDenyIps

Added in Version

5.1.0-838

Description

Displays the information available to the action “allowDenyIps”.

Sample Output

array (
  'status' => 0,
  'payload' =>
  array (
    'trusted_ips' =>
    array (
      '209.87.159.14' => '209.87.159.14',
    ),
    'blocked_ips' =>
    array (
    ),
  ),
  'reply_code' => 205,
)

Action: queryIpv6Settings

Added in Version

5.1.0-838

Description

Displays the information available to the action “ipv6Settings”.

Sample Output

array (
  'status' => 0,
  'payload' =>
  array (
    'ip6tables_status' => 'manual',
    'icmp6_control' => 'managed',
  ),
  'reply_code' => 205,
)

Action: queryPortAccess

Added in Version

5.0.14-579

Description

Query firewall port options.

Sample Output

array (
  'status' => 0,
  'payload' =>
  array (
    0 =>
    array (
      'service' => 'ftp-data',
      'port' => 20,
      'tcp_in' => 'closed',
      'tcp_out' => 'closed',
      'udp_in' => 'open',
      'udp_out' => 'open',
    ),
    1 =>
    array (
      'service' => 'ftp',
      'port' => 21,
      'tcp_in' => 'open',
      'tcp_out' => 'closed',
      'udp_in' => 'open',
      'udp_out' => 'open',
    ),
    2 =>
    array (
      'service' => 'ssh',
      'port' => 22,
      'tcp_in' => 'open',
      'tcp_out' => 'open',
      'udp_in' => 'closed',
      'udp_out' => 'closed',
    ),
  ),
  'reply_code' => 205,
)

Action: queryUpdateConfig

Added in Version

5.1.0-838

Description

Displays the information available to the action “updateConfig”.

Sample Output

array (
  'status' => 0,
  'payload' =>
  array (
    'version' => '1.7.6 (APF)',
    'debug_mode' => '0',
    'default_tos' => '4',
    'tcp_drop_policy' => 'DROP',
    'udp_drop_policy' => 'DROP',
    'block_multicast' => '0',
    'block_private_network' => '0',
    'set_egress_filter' => '0',
    'max_sessions' => '34576',
    'sysctl_tcp' => '1',
    'if' => 'eth0',
    'tifs' =>
    array (
    ),
  ),
  'reply_code' => 205,
)

Action: reroute

Added in Version

4.7.0-339

Description

Action to re-route from the current controller to a different one.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

controller

string

Yes

Index, Overview, Users, Lang, Apikey, Plugins, Twofactorauth, Notice, Siteworx, Shell, Packages, Backup, Import, Softaculous, Reseller, ResellerPackages, ResellerBandwidthhistory, Http, Phpextensions, Ftp, Sshd, MailMta, MailSmtp, MailSmtp2, MailSend, MailMda, MailMsa, MailDovecot, MailSpam, MailVirus, MailMailman, MailQueue, Mysql, MysqlRemote, MysqlPhpmyadmin, Dns, DnsZone, DnsRecord, DnsSync, Nfs, NfsExport, NfsMount, Health, Cron, Firewall, Ssl, Logs, Settings, Updates, Rrd, …

Action: restart

Added in Version

4.7.0-339

Description

Restart the service.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

cascade_to_nodes

integer

No

1

Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually

Action: restartOnNode

Added in Version

4.7.0-339

Description

Restarts the service on a specific node (Clustering only).

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

node_id

string

No*

* indicates that it’s actually required, but probably already has a valid default value.

Action: start

Added in Version

4.7.0-339

Description

Start the service.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

cascade_to_nodes

integer

No

1

Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually

Action: startOnBoot

Added in Version

4.7.0-339

Description

Set the firewall start-on-boot status.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

startonboot

integer

No*

1, 0

0

cascade_to_nodes

integer

No

1

Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually

* indicates that it’s actually required, but probably already has a valid default value.

Action: startOnNode

Added in Version

4.7.0-339

Description

Starts the service on a specific node (Clustering only).

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

node_id

string

No*

* indicates that it’s actually required, but probably already has a valid default value.

Action: stop

Added in Version

4.7.0-339

Description

Stop the service.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

cascade_to_nodes

integer

No

1

Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually

Action: stopOnNode

Added in Version

4.7.0-339

Description

Stops the service on a specific node (Clustering only).

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

node_id

string

No*

* indicates that it’s actually required, but probably already has a valid default value.

Action: update

Added in Version

4.7.0-339

Description

Update a port in the firewall configuration.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

tcp_flow_in

string

No

none, open, closed

tcp_flow_out

string

No

none, open, closed

udp_flow_in

string

No

none, open, closed

udp_flow_out

string

No

none, open, closed

Action: updateConfig

Added in Version

4.7.0-339

Description

Update basic firewall configuration.

Input Parameters

Name

Type

Required?

Example Values

Default Values

Notes

debug_mode

integer

No*

1, 0

0

When debug mode is enabled, all firewall rules are flushed every 5 minutes to prevent being locked out of the server due to a firewall misconfiguration.

default_tos

integer

No*

4, 8, 16

4

Defines the default type of service.

tcp_drop_policy

string

No*

RESET, DROP, REJECT

DROP

Defines how to handle TCP packet filtering. ‘Reset’ sends a tcp-reset message, ‘Drop’ silently drops the packet, and ‘Reject’ rejects the packet.

udp_drop_policy

string

No*

RESET, DROP, REJECT, PROHIBIT

DROP

Defines how to handle UDP packet filtering. ‘Reset’ sends an icmp-port-unreachable message, ‘Drop’ will silently drop the packet, ‘Reject’ will reject the packet, and ‘Prohibit’ will send an icmp-host-prohibited message.

block_multicast

integer

No*

1, 0

0

Defines if the firewall should block multicast traffic.

block_private_network

integer

No*

1, 0

0

Defines if the firewall should block all private ipv4 addresses (reserved address space, generally unroutable on the internet). If the server sites behind a NAT or other routing setup that would make use of private addressing, leave this option ‘Off’.

set_egress_filter

integer

No*

1, 0

0

Outbound (egress) filtering provides full outbound packet filtering. NOTE: Port specific outbound rules will not apply if this setting is off.

max_sessions

integer

No*

34576

Defines the maximum number of connection tracking entries that can be handled by the firewall simultaneously.

sysctl_tcp

integer

No*

1, 0

1

Enables or Disables sysctl hook changes to harden the kernel from certain network-based attacks.

if

string

No*

eth0

eth0

All traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interface.

tifs

struct (string)

No

eth0

All traffic on defined interface(s) will bypass ALL firewall rules.

cascade_to_nodes

integer

No

1

Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually

* indicates that it’s actually required, but probably already has a valid default value.

Action: win

Added in Version

4.7.0-339

Description

Magic function - test for testing success mechanism.