Controller: /nodeworx/firewall¶
- Required Permissions
FIREWALL
Action: addPort
¶
- Added in Version
4.7.0-339
- Description
Add a port to the firewall configuration.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
string |
Yes |
Enter the port or ports you wish to add to the firewall. You can enter port ranges as well, ex: 1234-1236. |
||
|
string |
Yes |
open, closed |
||
|
string |
Yes |
open, closed |
||
|
string |
Yes |
open, closed |
||
|
string |
Yes |
open, closed |
||
|
integer |
No |
1 |
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually |
Action: allowDenyIps
¶
- Added in Version
4.7.0-339
- Description
Set firewall ip address allow and deny lists.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
struct (string) |
No |
{“209.87.159.14”:”209.87.159.14”} |
The IP addresses for license.interworx.info (207.32.181.150 & 209.87.159.14) must be present for proper function of the InterWorx license authentication system. |
|
|
struct (string) |
No |
Action: delete
¶
- Added in Version
4.7.0-339
- Description
Delete firewall port configuration.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
struct (string) |
Yes |
21, 22, 24, 25, 80, 110, 143, 443, 993, 995, 2080, 2443, 3306, 50000_51000, 587, 20, 53, 123 |
Action: fail
¶
- Added in Version
4.7.0-339
- Description
Magic function - test for failure mechanism.
Action: ipv6Settings
¶
- Added in Version
5.0.14-579
- Description
Controls how IPv6 Settings are handled when restarting the firewall.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
string |
No* |
off, manual, managed |
manual |
|
|
string |
No* |
default, managed |
managed |
|
|
integer |
No |
1 |
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually |
* indicates that it’s actually required, but probably already has a valid default value.
Action: isRunning
¶
- Added in Version
4.7.0-339
- Description
Checks if the service is running or not.
Sample Output¶
array (
'status' => 0,
'payload' => true,
'reply_code' => 205,
)
Action: isRunningOnNode
¶
- Added in Version
4.7.0-339
- Description
Checks if the service is running on a specific node (Clustering only).
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
string |
No* |
* indicates that it’s actually required, but probably already has a valid default value.
Action: listGeneralName
¶
- Added in Version
4.7.0-339
- Description
Lists the “normal” name - ie “web server” instead of “httpd”.
Sample Output¶
array (
'status' => 0,
'payload' => '##LG_FIREWALL##',
'reply_code' => 205,
)
Action: listPortNumbers
¶
- Added in Version
4.7.0-339
- Description
Lists a string of the port numbers that this service uses, comma-seperated.
Sample Output¶
array (
'status' => 0,
'payload' => '##LG_NOT_APPLICABLE##',
'reply_code' => 205,
)
Action: listPortNumbersArray
¶
- Added in Version
4.7.0-339
- Description
Lists array of port numbers and ranges that this service uses.
Sample Output¶
array (
'status' => 0,
'payload' =>
array (
0 => '##LG_NOT_APPLICABLE##',
),
'reply_code' => 205,
)
Action: listRequiredPermissions
¶
- Added in Version
4.7.0-339
- Description
Lists an array of permissions required to control the service.
Sample Output¶
array (
'status' => 0,
'payload' =>
array (
0 => 'FIREWALL',
),
'reply_code' => 205,
)
Action: listServiceInfo
¶
- Added in Version
4.7.0-339
- Description
Lists the service name, ports, page, and status.
Sample Output¶
array (
'status' => 0,
'payload' =>
array (
'id' => 'apf',
'name' => '##LG_FIREWALL##',
'ports' => '##LG_NOT_APPLICABLE##',
'page' => '/nodeworx/firewall',
'ctrl' => '/nodeworx/firewall',
'is_running' => 1,
),
'reply_code' => 205,
)
Action: listServiceName
¶
- Added in Version
4.7.0-339
- Description
Lists the service name - ie “httpd” instead of “web server”.
Sample Output¶
array (
'status' => 0,
'payload' => 'apf',
'reply_code' => 205,
)
Action: listServicePage
¶
- Added in Version
4.7.0-339
- Description
Lists the page that controls the service.
Sample Output¶
array (
'status' => 0,
'payload' => '/nodeworx/firewall',
'reply_code' => 205,
)
Action: queryAllowDenyIps
¶
- Added in Version
5.1.0-838
- Description
Displays the information available to the action “allowDenyIps”.
Sample Output¶
array (
'status' => 0,
'payload' =>
array (
'trusted_ips' =>
array (
'209.87.159.14' => '209.87.159.14',
),
'blocked_ips' =>
array (
),
),
'reply_code' => 205,
)
Action: queryIpv6Settings
¶
- Added in Version
5.1.0-838
- Description
Displays the information available to the action “ipv6Settings”.
Sample Output¶
array (
'status' => 0,
'payload' =>
array (
'ip6tables_status' => 'manual',
'icmp6_control' => 'managed',
),
'reply_code' => 205,
)
Action: queryPortAccess
¶
- Added in Version
5.0.14-579
- Description
Query firewall port options.
Sample Output¶
array (
'status' => 0,
'payload' =>
array (
0 =>
array (
'service' => 'ftp-data',
'port' => 20,
'tcp_in' => 'closed',
'tcp_out' => 'closed',
'udp_in' => 'open',
'udp_out' => 'open',
),
1 =>
array (
'service' => 'ftp',
'port' => 21,
'tcp_in' => 'open',
'tcp_out' => 'closed',
'udp_in' => 'open',
'udp_out' => 'open',
),
2 =>
array (
'service' => 'ssh',
'port' => 22,
'tcp_in' => 'open',
'tcp_out' => 'open',
'udp_in' => 'closed',
'udp_out' => 'closed',
),
),
'reply_code' => 205,
)
Action: queryUpdateConfig
¶
- Added in Version
5.1.0-838
- Description
Displays the information available to the action “updateConfig”.
Sample Output¶
array (
'status' => 0,
'payload' =>
array (
'version' => '1.7.6 (APF)',
'debug_mode' => '0',
'default_tos' => '4',
'tcp_drop_policy' => 'DROP',
'udp_drop_policy' => 'DROP',
'block_multicast' => '0',
'block_private_network' => '0',
'set_egress_filter' => '0',
'max_sessions' => '34576',
'sysctl_tcp' => '1',
'if' => 'eth0',
'tifs' =>
array (
),
),
'reply_code' => 205,
)
Action: reroute
¶
- Added in Version
4.7.0-339
- Description
Action to re-route from the current controller to a different one.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
string |
Yes |
Index, Overview, Users, Lang, Apikey, Plugins, Twofactorauth, Notice, Siteworx, Shell, Packages, Backup, Import, Softaculous, Reseller, ResellerPackages, ResellerBandwidthhistory, Http, Phpextensions, Ftp, Sshd, MailMta, MailSmtp, MailSmtp2, MailSend, MailMda, MailMsa, MailDovecot, MailSpam, MailVirus, MailMailman, MailQueue, Mysql, MysqlRemote, MysqlPhpmyadmin, Dns, DnsZone, DnsRecord, DnsSync, Nfs, NfsExport, NfsMount, Health, Cron, Firewall, Ssl, Logs, Settings, Updates, Rrd, … |
Action: restart
¶
- Added in Version
4.7.0-339
- Description
Restart the service.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
integer |
No |
1 |
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually |
Action: restartOnNode
¶
- Added in Version
4.7.0-339
- Description
Restarts the service on a specific node (Clustering only).
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
string |
No* |
* indicates that it’s actually required, but probably already has a valid default value.
Action: start
¶
- Added in Version
4.7.0-339
- Description
Start the service.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
integer |
No |
1 |
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually |
Action: startOnBoot
¶
- Added in Version
4.7.0-339
- Description
Set the firewall start-on-boot status.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
integer |
No* |
1, 0 |
0 |
|
|
integer |
No |
1 |
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually |
* indicates that it’s actually required, but probably already has a valid default value.
Action: startOnNode
¶
- Added in Version
4.7.0-339
- Description
Starts the service on a specific node (Clustering only).
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
string |
No* |
* indicates that it’s actually required, but probably already has a valid default value.
Action: stop
¶
- Added in Version
4.7.0-339
- Description
Stop the service.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
integer |
No |
1 |
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually |
Action: stopOnNode
¶
- Added in Version
4.7.0-339
- Description
Stops the service on a specific node (Clustering only).
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
string |
No* |
* indicates that it’s actually required, but probably already has a valid default value.
Action: update
¶
- Added in Version
4.7.0-339
- Description
Update a port in the firewall configuration.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
string |
No |
none, open, closed |
||
|
string |
No |
none, open, closed |
||
|
string |
No |
none, open, closed |
||
|
string |
No |
none, open, closed |
Action: updateConfig
¶
- Added in Version
4.7.0-339
- Description
Update basic firewall configuration.
Input Parameters¶
Name |
Type |
Required? |
Example Values |
Default Values |
Notes |
---|---|---|---|---|---|
|
integer |
No* |
1, 0 |
0 |
When debug mode is enabled, all firewall rules are flushed every 5 minutes to prevent being locked out of the server due to a firewall misconfiguration. |
|
integer |
No* |
4, 8, 16 |
4 |
Defines the default type of service. |
|
string |
No* |
RESET, DROP, REJECT |
DROP |
Defines how to handle TCP packet filtering. ‘Reset’ sends a tcp-reset message, ‘Drop’ silently drops the packet, and ‘Reject’ rejects the packet. |
|
string |
No* |
RESET, DROP, REJECT, PROHIBIT |
DROP |
Defines how to handle UDP packet filtering. ‘Reset’ sends an icmp-port-unreachable message, ‘Drop’ will silently drop the packet, ‘Reject’ will reject the packet, and ‘Prohibit’ will send an icmp-host-prohibited message. |
|
integer |
No* |
1, 0 |
0 |
Defines if the firewall should block multicast traffic. |
|
integer |
No* |
1, 0 |
0 |
Defines if the firewall should block all private ipv4 addresses (reserved address space, generally unroutable on the internet). If the server sites behind a NAT or other routing setup that would make use of private addressing, leave this option ‘Off’. |
|
integer |
No* |
1, 0 |
0 |
Outbound (egress) filtering provides full outbound packet filtering. NOTE: Port specific outbound rules will not apply if this setting is off. |
|
integer |
No* |
34576 |
Defines the maximum number of connection tracking entries that can be handled by the firewall simultaneously. |
|
|
integer |
No* |
1, 0 |
1 |
Enables or Disables sysctl hook changes to harden the kernel from certain network-based attacks. |
|
string |
No* |
eth0 |
eth0 |
All traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interface. |
|
struct (string) |
No |
eth0 |
All traffic on defined interface(s) will bypass ALL firewall rules. |
|
|
integer |
No |
1 |
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually |
* indicates that it’s actually required, but probably already has a valid default value.
Action: win
¶
- Added in Version
4.7.0-339
- Description
Magic function - test for testing success mechanism.