我需要通过 REST API 创建一个 softlayer 网络防火墙规则 [英] I need to create a softlayer network firewall rule through REST API
本文介绍了我需要通过 REST API 创建一个 softlayer 网络防火墙规则的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我需要通过 REST API 创建一个 softlayer 网络防火墙规则.我已经参考了 Softlayer 文档,但仍然无法创建防火墙规则.
I need to create a softlayer network firewall rule through REST API. I have referred the Softlayer documents but still I'm unabe to create a firewall rule.
请多多指教.
推荐答案
看看这个代码让我知道你是否需要更多信息
take a look this codes let me know if you need more information
# Edit Vlan firewall rule.
#
# A firewall's ruleset is modified by passing a SoftLayer_Network_Firewall_Update_Request template
# object to SoftLayer_Network_Firewall_Update_Request::createObject. The entire ruleset is rewritten
# with each update request. This means it is necessary to include all past unchanged rules along with any
# modifications or additions. This is easily accomplished by pulling in the existing rules as described above
# then modifying the gathered array.
# Each SoftLayer_Network_Component_Firewall_Update_Request_Rule object requires:
#
# action - permit or deny
# destinationIpAddress - destination address
# destinationIpSubnetMask - subnet mask for destination
# sourceIpAddress - originating address
# sourceIpSubnetMask - subnet mask for origin address
# protocol - tcp/udp
# destinationPortRangeStart - first port the rule will effect
# destinationPortRangeEnd - last port the rule will effect
# orderValue - order in which rules are applied (lower is sooner)
#
# Important manual pages:
# http://sldn.softlayer.com/reference/services/SoftLayer_Network_Firewall_Update_Request
# http://sldn.softlayer.com/reference/services/SoftLayer_Network_Firewall_Update_Request/createObject
# @License: http://sldn.softlayer.com/article/License
# @Author: SoftLayer Technologies, Inc. <sldn@softlayer.com>
# So we can talk to the SoftLayer API:
import SoftLayer.API
# For nice debug output:
import pprint
# Your SoftLayer API username and key.
#
# Generate an API key at the SoftLayer Customer Portal
API_USERNAME = 'set me'
API_KEY = 'set me'
vlanId = 211163
# Create the client object
client = SoftLayer.Client(username=API_USERNAME, api_key=API_KEY)
objectMask = 'mask[firewallRules,firewallInterfaces[firewallContextAccessControlLists]]'
vlan = client['SoftLayer_Network_Vlan'].getObject(mask=objectMask, id=vlanId)
rules = vlan['firewallRules']
firewallContextAccessControlListId = ''
# Getting the ID of Access Control List.
# Each VLAN will have two types of firewallInterface: 'inside' and 'outside'.
# firewallContextAccessControlLists are organized by a direction of 'in' or 'out'.
# Currently the SoftLayer Platform supports the 'outside' firewallInterfaces
for firewall in vlan['firewallInterfaces']:
if firewall['name'] == 'inside':
continue
for controlList in firewall['firewallContextAccessControlLists']:
if controlList['direction'] == 'out':
continue
firewallContextAccessControlListId = controlList['id']
try:
# Modifying a rule
ipToAllow = '119.81.91.198 '
index = 0
for rule in rules:
if rule['sourceIpAddress'] == ipToAllow:
rule['action'] = 'permit'
rules[index] = rule
index += 1
updateRequestTemplate = {
'firewallContextAccessControlListId': firewallContextAccessControlListId,
'rules': rules
}
updateRequestClient = client['SoftLayer_Network_Firewall_Update_Request'].createObject(updateRequestTemplate)
pprint.pprint('Rule updated!')
except SoftLayer.SoftLayerAPIError as e:
print("Error updating the rule faultCode=%s, faultString=%s"
% (e.faultCode, e.faultString))
exit(1)
...
# Edit Standard Rule
# A rule set of a firewall is modified by passing a SoftLayer_Network_Firewall_Update_Request template object
# to SoftLayer_Network_Firewall_Update_Request::createObject. The entire rule set is rewritten with each
# update request. This means it is necessary to include all past unchanged rules along with any modifications
# or additions. This is easily accomplished by pulling in the existing rules as described above then modifying
# the gathered array.
# Each SoftLayer_Network_Component_Firewall_Update_Request_Rule object requires:
#
# action - permit or deny
# destinationIpAddress - destination address
# destinationIpSubnetMask - subnet mask for destination
# sourceIpAddress - originating address
# sourceIpSubnetMask - subnet mask for origin address
# protocol - tcp/udp
# destinationPortRangeStart - first port the rule will effect
# destinationPortRangeEnd - last port the rule will effect
# orderValue - order in which rules are applied (lower is sooner)
#
# Important manual pages:
# http://sldn.softlayer.com/reference/services/SoftLayer_Network_Firewall_Update_Request
# http://sldn.softlayer.com/reference/services/SoftLayer_Network_Firewall_Update_Request/createObject
# @License: http://sldn.softlayer.com/article/License
# @Author: SoftLayer Technologies, Inc. <sldn@softlayer.com>
# So we can talk to the SoftLayer API:
import SoftLayer
# Your SoftLayer API username and key.
#
# Generate an API key at the SoftLayer Customer Portal
API_USERNAME = 'set me'
API_KEY = 'set me'
# Create the client object
client = SoftLayer.Client(username=API_USERNAME, api_key=API_KEY)
serverId = 5439388
objectMask = "mask[firewallServiceComponent[rules]]"
server = client['Virtual_Guest'].getObject(mask=objectMask, id=serverId)
try:
# Modifying a rule
if 'firewallServiceComponent' in server:
ipToAllow = '192.168.1.1'
index = 0
if 'rules' in server['firewallServiceComponent']:
rules = server['firewallServiceComponent']['rules']
for rule in rules:
if rule['sourceIpAddress'] == ipToAllow:
rule['action'] = 'deny'
rules[index] = rule
index += 1
updateRequestTemplate = {
'networkComponentFirewallId': server['firewallServiceComponent']['id'],
'rules': rules
}
updateRequestClient = client['SoftLayer_Network_Firewall_Update_Request'].createObject(
updateRequestTemplate)
print("Rule updated!")
else:
print("The server does not have firewall component")
except SoftLayer.SoftLayerAPIError as e:
print("Error updating the rule faultCode=%s, faultString=%s"
% (e.faultCode, e.faultString))
exit(1)
这篇关于我需要通过 REST API 创建一个 softlayer 网络防火墙规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
