Table of Contents
Advertisement
vShield API Programming Guide
Example 6-1. Viewing the Firewall Rule Set for a Container
Request:
GET <vshield_manager-uri>/api/1.0/zones/<container-moid>/firewall/rules
Example:
GET /api/1.0/zones/datacenter-4361/firewall/rules HTTP/1.1
Host: localhost
Authorization: Basic YWRtaW46ZGVmYXVsdA==
Post an App Firewall Rule Set for a Container
You can add an App Firewall rule set via REST for a datacenter, cluster, or port group container.
The vShield Manager processes the posted XML file as a complete rule set for the specified container. The
current container rule set is replaced with this new set of rules.
If you add a new rule to an existing rule set, the new rule must be identified as Rule ID 0:
<RuleSet><Rule><ID>0</ID>...</Rule></RuleSet>. If you are updating an existing rule set, you must
use the same Rule IDs as the current rule set to maintain current rules after the new rule set is posted.
I
You must include rules from the current rule set in the new rule set to maintain those rules. Any
MPORTANT
rules not included in the new rule set are deleted. Since you cannot delete the default rules, you must include
the default rules in every rule set. You can change the action of any of the default rules.
Example 6-2. Post a Firewall Rule Set at the Datacenter Level
Request:
POST <vshield_manager-uri>/api/1.0/zones/<container-moid>/firewall/rules
Example:
POST /api/1.0/zones/datacenter-7/firewall/rules
content-type: application/xml; charset=UTF-8
Authorization: Basic YWRtaW46ZGVmYXVsdA==
Host: 192.168.102.134
content-length: 655
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
54
<vshieldZonesFirewallConfiguration><ContainerAssociation><Container
id="vShield"><InstanceId>datacenter-7</InstanceId></Container><Container
id="ANY"><Name>ANY</Name></Container></ContainerAssociation><RuleSet><Rule><ID>0</
ID><Precedence>High</Precedence><Position>1</Position><Source ref="vShield"
exclude="false"/><Destination ref="vShield"
exclude="true"/><SourcePorts>ANY</SourcePorts><Application
type="UNICAST">FTP</Application><DestinationPorts>21</DestinationPorts><Protocol>T
CP</Protocol><Action>ALLOW</Action><Log>false</Log><Notes></Notes></Rule><Rule><ID
>58024</ID><Precedence>High</Precedence><Position>1</Position><Source
ref="vShield" exclude="true"/><Destination ref="vShield"
exclude="false"/><SourcePorts>ANY</SourcePorts><Application
type="UNICAST">MS-DS</Application><DestinationPorts>445</DestinationPorts><Protoco
l>TCP</Protocol><Action>DENY</Action><Log>false</Log><Notes></Notes></Rule><Rule><
ID>1001</ID><Precedence>Default</Precedence><Position>1</Position><Source
ref="ANY" exclude="false"/><Destination ref="ANY"
exclude="false"/><SourcePorts>68</SourcePorts><Application
type="UNICAST">DHCP-Server</Application><DestinationPorts>67</DestinationPorts><Pr
otocol>UDP</Protocol><Action>ALLOW</Action><Log>false</Log><Notes></Notes></Rule><
Rule><ID>1002</ID><Precedence>Default</Precedence><Position>2</Position><Source
ref="ANY" exclude="false"/><Destination ref="ANY"
exclude="false"/><SourcePorts>67</SourcePorts><Application
type="UNICAST">DHCP-Client</Application><DestinationPorts>68</DestinationPorts><Pr
otocol>UDP</Protocol><Action>ALLOW</Action><Log>false</Log><Notes></Notes></Rule><
Rule><ID>1003</ID><Precedence>Default</Precedence><Position>3</Position><Source
VMware, Inc.
Advertisement
Table of Contents
