Post A Firewall Rule Set - VMware VSHIELD APP 1.0.0 UPDATE 1 - API Programming Manual

vShield API Programming Guide
Example:
GET /api/1.0/network/network-244/firewall/rules HTTP/1.1
Authorization: Basic YWRtaW46ZGVmYXVsdA==
Host: 10.112.196.213

Post a Firewall Rule Set

You add all firewall rules as a set for each vShield Edge. The vShield Manager processes the posted XML file
as a complete rule set for the specified vShield Edge. The new rule set replaces the entire previous rule set.
Example 5-26. Post the Firewall Rule Set on a vShield Edge
Request:
POST <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/firewall/rules
<VShieldEdgeConfig>
<FirewallConfig>
<FirewallRule>
<protocol>tcp|udp|icmp|any</protocol>
<sourceIpAddress>see_below</sourceIpAddress>
<sourcePort>see_below</sourcePort>
<destinationIpAddress>see_below</destinationIpAddress>
<destinationPort>see_below</destinationPort>
<direction>in|out|both</direction>
<action>allow|deny</action>
</FirewallRule>
</FirewallConfig>
</VShieldEdgeConfig>
Rules:

You can add multiple firewall rules by entering multiple <
body.

For <protocol /> options tcp and udp, you must specify sourcePort and destinationPort elements.
For options icmp and any, the sourcePort and destinationPort elements are not expected.

You must add <icmpType /> if you configure icmp as the protocol.

Logging is disabled by default. To enable logging, add a <log /> element within <FirewallRule />.

The sourceIpAddress and destinationIpAddress parameters can be entered in either of these
formats.
<ipAddress>IpOrAny</ipAddress>
or
<IpRange>
<rangeStart>low_ip_address</rangeStart>
<rangeEnd>high_ip_address</rangeEnd>
</IpRange>

The sourcePort and destinationPort parameters can be entered in either of the following formats.
<port>PortOrAny</port>
or
<PortRange>
<rangeStart>low_port</rangeStart>
<rangeEnd>high_port</rangeEnd>
</PortRange>
34
></
FirewallRule FirewallRule
> sections in the
VMware, Inc.