Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

firewall-rule

This topic describes the verbs, command-line arguments, and API parameters available for the firewall-rule noun in the BMC Cloud Lifecycle Management SDK.

add

Warning

Note

This command attempts to acquire a lock on the firewall, and will update rules only if that lock was acquired.

Use firewall-rule-add from the command line to add a rule to a perimeter firewall interface.

Command-line syntax
python com/bmc/cloud/sdk/commandline/clmcmd.py firewall-rule-add [-h] [--waitfor TIME_OUT_SECONDS] --firewallname NAME --interfacename NAME --environmentname NAME --sourceaddress SUBNET [--sourcemask NETWORK_MASK] --destinationaddress SUBNET [--destinationmask NETWORK_MASK] --destinationportrange PORT|PORT1-PORT2 --protocol {17,6,1} [--accept] [--hidden] [--locked] [--logged] [--description DESCRIPTION] --direction {Inbound,Outbound}

Use firewall_rule_add in the API to add a rule to a perimeter firewall interface. This command returns a  LogcalSimpleFirewallRule Python object with the same attributes and relationships.

API syntax
obj = firewall_rule_add(gcac, firewallname=None, interfacename=None, environmentname=None, description=None, sourceaddress=None, sourcemask=None, destinationaddress=None, destinationmask=None, destinationportrange=None, protocol=None, direction=None, accept=None, hidden=None, locked=None, logged=None)

obj.guid # returns the GUID
obj.name # returns the name
...

Command-line argument

API parameter

Description

Required?

--firewallname
firewallname

Name of the firewall to which the rule applies.

Yes

--interfacename
interfacename

Name of the firewall NIC interface.

Yes

--environmentname
environmentname

Name of the environment that contains the specified firewall.

Yes

--sourceaddress
sourceaddress

IP address of the source.

Yes

--destinationaddress
destinationaddress

IP address of the destination.

Yes

--destinationportrange
destinationportrange

A single port number or a port range.

Yes

--protocol
protocol

The protocol identifier:

  • 1—ICMP
  • 6—TCP
  • 17—UDP

Yes

--direction
direction

The direction (either inbound or outbound) of the rule.

Yes

--sourcemask
sourcemask

Subnet mask of the source.

 

--destinationmask
destinationmask

Subnet mask of the destination.

 

--accept
accept

Indicate that traffic is allowed. This parameter does not need a value for the command line. For the API, specify true, false, or None.

 

--hidden
hidden

Indicate that the rule is hidden. This parameter does not need a value for the command line. For the API, specify true, false, or None.

 

--locked
locked

Indicate that the rule is locked. This parameter does not need a value for the command line. For the API, specify true, false, or None.

 

--logged
logged

Indicate that traffic matching rules should log an entry for audit. This parameter does not need a value for the command line. For the API, specify true, false, or None.

 

--description
description

A description of the firewall rule.

 

--waitfor

 

Time in seconds to wait for response from the server, otherwise return running task details.

 

 

gcac

Instance of the gcac authentication instance.

 

delete

Warning

Note

This command attempts to acquire a lock on the firewall, and will update rules only if that lock was acquired.

Use firewall-rule-delete from the command line to remove a rule from a perimeter firewall interface.

Command-line syntax
python com/bmc/cloud/sdk/commandline/clmcmd.py firewall-rule-delete [-h] [--waitfor TIME_OUT_SECONDS] --firewallname NAME --interfacename NAME --environmentname NAME [--rule GUID] [--sourceaddress SUBNET] [--sourcemask NETWORK_MASK] [--destinationaddress SUBNET] [--destinationmask NETWORK_MASK] [--destinationportrange PORT|PORT1-PORT2] [--protocol {17,6,1}] [--description DESCRIPTION] --direction {Inbound,Outbound}

Use firewall_rule_delete in the API to remove a rule from a perimeter firewall interface. This command returns a  LogcalSimpleFirewallRule Python object with the same attributes and relationships.

API syntax
obj = firewall_rule_delete(gcac, firewallname=None, interfacename=None, environmentname=None, ruleid=None, description=None, sourceaddress=None, sourcemask=None, destinationaddress=None, destinationmask=None, destinationportrange=None, protocol=None, direction=None)

obj.guid # returns the GUID
obj.name # returns the name
...

Command-line argument

API parameter

Description

Required?

--firewallname
firewallname

Name of the firewall from which to remove the rule.

Yes

--interfacename
interfacename

Name of the firewall NIC interface.

Yes

--environmentname
environmentname

Name of the environment that contains the specified firewall.

Yes

--direction
direction

The direction (either inbound or outbound) of the rule.

Yes

--rule
ruleid

GUID of the rule to delete.

 

--sourceaddress
sourceaddress

IP address of the source.

 

--sourcemask
sourcemask

Subnet mask of the source.

 

--destinationaddress
destinationaddress

IP address of the destination.

 

--destinationmask
destinationmask

Subnet mask of the destination.

 

--destinationportrange
destinationportrange

A single port number or a port range.

 

--protocol
protocol

The protocol identifier:

  • 1—ICMP
  • 6—TCP
  • 17—UDP

 

--description
description

A description of the firewall rule.

 

--waitfor

 

Time in seconds to wait for response from the server, otherwise return running task details.

 

 

gcac

Instance of the gcac authentication instance.

 

list

Use firewall-rule-list from the command line to list the inbound and outbound rules associated with perimeter firewall interfaces.

Command-line syntax
python com/bmc/cloud/sdk/commandline/clmcmd.py firewall-rule-list [-h] [-l] [-u] [-n] [-s] [-k FIELD_NAME [FIELD_NAME ...]] [--filter FIELD_NAME=VALUE [FIELD_NAME=VALUE ...]] --firewallname NAME --environment NAME

Use firewall_rule_list in the API to list the inbound and outbound rules associated with perimeter firewall interfaces. This command returns a list of LogicalSimpleFirewallRule API objects with the same attributes and relationships.

API syntax
obj = firewall_rule_list(gcac, firewallName=None, environmentName=None, filters=None)

obj[n].guid returns the GUID
obj[n].name returns the name
...

Command-line argument

API parameter

Description

Required?

--firewallname
firewallName

Name of the firewall.

Yes

--environment
environmentName

Name of the environment containing the firewall.

Yes

-l

 

List all fields. This parameter does not need a value.

 

-u

 

List only GUIDs. This parameter does not need a value.

 

-n

 

List only names. This parameter does not need a value.

 

-s

 

List GUIDs, names, and status (if applicable). This parameter does not need a value.

 

-k

 

List the field names specified in the value for this parameter.

 

--filter
filters

List the output that matches the specified filters.

 

 

gcac

Instance of the gcac authentication instance.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Cloud Lifecycle Management 4.0