Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

distributedfirewall-rule

This topic describes the verbs, command-line arguments, and API parameters available for the distributedfirewall-rule noun in the BMC Cloud Lifecycle Management SDK.

add

Warning

Note

This command attempts to acquire a lock on the firewall, and will update rules only if that lock was acquired.

Use distributedfirewall-rule-add from the command line to add a rule to a distributed firewall interface.

Command-line syntax
clm distributedfirewall-rule-add [-h] [--waitfor TIME_OUT_SECONDS] --firewallname NAME --interfacename NAME --environmentname NAME --sourceaddress SUBNET [--sourcemask NETWORK_MASK] --destinationaddress SUBNET [--destinationmask NETWORK_MASK] --destinationportrange PORT|PORT1-PORT2 --protocol {17,6,1} [--accept] [--hidden] [--locked] [--logged] [--description DESCRIPTION]

Use distributedfirewall_rule_add in the API to add a rule to a distributed firewall interface. This command returns a LogicalSimpleFirewallRule API object with the same attributes and relationships.

API syntax
obj = distributedfirewall_rule_add(gcac, firewallname=None, interfacename=None, environmentname=None, description=None, sourceaddress=None, sourcemask=None, destinationaddress=None, destinationmask=None, destinationportrange=None, protocol=None, accept=None, hidden=None, locked=None, logged=None)

obj.guid # returns the GUID
obj.name # returns the name
...

Command-line argument

API parameter

Description

Required?

--firewallname
firewallname

Name of the firewall to which the rule applies.

Yes

--interfacename
interfacename

Name of the firewall NIC interface.

Yes

--environmentname
environmentname

Name of the environment that contains the specified firewall.

Yes

--sourceaddress
sourceaddress

IP address of the source.

Yes

--destinationaddress
destinationaddress

IP address of the destination.

Yes

--destinationportrange
destinationportrange

A single port number or a port range.

Yes

--protocol
protocol

The protocol identifier:

  • 1—ICMP
  • 6—TCP
  • 17—UDP

Yes

--sourcemask
sourcemask

Subnet mask of the source.

 

--destinationmask
destinationmask

Subnet mask of the destination.

 

--accept
accept

Indicate that traffic is allowed. This parameter does not need a value for the command line. For the API, specify true, false, or None.

 

--hidden
hidden

Indicate that the rule is hidden. This parameter does not need a value for the command line. For the API, specify true, false, or None.

 

--locked
locked

Indicate that the rule is locked. This parameter does not need a value for the command line. For the API, specify true, false, or None.

 

--logged
logged

Indicate that traffic matching rules should log an entry for audit. This parameter does not need a value for the command line. For the API, specify true, false, or None.

 

--description
description

A description of the firewall rule.

 

--waitfor

 

Time in seconds to wait for response from the server, otherwise return running task details.

 

 

gcac

GenericCloudAPIClient instance/user authentication.

 

delete

Warning

Note

This command attempts to acquire a lock on the firewall, and will update rules only if that lock was acquired.

Use distributedfirewall-rule-delete from the command line to remove a rule from a distributed firewall interface.

Command-line syntax
clm distributedfirewall-rule-delete [-h] [--waitfor TIME_OUT_SECONDS] --firewallname NAME --interfacename NAME --environmentname NAME [--rule GUID] [--sourceaddress SUBNET] [--sourcemask NETWORK_MASK] [--destinationaddress SUBNET] [--destinationmask NETWORK_MASK] [--destinationportrange PORT|PORT1-PORT2] [--protocol {17,6,1}] [--description DESCRIPTION]

Use distributedfirewall_rule_delete in the API to remove a rule from a distributed firewall interface. This command returns a LogicalSimpleFirewallRule API object with the same attributes and relationships.

API syntax
obj = distributedfirewall_rule_delete(gcac, firewallname=None, interfacename=None, environmentname=None, ruleid=None, description=None, sourceaddress=None, sourcemask=None, destinationaddress=None, destinationmask=None, destinationportrange=None, protocol=None)

obj.guid # returns the GUID
obj.name # returns the name
...

Command-line argument

API parameter

Description

Required?

--firewallname
firewallname

Name of the firewall from which to remove the rule.

Yes

--interfacename
interfacename

Name of the firewall NIC interface.

Yes

--environmentname
environmentname

Name of the environment that contains the specified firewall.

Yes

--rule
ruleid

GUID of the rule to delete.

 

--sourceaddress
sourceaddress

IP address of the source.

 

--sourcemask
sourcemask

Subnet mask of the source.

 

--destinationaddress
destinationaddress

IP address of the destination.

 

--destinationmask
destinationmask

Subnet mask of the destination.

 

--destinationportrange
destinationportrange

A single port number or a port range.

 

--protocol
protocol

The protocol identifier:

  • 1—ICMP
  • 6—TCP
  • 17—UDP

 

--description
description

A description of the firewall rule.

 

--waitfor

 

Time in seconds to wait for response from the server, otherwise return running task details.

 

 

gcac

GenericCloudAPIClient instance/user authentication.

 

list

Use distributedfirewall-rule-list from the command line to list the rules associated with distributed firewall interfaces.

Command-line syntax
clm distributedfirewall-rule-list [-h] [-l] [-u] [-n] [-s] [-k FIELD_NAME [FIELD_NAME ...]] [--filter FIELD_NAME=VALUE [FIELD_NAME=VALUE ...]] --firewallname NAME

Use distributedfirewall_rule_list in the API to list the rules associated with distributed firewall interfaces. This command returns a list of LogicalSimpleFirewallRule API objects with the same attributes and relationships.

API syntax
obj = distributedfirewall_rule_list(gcac, firewallName=None, filters=None)

obj.guid # returns the GUID
obj.name # returns the name
...

Command-line argument

API parameter

Description

Required?

--firewallname
firewallName

Name of the distributed firewall.

Yes

-l

 

List all fields. This parameter does not need a value.

 

-u

 

List only GUIDs. This parameter does not need a value.

 

-n

 

List only names. This parameter does not need a value.

 

-s

 

List GUIDs, names, and status (if applicable). This parameter does not need a value.

 

-k

 

List the field names specified in the value for this parameter.

 

--filter
filters

List the output that matches the specified filters.

 

 

gcac

GenericCloudAPIClient instance/user authentication.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Cloud Lifecycle Management 4.1