distributedfirewall-rule
This topic describes the verbs, command-line arguments, and API parameters available for the distributedfirewall-rule noun in the BMC Cloud Lifecycle Management SDK.
add
Use distributedfirewall-rule-add from the command line to add a rule to a distributed firewall interface.
--interfacename NAME --environmentname NAME --sourceaddress SUBNET [--sourcemask NETWORK_MASK]
--destinationaddress SUBNET [--destinationmask NETWORK_MASK] --destinationportrange PORT|PORT1-PORT2
--protocol {17,6,1} [--accept] [--hidden] [--locked] [--logged] [--description DESCRIPTION]
Use distributedfirewall_rule_add in the API to add a rule to a distributed firewall interface. This command returns a LogicalSimpleFirewallRule API object with the same attributes and relationships.
environmentname=None, description=None, sourceaddress=None, sourcemask=None,
destinationaddress=None, destinationmask=None, destinationportrange=None,
protocol=None, accept=None, hidden=None, locked=None, logged=None)
obj.guid # returns the GUID
obj.name # returns the name
...
Command-line argument | API parameter | Description | Required? |
|---|---|---|---|
--firewallname | firewallname | Name of the firewall to which the rule applies. | Yes |
--interfacename | interfacename | Name of the firewall NIC interface. | Yes |
--environmentname | environmentname | Name of the environment that contains the specified firewall. | Yes |
--sourceaddress | sourceaddress | IP address of the source. | Yes |
--destinationaddress | destinationaddress | IP address of the destination. | Yes |
--destinationportrange | destinationportrange | A single port number or a port range. | Yes |
--protocol | protocol | The protocol identifier:
| Yes |
--sourcemask | sourcemask | Subnet mask of the source. |
|
--destinationmask | destinationmask | Subnet mask of the destination. |
|
--accept | accept | Indicate that traffic is allowed. This parameter does not need a value for the command line. For the API, specify true, false, or None. |
|
--hidden | hidden | Indicate that the rule is hidden. This parameter does not need a value for the command line. For the API, specify true, false, or None. |
|
--locked | locked | Indicate that the rule is locked. This parameter does not need a value for the command line. For the API, specify true, false, or None. |
|
--logged | logged | Indicate that traffic matching rules should log an entry for audit. This parameter does not need a value for the command line. For the API, specify true, false, or None. |
|
--description | description | A description of the firewall rule. |
|
--waitfor |
| Time in seconds to wait for response from the server, otherwise return running task details. |
|
| gcac | GenericCloudAPIClient instance/user authentication. |
|
delete
Use distributedfirewall-rule-delete from the command line to remove a rule from a distributed firewall interface.
--interfacename NAME --environmentname NAME [--rule GUID] [--sourceaddress SUBNET]
[--sourcemask NETWORK_MASK] [--destinationaddress SUBNET] [--destinationmask NETWORK_MASK]
[--destinationportrange PORT|PORT1-PORT2] [--protocol {17,6,1}] [--description DESCRIPTION]
Use distributedfirewall_rule_delete in the API to remove a rule from a distributed firewall interface. This command returns a LogicalSimpleFirewallRule API object with the same attributes and relationships.
environmentname=None, ruleid=None, description=None, sourceaddress=None, sourcemask=None,
destinationaddress=None, destinationmask=None, destinationportrange=None, protocol=None)
obj.guid # returns the GUID
obj.name # returns the name
...
Command-line argument | API parameter | Description | Required? |
|---|---|---|---|
--firewallname | firewallname | Name of the firewall from which to remove the rule. | Yes |
--interfacename | interfacename | Name of the firewall NIC interface. | Yes |
--environmentname | environmentname | Name of the environment that contains the specified firewall. | Yes |
--rule | ruleid | GUID of the rule to delete. |
|
--sourceaddress | sourceaddress | IP address of the source. |
|
--sourcemask | sourcemask | Subnet mask of the source. |
|
--destinationaddress | destinationaddress | IP address of the destination. |
|
--destinationmask | destinationmask | Subnet mask of the destination. |
|
--destinationportrange | destinationportrange | A single port number or a port range. |
|
--protocol | protocol | The protocol identifier:
|
|
--description | description | A description of the firewall rule. |
|
--waitfor |
| Time in seconds to wait for response from the server, otherwise return running task details. |
|
| gcac | GenericCloudAPIClient instance/user authentication. |
|
list
Use distributedfirewall-rule-list from the command line to list the rules associated with distributed firewall interfaces.
[--filter FIELD_NAME=VALUE [FIELD_NAME=VALUE ...]] --firewallname NAME
Use distributedfirewall_rule_list in the API to list the rules associated with distributed firewall interfaces. This command returns a list of LogicalSimpleFirewallRule API objects with the same attributes and relationships.
obj.guid # returns the GUID
obj.name # returns the name
...
Command-line argument | API parameter | Description | Required? |
|---|---|---|---|
--firewallname | firewallName | Name of the distributed firewall. | Yes |
-l |
| List all fields. This parameter does not need a value. |
|
-u |
| List only GUIDs. This parameter does not need a value. |
|
-n |
| List only names. This parameter does not need a value. |
|
-s |
| List GUIDs, names, and status (if applicable). This parameter does not need a value. |
|
-k |
| List the field names specified in the value for this parameter. |
|
--filter | filters | List the output that matches the specified filters. |
|
| gcac | GenericCloudAPIClient instance/user authentication. |
|