firewall-rule
This topic describes the verbs, command-line arguments, and API parameters available for the firewall-rule noun in the BMC Cloud Lifecycle Management SDK.
add
Use firewall-rule-add from the command line to add a rule to a perimeter firewall interface.
--environmentname NAME --sourceaddress SUBNET [--sourcemask NETWORK_MASK]
--destinationaddress SUBNET [--destinationmask NETWORK_MASK] --destinationportrange PORT|PORT1-PORT2
--protocol {17,6,1} [--accept] [--hidden] [--locked] [--logged] [--description DESCRIPTION]
--direction {Inbound,Outbound}
Use firewall_rule_add in the API to add a rule to a perimeter firewall interface. This command returns a LogcalSimpleFirewallRule Python object with the same attributes and relationships.
description=None, sourceaddress=None, sourcemask=None, destinationaddress=None,
destinationmask=None, destinationportrange=None, protocol=None, direction=None,
accept=None, hidden=None, locked=None, logged=None)
obj.guid # returns the GUID
obj.name # returns the name
...
Command-line argument | API parameter | Description | Required? |
|---|---|---|---|
--firewallname | firewallname | Name of the firewall to which the rule applies. | Yes |
--interfacename | interfacename | Name of the firewall NIC interface. | Yes |
--environmentname | environmentname | Name of the environment that contains the specified firewall. | Yes |
--sourceaddress | sourceaddress | IP address of the source. | Yes |
--destinationaddress | destinationaddress | IP address of the destination. | Yes |
--destinationportrange | destinationportrange | A single port number or a port range. | Yes |
--protocol | protocol | The protocol identifier:
| Yes |
--direction | direction | The direction (either inbound or outbound) of the rule. | Yes |
--sourcemask | sourcemask | Subnet mask of the source. |
|
--destinationmask | destinationmask | Subnet mask of the destination. |
|
--accept | accept | Indicate that traffic is allowed. This parameter does not need a value for the command line. For the API, specify true, false, or None. |
|
--hidden | hidden | Indicate that the rule is hidden. This parameter does not need a value for the command line. For the API, specify true, false, or None. |
|
--locked | locked | Indicate that the rule is locked. This parameter does not need a value for the command line. For the API, specify true, false, or None. |
|
--logged | logged | Indicate that traffic matching rules should log an entry for audit. This parameter does not need a value for the command line. For the API, specify true, false, or None. |
|
--description | description | A description of the firewall rule. |
|
--waitfor |
| Time in seconds to wait for response from the server, otherwise return running task details. |
|
| gcac | GenericCloudAPIClient instance/user authentication. |
|
delete
Use firewall-rule-delete from the command line to remove a rule from a perimeter firewall interface.
--environmentname NAME [--rule GUID] [--sourceaddress SUBNET] [--sourcemask NETWORK_MASK]
[--destinationaddress SUBNET] [--destinationmask NETWORK_MASK] [--destinationportrange PORT|PORT1-PORT2]
[--protocol {17,6,1}] [--description DESCRIPTION] --direction {Inbound,Outbound}
Use firewall_rule_delete in the API to remove a rule from a perimeter firewall interface. This command returns a LogcalSimpleFirewallRule Python object with the same attributes and relationships.
ruleid=None, description=None, sourceaddress=None, sourcemask=None, destinationaddress=None,
destinationmask=None, destinationportrange=None, protocol=None, direction=None)
obj.guid # returns the GUID
obj.name # returns the name
...
Command-line argument | API parameter | Description | Required? |
|---|---|---|---|
--firewallname | firewallname | Name of the firewall from which to remove the rule. | Yes |
--interfacename | interfacename | Name of the firewall NIC interface. | Yes |
--environmentname | environmentname | Name of the environment that contains the specified firewall. | Yes |
--direction | direction | The direction (either inbound or outbound) of the rule. | Yes |
--rule | ruleid | GUID of the rule to delete. |
|
--sourceaddress | sourceaddress | IP address of the source. |
|
--sourcemask | sourcemask | Subnet mask of the source. |
|
--destinationaddress | destinationaddress | IP address of the destination. |
|
--destinationmask | destinationmask | Subnet mask of the destination. |
|
--destinationportrange | destinationportrange | A single port number or a port range. |
|
--protocol | protocol | The protocol identifier:
|
|
--description | description | A description of the firewall rule. |
|
--waitfor |
| Time in seconds to wait for response from the server, otherwise return running task details. |
|
| gcac | GenericCloudAPIClient instance/user authentication. |
|
list
Use firewall-rule-list from the command line to list the inbound and outbound rules associated with perimeter firewall interfaces.
[--filter FIELD_NAME=VALUE [FIELD_NAME=VALUE ...]] --firewallname NAME --environment NAME
Use firewall_rule_list in the API to list the inbound and outbound rules associated with perimeter firewall interfaces. This command returns a list of LogicalSimpleFirewallRule API objects with the same attributes and relationships.
obj[n].guid returns the GUID
obj[n].name returns the name
...
Command-line argument | API parameter | Description | Required? |
|---|---|---|---|
--firewallname | firewallName | Name of the firewall. | Yes |
--environment | environmentName | Name of the environment containing the firewall. | Yes |
-l |
| List all fields. This parameter does not need a value. |
|
-u |
| List only GUIDs. This parameter does not need a value. |
|
-n |
| List only names. This parameter does not need a value. |
|
-s |
| List GUIDs, names, and status (if applicable). This parameter does not need a value. |
|
-k |
| List the field names specified in the value for this parameter. |
|
--filter | filters | List the output that matches the specified filters. |
|
| gcac | GenericCloudAPIClient instance/user authentication. |
|