我已经尝试了几天来获取API服务{' Network_Firewall_Update_Request_Rule']。createObject 工作没有成功。我确实让firewallManager edit_dedicated_fwl_rules工作,但现在也希望服务也能正常工作。我已经在整个网络上寻找答案而找不到答案。
我的问题是传递给防火墙规则的Service createObject的参数的语法是什么? 你有一个例子吗?
正在使用的命令是:
client = SoftLayer.create_client_from_env(username=user, api_key=api)
client['Network_Firewall_Update_Request_Rule'].createObject(id=12345, [{'action': 'permit'}])
是的,我知道我需要更多的创建规则声明。
这将返回"SyntaxError: non-keyword arg after keyword arg" because of the "id=".
将"id="
放在API的末尾:
client['Network_Firewall_Update_Request_Rule'].createObject([{'action': 'permit'}], id=12345)
then the error is "Either a component ID or an ACL ID must be supplied."
如果我删除" id ="并且只有
client['Network_Firewall_Update_Request_Rule'].createObject(12345, [{'action': 'permit'}])
然后错误是"必须提供组件ID或ACL ID。"
我知道我必须拥有"id="
,因为此命令有效:
client['Network_Firewall_Update_Request'].getRules(id=12345)
但是使用Manager API命令fw.edit_dedicated_fwl_rules(12345, [{'action': 'permit'}])
没有"id="
因为这会成功创建规则。
感谢您的帮助。
答案 0 :(得分:0)
查看这篇文章:
I need to create a softlayer network firewall rule through REST API
创建规则的REST示例如下:
POST https://[username]:[apikey]@api.softlayer.com/rest/v3/SoftLayer_Network_Firewall_Update_Request/createObjec
Payload:
{
"parameters": [
{
"networkComponentFirewallId": 72605,
"rules": [
{
"action": "permit",
"destinationIpAddress": "159.8.52.188",
"destinationIpCidr": 32,
"destinationPortRangeEnd": 122,
"destinationPortRangeStart": 12,
"notes": "This is a test",
"orderValue": 1,
"protocol": "tcp",
"sourceIpAddress": "10.10.10.0",
"sourceIpCidr": 32,
"version": 4
}
]
}
]
}
您需要根据所需的配置替换所有值。
现在你需要得到" networkComponentFirewallId"对于上面的请求,可以这样:
GET https://$USERID:$APIKEY@api.softlayer.com/rest/v3/SoftLayer_Virtual_Guest/$VSIID/getFirewallServiceComponent
使用Python,上面的示例将是这样的:
client['Network_Firewall_Update_Request_Rule'].createObject(
{
"networkComponentFirewallId": 72605,
"rules": [
{
"action": "permit",
"destinationIpAddress": "159.8.52.188",
"destinationIpCidr": 32,
"destinationPortRangeEnd": 122,
"destinationPortRangeStart": 12,
"notes": "This is a test",
"orderValue": 1,
"protocol": "tcp",
"sourceIpAddress": "10.10.10.0",
"sourceIpCidr": 32,
"version": 4
}
]
}
)
并获得" networkComponentFirewallId"属性:
client['Virtual_Guest'].getFirewallServiceComponent(id=VirtualGuest)
请注意,上面的示例是编辑附加到VSI的防火墙的规则。
为了在VLAN中为专用firewal创建规则,这是请求:
client['Network_Firewall_Update_Request_Rule'].createObject(
{
"firewallContextAccessControlListId": 3092,
"rules": [{
"action": "permit",
"destinationIpAddress": "any",
"destinationIpCidr": 32,
"destinationIpSubnetMask": "255.255.255.255",
"destinationPortRangeEnd": 65535,
"destinationPortRangeStart": 1,
"id": 5669281,
"orderValue": 1,
"protocol": "tcp",
"sourceIpAddress": "0.0.0.0",
"sourceIpCidr": 0,
"sourceIpSubnetMask": "0.0.0.0",
"status": "allow_edit",
"version": 4
}]
}
)
现在如何获取" firewallContextAccessControlListId"的值,你需要使用它:
client['SoftLayer_Network_Vlan'].getFirewallInterfaces(id=vlanId, mask="mask[firewallContextAccessControlLists]")
上面的方法将返回外部和内部的接口,当前只有你可以设置外部接口的规则
此致