• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Neutron
  5. Firewall as a Service
  6. Introduction

Introduction

Object

Use FWaaS API 2.0 to manage and perform other operations on the firewall object models. The operations include querying, creating, updating, and deleting firewall rules, firewall policies, and firewall groups.

Object Model

Table 1 Firewall rule object

Attribute

Type

CRUD

Default Value

Restriction

Description

id

Uuid-str

R

N/A

N/A

Specifies the UUID of a firewall rule.

name

String(255)

CRU

N/A

1 to 255 characters

Specifies the firewall rule name.

description

String(255)

CRU

N/A

1 to 255 characters

Specifies the description about a firewall rule.

tenant_id

Uuid-str

CR

N/A

N/A

Specifies the firewall rule owner.

public

Bool

CRU

false

The value is true or false.

Specifies whether the firewall rule can be shared across tenants.

This attribute is for administrators only. Tenants cannot configure or update this attribute and can only query it.

protocol

String

CRU

N/A

Supports TCP, UDP, ICMP or 0 to 255.

Specifies the IP protocol.

source_port

String

CRU

N/A

The value is a positive integer ranging from 1 to 65535 or is a port range, for example, a:b.

Specifies the port number or port range on the source end.

destination_port

String

CRU

N/A

The value is a positive integer ranging from 1 to 65535 or is a port range, for example, a:b.

Specifies the port number or port range on the destination end.

ip_version

Integer

CRU

4

IPv4/IPv6

Specifies the IP protocol version.

source_ip_address

String

CRU

N/A

N/A

Specifies the source IP address or CIDR of the firewall rule.

destination_ip_address

String

CRU

N/A

N/A

Specifies the destination IP address or CIDR of the firewall rule.

action

String

CRU

DENY

DENY/ALLOW/REJECT

Specifies actions performed on forwarded firewall traffic.

enabled

Bool

CRU

true

true/false

Specifies whether the firewall rule can be enabled.

Table 2 Firewall policy object

Attribute

Type

CRUD

Default Value

Restriction

Description

id

Uuid-str

R

N/A

N/A

Specifies the UUID of the firewall policy.

name

String

CRU

N/A

1 to 255 characters

Specifies the firewall policy name.

description

String

CRU

N/A

1 to 255 characters

Specifies the firewall policy description.

tenant_id

Uuid-str

CR

N/A

N/A

Specifies the firewall policy owner.

firewall_rules

List

CRU

N/A

N/A

Specifies the firewall rules referenced by the firewall policy.

audited

Bool

CRU

false

true/false

Specifies an audit flag.

public

Bool

CRU

false

The value is true or false.

Specifies whether the firewall rule can be shared across tenants.

This attribute is for administrators only. Tenants cannot configure or update this attribute and can only query it.

Table 3 Firewall group object

Attribute

Type

CRUD

Default Value

Restriction

Description

id

Uuid-str

R

N/A

N/A

Specifies the UUID of the firewall group.

name

String

CRU

N/A

1 to 255 characters

Specifies the firewall group name.

description

String

CRU

N/A

1 to 255 characters

Specifies the firewall group description.

tenant_id

Uuid-str

CR

N/A

N/A

Specifies the firewall group owner.

ingress_firewall_policy_id

Uuid-str

CRU

N/A

N/A

Specifies the inbound firewall policy.

egress_firewall_policy_id

Uuid-str

CRU

N/A

N/A

Specifies the outbound firewall policy.

ports

List

CRU

N/A

The value must be the port ID of the distributed router.

Specifies the list of ports bound to a firewall group.

public

Bool

CRU

false

The value is true or false.

Specifies whether the firewall rule can be shared across tenants.

This attribute is for administrators only. Tenants cannot configure or update this attribute and can only query it.

status

String

R

N/A

The value can be:

ACTIVE, CREATED, INACTIVE, PENDING_CREATE, PENDING_UPDATE, PENDING_DELETE, and ERROR

Specifies the firewall policy status.

admim_state_up

Bool

CRU

true

true/false

Specifies whether the firewall is controlled by the administrator.