• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Neutron
  5. Firewall
  6. Firewall API Overview

Firewall API Overview

Object Introduction

Use FWaaS API 2.0 to manage and perform other operations on the firewall object models. The operations include querying, creating, updating, and deleting firewall rules, querying, creating, updating, and deleting firewall policies, as well as querying, creating, updating, and deleting firewall groups.

NOTE:

A firewall denies all traffic to and from any associated subnet by default. The default rules cannot be queried or modified.

Object Model

Table 1 Firewall Rule object

Attribute

Type

CRUD

Default Value

Constraint

Description

id

Uuid-str

R

None

N/A

Specifies the UUID of the firewall rule.

name

String(255)

CRU

None

The value can contain a maximum of 255 characters.

Specifies the firewall rule name.

description

String(255)

CRU

None

The value can contain a maximum of 255 characters.

Provides supplementary information about the firewall rule.

tenant_id

Uuid-str

R

None

N/A

Specifies the project ID.

public

Bool

CRU

false

The value can only be true or false.

Specifies whether the firewall rule can be shared by different tenants.

protocol

String

CRU

None

The value can be TCP, UDP, ICMP, or a value ranging from 0 to 255.

Specifies the supported Internet Protocol (IP) protocol.

source_port

String

CRU

None

The value can be an integer from 1 to 65535 or a port number range in the format of a:b.

Specifies the source port number or port number range.

destination_port

String

CRU

None

The value can be an integer from 1 to 65535 or a port number range in the format of a:b.

Specifies the destination port number or port number range.

ip_version

int

CRU

4

IPv4/IPv6

Specifies the IP protocol version.

source_ip_address

String

CRU

None

N/A

Specifies the source IP address or CIDR block.

destination_ip_address

String

CRU

None

N/A

Specifies the destination IP address or CIDR block.

action

String

CRU

DENY

DENY/ALLOW

Specifies action performed on traffic passing through the firewall.

enabled

Bool

CRU

true

true/false

Specifies whether the firewall rule is enabled.

project_id

String(64)

R

N/A

N/A

Specifies the project ID of a resource.

Table 2 Firewall Policy object

Attribute

Type

CRUD

Default Value

Constraint

Description

id

Uuid-str

R

None

N/A

Specifies the UUID of the firewall policy.

name

String

CRU

None

The value can contain a maximum of 255 characters.

Specifies the name of the firewall policy.

description

String

CRU

None

The value can contain a maximum of 255 characters.

Provides supplementary information about the firewall policy.

tenant_id

Uuid-str

CR

None

N/A

Specifies the project ID.

firewall_rules

List

CRU

None

N/A

Specifies the firewall rules referenced by the firewall policy.

audited

Bool

CRU

false

true/false

Specifies the audit flag.

public

Bool

CRU

false

The value can only be true or false.

Specifies whether the firewall policy can be shared by different tenants.

project_id

String(64)

R

N/A

N/A

Specifies the project ID of a resource.

Table 3 Firewall Group object

Attribute

Type

CRUD

Default Value

Constraint

Description

id

Uuid-str

R

None

N/A

Specifies the UUID of the firewall group.

name

String

CRU

None

The value can contain a maximum of 255 characters.

Specifies the name of the firewall group.

description

String

CRU

None

The value can contain a maximum of 255 characters.

Provides supplementary information about the firewall group.

tenant_id

Uuid-str

CR

None

N/A

Specifies the project ID.

ingress_firewall_policy_id

Uuid-str

CRU

None

N/A

Specifies the firewall policy for inbound traffic.

egress_firewall_policy_id

Uuid-str

CRU

None

N/A

Specifies the firewall policy for outbound traffic.

ports

List

CRU

None

The value must be the port ID of the distributed router.

Specifies the list of ports bound with the firewall group.

public

Bool

CRU

false

The value can only be true or false.

Specifies whether the firewall group can be shared by different tenants.

status

String

R

None

Possible values are as follows:

ACTIVE, CREATE, INACTIVE, PENDING_CREATE, PENDING_UPDATE, PENDING_DELETE, and ERROR

Specifies the status of the firewall policy.

admin_state_up

Bool

CRU

true

true/false

Specifies whether the firewall is controlled by the administrator.

project_id

String(64)

R

N/A

N/A

Specifies the project ID of a resource.