Versions Compared

Old Version 25

changes.mady.by.user Huifeng Le (Deactivated)

Saved on

compared with

New Version 26

changes.mady.by.user Huifeng Le (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Request Parameters: same with GETPUT's response request

  • Request Example: same with GETPUT's response example


Response

...

  • Request Parameters:

    NameInTypeDescription
    policy-namepathstringpolicy name
    membersbodyarraypolicy members
    interfacebodystringmember interface name
    metricbodyint(optional) default: 1, members within one policy with a lower metric have precedence over higher metric members
    weightbodyint(optional) default: 1, members with same metric will distribute load based on this weight value


  • Request Example

    PUT /cgi-bin/luci/sdewan/mwan3/v1/policies/balanced

    {

           "members": [

               {

                   "interface": "net1",

                   "metric" 1,

                   "weight": 2

                }

                {

                    "interface": "net2",

                    "metric" 1,

                     "weight": 1

                }

           ]

    }


...

  • Normal response codes: 200

  • Response Parameters

    NameInTypeDescription
    redirectsbodyarraya list of defined redirects


  • Response Example


    {
        "redirects": [

            {

                "name":"DNAT-LAN",
                "src":"wan",
                "src_dport":"19900",
                "dest":"lan",
                "dest_ip":"192.168.1.1",
                "dest_port":"22",
                "proto":"tcp",
                "target":"DNAT"

          }

        ]

    }


GET /cgi-bin/luci/sdewan/firewall/v1/redirects/{redirect-name}

...

Request: N/A

  • Request Parameters

    NameInTypeDescription
    redirect-namepathstringredirect name


Response

  • Normal response codes: 200
  • Error response code: 404

  • Response Parameters

    NameInTypeDescription
    namebodystring(Required) forwarding name
    srcbodystring(Required for DNAT) traffic source zone
    src_ipbodystringMatch incoming traffic from the specified source ip address.
    src_dipbodystring(Required for SNAT) For DNAT, match incoming traffic directed at the given destination ip address. For SNAT rewrite the source address to the given address.
    src_macbody string Match incoming traffic from the specified mac address
    src_port body port or range Match incoming traffic originating from the given source port or port range on the client host.
    src_dport body port or range For DNAT, match incoming traffic directed at the given destination port or port range on this host. For SNAT rewrite the source ports to the given value.  
    proto body string Match incoming traffic using the given protocol. Can be one of tcp, udp, tcpudp, udplite, icmp, esp, ah, sctp, or all 
    dest body string Specifies the traffic destination zone. Must refer to one of the defined zone names
    dest_ip body string For DNAT, redirect matches incoming traffic to the specified internal host. For SNAT, it matches traffic directed at the given address.  
    dest_port bodyport or range For DNAT, redirect matched incoming traffic to the given port on the internal host. For SNAT, match traffic directed at the given ports. 
    mark body string match traffic against the given firewall mark 
    target body string (Required) NAT target: SNAT, DNAT
    family body string Protocol family (ipv4, ipv6 or any) to generate iptables rules for 


  • Response Example


    {

        "name":"DNAT-LAN",
        "src":"wan",
        "src_dport":"19900",
        "dest":"lan",
        "dest_ip":"192.168.1.1",
        "dest_port":"22",
        "proto":"tcp",
        "target":"DNAT"

    }


POST /cgi-bin/luci/sdewan/firewall/v1/redirects

...

Request:

  • Request Parameters:

    NameInTypeDescription
    redirect-namepathstringredirect name
    {other params}body
    		same with GET response


  • Request Example


    {

        "src":"wan",
        "src_dport":"19900",
        "dest":"lan",
        "dest_ip":"192.168.1.1",
        "dest_port":"22",
        "proto":"tcp",
        "target":"DNAT"

    }


Response

  • Normal response codes: 204
  • Error response codes: 400, 401, 404

...

Request:

  • Request Parameters

    NameInTypeDescription
    redirect-namepathstringredirect name


Response

  • Normal response codes: 200
  • Error response codes: 401, 404

...

  • Normal response codes: 200

  • Response Parameters

    NameInTypeDescription
    rulesbodyarraya list of defined rules


  • Response Example


    {
        "rules": [

           {

               "name":"REJECT_LAN_80"

               "src":"lan",

               "src_ip": "192.168.1.2",

               "src_port": "80",

               "proto":"tcp",

               "target":"REJECT"

          }

        ]

    }


GET /cgi-bin/luci/sdewan/firewall/v1/rules/{rule-name}

...

Request: N/A

  • Request Parameters

    NameInTypeDescription
    rule-namepathstringrule name


Response

  • Normal response codes: 200
  • Error response code: 404

  • Response Parameters

    NameInTypeDescription
    namebodystring(Required) rule name
    srcbodystring(Required) traffic source zone
    src_ipbodystringMatch incoming traffic from the specified source ip address
    src_macbodystringMatch incoming traffic from the specified mac address
    src_port body port or range Match incoming traffic from the specified source port or port range
    proto body string Match incoming traffic using the given protocol. Can be one of tcp, udp, tcpudp, udplite, icmp, esp, ah, sctp, or all  
    icmp_type body string For protocol icmp select specific icmp types to match. 
    dest body string traffic destination zone. Must refer to one of the defined zone names, or * for any zone 
    dest_ip body string Match incoming traffic directed to the specified destination ip address 
    dest_port body port or range Match incoming traffic directed at the given destination port or port range 
    mark body string If specified, match traffic against the given firewall mark 
    target body string (Required) Firewall action (ACCEPT, REJECT, DROP, MARK, NOTRACK) for matched traffic
    set_mark body string Zeroes out the bits given by mask and ORs value into the packet mark. 
    set_xmark body string Zeroes out the bits given by mask and XORs value into the packet mark 
    family body string Protocol family (ipv4, ipv6 or any) to generate iptables rules for 
    extra body string Extra arguments to pass to iptables. Useful mainly to specify additional match options, such as -m policy --dir in for IPsec. 


  • Response Example


    {

           "name":"REJECT_LAN_80"

           "src":"lan",

           "src_ip": "192.168.1.2",

           "src_port": "80",

           "proto":"tcp",

           "target":"REJECT"

    }


POST /cgi-bin/luci/sdewan/firewall/v1/rules

...

Request:

  • Request Parameters:

    NameInTypeDescription
    rule-namepathstringrule name
    {other params}body
    		same with GET response


  • Request Example


    {

           "src":"lan",

           "src_ip": "192.168.1.2",

           "src_port": "80",

           "proto":"tcp",

           "target":"REJECT"

    }


Response

  • Normal response codes: 204
  • Error response codes: 400, 401, 404

...

Request:

  • Request Parameters

    NameInTypeDescription
    rule-namepathstringrule name


Response

  • Normal response codes: 200
  • Error response codes: 401, 404

...