Controller: /nodeworx/firewall ============================== :Required Permissions: FIREWALL Action: ``addPort`` ------------------- :Added in Version: 4.7.0-339 :Description: Add a port to the firewall configuration. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``port`` - string - Yes - - - Enter the port or ports you wish to add to the firewall. You can enter port ranges as well, ex: 1234-1236. * - ``tcp_flow_in`` - string - Yes - open, closed - - * - ``tcp_flow_out`` - string - Yes - open, closed - - * - ``udp_flow_in`` - string - Yes - open, closed - - * - ``udp_flow_out`` - string - Yes - open, closed - - * - ``cascade_to_nodes`` - integer - No - 1 - - Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Action: ``allowDenyIps`` ------------------------ :Added in Version: 4.7.0-339 :Description: Set firewall ip address allow and deny lists. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``trusted_ips`` - struct (string) - No - - {"209.87.159.14":"209.87.159.14"} - The IP addresses for license.interworx.info (207.32.181.150 & 209.87.159.14) must be present for proper function of the InterWorx license authentication system. * - ``blocked_ips`` - struct (string) - No - - - Action: ``delete`` ------------------ :Added in Version: 4.7.0-339 :Description: Delete firewall port configuration. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``ports`` - struct (string) - Yes - 21, 22, 24, 25, 80, 110, 143, 443, 993, 995, 2080, 2443, 3306, 50000_51000, 587, 20, 53, 123 - - Action: ``fail`` ---------------- :Added in Version: 4.7.0-339 :Description: Magic function - test for failure mechanism. Action: ``ipv6Settings`` ------------------------ :Added in Version: 5.0.14-579 :Description: Controls how IPv6 Settings are handled when restarting the firewall. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``ip6tables_status`` - string - No* - off, manual, managed - manual - * - ``icmp6_control`` - string - No* - default, managed - managed - * - ``cascade_to_nodes`` - integer - No - 1 - - Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually \* indicates that it's actually required, but probably already has a valid default value. Action: ``isRunning`` --------------------- :Added in Version: 4.7.0-339 :Description: Checks if the service is running or not. Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => true, 'reply_code' => 205, ) Action: ``isRunningOnNode`` --------------------------- :Added in Version: 4.7.0-339 :Description: Checks if the service is running on a specific node (Clustering only). Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``node_id`` - string - No* - - - \* indicates that it's actually required, but probably already has a valid default value. Action: ``listGeneralName`` --------------------------- :Added in Version: 4.7.0-339 :Description: Lists the "normal" name - ie "web server" instead of "httpd". Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => '##LG_FIREWALL##', 'reply_code' => 205, ) Action: ``listPortNumbers`` --------------------------- :Added in Version: 4.7.0-339 :Description: Lists a string of the port numbers that this service uses, comma-seperated. Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => '##LG_NOT_APPLICABLE##', 'reply_code' => 205, ) Action: ``listPortNumbersArray`` -------------------------------- :Added in Version: 4.7.0-339 :Description: Lists array of port numbers and ranges that this service uses. Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => array ( 0 => '##LG_NOT_APPLICABLE##', ), 'reply_code' => 205, ) Action: ``listRequiredPermissions`` ----------------------------------- :Added in Version: 4.7.0-339 :Description: Lists an array of permissions required to control the service. Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => array ( 0 => 'FIREWALL', ), 'reply_code' => 205, ) Action: ``listServiceInfo`` --------------------------- :Added in Version: 4.7.0-339 :Description: Lists the service name, ports, page, and status. Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => array ( 'id' => 'apf', 'name' => '##LG_FIREWALL##', 'ports' => '##LG_NOT_APPLICABLE##', 'page' => '/nodeworx/firewall', 'ctrl' => '/nodeworx/firewall', 'is_running' => 1, ), 'reply_code' => 205, ) Action: ``listServiceName`` --------------------------- :Added in Version: 4.7.0-339 :Description: Lists the service name - ie "httpd" instead of "web server". Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => 'apf', 'reply_code' => 205, ) Action: ``listServicePage`` --------------------------- :Added in Version: 4.7.0-339 :Description: Lists the page that controls the service. Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => '/nodeworx/firewall', 'reply_code' => 205, ) Action: ``queryAllowDenyIps`` ----------------------------- :Added in Version: 5.1.0-838 :Description: Displays the information available to the action "allowDenyIps". Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => array ( 'trusted_ips' => array ( '209.87.159.14' => '209.87.159.14', ), 'blocked_ips' => array ( ), ), 'reply_code' => 205, ) Action: ``queryIpv6Settings`` ----------------------------- :Added in Version: 5.1.0-838 :Description: Displays the information available to the action "ipv6Settings". Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => array ( 'ip6tables_status' => 'manual', 'icmp6_control' => 'managed', ), 'reply_code' => 205, ) Action: ``queryPortAccess`` --------------------------- :Added in Version: 5.0.14-579 :Description: Query firewall port options. Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => array ( 0 => array ( 'service' => 'ftp-data', 'port' => 20, 'tcp_in' => 'closed', 'tcp_out' => 'closed', 'udp_in' => 'open', 'udp_out' => 'open', ), 1 => array ( 'service' => 'ftp', 'port' => 21, 'tcp_in' => 'open', 'tcp_out' => 'closed', 'udp_in' => 'open', 'udp_out' => 'open', ), 2 => array ( 'service' => 'ssh', 'port' => 22, 'tcp_in' => 'open', 'tcp_out' => 'open', 'udp_in' => 'closed', 'udp_out' => 'closed', ), ), 'reply_code' => 205, ) Action: ``queryUpdateConfig`` ----------------------------- :Added in Version: 5.1.0-838 :Description: Displays the information available to the action "updateConfig". Sample Output ^^^^^^^^^^^^^ .. code-block:: array ( 'status' => 0, 'payload' => array ( 'version' => '1.7.6 (APF)', 'debug_mode' => '0', 'default_tos' => '4', 'tcp_drop_policy' => 'DROP', 'udp_drop_policy' => 'DROP', 'block_multicast' => '0', 'block_private_network' => '0', 'set_egress_filter' => '0', 'max_sessions' => '34576', 'sysctl_tcp' => '1', 'if' => 'eth0', 'tifs' => array ( ), ), 'reply_code' => 205, ) Action: ``reroute`` ------------------- :Added in Version: 4.7.0-339 :Description: Action to re-route from the current controller to a different one. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``controller`` - string - Yes - Index, Overview, Users, Lang, Apikey, Plugins, Twofactorauth, Notice, Siteworx, Shell, Packages, Backup, Import, Softaculous, Reseller, ResellerPackages, ResellerBandwidthhistory, Http, Phpextensions, Ftp, Sshd, MailMta, MailSmtp, MailSmtp2, MailSend, MailMda, MailMsa, MailDovecot, MailSpam, MailVirus, MailMailman, MailQueue, Mysql, MysqlRemote, MysqlPhpmyadmin, Dns, DnsZone, DnsRecord, DnsSync, Nfs, NfsExport, NfsMount, Health, Cron, Firewall, Ssl, Logs, Settings, Updates, Rrd, ... - - Action: ``restart`` ------------------- :Added in Version: 4.7.0-339 :Description: Restart the service. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``cascade_to_nodes`` - integer - No - 1 - - Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Action: ``restartOnNode`` ------------------------- :Added in Version: 4.7.0-339 :Description: Restarts the service on a specific node (Clustering only). Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``node_id`` - string - No* - - - \* indicates that it's actually required, but probably already has a valid default value. Action: ``start`` ----------------- :Added in Version: 4.7.0-339 :Description: Start the service. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``cascade_to_nodes`` - integer - No - 1 - - Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Action: ``startOnBoot`` ----------------------- :Added in Version: 4.7.0-339 :Description: Set the firewall start-on-boot status. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``startonboot`` - integer - No* - 1, 0 - 0 - * - ``cascade_to_nodes`` - integer - No - 1 - - Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually \* indicates that it's actually required, but probably already has a valid default value. Action: ``startOnNode`` ----------------------- :Added in Version: 4.7.0-339 :Description: Starts the service on a specific node (Clustering only). Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``node_id`` - string - No* - - - \* indicates that it's actually required, but probably already has a valid default value. Action: ``stop`` ---------------- :Added in Version: 4.7.0-339 :Description: Stop the service. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``cascade_to_nodes`` - integer - No - 1 - - Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually Action: ``stopOnNode`` ---------------------- :Added in Version: 4.7.0-339 :Description: Stops the service on a specific node (Clustering only). Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``node_id`` - string - No* - - - \* indicates that it's actually required, but probably already has a valid default value. Action: ``update`` ------------------ :Added in Version: 4.7.0-339 :Description: Update a port in the firewall configuration. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``tcp_flow_in`` - string - No - none, open, closed - - * - ``tcp_flow_out`` - string - No - none, open, closed - - * - ``udp_flow_in`` - string - No - none, open, closed - - * - ``udp_flow_out`` - string - No - none, open, closed - - Action: ``updateConfig`` ------------------------ :Added in Version: 4.7.0-339 :Description: Update basic firewall configuration. Input Parameters ^^^^^^^^^^^^^^^^^ .. list-table:: :widths: auto :header-rows: 1 * - Name - Type - Required? - Example Values - Default Values - Notes * - ``debug_mode`` - integer - No* - 1, 0 - 0 - When debug mode is enabled, all firewall rules are flushed every 5 minutes to prevent being locked out of the server due to a firewall misconfiguration. * - ``default_tos`` - integer - No* - 4, 8, 16 - 4 - Defines the default type of service. * - ``tcp_drop_policy`` - string - No* - RESET, DROP, REJECT - DROP - Defines how to handle TCP packet filtering. 'Reset' sends a tcp-reset message, 'Drop' silently drops the packet, and 'Reject' rejects the packet. * - ``udp_drop_policy`` - string - No* - RESET, DROP, REJECT, PROHIBIT - DROP - Defines how to handle UDP packet filtering. 'Reset' sends an icmp-port-unreachable message, 'Drop' will silently drop the packet, 'Reject' will reject the packet, and 'Prohibit' will send an icmp-host-prohibited message. * - ``block_multicast`` - integer - No* - 1, 0 - 0 - Defines if the firewall should block multicast traffic. * - ``block_private_network`` - integer - No* - 1, 0 - 0 - Defines if the firewall should block all private ipv4 addresses (reserved address space, generally unroutable on the internet). If the server sites behind a NAT or other routing setup that would make use of private addressing, leave this option 'Off'. * - ``set_egress_filter`` - integer - No* - 1, 0 - 0 - Outbound (egress) filtering provides full outbound packet filtering. NOTE: Port specific outbound rules will not apply if this setting is off. * - ``max_sessions`` - integer - No* - - 34576 - Defines the maximum number of connection tracking entries that can be handled by the firewall simultaneously. * - ``sysctl_tcp`` - integer - No* - 1, 0 - 1 - Enables or Disables sysctl hook changes to harden the kernel from certain network-based attacks. * - ``if`` - string - No* - eth0 - eth0 - All traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interface. * - ``tifs`` - struct (string) - No - eth0 - - All traffic on defined interface(s) will bypass ALL firewall rules. * - ``cascade_to_nodes`` - integer - No - 1 - - Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually \* indicates that it's actually required, but probably already has a valid default value. Action: ``win`` --------------- :Added in Version: 4.7.0-339 :Description: Magic function - test for testing success mechanism.