Firewall API Reference
This document covers the REST API endpoints for managing firewall sets, rules, instance associations, and external IP sets.
Note: This API must be enabled on your account before use. It is designed to support allow-list and block-list configurations and is not intended to serve as a complete firewall solution. For full firewall protection, continue to use a dedicated firewall application. Contact your account manager to enable the API.
Firewall Sets
Firewall sets are logical groupings that define collections of firewall rules.
List All Firewall Sets
- GET
/api/firewall/sets
Retrieve a list of firewall sets.
Get a Specific Firewall Set
- GET
/api/firewall/sets/{firewall_set_id}
Retrieve details for a specific firewall set.
Create a Firewall Set
- POST
/api/firewall/sets
{
"name": "Example Firewall Set",
"description": "test",
"enabled": 1
}
Update a Firewall Set
- PUT/PATCH
/api/firewall/sets/{firewall_set_id}
Delete a Firewall Set
- DELETE
/api/firewall/sets/{firewall_set_id}
Enable a Firewall Set
- PUT
/api/firewall/sets/{firewall_set_id}/enable
Enable a firewall set with immediate effect.
Disable a Firewall Set
- PUT
/api/firewall/sets/{firewall_set_id}/disable
Disable a firewall set with immediate effect.
Sync Firewall Set Rules
- POST
/api/firewall/sets/{firewall_set_id}/vm/sync-all
Immediately update the firewall configuration on all attached VMs to reflect the current rules.
Firewall Rules
Rules determine network traffic behavior based on defined criteria.
List Rules in a Set
- GET
/api/firewall/sets/{firewall_set_id}/rules
Get a Specific Rule
- GET
/api/firewall/sets/{firewall_set_id}/rules/{firewall_rule_id}
Create a Rule
- POST
/api/firewall/sets/{firewall_set_id}/rules
Allow HTTP between specific networks:
{
"ip_version": "IPv4",
"direction": "IN",
"action": "ACCEPT",
"enabled": 1,
"match_criteria": {
"source_net": [
"192.168.1.0/24"
],
"destination_net": [
"10.0.0.0/16"
],
"protocol": "tcp",
"source_port_start": 0,
"source_port_end": 65535,
"destination_port_start": 80,
"destination_port_end": 80
},
"admin_comment": "HTTP allow list",
"rule_priority": 1
}
Drop ICMP echo requests:
{
"ip_version": "IPv4",
"direction": "IN",
"action": "DROP",
"enabled": 1,
"match_criteria": {
"protocol": "icmp",
"options": {
"icmp_type": "echo-request"
}
},
"admin_comment": "Block ICMP echo request",
"rule_priority": 2
}
Update a Rule
- PUT/PATCH
/api/firewall/{firewall_set_id}/{firewall_rule_id}
Delete a Rule
- DELETE
/api/firewall/{firewall_set_id}/rules/{firewall_rule_id}
Reorder Rules
- POST
/api/firewall/{firewall_set_id}/rules/re-order
Change the execution order of a firewall rule:
{
"move_id": 53,
"before_id": 58,
"after_id": null
}
Instance Associations
Associations link firewall sets to virtual machines.
List VMs for a Firewall Set
- GET
/api/firewall/sets/{firewall_set_id}/vm-list
List the virtual machines associated with a firewall set.
List Firewall Sets for a VM
- GET
/api/firewall/sets/vm/{mbpkgid}/related
List the firewall sets associated with a virtual machine.
Attach a Firewall Set to VMs
- POST
/api/firewall/sets/{firewall_set_id}/vm/attach
{
"vm_list": [
{
"mbpkgid": 103,
"set_priority": 0
}
]
}
Detach a Firewall Set from a VM
- POST
/api/firewall/sets/{firewall_set_id}/vm/detach/{mbpkgid}
Detach All VMs
- POST
/api/firewall/sets/{firewall_set_id}/vm/detach-all
Remove all virtual machine attachments from a firewall set.
External IP Sets
External IP sets are live references to external allow/blocklist IP set resources.
Note: External IP sets are a managed feature. Read access is available via the API for routine validation of IP set configuration and status. Contact support for any change requests related to adding, editing, or removing a managed set from your firewall.
List External IP Sets
- GET
/api/firewall/external-ipsets
List the external IP sets available to your account.
Get a Specific External IP Set
- GET
/api/firewall/external-ipsets/{firewall_external_ipset_id}
Retrieve the details of a specific external IP set.
Need Help?
Contact support@netactuate.com or open a support ticket from the portal.