637809c663
* feat: support Zone-Based Firewalls * chore: add usage example of zone-based firewall * chore: add note to readme to support unifi controller v2 * fix: invalid path for reordering firewall zone policies
58 lines
2.6 KiB
JSON
58 lines
2.6 KiB
JSON
{
|
|
"action": "ALLOW|BLOCK|REJECT",
|
|
"connection_state_type": "ALL|RESPOND_ONLY|CUSTOM",
|
|
"connection_states": ["ESTABLISHED|NEW|RELATED|INVALID"],
|
|
"enabled": "true|false",
|
|
"predefined": "true|false",
|
|
"name": "",
|
|
"description": "",
|
|
"destination": {
|
|
"app_category_ids": [""],
|
|
"app_ids": [""],
|
|
"ips": ["^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$"],
|
|
"match_mac": "true|false",
|
|
"match_opposite_ips": "true|false",
|
|
"match_opposite_ports": "true|false",
|
|
"matching_target": "ANY|APP|APP_CATEGORY|IP|REGION|WEB",
|
|
"matching_target_type": "ANY|OBJECT|SPECIFIC",
|
|
"port": "^[0-9][0-9]?$|^",
|
|
"port_group_id": "",
|
|
"port_matching_type": "ANY|SPECIFIC|OBJECT",
|
|
"regions": [""],
|
|
"web_domains": [""],
|
|
"zone_id": ""
|
|
},
|
|
"index": "^[0-9][0-9]?$|^",
|
|
"ip_version": "BOTH|IPV4|IPV6",
|
|
"logging": "true|false",
|
|
"match_ip_sec": "true|false",
|
|
"match_ip_sec_type": "MATCH_IP_SEC|MATCH_NON_IP_SEC",
|
|
"match_opposite_protocol": "true|false",
|
|
"protocol": "all|tcp_udp|tcp|udp|ah|dccp|eigrp|esp|gre|icmp|icmpv6|igmp|igp|ip|ipcomp|ipip|ipv6|isis|l2tp|manet|mobility-header|mpls-in-ip|number|ospf|pim|pup|rdp|rohc|rspf|rcvp|sctp|shim6|skip|st|vmtp|vrrp|wesp|xtp",
|
|
"schedule": {
|
|
"mode": "ALWAYS|EVERY_DAY|EVERY_WEEK|ONE_TIME_ONLY|CUSTOM",
|
|
"date": "^$|^(20[0-9]{2})-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])$",
|
|
"date_end": "^$|^(20[0-9]{2})-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])$",
|
|
"date_start": "^$|^(20[0-9]{2})-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])$",
|
|
"repeat_on_days": ["mon|tue|wed|thu|fri|sat|sun"],
|
|
"time_range_end": "^[0-9][0-9]:[0-9][0-9]$",
|
|
"time_range_start": "^[0-9][0-9]:[0-9][0-9]$",
|
|
"time_all_day": "true|false"
|
|
},
|
|
"source": {
|
|
"client_macs": ["^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$"],
|
|
"ips": ["^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$"],
|
|
"mac": "^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$",
|
|
"match_mac": "true|false",
|
|
"match_opposite_ports": "true|false",
|
|
"match_opposite_ips": "true|false",
|
|
"match_opposite_networks": "true|false",
|
|
"matching_target": "ANY|CLIENT|NETWORK|IP|MAC",
|
|
"matching_target_type": "OBJECT|SPECIFIC",
|
|
"network_ids": [""],
|
|
"port": "^[0-9][0-9]?$|^",
|
|
"port_group_id": "",
|
|
"port_matching_type": "ANY|SPECIFIC|OBJECT",
|
|
"zone_id": ""
|
|
}
|
|
} |