New API for network rules: network_address_aliases_get / filter_rules…

…_get --- - Returns address aliaes used by rules. - HTTP: **GET** - Params: none *Example Request* ```bash curl \ -X GET \ --silent \ --insecure \ --header "fauxapi-auth: <auth-value>" \ "https://<host-address>/fauxapi/v1/?action=network_address_aliases_get" ``` *Example Response* ```javascript { "callid": "5e205fc052956", "action": "network_address_aliases_get", "message": "ok", "data": { "aliases": { "alias": [ { "name": "EasyRuleBlockHostsWAN", "type": "network", "address": "1.2.3.4/32 5.6.7.8/32", "descr": "Hosts blocked from Firewall Log view", "detail": "Entry added Fri, 27 Dec 2019 00:53:01 -0800||\u5df2\u6dfb\u52a0\u6761\u76ee Thu, 16 Jan 2020 03:42:37 -0800" } ] } } } ``` --- - Returns address aliaes used by rules. - HTTP: **GET** - Params: none *Example Request* ```bash curl \ -X GET \ --silent \ --insecure \ --header "fauxapi-auth: <auth-value>" \ "https://<host-address>/fauxapi/v1/?action=filter_rules_get" ``` *Example Response* ```javascript { "callid": "5e2060797a602", "action": "filter_rules_get", "message": "ok", "data": { "filter": { "rules": [ { "id": "", "tracker": "1579178400", "type": "pass", "interface": "wan", "ipprotocol": "inet", "tag": "", "tagged": "", "max": "", "max-src-nodes": "", "max-src-conn": "", "max-src-states": "", "statetimeout": "", "statetype": "keep state", "os": "", "protocol": "tcp", "source": { "address": "1.2.1.1" }, "destination": { "any": "", "port": "1-65535" }, "descr": "", "updated": { "time": "1579178400", "username": "[email protected] (Local Database)" }, "created": { "time": "1579178400", "username": "[email protected] (Local Database)" } }, { "type": "block", "interface": "wan", "ipprotocol": "inet", "source": { "address": "EasyRuleBlockHostsWAN" }, "destination": { "any": "" }, "descr": "Easy Rule: Blocked from Firewall Log View", "created": { "time": "1577436781", "username": "Easy Rule" }, "tracker": "1577436781" }, { "type": "drop", "ipprotocol": "inet", "descr": "Default allow LAN to any rule", "interface": "lan", "source": { "network": "lan" }, "destination": { "ip": "192.10.1.1" } } ] } } } ``` Signed-off-by: lilinzhe <[email protected]>
ndejong · Jan 16, 2020 · e9b5756 · e9b5756
1 parent 74964de
commit e9b5756
Show file tree

Hide file tree

Showing 3 changed files with 200 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -23,6 +23,7 @@ tasks feasible.
  - [send_event](#user-content-send_event) - Performs a pfSense "send_event" command to cause various pfSense system actions.
  - [system_reboot](#user-content-system_reboot) - Reboots the pfSense system.
  - [system_stats](#user-content-system_stats) - Returns various useful system stats.
+ - [network_address_aliases_get](#user-content-network_address_aliases_get) - Returns address aliaes used by rules.
 
 
 ## Approach
@@ -869,6 +870,135 @@ curl \
 }
 ```
 ---
+### network_address_aliases_get
+ - Returns address aliaes used by rules.
+ - HTTP: **GET**
+ - Params: none
+
+*Example Request*
+```bash
+curl \
+    -X GET \
+    --silent \
+    --insecure \
+    --header "fauxapi-auth: <auth-value>" \
+    "https://<host-address>/fauxapi/v1/?action=network_address_aliases_get"
+```
+
+*Example Response*
+```javascript
+{
+    "callid": "5e205fc052956",
+    "action": "network_address_aliases_get",
+    "message": "ok",
+    "data": {
+        "aliases": {
+            "alias": [
+                {
+                    "name": "EasyRuleBlockHostsWAN",
+                    "type": "network",
+                    "address": "1.2.3.4/32 5.6.7.8/32",
+                    "descr": "Hosts blocked from Firewall Log view",
+                    "detail": "Entry added Fri, 27 Dec 2019 00:53:01 -0800||\u5df2\u6dfb\u52a0\u6761\u76ee Thu, 16 Jan 2020 03:42:37 -0800"
+                }
+            ]
+        }
+    }
+}
+```
+---
+### filter_rules_get
+ - Returns address aliaes used by rules.
+ - HTTP: **GET**
+ - Params: none
+
+*Example Request*
+```bash
+curl \
+    -X GET \
+    --silent \
+    --insecure \
+    --header "fauxapi-auth: <auth-value>" \
+    "https://<host-address>/fauxapi/v1/?action=filter_rules_get"
+```
+
+*Example Response*
+```javascript
+{
+    "callid": "5e2060797a602",
+    "action": "filter_rules_get",
+    "message": "ok",
+    "data": {
+        "filter": {
+            "rules": [
+                {
+                    "id": "",
+                    "tracker": "1579178400",
+                    "type": "pass",
+                    "interface": "wan",
+                    "ipprotocol": "inet",
+                    "tag": "",
+                    "tagged": "",
+                    "max": "",
+                    "max-src-nodes": "",
+                    "max-src-conn": "",
+                    "max-src-states": "",
+                    "statetimeout": "",
+                    "statetype": "keep state",
+                    "os": "",
+                    "protocol": "tcp",
+                    "source": {
+                        "address": "1.2.1.1"
+                    },
+                    "destination": {
+                        "any": "",
+                        "port": "1-65535"
+                    },
+                    "descr": "",
+                    "updated": {
+                        "time": "1579178400",
+                        "username": "[email protected] (Local Database)"
+                    },
+                    "created": {
+                        "time": "1579178400",
+                        "username": "[email protected] (Local Database)"
+                    }
+                },
+                {
+                    "type": "block",
+                    "interface": "wan",
+                    "ipprotocol": "inet",
+                    "source": {
+                        "address": "EasyRuleBlockHostsWAN"
+                    },
+                    "destination": {
+                        "any": ""
+                    },
+                    "descr": "Easy Rule: Blocked from Firewall Log View",
+                    "created": {
+                        "time": "1577436781",
+                        "username": "Easy Rule"
+                    },
+                    "tracker": "1577436781"
+                },
+                {
+                    "type": "drop",
+                    "ipprotocol": "inet",
+                    "descr": "Default allow LAN to any rule",
+                    "interface": "lan",
+                    "source": {
+                        "network": "lan"
+                    },
+                    "destination": {
+                        "ip": "192.10.1.1"
+                    }
+                }
+            ]
+        }
+    }
+}
+```
+---
 
 ## Versions and Testing
 The FauxAPI has been developed against pfSense 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.3, 2.4.4 it has 

diff --git a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc
@@ -401,6 +401,54 @@ class fauxApiActions {
         );
         return TRUE;
     }
+
+    /**
+     * filter_rules_get()
+     * 
+     * @return boolean
+     */
+    public function filter_rules_get() {
+        fauxApiLogger::debug(__METHOD__);
+
+        $rules = $this->PfsenseInterface->filter_rules_get();
+
+        if (empty($rules)) {
+            $this->response->http_code = 500;
+            $this->response->message = 'unable to get filter rule(s)';
+            return FALSE;
+        }
+        $this->response->http_code = 200;
+        $this->response->message = 'ok';
+        $this->response->data = array(
+            'filter' => array(
+                'rules' => $rules
+            ),           
+        );
+        return TRUE;
+    }
+
+    /**
+     * address_aliases_get()
+     * 
+     * @return boolean
+     */
+    public function network_address_aliases_get() {
+        fauxApiLogger::debug(__METHOD__);
+
+        $alias = $this->PfsenseInterface->network_address_aliases_get();
+
+        if (empty($alias)) {
+            $this->response->http_code = 500;
+            $this->response->message = 'unable to get address aliases';
+            return FALSE;
+        }
+        $this->response->http_code = 200;
+        $this->response->message = 'ok';
+        $this->response->data = array(
+            'aliases' => $alias,      
+        );
+        return TRUE;
+    }
 
     /**
      * alias_update_urltables()

diff --git a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface.inc b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface.inc
@@ -719,6 +719,28 @@ class fauxApiPfsenseInterface {
         return \pfSense_get_interface_stats($interface);
     }
 
+    /**
+     * filter_rules_get()
+     * 
+     * @return array
+     */
+    public function filter_rules_get(){
+        global $config;
+        fauxApiLogger::debug(__METHOD__);
+        return $config["filter"]["rule"];
+    }
+
+    /**
+     * network_address_aliases_get()
+     * 
+     * @return array
+     */
+    public function network_address_aliases_get(){
+        global $config;
+        fauxApiLogger::debug(__METHOD__);
+        return $config["aliases"];
+    }
+
     /**
      * function_call()
      *