Help Entry Enter the port or ports you wish to add to the firewall. You can enter port ranges as well, ex: 1234-1236.
Yes
tcp_flow_in
string
Example Values open, closed
Yes
tcp_flow_out
string
Example Values open, closed
Yes
udp_flow_in
string
Example Values open, closed
Yes
udp_flow_out
string
Example Values open, closed
Yes
cascade_to_nodes
integer
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values 1
No
Action: restartOnNode (Added in version 4.3.0-290)
Restarts the service on a specific node (Clustering only).
Input Parameters
Name
Type
Notes
Required?
node_id
string
No*
* indicates that it's actually required, but probably already has a valid default value
Action: start (Added in version 4.2.0-260)
Starts the service.
Input Parameters
Name
Type
Notes
Required?
cascade_to_nodes
integer
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values 1
No
Action: startOnBoot
Set the firewall start-on-boot status.
Input Parameters
Name
Type
Notes
Required?
startonboot
integer
Example Values 1, 0
Example Default Value 0
No*
cascade_to_nodes
integer
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values 1
No
* indicates that it's actually required, but probably already has a valid default value
Action: startOnNode (Added in version 4.3.0-290)
Starts the service on a specific node (Clustering only).
Input Parameters
Name
Type
Notes
Required?
node_id
string
No*
* indicates that it's actually required, but probably already has a valid default value
Action: stop (Added in version 4.2.0-260)
Stops the service.
Input Parameters
Name
Type
Notes
Required?
cascade_to_nodes
integer
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values 1
No
Action: stopOnNode (Added in version 4.3.0-290)
Stops the service on a specific node (Clustering only).
Input Parameters
Name
Type
Notes
Required?
node_id
string
No*
* indicates that it's actually required, but probably already has a valid default value
Action: updateConfig
Update basic firewall configuration.
Input Parameters
Name
Type
Notes
Required?
debug_mode
integer
Help Entry When debug mode is enabled, all firewall rules are flushed every 5 minutes to prevent being locked out of the server due to a firewall misconfiguration.
Example Values 1, 0
Example Default Value 0
No*
default_tos
integer
Help Entry Defines the default type of service.
Example Values 4, 8, 16
Example Default Value 4
No*
tcp_drop_policy
string
Help Entry Defines how to handle TCP packet filtering. 'Reset' sends a tcp-reset message, 'Drop' silently drops the packet, 'Reject' rejects the packet.
Example Values RESET, DROP, REJECT
Example Default Value DROP
No*
udp_drop_policy
string
Help Entry Defines how to handle UDP packet filtering. 'Reset' sends an icmp-port-unreachable message, 'Drop' will silently drop the packet, 'Reject' will reject the packet, and 'Prohibit' will send an icmp-host-prohibited message.
Example Values RESET, DROP, REJECT, PROHIBIT
Example Default Value DROP
No*
block_multicast
integer
Help Entry Defines if the firewall should block multicast traffic.
Example Values 1, 0
Example Default Value 0
No*
block_private_network
integer
Help Entry Defines if the firewall should block all private ipv4 addresses (reserved address space, generally unroutable on the internet). If the server sites behind a NAT or other routing setup that would make use of private addressing, leave this option 'Off'.
Example Values 1, 0
Example Default Value 0
No*
max_sessions
integer
Help Entry Defines the maximum number of connection tracking entries that can be handled by the firewall simultaneously.
Example Default Value 34576
No*
sysctl_tcp
integer
Help Entry Enables or Disables sysctl hook changes to harden the kernel from certain network-based attacks.
Example Values 1, 0
Example Default Value 1
No*
if
string
Help Entry All traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interface.
Example Values eth0, sit0
Example Default Value eth0
No*
tifs
struct (string)
Help Entry All traffic on defined interface(s) will bypass ALL firewall rules.
Example Values eth0, sit0
No
cascade_to_nodes
integer
Help Entry Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
Example Values 1
No
* indicates that it's actually required, but probably already has a valid default value
Controller: Firewall
Action: addPort (Added in version 4.2.0-263)
Add a port to the firewall configuration.
Input Parameters
Enter the port or ports you wish to add to the firewall. You can enter port ranges as well, ex: 1234-1236.
open, closed
open, closed
open, closed
open, closed
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
1
Action: allowDenyIps
Set firewall ip address allow and deny lists.
Input Parameters
Action: delete
Delete firewall port configuration.
Input Parameters
21, 22, 25, 80, 110, 143, 443, 993, 995, 2080, 2443, 3306, 50000_51000, 20, 53, 123
Action: isRunning (Added in version 4.2.0-260)
Checks if the service is running or not.
Example Output
Action: isRunningOnNode (Added in version 4.3.0-290)
Checks if the service is running on a specific node (Clustering only).
Input Parameters
Action: listGeneralName (Added in version 4.2.0-260)
Lists the "normal" name - ie "web server" instead of "httpd".
Example Output
Action: listPortNumbers (Added in version 4.2.0-260)
Lists a string of the port numbers that this service uses, comma-seperated.
Example Output
Action: listPortNumbersArray (Added in version 4.2.0-260)
Lists array of port numbers and ranges that this service uses.
Example Output
array ( 'status' => 0, 'payload' => array ( 0 => '##LG_NOT_APPLICABLE##', ), )Action: listRequiredPermissions (Added in version 4.2.0-260)
Lists an array of permissions required to control the service.
Example Output
array ( 'status' => 0, 'payload' => array ( 0 => 'FIREWALL', ), )Action: listServiceInfo (Added in version 4.2.0-260)
Lists the service name, ports, page, and status.
Example Output
array ( 'status' => 0, 'payload' => array ( 'id' => 'apf', 'name' => '##LG_FIREWALL##', 'ports' => '##LG_NOT_APPLICABLE##', 'page' => '/nodeworx/firewall', 'ctrl' => '/nodeworx/firewall', 'is_running' => 0, ), )Action: listServiceName (Added in version 4.2.0-260)
Lists the service name - ie "httpd" instead of "web server".
Example Output
Action: listServicePage (Added in version 4.2.0-260)
Lists the page that controls the service.
Example Output
Action: restart (Added in version 4.2.0-260)
Restarts the service.
Input Parameters
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
1
Action: restartOnNode (Added in version 4.3.0-290)
Restarts the service on a specific node (Clustering only).
Input Parameters
Action: start (Added in version 4.2.0-260)
Starts the service.
Input Parameters
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
1
Action: startOnBoot
Set the firewall start-on-boot status.
Input Parameters
1, 0
0
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
1
Action: startOnNode (Added in version 4.3.0-290)
Starts the service on a specific node (Clustering only).
Input Parameters
Action: stop (Added in version 4.2.0-260)
Stops the service.
Input Parameters
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
1
Action: stopOnNode (Added in version 4.3.0-290)
Stops the service on a specific node (Clustering only).
Input Parameters
Action: updateConfig
Update basic firewall configuration.
Input Parameters
When debug mode is enabled, all firewall rules are flushed every 5 minutes to prevent being locked out of the server due to a firewall misconfiguration.
1, 0
0
Defines the default type of service.
4, 8, 16
4
Defines how to handle TCP packet filtering. 'Reset' sends a tcp-reset message, 'Drop' silently drops the packet, 'Reject' rejects the packet.
RESET, DROP, REJECT
DROP
Defines how to handle UDP packet filtering. 'Reset' sends an icmp-port-unreachable message, 'Drop' will silently drop the packet, 'Reject' will reject the packet, and 'Prohibit' will send an icmp-host-prohibited message.
RESET, DROP, REJECT, PROHIBIT
DROP
Defines if the firewall should block multicast traffic.
1, 0
0
Defines if the firewall should block all private ipv4 addresses (reserved address space, generally unroutable on the internet). If the server sites behind a NAT or other routing setup that would make use of private addressing, leave this option 'Off'.
1, 0
0
Defines the maximum number of connection tracking entries that can be handled by the firewall simultaneously.
34576
Enables or Disables sysctl hook changes to harden the kernel from certain network-based attacks.
1, 0
1
All traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interface.
eth0, sit0
eth0
All traffic on defined interface(s) will bypass ALL firewall rules.
eth0, sit0
Selecting this option causes the action to be replayed on all nodes of the cluster automatically, as if you had logged in to each node manually
1