New API: network_address_aliases_get / filter_rules_get

slayercat · slayercat · commit e27c74092be3 · 2020-01-16T21:20:02.000+08:00
network_address_aliases_get
---
 - Returns address aliaes used by rules.
 - HTTP: **GET**
 - Params: none

*Example Request*
```bash
curl \
    -X GET \
    --silent \
    --insecure \
    --header "fauxapi-auth: &lt;auth-value&gt;" \
    "https://&lt;host-address&gt;/fauxapi/v1/?action=network_address_aliases_get"
```

*Example Response*
```javascript
{
    "callid": "5e205fc052956",
    "action": "network_address_aliases_get",
    "message": "ok",
    "data": {
        "aliases": {
            "alias": [
                {
                    "name": "EasyRuleBlockHostsWAN",
                    "type": "network",
                    "address": "1.2.3.4/32 5.6.7.8/32",
                    "descr": "Hosts blocked from Firewall Log view",
                    "detail": "Entry added Fri, 27 Dec 2019 00:53:01 -0800||\u5df2\u6dfb\u52a0\u6761\u76ee Thu, 16 Jan 2020 03:42:37 -0800"
                }
            ]
        }
    }
}
```

filter_rules_get
---
 - Returns address aliaes used by rules.
 - HTTP: **GET**
 - Params: none

*Example Request*
```bash
curl \
    -X GET \
    --silent \
    --insecure \
    --header "fauxapi-auth: &lt;auth-value&gt;" \
    "https://&lt;host-address&gt;/fauxapi/v1/?action=filter_rules_get"
```

*Example Response*
```javascript
{
    "callid": "5e2060797a602",
    "action": "filter_rules_get",
    "message": "ok",
    "data": {
        "filter": {
            "rules": [
                {
                    "id": "",
                    "tracker": "1579178400",
                    "type": "pass",
                    "interface": "wan",
                    "ipprotocol": "inet",
                    "tag": "",
                    "tagged": "",
                    "max": "",
                    "max-src-nodes": "",
                    "max-src-conn": "",
                    "max-src-states": "",
                    "statetimeout": "",
                    "statetype": "keep state",
                    "os": "",
                    "protocol": "tcp",
                    "source": {
                        "address": "1.2.1.1"
                    },
                    "destination": {
                        "any": "",
                        "port": "1-65535"
                    },
                    "descr": "",
                    "updated": {
                        "time": "1579178400",
                        "username": "admin@192.168.88.1 (Local Database)"
                    },
                    "created": {
                        "time": "1579178400",
                        "username": "admin@192.168.88.1 (Local Database)"
                    }
                },
                {
                    "type": "block",
                    "interface": "wan",
                    "ipprotocol": "inet",
                    "source": {
                        "address": "EasyRuleBlockHostsWAN"
                    },
                    "destination": {
                        "any": ""
                    },
                    "descr": "Easy Rule: Blocked from Firewall Log View",
                    "created": {
                        "time": "1577436781",
                        "username": "Easy Rule"
                    },
                    "tracker": "1577436781"
                },
                {
                    "type": "drop",
                    "ipprotocol": "inet",
                    "descr": "Default allow LAN to any rule",
                    "interface": "lan",
                    "source": {
                        "network": "lan"
                    },
                    "destination": {
                        "ip": "192.10.1.1"
                    }
                }
            ]
        }
    }
}
```

Signed-off-by: lilinzhe &lt;slayercat.subscription@gmail.com&gt;
diff --git a/README.md b/README.md
@@ -23,6 +23,8 @@ tasks feasible.
  - [send_event](#user-content-send_event) - Performs a pfSense "send_event" command to cause various pfSense system actions.
  - [system_reboot](#user-content-system_reboot) - Reboots the pfSense system.
  - [system_stats](#user-content-system_stats) - Returns various useful system stats.
+ - [network_address_aliases_get](#user-content-network_address_aliases_get) - Returns address aliaes used by rules.
+ - [filter_rules_get](#user-content-filter_rules_get) - Returns firewall filters.
 
 
 ## Approach
@@ -869,6 +871,135 @@ curl \
 }
 ```
 ---
+### network_address_aliases_get
+ - Returns address aliaes used by rules.
+ - HTTP: **GET**
+ - Params: none
+
+*Example Request*
+```bash
+curl \
+    -X GET \
+    --silent \
+    --insecure \
+    --header "fauxapi-auth: <auth-value>" \
+    "https://<host-address>/fauxapi/v1/?action=network_address_aliases_get"
+```
+
+*Example Response*
+```javascript
+{
+    "callid": "5e205fc052956",
+    "action": "network_address_aliases_get",
+    "message": "ok",
+    "data": {
+        "aliases": {
+            "alias": [
+                {
+                    "name": "EasyRuleBlockHostsWAN",
+                    "type": "network",
+                    "address": "1.2.3.4/32 5.6.7.8/32",
+                    "descr": "Hosts blocked from Firewall Log view",
+                    "detail": "Entry added Fri, 27 Dec 2019 00:53:01 -0800||\u5df2\u6dfb\u52a0\u6761\u76ee Thu, 16 Jan 2020 03:42:37 -0800"
+                }
+            ]
+        }
+    }
+}
+```
+---
+### filter_rules_get
+ - Returns firewall filters.
+ - HTTP: **GET**
+ - Params: none
+
+*Example Request*
+```bash
+curl \
+    -X GET \
+    --silent \
+    --insecure \
+    --header "fauxapi-auth: <auth-value>" \
+    "https://<host-address>/fauxapi/v1/?action=filter_rules_get"
+```
+
+*Example Response*
+```javascript
+{
+    "callid": "5e2060797a602",
+    "action": "filter_rules_get",
+    "message": "ok",
+    "data": {
+        "filter": {
+            "rules": [
+                {
+                    "id": "",
+                    "tracker": "1579178400",
+                    "type": "pass",
+                    "interface": "wan",
+                    "ipprotocol": "inet",
+                    "tag": "",
+                    "tagged": "",
+                    "max": "",
+                    "max-src-nodes": "",
+                    "max-src-conn": "",
+                    "max-src-states": "",
+                    "statetimeout": "",
+                    "statetype": "keep state",
+                    "os": "",
+                    "protocol": "tcp",
+                    "source": {
+                        "address": "1.2.1.1"
+                    },
+                    "destination": {
+                        "any": "",
+                        "port": "1-65535"
+                    },
+                    "descr": "",
+                    "updated": {
+                        "time": "1579178400",
+                        "username": "admin@192.168.88.1 (Local Database)"
+                    },
+                    "created": {
+                        "time": "1579178400",
+                        "username": "admin@192.168.88.1 (Local Database)"
+                    }
+                },
+                {
+                    "type": "block",
+                    "interface": "wan",
+                    "ipprotocol": "inet",
+                    "source": {
+                        "address": "EasyRuleBlockHostsWAN"
+                    },
+                    "destination": {
+                        "any": ""
+                    },
+                    "descr": "Easy Rule: Blocked from Firewall Log View",
+                    "created": {
+                        "time": "1577436781",
+                        "username": "Easy Rule"
+                    },
+                    "tracker": "1577436781"
+                },
+                {
+                    "type": "drop",
+                    "ipprotocol": "inet",
+                    "descr": "Default allow LAN to any rule",
+                    "interface": "lan",
+                    "source": {
+                        "network": "lan"
+                    },
+                    "destination": {
+                        "ip": "192.10.1.1"
+                    }
+                }
+            ]
+        }
+    }
+}
+```
+---
 
 ## Versions and Testing
 The FauxAPI has been developed against pfSense 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.3, 2.4.4 it has 
diff --git a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc
@@ -401,6 +401,54 @@ class fauxApiActions {
         );
         return TRUE;
     }
+
+    /**
+     * filter_rules_get()
+     * 
+     * @return boolean
+     */
+    public function filter_rules_get() {
+        fauxApiLogger::debug(__METHOD__);
+                
+        $rules = $this->PfsenseInterface->filter_rules_get();
+        
+        if (empty($rules)) {
+            $this->response->http_code = 500;
+            $this->response->message = 'unable to get filter rule(s)';
+            return FALSE;
+        }
+        $this->response->http_code = 200;
+        $this->response->message = 'ok';
+        $this->response->data = array(
+            'filter' => array(
+                'rules' => $rules
+            ),           
+        );
+        return TRUE;
+    }
+
+    /**
+     * address_aliases_get()
+     * 
+     * @return boolean
+     */
+    public function network_address_aliases_get() {
+        fauxApiLogger::debug(__METHOD__);
+                
+        $alias = $this->PfsenseInterface->network_address_aliases_get();
+        
+        if (empty($alias)) {
+            $this->response->http_code = 500;
+            $this->response->message = 'unable to get address aliases';
+            return FALSE;
+        }
+        $this->response->http_code = 200;
+        $this->response->message = 'ok';
+        $this->response->data = array(
+            'aliases' => $alias,      
+        );
+        return TRUE;
+    }
     
     /**
      * alias_update_urltables()
diff --git a/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface.inc b/pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface.inc
@@ -719,6 +719,28 @@ class fauxApiPfsenseInterface {
         return \pfSense_get_interface_stats($interface);
     }
     
+    /**
+     * filter_rules_get()
+     * 
+     * @return array
+     */
+    public function filter_rules_get(){
+        global $config;
+        fauxApiLogger::debug(__METHOD__);
+        return $config["filter"]["rule"];
+    }
+
+    /**
+     * network_address_aliases_get()
+     * 
+     * @return array
+     */
+    public function network_address_aliases_get(){
+        global $config;
+        fauxApiLogger::debug(__METHOD__);
+        return $config["aliases"];
+    }
+
     /**
      * function_call()
      * 
