├── FortigateApi.py
├── LICENSE.md
├── README.md
├── setup.cfg
└── setup.py
/FortigateApi.py:
--------------------------------------------------------------------------------
1 | # FortigateApi.py
2 | # access to fortigate rest api
3 | # David Chayla - nov 2016
4 | # v1
5 | # v1.2 django edition
6 | # v1.3 https enabled
7 | # v1.4 add http put method
8 | # v1.5 traffic shaper on fw policy
9 | # v1.6 add access to user local
10 | # v1.7 correction DelAllUserLocal
11 | # v1.8 creation method DelAllVPNipsec() + correction DelSystemAdmin()
12 | # v1.9 add AddFwAddressRange
13 | # v1.10 Suppression des msg de warnings lors de la cnx ssl
14 | # v1.11 modify idempotence to make it 7x faster
15 |
16 | #openstack reference
17 | #https://github.com/openstack/networking-fortinet/blob/5ca7b1b4c17240c8eb1b60f7cfa9a46b5b943718/networking_fortinet/api_client/templates.py
18 |
19 | import requests, json
20 |
21 | #suppression du warning lors de la cnx https avec certi autosigne
22 | from requests.packages.urllib3.exceptions import InsecureRequestWarning
23 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
24 |
25 | # class
26 | class Fortigate:
27 | def __init__(self, ip, vdom, user, passwd):
28 | ipaddr = 'https://' + ip
29 |
30 | # URL definition
31 | self.login_url = ipaddr + '/logincheck'
32 | self.logout_url = ipaddr + '/logout'
33 | self.api_url = ipaddr + '/api/v2/'
34 |
35 | self.vdom = vdom
36 |
37 | # Start session to keep cookies
38 | self.s = requests.Session()
39 |
40 | # Login
41 | payload = {'username': user, 'secretkey': passwd}
42 | #verify=False to permit login even with no valid ssl cert
43 | self.r = self.s.post(self.login_url, data=payload, verify=False)
44 |
45 | print 'login status:', self.r.status_code
46 | #print 'cookie:', self.s.cookies['ccsrftoken']
47 |
48 | for cookie in self.s.cookies:
49 | if cookie.name == 'ccsrftoken':
50 | csrftoken = cookie.value[1:-1]
51 | self.s.headers.update({'X-CSRFTOKEN': csrftoken})
52 |
53 |
54 | def Logout(self):
55 | req = self.s.get(self.logout_url)
56 | #print 'logout status:', req.status_code
57 | return req.status_code
58 |
59 | # About api request message naming regulations:
60 | # Prefix HTTP method
61 | # ADD_XXX --> POST
62 | # SET_XXX --> PUT
63 | # DELETE_XXX --> DELETE
64 | # GET_XXX --> GET
65 |
66 | def ApiGet(self, url):
67 | req = self.s.get(self.api_url + url, params={'vdom':self.vdom})
68 | #print '----json', req.json()
69 | #print '----text', req.text
70 | #print 'request status:', r.status_code
71 | return req
72 |
73 | def ApiAdd(self, url, data=None):
74 | req = self.s.post(self.api_url + url, params={'vdom':self.vdom}, data=repr(data))
75 | return req.status_code
76 |
77 | def ApiDelete(self, url, data=None):
78 | req = self.s.delete(self.api_url + url, params={'vdom':self.vdom}, data=repr(data))
79 | return req.status_code
80 |
81 | def ApiSet(self, url, data=None):
82 | req = self.s.put(self.api_url + url, params={'vdom':self.vdom}, data=repr(data))
83 | return req.status_code
84 |
85 | #-----------------------------------------------------------------------------------------
86 |
87 | def Exists(self, url, objects):
88 | """
89 | Test if the objects exist in the url.
90 |
91 | Parameters
92 | ----------
93 | url: the api url to test the objects (type string)
94 | objects: the list of objects you want to test (type [[]])
95 | ex:
96 | objects = [['name','srv-A'],['subnet','10.1.1.1/32']]
97 | self.Exists('cmdb/firewall/address/', objects)
98 |
99 | Returns
100 | -------
101 | Return True if all the objects exist, otherwise False.
102 | """
103 | req = self.ApiGet(url)
104 | data = json.loads(req.text)
105 | #print "exists data:", data
106 | #print '--------------------------------------'
107 | for y in range(0,len(data['results'])):
108 | identical = True
109 | #print '--------'
110 | for x in range(0,len(objects)):
111 | req_res = data['results'][y][objects[x][0]]
112 | if (type(req_res) is list):
113 | if ((req_res != []) and (objects[x][1] != req_res[0]['name'])):
114 | #print 'object list is different:',objects[x][0], objects[x][1] ,'to',req_res[0]['name']
115 | identical = False
116 | break
117 | elif (objects[x][1] != req_res):
118 | #print 'object is different:', objects[x][0], ':', objects[x][1] ,'to', req_res
119 | identical = False
120 | break
121 | if identical:
122 | return True
123 | return False
124 | #
125 | def GetVdom(self, name=''):
126 | '''
127 | Return the json vdom object, when the param name is defined it returns the selected object, without name: return all the objects.
128 |
129 | Parameters
130 | ----------
131 | name: the vdom object name (type string)
132 |
133 | Returns
134 | -------
135 | Return the json object
136 | '''
137 | req = self.ApiGet('cmdb/system/vdom/' + name)
138 | return req.text
139 |
140 | def AddVdom(self, name):
141 | """
142 | Create a new vdom.
143 |
144 | Parameters
145 | ----------
146 | name: name of the vdom (type string)
147 |
148 | Returns
149 | -------
150 | Http status code: 200 if ok, 4xx if an error occurs
151 | """
152 | payload = {'json':
153 | {
154 | 'name': name
155 | }
156 | }
157 | return self.ApiAdd('cmdb/system/vdom/', payload)
158 |
159 | def AddVdomIdempotent(self, name):
160 | """
161 | Create a new vdom, return ok if it already exist.
162 |
163 | Parameters
164 | ----------
165 | name: name of the vdom (type string)
166 |
167 | Returns
168 | -------
169 | Http status code: 200 if ok, 4xx if an error occurs
170 | """
171 | name = str(name)
172 | objects = [['name',name]]
173 | if not (self.Exists('cmdb/system/vdom/', objects)):
174 | #object does not exist, create it
175 | return self.AddVdom(name)
176 | else:
177 | #object already Exists
178 | return 200
179 |
180 | def DelVdom(self, name):
181 | payload = {'json':
182 | {
183 | 'name': 'vdom'
184 | }
185 | }
186 | return self.ApiDelete('cmdb/system/vdom/' + name + '/', data=payload)
187 |
188 | #
189 | def GetSystemAdmin(self, name=''):
190 | '''
191 | Return the json system admin object, when the param name is defined it returns the selected object, without name: return all the objects.
192 |
193 | Parameters
194 | ----------
195 | name: the system admin object name (type string)
196 |
197 | Returns
198 | -------
199 | Return the json object
200 | '''
201 | req = self.ApiGet('cmdb/system/admin/' + name)
202 | return req.text
203 |
204 | def AddSystemAdmin(self, name, password, profile='prof_admin', remote_auth='disable'):
205 | """
206 | Create a system admin on the vdom.
207 |
208 | Parameters
209 | ----------
210 | name: the system admin name (type string)
211 | password: the system admin password (type string)
212 | profile: the profile, choice: prof_admin/super_admin (type string)(default prof_admin)
213 | remote_auth: choice: enable/disable (type string)(default disable)
214 |
215 | Returns
216 | -------
217 | Http status code: 200 if ok, 4xx if an error occurs
218 | """
219 | name = str(name)
220 | password = str(password)
221 | #profile: prof_admin/super_admin
222 | payload = {'json':
223 | {
224 | 'name': name,
225 | 'password': password,
226 | 'accprofile': profile,
227 | 'remote-auth':remote_auth,
228 | "vdom":[
229 | {
230 | "name":self.vdom,
231 | }
232 | ]
233 | }
234 | }
235 | return self.ApiAdd('cmdb/system/admin/', payload)
236 |
237 | def AddSystemAdminIdempotent(self, name, password, profile='prof_admin', remote_auth='disable'):
238 | """
239 | Create a system admin on the vdom, return ok if it already exist.
240 |
241 | Parameters
242 | ----------
243 | name: the system admin name (type string)
244 | password: the system admin password (type string)
245 | profile: the profile, choice: prof_admin/super_admin (type string)(default prof_admin)
246 | remote_auth: choice: enable/disable (type string)(default disable)
247 |
248 | Returns
249 | -------
250 | Http status code: 200 if ok, 4xx if an error occurs
251 | """
252 | name = str(name)
253 | password = str(password)
254 | objects = [['name',name]]
255 | if not (self.Exists('cmdb/system/admin/', objects)):
256 | #object does not exist, create it
257 | return self.AddSystemAdmin(name, password, profile, remote_auth)
258 | else:
259 | #object already Exists
260 | return 200
261 |
262 | def SetSystemAdmin(self, name, password, profile='prof_admin', remote_auth='disable'):
263 | """
264 | Modify a system admin on the vdom.
265 |
266 | Parameters
267 | ----------
268 | name: the system admin name (type string)
269 | password: the system admin password (type string)
270 | profile: the profile, choice: prof_admin/super_admin (type string)(default prof_admin)
271 | remote_auth: choice: enable/disable (type string)(default disable)
272 |
273 | Returns
274 | -------
275 | Http status code: 200 if ok, 4xx if an error occurs
276 | """
277 | name = str(name)
278 | password = str(password)
279 | #profile: prof_admin/super_admin
280 | payload = {'json':
281 | {
282 | 'name': name,
283 | 'password': password,
284 | 'accprofile': profile,
285 | 'remote-auth':remote_auth,
286 | "vdom":[
287 | {
288 | "name":self.vdom,
289 | }
290 | ]
291 | }
292 | }
293 | return self.ApiSet('cmdb/system/admin/'+ name + '/', payload)
294 |
295 | def DelSystemAdmin(self, name):
296 | """
297 | Delete system admin object referenced by name.
298 |
299 | Parameters
300 | ----------
301 | name: object to delete (type string)
302 |
303 | Returns
304 | -------
305 | Http status code: 200 if ok, 4xx if an error occurs
306 | """
307 | payload = {'json':
308 | {
309 | 'name': 'admin'
310 | }
311 | }
312 | return self.ApiDelete('cmdb/system/admin/'+ name + '/', data=payload)
313 | #
314 | def GetUserLocal(self, name=''):
315 | '''
316 | Return the json user local object, when the param name is defined it returns the selected object, without name: return all the objects.
317 |
318 | Parameters
319 | ----------
320 | name: the system admin object name (type string)
321 |
322 | Returns
323 | -------
324 | Return the json object
325 | '''
326 | req = self.ApiGet('cmdb/user/local/' + name)
327 | return req.text
328 |
329 | def AddUserLocal(self, name, passwd, type_user='password', status='enable', email_to='', ldap_server='', radius_server=''):
330 | """
331 | Create a user local on the vdom.
332 |
333 | Parameters
334 | ----------
335 | name: the system admin name (type string)
336 | passwd: the system admin password (type string)
337 | type_user: set to 'password' for Local (type string)
338 | status: (type string)(default enable)
339 | email_to: (type string)(default'')
340 | ldap_server: (type string)(default'')
341 | radius_server: (type string)(default'')
342 |
343 | Returns
344 | -------
345 | Http status code: 200 if ok, 4xx if an error occurs
346 | """
347 | name = str(name)
348 | passwd = str(passwd)
349 |
350 | payload = {'json':
351 | {
352 | 'name': name,
353 | 'passwd': passwd,
354 | 'type': type_user,
355 | 'status': status,
356 | 'email-to': email_to,
357 | 'ldap-server': ldap_server,
358 | 'radius-server': radius_server,
359 | }
360 | }
361 | return self.ApiAdd('cmdb/user/local/', payload)
362 |
363 | def AddUserLocalIdempotent(self, name, passwd, type_user='password', status='enable', email_to='', ldap_server='', radius_server=''):
364 | """
365 | Create a user local on the vdom, return ok if it already exist.
366 |
367 | Parameters
368 | ----------
369 | name: the system admin name (type string)
370 | passwd: the system admin password (type string)
371 | type_user: set to 'password' for Local (type string)
372 | status: (type string)(default enable)
373 | email_to: (type string)(default'')
374 | ldap_server: (type string)(default'')
375 | radius_server: (type string)(default'')
376 |
377 | Returns
378 | -------
379 | Http status code: 200 if ok, 4xx if an error occurs
380 | """
381 | name = str(name)
382 | passwd = str(passwd)
383 | objects = [['name',name],['type',type_user]]
384 | if not (self.Exists('cmdb/user/local/', objects)):
385 | #object does not exist, create it
386 | return self.AddUserLocal(name, passwd, type_user, status, email_to, ldap_server, radius_server)
387 | else:
388 | #object already Exists
389 | return 200
390 |
391 | def SetUserLocal(self, name, passwd, type_user='password', status='enable', email_to='', ldap_server='', radius_server=''):
392 | """
393 | Modify a user local on the vdom.
394 |
395 | Parameters
396 | ----------
397 | name: the system admin name (type string)
398 | passwd: the system admin password (type string)
399 | type_user: set to 'password' for Local (type string)
400 | status: (type string)(default enable)
401 | email_to: (type string)(default'')
402 | ldap_server: (type string)(default'')
403 | radius_server: (type string)(default'')
404 |
405 | Returns
406 | -------
407 | Http status code: 200 if ok, 4xx if an error occurs
408 | """
409 | name = str(name)
410 | passwd = str(passwd)
411 |
412 | payload = {'json':
413 | {
414 | 'name': name,
415 | 'passwd': passwd,
416 | 'type': type_user,
417 | 'status': status,
418 | 'email-to': email_to,
419 | 'ldap-server': ldap_server,
420 | 'radius-server': radius_server,
421 | }
422 | }
423 | return self.ApiSet('cmdb/user/local/'+ name + '/', payload)
424 |
425 | def DelUserLocal(self, name):
426 | """
427 | Delete user local object referenced by name.
428 |
429 | Parameters
430 | ----------
431 | name: object to delete (type string)
432 |
433 | Returns
434 | -------
435 | Http status code: 200 if ok, 4xx if an error occurs
436 | """
437 | payload = {'json':
438 | {
439 | 'name': 'local'
440 | }
441 | }
442 | return self.ApiDelete('cmdb/user/local/' + name + '/', data=payload)
443 |
444 | def DelAllUserLocal(self):
445 | """
446 | Delete all user local object of the vdom.
447 |
448 | Parameters
449 | ----------
450 |
451 | Returns
452 | -------
453 | Http status code: 200 if ok, 4xx if an error occurs
454 | """
455 | req = self.ApiGet('cmdb/user/local/')
456 | data = json.loads(req.text)
457 | for y in range(0,len(data['results'])):
458 | user_name = data['results'][y]['name']
459 | return_code = self.DelUserLocal(user_name)
460 | print 'del user :', user_name, '(', return_code,')'
461 | if return_code != 200: return return_code
462 | return 200
463 | #
464 | def GetInterface(self, name=''):
465 | """
466 | Return the json interface object, when the param id is defined it returns the selected object, without id: return all the objects
467 |
468 | Parameters
469 | ----------
470 | name: the object name or nothing (type string)
471 |
472 | Returns
473 | -------
474 | Return the json fw interface object
475 | """
476 | req = self.ApiGet('cmdb/system/interface/' + name)
477 | result = []
478 | data = json.loads(req.text)
479 | #search for current vdom only
480 | for y in range(0,len(data['results'])):
481 | if self.vdom == data['results'][y]['vdom']:
482 | result.append(data['results'][y])
483 | return json.dumps(result, indent=4)
484 |
485 | def AddLoopbackInterface(self, name, ip_mask, vdom, allowaccess=''):
486 | """
487 | Create a loopback interface on the vdom.
488 |
489 | Parameters
490 | ----------
491 | name: the name of the loopback int (type string)
492 | ip_mask: the ip and mask (for ex: 1.1.1.1 255.255.255.255 or 1.1.1.1/32)(type string)
493 | vdom: the existing vdom of the loopback (type string)
494 | allowaccess: choice in: ping/http/https/ssh/snmp separated with space (for ex: 'ping ssh http')(type string)(default none)
495 |
496 | Returns
497 | -------
498 | Http status code: 200 if ok, 4xx if an error occurs
499 | """
500 | name = str(name)
501 | ip_mask = str(ip_mask)
502 | vdom = str(vdom)
503 | allowaccess = str(allowaccess)
504 | #type:vlan/loopback
505 | #allowaccess: ping/http/https/ssh/snmp
506 | payload = { 'json':
507 | {
508 | 'name': name,
509 | 'type': 'loopback',
510 | 'ip': ip_mask,
511 | 'vdom': vdom,
512 | 'mode': 'static',
513 | 'status': 'up',
514 | 'secondary-IP': 'disable',
515 | 'alias':'',
516 | "ipv6": {
517 | "ip6-extra-addr": []
518 | },
519 | 'allowaccess': allowaccess
520 | }
521 | }
522 | return self.ApiAdd('cmdb/system/interface/', payload)
523 |
524 | def AddLoopbackInterfaceIdempotent(self, name, ip_mask, vdom, allowaccess):
525 | """
526 | Create a loopback interface on the vdom, return ok if it already exists.
527 |
528 | Parameters
529 | ----------
530 | name: the name of the loopback int (type string)
531 | ip_mask: the ip and mask (for ex: 1.1.1.1 255.255.255.255 or 1.1.1.1/32)(type string)
532 | vdom: the existing vdom of the loopback (type string)
533 | allowaccess: choice in: ping/http/https/ssh/snmp separated with space (for ex: 'ping ssh http')(type string)
534 |
535 | Returns
536 | -------
537 | Http status code: 200 if ok, 4xx if an error occurs
538 | """
539 | name = str(name)
540 | ip_mask = str(ip_mask)
541 | vdom = str(vdom)
542 | allowaccess = str(allowaccess)
543 | objects = [['name',name],['ip',ip_mask]]
544 | if not (self.Exists('cmdb/system/interface/', objects)):
545 | #object does not exist, create it
546 | return self.AddLoopbackInterface(name, ip_mask, vdom, allowaccess)
547 | else:
548 | #object already Exists
549 | return 200
550 |
551 | def SetLoopbackInterface(self, name, ip_mask, vdom, allowaccess=''):
552 | """
553 | Modify a loopback interface on the vdom.
554 |
555 | Parameters
556 | ----------
557 | name: the name of the loopback int (type string)
558 | ip_mask: the ip and mask (for ex: 1.1.1.1 255.255.255.255 or 1.1.1.1/32)(type string)
559 | vdom: the existing vdom of the loopback (type string)
560 | allowaccess: choice in: ping/http/https/ssh/snmp separated with space (for ex: 'ping ssh http')(type string)
561 |
562 | Returns
563 | -------
564 | Http status code: 200 if ok, 4xx if an error occurs
565 | """
566 | name = str(name)
567 | ip_mask = str(ip_mask)
568 | vdom = str(vdom)
569 | allowaccess = str(allowaccess)
570 | #type:vlan/loopback
571 | #allowaccess: ping/http/https/ssh/snmp
572 | payload = { 'json':
573 | {
574 | 'name': name,
575 | 'type': 'loopback',
576 | 'ip': ip_mask,
577 | 'vdom': vdom,
578 | 'mode': 'static',
579 | 'status': 'up',
580 | 'secondary-IP': 'disable',
581 | 'alias':'',
582 | "ipv6": {
583 | "ip6-extra-addr": []
584 | },
585 | 'allowaccess': allowaccess
586 | }
587 | }
588 | return self.ApiSet('cmdb/system/interface/' + name + '/', payload)
589 |
590 | def AddVlanInterface(self, name, interface, vlanid, ip_mask, vdom, mode='none', allowaccess=''):
591 | """
592 | Create an interface on the vdom.
593 | You must have access on the root vdom to use this method.
594 |
595 | Parameters
596 | ----------
597 | name: the name of the interface vlan (type string)
598 | interface: the physical interface which you going to attach the vlan to (type string)
599 | vlanid: the vlan vlan id (type string)
600 | ip_mask: the ip and mask (for ex: 1.1.1.1 255.255.255.255 or 1.1.1.1/32)(type string)
601 | vdom: the existing vdom of the loopback (type string)
602 | allowaccess: choice in: ping/http/https/ssh/snmp separated with space (for ex: 'ping ssh http')(type string)
603 | mode: security mode: choice none or
604 | allowaccess: choice in: ping/http/https/ssh/snmp separated with space (for ex: 'ping ssh http')(type string)(default none)
605 |
606 | Returns
607 | -------
608 | Http status code: 200 if ok, 4xx if an error occurs
609 | """
610 | name = str(name)
611 | interface = str(interface)
612 | vlanid = str(vlanid)
613 | ip_mask = str(ip_mask)
614 | vdom = str(vdom)
615 | mode = str(mode)
616 | allowaccess = str(allowaccess)
617 | payload = { 'json':
618 | {
619 | 'name': name,
620 | 'vlanid': vlanid,
621 | 'vdom': vdom,
622 | 'interface': interface,
623 | 'type': 'vlan',
624 | 'ip': ip_mask,
625 | 'mode': mode,
626 | 'status': 'up',
627 | "dhcp-relay-service":"disable",
628 | "dhcp-relay-ip":"",
629 | "dhcp-relay-type":"regular",
630 | 'secondary-IP': 'disable',
631 | 'alias':'',
632 | "ipv6": {
633 | "ip6-extra-addr": []
634 | },
635 | 'allowaccess': allowaccess
636 | }
637 | }
638 | #return self.ApiAdd('cmdb/system/interface/', payload)
639 | url = 'cmdb/system/interface/'
640 | #adding an interface can only be made from the root vdom
641 | req = self.s.post(self.api_url + url, params={'vdom':'root'}, data=repr(payload))
642 | #print 'ApiAdd text:', req.text
643 | return req.status_code
644 |
645 | def AddVlanInterfaceIdempotent(self, name, interface, vlanid, ip_mask, vdom, mode, allowaccess):
646 | """
647 | Create an interface on the vdom, return ok if the vdom already exist.
648 | You must have access on the root vdom to use this method.
649 |
650 | Parameters
651 | ----------
652 | name: the name of the interface vlan (type string)
653 | interface: the physical interface which you going to attach the vlan to (type string)
654 | vlanid: the vlan vlan id (type string)
655 | ip_mask: the ip and mask (for ex: 1.1.1.1 255.255.255.255 or 1.1.1.1/32)(type string)
656 | vdom: the existing vdom of the loopback (type string)
657 | allowaccess: choice in: ping/http/https/ssh/snmp separated with space (for ex: 'ping ssh http')(type string)
658 | mode: security mode: choice none or
659 | allowaccess: choice in: ping/http/https/ssh/snmp separated with space (for ex: 'ping ssh http')(type string)(default none)
660 |
661 | Returns
662 | -------
663 | Http status code: 200 if ok, 4xx if an error occurs
664 | """
665 | name = str(name)
666 | interface = str(interface)
667 | vlanid = str(vlanid)
668 | ip_mask = str(ip_mask)
669 | vdom = str(vdom)
670 | mode = str(mode)
671 | allowaccess = str(allowaccess)
672 | objects = [['name',name],['interface',interface],['vlanid', int(vlanid)],['ip',ip_mask]]
673 | if not (self.Exists('cmdb/system/interface/', objects)):
674 | #object does not exist, create it
675 | return self.AddVlanInterface(name, interface, vlanid, ip_mask, vdom, mode, allowaccess)
676 | else:
677 | #object already Exist
678 | return 200
679 |
680 | def SetVlanInterface(self, name, interface, vlanid, ip_mask, vdom, mode='none', allowaccess=''):
681 | """
682 | Modify an interface on the vdom.
683 |
684 | Parameters
685 | ----------
686 | name: the name of the interface vlan (type string)
687 | interface: the physical interface which you going to attach the vlan to (type string)
688 | vlanid: the vlan vlan id (type string)
689 | ip_mask: the ip and mask (for ex: 1.1.1.1 255.255.255.255 or 1.1.1.1/32)(type string)
690 | vdom: the existing vdom of the loopback (type string)
691 | allowaccess: choice in: ping/http/https/ssh/snmp separated with space (for ex: 'ping ssh http')(type string)
692 | mode: security mode: choice none or
693 | allowaccess: choice in: ping/http/https/ssh/snmp separated with space (for ex: 'ping ssh http')(type string)(default none)
694 |
695 | Returns
696 | -------
697 | Http status code: 200 if ok, 4xx if an error occurs
698 | """
699 | name = str(name)
700 | interface = str(interface)
701 | vlanid = str(vlanid)
702 | ip_mask = str(ip_mask)
703 | vdom = str(vdom)
704 | mode = str(mode)
705 | allowaccess = str(allowaccess)
706 | payload = { 'json':
707 | {
708 | 'name': name,
709 | 'vlanid': vlanid,
710 | 'vdom': vdom,
711 | 'interface': interface,
712 | 'type': 'vlan',
713 | 'ip': ip_mask,
714 | 'mode': mode,
715 | 'status': 'up',
716 | "dhcp-relay-service":"disable",
717 | "dhcp-relay-ip":"",
718 | "dhcp-relay-type":"regular",
719 | 'secondary-IP': 'disable',
720 | 'alias':'',
721 | "ipv6": {
722 | "ip6-extra-addr": []
723 | },
724 | 'allowaccess': allowaccess
725 | }
726 | }
727 | return self.ApiSet('cmdb/system/interface/' + name + '/', data=payload)
728 |
729 |
730 |
731 | def DelInterface(self, name):
732 | """
733 | Delete fw interface object referenced by name.
734 |
735 | Parameters
736 | ----------
737 | name: object to delete (type string)
738 |
739 | Returns
740 | -------
741 | Http status code: 200 if ok, 4xx if an error occurs
742 | """
743 | payload = {'json':
744 | {
745 | 'name': 'interface'
746 | }
747 | }
748 | return self.ApiDelete('cmdb/system/interface/' + name + '/', data=payload)
749 |
750 | def DelAllInterface(self):
751 | """
752 | Delete all fw interface object of the vdom.
753 |
754 | Parameters
755 | ----------
756 |
757 | Returns
758 | -------
759 | Http status code: 200 if ok, 4xx if an error occurs
760 | """
761 | req = self.ApiGet('cmdb/system/interface/')
762 | data = json.loads(req.text)
763 | final_return_code = 200
764 | for y in range(0,len(data['results'])):
765 | if self.vdom == data['results'][y]['vdom']:
766 | int_name = data['results'][y]['name']
767 | return_code = self.DelInterface(int_name)
768 | print 'del interface:', int_name, '(', return_code,')'
769 | if return_code != 200 and int_name.find('ssl.') == -1:
770 | final_return_code = return_code
771 | return final_return_code
772 | #
773 | def GetFwAddress(self, name=''):
774 | '''
775 | Return the json fw address object, when the param name is defined it returns the selected object, without name: return all the objects.
776 |
777 | Parameters
778 | ----------
779 | name: the fw address object name (type string)
780 |
781 | Returns
782 | -------
783 | Return the json object
784 | '''
785 | req = self.ApiGet('cmdb/firewall/address/' + name)
786 | return req.text
787 |
788 | def AddFwAddress(self, name, subnet, associated_interface='', comment=''):
789 | """
790 | Create address on the firewall.
791 |
792 | Parameters
793 | ----------
794 | name: the fw address object name (type string)
795 | subnet: the ip address and masq, (for ex: '1.1.1.1 255.255.255.255' or '1.1.1.1/32') (type string)
796 | associated_interface: interface of the object, leave blank for 'Any' (default: Any) (type string)
797 | comment: (default none) (type string)
798 |
799 | Returns
800 | -------
801 | Http status code: 200 if ok, 4xx if an error occurs
802 | """
803 | name = str(name)
804 | subnet = str(subnet)
805 | associated_interface = str(associated_interface)
806 | payload = {'json':
807 | {
808 | 'name': name,
809 | 'type': 'ipmask',
810 | 'subnet': subnet,
811 | 'associated-interface': associated_interface,
812 | 'comment': comment
813 | }
814 | }
815 | return self.ApiAdd('cmdb/firewall/address/', payload)
816 |
817 | def AddFwAddressRange(self, name, start_ip, end_ip, associated_interface='', comment=''):
818 | """
819 | Create address range on the firewall.
820 |
821 | Parameters
822 | ----------
823 | name: the fw address object name (type string)
824 | start_ip: the first ip address of the range (type string)
825 | end_ip: the last ip address of the range (type string)
826 | associated_interface: interface of the object, leave blank for 'Any' (default: Any) (type string)
827 | comment: (default none) (type string)
828 |
829 | Returns
830 | -------
831 | Http status code: 200 if ok, 4xx if an error occurs
832 | """
833 | name = str(name)
834 | start_ip = str(start_ip)
835 | end_ip = str(end_ip)
836 | associated_interface = str(associated_interface)
837 | payload = {'json':
838 | {
839 | 'name': name ,
840 | 'type': 'iprange',
841 | 'start-ip': start_ip,
842 | 'end-ip': end_ip,
843 | 'associated-interface': associated_interface,
844 | 'comment': comment
845 | }
846 | }
847 | return self.ApiAdd('cmdb/firewall/address/', payload)
848 |
849 |
850 | def AddFwAddressIdempotent(self, name, subnet, associated_interface='', comment=''):
851 | """
852 | Create address object on the firewall, if the object already exist return ok.
853 |
854 | Parameters
855 | ----------
856 | name: the fw address object name (type string)
857 | subnet: the ip address and masq, (for ex: '1.1.1.1 255.255.255.255' or '1.1.1.1/32') (type string)
858 | associated_interface: interface of the object, leave blank for 'Any' (default: Any) (type string)
859 | comment: (default none) (type string)
860 |
861 | Returns
862 | -------
863 | Http status code: 200 if ok, 4xx if an error occurs
864 | """
865 | name = str(name)
866 | subnet = str(subnet)
867 | associated_interface = str(associated_interface)
868 |
869 | return_code = self.AddFwAddress(name, subnet, associated_interface, comment)
870 | if return_code != 200:
871 | #creation failed, check to see if the object already exists
872 | objects = [['name',name],['subnet',subnet]]
873 | if self.Exists('cmdb/firewall/address/', objects):
874 | return_code = 200
875 | return return_code
876 |
877 |
878 |
879 | def SetFwAddress(self, name, subnet, associated_interface='', comment=''):
880 | """
881 | Modify address object on the firewall.
882 |
883 | Parameters
884 | ----------
885 | name: the fw address object name (type string)
886 | subnet: the ip address and masq, (for ex: '1.1.1.1 255.255.255.255' or '1.1.1.1/32') (type string)
887 | associated_interface: interface of the object, leave blank for 'Any' (default: Any) (type string)
888 | comment: (default none) (type string)
889 |
890 | Returns
891 | -------
892 | Http status code: 200 if ok, 4xx if an error occurs
893 | """
894 | name = str(name)
895 | subnet = str(subnet)
896 | associated_interface = str(associated_interface)
897 | payload = {'json':
898 | {
899 | 'name': name ,
900 | 'associated-interface': associated_interface,
901 | 'comment': comment,
902 | 'subnet': subnet
903 | }
904 | }
905 | return self.ApiSet('cmdb/firewall/address/' + name + '/', payload)
906 |
907 | def DelFwAddress(self, name):
908 | """
909 | Delete fw address object referenced by name.
910 |
911 | Parameters
912 | ----------
913 | name : the fw address name (type string)
914 |
915 | Returns
916 | -------
917 | Http status code: 200 if ok, 4xx if an error occurs
918 | """
919 | payload = {'json':
920 | {
921 | 'name': name
922 | }
923 | }
924 | return self.ApiDelete('cmdb/firewall/address/', data=payload)
925 |
926 | def DelAllFwAddress(self):
927 | """
928 | Delete all the fw address on the vdom.
929 |
930 | Parameters
931 | ----------
932 |
933 | Returns
934 | -------
935 | Http status code: 200 if ok, 4xx if an error occurs
936 | """
937 | req = self.ApiGet('cmdb/firewall/address/')
938 | data = json.loads(req.text)
939 | for y in range(0,len(data['results'])):
940 | address_name = data['results'][y]['name']
941 | return_code = self.DelFwAddress(address_name)
942 | print 'del fw address :', address_name, '(', return_code,')'
943 | if return_code != 200: return return_code
944 | return 200
945 | #
946 | def GetFwAddressGroup(self, name=''):
947 | '''
948 | Return the json address group object, when the param name is defined it returns the selected object, without name: return all the objects.
949 |
950 | Parameters
951 | ----------
952 | name: the address group object name (type string)
953 |
954 | Returns
955 | -------
956 | Return the json object
957 | '''
958 | req = self.ApiGet('cmdb/firewall/addrgrp/' + name)
959 | return req.text
960 |
961 | def AddFwAddressGroup(self, name, member_list):
962 | """
963 | Create address group on the firewall.
964 |
965 | Parameters
966 | ----------
967 | name : the group name (type string)
968 | member_list : the list of existing objects to add to the group (type [])
969 |
970 | Returns
971 | -------
972 | Http status code: 200 if ok, 4xx if an error occurs
973 | """
974 | name = str(name)
975 | member = []
976 | for member_elem in member_list:
977 | member.append({'name': member_elem})
978 | payload = {'json':
979 | {
980 | 'name': name,
981 | 'member': member
982 | }
983 | }
984 | return self.ApiAdd('cmdb/firewall/addrgrp/', payload)
985 |
986 | def AddFwAddressGroupIdempotent(self, name, member_list):
987 | """
988 | Create address group on the firewall, if the object already exist return ok.
989 |
990 | Parameters
991 | ----------
992 | name : the group name (type string)
993 | member_list : the list of existing objects to add to the group (type [])
994 |
995 | Returns
996 | -------
997 | Http status code: 200 if ok, 4xx if an error occurs
998 | """
999 | name = str(name)
1000 |
1001 | return_code = self.AddFwAddressGroup(name, member_list)
1002 | if return_code != 200:
1003 | #creation failed, check to see if the object already exists
1004 | objects = [['name',name]]
1005 | if self.Exists('cmdb/firewall/addrgrp/', objects):
1006 | return_code = 200
1007 | return return_code
1008 |
1009 |
1010 | def SetFwAddressGroup(self, name, member_list):
1011 | """
1012 | Modify the members of the address group on the firewall.
1013 |
1014 | Parameters
1015 | ----------
1016 | name : the group name (type string)
1017 | member_list : the modified list of objects for the group (type [])
1018 |
1019 | Returns
1020 | -------
1021 | Http status code: 200 if ok, 4xx if an error occurs
1022 | """
1023 | name = str(name)
1024 | member = []
1025 | for member_elem in member_list:
1026 | member.append({'name': member_elem})
1027 | payload = {'json':
1028 | {
1029 | 'member': member
1030 | }
1031 | }
1032 | return self.ApiSet('cmdb/firewall/addrgrp/' + name + '/', payload)
1033 |
1034 | def DelFwAddressGroup(self, name):
1035 | """
1036 | Delete address group object referenced by name.
1037 |
1038 | Parameters
1039 | ----------
1040 | name : the group name (type string)
1041 |
1042 | Returns
1043 | -------
1044 | Http status code: 200 if ok, 4xx if an error occurs
1045 | """
1046 | payload = {'json':
1047 | {
1048 | 'name': name
1049 | }
1050 | }
1051 | return self.ApiDelete('cmdb/firewall/addrgrp/', payload)
1052 |
1053 | def DelAllFwAddressGroup(self):
1054 | """
1055 | Delete all the address group on the vdom.
1056 |
1057 | Parameters
1058 | ----------
1059 |
1060 | Returns
1061 | -------
1062 | Http status code: 200 if ok, 4xx if an error occurs
1063 | """
1064 | req = self.ApiGet('cmdb/firewall/addrgrp/')
1065 | data = json.loads(req.text)
1066 | for y in range(0,len(data['results'])):
1067 | group_name = data['results'][y]['name']
1068 | return_code = self.DelFwAddressGroup(group_name)
1069 | print 'del fw address group:', group_name, '(', return_code,')'
1070 | if return_code != 200: return return_code
1071 | return 200
1072 | #
1073 | def GetRouterStaticID(self, id=''):
1074 | """
1075 | Return the json route static object, when the param name is defined it returns the selected object, without name: return all the objects.
1076 |
1077 | Parameters
1078 | ----------
1079 | id: the static route id (type string)
1080 |
1081 | Returns
1082 | -------
1083 | Return the json object
1084 | """
1085 | id = str(id)
1086 | req = self.ApiGet('cmdb/router/static/' + id)
1087 | return req.text
1088 |
1089 | def AddRouterStatic(self, dst, device, gateway, comment=''):
1090 | """
1091 | Create a static route on the firewall.
1092 |
1093 | Parameters
1094 | ----------
1095 | dst: the destination, example '1.1.1.1 255.255.255.0' (type string)
1096 | device: (type string)
1097 | gateway: (type string)
1098 | comment: (type string)(default none)
1099 |
1100 | Returns
1101 | -------
1102 | Http status code: 200 if ok, 4xx if an error occurs
1103 | """
1104 | dst = str(dst)
1105 | device = str(device)
1106 | gateway = str(gateway)
1107 | payload = {'json':
1108 | {
1109 | 'dst': dst,
1110 | 'device': device,
1111 | 'gateway': gateway,
1112 | 'comment': comment
1113 | }
1114 | }
1115 | return self.ApiAdd('cmdb/router/static/', payload)
1116 |
1117 | def AddRouterStaticIdempotent(self, dst, device, gateway, comment=''):
1118 | """
1119 | Create a static route on the firewall, return ok if it already exists.
1120 |
1121 | Parameters
1122 | ----------
1123 | dst: the destination, example '1.1.1.1 255.255.255.0' (type string)
1124 | device: (type string)
1125 | gateway: (type string)
1126 | comment: (type string)(default none)
1127 |
1128 | Returns
1129 | -------
1130 | Http status code: 200 if ok, 4xx if an error occurs
1131 | """
1132 | dst = str(dst)
1133 | device = str(device)
1134 | gateway = str(gateway)
1135 |
1136 | return_code = self.AddRouterStatic(dst, device, gateway, comment)
1137 | if return_code != 200:
1138 | #creation failed, check to see if the object already exists
1139 | objects = [['dst',dst],['device',device],['gateway',gateway]]
1140 | if self.Exists('cmdb/router/static/', objects):
1141 | return_code = 200
1142 | return return_code
1143 |
1144 | def SetRouterStatic(self, id, dst, device, gateway, comment=''):
1145 | """
1146 | Modify a static route (referenced by his id) on the firewall.
1147 |
1148 | Parameters
1149 | ----------
1150 | id: the reference of the static route (type string)
1151 | dst: the destination, example '1.1.1.1 255.255.255.0' (type string)
1152 | device: (type string)
1153 | gateway: (type string)
1154 | comment: (type string)(default none)
1155 |
1156 | Returns
1157 | -------
1158 | Http status code: 200 if ok, 4xx if an error occurs
1159 | """
1160 | dst = str(dst)
1161 | device = str(device)
1162 | gateway = str(gateway)
1163 | payload = {'json':
1164 | {
1165 | 'dst': dst,
1166 | 'device': device,
1167 | 'gateway': gateway,
1168 | 'comment': comment
1169 | }
1170 | }
1171 | return self.ApiSet('cmdb/router/static/' + str(id) + '/', payload)
1172 |
1173 | def DelRouterStaticID(self, id):
1174 | """
1175 | Delete the route selected with his id.
1176 |
1177 | Parameters
1178 | ----------
1179 | id: the route id to delete (type string)
1180 |
1181 | Returns
1182 | -------
1183 | Http status code: 200 if ok, 4xx if an error occurs
1184 | """
1185 | payload = {'json':
1186 | {
1187 | 'name': 'static'
1188 | }
1189 | }
1190 | return self.ApiDelete('cmdb/router/static/' + str(id) + '/', data=payload)
1191 |
1192 |
1193 |
1194 | def DelRouterStatic(self, dst):
1195 | """
1196 | Delete the route selected with his destination parameter.
1197 |
1198 | Parameters
1199 | ----------
1200 | dst: the destination route to delete ( example '1.1.1.1 255.255.255.0')(type string)
1201 |
1202 | Returns
1203 | -------
1204 | Http status code: 200 if ok, 4xx if an error occurs
1205 | """
1206 | req = self.ApiGet('cmdb/router/static/')
1207 | data = json.loads(req.text)
1208 | # search for router static ID with specific dst
1209 | for x in range(0,len(data['results'])):
1210 | if (dst == data['results'][x]['dst']):
1211 | # ID is found : delete it
1212 | return self.DelRouterStaticID(data['results'][x]['seq-num'])
1213 | return 404
1214 |
1215 | def DelAllRouterStatic(self):
1216 | """
1217 | Delete all the route of the vdom.
1218 |
1219 | Parameters
1220 | ----------
1221 |
1222 | Returns
1223 | -------
1224 | Http status code: 200 if ok, 4xx if an error occurs
1225 | """
1226 | req = self.ApiGet('cmdb/router/static/')
1227 | data = json.loads(req.text)
1228 | for y in range(0,len(data['results'])):
1229 | route_id = data['results'][y]['seq-num']
1230 | return_code = self.DelRouterStaticID(route_id)
1231 | print 'del route id:', route_id , '(', return_code,')'
1232 | if return_code != 200: return return_code
1233 | return 200
1234 | #
1235 | def GetFwPolicyID(self, id=''):
1236 | """
1237 | Return the json fw policy object, when the param id is defined it returns the selected object, without id: return all the objects
1238 |
1239 | Parameters
1240 | ----------
1241 | id: the object id or nothing (type string)
1242 |
1243 | Returns
1244 | -------
1245 | Return the json fw policy object
1246 | """
1247 | req = self.ApiGet('cmdb/firewall/policy/' + id)
1248 | return req.text
1249 |
1250 | def GetFwPolicyStats(self):
1251 | """
1252 | Return json object with traffic statistics for all policies.
1253 |
1254 | Returns
1255 | -------
1256 | Return the json fw policy statistics
1257 | """
1258 | req = self.ApiGet('monitor/firewall/policy')
1259 | return req.text
1260 |
1261 | def AddFwPolicy(self, srcintf='any', dstintf='any', srcaddr='all', dstaddr='all', service='ALL', action='accept', schedule='always', nat='disable', poolname='[]', ippool='disable', status='enable', comments='', traffic_shaper='', traffic_shaper_reverse=''):
1262 | """
1263 | Create a fw policy.
1264 |
1265 | Parameters
1266 | ----------
1267 | #srcintf: source interface (type string)(default any)
1268 | #dstintf: destination interface (type string)(default any)
1269 | #srcaddr: source address (type string)(default any)
1270 | #dstaddr: destination address (type string)(default any)
1271 | #service: service (type string)(default ALL)
1272 | #action: action, type choice string: accept or deny or drop (type string)(default accept)
1273 | #schedule: schedule (type string)(default always)
1274 | #nat: nat, type choice string: enable or disable (type string)(default disable)
1275 | #poolname: if you enabled nat, the poolname (type string)(default [])
1276 | #ippool: if you enabled nat, the ippool (type string)(default disable)
1277 | #status: the status of the policy, type choice string: enable or disable (default enable)
1278 | #comment: (type string)
1279 | #traffic_shaper: traffic shaper object name (type string)
1280 | #traffic_shaper_reverse: traffic shaper object name (type string)
1281 |
1282 | Returns
1283 | -------
1284 | Http status code: 200 if ok, 4xx if an error occurs
1285 | """
1286 | srcintf= str(srcintf)
1287 | dstintf= str(dstintf)
1288 | srcaddr= str(srcaddr)
1289 | dstaddr= str(dstaddr)
1290 | service= str(service)
1291 | action= str(action)
1292 |
1293 | payload = {'json':
1294 | {
1295 | 'srcintf': [
1296 | {
1297 | 'name': srcintf
1298 | }
1299 | ],
1300 | 'dstintf': [
1301 | {
1302 | 'name': dstintf
1303 | }
1304 | ],
1305 | 'srcaddr': [
1306 | {
1307 | 'name': srcaddr
1308 | }
1309 | ],
1310 | 'dstaddr': [
1311 | {
1312 | 'name': dstaddr
1313 | }
1314 | ],
1315 | 'action': action,
1316 | 'schedule': schedule,
1317 | 'nat': nat,
1318 | 'status': status,
1319 | 'nat': nat,
1320 | 'ippool': ippool,
1321 | 'traffic-shaper': traffic_shaper,
1322 | 'traffic-shaper-reverse': traffic_shaper_reverse,
1323 | 'poolname': [
1324 | {
1325 | 'name': poolname
1326 | }
1327 | ],
1328 | 'service': [
1329 | {
1330 | 'name': service
1331 | }
1332 | ],
1333 | 'comments': comments
1334 | }
1335 | }
1336 | return self.ApiAdd('cmdb/firewall/policy/', payload)
1337 |
1338 | def AddFwPolicyIdempotent(self, srcintf='any', dstintf='any', srcaddr='all', dstaddr='all', service='ALL', action='accept', schedule='always', nat='disable', poolname='[]', ippool='disable', status='enable', comments='', traffic_shaper='', traffic_shaper_reverse=''):
1339 | """
1340 | Create a fw policy, return 200 if the policy already exists.
1341 |
1342 | Parameters
1343 | ----------
1344 | #srcintf: source interface (type string)(default any)
1345 | #dstintf: destination interface (type string)(default any)
1346 | #srcaddr: source address (type string)(default any)
1347 | #dstaddr: destination address (type string)(default any)
1348 | #service: service (type string)(default ALL)
1349 | #action: action, type choice string: accept or deny or drop (type string)(default accept)
1350 | #schedule: schedule (type string)(default always)
1351 | #nat: nat, type choice string: enable or disable (type string)(default disable)
1352 | #poolname: if you enabled nat, the poolname (type string)(default [])
1353 | #ippool: if you enabled nat, the ippool (type string)(default disable)
1354 | #status: the status of the policy, type choice string: enable or disable (default enable)
1355 | #comment: (type string)
1356 | #traffic_shaper: traffic shaper object name (type string)
1357 | #traffic_shaper_reverse: traffic shaper object name (type string)
1358 |
1359 | Returns
1360 | -------
1361 | Http status code: 200 if ok, 4xx if an error occurs
1362 | """
1363 | srcintf= str(srcintf)
1364 | dstintf= str(dstintf)
1365 | srcaddr= str(srcaddr)
1366 | dstaddr= str(dstaddr)
1367 | service= str(service)
1368 | action= str(action)
1369 | objects = [['srcintf',srcintf],['dstintf',dstintf],['srcaddr',srcaddr],['dstaddr',dstaddr],['service',service],['action',action],['schedule',schedule],['nat',nat],['poolname',poolname],['ippool',ippool],['status',status],['traffic-shaper',traffic_shaper],['traffic-shaper-reverse',traffic_shaper_reverse]]
1370 | if not (self.Exists('cmdb/firewall/policy/', objects)):
1371 | #object does not exist, create it
1372 | #print 'AddFwPolicyIdempotent: object does not exists'
1373 | return self.AddFwPolicy(srcintf, dstintf, srcaddr, dstaddr, service, action, schedule, nat, poolname, ippool, status, comments, traffic_shaper, traffic_shaper_reverse)
1374 | else:
1375 | #object already Exists
1376 | #print 'AddFwPolicyIdempotent: object already exists'
1377 | return 200
1378 |
1379 | def SetFwPolicy(self, id, srcintf='any', dstintf='any', srcaddr='all', dstaddr='all', service='ALL', action='accept', schedule='always', nat='disable', poolname='[]', ippool='disable', status='enable', comments='', traffic_shaper='', traffic_shaper_reverse=''):
1380 | """
1381 | Modify a fw policy.
1382 |
1383 | Parameters
1384 | ----------
1385 | #id: the policy id to modify (type string)
1386 | #srcintf: source interface (type string)(default any)
1387 | #dstintf: destination interface (type string)(default any)
1388 | #srcaddr: source address (type string)(default any)
1389 | #dstaddr: destination address (type string)(default any)
1390 | #service: service (type string)(default ALL)
1391 | #action: action, type choice string: accept or deny or drop (type string)(default accept)
1392 | #schedule: schedule (type string)(default always)
1393 | #nat: nat, type choice string: enable or disable (type string)(default disable)
1394 | #poolname: if you enabled nat, the poolname (type string)(default [])
1395 | #ippool: if you enabled nat, the ippool (type string)(default disable)
1396 | #status: the status of the policy, type choice string: enable or disable (default enable)
1397 | #comment: (type string)
1398 | #traffic_shaper: traffic shaper object name (type string)
1399 | #traffic_shaper_reverse: traffic shaper object name (type string)
1400 |
1401 | Returns
1402 | -------
1403 | Http status code: 200 if ok, 4xx if an error occurs
1404 | """
1405 | id = str(id)
1406 | srcintf= str(srcintf)
1407 | dstintf= str(dstintf)
1408 | srcaddr= str(srcaddr)
1409 | dstaddr= str(dstaddr)
1410 | service= str(service)
1411 | action= str(action)
1412 |
1413 | payload = {'json':
1414 | {
1415 | 'srcintf': [
1416 | {
1417 | 'name': srcintf
1418 | }
1419 | ],
1420 | 'dstintf': [
1421 | {
1422 | 'name': dstintf
1423 | }
1424 | ],
1425 | 'srcaddr': [
1426 | {
1427 | 'name': srcaddr
1428 | }
1429 | ],
1430 | 'dstaddr': [
1431 | {
1432 | 'name': dstaddr
1433 | }
1434 | ],
1435 | 'action': action,
1436 | 'schedule': schedule,
1437 | 'nat': nat,
1438 | 'status': status,
1439 | 'nat': nat,
1440 | 'ippool': ippool,
1441 | 'traffic-shaper': traffic_shaper,
1442 | 'traffic-shaper-reverse': traffic_shaper_reverse,
1443 | 'poolname': [
1444 | {
1445 | 'name': poolname
1446 | }
1447 | ],
1448 | 'service': [
1449 | {
1450 | 'name': service
1451 | }
1452 | ],
1453 | 'comments': comments
1454 | }
1455 | }
1456 | return self.ApiSet('cmdb/firewall/policy/'+ id +'/', payload)
1457 |
1458 |
1459 |
1460 |
1461 |
1462 |
1463 | def DelFwPolicy(self, srcintf='any', dstintf='any', srcaddr='all', dstaddr='all', service='ALL'):
1464 | """
1465 | Delete the policy which is defined by the params.
1466 |
1467 | Parameters
1468 | ----------
1469 | srcintf: source interface (type string)(default any)
1470 | dstintf: destination interface (type string)(default any)
1471 | srcaddr: source address (type string)(default any)
1472 | dstaddr: destination address (type string)(default any)
1473 | service: service (type string)(default ALL)
1474 |
1475 | Returns
1476 | -------
1477 | Http status code: 200 if ok, 4xx if an error occurs
1478 | """
1479 | fw_id = self.SearchFwPolicyID(srcintf, dstintf, srcaddr, dstaddr, service)
1480 | if fw_id != 0:
1481 | return self.DelFwPolicyID(fw_id)
1482 | else:
1483 | return 404
1484 |
1485 | def DelFwPolicyID(self, id):
1486 | """
1487 | Delete the policy which is referenced by his ID.
1488 |
1489 | Parameters
1490 | ----------
1491 | id: the id of the policy to delete (type string)
1492 |
1493 | Returns
1494 | -------
1495 | Http status code: 200 if ok, 4xx if an error occurs
1496 | """
1497 | payload = {'json':
1498 | {
1499 | 'name': 'policy'
1500 | }
1501 | }
1502 | return self.ApiDelete('cmdb/firewall/policy/' + str(id) + '/', data=payload)
1503 |
1504 | def DelAllFwPolicy(self):
1505 | """
1506 | Delete all the policy of the vdom.
1507 |
1508 | Parameters
1509 | ----------
1510 |
1511 | Returns
1512 | -------
1513 | Http status code: 200 if ok, 4xx if an error occurs
1514 | """
1515 | req = self.ApiGet('cmdb/firewall/policy/')
1516 | data = json.loads(req.text)
1517 | for y in range(0,len(data['results'])):
1518 | policy_id = data['results'][y]['policyid']
1519 | return_code = self.DelFwPolicyID(policy_id)
1520 | print 'del fw policy id:', policy_id , '(', return_code,')'
1521 | if return_code != 200: return return_code
1522 | return 200
1523 |
1524 | def SearchFwPolicyID(self, srcintf='', dstintf='', srcaddr='', dstaddr='', service='', action='', schedule='', nat='', poolname='[]', ippool='', status='', comments='', traffic_shaper='', traffic_shaper_reverse=''):
1525 | """
1526 | Search a policy id from his parameters and return his ID.
1527 |
1528 | Parameters
1529 | ----------
1530 | srcintf: source interface (type string)(default any)
1531 | dstintf: destination interface (type string)(default any)
1532 | srcaddr: source address (type string)(default any)
1533 | dstaddr: destination address (type string)(default any)
1534 | service: service (type string)(default ALL)
1535 | #action: action, type choice string: accept or deny or drop (type string)(default accept)
1536 | #schedule: schedule (type string)(default always)
1537 | #nat: nat, type choice string: enable or disable (type string)(default disable)
1538 | #poolname: if you enabled nat, the poolname (type string)(default [])
1539 | #ippool: if you enabled nat, the ippool (type string)(default disable)
1540 | #status: the status of the policy, type choice string: enable or disable (default enable)
1541 | #comment: (type string)
1542 | #traffic_shaper: traffic shaper object name (type string)
1543 | #traffic_shaper_reverse: traffic shaper object name (type string)
1544 |
1545 | Returns
1546 | -------
1547 | the id of the policy or 0 if the policy was not found
1548 | """
1549 | objects = []
1550 | if srcintf != '':
1551 | objects.append(['srcintf',srcintf])
1552 | if dstintf != '':
1553 | objects.append(['dstintf',dstintf])
1554 | if srcaddr != '':
1555 | objects.append(['srcaddr',srcaddr])
1556 | if dstaddr != '':
1557 | objects.append(['dstaddr',dstaddr])
1558 | if service != '':
1559 | objects.append(['service',service])
1560 | if action != '':
1561 | objects.append(['action',action])
1562 | if schedule != '':
1563 | objects.append(['schedule',schedule])
1564 | if nat != '':
1565 | objects.append(['nat',nat])
1566 | if poolname != '[]':
1567 | objects.append(['poolname',poolname])
1568 | if ippool != '':
1569 | objects.append(['ippool',ippool])
1570 | if status != '':
1571 | objects.append(['status',status])
1572 | if comments != '':
1573 | objects.append(['comments',comments])
1574 | if traffic_shaper != '':
1575 | objects.append(['traffic-shaper',traffic_shaper])
1576 | if traffic_shaper_reverse != '':
1577 | objects.append(['traffic-shaper-reverse',traffic_shaper_reverse])
1578 |
1579 | print objects
1580 |
1581 | #get all fw policy
1582 | req = self.ApiGet('cmdb/firewall/policy/')
1583 | data = json.loads(req.text)
1584 | #parse policy one by one
1585 | for y in range(0,len(data['results'])):
1586 | identical = True
1587 | #compare every parameters objects which is not null
1588 | for x in range(0,len(objects)):
1589 | req_res = data['results'][y][objects[x][0]]
1590 | if (type(req_res) is list):
1591 | if ((req_res != []) and (objects[x][1] != req_res[0]['name'])):
1592 | #print 'object list is different:',objects[x][0], objects[x][1] ,'to',req_res[0]['name']
1593 | identical = False
1594 | break
1595 | elif (objects[x][1] != req_res):
1596 | print 'object is different:', objects[x][0], ':', objects[x][1] ,'to', req_res
1597 | identical = False
1598 | break
1599 | if identical:
1600 | #print 'policyid:', data['results'][y]['policyid']
1601 | return data['results'][y]['policyid']
1602 | return 0
1603 | #
1604 | def GetFwService(self, name=''):
1605 | '''
1606 | Return the json fw service object, when the param name is defined it returns the selected object, without name: return all the objects.
1607 |
1608 | Parameters
1609 | ----------
1610 | name: the fw service object name (type string)
1611 |
1612 | Returns
1613 | -------
1614 | Return the json object
1615 | '''
1616 | req = self.ApiGet('cmdb/firewall.service/custom/' + name)
1617 | return req.text
1618 |
1619 | def AddFwService(self,name, tcp_portrange='', udp_portrange='', protocol='TCP/UDP/SCTP', fqdn='', iprange='0.0.0.0', comment=''):
1620 | '''
1621 | Add a fw service object.
1622 |
1623 | Parameters
1624 | ----------
1625 | tcp_portrange: (type string)
1626 | udp_portrange: (type string)
1627 | protocol: (type string)
1628 | fqdn: (type string)
1629 | iprange: (type string)
1630 | comment: (type string)
1631 |
1632 | Returns
1633 | -------
1634 | Http status code: 200 if ok, 4xx if an error occurs
1635 | '''
1636 | name = str(name)
1637 | tcp_portrange = str(tcp_portrange)
1638 | udp_portrange = str(udp_portrange)
1639 | protocol = str(protocol)
1640 | if tcp_portrange : protocol_number = 6
1641 | elif udp_portrange : protocol_number = 17
1642 |
1643 | payload = {'json':
1644 | {
1645 | 'name': name,
1646 | 'tcp-portrange': tcp_portrange,
1647 | 'udp-portrange': udp_portrange,
1648 | 'protocol': protocol,
1649 | 'protocol-number': protocol_number,
1650 | 'fqdn': fqdn,
1651 | 'iprange': iprange,
1652 | 'comment': comment
1653 | }
1654 | }
1655 | return self.ApiAdd('cmdb/firewall.service/custom/', payload)
1656 |
1657 | def AddFwServiceIdempotent(self,name, tcp_portrange='', udp_portrange='', protocol='TCP/UDP/SCTP', fqdn='', iprange='0.0.0.0', comment=''):
1658 | '''
1659 | Add a fw service object, return ok if the object already exists.
1660 |
1661 | Parameters
1662 | ----------
1663 | tcp_portrange: (type string)
1664 | udp_portrange: (type string)
1665 | protocol: (type string)
1666 | fqdn: (type string)
1667 | iprange: (type string)
1668 | comment: (type string)
1669 |
1670 | Returns
1671 | -------
1672 | Http status code: 200 if ok, 4xx if an error occurs
1673 | '''
1674 | name = str(name)
1675 | tcp_portrange = str(tcp_portrange)
1676 | udp_portrange = str(udp_portrange)
1677 | protocol = str(protocol)
1678 |
1679 | return_code = self.AddFwService(name, tcp_portrange, udp_portrange, protocol, fqdn, iprange, comment)
1680 | if return_code != 200:
1681 | #creation failed, check to see if the object already exists
1682 | objects = [['name',name],['tcp-portrange',tcp_portrange],['udp-portrange',udp_portrange],['protocol',protocol],['fqdn',fqdn],['iprange',iprange]]
1683 | if self.Exists('cmdb/firewall.service/custom/', objects):
1684 | return_code = 200
1685 | return return_code
1686 |
1687 |
1688 | def SetFwService(self,name, tcp_portrange='', udp_portrange='', protocol='TCP/UDP/SCTP', fqdn='', iprange='0.0.0.0', comment=''):
1689 | '''
1690 | Modify a fw service object referenced by hist name.
1691 |
1692 | Parameters
1693 | ----------
1694 | tcp_portrange: (type string)
1695 | udp_portrange: (type string)
1696 | protocol: (type string)
1697 | fqdn: (type string)
1698 | iprange: (type string)
1699 | comment: (type string)
1700 |
1701 | Returns
1702 | -------
1703 | Http status code: 200 if ok, 4xx if an error occurs
1704 | '''
1705 | name = str(name)
1706 | tcp_portrange = str(tcp_portrange)
1707 | udp_portrange = str(udp_portrange)
1708 | protocol = str(protocol)
1709 | if tcp_portrange : protocol_number = 6
1710 | elif udp_portrange : protocol_number = 17
1711 |
1712 | payload = {'json':
1713 | {
1714 | 'name': name,
1715 | 'tcp-portrange': tcp_portrange,
1716 | 'udp-portrange': udp_portrange,
1717 | 'protocol': protocol,
1718 | 'protocol-number': protocol_number,
1719 | 'fqdn': fqdn,
1720 | 'iprange': iprange,
1721 | 'comment': comment
1722 | }
1723 | }
1724 | return self.ApiSet('cmdb/firewall.service/custom/' + name + '/', payload)
1725 |
1726 | def DelFwService(self, name):
1727 | """
1728 | Delete fw service object referenced by name.
1729 |
1730 | Parameters
1731 | ----------
1732 | name: object to delete (type string)
1733 |
1734 | Returns
1735 | -------
1736 | Http status code: 200 if ok, 4xx if an error occurs
1737 | """
1738 | payload = {'json':
1739 | {
1740 | 'name': name
1741 | }
1742 | }
1743 | return self.ApiDelete('cmdb/firewall.service/custom/', payload)
1744 |
1745 | def DelAllFwService(self):
1746 | """
1747 | Delete all the fw service of the vdom.
1748 |
1749 | Parameters
1750 | ----------
1751 |
1752 | Returns
1753 | -------
1754 | Http status code: 200 if ok, 4xx if an error occurs
1755 | """
1756 | req = self.ApiGet('cmdb/firewall.service/custom/')
1757 | data = json.loads(req.text)
1758 | for y in range(0,len(data['results'])):
1759 | service_name = data['results'][y]['name']
1760 | return_code = self.DelFwService(service_name)
1761 | print 'del fw service :', service_name, '(', return_code,')'
1762 | #if return_code != 200: return return_code
1763 | return 200
1764 | #
1765 | def GetFwServiceGroup(self, name=''):
1766 | """
1767 | Return the json fw service group object, when the param name is defined it returns the selected object, without name: return all the objects.
1768 |
1769 | Parameters
1770 | ----------
1771 | name: the group name (type string)
1772 |
1773 | Returns
1774 | -------
1775 | Return the json object
1776 | """
1777 | req = self.ApiGet('cmdb/firewall.service/group/' + name)
1778 | return req.text
1779 |
1780 | def AddFwServiceGroup(self, name, member_list):
1781 | """
1782 | Create fw service group on the firewall.
1783 |
1784 | Parameters
1785 | ----------
1786 | name : the group name (type string)
1787 | member_list : the list of existing objects to add to the group (type [])
1788 |
1789 | Returns
1790 | -------
1791 | Http status code: 200 if ok, 4xx if an error occurs
1792 | """
1793 | name = str(name)
1794 | member = []
1795 | for member_elem in member_list:
1796 | member.append({'name': member_elem})
1797 | payload = {'json':
1798 | {
1799 | 'name': name,
1800 | 'member': member
1801 | }
1802 | }
1803 | return self.ApiAdd('cmdb/firewall.service/group/', payload)
1804 |
1805 | def AddFwServiceGroupIdempotent(self, name, member_list):
1806 | """
1807 | Create fw service group on the firewall, return ok if the group already exists.
1808 |
1809 | Parameters
1810 | ----------
1811 | name : the group name (type string)
1812 | member_list : the list of existing objects to add to the group (type [])
1813 |
1814 | Returns
1815 | -------
1816 | Http status code: 200 if ok, 4xx if an error occurs
1817 | """
1818 | name = str(name)
1819 |
1820 | return_code = self.AddFwServiceGroup(name, member_list)
1821 | if return_code != 200:
1822 | #creation failed, check to see if the object already exists
1823 | objects = [['name',name]]
1824 | if self.Exists('cmdb/firewall.service/group/', objects):
1825 | return_code = 200
1826 | return return_code
1827 |
1828 |
1829 | def SetFwServiceGroup(self, name, member_list):
1830 | """
1831 | Modify fw service group on the firewall.
1832 |
1833 | Parameters
1834 | ----------
1835 | name : the group name (type string)
1836 | member_list : the list of existing objects to add to the group (type [])
1837 |
1838 | Returns
1839 | -------
1840 | Http status code: 200 if ok, 4xx if an error occurs
1841 | """
1842 | name = str(name)
1843 | member = []
1844 | for member_elem in member_list:
1845 | member.append({'name': member_elem})
1846 | payload = {'json':
1847 | {
1848 | 'member': member
1849 | }
1850 | }
1851 | return self.ApiSet('cmdb/firewall.service/group/'+ name + '/', payload)
1852 |
1853 | def DelFwServiceGroup(self, name):
1854 | """
1855 | Delete fw service group referenced by name.
1856 |
1857 | Parameters
1858 | ----------
1859 | name: the group name (type string)
1860 |
1861 | Returns
1862 | -------
1863 | Http status code: 200 if ok, 4xx if an error occurs
1864 | """
1865 | payload = {'json':
1866 | {
1867 | 'name': name
1868 | }
1869 | }
1870 | return self.ApiDelete('cmdb/firewall.service/group/', payload)
1871 |
1872 | def DelAllFwServiceGroup(self):
1873 | """
1874 | Delete all fw service group of the vdom.
1875 |
1876 | Parameters
1877 | ----------
1878 |
1879 | Returns
1880 | -------
1881 | Http status code: 200 if ok, 4xx if an error occurs
1882 | """
1883 | req = self.ApiGet('cmdb/firewall.service/group/')
1884 | data = json.loads(req.text)
1885 | for y in range(0,len(data['results'])):
1886 | service_group_name = data['results'][y]['name']
1887 | return_code = self.DelFwServiceGroup(service_group_name)
1888 | print 'del fw service group:', service_group_name, '(', return_code,')'
1889 | if return_code != 200: return return_code
1890 | return 200
1891 | #
1892 | def GetTrafficShaper(self, name=''):
1893 | """
1894 | Return the json shared traffic shaper object, when the param name is defined it returns the selected object, without name: return all the objects.
1895 |
1896 | Parameters
1897 | ----------
1898 | name: the traffic shaper name (type string)
1899 |
1900 | Returns
1901 | -------
1902 | Return the json object
1903 | """
1904 | req = self.ApiGet('cmdb/firewall.shaper/traffic-shaper/' + name)
1905 | return req.text
1906 |
1907 | def AddTrafficShaper(self, name, per_policy, priority, guaranteed_bandwidth, maximum_bandwidth, diffserv='disable', diffservcode='000000'):
1908 | """
1909 | Add a shared traffic shaper on the vdom.
1910 |
1911 | Parameters
1912 | ----------
1913 | name: the name of the shaper (type string)
1914 | per_policy : shaper applied per policy or 'all policy using this shaper', choice: enable/disable
1915 | priority: choice: high/medium/low
1916 | guaranteed_bandwidth: in Kb/s (type int)
1917 | maximum_bandwidth: in Kb/s (type int)
1918 | diffserv: choice: enable/disable (default disable)
1919 | diffservcode: (type string) (default '000000')
1920 |
1921 | Returns
1922 | -------
1923 | Http status code: 200 if ok, 4xx if an error occurs
1924 | """
1925 | payload = {'json':
1926 | {
1927 | 'name': name,
1928 | 'per-policy': per_policy,
1929 | 'priority': priority,
1930 | 'guaranteed-bandwidth': int(guaranteed_bandwidth),
1931 | 'maximum-bandwidth': int(maximum_bandwidth),
1932 | 'diffserv': diffserv,
1933 | 'diffservcode': diffservcode
1934 | }
1935 | }
1936 | return self.ApiAdd('cmdb/firewall.shaper/traffic-shaper/', payload)
1937 |
1938 | def AddTrafficShaperIdempotent(self, name, per_policy, priority, guaranteed_bandwidth, maximum_bandwidth, diffserv='disable', diffservcode='000000'):
1939 | """
1940 | Add a shared traffic shaper on the vdom, return ok if it already exists.
1941 |
1942 | Parameters
1943 | ----------
1944 | name: the name of the shaper (type string)
1945 | per_policy : shaper applied per policy, choice: enable/disable
1946 | priority: choice: high/medium/low
1947 | guaranteed_bandwidth: in Kb (type int)
1948 | maximum_bandwidth: in Kb (type int)
1949 | diffserv: choice: enable/disable (default disable)
1950 | diffservcode: (type string) (default '000000')
1951 |
1952 | Returns
1953 | -------
1954 | Http status code: 200 if ok, 4xx if an error occurs
1955 | """
1956 | return_code = self.AddTrafficShaper(name, per_policy, priority, guaranteed_bandwidth, maximum_bandwidth, diffserv, diffservcode)
1957 | if return_code != 200:
1958 | #creation failed, check to see if the object already exists
1959 | objects = [['name',name]]
1960 | if self.Exists('cmdb/firewall.shaper/traffic-shaper/', objects):
1961 | return_code = 200
1962 | return return_code
1963 |
1964 | def SetTrafficShaper(self, name, per_policy, priority, guaranteed_bandwidth, maximum_bandwidth, diffserv='disable', diffservcode='000000'):
1965 | """
1966 | Modify a shared traffic shaper on the vdom.
1967 |
1968 | Parameters
1969 | ----------
1970 | name: the name of the shaper (type string)
1971 | per_policy : shaper applied per policy or 'all policy using this shaper', choice: enable/disable
1972 | priority: choice: high/medium/low
1973 | guaranteed_bandwidth: in Kb/s (type string)
1974 | maximum_bandwidth: in Kb/s (type string)
1975 | diffserv: choice: enable/disable (default disable)
1976 | diffservcode: (type string) (default '000000')
1977 |
1978 | Returns
1979 | -------
1980 | Http status code: 200 if ok, 4xx if an error occurs
1981 | """
1982 | payload = {'json':
1983 | {
1984 | 'name': name,
1985 | 'per-policy': per_policy,
1986 | 'priority': priority,
1987 | 'guaranteed-bandwidth': int(guaranteed_bandwidth),
1988 | 'maximum_bandwidth': int(maximum_bandwidth),
1989 | 'diffserv': diffserv,
1990 | 'diffservcode': diffservcode
1991 | }
1992 | }
1993 | return self.ApiSet('cmdb/firewall.shaper/traffic-shaper/'+ name +'/', payload)
1994 |
1995 | def DelTrafficShaper(self, name=''):
1996 | """
1997 | Delete the shared traffic shaper defined by his name.
1998 |
1999 | Parameters
2000 | ----------
2001 | name: the shaper to delete (type string)
2002 |
2003 | Returns
2004 | -------
2005 | Http status code: 200 if ok, 4xx if an error occurs
2006 | """
2007 | payload = {'json':
2008 | {
2009 | 'name': name
2010 | }
2011 | }
2012 | return self.ApiDelete('cmdb/firewall.shaper/traffic-shaper/', payload)
2013 |
2014 | def DelAllTrafficShaper(self):
2015 | """
2016 | Delete all the shared traffic shaper of the vdom.
2017 |
2018 | Parameters
2019 | ----------
2020 |
2021 | Returns
2022 | -------
2023 | Http status code: 200 if ok, 4xx if an error occurs
2024 | """
2025 | req = self.ApiGet('cmdb/firewall.shaper/traffic-shaper/')
2026 | data = json.loads(req.text)
2027 | for y in range(0,len(data['results'])):
2028 | traffic_shaper_name = data['results'][y]['name']
2029 | return_code = self.DelTrafficShaper(traffic_shaper_name)
2030 | print 'del traffic shaper:', traffic_shaper_name, '(', return_code,')'
2031 | if return_code != 200: return return_code
2032 | return 200
2033 | #
2034 | def GetFwVIP(self, name=''):
2035 | """
2036 | Return the json vip object, when the param name is defined it returns the selected object, without name: return all the objects.
2037 |
2038 | Parameters
2039 | ----------
2040 | name: the vip name (type string)
2041 |
2042 | Returns
2043 | -------
2044 | Return the json object
2045 | """
2046 | req = self.ApiGet('cmdb/firewall/vip/' + name)
2047 | return req.text
2048 |
2049 | def AddFwVIP(self, name, extip, extintf, mappedip, portforward='disable', protocol='', extport='0-65535', mappedport='0-65535', comment=''):
2050 | """
2051 | Create vip address.
2052 |
2053 | Parameters
2054 | ----------
2055 | name: the vip name (type string)
2056 | extip: the external ip (type string)
2057 | extintf: the external interface (type string)
2058 | mappedip: the internal ip (type string)
2059 | portforward: enable portforwarding ? (type choice string: enable or disable)
2060 | protocol: if you enable portforwarding, set the protocol (type string choice in tcp or udp or stcp or icmp)
2061 | extport: if you enable portforwarding, set the external ports (type string numerical range, ex: 20-21)
2062 | mappedport: if you enable portforwarding, set the mapped ports (type string numerical range, ex: 20-21)
2063 | comment: (type string)
2064 |
2065 | Returns
2066 | -------
2067 | Http status code: 200 if ok, 4xx if an error occurs
2068 | """
2069 | name = str(name)
2070 | extip = str(extip)
2071 | extinff = str(extintf)
2072 | mappedip = str(mappedip)
2073 | mappedip = [{'range': mappedip}]
2074 | payload = {'json':
2075 | {
2076 | 'name': name,
2077 | 'extip': extip,
2078 | 'extintf': extintf,
2079 | 'mappedip': mappedip,
2080 | 'portforward': portforward,
2081 | 'protocol': protocol,
2082 | 'extport': extport,
2083 | 'mappedport': mappedport,
2084 | 'comment': comment
2085 | }
2086 | }
2087 | return self.ApiAdd('cmdb/firewall/vip/', payload)
2088 |
2089 | def AddFwVIPidempotent(self, name, extip, extintf, mappedip, portforward='disable', extport='0-65535', mappedport='0-65535', comment=''):
2090 | """
2091 | Create vip address, return ok if it already exists.
2092 |
2093 | Parameters
2094 | ----------
2095 | name: the vip name (type string)
2096 | extip: the external ip (type string)
2097 | extintf: the external interface (type string)
2098 | mappedip: the internal ip (type string)
2099 | portforward: enable portforwarding ? (type choice string: enable or disable)
2100 | protocol: if you enable portforwarding, set the protocol (type string choice in tcp or udp or stcp or icmp)
2101 | extport: if you enable portforwarding, set the external ports (type string numerical range, ex: 20-21)
2102 | mappedport: if you enable portforwarding, set the mapped ports (type string numerical range, ex: 20-21)
2103 | comment: (type string)
2104 |
2105 | Returns
2106 | -------
2107 | Http status code: 200 if ok, 4xx if an error occurs
2108 | """
2109 | name = str(name)
2110 | extip = str(extip)
2111 | extinff = str(extintf)
2112 | mappedip = str(mappedip)
2113 |
2114 | return_code = self.AddFwVIP(name, extip, extintf, mappedip, portforward, extport, mappedport, comment)
2115 | if return_code != 200:
2116 | #creation failed, check to see if the object already exists
2117 | objects = [['name',name]]
2118 | if self.Exists('cmdb/firewall/vip/', objects):
2119 | return_code = 200
2120 | return return_code
2121 |
2122 | def SetFwVIP(self, name, extip, extintf, mappedip, portforward='disable', protocol='', extport='0-65535', mappedport='0-65535', comment=''):
2123 | """
2124 | Modify vip address.
2125 |
2126 | Parameters
2127 | ----------
2128 | name: the vip name (type string)
2129 | extip: the external ip (type string)
2130 | extintf: the external interface (type string)
2131 | mappedip: the internal ip (type string)
2132 | portforward: enable portforwarding ? (type choice string: enable or disable)
2133 | protocol: if you enable portforwarding, set the protocol (type string choice in tcp or udp or stcp or icmp)
2134 | extport: if you enable portforwarding, set the external ports (type string numerical range, ex: 20-21)
2135 | mappedport: if you enable portforwarding, set the mapped ports (type string numerical range, ex: 20-21)
2136 | comment: (type string)
2137 |
2138 | Returns
2139 | -------
2140 | Http status code: 200 if ok, 4xx if an error occurs
2141 | """
2142 | name = str(name)
2143 | extip = str(extip)
2144 | extinff = str(extintf)
2145 | mappedip = str(mappedip)
2146 | mappedip = [{'range': mappedip}]
2147 | payload = {'json':
2148 | {
2149 | 'name': name,
2150 | 'extip': extip,
2151 | 'extintf': extintf,
2152 | 'mappedip': mappedip,
2153 | 'portforward': portforward,
2154 | 'protocol': protocol,
2155 | 'extport': extport,
2156 | 'mappedport': mappedport,
2157 | 'comment': comment
2158 | }
2159 | }
2160 | return self.ApiSet('cmdb/firewall/vip/'+ name + '/', payload)
2161 |
2162 | def DelFwVIP(self, name):
2163 | """
2164 | Delete the vip object on the firewall vdom.
2165 |
2166 | Parameters
2167 | ----------
2168 | name : the fw vip object name (type string)
2169 |
2170 | Returns
2171 | -------
2172 | Http status code: 200 if ok, 4xx if an error occurs
2173 | """
2174 | payload = {'json':
2175 | {
2176 | 'name': 'vip'
2177 | }
2178 | }
2179 | return self.ApiDelete('cmdb/firewall/vip/' + name + '/', payload)
2180 |
2181 | def DelAllFwVIP(self):
2182 | """
2183 | Delete all the vip object on the vdom.
2184 |
2185 | Parameters
2186 | ----------
2187 |
2188 | Returns
2189 | -------
2190 | Http status code: 200 if ok, 4xx if an error occurs
2191 | """
2192 | req = self.ApiGet('cmdb/firewall/vip/')
2193 | data = json.loads(req.text)
2194 | for y in range(0,len(data['results'])):
2195 | vip_name = data['results'][y]['name']
2196 | return_code = self.DelFwVIP(vip_name)
2197 | print 'del vip:', vip_name, '(', return_code,')'
2198 | if return_code != 200: return return_code
2199 | return 200
2200 | #
2201 | def GetFwIPpool(self, name=''):
2202 | """
2203 | Return the json ip pool object, when the param name is defined it returns the selected object, without name: return all the objects.
2204 |
2205 | Parameters
2206 | ----------
2207 | name: the ip pool name (type string)
2208 |
2209 | Returns
2210 | -------
2211 | Return the json object
2212 | """
2213 | req = self.ApiGet('cmdb/firewall/ippool/' + name)
2214 | return req.text
2215 |
2216 | def AddFwIPpool(self, name, startip, endip, type_pool='overload', internal_startip='0.0.0.0', internal_endip='0.0.0.0', arp_reply='enable',block_size='128', num_blocks_per_user='8', comment=''):
2217 | """
2218 | Create the ip pool on the firewall.
2219 |
2220 | Parameters
2221 | ----------
2222 | name: the fw ip pool object name (type string)
2223 | startip: the first ip of the external range (type string)
2224 | endtip: the last ip of the external range (type string)
2225 | type_pool : type choice string: overload or one-to-one or fixed-port-range, default overload
2226 | internal_startip: if the type is 'fixed-port-range', the first ip of the internal range (type string)
2227 | internal_endip: if the type is 'fixed-port-range', the last ip of the internal range (type string)
2228 | arp_enable: type choice string: enable or disable, default enable
2229 | block_size: if the type is X, set the block size, default is 128 (type string)
2230 | num_blocks_per_user: : if the type is X, set the number of block per user, default is 8 (type string)
2231 | comment: (type string)
2232 |
2233 | Returns
2234 | -------
2235 | Http status code: 200 if ok, 4xx if an error occurs
2236 | """
2237 | name = str(name)
2238 | startip = str(startip)
2239 | endip = str(endip)
2240 | payload = {'json':
2241 | {
2242 | 'name': name,
2243 | 'startip': startip,
2244 | 'endip': endip,
2245 | 'type': type_pool,
2246 | 'source-startip': internal_startip,
2247 | 'source-endip': internal_endip,
2248 | 'arp-reply': arp_reply,
2249 | 'block-size': block_size,
2250 | 'num-blocks-per-user': num_blocks_per_user,
2251 | 'comments': comment
2252 | }
2253 | }
2254 | return self.ApiAdd('cmdb/firewall/ippool/', payload)
2255 |
2256 | def AddFwIPpoolIdempotent(self, name, startip, endip, type_pool='overload', internal_startip='0.0.0.0', internal_endip='0.0.0.0', arp_reply='enable',block_size='128', num_blocks_per_user='8', comment=''):
2257 | """
2258 | Create the ip pool on the firewall, return ok if it already exists.
2259 |
2260 | Parameters
2261 | ----------
2262 | name: the fw ip pool object name (type string)
2263 | startip: the first ip of the external range (type string)
2264 | endtip: the last ip of the external range (type string)
2265 | type_pool : type choice string: overload or one-to-one or fixed-port-range, default overload
2266 | internal_startip: if the type is 'fixed-port-range', the first ip of the internal range (type string)
2267 | internal_endip: if the type is 'fixed-port-range', the last ip of the internal range (type string)
2268 | arp_enable: type choice string: enable or disable, default enable
2269 | block_size: if the type is X, set the block size, default is 128 (type string)
2270 | num_blocks_per_user: : if the type is X, set the number of block per user, default is 8 (type string)
2271 | comment: (type string)
2272 |
2273 | Returns
2274 | -------
2275 | Http status code: 200 if ok, 4xx if an error occurs
2276 | """
2277 | name = str(name)
2278 | startip = str(startip)
2279 | endip = str(endip)
2280 |
2281 | return_code = self.AddFwIPpool(name, startip, endip, type_pool, internal_startip, internal_endip, arp_reply,block_size, num_blocks_per_user, comment)
2282 | if return_code != 200:
2283 | #creation failed, check to see if the object already exists
2284 | objects = [['name',name]]
2285 | if self.Exists('cmdb/firewall/ippool/', objects):
2286 | return_code = 200
2287 | return return_code
2288 |
2289 | def DelFwIPpool(self, name):
2290 | """
2291 | Delete the ip pool referenced by his name.
2292 |
2293 | Parameters
2294 | ----------
2295 | name: the name of the object (type string)
2296 |
2297 | Returns
2298 | -------
2299 | Http status code: 200 if ok, 4xx if an error occurs
2300 | """
2301 | payload = {'json':
2302 | {
2303 | 'name': 'ippool'
2304 | }
2305 | }
2306 | return self.ApiDelete('cmdb/firewall/ippool/' + name + '/', payload)
2307 |
2308 | def DelAllFwIPpool(self):
2309 | """
2310 | Delete all the ip pool referenced in the vdom.
2311 |
2312 | Parameters
2313 | ----------
2314 |
2315 | Returns
2316 | -------
2317 | Http status code: 200 if ok, 4xx if an error occurs
2318 | """
2319 | req = self.ApiGet('cmdb/firewall/ippool/')
2320 | data = json.loads(req.text)
2321 | for y in range(0,len(data['results'])):
2322 | ippool_name = data['results'][y]['name']
2323 | return_code = self.DelFwIPpool(ippool_name)
2324 | print 'del ip pool:', ippool_name , 'res:', return_code
2325 | if return_code != 200: return return_code
2326 | return 200
2327 | #
2328 |
2329 | def GetVPNipsecPhase1(self, name=''):
2330 | """
2331 | Return the json vpn phase1 object, when the param name is defined it returns the selected object, without name: return all the objects.
2332 |
2333 | Parameters
2334 | ----------
2335 | name: the group name (type string)
2336 |
2337 | Returns
2338 | -------
2339 | Return the json object
2340 | """
2341 | req_phase1 = self.ApiGet('cmdb/vpn.ipsec/phase1-interface/' + name)
2342 | return req_phase1.text
2343 |
2344 | def GetVPNipsecPhase2(self, name=''):
2345 | """
2346 | Return the json vpn phase2 object, when the param name is defined it returns the selected object, without name: return all the objects.
2347 |
2348 | Parameters
2349 | ----------
2350 | name: the group name (type string)
2351 |
2352 | Returns
2353 | -------
2354 | Return the json object
2355 | """
2356 | req_phase2 = self.ApiGet('cmdb/vpn.ipsec/phase2-interface/' + name)
2357 | return req_phase2.text
2358 |
2359 | def AddVPNipsecPhase1(self, name, interface, remote_gw, nattraversal, dpd, psk, ike_version, mode, proposal, dhgrp, keylife=28800, localid=''):
2360 | """
2361 | Create vpn ipsec tunnel phase1.
2362 |
2363 | Parameters
2364 | ----------
2365 | name: name of the phase1 (type string)
2366 | interface: (type string)
2367 | remote_gw: (ype string)
2368 | nattraversal: choice: enable/disable (type string)
2369 | dpd: dead peer detection, choice: enable/disable (type string)
2370 | psk: pre shared key (type string)
2371 | be careful: the psk must be at least 6 caracters long
2372 | ike_version: choice: 1/2 (type int)
2373 | mode: choice: main/aggressive
2374 | proposal: choice: aes256-sha1... (type string)
2375 | dhgrp: choice: 1/2/5/14/15... (type string)
2376 | keylife: in sec, (type int)(default 28800)
2377 | localid: (type string)
2378 |
2379 | Returns
2380 | -------
2381 | Http status code: 200 if ok, 4xx if an error occurs
2382 | """
2383 | payload = {'json':
2384 | {
2385 | 'name': name,
2386 | 'type': 'static',
2387 | 'interface': interface,
2388 | 'ip-version': 4,
2389 | 'ike-version': int(ike_version),
2390 | 'local-gw': '0.0.0.0',
2391 | 'nattraversal': nattraversal,
2392 | 'keylife': int(keylife),
2393 | 'authurl': 'psk',
2394 | 'mode': mode,
2395 | 'proposal': proposal,
2396 | 'localid': localid,
2397 | 'dpd': dpd,
2398 | 'dhgrp': dhgrp,
2399 | 'remote-gw': remote_gw,
2400 | 'psksecret': psk
2401 | }
2402 | }
2403 | return self.ApiAdd('cmdb/vpn.ipsec/phase1-interface/', payload)
2404 |
2405 | def AddVPNipsecPhase1Idempotent(self, name, interface, remote_gw, nattraversal, dpd, psk, ike_version, mode, proposal, dhgrp, keylife=28800, localid=''):
2406 | """
2407 | Create vpn ipsec tunnel phase1, return ok if it already exist.
2408 |
2409 | Parameters
2410 | ----------
2411 | name: name of the phase1 (type string)
2412 | interface: (type string)
2413 | remote_gw: (ype string)
2414 | nattraversal: choice: enable/disable (type string)
2415 | dpd: dead peer detection, choice: enable/disable (type string)
2416 | psk: pre shared key (type string)
2417 | be careful: the psk must be at least 6 caracters long
2418 | ike_version: choice: 1/2 (type int)
2419 | mode: choice: main/aggressive
2420 | proposal: choice: aes256-sha1... (type string)
2421 | dhgrp: choice: 1/2/5/14/15... (type string)
2422 | keylife: in sec, (type int)(default 28800)
2423 | localid: (type string)
2424 |
2425 | Returns
2426 | -------
2427 | Http status code: 200 if ok, 4xx if an error occurs
2428 | """
2429 | objects = [['name',name]]
2430 | if not (self.Exists('cmdb/vpn.ipsec/phase1-interface/', objects)):
2431 | #object does not exist, create it
2432 | return self.AddVPNipsecPhase1(name, interface, remote_gw, nattraversal, dpd, psk, ike_version, mode, proposal, dhgrp, keylife, localid)
2433 | else:
2434 | #object already Exists
2435 | return 200
2436 |
2437 | def AddVPNipsecPhase2(self, name, phase1name, local_addr_type, local_subnet, remote_addr_type, remote_subnet, proposal, pfs, dhgrp, replay, keepalive, keylife_type, keylifeseconds):
2438 | """
2439 | Create vpn ipsec tunnel phase2.
2440 |
2441 | Parameters
2442 | ----------
2443 | name: name of the phase2 (type string)
2444 | phase1name: the name of the phase1 that already exist (type string)
2445 | local_addr_type: local address type, choice subnet/IP range/IP address (type string)
2446 | local_subnet: local address (type string)
2447 | remote_addr_type: local address type, choice subnet/IP range/IP address (type string)
2448 | remote_subnet: (type string)
2449 | proposal: choice: aes256-sha1... (type string)
2450 | pfs: choice: enable/disable (type string)
2451 | dhgrp: choice: 1/2/5/14/15... (type string)
2452 | replay: enable/disable (type string)
2453 | keepalive: enable/disable (type string)
2454 | keylife_type: key lifetime, choice: seconds/kilobytes/both (type string)
2455 | keylifeseconds: (type int)
2456 |
2457 | Returns
2458 | -------
2459 | Http status code: 200 if ok, 4xx if an error occurs
2460 | """
2461 | payload = {'json':
2462 | {
2463 | 'name': name,
2464 | 'phase1name': phase1name,
2465 | 'src-addr-type': local_addr_type,
2466 | 'src-subnet': local_subnet,
2467 | 'dst-addr-type': remote_addr_type,
2468 | 'dst-subnet': remote_subnet,
2469 | 'proposal': proposal,
2470 | 'pfs': pfs,
2471 | 'dhgrp': dhgrp,
2472 | 'replay': replay,
2473 | 'keepalive': keepalive,
2474 | 'keylife-type': keylife_type,
2475 | 'keylifeseconds': int(keylifeseconds)
2476 | }
2477 | }
2478 | return self.ApiAdd('cmdb/vpn.ipsec/phase2-interface/', payload)
2479 |
2480 | def AddVPNipsecPhase2Idempotent(self, name, phase1name, local_addr_type, local_subnet, remote_addr_type, remote_subnet, proposal, pfs, dhgrp, replay, keepalive, keylife_type, keylifeseconds):
2481 | """
2482 | Create vpn ipsec tunnel phase2.
2483 |
2484 | Parameters
2485 | ----------
2486 | name: name of the phase2 (type string)
2487 | phase1name: the name of the phase1 that already exist (type string)
2488 | local_addr_type: local address type, choice subnet/IP range/IP address (type string)
2489 | local_subnet: local address (type string)
2490 | remote_addr_type: local address type, choice subnet/IP range/IP address (type string)
2491 | remote_subnet: (type string)
2492 | proposal: choice: aes256-sha1... (type string)
2493 | pfs: choice: enable/disable (type string)
2494 | dhgrp: choice: 1/2/5/14/15... (type string)
2495 | replay: enable/disable (type string)
2496 | keepalive: enable/disable (type string)
2497 | keylife_type: key lifetime, choice: seconds/kilobytes/both (type string)
2498 | keylifeseconds: (type int)
2499 |
2500 | Returns
2501 | -------
2502 | Http status code: 200 if ok, 4xx if an error occurs
2503 | """
2504 | objects = [['name',name]]
2505 | if not (self.Exists('cmdb/vpn.ipsec/phase2-interface/', objects)):
2506 | #object does not exist, create it
2507 | return self.AddVPNipsecPhase2(name, phase1name, local_addr_type, local_subnet, remote_addr_type, remote_subnet, proposal, pfs, dhgrp, replay, keepalive, keylife_type, keylifeseconds)
2508 | else:
2509 | #object already Exists
2510 | return 200
2511 |
2512 | def DelVPNipsec(self, name):
2513 | """
2514 | Delete the phase1 and phase2 configuration of an ipsec vpn
2515 |
2516 | Parameters
2517 | ----------
2518 | name: object to delete (type string)
2519 |
2520 | Returns
2521 | -------
2522 | Http status code: 200 if ok, 4xx if an error occurs
2523 | """
2524 | req = self.GetVPNipsecPhase2()
2525 | data = json.loads(req)
2526 | for y in range(0,len(data['results'])):
2527 | cur_phase1 = data['results'][y]['phase1name']
2528 | if cur_phase1 == name:
2529 | cur_phase2 = data['results'][y]['name']
2530 | #print 'del phase2:', cur_phase2
2531 | self.DelVPNipsecPhase2(cur_phase2)
2532 | #print 'del phase1:', cur_phase1
2533 | return self.DelVPNipsecPhase1(cur_phase1)
2534 |
2535 |
2536 | def DelVPNipsecPhase1(self, name):
2537 | """
2538 | Delete the phase1 configuration of an ipsec vpn
2539 | Must delete the phase2 first.
2540 |
2541 | Parameters
2542 | ----------
2543 | name: object to delete (type string)
2544 |
2545 | Returns
2546 | -------
2547 | Http status code: 200 if ok, 4xx if an error occurs
2548 | """
2549 | payload = {'json':
2550 | {
2551 | 'name': 'phase1-interface'
2552 | }
2553 | }
2554 | return self.ApiDelete('cmdb/vpn.ipsec/phase1-interface/'+ name + '/', payload)
2555 |
2556 | def DelVPNipsecPhase2(self, name):
2557 | """
2558 | Delete the phase2 configuration of an ipsec vpn
2559 |
2560 | Parameters
2561 | ----------
2562 | name: object to delete (type string)
2563 |
2564 | Returns
2565 | -------
2566 | Http status code: 200 if ok, 4xx if an error occurs
2567 | """
2568 | payload = {'json':
2569 | {
2570 | 'name': 'phase2-interface'
2571 | }
2572 | }
2573 | return self.ApiDelete('cmdb/vpn.ipsec/phase2-interface/'+ name + '/', payload)
2574 |
2575 | def DelAllVPNipsec(self):
2576 | """
2577 | Delete all vpn of the vdom.
2578 |
2579 | Parameters
2580 | ----------
2581 |
2582 | Returns
2583 | -------
2584 | Http status code: 200 if ok, 4xx if an error occurs
2585 | """
2586 | req = self.ApiGet('cmdb/vpn.ipsec/phase1-interface/')
2587 | data = json.loads(req.text)
2588 | for y in range(0,len(data['results'])):
2589 | vpn_name = data['results'][y]['name']
2590 | return_code = self.DelVPNipsec(vpn_name)
2591 | print 'del vpn:', vpn_name , 'res:', return_code
2592 | if return_code != 200: return return_code
2593 | return 200
2594 |
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 | {one line to give the program's name and a brief idea of what it does.}
635 | Copyright (C) {year} {name of author}
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | {project} Copyright (C) {year} {fullname}
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # FortigateApi
2 | Access Fortigate REST API in python
3 |
4 | Just connect to your firewall and start automating everything:
5 | - create (with IDEMPOTENCY if you wish)
6 | - delete
7 | - get info
8 | - modify existing object
9 |
10 | Of theses objects:
11 | - vdom
12 | - user
13 | - address / address group
14 | - services / services group
15 | - static routes
16 | - firewall policy
17 | - shapping policy
18 | - ip pools
19 | - vip
20 | - VPN
21 |
22 |
23 | Access to the firewall through HTTPS (tested ok fortigate firmware 5.2 or 5.4, should work for newer versions).
24 |
25 |
26 | If an example is worth a thousand words (connect to the fw, create an fw address object, get the json definition of the object, modify the ip address and then delete the object):
27 | ```
28 | import FortigateApi
29 |
30 | fg = FortigateApi.Fortigate('172.30.40.50', 'myvdom', 'admin', 'mypasswd')
31 |
32 | fg.AddFwAddress('srv-A','10.1.1.1/32')
33 | 200
34 |
35 | fg.GetFwAddress('srv-A')
36 | u'{\n "http_method":"GET",\n "results":[\n {\n "name":"srv-A",\n "q_origin_key":"srv-A",\n "uuid":"2103d064-d520-51e6-de84-16e9ab03b8ae",\n "subnet":"10.1.1.1 255.255.255.255",\n "type":"ipmask",\n "start-ip":"10.1.1.1",\n "end-ip":"255.255.255.255",\n "fqdn":"",\n "country":"",\n "url":"",\n "cache-ttl":0,\n "wildcard":"10.1.1.1 255.255.255.255",\n "comment":"",\n "visibility":"enable",\n "associated-interface":"",\n "color":0,\n "tags":[\n ]\n }\n ],\n "vdom":"dc2",\n "path":"firewall",\n "name":"address",\n "mkey":"srv-A",\n "status":"success",\n "http_status":200,\n "serial":"FWF90D3Z13003141",\n "version":"v5.2.9",\n "build":736\n}'
37 |
38 | fg.SetFwAddress('srv-A','10.2.2.2/32')
39 | 200
40 |
41 | fg.DelFwAddress('srv-A')
42 | 200
43 | ```
44 |
45 | A toolbox of everything you need to manage the fw, used for daily production at Sigma Informatique.
46 | Clean and simple (at least i tried to)
47 |
--------------------------------------------------------------------------------
/setup.cfg:
--------------------------------------------------------------------------------
1 | [metadata]
2 | description-file = README.md
--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
1 | from distutils.core import setup
2 | setup(
3 | name = 'FortigateApi',
4 | packages = ['FortigateApi'], # this must be the same as the name above
5 | version = '0.1',
6 | description = 'Access Fortigate REST API in python',
7 | author = 'David Chayla',
8 | author_email = 'null',
9 | url = 'https://github.com/DavidChayla/FortigateApi',
10 | download_url = 'https://github.com/DavidChayla/FortigateApi/archive/0.1.tar.gz',
11 | keywords = ['fortigate', 'REST', 'network'],
12 | classifiers = [],
13 | )
--------------------------------------------------------------------------------