# Firewall

##### [Order now](https://puqcloud.com/puqvpncp.php) | [Download](https://download.puqcloud.com/cp/puqvpncp/) | [FAQ](https://faq.puqcloud.com)

## Firewall info

**Request Structure:** `https://<puqvpnvp>/api/v1/firewall/info`

**Method:** `GET`

**Cookie: `access_hash=<access_hash>`**

**Example:**

```shell
curl \
-b "access_hash=7effe99173b87e9cdebdab66d6fb23c9b244af250cb09b5dd36d8f80d14a8510b2d00bcba7290252" \
-X GET https://dev.softkeel.com/api/v1/firewall/info
```

**Response example:**

```JSON
{
   "error" : "",
   "msg" : {
      "ip_forward" : "yes",
      "iproute2" : "5.10.0-4",
      "iptables" : "1.8.7-1"
   },
   "status" : "success"
}
```

**Errors:**

```
-Not authorized
```

- - - - - -

## Firewall conf

**Request Structure:** `https://<puqvpnvp>/api/v1/firewall/conf`

**Cookie: `access_hash=<access_hash>`**

**Method:**<span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Oxygen, Ubuntu, Roboto, Cantarell, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;"> </span>`GET`

**Example:**

```shell
curl \
-b "access_hash=7effe99173b87e9cdebdab66d6fb23c9b244af250cb09b5dd36d8f80d14a8510b2d00bcba7290252" \
-X GET https://dev.softkeel.com/api/v1/firewall/conf
```

**Response example:**

```JSON
{
   "error" : "",
   "msg" : {
      "internal_traffic" : false,
      "ip_forward" : false,
      "policy_forward" : "ACCEPT",
      "policy_input" : "ACCEPT",
      "policy_output" : "ACCEPT"
   },
   "status" : "success"
}
```

**Errors:**

```
-Not authorized
```

- - - - - -

## Firewall change conf

**Request Structure:** `https://<puqvpnvp>/api/v1/firewall/conf`

**Cookie: `access_hash=<access_hash>`**

**Method:** `PUT`

**PUT data:**

```JSON
"internal_traffic" 	= false|true
"ip_forward" 		= false|true
"policy_forward" 	= "ACCEPT"|"DROP"
"policy_input" 		= "ACCEPT"|"DROP"
"policy_output" 	= "ACCEPT"|"DROP"
```

**Example:**

```shell
curl \
-b "access_hash=7effe99173b87e9cdebdab66d6fb23c9b244af250cb09b5dd36d8f80d14a8510b2d00bcba7290252" \
-d "ip_forward=1&internal_traffic=1&policy_forward=ACCEPT&policy_input=ACCEPT&policy_output=ACCEPT" \
-X PUT https://dev.softkeel.com/api/v1/firewall/conf
```

**Response example:**

```JSON
{
   "error" : "",
   "msg" : "success",
   "status" : "success"
}
```

**Errors:**

```
-Wrong parameter: INPUT policy, should be: ACCEPT or DROP
-Wrong parameter: FORWARD policy, should be: ACCEPT or DROP
-Wrong parameter: OUTPUT policy, should be: ACCEPT or DROP
```

- - - - - -

## Firewall rules FILTER

**Request Structure:** `https://<puqvpnvp>/api/v1/firewall/rules/filter`

**Cookie: `access_hash=<access_hash>`**

**Method:**<span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Oxygen, Ubuntu, Roboto, Cantarell, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;"> </span>`GET`

**Example:**

```shell
curl \
-b "access_hash=7effe99173b87e9cdebdab66d6fb23c9b244af250cb09b5dd36d8f80d14a8510b2d00bcba7290252" \
-X GET https://dev.softkeel.com/api/v1/firewall/rules/filter
```

**Response example:**

```JSON
{
   "error" : "",
   "msg" : [
      {
         "action" : "ACCEPT",
         "chain" : "INPUT",
         "d_ip" : "0.0.0.0/0",
         "d_port" : "8098",
         "name" : "system_PUQVPNCP",
         "protocol" : "TCP",
         "s_ip" : "0.0.0.0/0",
         "s_port" : "0"
      },
      {
         "action" : "DROP",
         "chain" : "INPUT",
         "d_ip" : "0.0.0.0/0",
         "d_port" : "23",
         "name" : "TEST",
         "protocol" : "TCP",
         "s_ip" : "0.0.0.0/0",
         "s_port" : "0"
      }
   ],
   "status" : "success"
}
```

**Errors:**

```
-Not authorized
```

- - - - - -

## Firewall FILTER add rule

**If add at the top of the list**

**Request Structure:** `<a href="https://<puqvpnvp>/api/v1/firewall/rules/filter/top">https://<puqvpnvp>/api/v1/firewall/rules/filter/top</a>`

**If added at the end of the list**

**Request Structure:** `<a href="https://<puqvpnvp>/api/v1/firewall/rules/filter/top">https://<puqvpnvp>/api/v1/firewall/rules/filter/end</a>`

**Cookie: `access_hash=<access_hash>`**

**Method:**<span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Oxygen, Ubuntu, Roboto, Cantarell, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;"> </span>`POST`

**POST data:**

```JSON
"name" = "NAME"
"action" = "ACCEPT"|"DROP"
"chain" = "INPUT"|
"d_ip" = "CIDR format"
"d_port" = "0-65535"
"protocol" = "TCP"|"UDP"|"ICMP"|"ANY"
"s_ip" = "CIDR format"
"s_port" = "0-65535"
```

**Example:**

```shell
curl \
-b "access_hash=7effe99173b87e9cdebdab66d6fb23c9b244af250cb09b5dd36d8f80d14a8510b2d00bcba7290252" \
-d "action=ACCEPT&\
chain=INPUT&\
d_ip=0.0.0.0/0&\
d_port=22&\
name=TEST_SSH_OPEN&\
protocol=TCP&\
s_ip=0.0.0.0/0&\
s_port=0"\
-X POST https://dev.softkeel.com/api/v1/firewall/rules/filter/top
```

**Response example:**

```JSON
{
   "error" : "",
   "msg" : "success",
   "status" : "success"
}
```

**Errors:**

```
-Wrong rule name. Must be letters and numbers only
-A rule with the same name already exists
-Not correct Chain
-Destination IP must be in CIDR format
-Source IP must be in CIDR format
```

- - - - - -

## Firewall FILTER delete rule

**If add at the top of the list**

**Request Structure:** `<a href="https://<puqvpnvp>/api/v1/firewall/rules/filter/top">https://<puqvpnvp>/api/v1/firewall/rules/filter/<rule_name></a>`

**Cookie: `access_hash=<access_hash>`**

**Method:**<span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Oxygen, Ubuntu, Roboto, Cantarell, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;"> </span>`DELETE`

**Example:**

```shell
curl \
-b "access_hash=7effe99173b87e9cdebdab66d6fb23c9b244af250cb09b5dd36d8f80d14a8510b2d00bcba7290252" \
-X DELETE https://dev.softkeel.com/api/v1/firewall/rules/filter/TEST_SSH_OPEN
```

**Response example:**

```JSON
{
   "error" : "",
   "msg" : "success",
   "status" : "success"
}
```

**Errors:**

```
-No rule found with given name
-You cannot delete this rule. ONLY name=system_PUQVPNCP
```

- - - - - -

## Firewall rules NAT

**Request Structure:** `https://<puqvpnvp>/api/v1/firewall/rules/nat`

**Cookie: `access_hash=<access_hash>`**

**Method:**<span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Oxygen, Ubuntu, Roboto, Cantarell, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;"> </span>`GET`

**Example:**

```shell
curl \
-b "access_hash=7effe99173b87e9cdebdab66d6fb23c9b244af250cb09b5dd36d8f80d14a8510b2d00bcba7290252" \
-X GET https://dev.softkeel.com/api/v1/firewall/rules/nat
```

**Response example:**

```JSON
{
   "error" : "",
   "msg" : [
      {
         "action" : "SNAT",
         "chain" : "POSTROUTING",
         "d_ip" : "0.0.0.0/0",
         "name" : "Default_144_wg144",
         "s_ip" : "10.0.143.0/24",
         "to-source" : "77.87.125.200"
      },
      {
         "action" : "SNAT",
         "chain" : "POSTROUTING",
         "d_ip" : "0.0.0.0/0",
         "name" : "Default_153_wg153",
         "s_ip" : "10.0.152.0/24",
         "to-source" : "77.87.125.200"
      },
      {
         "action" : "SNAT",
         "chain" : "POSTROUTING",
         "d_ip" : "0.0.0.0/0",
         "name" : "Default_44_wg44",
         "s_ip" : "10.0.43.0/24",
         "to-source" : "77.87.125.200"
      },
      {
         "action" : "SNAT",
         "chain" : "POSTROUTING",
         "d_ip" : "0.0.0.0/0",
         "name" : "Default_53_wg53",
         "s_ip" : "10.0.52.0/24",
         "to-source" : "77.87.125.200"
      }
   ],
   "status" : "success"
}
```

**Errors:**

```
-Not authorized
```

- - - - - -

## Firewall rules MANGLE

**Request Structure:** `https://<puqvpnvp>/api/v1/firewall/rules/mangle`

**Cookie: `access_hash=<access_hash>`**

**Method:**<span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Oxygen, Ubuntu, Roboto, Cantarell, 'Fira Sans', 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400;"> </span>`GET`

**Example:**

```shell
curl \
-b "access_hash=7effe99173b87e9cdebdab66d6fb23c9b244af250cb09b5dd36d8f80d14a8510b2d00bcba7290252" \
-X GET https://dev.softkeel.com/api/v1/firewall/rules/mangle
```

**Response example:**

```JSON
{
   "error" : "",
   "msg" : [
      {
         "action" : "MARK",
         "chain" : "FORWARD",
         "d_ip" : "0.0.0.0/0",
         "name" : "src_peer_121_user_122",
         "s_ip" : "10.0.118.3",
         "set-mark" : "227"
      },
      {
         "action" : "MARK",
         "chain" : "FORWARD",
         "d_ip" : "10.0.118.4",
         "name" : "dst_peer_122_user_123",
         "s_ip" : "0.0.0.0/0",
         "set-mark" : "228"
      },
      {
         "action" : "MARK",
         "chain" : "FORWARD",
         "d_ip" : "0.0.0.0/0",
         "name" : "src_peer_122_user_123",
         "s_ip" : "10.0.118.4",
         "set-mark" : "228"
      }
   ],
   "status" : "success"
}
```

**Errors:**

```
-Not authorized
```