allowing enabling / disabling specific firewall rules / etc

[garci66]

Looking at an enhancement and willing to contribute, but just wanted to share the idea first

I use my ER to setup a vpn for "out of country" access for my smart TV, etc which can't host their own vpn client. I enable it and disable it by activating a particular modify firewall rule.

Do you think it would be possible to do this through this integration? so that I can enable my vpn through HA?

thanks a million!

[elad-bar]

Will check if that configuration is available over API

[garci66]

Thanks!! I looked into the GUI API (undocumented) but not sure which api you use.

in my case, for example its using the following:
https://192.168.1.1/api/edge/batch.json and with payload:
{"DELETE":{"firewall":{"modify":{"balance":{"rule":{"50":{"disable":null}}}}}}}

(in this case, it "deletes" the "disabled" status of the entry).

The reverse action is
{"SET":{"firewall":{"modify":{"balance":{"rule":{"50":{"disable":null}}}}}}}

(targetting the same endpoint)

[elad-bar]

This is very specific use case, if i'll add it, it should be done more genric, how do you see it work?

Thanks

[garci66]

Hi Elad, absolutely agree its super specific.

Maybe have a way of doing a customizable "set" and "delete" actions and the "content" is configurable by the user?

im currently on edgeos 1.9.0 but could upgrade no problem.

maybe we expose a one or more "switch" objects which use the "SET" verb when turned on and "DELETE" when off and have a user-provided api path like above? like

{"firewall":{"modify":{"balance":{"rule":{"50":{"disable":null}}}}}}

and we can configure this from the gui?

[Riftr]

This is very specific use case, if i'll add it, it should be done more genric, how do you see it work?

Thanks

Being able to enable/disable firewall rules will allow me to disable my kids internet access until their chores are done. Every parent will love you and every kid will curse your name!

[garci66]

Personally I am looking at moving to a Mikrotik router as the Mikrotik integration in HA seems to handle this. But as a long time ubnt user I think it would still be valuable. I haven't had too many cycles to look in detail how you interact with the ubiquiti API but I think so far the integration is mostly read only. So to do pushes would be quite a bit of change.

…

On Tue, May 25, 2021, 12:27 Rob ***@***.***> wrote: This is very specific use case, if i'll add it, it should be done more genric, how do you see it work? Thanks Being able to enable/disable firewall rules will allow me to disable my kids internet access until their chores are done. Every parent will love you and every kid will curse your name! — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#49 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACQV3WECVBXTJH5U7ZPGB5LTPO6W3ANCNFSM44BEJCGA> .

[elad-bar]

in v2.x there is an option to store debug data, it will allow you to get the data available in the API, so we can add more features based on that information.

I would like to understand what is the structure of the rule you have set, can you please extract the firewall section out of the debug data?

once you have switch on the store debug data switch, there will be debug file in:
/config/.storage/edgeos.{entry_id}.debug.api.json

thanks

[elad-bar]

please note that with v2.0.14 there is no store debug files and data available in API:
http://[REPLACE_WITH_HA:PORT]/api/edgeos/[REPLACE_WITH_ENTRY_ID]/api

request authentication is the same as HA with long living token