firewallrule module

Copyright 2023 Sophos Ltd. All rights reserved. Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

class firewallrule.FirewallRule(api_client)[source]

Bases: object

Class for working with firewall rule(s).

create(rule_params, debug)[source]

Create a firewall rule

Parameters:

rule_params (dict) – Configuration parmeters for the rule, see Keyword Args for supported parameters.

Keyword Arguments:

  • rulename (str) – Name of the firewall rule

  • status (str) – Enable/Disable

  • position (str) – Where the rule should be positioned (top/bottom/after/before)

  • after_rulename (str) – Name of the rule to insert this rule after if position = after

  • before_rulename (str) – Name of the rule to insert this rule before if position = before

  • action (str) – Accept, Drop, Reject

  • description (str) – Rule description

  • log (str) – Enable, Disable

  • src_zones (list) – Name(s) of the source zone(s)

  • dst_zones (list) – Name(s) of the destination zone(s)

  • src_networks (list) – Name(s) of the source network(s)

  • dst_networks (list) – Name(s) of the destination network(s)

  • service_list (list) – Name(s) of service(s)

  • web_filter (str) – Name of the web filter policy to apply

  • web_category_traffic_shaping (str) – Name of the web category traffic shaping policy to apply

  • block_quic (str) – Enable/Disable QUIC blocking

  • scan_virus (str) – Enable/Disable virus scanning

  • proxy_mode (str) – Enable/Disable proxy mode

  • decrypt_https (str) – Enable/Disable HTTPS decryption

  • source_security_heartbeat (str) – Enable/Disable source security heartbeat

  • minimum_source_hb_permitted (str) – Minimum source heartbeat permitted

  • dest_security_heartbeat (str) – Enable/Disable destination security heartbeat

  • minimum_dest_hb_permitted (str) – Minimum destination heartbeat permitted

  • application_control (str) – Enable/Disable application control

  • application_base_qos_policy (str) – Name of the application base QoS policy to apply

  • intrusion_prevention (str) – Enable/Disable intrusion prevention

  • qos_policy (str) – Name of the QoS traffic shaping policy to apply

  • dscp_marking (str) – DSCP marking value

  • scan_smtp (str) – Enable/Disable SMTP scanning

  • scan_smtps (str) – Enable/Disable SMTPS scanning

  • scan_imap (str) – Enable/Disable IMAP scanning

  • scan_imaps (str) – Enable/Disable IMAPS scanning

  • scan_pop3 (str) – Enable/Disable POP3 scanning

  • scan_pop3s (str) – Enable/Disable POP3S scanning

Returns:

XML response converted to Python dictionary

Return type:

dict

get(name, operator='=')[source]

Get firewall rule(s)

Parameters:

  • name (str, optional) – Firewall Rule name. Returns all rules if not specified.

  • operator (str, optional) – Operator for search. Default is “=”. Valid operators: =, !=, like.

update(name, rule_params, debug)[source]

Update a firewall rule.

Parameters:

  • name (str) – Name of the firewall rule to be updated

  • rule_params (dict) – Configuration parmeters for the rule, see Keyword Args for supported parameters.

Keyword Arguments:

  • status (str) – Enable/Disable

  • position (str) – Where the rule should be positioned (top/bottom/after/before)

  • after_rulename (str, optional) – Name of the rule to insert this rule after if position = after

  • before_rulename (str, optional) – Name of the rule to insert this rule before if position = before

  • action (str) – Accept, Drop, Reject

  • description (str) – Rule description

  • log (str) – Enable, Disable

  • src_zones (list) – Name(s) of the source zone(s)

  • dst_zones (list) – Name(s) of the destination zone(s)

  • src_networks (list) – Name(s) of the source network(s)

  • dst_networks (list) – Name(s) of the destination network(s)

  • service_list (list) – Name(s) of service(s)

  • web_filter (str) – Name of the web filter policy to apply

  • web_category_traffic_shaping (str) – Name of the web category traffic shaping policy to apply

  • block_quic (str) – Enable/Disable QUIC blocking

  • scan_virus (str) – Enable/Disable virus scanning

  • proxy_mode (str) – Enable/Disable proxy mode

  • decrypt_https (str) – Enable/Disable HTTPS decryption

  • source_security_heartbeat (str) – Enable/Disable source security heartbeat

  • minimum_source_hb_permitted (str) – Minimum source heartbeat permitted

  • dest_security_heartbeat (str) – Enable/Disable destination security heartbeat

  • minimum_dest_hb_permitted (str) – Minimum destination heartbeat permitted

  • application_control (str) – Enable/Disable application control

  • application_base_qos_policy (str) – Name of the application base QoS policy to apply

  • intrusion_prevention (str) – Enable/Disable intrusion prevention

  • qos_policy (str) – Name of the QoS traffic shaping policy to apply

  • dscp_marking (str) – DSCP marking value

  • scan_smtp (str) – Enable/Disable SMTP scanning

  • scan_smtps (str) – Enable/Disable SMTPS scanning

  • scan_imap (str) – Enable/Disable IMAP scanning

  • scan_imaps (str) – Enable/Disable IMAPS scanning

  • scan_pop3 (str) – Enable/Disable POP3 scanning

  • scan_pop3s (str) – Enable/Disable POP3S scanning

Returns:

XML response converted to Python dictionary

Return type:

dict