Method: addRule
Add a rule to a service in a specified policy domain. The policy domain and service you are creating if they do not exist.
Parameters
Name | Type | Description |
---|---|---|
domainName | string | Policy domain to which to add the rule |
serviceName | string | Service to which to add the rule |
ruleName | string | Rule name, a null or AUTO value generates the name based on the traffic description data |
trafficDescrType | string | Rule type, available options are:
1 – Ethernet type 2 – LLC DSAP SSAP 3 – IP type of service 4 – IP protocol 5 – IPX class of service 6 – IPX packet type 7 – Source IP address 8 – Destination IP address 9 – Bilateral IP address 10 – Source IPX network 11 – Destination IPX network 12 – Bilateral IPX network 13 – UDP source port 14 – UDP destination port 15 – UDP bilateral port 16 – TCP source port 17 – TCP destination port 18 – TCP bilateral port 19 – IPX source socket 20 – IPX destination socket 21 – IPX bilateral socket 22 – Source MAC address 23 – Destination MAC address 24 – Bilateral MAC address 25 – IP fragment 26 – IP UDP source port range 27 – IP UDP destination port range 28 – IP UDP bilateral port range 29 – IP TCP source port range 30 – IP TCP destination port range 31 – IP TCP bilateral port range 32 – ICMP Type 33 – VLAN ID 34 – TCI 43 – IPv6 source address 44 – IPv6 destination address 45 – IPv6 bilateral address 46 – IPv6 source socket 47 – IPv6 destination socket 48 – IPv6 bilateral socket 49 – IPv6 type 50 – IPv6 flow label |
trafficDescrValue | string | Value associated with the rule |
trafficDescrMask | string | Mask associated with value, use 0 for no mask |
expandedTrafficDescrValue | string | Additional value for rules that require multiple values i.e. TCP port + IP address |
expandedTrafficDescrMask | string | Mask associated to the additional value, only applicable to multiple value rules |
vlanAction | string | VLAN action, available options are:
-1 – None 0 – Discard 4095 – Permit |
Returns
The operation returns an integer error code.
Example
Execute the following web service with a browser. The web service creates a policy rule that drops all telnet (port 23) from 192.168.10.180.
https://192.168.30.34:8443/axis/services/PolicyService/addRule?domainName=Default Policy Domain&serviceName=Example-Service&ruleName=Example-Rule&trafficDescrType=17&trafficDescrValue=23&trafficDescrMask=0&expandedTrafficDescrValue=192.168.10.180&expandedTrafficDescrMask=0&vlanAction=0