easyrule_block_host_add works only with name 'WAN'

[Vaibhav1587]

curl -X POST --silent --insecure --header "Content Type: application/json" --header "fauxapi-auth:XXX" http://XX.XXX.XXX.XX:XXXX/fauxapi/v1/\?action=function_call --data '{"function":"easyrule_block_host_add","args":["XXX.XXX.XXX.XX/32","wan","inet"]}'

Above command adds

Alias

with the name

"WAN"

and also creates

Rule

in rules section. But if I change the 2nd argument (i.e. int) with something different name function only creates the alias but no rules get added.
Also its very vague if the network gets blocked even if the alias and rule added with 'WAN' name. I need to change the name manually by GUI to make blocking work 100%.

[ndejong]

This is a limitation of the pfSense function call you are attempting to use - please review the statements about using the function_call method and the caveats it carries:-

• https://github.com/ndejong/pfsense_fauxapi#user-content-function_call

I suspect you'll have more success in approaching you problem by:-

• pulling in a copy of the pfSense config using config_get
• inserting the rule(s) you require locally into the JSON data structure
• pushing your new pfSense config file using config_set

The config_set method will cause the configuration to reload and your new rule(s) should be active at this point.

[Vaibhav1587]

Thanks for the reply.

Just one final question. Do I have to upload the modified config.xml using multipart/form-data ? I'm using JAVA HttpURLConnection for the requests.

Tried to submit the modified config directly using the JSONString but getting server response as 500.

[ndejong]

It very much sounds like you are trying to work with the actual XML formatted representation of the config which I'd recommend against since the pfSense config.xml file has several format quirks that make it difficult to work with.

I'd suggest that you "get" the pfSense config using fauxapi config_get into your client-side Java data-structure using a standard Java JSON parser library, if you look at the JSON data returned by config_get you'll find the whole configuration located at .data.config in this data-structure.

Then simply add/remove whatever rules or configuration changes you'd like to perform directly in the client side data-structure in your Java application/tool.

Then turn the data-structure back into a JSON string (not XML) and POST it using the fauxapi config_set method as described here - again, I suspect this is where you are having a problem right now because it sounds like you are trying to send an XML file which is not right.

[Vaibhav1587]

Thanks.

I'm working with JSON only. Took the JSON string using config_get but problem is that I'm not able to set it again using the config_set. Trying to POST the JSONString.

As mention here
--data @/tmp/config.json do I need to save the modified JSON string into the config.json and upload the file to /tmp/ or directly sending the JSON string using config_set will work ?

[ndejong]

Okay - I think I need to better highlight something in the documentation in that case.

Pay attention to the JSON payload that returns from the config_get call, it contains more than just the configuration. You must select out the config only portion which is located at ".data.config" of that JSON structure.

You can use jq to easily pull out the part you require.

cat /tmp/faux-config-get-output-from-curl.json | jq .data.config > /tmp/config.json

[ndejong]

Marking this for enhancement to improve the documentation - N

[Vaibhav1587]

curl -X POST --silent --insecure --header "fauxapi-auth:PFFAwZz0dFMaX1nrlr095Ei2:20180122Z193325:somenonce:3c9c1dff795dc4dc97d049424f7b3ad4a052150fdf39362c6922aa053f530d3d" --data {"config":{"widgets":{"sequence":"system_information:col1:close,interfaces:col2:open,interface_statistics:col2:open,dyn_dns_status:col2:open,smart_status:col2:open,installed_packages:col2:open,pfblockerng-container:col2:show","period":"10"},"ca":[{"prv":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQ..... http://xx.xxx.xxx.xx:8888/fauxapi/v1/\?action=config_set

JSON string is big therefore ended with the ellipses. It has been checked it's complete n legit JSON String

This above command is not working.
Anything will be very helpful. Thanks in advance.

[ndejong]

The fauxapi provides a lot of debug and logging response data if you add a __debug=true URL parameter to the request.

The curl request snippet you have provided appears to be inserting the JSON content as a string through the command line - there is nothing wrong with this however your command line will become very large and awkward to work with, also, you would need to make sure the JSON string is enclosed in single-tick marks and that any single-tick marks within the JSON are escaped - you will find it much easier to simply write the JSON content to a file and import it like this:- --data @/tmp/my-config-data.json

Please respond with the response JSON data from a call with __debug=true so we can see the full logging information and get to the bottom of your issue.

[Vaibhav1587]

Finally! done it.

Thanks for the help.

[ndejong]

Sounds like the __debug=true helped you discover what was going wrong - happy to hear you worked it out - I'll update the documentation as a result of this thread to help others - N

[ndejong]

Document update written, due in next release