netconn-api/v2.0/section_neutron-firewall-ext.xml
Andreas Jaeger 2cd41cb7a4 Fix location of slash
As Sam Harwell noticed, the slash should be outside of the parameter
tags for /fw/firewall_policies/firewall_policy-id/remove_rule.

This is a followup to change I174f5d6ca5291bff88c1b8350b48f5d97daf4c34.

Change-Id: I5f30b4d2ac65efff604ee5e424060805e7cf30e5
Related-Bug: #1265927
2014-01-06 14:49:11 +01:00

1372 lines
56 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE section [
<!-- Some useful entities borrowed from HTML -->
<!ENTITY ndash "&#x2013;">
<!ENTITY mdash "&#x2014;">
<!ENTITY hellip "&#x2026;">
<!ENTITY plusmn "&#xB1;">
<!-- Useful for describing APIs -->
<!ENTITY GET '<command xmlns="http://docbook.org/ns/docbook">GET</command>'>
<!ENTITY PUT '<command xmlns="http://docbook.org/ns/docbook">PUT</command>'>
<!ENTITY POST '<command xmlns="http://docbook.org/ns/docbook">POST</command>'>
<!ENTITY DELETE '<command xmlns="http://docbook.org/ns/docbook">DELETE</command>'>
<!ENTITY CHECK '<inlinemediaobject xmlns="http://docbook.org/ns/docbook">
<imageobject>
<imagedata fileref="figures/Check_mark_23x20_02.svg"
format="SVG" scale="60"/>
</imageobject>
</inlinemediaobject>'>
<!ENTITY ARROW '<inlinemediaobject xmlns="http://docbook.org/ns/docbook">
<imageobject>
<imagedata fileref="figures/Arrow_east.svg"
format="SVG" scale="60"/>
</imageobject>
</inlinemediaobject>'>
]>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:m="http://www.w3.org/1998/Math/MathML"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns:db="http://docbook.org/ns/docbook" version="5.0"
status="final" xml:id="fwaas_ext">
<title>Firewall as a Service (FWaaS) Extension</title>
<para>The FWaaS extension provides OpenStack users
with the ability to deploy firewalls to protect
their networks.
The current features provided by the FWaaS extension are:
<itemizedlist>
<listitem>
<para>Apply firewall rules on traffic entering and leaving
tenant networks.
</para>
</listitem>
<listitem>
<para>Support for applying tcp, udp, icmp, or protocol agnostic
rules.</para>
</listitem>
<listitem>
<para>Creation and sharing of firewall policies which hold an
ordered collection of the firewall rules.</para>
</listitem>
<listitem>
<para>Ability to audit firewall rules and policies.</para>
</listitem>
</itemizedlist>
</para>
<para>This extension introduces new resources:
<itemizedlist>
<listitem>
<para><emphasis role="bold">firewall</emphasis>: represents
a logical firewall resource that a tenant can instantiate
and manage. A firewall is associated with one firewall_policy.
</para>
</listitem>
<listitem>
<para><emphasis role="bold">firewall_policy</emphasis>: is an
ordered collection of firewall_rules. A firewall_policy can
be shared across tenants. Thus it can also be made part of
an audit workflow wherein the firewall_policy can be audited
by the relevant entity that is authorized (and can be
different from the tenants which create or use the
firewall_policy).
</para>
</listitem>
<listitem>
<para><emphasis role="bold">firewall_rule</emphasis>: represents
a collection of attributes like ports, ip addresses which
define match criteria and action (allow, or deny) that needs
to be taken on the matched data traffic.
</para>
</listitem>
</itemizedlist>
</para>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_rule">
<title>Firewall Rule Operations</title>
<para>This section discusses operations for managing a Firewall Rule
through this extension.
</para>
<table rules="all">
<caption>Firewall Rule Attributes</caption>
<col width="20%"/>
<col width="8%"/>
<col width="10%"/>
<col width="7%"/>
<col width="15%"/>
<col width="15%"/>
<col width="25%"/>
<thead>
<tr>
<th>Attribute</th>
<th>Type</th>
<th>Required</th>
<th>CRUD
<footnote xml:id="fwaas_rule_crud_note">
<para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">C</emphasis>. Use the attribute in create operations.</para>
</listitem>
<listitem>
<para><emphasis role="bold">R</emphasis>. This attribute is returned in response to show and list operations.</para>
</listitem>
<listitem>
<para><emphasis role="bold">U</emphasis>. You can update the value of this attribute.</para>
</listitem>
<listitem>
<para><emphasis role="bold">D</emphasis>. You can delete the value of this attribute.</para>
</listitem>
</itemizedlist>
</para>
</footnote>
</th>
<th>Default Value</th>
<th>Validation Constraints</th>
<th>Notes</th>
</tr>
</thead>
<tbody>
<tr>
<td>id</td>
<td>uuid-str</td>
<td>N/A</td>
<td>R</td>
<td>generated</td>
<td>N/A</td>
<td>Unique identifier for the Firewall Rule object.</td>
</tr>
<tr>
<td>tenant_id</td>
<td>uuid-str</td>
<td>Yes</td>
<td>CR</td>
<td>Derived from Authentication token</td>
<td>N/A</td>
<td>Owner of the Firewall Rule. Only admin users can
specify a tenant identifier other than their own.</td>
</tr>
<tr>
<td>name</td>
<td>String</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>N/A</td>
<td>Human readable name for the Firewall Rule (255
characters limit). Does not have to be unique.</td>
</tr>
<tr>
<td>description</td>
<td>String</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>N/A</td>
<td>Human readable description for the Firewall Rule (1024
characters limit).</td>
</tr>
<tr>
<td>firewall_policy_id</td>
<td>uuid-str</td>
<td>No</td>
<td>R</td>
<td>None</td>
<td>N/A</td>
<td>This is a readonly attribute which gets populated
with the uuid of the Firewall Policy when this
Firewall Rule is associated with a Firewall
Policy. A Firewall Rule can be associated
with one Firewall Policy at a time. The association
can however be updated to a different Firewall Policy.
This attribute can be "null" if the rule is not
associated with any firewall policy.
</td>
</tr>
<tr>
<td>shared</td>
<td>Bool</td>
<td>No</td>
<td>CRU</td>
<td>false</td>
<td>{true | false}</td>
<td>When set to True makes this Firewall Rule visible
to tenants other than its owner, and can be used
in Firewall Policies not owned by its tenant.</td>
</tr>
<tr>
<td>protocol</td>
<td>String</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>{icmp | tcp | udp | null}</td>
<td>IP Protocol</td>
</tr>
<tr>
<td>ip_version</td>
<td>Integer</td>
<td>No</td>
<td>CRU</td>
<td>4</td>
<td>{4 | 6}</td>
<td>IP Protocol Version</td>
</tr>
<tr>
<td>source_ip_address</td>
<td>String (IP address or CIDR)</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>valid IP address (v4 or v6), or CIDR</td>
<td>Source IP address or CIDR</td>
</tr>
<tr>
<td>destination_ip_address</td>
<td>String (IP address or CIDR)</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>Valid IP address (v4 or v6), or CIDR</td>
<td>Destination IP address or CIDR</td>
</tr>
<tr>
<td>source_port</td>
<td>Integer</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>Valid port number (integer or string), or port range
in the format of a ':' separated range). In the case
of port range, both ends of the range are included.</td>
<td>Source port number or a range</td>
</tr>
<tr>
<td>destination_port</td>
<td>Integer</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>Valid port number (integer or string), or port range
in the format of a ':' separated range. In the case
of port range, both ends of the range are included.</td>
<td>Destination port number or a range</td>
</tr>
<tr>
<td>position</td>
<td>Integer</td>
<td>No</td>
<td>R</td>
<td>None</td>
<td>N/A</td>
<td>This is a readonly attribute that gets assigned
to this rule when the rule is associated with
a Firewall Policy. It indicates the position of
this rule in that Firewall Policy. This position
number starts at 1. The position can be "null"
if the firewall rule is not associated with any
policy.</td>
</tr>
<tr>
<td>action</td>
<td>String</td>
<td>No</td>
<td>CRU</td>
<td>deny</td>
<td>{allow | deny}</td>
<td>Action to be performed on the traffic matching
the rule (allow, deny)</td>
</tr>
<tr>
<td>enabled</td>
<td>Bool</td>
<td>No</td>
<td>CRU</td>
<td>true</td>
<td>{true | false}</td>
<td>When set to False will disable this rule in the
Firewall Policy. Facilitates selectively turning
off rules without having to disassociate the rule
from the Firewall Policy</td>
</tr>
</tbody>
</table>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_rule_list">
<title>List Firewall Rules</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&GET;
</td>
<td>/fw/firewall_rules</td>
<td>List Firewall Rules.</td>
</tr>
</tbody>
</informaltable>
<simpara>Normal Response Code:
<returnvalue>200</returnvalue>
</simpara>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>).</simpara>
<para>This operation does not require a request body.</para>
<para>This operation returns a response body.</para>
<example>
<title>List Firewall Rules: Request</title>
<programlisting>
GET /v2.0/fw/firewall_rules.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
</example>
<example>
<title>List Firewall Rules: Response</title>
<programlisting language="json"><xi:include href="samples/firewall/firewall_rules-list-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_rule_show">
<title>Show Firewall Rule</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&GET;
</td>
<td>/fw/firewall_rules/<parameter>firewall_rule-id</parameter></td>
<td>Returns details about a specific Firewall Rule.</td>
</tr>
</tbody>
</informaltable>
<simpara>Normal Response Code:
<returnvalue>200</returnvalue>
</simpara>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Forbidden (<errorcode>403</errorcode>), Not Found (<errorcode>404</errorcode>)
</simpara>
<para>This operation does not require a request body.</para>
<para>This operation returns a response body.</para>
<example>
<title>Show Firewall Rule: Request</title>
<programlisting>
GET /v2.0/fw/firewall_rules/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
</example>
<example>
<title>Show Firewall Rule: Response</title>
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-show-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_rule_create">
<title>Create Firewall Rule</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&POST;</td>
<td>/fw/firewall_rules</td>
<td>Creates a new Firewall Rule.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>201</returnvalue>
</para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Bad Request (<errorcode>400</errorcode>)</simpara>
<para>This operation requires a request body.</para>
<para>This operation returns a response body.</para>
<example>
<title>Create Firewall Rule: Request</title>
<programlisting>
POST /v2.0/fw/firewall_rules.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-create-req.json" parse="text"/></programlisting>
</example>
<example>
<title>Create Firewall Rule: Response</title>
<programlisting>
HTTP/1.1 201 Created
Content-Type: application/json; charset=UTF-8
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-create-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_rule_update">
<title>Update Firewall Rule</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&PUT;</td>
<td>/fw/firewall_rules/<parameter>firewall_rule-id</parameter></td>
<td>Updates a Firewall Rule.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Bad Request (<errorcode>400</errorcode>), Not Found (<errorcode>404</errorcode>)</simpara>
<example>
<title>Update Firewall Rule: Request</title>
<programlisting>
PUT /v2.0/fw/firewall_rules/41bfef97-af4e-4f6b-a5d3-4678859d2485.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-update-req.json" parse="text"/></programlisting>
</example>
<example>
<title>Update Firewall Rule: Response</title>
<programlisting>
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-update-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_rule_delete">
<title>Delete Firewall Rule</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&DELETE;</td>
<td>/fw/firewall_rules/<parameter>firewall_rule-id</parameter></td>
<td>Removes a Firewall Rule.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>204</returnvalue>
</para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Not Found (<errorcode>404</errorcode>), Conflict
(<errorcode>409</errorcode>). The Conflict error response is
returned when an operation is performed while the firewall
is in a PENDING state.</simpara>
<para>This operation does not require a request body.</para>
<para>This operation does not return a response body.</para>
<example>
<title>Delete Firewall Rule: Request</title>
<programlisting>
DELETE /v2.0/fw/firewall_rules/1be5e5f7-c45e-49ba-85da-156575b60d50.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
</example>
<example>
<title>Delete Firewall Rule: Response</title>
<programlisting>
HTTP/1.1 204 No Content
Content-Length: 0
</programlisting>
</example>
</section>
</section> <!-- end of firewall rule section-->
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_policy">
<title>Firewall Policy Operations</title>
<para>This section discusses operations for managing a Firewall Policy
through this extension.
</para>
<table rules="all">
<caption>Firewall Policy Attributes</caption>
<col width="20%"/>
<col width="8%"/>
<col width="10%"/>
<col width="7%"/>
<col width="15%"/>
<col width="15%"/>
<col width="25%"/>
<thead>
<tr>
<th>Attribute</th>
<th>Type</th>
<th>Required</th>
<th>CRUD
<footnote xml:id="fwaas_policy_crud_note">
<para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">C</emphasis>. Use the attribute in create operations.</para>
</listitem>
<listitem>
<para><emphasis role="bold">R</emphasis>. This attribute is returned in response to show and list operations.</para>
</listitem>
<listitem>
<para><emphasis role="bold">U</emphasis>. You can update the value of this attribute.</para>
</listitem>
<listitem>
<para><emphasis role="bold">D</emphasis>. You can delete the value of this attribute.</para>
</listitem>
</itemizedlist>
</para>
</footnote>
</th>
<th>Default Value</th>
<th>Validation Constraints</th>
<th>Notes</th>
</tr>
</thead>
<tbody>
<tr>
<td>id</td>
<td>uuid-str</td>
<td>N/A</td>
<td>R</td>
<td>generated</td>
<td>N/A</td>
<td>Unique identifier for the Firewall Policy object.</td>
</tr>
<tr>
<td>tenant_id</td>
<td>uuid-str</td>
<td>Yes</td>
<td>CR</td>
<td>Derived from Authentication token</td>
<td>N/A</td>
<td>Owner of the Firewall Policy. Only admin users can
specify a tenant identifier other than their own.</td>
</tr>
<tr>
<td>name</td>
<td>String</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>N/A</td>
<td>Human readable name for the Firewall Policy (255
characters limit). Does not have to be unique.</td>
</tr>
<tr>
<td>description</td>
<td>String</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>N/A</td>
<td>Human readable description for the Firewall Policy (1024
characters limit)</td>
</tr>
<tr>
<td>shared</td>
<td>Bool</td>
<td>No</td>
<td>CRU</td>
<td>false</td>
<td>{true | false}</td>
<td>When set to True makes this Firewall Policy visible
to tenants other than its owner.</td>
</tr>
<tr>
<td>firewall_rules</td>
<td>List</td>
<td>No</td>
<td>CRU</td>
<td>Empty list</td>
<td>JSON list of Firewall Rule uuids</td>
<td>This is an ordered list of Firewall Rule uuids.
The Firewall applies the rules in the order in
which they appear in this list.</td>
</tr>
<tr>
<td>audited</td>
<td>Bool</td>
<td>No</td>
<td>CRU</td>
<td>false</td>
<td>{true | false}</td>
<td>When set to True by the policy owner indicates
that the Firewall Policy has been audited. This
attribute is meant to aid in the firewall
policy audit workflows. Each time the Firewall
Policy or the associated Firewall Rules are
changed, this attribute will be set to False and
will have to be explicitly set to True through an
update operation.</td>
</tr>
</tbody>
</table>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_policy_list">
<title>List Firewall Policies</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&GET;
</td>
<td>/fw/firewall_policies</td>
<td>List Firewall Policies.</td>
</tr>
</tbody>
</informaltable>
<simpara>Normal Response Code:
<returnvalue>200</returnvalue>
</simpara>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Forbidden (<errorcode>403</errorcode>)
</simpara>
<para>This operation does not require a request body.</para>
<para>This operation returns a response body.</para>
<example>
<title>List Firewall Policies: Request</title>
<programlisting>
GET /v2.0/fw/firewall_policies.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
</example>
<example>
<title>List Firewall Policies: Response</title>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policies-list-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_policy_show">
<title>Show Firewall Policy</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&GET;
</td>
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter></td>
<td>Returns details about a specific Firewall Policy.</td>
</tr>
</tbody>
</informaltable>
<simpara>Normal Response Code:
<returnvalue>200</returnvalue>
</simpara>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Not Found (<errorcode>404</errorcode>)
</simpara>
<para>This operation does not require a request body.</para>
<para>This operation returns a response body.</para>
<example>
<title>Show Firewall Policy: Request</title>
<programlisting>
GET /v2.0/fw/firewall_policies/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
</example>
<example>
<title>Show Firewall Policy: Response</title>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-show-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_policy_create">
<title>Create Firewall Policy</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&POST;</td>
<td>/fw/firewall_policies</td>
<td>Creates a new Firewall Policy.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>201</returnvalue>
</para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>).</simpara>
<para>This operation requires a request body.</para>
<para>This operation returns a response body.</para>
<example>
<title>Create Firewall Policy: Request</title>
<programlisting>
POST /v2.0/fw/firewall_policies.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-create-req.json" parse="text"/></programlisting>
</example>
<example>
<title>Create Firewall Policy: Response</title>
<programlisting>
HTTP/1.1 201 Created
Content-Type: application/json; charset=UTF-8
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-create-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_policy_update">
<title>Update Firewall Policy</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&PUT;</td>
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter></td>
<td>Updates a Firewall Policy.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Not Found (<errorcode>404</errorcode>)</simpara>
<example>
<title>Update Firewall Policy: Request</title>
<programlisting>
PUT /v2.0/fw/firewall_policies/41bfef97-af4e-4f6b-a5d3-4678859d2485.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-update-req.json" parse="text"/></programlisting>
</example>
<example>
<title>Update Firewall Policy: Response</title>
<programlisting>
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-update-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_policy_delete">
<title>Delete Firewall Policy</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&DELETE;</td>
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter></td>
<td>Removes a Firewall Policy.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>204</returnvalue>
</para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Not Found (<errorcode>404</errorcode>), Conflict (<errorcode>409
</errorcode>). Conflict error code is returned the firewall policy
is in use.</simpara>
<para>This operation does not require a request body.</para>
<para>This operation does not return a response body.</para>
<example>
<title>Delete Firewall Policy: Request</title>
<programlisting>
DELETE /v2.0/fw/firewall_policies/1be5e5f7-c45e-49ba-85da-156575b60d50.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
</example>
<example>
<title>Delete Firewall Policy: Response</title>
<programlisting>
HTTP/1.1 204 No Content
Content-Length: 0
</programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_policy_insert_rule">
<title>Positionally inserting a Firewall Rule in a Firewall Policy</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&PUT;</td>
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter>/insert_rule</td>
<td>Inserts a Firewall Rule in a Firewall Policy relative to the position of other rules.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Bad Request (<errorcode>400</errorcode>), Not Found (<errorcode>404</errorcode>).
Bad Request error is returned in the case the rule information is missing.</simpara>
<example>
<title>Insert Firewall Rule in Firewall Policy: Request</title>
<programlisting>
PUT /v2.0/fw/firewall_policies/41bfef97-af4e-4f6b-a5d3-4678859d2485/insert_rule.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-insert-rule-req.json" parse="text"/></programlisting>
</example>
<example>
<title>Insert Firewall Rule in Firewall Policy: Response</title>
<programlisting>
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-insert-rule-res.json" parse="text"/></programlisting>
</example>
<para>insert_before and insert_after parameters refer to firewall rule uuids
already associated with the firewall policy. firewall_rule_id refers to
uuid of the rule being inserted. insert_before takes precedence over
insert_after and if neither is specified, firewall_rule_is is inserted
at the first position.</para>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_policy_remove_rule">
<title>Removing a Firewall Rule from a Firewall Policy</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&PUT;</td>
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter>/remove_rule</td>
<td>Removes a Firewall Rule from a Firewall Policy.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Bad Request (<errorcode>400</errorcode>), Not Found (<errorcode>404</errorcode>).
Bad Request error is returned if the rule information is missing or when a
firewall rule is tried to be removed from a firewall policy to which it is
not associated.</simpara>
<example>
<title>Remove Firewall Rule from Firewall Policy: Request</title>
<programlisting>
PUT /v2.0/fw/firewall_policies/41bfef97-af4e-4f6b-a5d3-4678859d2485/remove_rule.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-remove-rule-req.json" parse="text"/></programlisting>
</example>
<example>
<title>Remove Firewall Rule from Firewall Policy: Response</title>
<programlisting>
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-remove-rule-res.json" parse="text"/></programlisting>
</example>
</section>
</section> <!-- end of firewall policy section-->
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall">
<title>Firewall Operations</title>
<para>This section discusses operations for managing a Firewall
through this extension.
</para>
<table rules="all">
<caption>Firewall Attributes</caption>
<col width="20%"/>
<col width="8%"/>
<col width="10%"/>
<col width="7%"/>
<col width="15%"/>
<col width="15%"/>
<col width="25%"/>
<thead>
<tr>
<th>Attribute</th>
<th>Type</th>
<th>Required</th>
<th>CRUD
<footnote xml:id="fwaas_firewall_crud_note">
<para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">C</emphasis>. Use the attribute in create operations.</para>
</listitem>
<listitem>
<para><emphasis role="bold">R</emphasis>. This attribute is returned in response to show and list operations.</para>
</listitem>
<listitem>
<para><emphasis role="bold">U</emphasis>. You can update the value of this attribute.</para>
</listitem>
<listitem>
<para><emphasis role="bold">D</emphasis>. You can delete the value of this attribute.</para>
</listitem>
</itemizedlist>
</para>
</footnote>
</th>
<th>Default Value</th>
<th>Validation Constraints</th>
<th>Notes</th>
</tr>
</thead>
<tbody>
<tr>
<td>id</td>
<td>uuid-str</td>
<td>N/A</td>
<td>R</td>
<td>generated</td>
<td>N/A</td>
<td>Unique identifier for the Firewall object.</td>
</tr>
<tr>
<td>tenant_id</td>
<td>uuid-str</td>
<td>Yes</td>
<td>CR</td>
<td>Derived from Authentication token</td>
<td>N/A</td>
<td>Owner of the Firewall. Only admin users can
specify a tenant identifier other than their own.</td>
</tr>
<tr>
<td>name</td>
<td>String</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>N/A</td>
<td>Human readable name for the Firewall (255
characters limit). Does not have to be unique.</td>
</tr>
<tr>
<td>description</td>
<td>String</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>N/A</td>
<td>Human readable description for the Firewall (1024
characters limit)</td>
</tr>
<tr>
<td>admin_state_up</td>
<td>Bool</td>
<td>N/A</td>
<td>CRU</td>
<td>true</td>
<td>{true | false }</td>
<td>Administrative state of the Firewall. If false
(down), firewall does not forward packets and will
drop all traffic to/from VMs behind the firewall.</td>
</tr>
<tr>
<td>status</td>
<td>String</td>
<td>N/A</td>
<td>R</td>
<td>N/A</td>
<td>N/A</td>
<td>Indicates whether Firewall resource is currently
operational. Possible values include:
ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE,
PENDING_UPDATE, or PENDING_DELETE.</td>
</tr>
<tr>
<td>shared</td>
<td>Bool</td>
<td>No</td>
<td>CRU</td>
<td>false</td>
<td>{true | false}</td>
<td>When set to True makes this Firewall Rule visible
to tenants other than its owner, and can be used
in Firewall Policies not owned by its tenant.</td>
</tr>
<tr>
<td>firewall_policy_id</td>
<td>uuid-str</td>
<td>No</td>
<td>CRU</td>
<td>None</td>
<td>valid Firewall Policy uuid</td>
<td>The Firewall Policy uuid that this Firewall
is associated with. This Firewall will implement
the rules contained in the Firewall Policy
represented by this uuid.</td>
</tr>
</tbody>
</table>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_list">
<title>List Firewalls</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&GET;
</td>
<td>/fw/firewalls</td>
<td>List Firewalls.</td>
</tr>
</tbody>
</informaltable>
<simpara>Normal Response Code:
<returnvalue>200</returnvalue>
</simpara>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>)</simpara>
<para>This operation does not require a request body.</para>
<para>This operation returns a response body.</para>
<example>
<title>List Firewalls: Request</title>
<programlisting>
GET /v2.0/fw/firewalls.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
</example>
<example>
<title>List Firewalls: Response</title>
<programlisting language="json"><xi:include href="samples/firewall/firewalls-list-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_show">
<title>Show Firewall</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&GET;
</td>
<td>/fw/firewalls/<parameter>firewall-id</parameter></td>
<td>Returns details about a specific Firewall.</td>
</tr>
</tbody>
</informaltable>
<simpara>Normal Response Code:
<returnvalue>200</returnvalue>
</simpara>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Forbidden (<errorcode>403</errorcode>), Not Found (<errorcode>404</errorcode>)
</simpara>
<para>This operation does not require a request body.</para>
<para>This operation returns a response body.</para>
<example>
<title>Show Firewall: Request</title>
<programlisting>
GET /v2.0/fw/firewalls/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
</example>
<example>
<title>Show Firewall: Response</title>
<programlisting language="json"><xi:include href="samples/firewall/firewall-show-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_create">
<title>Create Firewall</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&POST;</td>
<td>/fw/firewalls</td>
<td>Creates a new Firewall.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>201</returnvalue>
</para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Bad Request (<errorcode>400</errorcode>)</simpara>
<para>This operation requires a request body.</para>
<para>This operation returns a response body.</para>
<example>
<title>Create Firewall: Request</title>
<programlisting>
POST /v2.0/fw/firewalls.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall-create-req.json" parse="text"/></programlisting>
</example>
<example>
<title>Create Firewall: Response</title>
<programlisting>
HTTP/1.1 201 Created
Content-Type: application/json; charset=UTF-8
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall-create-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_update">
<title>Update Firewall</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&PUT;</td>
<td>/fw/firewalls/<parameter>firewall-id</parameter></td>
<td>Updates a Firewall, provided status is not indicating a PENDING_* state.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Bad Request (<errorcode>400</errorcode>), Not Found (<errorcode>404</errorcode>)</simpara>
<example>
<title>Update Firewall: Request</title>
<programlisting>
PUT /v2.0/fw/firewalls/41bfef97-af4e-4f6b-a5d3-4678859d2485.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall-update-req.json" parse="text"/></programlisting>
</example>
<example>
<title>Update Firewall: Response</title>
<programlisting>
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
</programlisting>
<programlisting language="json"><xi:include href="samples/firewall/firewall-update-res.json" parse="text"/></programlisting>
</example>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas_ext_ops_firewall_delete">
<title>Delete Firewall</title>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="20%"/>
<col width="60%"/>
<thead>
<tr>
<td>Verb</td>
<td>URI</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>&DELETE;</td>
<td>/fw/firewalls/<parameter>firewall-id</parameter></td>
<td>Removes a Firewall.</td>
</tr>
</tbody>
</informaltable>
<para>Normal Response Code: <returnvalue>204</returnvalue>
</para>
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
Not Found (<errorcode>404</errorcode>)</simpara>
<para>This operation does not require a request body.</para>
<para>This operation does not return a response body.</para>
<example>
<title>Delete Firewall: Request</title>
<programlisting>
DELETE /v2.0/fw/firewalls/1be5e5f7-c45e-49ba-85da-156575b60d50.json
User-Agent: python-neutronclient
Accept: application/json
</programlisting>
</example>
<example>
<title>Delete Firewall: Response</title>
<programlisting>
HTTP/1.1 204 No Content
Content-Length: 0
</programlisting>
</example>
</section>
</section> <!-- end of firewall section-->
<?hard-pagebreak?>
</section> <!-- end of fwaas section -->