Chapter 7: Rules

Home Prev	cOS Core 15.00.01 REST API Guide	Next

Using the REST API, information about configured rules in cOS Core can be retrieved. The information is sent back by cOS Core in JSON format and consists of the values that can also be provided by using the cOS Core CLI, see command example under each rule type section below.

Sending the Request

To retrieve configured rule information, an HTTP GET should be sent. The URI values sent, depending on the type of rule, are as follows:

IP rules

Contains information about IP rules corresponding to the CLI command rules.
```
/api/oper/iprules
```
IP rulesets

Contains information about IP rules within a specified IP ruleset corresponding to the CLI command rules -type=ip -ruleset=<YourRuleset>.
```
/api/oper/iprules?ruleset=<YourRuleset>
```
IDP rules

Contains information about IDP rules corresponding to the CLI command rules -type=IDP.
```
/api/oper/idprules
```
Threshold rules

Contains information about Threshold rules corresponding to the CLI command rules -type=THRESHOLD.
```
/api/oper/thresholdrules
```
Pipe rules

Contains information about Pipe rules (also known as traffic shaping) corresponding to the CLI command rules -type=PIPE.
```
/api/oper/piperules
```
Routing rules

Contains information about Routing rules (Policy Based) corresponding to the CLI command rules -type=ROUTING.
```
/api/oper/routingrules
```

	Note: Regarding IP Rules and IP Policies
In the background, IP policies consist of one or more IP rules, depending on how they are configured. This is why there is no specific GET command for IP policies. There are two important points to consider in this context. 1. Up to three IP rules can be created for a single IP policy, depending on its configuration. However, each of these IP rules will share the same name as the IP policy. 2. Consequently, the index ID output will not correspond with the IP policy index number as displayed in the Web Interface or InControl.

Note: Regarding IP Rules and IP Policies

In the background, IP policies consist of one or more IP rules, depending on how they are configured. This is why there is no specific GET command for IP policies. There are two important points to consider in this context.

1. Up to three IP rules can be created for a single IP policy, depending on its configuration. However, each of these IP rules will share the same name as the IP policy.

2. Consequently, the index ID output will not correspond with the IP policy index number as displayed in the Web Interface or InControl.

An Example JSON Reply

Below is an example of a typical JSON reply for an IP rule set with a single entry:

{
	"error": false,
	"rules": [
	  {
		"index": 1,
		"name": "LANtoCORE_Ping",
		"filter": {
		  "src_if": "lan",
		  "src_net": "192.168.1.0/24",
		  "dst_if": "core",
		  "dst_net": "192.168.1.1",
		  "service": {
			"name": "main/1_ICMP_CORE",
			"details": "ICMP All"
		  }
		},
		"action": "Allow"
	  },
	  {
		"index": 2,
		"name": "GotoExtRuleset",
		"filter": {
		  "src_if": "G4",
		  "src_net": "192.168.10.0/24",
		  "dst_if": "core",
		  "dst_net": "192.168.10.1",
		  "service": {
			"name": "http",
			"details": "TCP ALL > 80, 443"
		  }
		},
		"action": "Goto",
		"goto_ruleset": "ExtRuleSet"
	  },
	  {
		"index": 3,
		"name": "LAN1toWAN_DNS",
		"filter": {
		  "src_if": "lan",
		  "src_net": "192.168.1.0/24",
		  "dst_if": "wan1",
		  "dst_net": "0.0.0.0/0",
		  "service": {
			"name": "main/3_DNS_OUT",
			"details": "TCP/UDP ALL > 53"
		  }
		},
		"action": "NAT"
	  }
	]
  }