Merge pull request #49 from jaredhendrickson13/firewall_fixes

Firewall endpoint adjustments

Author: jaredhendrickson13

README.md

@@ -886,14 +886,6 @@ URL: https://{{$hostname}}/api/v1/firewall/alias
 
 
 
-***Query params:***
-
-| Key | Value | Description |
-| --- | ------|-------------|
-| id | string | Name of alias to delete. This alias must NOT be in use elsewhere in configuration |
-
-
-
 ***Body:***
 
 ```js        
@@ -1741,8 +1733,8 @@ URL: https://{{$hostname}}/api/v1/firewall/rule
 | icmptype | string or array | Set the ICMP subtype of the firewall rule. Multiple values may be passed in as array, single values may be passed as string. _Only available when `protocol` is set to `icmp`. If `icmptype` is not specified all subtypes are assumed_ |
 | src | string | Set the source address of the firewall rule. This may be a single IP, network CIDR, alias name, or interface. When specifying an interface, you may use the physical interface ID, the descriptive interfance name, or the pfSense ID. To use only interface address, add `ip` to the end of the interface name otherwise the entire interface's subnet is implied. To negate the context of the source address, you may prepend the address with `!` |
 | dst | string | Set the destination address of the firewall rule. This may be a single IP, network CIDR, alias name, or interface. When specifying an interface, you may use the physical interface ID, the descriptive interface name, or the pfSense ID. To only use interface address, add `ip` to the end of the interface name otherwise the entire interface's subnet is implied. To negate the context of the source address, you may prepend the address with `!` |
-| srcport | string or integer | Set the TCP and/or UDP source port of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` |
-| dstport | string or integer | Set the TCP and/or UDP destination port of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` |
+| srcport | string or integer | Set the TCP and/or UDP source port or port alias of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` |
+| dstport | string or integer | Set the TCP and/or UDP destination port or port alias of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` |
 | gateway | string | Set the routing gateway traffic will take upon match (optional) |
 | disabled | boolean | Disable the rule upon creation (optional) |
 | descr | string | Set a description for the rule (optional) |
@@ -1868,9 +1860,9 @@ URL: https://{{$hostname}}/api/v1/firewall/rule
 | icmptype | string or array | Update the ICMP subtype of the firewall rule. Multiple values may be passed in as array, single values may be passed as string. _Only available when `protocol` is set to `icmp`. If `icmptype` is not specified all subtypes are assumed_ (optional) |
 | src | string | Update the source address of the firewall rule. This may be a single IP, network CIDR, alias name, or interface. When specifying an interface, you may use the physical interface ID, the descriptive interfance name, or the pfSense ID. To use only interface address, add `ip` to the end of the interface name otherwise the entire interface's subnet is implied. To negate the context of the source address, you may prepend the address with `!` (optional) |
 | dst | string | Update the destination address of the firewall rule. This may be a single IP, network CIDR, alias name, or interface. When specifying an interface, you may use the physical interface ID, the descriptive interface name, or the pfSense ID. To only use interface address, add `ip` to the end of the interface name otherwise the entire interface's subnet is implied. To negate the context of the source address, you may prepend the address with `!` (optional) |
-| srcport | string or integer | Update the TCP and/or UDP source port of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` (optional) |
-| dstport | string or integer | Update the TCP and/or UDP destination port of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` |
-| gateway | string | UPdate the routing gateway traffic will take upon match (optional) |
+| srcport | string or integer | Update the TCP and/or UDP source port or port alias of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` (optional) |
+| dstport | string or integer | Update the TCP and/or UDP destination port or port alias of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` |
+| gateway | string | Update the routing gateway traffic will take upon match (optional) |
 | disabled | boolean | Disable the rule upon modification (optional) |
 | descr | string | Update the description of the rule (optional) |
 | log | boolean | Enable rule matched logging (optional) |

docs/documentation.json

@@ -1980,7 +1980,7 @@
 										{
 											"key": "type",
 											"value": "string",
-											"description": "Change type of alias (optional)",
+											"description": "Change type of alias. Alias type can only be changed when the targetted alias is not in use (optional)",
 											"disabled": true
 										},
 										{
@@ -2022,7 +2022,7 @@
 									}
 								},
 								"url": {
-									"raw": "https://{{$hostname}}/api/v1/firewall/alias?id=string",
+									"raw": "https://{{$hostname}}/api/v1/firewall/alias",
 									"protocol": "https",
 									"host": [
 										"{{$hostname}}"
@@ -2037,7 +2037,8 @@
 										{
 											"key": "id",
 											"value": "string",
-											"description": "Name of alias to delete. This alias must NOT be in use elsewhere in configuration"
+											"description": "Name or ID of alias to delete. This alias cannot be in use elsewhere in configuration",
+											"disabled": true
 										}
 									]
 								},
@@ -2174,12 +2175,12 @@
 										{
 											"key": "srcport",
 											"value": "string or integer",
-											"description": "Set the TCP and/or UDP source port of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp`"
+											"description": "Set the TCP and/or UDP source port or port alias of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp`"
 										},
 										{
 											"key": "dstport",
 											"value": "string or integer",
-											"description": "Set the TCP and/or UDP destination port of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp`"
+											"description": "Set the TCP and/or UDP destination port or port alias of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp`"
 										},
 										{
 											"key": "gateway",
@@ -2287,17 +2288,17 @@
 										{
 											"key": "srcport",
 											"value": "string or integer",
-											"description": "Update the TCP and/or UDP source port of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` (optional)"
+											"description": "Update the TCP and/or UDP source port or port alias of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp` (optional)"
 										},
 										{
 											"key": "dstport",
 											"value": "string or integer",
-											"description": "Update the TCP and/or UDP destination port of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp`"
+											"description": "Update the TCP and/or UDP destination port or port alias of the firewall rule. This is only necessary if you have specified the `protocol` to `tcp`, `udp`, `tcp/udp`"
 										},
 										{
 											"key": "gateway",
 											"value": "string",
-											"description": "UPdate the routing gateway traffic will take upon match (optional)"
+											"description": "Update the routing gateway traffic will take upon match (optional)"
 										},
 										{
 											"key": "disabled",

pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc

@@ -1212,7 +1212,7 @@ function get($id, $data=[], $all=false) {
             "status" => "bad request",
             "code" => 400,
             "return" => $id,
-            "message" => "Firewall alias name must be type string"
+            "message" => "Invalid firewall alias name"
         ],
         4054 => [
             "status" => "bad request",
@@ -1254,7 +1254,7 @@ function get($id, $data=[], $all=false) {
             "status" => "bad request",
             "code" => 400,
             "return" => $id,
-            "message" => "Invalid firewall alias port"
+            "message" => "Invalid firewall alias port or port range"
         ],
         4061 => [
             "status" => "bad request",
@@ -1530,7 +1530,19 @@ function get($id, $data=[], $all=false) {
             "status" => "bad request",
             "code" => 400,
             "return" => $id,
-            "message" => "Alias details cannot contain more items than alias addresses"
+            "message" => "Firewall alias details cannot contain more items than alias addresses"
+        ],
+        4107 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "Firewall alias type cannot be changed while in use"
+        ],
+        4108 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "Firewall alias cannot be deleted while in use"
         ],
 
         //5000-5999 reserved for /users API calls

pfSense-pkg-API/files/etc/inc/api/framework/APITools.inc

@@ -593,8 +593,6 @@ function alias_in_use($alias_name) {
     alias_find_references(array('nat', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by);
     alias_find_references(array('nat', 'rule'), array('local-port'), $alias_name, $is_alias_referenced, $referenced_by);
     // NAT 1:1 Rules
-    //alias_find_references(array('nat', 'onetoone'), array('external'), $alias_name, $is_alias_referenced, $referenced_by);
-    //alias_find_references(array('nat', 'onetoone'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
     alias_find_references(array('nat', 'onetoone'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
     // NAT Outbound Rules
     alias_find_references(array('nat', 'outbound', 'rule'), array('source', 'network'), $alias_name, $is_alias_referenced, $referenced_by);