Skip to main content
API Version:
v0.40v0.39v0.38next

Anapaya appliance configuration (firewall only)

firewall object

The necessary configuration data for firewalling the Anapaya appliance.

modestring

The firewall mode declares how the appliance handles firewall rules. Depending on the mode, the appliance either generates a default set of rules, prepends some custom rules, or uses only the specified custom rules.

Possible values: [AUTO, PREPEND, CUSTOM, UNMANAGED]

tables object[]

The list of nftables tables on the Anapaya appliance. The usage of the list depends on the firewall mode.

  • Array [
    • chains object[]

    Chains defined within the nftables table.

  • Array [
    • chaintypestring

    The type and usage of the chain. This must be set for base chains and unset for regular chains.

    Possible values: [FILTER, ROUTE, NAT]

    hookstring

    The packet processing step during which the chain should be executed. This must be set for base chains and unset for regular chains. For more information on the chain hooks, please refer to https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_hooks.

    Possible values: [PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING]

    namestringrequired

    The name of the chain.

    policystring

    The default policy that will be applied to packets that reach the end of the chain. For more information on chain policies, please refer to https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_policy.

    Possible values: [ACCEPT, DROP]

    priorityinteger<int32>

    The priority of the chain. This must be set for base chains and unset for regular chains.

    rules object[]

    Rules defined as part of a chain within a firewall table.

  • Array [
    • commentstring

    Description, or comment, for the firewall rule.

    rulestringrequired

    The rule definition consists of expressions and statements in string format. The expressions are evaluated from left to right and if the packet matches the expressions the statement is executed. For information on the supported syntax for expressions and statements, please refer to https://wiki.nftables.org/wiki-nftables/index.php/Main_Page#Expressions:_Matching_packets and https://wiki.nftables.org/wiki-nftables/index.php/Main_Page#Statements:_Acting_on_packet_matches.

    sequence_idinteger<uint32>required

    The sequence ID determines the order in which sequence the firewall rules are applied. The sequence ID must be unique for each entry. Target devices apply the rules in order of ascending sequence ID (low to high).

    Example: 1
  • ]
  • ]
    • counters object[]

    Optional named counters defined within the nftables table.

  • Array [
    • namestringrequired

    The name of the counter.

  • ]
    • familystring

    The family type of the nftables. For more information on table families, please refer to https://wiki.nftables.org/wiki-nftables/index.php/Nftables_families.

    Possible values: [IP, IP6, INET]

    namestringrequired

    Name of the nftables table.

  • ]
    • Config_Firewall_Wrapped
    {
      "firewall": {
        "mode": "AUTO",
        "tables": [
          {
            "chains": [
              {
                "chaintype": "FILTER",
                "hook": "PREROUTING",
                "name": "string",
                "policy": "ACCEPT",
                "priority": 0,
                "rules": [
                  {
                    "comment": "string",
                    "rule": "string",
                    "sequence_id": 1
                  }
                ]
              }
            ],
            "counters": [
              {
                "name": "string"
              }
            ],
            "family": "IP",
            "name": "string"
          }
        ]
      }
    }