This method will create a new Access Control Group Entry (allow/deny rule) within the specified Access Control Group ID specified.
The {IPType} is either “IPv4” or “IPv6”
The {ACLID} is the ID of the group which can be retrieved by obtaining the entire list of Access Control Groups
| Parameter | Data Type |
| Comment | “string” |
| Enabled | “true” or “false” – “true” enables this rule and “false” disables this rule |
| Action | “true” or “false” – “true” makes this entry an ALLOW rule and “false” makes this entry a DENY rule |
| Protocol | “ALL”, “TCP”, “UDP” or “ICMP” |
| SourceIPOperation | “true” or “false” – Do not send this value to include all source IPs. true = “equal” or a positive match, and false = “does not equal” or a negative match |
| SourceIPHigh | “ip address” e.g. 203.0.113.1 |
| SourceIPLow | “ip address” e.g. 203.0.113.1 |
| SourcePortOperation | “true” or “false” – Do not send this value to match all source ports. true = “equal” or a positive match, and false = “does not equal” or a negative match |
| SourcePortLow | “integer” e.g. “443” do not send this value if you wish to the rule to consider all ports, which is desirable when blocking an entire IP |
| SourcePortHigh | “integer” e.g. “445” do not send this value or SourcePortLow if you wish to the rule to consider all ports |
| DestinationPortOperation | “true” or “false” – Do not send this value to match all destination ports. true = “equal” or a positive match, and false = “does not equal” or a negative match |
| DestinationPortLow | “integer” e.g. “443” do not send this value if you wish to the rule to consider all ports |
| DestinationPortHigh | “integer” e.g. “445” do not send this value if you wish to the rule to consider all ports |
| ICMPMessageCode | “integer” e.g. 0, 3, 5, 8, 9, 10, 11, 12, 13, 14 – If Protocol is ICMP, this value is required |
| ICMPMessageType | “integer” e.g. 0 through 15 – If Protocol is ICMP, this value is required |
| CompanyID | “GUID” – optional, but required if reseller mode is enabled |
Sample CURL for creating a new entry in ACL Group ddec85b0-759d-4ab0-a326-46e3b3b450bb to simply block an IP of 192.0.2.1
curl -u username:password -X POST -H “Accept: application/json” “ALF/Firewall/AccessControl/IPv4/ddec85b0-759d-4ab0-a326-46e3b3b450bb”
The JSON in the body required would be:{
“Comment”: “Deny all from 192.0.2.1”,
“Enabled”: true,
“Protocol”: “ALL”,
“SourceIPOperation”: “True”,
“SourceIPHigh”: “192.0.2.1”,
“SourceIPLow”: “192.0.2.1”
}The response would say success or failure, and if success you will see an AccessControlID value which you may want to save for easy updating or removal later.