#
Rule
#
Rule
| Name | Type | Description |
|---|---|---|
id |
String | Unique identifier of this rule |
action |
String | Rule action, possible values: allow block timelimit, defaults to block |
target |
The target of this rule | |
direction |
String | Direction of the traffic this rule applies to. Possible values: bidirection inbound outbound, defaults to bidirection |
gid |
String optional | ID of the Firewalla box that this rule applies to |
group |
String optional | ID of the Firewalla box group that this rule applies to, defaults to global. If neither gid nor group is provided, this rule applies to all boxes under current MSP, including boxes added in the future |
scope |
The local aspect this rule applies to, unset for all devices | |
notes |
String optional | Readable notes for this rule |
status |
String optional | Status of this rule, possible values: active paused |
hit |
Rule hit stats Upcoming | |
schedule |
Schedule of this rule, unset for always active | |
timeUsage |
Details of time limit rules. Available when action == 'timelimit' |
|
protocol |
String optional | Protocol of the traffic, matches together with tcp udp, unset for both. |
ts |
Number | A Unix timestamp that states the rule creation time |
updateTs |
Number | A Unix timestamp that states the last rule update time |
resumeTs |
Number optional | A Unix timestamp that states the auto resume time when this rule is paused Available when status == 'paused' |
#
Target
| Name | Type | Description |
|---|---|---|
type |
String | Type of target this rule matches, possible values: app category domain internet intranet ip net region remotePort targetlist |
value |
String | Target descriptor, see |
dnsOnly |
Boolean optional | Option flag indicates whether this rule uses only DNS to block. For domain rules, Firewalla uses both DNS and domain-IP mapping to identify traffic. If this flag is set, this rule applies only to DNS traffic. Available when type in ['targetlist', 'domain'] && action == 'block'. |
port |
String optional | Port number or a range of ports of the target, matches together with target descriptor when set. Available when type in ['domain', 'ip', 'net'] |
#
Scope
| Name | Type | Description |
|---|---|---|
type |
String | Scope type this rule applies to, possible values: device group user network |
value |
String | Scope descriptor, see |
port |
String optional | Port number or a range of ports of scope, matches together with scope descriptor when set. |
#
Hit
| Name | Type | Description |
|---|---|---|
count |
Number | Number of hits |
lastHitTs |
Number | Timestamp of the last hit |
statsResetTs |
Number optional | Timestamp of the hit info reset |
#
Schedule
| Name | Type | Description |
|---|---|---|
duration |
Number | Time (in seconds) that this rule takes effect after activation time. This affects both one time rule and recurring rule, must present when cronTime is set |
cronTime |
String optional | Activation time of this rule, in format of a cron job. For details, check the date and time section of cron manual |
#
TimeUsage
| Name | Type | Description |
|---|---|---|
quota |
Number | Time usage quota (in minutes) |
used |
Number | Time used (in minutes) |
#
Target Type And Value Mapping
type |
value |
Description |
|---|---|---|
app |
app id | Application ID. The API of getting App list is coming |
category |
category code | Category code. Possible values drugs games gamble p2p porn social shopping video violence vpn |
domain |
domain name | Domain name e.g., example.com |
internet |
always unset | The Internet in most scenarios, but this actually matches all traffic routed through the WAN port(s) of Firewalla |
intranet |
unset or network ID | A part of all of Firewalla's local network, which matches all traffic that isn't routed through WAN port(s). This can be set to a Network ID to match a specific local network or unset for all local networks |
ip |
ip address | IP address e.g., 192.168.0.1 |
net |
network address | Network address in CIDR notation e.g., 192.168.0.0/24 |
region |
region code | Region code, a 2-letter ISO 3166 code e.g., US |
remotePort |
port number or a range of ports | Port number or a range of ports e.g., 443 or 440-443 |
targetlist |
targetlist id | Targetlist identifier Target-List |
#
Scope Type And Value Mapping
type |
value |
Description |
|---|---|---|
device |
device ID | Device identifier Device |
group |
group ID | Group identifier |
user |
user ID | User identifier |
network |
network ID | Network identifier |