Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pf-sense-api-client

    Scheduled Pinned Locked Moved Multi-Instance Management
    16 Posts 3 Posters 2.1k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      philippe richard @marcosm
      last edited by philippe richard

      @marcosm
      Hello, thank you for your response.

      I am experiencing a problem with updating an alias by its ID. The authentication part is working correctly: I can list aliases and retrieve their IDs. However, when I try to update an alias using its ID, I get an error code stating that the alias name does not exist.

      Here is the code example:

      alias_id = "25"  # Remplacez par l'identifiant réel
      nouvel_alias = FWAlias(name="TEST_API",)
      update_req = FWUpdateAliasreq(alias=nouvel_alias, id=alias_id)
      result = firewall_update_alias.sync(client=devApi, id=alias_id, body=update_req)
      print(result)_text
      

      the error message:
      Error(errcode=400, errlevel=<pfapi.types.Unset object at 0x7d55248423c0>, errmsg='name missing', alerts=<pfapi.types.Unset object at 0x7d55248423c0>, additional_properties={})

      and the logs on the pfSense:
      2025-09-03 15:17:09.000000-04:00 pfnet-controller 36252 WARNING 54631 [x.x.x.x:38678] POST /api/aliases/25 (DONE 0.513ms) ERROR: name missing
      2025-09-03 15:17:09.000000-04:00 pfnet-controller 36252 Updating alias name: , ID: 25...
      2025-09-03 15:17:09.000000-04:00 pfnet-controller 36252 > {"alias": {"name": "TEST_API"}, "id": "25"}
      2025-09-03 15:17:09.000000-04:00 pfnet-controller 36252 DEBUG 54631 [x.x.x.x:38678] POST /api/aliases/25

      1 Reply Last reply Reply Quote 0
      • M Offline
        marcosm Netgate
        last edited by

        What pfSense version is that on?

        P 1 Reply Last reply Reply Quote 0
        • P Offline
          philippe richard @marcosm
          last edited by

          @marcosm said in pf-sense-api-client:

          What pfSense version is that on?

          25.07.1-RELEASE (amd64)

          1 Reply Last reply Reply Quote 0
          • M Offline
            marcosm Netgate
            last edited by

            Are you trying to update it using the index number? If so, try using the name; aliases are now identified by their name rather than the index number.

            P 2 Replies Last reply Reply Quote 0
            • P Offline
              philippe richard @marcosm
              last edited by

              @marcosm
              Hello, do you want me to put the alias name in here?

              firewall_update_alias.sync(client=devApi, id=**TEST_API**, body=update_req)
              
              1 Reply Last reply Reply Quote 0
              • P Offline
                philippe richard @marcosm
                last edited by philippe richard

                @marcosm said in pf-sense-api-client:

                Are you trying to update it using the index number? If so, try using the name; aliases are now identified by their name rather than the index number.

                Yes, I was updating it using its ID number. If I change the ID to the name, I still get the same error.

                2025-09-04 16:13:23.000000-04:00 pfnet-controller 2646 WARNING 43643 [x.x.x.x:34302] POST /api/aliases/TEST_API (DONE 1.378ms) ERROR: name missing
                2025-09-04 16:13:23.000000-04:00 pfnet-controller 2646 Updating alias name: , ID: 25...
                2025-09-04 16:13:23.000000-04:00 pfnet-controller 2646 > {"alias": {"name": "TEST_API"}, "id": "TEST_API"}

                L 1 Reply Last reply Reply Quote 0
                • L Offline
                  ldangpfng @philippe richard
                  last edited by

                  The schema definition was out of sync with the handler; it expects the direct alias structure instead of a nested one. Please pull the repo again and test; you'll need a bit of change in the code:

                  existing_name="a1"
                  update_req = FWUpdateAliasReq(name=existing_name, descr="update-descr")
                  result  = firewall_update_alias.sync(client=devApi, id=existing_name, body=update_req)
                  print(result)
                  

                  A hint on checking if the code in the repository is doing the right thing is to test out what the GUI provides in the request - use the web browser dev-tools Network tab. If what you send doesn't match then we have a glitch in the schema definition that needs resolving.

                  thanks for testing.

                  P 1 Reply Last reply Reply Quote 1
                  • P Offline
                    philippe richard @ldangpfng
                    last edited by philippe richard

                    @ldangpfng
                    Hello,

                    Thank you for your feedback, it's working... but only halfway.

                    If I modify the code as in your example, by putting 'update_req = FWUpdateAliasReq(name=existing_name, descr="update-descr")', the description is updated, but all the other fields become empty.

                    It's as if the request obliges you to include all fields, and not just the one you want to modify.

                    L 1 Reply Last reply Reply Quote 0
                    • L Offline
                      ldangpfng @philippe richard
                      last edited by

                      @philippe-richard

                      In general, yes: get the existing values, modify, and then post changes. Some functions don't need all of that and do update-only-values-provided type of thing. A lot of the input values are an attempt to map the API set to the backend configuration, a significant number of them can be confusing (because config.xml is schemaless) and more work needs to be done to make them friendlier with more abstractions.

                      Well aware that the API schema lacks usage descriptions for many structures and endpoints, and we're working on putting that into the schema.

                      P 2 Replies Last reply Reply Quote 0
                      • P Offline
                        philippe richard @ldangpfng
                        last edited by

                        @ldangpfng
                        Hello,

                        thank you for your response.

                        I will continue to use them while keeping in mind that some queries might not work.

                        Therefore, you will likely receive new questions from me when that happens.

                        1 Reply Last reply Reply Quote 0
                        • P Offline
                          philippe richard @ldangpfng
                          last edited by

                          @ldangpfng
                          Hello,

                          I'm currently testing the insert_firewall_rule function and I'm getting the following error:

                          Error(errcode=400, errlevel=<pfapi.types.Unset object at 0x7f4b2854a210>, errmsg='failed to insert rule: insert rule error: unable to find insertion point', alerts=<pfapi.types.Unset object at 0x7f4b2854a210>, additional_properties={})
                          

                          If I'm not mistaken, this error indicates that the system is unable to find the insertion point for the rule. Where should this reference ID be placed? Should it be in the request ?

                          insert_firewall_rule.sync(client=devApi, interface="TI", body=firewall_instance, id="6")
                          

                          Additionally, in the InsertFilterRule model, there's a reference=str value. What exactly is this reference?

                          Thank you in advance for your help.

                          L 1 Reply Last reply Reply Quote 0
                          • L Offline
                            ldangpfng @philippe richard
                            last edited by

                            A rule insertion can be placed at the end (AppendFirewallRule()) or before/after a specific rule (specified by its id) with InsertFirewallRule(). The id is label given to each rule item when you retrieve the list of rules.

                            8fbbe0ad-871c-40a5-b308-ee99d59c1df9-image.png

                            The after attribute to the InsertFirewallRule call tells the handler whether you want to put it before or after the provided id.

                            Ignore reference=str value, it is a stale field that needs to be removed because the query string for id is intended for this.

                            P 1 Reply Last reply Reply Quote 0
                            • P Offline
                              philippe richard @ldangpfng
                              last edited by

                              @ldangpfng
                              Hello,

                              thank you for your response.

                              Actually, the ID that needs to be entered is the one of the style "opt1_1757505116", and not the one that appears in the browser's URL when you edit a rule, which looks like "firewall_rules_edit.php?id=7".
                              Now that I have corrected my mistake, it works.

                              Thank you again.

                              L 1 Reply Last reply Reply Quote 0
                              • L Offline
                                ldangpfng @philippe richard
                                last edited by

                                @philippe-richard

                                use the new UI (by default it listens on port 8443), which will let you see the API calls, similar to the screenshot of the web devtools above, where the id is derived from a unique value of the rule entry. This is unlike the PHP pages which do not have an API and assume one admin accessing the page at any time, so submitting from *_edit.php?id=7 could end up hitting the wrong entry if two people are modifying the rules at the same time.

                                1 Reply Last reply Reply Quote 1
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.