Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pf-sense-api-client

    Scheduled Pinned Locked Moved Multi-Instance Management
    16 Posts 3 Posters 2.4k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      marcosm Netgate
      last edited by

      What pfSense version is that on?

      P 1 Reply Last reply Reply Quote 0
      • P Offline
        philippe richard @marcosm
        last edited by

        @marcosm said in pf-sense-api-client:

        What pfSense version is that on?

        25.07.1-RELEASE (amd64)

        1 Reply Last reply Reply Quote 0
        • M Offline
          marcosm Netgate
          last edited by

          Are you trying to update it using the index number? If so, try using the name; aliases are now identified by their name rather than the index number.

          P 2 Replies Last reply Reply Quote 0
          • P Offline
            philippe richard @marcosm
            last edited by

            @marcosm
            Hello, do you want me to put the alias name in here?

            firewall_update_alias.sync(client=devApi, id=**TEST_API**, body=update_req)
            
            1 Reply Last reply Reply Quote 0
            • P Offline
              philippe richard @marcosm
              last edited by philippe richard

              @marcosm said in pf-sense-api-client:

              Are you trying to update it using the index number? If so, try using the name; aliases are now identified by their name rather than the index number.

              Yes, I was updating it using its ID number. If I change the ID to the name, I still get the same error.

              2025-09-04 16:13:23.000000-04:00 pfnet-controller 2646 WARNING 43643 [x.x.x.x:34302] POST /api/aliases/TEST_API (DONE 1.378ms) ERROR: name missing
              2025-09-04 16:13:23.000000-04:00 pfnet-controller 2646 Updating alias name: , ID: 25...
              2025-09-04 16:13:23.000000-04:00 pfnet-controller 2646 > {"alias": {"name": "TEST_API"}, "id": "TEST_API"}

              L 1 Reply Last reply Reply Quote 0
              • L Offline
                ldangpfng @philippe richard
                last edited by

                The schema definition was out of sync with the handler; it expects the direct alias structure instead of a nested one. Please pull the repo again and test; you'll need a bit of change in the code:

                existing_name="a1"
                update_req = FWUpdateAliasReq(name=existing_name, descr="update-descr")
                result  = firewall_update_alias.sync(client=devApi, id=existing_name, body=update_req)
                print(result)
                

                A hint on checking if the code in the repository is doing the right thing is to test out what the GUI provides in the request - use the web browser dev-tools Network tab. If what you send doesn't match then we have a glitch in the schema definition that needs resolving.

                thanks for testing.

                P 1 Reply Last reply Reply Quote 1
                • P Offline
                  philippe richard @ldangpfng
                  last edited by philippe richard

                  @ldangpfng
                  Hello,

                  Thank you for your feedback, it's working... but only halfway.

                  If I modify the code as in your example, by putting 'update_req = FWUpdateAliasReq(name=existing_name, descr="update-descr")', the description is updated, but all the other fields become empty.

                  It's as if the request obliges you to include all fields, and not just the one you want to modify.

                  L 1 Reply Last reply Reply Quote 0
                  • L Offline
                    ldangpfng @philippe richard
                    last edited by

                    @philippe-richard

                    In general, yes: get the existing values, modify, and then post changes. Some functions don't need all of that and do update-only-values-provided type of thing. A lot of the input values are an attempt to map the API set to the backend configuration, a significant number of them can be confusing (because config.xml is schemaless) and more work needs to be done to make them friendlier with more abstractions.

                    Well aware that the API schema lacks usage descriptions for many structures and endpoints, and we're working on putting that into the schema.

                    P 2 Replies Last reply Reply Quote 0
                    • P Offline
                      philippe richard @ldangpfng
                      last edited by

                      @ldangpfng
                      Hello,

                      thank you for your response.

                      I will continue to use them while keeping in mind that some queries might not work.

                      Therefore, you will likely receive new questions from me when that happens.

                      1 Reply Last reply Reply Quote 0
                      • P Offline
                        philippe richard @ldangpfng
                        last edited by

                        @ldangpfng
                        Hello,

                        I'm currently testing the insert_firewall_rule function and I'm getting the following error:

                        Error(errcode=400, errlevel=<pfapi.types.Unset object at 0x7f4b2854a210>, errmsg='failed to insert rule: insert rule error: unable to find insertion point', alerts=<pfapi.types.Unset object at 0x7f4b2854a210>, additional_properties={})
                        

                        If I'm not mistaken, this error indicates that the system is unable to find the insertion point for the rule. Where should this reference ID be placed? Should it be in the request ?

                        insert_firewall_rule.sync(client=devApi, interface="TI", body=firewall_instance, id="6")
                        

                        Additionally, in the InsertFilterRule model, there's a reference=str value. What exactly is this reference?

                        Thank you in advance for your help.

                        L 1 Reply Last reply Reply Quote 0
                        • L Offline
                          ldangpfng @philippe richard
                          last edited by

                          A rule insertion can be placed at the end (AppendFirewallRule()) or before/after a specific rule (specified by its id) with InsertFirewallRule(). The id is label given to each rule item when you retrieve the list of rules.

                          8fbbe0ad-871c-40a5-b308-ee99d59c1df9-image.png

                          The after attribute to the InsertFirewallRule call tells the handler whether you want to put it before or after the provided id.

                          Ignore reference=str value, it is a stale field that needs to be removed because the query string for id is intended for this.

                          P 1 Reply Last reply Reply Quote 0
                          • P Offline
                            philippe richard @ldangpfng
                            last edited by

                            @ldangpfng
                            Hello,

                            thank you for your response.

                            Actually, the ID that needs to be entered is the one of the style "opt1_1757505116", and not the one that appears in the browser's URL when you edit a rule, which looks like "firewall_rules_edit.php?id=7".
                            Now that I have corrected my mistake, it works.

                            Thank you again.

                            L 1 Reply Last reply Reply Quote 0
                            • L Offline
                              ldangpfng @philippe richard
                              last edited by

                              @philippe-richard

                              use the new UI (by default it listens on port 8443), which will let you see the API calls, similar to the screenshot of the web devtools above, where the id is derived from a unique value of the rule entry. This is unlike the PHP pages which do not have an API and assume one admin accessing the page at any time, so submitting from *_edit.php?id=7 could end up hitting the wrong entry if two people are modifying the rules at the same time.

                              1 Reply Last reply Reply Quote 1
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.