DSRule (schema)

Name Description Type Notes
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.
array of ResourceLink Readonly
_owner Owner of this resource OwnerResourceLink Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.
int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
action Action

Action enforced on the packets which matches the distributed service rule. Currently DS Layer supports below actions. ALLOW - Forward any packet when a rule with this action gets a match (Used by Firewall). DROP - Drop any packet when a rule with this action gets a match. Packets won't go further(Used by Firewall). REJECT - Terminate TCP connection by sending TCP reset for a packet when a rule with this action gets a match (Used by Firewall). REDIRECT - Redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DO_NOT_REDIRECT - Do not redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DETECT - Detect IDS Signatures.
string Required
Enum: ALLOW, DROP, REJECT, REDIRECT, DO_NOT_REDIRECT, DETECT
applied_tos AppliedTo List

List of object where rule will be enforced. The section level field overrides this one. Null will be treated as any.
array of ResourceReference Maximum items: 128
description Description of this resource string Maximum length: 1024
Sortable
destinations Destination List

List of the destinations. Null will be treated as any.
array of ResourceReference Maximum items: 128
destinations_excluded Negation of destination

Negation of the destination.
boolean Default: "False"
direction Rule direction

Rule direction in case of stateless distributed service rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified.
string Enum: IN, OUT, IN_OUT
Default: "IN_OUT"
disabled Rule enable/disable flag

Flag to disable rule. Disabled will only be persisted but never provisioned/realized.
boolean Default: "False"
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set
string Maximum length: 255
Sortable
id Identifier of the resource string Readonly
ip_protocol IPv4 vs IPv6 packet type

Type of IP packet that should be matched while enforcing the rule.
string Enum: IPV4, IPV6, IPV4_IPV6
Default: "IPV4_IPV6"
is_default Default rule

Flag to indicate whether rule is default.
boolean Readonly
logged Enable logging flag

Flag to enable packet logging. Default is disabled.
boolean Default: "False"
notes Notes

User notes specific to the rule.
string Maximum length: 2048
priority Rule priority

Priority of the rule.
integer Readonly
resource_type Must be set to the value DSRule string
rule_tag Tag

User level field which will be printed in CLI and packet logs.
string Maximum length: 32
sources Source List

List of sources. Null will be treated as any.
array of ResourceReference Maximum items: 128
sources_excluded Negation of source

Negation of the source.
boolean Default: "False"