{
"extends": {
"$ref": "FirewallSection
},
"id": "FirewallSectionRuleList",
"module_id": "Firewall",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"applied_tos": {
"description": "List of objects where the rules in this section will be enforced. This will take precedence over rule level appliedTo.",
"items": {
"$ref": "ResourceReference
},
"maxItems": 128,
"readonly": false,
"required": false,
"title": "AppliedTo List",
"type": "array"
},
"autoplumbed": {
"default": false,
"description": "This flag indicates whether it is an auto-plumbed section that is associated to a LogicalRouter. Auto-plumbed sections are system owned and cannot be updated via the API.",
"readonly": true,
"required": false,
"title": "Tells if a section is auto-plumbed or not",
"type": "boolean"
},
"category": {
"description": "Category from policy framework.",
"readonly": true,
"title": "Section category",
"type": "string"
},
"comments": {
"description": "Comments for section lock/unlock.",
"readonly": true,
"required": false,
"title": "Section lock/unlock comments",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enforced_on": {
"description": "This attribute represents enforcement point of firewall section. For example, firewall section enforced on logical port with attachment type bridge endpoint will have 'BRIDGEENDPOINT' value, firewall section enforced on logical router will have 'LOGICALROUTER' value and rest have 'VIF' value.",
"readonly": true,
"required": false,
"title": "Firewall Section Enforcement type",
"type": "string"
},
"firewall_schedule": {
"$ref": "ResourceReference,
"description": "Reference of the firewall schedule during which this section will be valid.",
"required": false,
"title": "Firewall Schedule Reference"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_default": {
"description": "It is a boolean flag which reflects whether a distributed service section is default section or not. Each Layer 3 and Layer 2 section will have at least and at most one default section.",
"readonly": true,
"required": false,
"title": "Default section flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the section.",
"readonly": true,
"required": false,
"title": "Lock modified by user",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "Section locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "Section locked/unlocked time"
},
"locked": {
"default": false,
"description": "Section is locked/unlocked.",
"readonly": true,
"required": false,
"title": "Section Locked",
"type": "boolean"
},
"priority": {
"description": "Priority of current section with respect to other sections. In case the field is empty, the list section api should be used to get section priority.",
"readonly": true,
"required": false,
"title": "Section priority",
"type": "integer"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "Number of rules in this section.",
"readonly": true,
"required": false,
"title": "Rule count",
"type": "integer"
},
"rules": {
"description": "List of firewall rules in the section. Only homogenous rules are supported.",
"items": {
"$ref": "FirewallRule
},
"maxItems": 1000,
"readonly": false,
"required": true,
"title": "List of the firewall rules",
"type": "array"
},
"section_type": {
"description": "Type of the rules which a section can contain. Only homogeneous sections are supported.",
"enum": [
"LAYER2",
"LAYER3",
"L3REDIRECT",
"IDS"
],
"readonly": false,
"required": true,
"title": "Section Type",
"type": "string"
},
"stateful": {
"description": "Stateful or Stateless nature of distributed service section is enforced on all rules inside the section. Layer3 sections can be stateful or stateless. Layer2 sections can only be stateless.",
"readonly": false,
"required": true,
"title": "Stateful nature of the distributed service rules in the section.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"default": false,
"description": "If TCP strict is enabled on a section and a packet matches rule in it, the following check will be performed. If the packet does not belong to an existing session, the kernel will check to see if the SYN flag of the packet is set. If it is not, then it will drop the packet.",
"required": false,
"title": "TCP Strict",
"type": "boolean"
}
},
"type": "object"
}