Enable/disable firewall rule via ssh?

Hi,

is there a reason for this request? 

Yes we are using IPtables, like other opensource modules, but the iptables are get written after enabling the rule.

You could use the API for this. https://community.sophos.com/kb/en-us/132560

Hi,

is there a reason for this request? 

Yes we are using IPtables, like other opensource modules, but the iptables are get written after enabling the rule.

You could use the API for this. https://community.sophos.com/kb/en-us/132560

Reason:

I simply need to enable/disable rules programatically. Thats step 1. Next step I will probably need to create them too. Think Docker/Kubernetes/Devops. Stuff needs to be automated. I want a deployment pipeline which runs 100% automatically, cant sit 2019 and enter firewall-rules manually :)

Also, think a bit like Microsofts "just in time access", no need to have a port that's used 0.000001% of the time open 100% of the time. But my scenario is a bit different, services will be started for short time spans (LetsEncrypt renewal for one), and no need to have that port/forward open 100% of the time when the renewal runs for seconds every 3 months.

https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time

I will look at the API again. Why I ignored that route is becase the XML seems extensive. The 'Security Policy Add / Edit Security Policy' XML is hundreds of lines of code. It has like 20 "mandatory" fields? Do I need to send all that info just to toggle the status of a rule? Or will something like this be enough:

 <SecurityPolicy> <Name>rulename</Name> <Status>Disable</Status></SecurityPolicy>

Thanks!

You do have the option of time based rules for those access requirements that repeat on a regular basis.

Ian

as far as i know, you need to send all mandatory values with the API command. But you can try it.