Update CNNS Container and Host Policy
PUT/api/v33.02/policies/firewall/network
x-prisma-cloud-target-env: {"permission":"policyCNNF"}
Updates all container and host CNNS rules in a single shot. Updating all rules at the same time makes it possible to maintain strict ordering between rules.
The procedure to add, edit, or remove rules is:
Get all rules using the GET endpoint.
cURL Request
Refer to the following example cURL command that retrieves a list of all rules, pretty-print the JSON response, and save the results to a file:
$ curl -k \
-u <USER> \
-X PUT \
-H "Content-Type:application/json" \
-o <network_firewall_rules.json> \
"https://<CONSOLE>/api/v<VERSION>/policies/firewall/network/container"Modify the JSON output according to your needs.
Update rules by pushing the new JSON payload.
cURL Request
Refer to the following example cURL command that installs the rules defined in your
network_firewall_rules.json
file. Do not forget to specify the@
symbol.$ curl -k \
-u <USER> \
-X PUT \
-H "Content-Type:application/json" \
--data-binary "@network_firewall_rules.json" \
"https://<CONSOLE>/api/v<VERSION>/policies/firewall/network/container"
Any previously installed rules are overwritten.
Request
- application/json
Body
- Array [
- Array [
- ]
- ]
- Array [
- Array [
- ]
- ]
- Array [
- Array [
- ]
- Array [
- ]
- ]
.
ContainerEnabled indicates whether container network firewall feature is enabled.
containerRules object[]
ContainerRules holds the container firewall rules.
Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).
EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1
Possible values: [allow,alert,prevent,monitor,
]
Effect is the effect that is used in the CNNF rule
RuleID represents the ID of each container network firewall policy rule
Specifies the date and time when the rule was last modified.
Name of the rule.
Describes any noteworthy points for a rule. You can include any text.
User who created or last modified the rule.
ports object[]
Ports are the entity port range specifications.
Deny indicates whether the connection is denied.
.
.
Previous name of the rule. Required for rule renaming.
EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1
HostEnabled indicates whether host network firewall feature is enabled.
hostRules object[]
HostRules holds the host firewall rules.
Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).
EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1
Possible values: [allow,alert,prevent,monitor,
]
Effect is the effect that is used in the CNNF rule
RuleID represents the ID of each container network firewall policy rule
Specifies the date and time when the rule was last modified.
Name of the rule.
Describes any noteworthy points for a rule. You can include any text.
User who created or last modified the rule.
ports object[]
Ports are the entity port range specifications.
Deny indicates whether the connection is denied.
.
.
Previous name of the rule. Required for rule renaming.
EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1
.
networkEntities object[]
NetworkEntities represents a list of network firewall entities
EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1
allowAll object
AllowAllConnections indicates if connections are allowed to/from any entity of the specified types e.g. if inbound contains the type subnet, the entity is allowed to receive connections from any subnet
Possible values: [container,host,subnet,dns
]
Inbound indicates if connections are allowed from any entity of the specified types.
Possible values: [container,host,subnet,dns
]
Outbound indicates if connections are allowed to any entity of the specified types.
collections object[]
Collections indicate the collection the entity is part of.
List of account IDs.
List of application IDs.
List of Kubernetes cluster names.
Color is a hexadecimal representation of color code value
List of containers.
Free-form text.
List of functions.
List of hosts.
List of images.
List of labels.
Datetime when the collection was last modified.
Collection name. Must be unique.
List of Kubernetes namespaces.
User who created or last modified the collection.
Indicates whether this collection originates from Prisma Cloud.
Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).
Domains is a list of domains.
Name is the entity name.
subnets object[]
Subnets are the CIDR format network.
CIDR is the IP range of the defined entity.
Name is the given name to represent the range.
Possible values: [container,host,subnet,dns
]
RuleEntityType is the network firewall rule entity type
.
Responses
- 200
- default
OK