From, an OpenBSD-based firewall
Revision as of 09:39, 24 October 2013 by Erik (talk | contribs)
Jump to: navigation, search

The system may be fully controlled using SOAP[1] (Simple Object Access Protocol) which is an XML-based RPC-over-HTTP protocol (or REST). The web administration included is in fact a web site running inside a jail, connecting to the backend (control process) using SOAP. For local scripting see root access and configure.

Thus, it is possible to build your own interfaces and systems using the WSDL[2] (Web Service Definition Language) file included on the appliance (https://your-appliance-ip/remote/?wsdl). Modern browser may show a styled version of the WSDL file using XSL at https://your-appliance-ip/remote/.

If basic authentication is not supported in your SOAP client, the username and password may be passed using the query string:


An example in PHP how to checkout, modify and commit the configuration. This example is transaction safe, thus passing the checkout revision as argument to the commit function guaranteeing that no commit has been done in between. If the commit revision argument were -1 commit would always accept the new revision.

$client = new SoapClient('',array(
            'location' => '',
            'uri' => 'urn:halon',
            'login' => 'admin',
            'password' => 'secretpassword'

$cfgobj = $client->configCheckout();
$config = str_replace("", "", $cfgobj->config);

$revision = $client->configCommit(array(
            'revision' => $cfgobj->info->revision,
            'config' => $config,
            'message' => 'Changed DNS servers',
            'timeout' => 0
echo $revision->result."\n";

An example in PHP how to run ping using SOAP. The argv parameter is executed as execvp(3), meaning that it's not executed in a shell, so there is no shell metacharacters available (like & ; " ' [...).

$commandid = $client->commandRun(array('argv'=>
            array('ping', '-c5', '')
$commandid = $commandid->result;

try {
    while(true) {
        $data = $client->commandPoll(array('commandid' => $commandid));
        if ($data->result->item) {
            echo implode('', $data->result->item);
} catch(SoapFault $f) {
    echo "Process terminated... ($f->faultstring)\n";