Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

meraki_wireless_ssid_l3_firewall_rules undocumented parameter ipVer #36

Open
jsumali-felix opened this issue Dec 10, 2024 · 1 comment
Open

meraki_wireless_ssid_l3_firewall_rules undocumented parameter ipVer #36

jsumali-felix opened this issue Dec 10, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@jsumali-felix
Copy link

When using the meraki_wireless_ssid_l3_firewall_rules resource to create a wireless firewall rule with rule config:

        {
          comment   = "Test Rule"
          dest_cidr = "10.123.0.0/24"
          dest_port = "Any"
          policy    = "deny"
          protocol  = "any"
        }

this fails with error:

│ Failed to configure object (PUT), got error: HTTP Request failed:
│ StatusCode 400, JSON error: ["At least one of your firewall rules is
│ invalid: \"ssid[firewall_rules][0][dst_cidr] For ACL rules applied to both
│ IPv4 and IPv6, Destination address must be 'any'\",
│ \"ssid[firewall_rules][1][dst_cidr] For ACL rules applied to both IPv4 and
│ IPv6, Destination address must be 'any'\"."], {"errors":["At least one of
│ your firewall rules is invalid: \"ssid[firewall_rules][0][dst_cidr] For ACL
│ rules applied to both IPv4 and IPv6, Destination address must be 'any'\",
│ \"ssid[firewall_rules][1][dst_cidr] For ACL rules applied to both IPv4 and
│ IPv6, Destination address must be 'any'\"."]}

Similarly, doing a straight curl request results in the same error:

curl -L --request PUT \
--url https://api.meraki.com/api/v1/networks/{networkid}/wireless/ssids/0/firewall/l3FirewallRules \
--header 'Authorization: Bearer {token}' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
    "rules": [
        {
            "comment": "Test Rule",
            "policy": "deny",
            "protocol": "tcp",
            "destPort": "Any",
            "destCidr": "10.123.0.0/24"
        }
    ],
    "allowLanAccess": true
}'
...
{"errors":["At least one of your firewall rules is invalid: \"ssid[firewall_rules][0][dst_cidr] For ACL rules applied to both IPv4 and IPv6, Destination address must be 'any'\"."]}

To fix this request, I need to specify an undocumented ipVer parameter like so:

        {
            "comment": "Test Rule",
            "policy": "deny",
            "protocol": "tcp",
            "destPort": "Any",
            "destCidr": "10.123.0.0/24",
            "ipVer": "ipv4"
        }

Can support be added for an optional ip_ver string parameter to resource meraki_wireless_ssid_l3_firewall_rules ?

ref: https://community.meraki.com/t5/Developers-APIs/Wireless-Outbound-Firewall-Rules/m-p/231683
@danischm
Copy link
Member

9034687

@danischm danischm added the bug Something isn't working label Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danischm @jsumali-felix