Forum Discussion
Networking/SelfIPV2 add_allow_access_list can't set access properly
I have a sample script to use Networking/SelfIPV2 add_allow_access_list method, but 'ALLOW_MODE_DEFAULT' and 'ALLOW_MODE_PROTOCOL_PORT' can not be set properly
sub add_allow_access_listv2 {
my ($ip) = @_;
my $soap = &GetInterface( "$ip", "Networking", "SelfIPV2" );
$soap_response = $soap->add_allow_access_list(
SOAP::Data->name( self_ips => ["10.2.72.3"] ),
SOAP::Data->name(
access_lists => [
{
mode => 'ALLOW_MODE_DEFAULTS',
protocol_ports =>
[ { protocol => ' ', port => ' ' } ]
}
]
),
);
}
iControl debug log:
Mar 1 15:41:22 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking:SelfIPV2::add_allow_access_list ( ) called by user "admin"
Mar 1 15:41:22 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking: [0] Self IP: 10.2.72.3, Allow mode: 2
Mar 1 15:41:22 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking: [0] Protocol: ip, Port: 0
Mar 1 15:41:22 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking:-------------------------------------
Mar 1 15:41:22 B6900-R12-S46 debug iControlPortal.cgi[14319]: Portal: User: admin, Folder: /Common
or
sub add_allow_access_listv2 {
my ($ip) = @_;
my $soap = &GetInterface( "$ip", "Networking", "SelfIPV2" );
$soap_response = $soap->add_allow_access_list(
SOAP::Data->name( self_ips => ["10.2.72.3"] ),
SOAP::Data->name(
access_lists => [
{
mode => 'ALLOW_MODE_PROTOCOL_PORT',
protocol_ports =>
[ { protocol => 'PROTOCOL_ANY', port => '22' } ]
}
]
),
);
&checkResponse($soap_response);
}
./test.pl
SOAP-ENV:Server Exception caught in Networking::urn:iControl:Networking/SelfIPV2::add_allow_access_list()
Exception: Common::OperationFailed
primary_error_code : 16908390 (0x01020066)
secondary_error_code : 0
error_string : 01020066:3: The requested self IP service access (/Common/10.2.72.3 0 0) already exists in partition Common.
icontrol debug log:
Mar 1 15:44:42 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking:SelfIPV2::add_allow_access_list ( ) called by user "admin"
Mar 1 15:44:42 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking: [0] Self IP: 10.2.72.3, Allow mode: 0
Mar 1 15:44:42 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking: [0] Protocol: ip, Port: 22
Mar 1 15:44:42 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking:-------------------------------------
Mar 1 15:44:42 B6900-R12-S46 debug iControlPortal.cgi[14319]: Portal: User: admin, Folder: /Common
Mar 1 15:44:42 B6900-R12-S46 err mcpd[7063]: 01020066:3: The requested self IP service access (/Common/10.2.72.3 0 0) already exists in partition Common.
Am I miss something? I am always desperate to create internal case to PD,but I am afraid I may miss something (btw, I am F5 ENE)
3 Replies
also tried:
sub add_allow_access_listv2 {
my ($ip) = @_;
my $soap = &GetInterface( "$ip", "Networking", "SelfIPV2" );
$soap_response = $soap->add_allow_access_list(
SOAP::Data->name( self_ips => ["10.2.72.3"] ),
SOAP::Data->name(
access_lists => [
{
mode => 'ALLOW_MODE_DEFAULTS',
protocol_ports => [ ]
}
]
),
);
&checkResponse($soap_response);
}Mar 1 15:57:07 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking:SelfIPV2::add_allow_access_list ( ) called by user "admin"
Mar 1 15:57:07 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking: [0] Self IP: 10.2.72.3, Allow mode: 2
Mar 1 15:57:07 B6900-R12-S46 debug iControlPortal.cgi[14319]: Networking:-------------------------------------
Mar 1 15:57:07 B6900-R12-S46 debug iControlPortal.cgi[14319]: Portal: User: admin, Folder: /Commonstill does not work, the port lockdown will be always set to 'allow all'
FYI, this is bug ID 387500
Todd_Cromwell_9Nimbostratus
Hi; those who are interested: we fixed the bugs 387500 and the quite-related 373018 in 11.4.0. Before that fix, ALLOW_MODE_PROTOCOL_PORT worked (at least with specific protocol and port, if I remember) but most of the other settings were broken.
