问题描述

Bluemix Doc中有一个用于安全网关服务的新部分:为Bluemix应用程序创建IP表规则

不幸的是，我不知道该怎么办.例如文字说要以这种形式进行API调用:PUT /v1/sgconfig/:<gateway_id>/destinations/:<endpoint_id>/ipTableRule那永远都行不通，应该说类似curl -k --request PUT https://sgmanager.ng.bluemix.net/v1/sgconfig/...

还需要在Advanced / Network Options下的安全网关定义"中检查Restrict network access to cloud endpoint的选项吗?

有人可以重做本文吗?更重要的是，请添加示例吗?

如果要实施IP表规则，则需要，请选中Restrict network access to cloud endpoint框.此时，您将添加要实施的规则，例如:192.0.0.1 9000(单个IP和端口)，192.0.0.1-192.0.0.5 5000:5005(IP范围和端口范围)或其中的任何组合. /p>

如果要使用cURL创建私人目的地，则可以使用以下命令:

curl "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gateway_id>/destinations" \
-H "Authorization: Bearer <security_token>" \
-H "Content-type: application/json" \
-d '{"desc":"My Private Destination","ip":"1.1.1.1","port":8000,"private":true}' -k

创建专用目的地后，您可以使用以下命令添加IP表规则:

curl -X PUT "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gateway_id>/destinations/<destination_id>/ipTableRule" \
-H "Authorization: Bearer <security_token>" \
-H "Content-type: application/json" \
-d '{"src":"192.0.0.1","spt":"9000"}' -k

和

curl -X PUT "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gateway_id>/destinations/<destination_id>/ipTableRule" \
-H "Authorization: Bearer <security_token>" \
-H "Content-type: application/json" \
-d '{"src_range":"192.0.0.1-192.0.0.5","spt":"5000:5005"}' -k

请注意，此处的第一个命令使用src提供单个IP，而第二个命令使用src_range提供一系列IP.

There is new section in Bluemix Doc for the Secure Gateway Service: Creating IP table rules for a Bluemix app

Unfortunately I don't understand what I should do. E. g. the text says to make an API call in this form: PUT /v1/sgconfig/:<gateway_id>/destinations/:<endpoint_id>/ipTableRuleThat will never work, it should say something like curl -k --request PUT https://sgmanager.ng.bluemix.net/v1/sgconfig/...

Also, in the Secure Gateway Definition, under Advanced / Network Options, do I need to check the option for Restrict network access to cloud endpoint?

Could somebody please rework the text and even more importantly, add an example, please?

If you want to enforce IP Table Rules, then yes, you would need to check the Restrict network access to cloud endpoint box. At that point you would add the rules you want enforced, such as: 192.0.0.1 9000 (single IP and port), 192.0.0.1-192.0.0.5 5000:5005 (range of IPs and range of ports), or any combination therein.

If you are creating your private destinations with cURL, you could use a command like:

curl "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gateway_id>/destinations" \
-H "Authorization: Bearer <security_token>" \
-H "Content-type: application/json" \
-d '{"desc":"My Private Destination","ip":"1.1.1.1","port":8000,"private":true}' -k

Once your private destination is created, you can add IP table rules with commands like:

curl -X PUT "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gateway_id>/destinations/<destination_id>/ipTableRule" \
-H "Authorization: Bearer <security_token>" \
-H "Content-type: application/json" \
-d '{"src":"192.0.0.1","spt":"9000"}' -k

and

curl -X PUT "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gateway_id>/destinations/<destination_id>/ipTableRule" \
-H "Authorization: Bearer <security_token>" \
-H "Content-type: application/json" \
-d '{"src_range":"192.0.0.1-192.0.0.5","spt":"5000:5005"}' -k

Please note that the first command here is uses src to provide a single IP whereas the second uses src_range to provide a range of IPs.

这篇关于为Bluemix应用程序为Secure Gateway创建IP表规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！