API can only restrict with a firewall rule
see this topic
dns and ntp as service has the allow from command.
it is more consistent it has API the same command “allow from” then a firewall rule that must be added extra.
Could you share your https configuration?
We’ll take a look what we can do.
hi, there is my config snipet
set firewall name OUTSIDE-LOCAL rule 34 action 'accept'
set firewall name OUTSIDE-LOCAL rule 34 destination port '443'
set firewall name OUTSIDE-LOCAL rule 34 log 'enable'
set firewall name OUTSIDE-LOCAL rule 34 protocol 'tcp'
set firewall name OUTSIDE-LOCAL rule 34 source address '10.10.0.0/24'
set firewall name OUTSIDE-LOCAL rule 34 state established 'enable'
set firewall name OUTSIDE-LOCAL rule 34 state new 'enable'
set service https api port '443'
set service https certificates certificate 'vyostest'
set service https virtual-host mywebserver listen-address '*'
set pki certificate vyostest certificate 'cert'
set pki certificate vyostest private key 'certprivkey'
example how it works on ntp, this was my request for the api
set service https allow-client address ‘192.168.0.0/24’
for ntp works fine
set service ntp allow-client address ‘192.168.0.0/24’
Are you expecting this option per virtual-host or as a global option?
good question per virtual-host is more flexible then with only one global option.
one of the two is enough for me