Created
April 26, 2025 07:30
-
-
Save arevindh/2fbb4955cdd015b2b9aa16c55aed4cfc to your computer and use it in GitHub Desktop.
To update a firewall group (ip list) in a UniFi controller using the UniFi API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| # This script is designed to update a firewall group (ip list) in a UniFi controller using the UniFi API. | |
| # 1. Open your browser and navigate to the UniFi controller. | |
| # 2. Log in with your credentials. | |
| # 3. Settings -> Profile -> NetworkObjects | |
| # 4. Create a new Network Object (e.g., an IP address). ' | |
| # Use Name MY_BLOCK_LIST , type `IPv4 Address/Subnet` | |
| # and add a sample ip (system will not allow you to create an empty object) and Click Add | |
| # 5. After the object is created, right-click on it and select "Inspect". | |
| # 6. Open the Developer Tools (usually F12 or right-click and select "Inspect"). | |
| # 7. Go to the "Network" tab. | |
| # 8. Now on the UI edit the object you just created and add another sample ip to it. | |
| # 9. In the Network tab, look for a request that looks like this: | |
| # `PUT https://192.168.1.1/proxy/network/api/s/default/rest/firewallgroup/xxxxxxxxxxxxxxxxxx` | |
| # (where xxxxxxxxxxxxxxxx is the ID of the firewall-group-id you just created). | |
| # 10. Copy the URL and replace the `update_url` in the code below with it. | |
| # 11. You can also see the payload in the Request/ Payload tab. | |
| # 12. Copy `site_id` to `site_id` and `_id` to `firewall-group-id` (`_id`) in the code below (`payload_update`` section). | |
| # 13. Replace 192.168.1.1 with your actual controller IP. | |
| # 14. Replace username and password with your actual credentials, for | |
| # security reasons create a new user with only the Network Management access and use it here. | |
| # Inputs | |
| ips = [ | |
| "192.192.192.192", | |
| "192.192.192.193" | |
| # Add more IPs here | |
| ] | |
| # API details | |
| login_url = "https://192.168.1.1/api/auth/login" # Replace with your actual login URL | |
| # Get this URL using browser developer tools | |
| update_url = "https://192.168.1.1/proxy/network/api/s/default/rest/firewallgroup/firewall-group-id" # Replace with your actual update URL | |
| # Login credentials | |
| payload_login = { | |
| "username": "username", | |
| "password": "password" | |
| } | |
| # Start a session to persist cookies | |
| session = requests.Session() | |
| # Disable SSL warnings (since it uses 192.168.1.1) | |
| requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning) | |
| # Step 1: Login | |
| response = session.post(login_url, json=payload_login, verify=False) | |
| response.raise_for_status() | |
| # Extract CSRF token from headers | |
| csrf_token = response.headers.get('x-csrf-token') | |
| if not csrf_token: | |
| raise Exception("Login failed or CSRF token not found") | |
| # Step 2: Prepare update payload | |
| payload_update = { | |
| "name": "MY_BLOCK_LIST", | |
| "group_type": "address-group", | |
| "group_members": ips, | |
| "site_id": "site-id", # Replace with your actual site ID | |
| "_id": "firewall-group-id" # Replace with your actual firewall group ID | |
| } | |
| # Set headers for the PUT request | |
| headers = { | |
| "x-csrf-token": csrf_token | |
| } | |
| # Step 3: Update firewall group | |
| update_response = session.put(update_url, json=payload_update, headers=headers, verify=False) | |
| print("Update response status:", update_response.status_code) | |
| print("Response body:", update_response.text) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment