In the Firebrick router, there is something called a profile, which is a Boolean state variable W chick represents some if-condition or predicate and can be used to make some object, or setting, in the config conditional on that state. So for example you could have a firewall rule object that is made conditional on something, a ‘profile’ object. The profile object might represent the predicate ‘is during time of day x’ or ‘the test of type pinging 192.0.2.xx is currently succeeding’. The profile object is represented by an XML element. There are various types of such predicates. Some contain tests of various sorts. One type has no specified value and no test but is linked to a visible ‘button’ in the Firebrick’s web UI which shows the current state true or false, which the user can invert by clicking on the button. This is called a ‘control switch’ type of profile iirc.
I am trying to think how to work out how to access one of these web buttons programmatically via http. It could be a bit of a pain because I would have to log in, but I worked out how to do that a while ago and have good tested code for logging in.
I would need to take one such html page apart which is difficult in Safari iOS, but I can get tools that will presumably do such a thing. Could someone with a Firebrick take a look at such a page for me though ? Would save me a bothersome chore. You would need to create such a button by going into ‘profiles’ in the web UI and creating a control switch type of profile object.
A thought occurs to me. It might be worthwhile feature request, to have a form of straightforward http request, a ‘cool URI`(clean URI) of the type
http://my.firebrick.uk/profile-trigger/profile_type_xx/1 or zero. The possible values of ‘profile_type_xx’ could be enumerated an the XML. It might be much more useable if there were an optional feature to allow this http request to be login-less, if desired, or else restricted to a set of login users or all users. Some such profiles might conceivably have a very low security requirement and having the optional login-less feature would slash the complexity of the code required. It would also be a very good idea to have an associated optional source IP address restriction, per object. This latter feature is already provided with various existing Firebrick services, eg telnet access, so that access to them is restricted by an ACL involving source-IP checking, and having this avoids the need to have to set up firewall rules.
