Retrieve a specific ACL¶

Retrieve the entire contents of the blockbadhosts ACL:

Command:

$ curl -f --cert ~/tnsr/tnsr-restconf-client.crt \
  --key ~/tnsr/tnsr-restconf-client.key \
  --cacert ~/tnsr/tnsr-restconf-CA.crt \
  -X GET \
  https://tnsr.example.com/restconf/data/netgate-acl:acl-config/acl-table/acl-list=blockbadhosts

Output:

{
    "netgate-acl:acl-list": [
      {
        "acl-name": "blockbadhosts",
        "acl-description": "Block bad hosts",
        "acl-rules": {
          "acl-rule": [
            {
              "sequence": 1,
              "action": "deny",
              "ip-version": "ipv4",
              "src-ip-prefix": "203.0.113.14/32"
            },
            {
              "sequence": 2,
              "action": "deny",
              "ip-version": "ipv4",
              "src-ip-prefix": "203.0.113.15/32"
            },
            {
              "sequence": 555,
              "action": "deny",
              "ip-version": "ipv4",
              "src-ip-prefix": "5.5.5.5/32"
            },
            {
              "sequence": 5000,
              "acl-rule-description": "Default Permit",
              "action": "permit",
              "ip-version": "ipv4"
            }
          ]
        }
      }
    ]
  }

The cURL parameters and RESTCONF URL can be dissected as follows:

Item	Value
cURL Client Certificate	`--cert ~/tnsr/tnsr-restconf-client.crt`
cURL Client Certificate Key	`--key ~/tnsr/tnsr-restconf-client.key`
cURL CA Cert to validate TLS	`--cacert ~/tnsr/tnsr-restconf-CA.crt`
Request type (GET)	`-X GET`
RESTCONF Server protocol/host	`https://tnsr.example.com`
RESTCONF API location:	`/restconf/data/`
ACL config area (prefix:name)	`netgate-acl:acl-config/`
ACL table	`acl-table/`
ACL List, with restriction	`acl-list=blockbadhosts`

Note

Lists of items with a unique key can be restricted as shown above. The API documentation also calls this out as well, showing an optional ={name} in the query.