Forum Discussion
Satoshi_Toyosa1
Jan 06, 2021Employee
Overwriting the existing rule is expected because the rule is represented as a single string (irrespective of a number of conditions joined by OR). This applies also to the equivalent tmsh command (modify net packet-filter <rule> ".....rule....").
To modify the rule, you need to GET the rule, compose a new rule from the current configuration, and PUT it.
I would use jq to create a rule with an additional "src host" (assuming that the rule consists of just "src host xx.xx.xx.xx") like this (SatPktRule is the name of the rule):
# Informatioal. Check the current rule.
$ curl -sku $PASS https://$HOST/mgmt/tm/net/packet-filter/SatPktRule | jq '.rule'
"(src host 10.10.10.10 or src host 10.10.10.20)"
# Add "src host 10.10.10.30" to the current
$ curl -sku $PASS https://$HOST/mgmt/tm/net/packet-filter/SatPktRule | jq '.rule | rtrimstr(")") + " or src host 10.10.10.30)"'
"(src host 10.10.10.10 or src host 10.10.10.20 or src host 10.10.10.30)"