There is new section in Bluemix Doc for the Secure Gateway Service: Creating IP table rules for a Bluemix app
Unfortunately I don't understand what I should do. E. g. the text says to make an API call in this form: PUT /v1/sgconfig/:<gateway_id>/destinations/:<endpoint_id>/ipTableRule
That will never work, it should say something like curl -k --request PUT https://sgmanager.ng.bluemix.net/v1/sgconfig/...
Also, in the Secure Gateway Definition, under Advanced / Network Options, do I need to check the option for Restrict network access to cloud endpoint?
Could somebody please rework the text and even more importantly, add an example, please?
If you want to enforce IP Table Rules, then yes, you would need to check the Restrict network access to cloud endpoint box. At that point you would add the rules you want enforced, such as: 192.0.0.1 9000 (single IP and port), 192.0.0.1-192.0.0.5 5000:5005 (range of IPs and range of ports), or any combination therein.
If you are creating your private destinations with cURL, you could use a command like:
curl "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gateway_id>/destinations" \
-H "Authorization: Bearer <security_token>" \
-H "Content-type: application/json" \
-d '{"desc":"My Private Destination","ip":"1.1.1.1","port":8000,"private":true}' -k
Once your private destination is created, you can add IP table rules with commands like:
curl -X PUT "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gateway_id>/destinations/<destination_id>/ipTableRule" \
-H "Authorization: Bearer <security_token>" \
-H "Content-type: application/json" \
-d '{"src":"192.0.0.1","spt":"9000"}' -k
and
curl -X PUT "https://sgmanager.ng.bluemix.net/v1/sgconfig/<gateway_id>/destinations/<destination_id>/ipTableRule" \
-H "Authorization: Bearer <security_token>" \
-H "Content-type: application/json" \
-d '{"src_range":"192.0.0.1-192.0.0.5","spt":"5000:5005"}' -k
Please note that the first command here is uses src to provide a single IP whereas the second uses src_range to provide a range of IPs.