1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
3
4
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11
12 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21
22 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29
30 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35
36 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41
42 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47
48 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
54
55
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61
62 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67
68 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75
76 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80
81 Possible errors: NOT_ENABLED, COMMAND_FAILED
82
83 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87
88 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89
90 getAutomaticHelpers() → s
91 Return the AutomaticHelpers value. For the secure use of
92 iptables and connection tracking helpers it is recommended to
93 turn AutomaticHelpers off. But this might have side effects on
94 other services using the netfilter helpers as the sysctl
95 setting in /proc/sys/net/netfilter/nf_conntrack_helper will be
96 changed. With the system setting, the default value set in the
97 kernel or with sysctl will be used. Possible values are: yes,
98 no and system. The default value is system.
99
100 getDefaultZone() → s
101 Return default zone.
102
103 getHelperSettings(s: helper) → (sssssa(ss))
104 Return runtime settings of given helper. For getting permanent
105 settings see
106 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
107 Settings are in format: version, name, description, family,
108 module and array of ports.
109
110 version (s): see version attribute of helper tag in
111 firewalld.helper(5).
112
113 name (s): see short tag in firewalld.helper(5).
114
115 description (s): see description tag in firewalld.helper(5).
116
117 family (s): see family tag in firewalld.helper(5).
118
119 module (s): see module tag in firewalld.helper(5).
120
121 ports (a(ss)): array of port and protocol pairs. See port tag
122 in firewalld.helper(5).
123
124 Possible errors: INVALID_HELPER
125
126 getHelpers() → as
127 Return array of helper names (s) in runtime configuration. For
128 permanent configuration see
129 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
130
131 getIcmpTypeSettings(s: icmptype) → (sssas)
132 Return runtime settings of given icmptype. For getting
133 permanent settings see
134 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
135 Settings are in format: version, name, description, array of
136 destinations.
137
138 version (s): see version attribute of icmptype tag in
139 firewalld.icmptype(5).
140
141 name (s): see short tag in firewalld.icmptype(5).
142
143 description (s): see description tag in firewalld.icmptype(5).
144
145 destinations (as): array, either empty or containing strings
146 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
147
148 Possible errors: INVALID_ICMPTYPE
149
150 getLogDenied() → s
151 Retruns the LogDenied value. If LogDenied is enabled, then
152 logging rules are added right before reject and drop rules in
153 the INPUT, FORWARD and OUTPUT chains for the default rules and
154 also final reject and drop rules in zones. Possible values are:
155 all, unicast, broadcast, multicast and off. The default value
156 is off
157
158 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
159 Return runtime settings of given service. For getting permanent
160 settings see
161 org.fedoraproject.FirewallD1.config.service.Methods.getSettings.
162 Settings are in format: version, name, description, array of
163 ports (port, protocol), array of module names, dictionary of
164 destinations, array of protocols and array of source-ports
165 (port, protocol).
166
167 version (s): see version attribute of service tag in
168 firewalld.service(5).
169
170 name (s): see short tag in firewalld.service(5).
171
172 description (s): see description tag in firewalld.service(5).
173
174 ports (a(ss)): array of port and protocol pairs. See port tag
175 in firewalld.service(5).
176
177 module names (as): array of kernel netfilter helpers, see
178 module tag in firewalld.service(5).
179
180 destinations (a{ss}): dictionary of {IP family : IP address}
181 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
182 destination tag in firewalld.service(5).
183
184 protocols (as): array of protocols, see protocol tag in
185 firewalld.service(5).
186
187 source-ports (a(ss)): array of port and protocol pairs. See
188 source-port tag in firewalld.service(5).
189
190 Possible errors: INVALID_SERVICE
191
192 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
193 Return runtime settings of given zone. For getting permanent
194 settings see
195 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
196 Settings are in format: version, name, description, UNUSED,
197 target, array of services, array of ports (port, protocol),
198 array of icmp-blocks, masquerade, array of forward-ports (port,
199 protocol, to-port, to-addr), array of interfaces, array of
200 sources, array of rich rules, array of protocols and array of
201 source-ports (port, protocol).
202
203 version (s): see version attribute of zone tag in
204 firewalld.zone(5).
205
206 name (s): see short tag in firewalld.zone(5).
207
208 description (s): see description tag in firewalld.zone(5).
209
210 UNUSED (b): this boolean value is no longer used for anything.
211
212 target (s): see target attribute of zone tag in
213 firewalld.zone(5).
214
215 services (as): array of service names, see service tag in
216 firewalld.zone(5).
217
218 ports (a(ss)): array of port and protocol pairs. See port tag
219 in firewalld.zone(5).
220
221 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
222 firewalld.zone(5).
223
224 masquerade (b): see masquerade tag in firewalld.zone(5).
225
226 forward-ports (a(ssss)): array of (port, protocol, to-port,
227 to-addr). See forward-port tag in firewalld.zone(5).
228
229 interfaces (as): array of interfaces. See interface tag in
230 firewalld.zone(5).
231
232 source addresses (as): array of source addresses. See source
233 tag in firewalld.zone(5).
234
235 rich rules (as): array of rich-language rules. See rule tag in
236 firewalld.zone(5).
237
238 protocols (as): array of protocols, see protocol tag in
239 firewalld.zone(5).
240
241 source-ports (a(ss)): array of port and protocol pairs. See
242 source-port tag in firewalld.zone(5).
243
244 Possible errors: INVALID_ZONE
245
246 listIcmpTypes() → as
247 Return array of names (s) of icmp types in runtime
248 configuration. For permanent configuration see
249 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
250
251 listServices() → as
252 Return array of service names (s) in runtime configuration. For
253 permanent configuration see
254 org.fedoraproject.FirewallD1.config.Methods.listServices.
255
256 queryPanicMode() → b
257 Return true if panic mode is enabled, false otherwise. In panic
258 mode all incoming and outgoing packets are dropped.
259
260 reload() → Nothing
261 Reload firewall rules and keep state information. Current
262 permanent configuration will become new runtime configuration,
263 i.e. all runtime only changes done until reload are lost with
264 reload if they have not been also in permanent configuration.
265
266 runtimeToPermanent() → Nothing
267 Make runtime settings permanent. Replaces permanent settings
268 with runtime settings for zones, services, icmptypes, direct
269 and policies (lockdown whitelist).
270
271 Possible errors: RT_TO_PERM_FAILED
272
273 checkPermanentConfig() → Nothing
274 Run checks on the permanent configuration. This is most useful
275 if changes were made manually to configuration files.
276
277 Possible errors: any
278
279 setDefaultZone(s: zone) → Nothing
280 Set default zone for connections and interfaces where no zone
281 has been selected to zone. Setting the default zone changes the
282 zone for the connections or interfaces, that are using the
283 default zone. This is a runtime and permanent change.
284
285 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
286
287 setLogDenied(s: value) → Nothing
288 Set LogDenied value to value. If LogDenied is enabled, then
289 logging rules are added right before reject and drop rules in
290 the INPUT, FORWARD and OUTPUT chains for the default rules and
291 also final reject and drop rules in zones. Possible values are:
292 all, unicast, broadcast, multicast and off. The default value
293 is off This is a runtime and permanent change.
294
295 Possible errors: ALREADY_SET, INVALID_VALUE
296
297 Signals
298 DefaultZoneChanged(s: zone)
299 Emitted when default zone has been changed to zone.
300
301 LogDeniedChanged(s: value)
302 Emitted when LogDenied value has been changed.
303
304 PanicModeDisabled()
305 Emitted when panic mode has been deactivated.
306
307 PanicModeEnabled()
308 Emitted when panic mode has been activated.
309
310 Reloaded()
311 Emitted when firewalld has been reloaded. Also emitted for a
312 complete reload.
313
314 Properties
315 BRIDGE - b - (ro)
316 Indicates whether the firewall has ethernet bridge support.
317
318 IPSet - b - (ro)
319 Indicates whether the firewall has IPSet support.
320
321 IPSetTypes - as - (ro)
322 The supported IPSet types by ipset and firewalld.
323
324 IPv4 - b - (ro)
325 Indicates whether the firewall has IPv4 support.
326
327 IPv4ICMPTypes - as - (ro)
328 The list of supported IPv4 ICMP types.
329
330 IPv6 - b - (ro)
331 Indicates whether the firewall has IPv6 support.
332
333 IPv6_rpfilter - b - (ro)
334 Indicates whether the reverse path filter test on a packet for
335 IPv6 is enabled. If a reply to the packet would be sent via the
336 same interface that the packet arrived on, the packet will
337 match and be accepted, otherwise dropped.
338
339 IPv6ICMPTypes - as - (ro)
340 The list of supported IPv6 ICMP types.
341
342 nf_conntrach_helper_setting - b - (ro)
343 Kernel nf_conntrack_helper setting.
344
345 nf_conntrack_helpers - a{sas} - (ro)
346 The list of conntrack helpers supported by the kernel.
347
348 nf_nat_helpers - a{sas} - (ro)
349 The list of nat helpers supported by the kernel.
350
351 interface_version - s - (ro)
352 firewalld D-Bus interface version string.
353
354 state - s - (ro)
355 firewalld state. This can be either INIT, FAILED, or RUNNING.
356 In INIT state, firewalld is starting up and initializing. In
357 FAILED state, firewalld completely started but experienced a
358 failure.
359
360 version - s - (ro)
361 firewalld version string.
362
363 org.fedoraproject.FirewallD1.ipset
364 Operations in this interface allows to get, add, remove and query
365 runtime ipset settings. For permanent configuration see
366 org.fedoraproject.FirewallD1.config.ipset interface.
367
368 Methods
369 addEntry(s: ipset, s: entry) → as
370 Add a new entry to ipset. The entry must match the type of the
371 ipset. If the ipset is using the timeout option, it is not
372 possible to see the entries, as they are timing out
373 automatically in the kernel. For permanent operation see
374 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
375
376 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
377
378 getEntries(s: ipset) → Nothing
379 Get all entries added to the ipset. If the ipset is using the
380 timeout option, it is not possible to see the entries, as they
381 are timing out automatically in the kernel. Return value is a
382 array of entry. For permanent operation see
383 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
384
385 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
386
387 getSettings(s: ipset) → (ssssa{ss}as)
388 Return runtime settings of given ipset. For getting permanent
389 settings see
390 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
391 Settings are in format: version, name, description, type,
392 dictionary of options and array of entries.
393
394 version (s): see version attribute of ipset tag in
395 firewalld.ipset(5).
396
397 name (s): see short tag in firewalld.ipset(5).
398
399 description (s): see description tag in firewalld.ipset(5).
400
401 type (s): see type attribute of ipset tag in
402 firewalld.ipset(5).
403
404 options (a{ss}): dictionary of {option : value} . See options
405 tag in firewalld.ipset(5).
406
407 entries (as): array of entries, see entry tag in
408 firewalld.ipset(5).
409
410 Possible errors: INVALID_IPSET
411
412 getIPSets() → as
413 Return array of ipset names (s) in runtime configuration. For
414 permanent configuration see
415 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
416
417 queryService(s: ipset, s: entry) → b
418 Return whether entry has been added to ipset. For permanent
419 operation see
420 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
421
422 Possible errors: INVALID_IPSET
423
424 queryService(s: ipset) → b
425 Return whether ipset is defined in runtime configuration.
426
427 removeEntry(s: ipset, s: entry) → as
428 Removes an entry from ipset. For permanent operation see
429 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
430
431 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
432
433 setEntries(as: entries) → Nothing
434 Permanently set list of entries to entries. For permanent
435 operation see
436 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
437 See entry tag in firewalld.ipset(5).
438
439 Signals
440 EntryAdded(s: ipset, s: entry)
441 Emitted when entry has been added to ipset.
442
443 EntryRemoved(s: ipset, s: entry)
444 Emitted when entry has been removed from ipset.
445
446 org.fedoraproject.FirewallD1.direct
447 This interface enables more direct access to the firewall. It enables
448 runtime manipulation with chains and rules. For permanent configuration
449 see org.fedoraproject.FirewallD1.config.direct interface.
450
451 Methods
452 addChain(s: ipv, s: table, s: chain) → Nothing
453 Add a new chain to table for ipv being either ipv4 (iptables)
454 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
455 other chain with this name already. There already exist basic
456 chains to use with direct methods, for example INPUT_direct
457 chain. These chains are jumped into before chains for zones,
458 i.e. every rule put into INPUT_direct will be checked before
459 rules in zones. For permanent operation see
460 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
461
462 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
463 COMMAND_FAILED
464
465 addPassthrough(s: ipv, as: args) → Nothing
466 Add a tracked passthrough rule with the arguments args for ipv
467 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
468 (ebtables). Valid commands in args are only -A/--append,
469 -I/--insert and -N/--new-chain. This method is (unlike
470 passthrough method) tracked, i.e. firewalld remembers it. It's
471 useful with
472 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
473 permanent operation see
474 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
475
476 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
477
478 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
479 Nothing
480 Add a rule with the arguments args to chain in table with
481 priority for ipv being either ipv4 (iptables) or ipv6
482 (ip6tables) or eb (ebtables). The priority is used to order
483 rules. Priority 0 means add rule on top of the chain, with a
484 higher priority the rule will be added further down. Rules with
485 the same priority are on the same level and the order of these
486 rules is not fixed and may change. If you want to make sure
487 that a rule will be added after another one, use a low priority
488 for the first and a higher for the following. For permanent
489 operation see
490 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
491
492 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
493 COMMAND_FAILED
494
495 getAllChains() → a(sss)
496 Get all chains added to all tables in format: ipv, table,
497 chain. This concerns only chains previously added with
498 addChain. Return value is a array of (ipv, table, chain). For
499 permanent operation see
500 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
501
502 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
503 (ebtables).
504
505 table (s): one of filter, mangle, nat, raw, security
506
507 chain (s): name of a chain.
508
509
510 getAllPassthroughs() → a(sas)
511 Get all tracked passthrough rules added in all ipv types in
512 format: ipv, rule. This concerns only rules previously added
513 with addPassthrough. Return value is a array of (ipv, array of
514 arguments). For permanent operation see
515 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
516
517 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
518 (ebtables).
519
520 arguments (as): array of commands, parameters and other
521 iptables/ip6tables/ebtables command line options.
522
523
524 getAllRules() → a(sssias)
525 Get all rules added to all chains in all tables in format: ipv,
526 table, chain, priority, rule. This concerns only rules
527 previously added with addRule. Return value is a array of (ipv,
528 table, chain, priority, array of arguments). For permanent
529 operation see
530 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
531
532 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
533 (ebtables).
534
535 table (s): one of filter, mangle, nat, raw, security
536
537 chain (s): name of a chain.
538
539 priority (i): used to order rules.
540
541 arguments (as): array of commands, parameters and other
542 iptables/ip6tables/ebtables command line options.
543
544
545 getChains(s: ipv, s: table) → as
546 Return an array of chains (s) added to table for ipv being
547 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
548 This concerns only chains previously added with addChain. For
549 permanent operation see
550 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
551
552 Possible errors: INVALID_IPV, INVALID_TABLE
553
554 getPassthroughs(s: ipv) → aas
555 Get tracked passthrough rules added in either ipv4 (iptables)
556 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
557 previously added with addPassthrough. Return value is a array
558 of (array of arguments). For permanent operation see
559 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
560
561 arguments (as): array of commands, parameters and other
562 iptables/ip6tables/ebtables command line options.
563
564
565 getRules(s: ipv, s: table, s: chain) → a(ias)
566 Get all rules added to chain in table for ipv being either ipv4
567 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
568 only rules previously added with addRule. Return value is a
569 array of (priority, array of arguments). For permanent
570 operation see
571 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
572
573 priority (i): used to order rules.
574
575 arguments (as): array of commands, parameters and other
576 iptables/ip6tables/ebtables command line options.
577
578 Possible errors: INVALID_IPV, INVALID_TABLE
579
580 passthrough(s: ipv, as: args) → s
581 Pass a command through to the firewall. ipv can be either ipv4
582 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
583 all iptables, ip6tables and ebtables command line arguments.
584 args can be all iptables, ip6tables and ebtables command line
585 arguments. This command is untracked, which means that
586 firewalld is not able to provide information about this command
587 later on.
588
589 Possible errors: COMMAND_FAILED
590
591 queryChain(s: ipv, s: table, s: chain) → b
592 Return whether a chain exists in table for ipv being either
593 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
594 concerns only chains previously added with addChain. For
595 permanent operation see
596 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
597
598 Possible errors: INVALID_IPV, INVALID_TABLE
599
600 queryPassthrough(s: ipv, as: args) → b
601 Return whether a tracked passthrough rule with the arguments
602 args exists for ipv being either ipv4 (iptables) or ipv6
603 (ip6tables) or eb (ebtables). This concerns only rules
604 previously added with addPassthrough. For permanent operation
605 see
606 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
607
608 Possible errors: INVALID_IPV
609
610 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
611 Return whether a rule with priority and the arguments args
612 exists in chain in table for ipv being either ipv4 (iptables)
613 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
614 previously added with addRule. For permanent operation see
615 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
616
617 Possible errors: INVALID_IPV, INVALID_TABLE
618
619 removeAllPassthroughs() → Nothing
620 Remove all passthrough rules previously added with
621 addPassthrough.
622
623 removeChain(s: ipv, s: table, s: chain) → Nothing
624 Remove a chain from table for ipv being either ipv4 (iptables)
625 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
626 added with addChain can be removed this way. For permanent
627 operation see
628 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
629
630 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
631 COMMAND_FAILED
632
633 removePassthrough(s: ipv, as: args) → Nothing
634 Remove a tracked passthrough rule with arguments args for ipv
635 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
636 (ebtables). Only rules previously added with addPassthrough can
637 be removed this way. For permanent operation see
638 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
639
640 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
641
642 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
643 Nothing
644 Remove a rule with priority and arguments args from chain in
645 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
646 or eb (ebtables). Only rules previously added with addRule can
647 be removed this way. For permanent operation see
648 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
649
650 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
651 COMMAND_FAILED
652
653 removeRules(s: ipv, s: table, s: chain) → Nothing
654 Remove all rules from chain in table for ipv being either ipv4
655 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
656 only rules previously added with addRule. For permanent
657 operation see
658 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
659
660 Possible errors: INVALID_IPV, INVALID_TABLE
661
662 Signals
663 ChainAdded(s: ipv, s: table, s: chain)
664 Emitted when chain has been added into table for ipv being
665 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
666
667 ChainRemoved(s: ipv, s: table, s: chain)
668 Emitted when chain has been removed from table for ipv being
669 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
670
671 PassthroughAdded(s: ipv, as: args)
672 Emitted when a tracked passthruogh rule with args has been
673 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
674 or eb (ebtables).
675
676 PassthroughRemoved(s: ipv, as: args)
677 Emitted when a tracked passthrough rule with args has been
678 removed for ipv being either ipv4 (iptables) or ipv6
679 (ip6tables) or eb (ebtables).
680
681 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
682 Emitted when a rule with args has been added to chain in table
683 with priority for ipv being either ipv4 (iptables) or ipv6
684 (ip6tables) or eb (ebtables).
685
686 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
687 Emitted when a rule with args has been removed from chain in
688 table with priority for ipv being either ipv4 (iptables) or
689 ipv6 (ip6tables) or eb (ebtables).
690
691 org.fedoraproject.FirewallD1.policies
692 Enables firewalld to be able to lock down configuration changes from
693 local applications. Local applications or services are able to change
694 the firewall configuration if they are running as root (example:
695 libvirt). With these operations administrator can lock the firewall
696 configuration so that either none or only applications that are in the
697 whitelist are able to request firewall changes. For permanent
698 configuration see org.fedoraproject.FirewallD1.config.policies
699 interface.
700
701 Methods
702 addLockdownWhitelistCommand(s: command) → Nothing
703 Add command to whitelist. See command option in
704 firewalld.lockdown-whitelist(5). For permanent operation see
705 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
706
707 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
708
709 addLockdownWhitelistContext(s: context) → Nothing
710 Add context to whitelist. See selinux option in
711 firewalld.lockdown-whitelist(5). For permanent operation see
712 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
713
714 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
715
716 addLockdownWhitelistUid(i: uid) → Nothing
717 Add user id uid to whitelist. See user option in
718 firewalld.lockdown-whitelist(5). For permanent operation see
719 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
720
721 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
722
723 addLockdownWhitelistUser(s: user) → Nothing
724 Add user name to whitelist. See user option in
725 firewalld.lockdown-whitelist(5). For permanent operation see
726 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
727
728 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
729
730 disableLockdown() → Nothing
731 Disable lockdown. This is a runtime and permanent change.
732
733 Possible errors: NOT_ENABLED
734
735 enableLockdown() → Nothing
736 Enable lockdown. Be careful - if the calling application/user
737 is not on lockdown whitelist when you enable lockdown you won't
738 be able to disable it again with the application, you would
739 need to edit firewalld.conf. This is a runtime and permanent
740 change.
741
742 Possible errors: ALREADY_ENABLED
743
744 getLockdownWhitelistCommands() → as
745 List all command lines (s) that are on whitelist. For permanent
746 operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
748
749 getLockdownWhitelistContexts() → as
750 List all contexts (s) that are on whitelist. For permanent
751 operation see
752 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
753
754 getLockdownWhitelistUids() → ai
755 List all user ids (i) that are on whitelist. For permanent
756 operation see
757 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
758
759 getLockdownWhitelistUsers() → as
760 List all users (s) that are on whitelist. For permanent
761 operation see
762 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
763
764 queryLockdown() → b
765 Query whether lockdown is enabled.
766
767 queryLockdownWhitelistCommand(s: command) → b
768 Query whether command is on whitelist. For permanent operation
769 see
770 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
771
772 queryLockdownWhitelistContext(s: context) → b
773 Query whether context is on whitelist. For permanent operation
774 see
775 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
776
777 queryLockdownWhitelistUid(i: uid) → b
778 Query whether user id uid is on whitelist. For permanent
779 operation see
780 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
781
782 queryLockdownWhitelistUser(s: user) → b
783 Query whether user is on whitelist. For permanent operation see
784 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
785
786 removeLockdownWhitelistCommand(s: command) → Nothing
787 Remove command from whitelist. For permanent operation see
788 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
789
790 Possible errors: NOT_ENABLED
791
792 removeLockdownWhitelistContext(s: context) → Nothing
793 Remove context from whitelist. For permanent operation see
794 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
795
796 Possible errors: NOT_ENABLED
797
798 removeLockdownWhitelistUid(i: uid) → Nothing
799 Remove user id uid from whitelist. For permanent operation see
800 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
801
802 Possible errors: NOT_ENABLED
803
804 removeLockdownWhitelistUser(s: user) → Nothing
805 Remove user from whitelist. For permanent operation see
806 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
807
808 Possible errors: NOT_ENABLED
809
810 Signals
811 LockdownDisabled()
812 Emitted when lockdown has been disabled.
813
814 LockdownEnabled()
815 Emitted when lockdown has been enabled.
816
817 LockdownWhitelistCommandAdded(s: command)
818 Emitted when command has been added to whitelist.
819
820 LockdownWhitelistCommandRemoved(s: command)
821 Emitted when command has been removed from whitelist.
822
823 LockdownWhitelistContextAdded(s: context)
824 Emitted when context has been added to whitelist.
825
826 LockdownWhitelistContextRemoved(s: context)
827 Emitted when context has been removed from whitelist.
828
829 LockdownWhitelistUidAdded(i: uid)
830 Emitted when user id uid has been added to whitelist.
831
832 LockdownWhitelistUidRemoved(i: uid)
833 Emitted when user id uid has been removed from whitelist.
834
835 LockdownWhitelistUserAdded(s: user)
836 Emitted when user has been added to whitelist.
837
838 LockdownWhitelistUserRemoved(s: user)
839 Emitted when user has been removed from whitelist.
840
841 org.fedoraproject.FirewallD1.zone
842 Operations in this interface allows to get, add, remove and query
843 runtime zone's settings. For permanent settings see
844 org.fedoraproject.FirewallD1.config.zone interface.
845
846 Methods
847 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
848 i: timeout) → s
849 Add the IPv4 forward port into zone. If zone is empty, use
850 default zone. The port can either be a single port number
851 portid or a port range portid-portid. The protocol can either
852 be tcp or udp. The destination address is a simple IP address.
853 If timeout is non-zero, the operation will be active only for
854 the amount of seconds. For permanent settings see
855 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
856
857 Returns name of zone to which the forward port was added.
858
859 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
860 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
861 ALREADY_ENABLED, INVALID_COMMAND
862
863 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
864 Add an ICMP block icmp into zone. The icmp is the one of the
865 icmp types firewalld supports. To get a listing of supported
866 icmp types use
867 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
868 empty, use default zone. If timeout is non-zero, the operation
869 will be active only for the amount of seconds. For permanent
870 settings see
871 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
872
873 Returns name of zone to which the ICMP block was added.
874
875 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
876 ALREADY_ENABLED, INVALID_COMMAND
877
878 addIcmpBlockInversion(s: zone) → s
879 Add ICMP block inversion to zone. If zone is empty, use default
880 zone. For permanent settings see
881 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
882
883 Returns name of zone to which the ICMP block inversion was
884 added.
885
886 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
887
888 addInterface(s: zone, s: interface) → s
889 Bind interface with zone. From now on all traffic going through
890 the interface will respect the zone's settings. If zone is
891 empty, use default zone. For permanent settings see
892 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
893
894 Returns name of zone to which the interface was bound.
895
896 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
897 ALREADY_ENABLED, INVALID_COMMAND
898
899 addMasquerade(s: zone, i: timeout) → s
900 Enable masquerade in zone. If zone is empty, use default zone.
901 If timeout is non-zero, masquerading will be active for the
902 amount of seconds. For permanent settings see
903 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
904
905 Returns name of zone in which the masquerade was enabled.
906
907 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
908
909 addPort(s: zone, s: port, s: protocol, i: timeout) → s
910 Add port into zone. If zone is empty, use default zone. The
911 port can either be a single port number or a port range
912 portid-portid. The protocol can either be tcp or udp. If
913 timeout is non-zero, the operation will be active only for the
914 amount of seconds. For permanent settings see
915 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
916
917 Returns name of zone to which the port was added.
918
919 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
920 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
921
922 addProtocol(s: zone, s: protocol, i: timeout) → s
923 Add protocol into zone. If zone is empty, use default zone. The
924 protocol can be any protocol supported by the system. Please
925 have a look at /etc/protocols for supported protocols. If
926 timeout is non-zero, the operation will be active only for the
927 amount of seconds. For permanent settings see
928 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
929
930 Returns name of zone to which the protocol was added.
931
932 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
933 ALREADY_ENABLED, INVALID_COMMAND
934
935 addRichRule(s: zone, s: rule, i: timeout) → s
936 Add rich language rule into zone. For the rich language rule
937 syntax, please have a look at firewalld.direct(5). If zone is
938 empty, use default zone. If timeout is non-zero, the operation
939 will be active only for the amount of seconds. For permanent
940 settings see
941 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
942
943 Returns name of zone to which the rich language rule was added.
944
945 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
946 INVALID_COMMAND
947
948 addService(s: zone, s: service, i: timeout) → s
949 Add service into zone. If zone is empty, use default zone. If
950 timeout is non-zero, the operation will be active only for the
951 amount of seconds. To get a list of supported services, use
952 org.fedoraproject.FirewallD1.Methods.listServices. For
953 permanent settings see
954 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
955
956 Returns name of zone to which the service was added.
957
958 Possible errors: INVALID_ZONE, INVALID_SERVICE,
959 ALREADY_ENABLED, INVALID_COMMAND
960
961 addSource(s: zone, s: source) → s
962 Bind source with zone. From now on all traffic going from this
963 source will respect the zone's settings. A source address or
964 address range is either an IP address or a network IP address
965 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
966 network mask or a plain number. For IPv6 the mask is a plain
967 number. Use of host names is not supported. If zone is empty,
968 use default zone. For permanent settings see
969 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
970
971 Returns name of zone to which the source was bound.
972
973 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
974 INVALID_COMMAND
975
976 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
977 Add source port into zone. If zone is empty, use default zone.
978 The port can either be a single port number or a port range
979 portid-portid. The protocol can either be tcp or udp. If
980 timeout is non-zero, the operation will be active only for the
981 amount of seconds. For permanent settings see
982 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
983
984 Returns name of zone to which the port was added.
985
986 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
987 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
988
989 changeZone(s: zone, s: interface) → s
990 This function is deprecated, use
991 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
992 instead.
993
994 changeZoneOfInterface(s: zone, s: interface) → s
995 Change a zone an interface is bound to to zone. It's basically
996 removeInterface(interface) followed by addInterface(zone,
997 interface). If interface has not been bound to a zone before,
998 it behaves like addInterface. If zone is empty, use default
999 zone.
1000
1001 Returns name of zone to which the interface was bound.
1002
1003 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1004
1005 changeZoneOfSource(s: zone, s: source) → s
1006 Change a zone an source is bound to to zone. It's basically
1007 removeSource(source) followed by addSource(zone, source). If
1008 source has not been bound to a zone before, it behaves like
1009 addSource. If zone is empty, use default zone.
1010
1011 Returns name of zone to which the source was bound.
1012
1013 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1014
1015 getActiveZones() → a{sa{sas}}
1016 Return dictionary of currently active zones altogether with
1017 interfaces and sources used in these zones. Active zones are
1018 zones, that have a binding to an interface or source.
1019
1020 Return value is a dictionary where keys are zone names (s) and
1021 values are again dictionaries where keys are either
1022 'interfaces' or 'sources' and values are arrays of interface
1023 names (s) or sources (s).
1024
1025 getForwardPorts(s: zone) → aas
1026 Return array of IPv4 forward ports previously added into zone.
1027 If zone is empty, use default zone. For getting permanent
1028 settings see
1029 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1030
1031 Return value is array of 4-tuples, where each 4-tuple consists
1032 of (port, protocol, to-port, to-addr). to-addr might be empty
1033 in case of local forwarding.
1034
1035 Possible errors: INVALID_ZONE
1036
1037 getIcmpBlocks(s: zone) → as
1038 Return array of ICMP type (s) blocks previously added into
1039 zone. If zone is empty, use default zone. For getting permanent
1040 settings see
1041 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1042
1043 Possible errors: INVALID_ZONE
1044
1045 getIcmpBlockInversion(s: zone) → b
1046 Return whether ICMP block inversion was previously added to
1047 zone. If zone is empty, use default zone. For getting permanent
1048 settings see
1049 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1050
1051 Possible errors: INVALID_ZONE
1052
1053 getInterfaces(s: zone) → as
1054 Return array of interfaces (s) previously bound with zone. If
1055 zone is empty, use default zone. For getting permanent settings
1056 see
1057 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1058
1059 Possible errors: INVALID_ZONE
1060
1061 getPorts(s: zone) → aas
1062 Return array of ports (2-tuple of port and protocol) previously
1063 enabled in zone. If zone is empty, use default zone. For
1064 getting permanent settings see
1065 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1066
1067 Possible errors: INVALID_ZONE
1068
1069 getProtocols(s: zone) → as
1070 Return array of protocols (s) previously enabled in zone. If
1071 zone is empty, use default zone. For getting permanent settings
1072 see
1073 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1074
1075 Possible errors: INVALID_ZONE
1076
1077 getRichRules(s: zone) → as
1078 Return array of rich language rules (s) previously added into
1079 zone. If zone is empty, use default zone. For getting permanent
1080 settings see
1081 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1082
1083 Possible errors: INVALID_ZONE
1084
1085 getServices(s: zone) → as
1086 Return array of services (s) previously enabled in zone. If
1087 zone is empty, use default zone. For getting permanent settings
1088 see
1089 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1090
1091 Possible errors: INVALID_ZONE
1092
1093 getSourcePorts(s: zone) → aas
1094 Return array of source ports (2-tuple of port and protocol)
1095 previously enabled in zone. If zone is empty, use default zone.
1096 For getting permanent settings see
1097 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1098
1099 Possible errors: INVALID_ZONE
1100
1101 getSources(s: zone) → as
1102 Return array of sources (s) previously bound with zone. If zone
1103 is empty, use default zone. For getting permanent settings see
1104 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1105
1106 Possible errors: INVALID_ZONE
1107
1108 getZoneOfInterface(s: interface) → s
1109 Return name (s) of zone the interface is bound to or empty
1110 string.
1111
1112 getZoneOfSource(s: source) → s
1113 Return name (s) of zone the source is bound to or empty string.
1114
1115 getZones() → as
1116 Return array of names (s) of predefined zones known to current
1117 runtime environment. For list of zones known to permanent
1118 environment see
1119 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1120 lists (of zones known to runtime and permanent environment)
1121 will contain same zones in most cases, but might differ for
1122 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1123 has been called recently, but firewalld has not been reloaded
1124 since then.
1125
1126 isImmutable(s: zone) → b
1127 Deprecated.
1128
1129 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1130 toaddr) → b
1131 Return whether the IPv4 forward port (port, protocol, toport,
1132 toaddr) has been added into zone. If zone is empty, use default
1133 zone. For permanent operation see
1134 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1135
1136 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1137 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1138
1139 queryIcmpBlock(s: zone, s: icmp) → b
1140 Return whether an ICMP block for icmp has been added into zone.
1141 If zone is empty, use default zone. For permanent operation see
1142 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1143
1144 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1145
1146 queryIcmpBlockInversion(s: zone) → b
1147 Return whether ICMP block inversion has been added to zone. If
1148 zone is empty, use default zone. For permanent operation see
1149 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1150
1151 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1152
1153 queryInterface(s: zone, s: interface) → b
1154 Query whether interface has been bound to zone. If zone is
1155 empty, use default zone. For permanent operation see
1156 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1157
1158 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1159
1160 queryMasquerade(s: zone) → b
1161 Return whether masquerading has been enabled in zone If zone is
1162 empty, use default zone. For permanent operation see
1163 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1164
1165 Possible errors: INVALID_ZONE
1166
1167 queryPort(s: zone, s: port, s: protocol) → b
1168 Return whether port/protocol has been added in zone. If zone is
1169 empty, use default zone. For permanent operation see
1170 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1171
1172 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1173 INVALID_PROTOCOL
1174
1175 queryProtocol(s: zone, s: protocol) → b
1176 Return whether protocol has been added in zone. If zone is
1177 empty, use default zone. For permanent operation see
1178 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1179
1180 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1181
1182 queryRichRule(s: zone, s: rule) → b
1183 Return whether rich rule rule has been added in zone. If zone
1184 is empty, use default zone. For permanent operation see
1185 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1186
1187 Possible errors: INVALID_ZONE, INVALID_RULE
1188
1189 queryService(s: zone, s: service) → b
1190 Return whether service has been added for zone. If zone is
1191 empty, use default zone. For permanent operation see
1192 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1193
1194 Possible errors: INVALID_ZONE, INVALID_SERVICE
1195
1196 querySource(s: zone, s: source) → b
1197 Query whether sourcehas been bound to zone. If zone is empty,
1198 use default zone. For permanent operation see
1199 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1200
1201 Possible errors: INVALID_ZONE, INVALID_ADDR
1202
1203 querySourcePort(s: zone, s: port, s: protocol) → b
1204 Return whether port/protocol has been added in zone. If zone is
1205 empty, use default zone. For permanent operation see
1206 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1207
1208 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1209 INVALID_PROTOCOL
1210
1211 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1212 toaddr) → s
1213 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1214 from zone. If zone is empty, use default zone. For permanent
1215 operation see
1216 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1217
1218 Returns name of zone from which the forward port was removed.
1219
1220 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1221 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1222 INVALID_COMMAND
1223
1224 removeIcmpBlock(s: zone, s: icmp) → s
1225 Remove ICMP block icmp from zone. If zone is empty, use default
1226 zone. For permanent operation see
1227 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1228
1229 Returns name of zone from which the ICMP block was removed.
1230
1231 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1232 INVALID_COMMAND
1233
1234 removeIcmpBlockInversion(s: zone) → s
1235 Remove ICMP block inversion from zone. If zone is empty, use
1236 default zone. For permanent operation see
1237 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1238
1239 Returns name of zone from which the ICMP block inversion was
1240 removed.
1241
1242 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1243
1244 removeInterface(s: zone, s: interface) → s
1245 Remove binding of interface from zone. If zone is empty, the
1246 interface will be removed from zone it belongs to. For
1247 permanent operation see
1248 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1249
1250 Returns name of zone from which the interface was removed.
1251
1252 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1253 INVALID_COMMAND
1254
1255 removeMasquerade(s: zone) → s
1256 Disable masquerade for zone. If zone is empty, use default
1257 zone. For permanent operation see
1258 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1259
1260 Returns name of zone for which the masquerade was disabled.
1261
1262 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1263
1264 removePort(s: zone, s: port, s: protocol) → s
1265 Remove port/protocol from zone. If zone is empty, use default
1266 zone. For permanent operation see
1267 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1268
1269 Returns name of zone from which the port was removed.
1270
1271 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1272 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1273
1274 removeProtocol(s: zone, s: protocol) → s
1275 Remove protocol from zone. If zone is empty, use default zone.
1276 For permanent operation see
1277 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1278
1279 Returns name of zone from which the protocol was removed.
1280
1281 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1282 INVALID_COMMAND
1283
1284 removeRichRule(s: zone, s: rule) → s
1285 Remove rich language rule from zone. If zone is empty, use
1286 default zone. For permanent operation see
1287 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1288
1289 Returns name of zone from which the rich language rule was
1290 removed.
1291
1292 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1293 INVALID_COMMAND
1294
1295 removeService(s: zone, s: service) → s
1296 Remove service from zone. If zone is empty, use default zone.
1297 For permanent operation see
1298 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1299
1300 Returns name of zone from which the service was removed.
1301
1302 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1303 INVALID_COMMAND
1304
1305 removeSource(s: zone, s: source) → s
1306 Remove binding of source from zone. If zone is empty, the
1307 source will be removed from zone it belongs to. For permanent
1308 operation see
1309 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1310
1311 Returns name of zone from which the source was removed.
1312
1313 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1314 INVALID_COMMAND
1315
1316 removeSourcePort(s: zone, s: port, s: protocol) → s
1317 Remove port/protocol from zone. If zone is empty, use default
1318 zone. For permanent operation see
1319 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1320
1321 Returns name of zone from which the source port was removed.
1322
1323 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1324 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1325
1326 Signals
1327 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1328 toaddr, i: timeout)
1329 Emitted when forward port has been added to zone with timeout.
1330
1331 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1332 toaddr)
1333 Emitted when forward port has been removed from zone.
1334
1335 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1336 Emitted when ICMP block for icmp has been added to zone with
1337 timeout.
1338
1339 IcmpBlockInversionAdded(s: zone)
1340 Emitted when ICMP block inversion has been added to zone.
1341
1342 IcmpBlockInversionRemoved(s: zone)
1343 Emitted when ICMP block inversion has been removed from zone.
1344
1345 IcmpBlockRemoved(s: zone, s: icmp)
1346 Emitted when ICMP block for icmp has been removed from zone.
1347
1348 InterfaceAdded(s: zone, s: interface)
1349 Emitted when interface has been added to zone.
1350
1351 InterfaceRemoved(s: zone, s: interface)
1352 Emitted when interface has been removed from zone.
1353
1354 MasqueradeAdded(s: zone, i: timeout)
1355 Emitted when masquerade has been enabled for zone.
1356
1357 MasqueradeRemoved(s: zone)
1358 Emitted when masquerade has been disabled for zone.
1359
1360 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1361 Emitted when port/protocol has been added to zone with timeout.
1362
1363 PortRemoved(s: zone, s: port, s: protocol)
1364 Emitted when port/protocol has been removed from zone.
1365
1366 ProtocolAdded(s: zone, s: protocol, i: timeout)
1367 Emitted when protocol has been added to zone with timeout.
1368
1369 ProtocolRemoved(s: zone, s: protocol)
1370 Emitted when protocol has been removed from zone.
1371
1372 RichRuleAdded(s: zone, s: rule, i: timeout)
1373 Emitted when rich language rule has been added to zone with
1374 timeout.
1375
1376 RichRuleRemoved(s: zone, s: rule)
1377 Emitted when rich language rule has been removed from zone.
1378
1379 ServiceAdded(s: zone, s: service, i: timeout)
1380 Emitted when service has been added to zone with timeout.
1381
1382 ServiceRemoved(s: zone, s: service)
1383 Emitted when service has been removed from zone.
1384
1385 SourceAdded(s: zone, s: source)
1386 Emitted when source has been added to zone.
1387
1388 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1389 Emitted when source-port/protocol has been added to zone with
1390 timeout.
1391
1392 SourcePortRemoved(s: zone, s: port, s: protocol)
1393 Emitted when source-port/protocol has been removed from zone.
1394
1395 SourceRemoved(s: zone, s: source)
1396 Emitted when source has been removed from zone.
1397
1398 ZoneChanged(s: zone, s: interface)
1399 Deprecated
1400
1401 ZoneOfInterfaceChanged(s: zone, s: interface)
1402 Emitted when a zone an interface is part of has been changed to
1403 zone.
1404
1405 ZoneOfSourceChanged(s: zone, s: source)
1406 Emitted when a zone an source is part of has been changed to
1407 zone.
1408
1409 org.fedoraproject.FirewallD1.config
1410 Allows to permanently add, remove and query zones, services and icmp
1411 types.
1412
1413 Methods
1414 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1415 Add ipset with given settings into permanent configuration.
1416 Settings are in format: version, name, description, type,
1417 dictionary of options and array of entries.
1418
1419 version (s): see version attribute of ipset tag in
1420 firewalld.ipset(5).
1421
1422 name (s): see short tag in firewalld.ipset(5).
1423
1424 description (s): see description tag in firewalld.ipset(5).
1425
1426 type (s): see type attribute of ipset tag in
1427 firewalld.ipset(5).
1428
1429 options (a{ss}): dictionary of {option : value} . See options
1430 tag in firewalld.ipset(5).
1431
1432 entries (as): array of entries, see entry tag in
1433 firewalld.ipset(5).
1434
1435 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1436
1437 addIcmpType(s: icmptype, (sssas): settings) → o
1438 Add icmptype with given settings into permanent configuration.
1439 Settings are in format: version, name, description, array of
1440 destinations. Returns object path of the new icmp type.
1441
1442 version (s): see version attribute of icmptype tag in
1443 firewalld.icmptype(5).
1444
1445 name (s): see short tag in firewalld.icmptype(5).
1446
1447 description (s): see description tag in firewalld.icmptype(5).
1448
1449 destinations (as): array, either empty or containing strings
1450 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1451
1452 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1453
1454 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1455 Add service with given settings into permanent configuration.
1456 Settings are in format: version, name, description, array of
1457 ports (port, protocol), array of module names, dictionary of
1458 destinations, array of protocols and array of source-ports
1459 (port, protocol). Returns object path of the new icmp type.
1460
1461 version (s): see version attribute of service tag in
1462 firewalld.service(5).
1463
1464 name (s): see short tag in firewalld.service(5).
1465
1466 description (s): see description tag in firewalld.service(5).
1467
1468 ports (a(ss)): array of port and protocol pairs. See port tag
1469 in firewalld.service(5).
1470
1471 module names (as): array of kernel netfilter helpers, see
1472 module tag in firewalld.service(5).
1473
1474 destinations (a{ss}): dictionary of {IP family : IP address}
1475 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1476 destination tag in firewalld.service(5).
1477
1478 protocols (as): array of protocols. See protocol tag in
1479 firewalld.service(5).
1480
1481 source-ports (a(ss)): array of port and protocol pairs. See
1482 source-port tag in firewalld.service(5).
1483
1484 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1485
1486 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1487 o
1488 Add zone with given settings into permanent configuration.
1489 Settings are in format: version, name, description, UNUSED,
1490 target, array of services, array of ports (port, protocol),
1491 array of icmp-blocks, masquerade, array of forward-ports (port,
1492 protocol, to-port, to-addr), array of interfaces, array of
1493 sources, array of rich rules, array of protocols and array of
1494 source-ports (port, protocol).
1495
1496 version (s): see version attribute of zone tag in
1497 firewalld.zone(5).
1498
1499 name (s): see short tag in firewalld.zone(5).
1500
1501 description (s): see description tag in firewalld.zone(5).
1502
1503 UNUSED (b): this boolean value is no longer used for anything.
1504
1505 target (s): see target attribute of zone tag in
1506 firewalld.zone(5).
1507
1508 services (as): array of service names, see service tag in
1509 firewalld.zone(5).
1510
1511 ports (a(ss)): array of port and protocol pairs. See port tag
1512 in firewalld.zone(5).
1513
1514 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1515 firewalld.zone(5).
1516
1517 masquerade (b): see masquerade tag in firewalld.zone(5).
1518
1519 forward-ports (a(ssss)): array of (port, protocol, to-port,
1520 to-addr). See forward-port tag in firewalld.zone(5).
1521
1522 interfaces (as): array of interfaces. See interface tag in
1523 firewalld.zone(5).
1524
1525 source addresses (as): array of source addresses. See source
1526 tag in firewalld.zone(5).
1527
1528 rich rules (as): array of rich-language rules. See rule tag in
1529 firewalld.zone(5).
1530
1531 protocols (as): array of protocols. See protocol tag in
1532 firewalld.zone(5).
1533
1534 source-ports (a(ss)): array of port and protocol pairs. See
1535 source-port tag in firewalld.zone(5).
1536
1537 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1538
1539 getHelperByName(s: helper) → o
1540 Return object path (permanent configuration) of helper with
1541 given name.
1542
1543 Possible errors: INVALID_HELPER
1544
1545 getHelperNames() → as
1546 Return list of helper names (permanent configuration).
1547
1548 getIPSetByName(s: ipset) → o
1549 Return object path (permanent configuration) of ipset with
1550 given name.
1551
1552 Possible errors: INVALID_IPSET
1553
1554 getIPSetNames() → as
1555 Return list of ipset names (permanent configuration).
1556
1557 getIcmpTypeByName(s: icmptype) → o
1558 Return object path (permanent configuration) of icmptype with
1559 given name.
1560
1561 Possible errors: INVALID_ICMPTYPE
1562
1563 getIcmpTypeNames() → as
1564 Return list of icmptype names (permanent configuration).
1565
1566 getServiceByName(s: service) → o
1567 Return object path (permanent configuration) of service with
1568 given name.
1569
1570 Possible errors: INVALID_SERVICE
1571
1572 getServiceNames() → as
1573 Return list of service names (permanent configuration).
1574
1575 getZoneByName(s: zone) → o
1576 Return object path (permanent configuration) of zone with given
1577 name.
1578
1579 Possible errors: INVALID_ZONE
1580
1581 getZoneNames() → as
1582 Return list of zone names (permanent configuration) of.
1583
1584 getZoneOfInterface(s: iface) → s
1585 Return name of zone the iface is bound to or empty string.
1586
1587 getZoneOfSource(s: source) → s
1588 Return name of zone the source is bound to or empty string.
1589
1590 listHelpers() → ao
1591 Return array of object paths (o) of helper in permanent
1592 configuration. For runtime configuration see
1593 org.fedoraproject.FirewallD1.Methods.getHelpers.
1594
1595 listIPSets() → ao
1596 Return array of object paths (o) of ipset in permanent
1597 configuration. For runtime configuration see
1598 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1599
1600 listIcmpTypes() → ao
1601 Return array of object paths (o) of icmp types in permanent
1602 configuration. For runtime configuration see
1603 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1604
1605 listServices() → ao
1606 Return array of objects paths (o) of services in permanent
1607 configuration. For runtime configuration see
1608 org.fedoraproject.FirewallD1.Methods.listServices.
1609
1610 listZones() → ao
1611 List object paths of zones known to permanent environment. For
1612 list of zones known to runtime environment see
1613 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1614 (of zones known to runtime and permanent environment) will
1615 contain same zones in most cases, but might differ for example
1616 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1617 called recently, but firewalld has not been reloaded since
1618 then.
1619
1620 Signals
1621 HelperAdded(s: helper)
1622 Emitted when helper has been added.
1623
1624 IPSetAdded(s: ipset)
1625 Emitted when ipset has been added.
1626
1627 IcmpTypeAdded(s: icmptype)
1628 Emitted when icmptype has been added.
1629
1630 ServiceAdded(s: service)
1631 Emitted when service has been added.
1632
1633 ZoneAdded(s: zone)
1634 Emitted when zone has been added.
1635
1636 Properties
1637 AutomaticHelpers - s - (rw)
1638 Indicates whether automatic helper assignment in kernel should
1639 be used or not. With the system setting this is left to the
1640 kernel or system default.
1641
1642 CleanupOnExit - s - (rw)
1643 If firewalld stops, it cleans up all firewall rules. Setting
1644 this option to no or false leaves the current firewall rules
1645 untouched.
1646
1647 DefaultZone - s - (ro)
1648 Default zone for connections or interfaces if the zone is not
1649 selected or specified by NetworkManager, initscripts or command
1650 line tool.
1651
1652 IPv6_rpfilter - s - (rw)
1653 Indicates whether the reverse path filter test on a packet for
1654 IPv6 is enabled. If a reply to the packet would be sent via the
1655 same interface that the packet arrived on, the packet will
1656 match and be accepted, otherwise dropped.
1657
1658 IndividualCalls - s - (ro)
1659 Indicates whether individual calls combined -restore calls are
1660 used. If enabled, this increases the time that is needed to
1661 apply changes and to start the daemon, but is good for
1662 debugging.
1663
1664 Lockdown - s - (rw)
1665 If this property is enabled, firewall changes with the D-Bus
1666 interface will be limited to applications that are listed in
1667 the lockdown whitelist.
1668
1669 LogDenied - s - (rw)
1670 If LogDenied is enabled, then logging rules are added right
1671 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1672 chains for the default rules and also final reject and drop
1673 rules in zones. Possible values are: all, unicast, broadcast,
1674 multicast and off.
1675
1676 MinimalMark - i - (rw)
1677 For some firewall settings several rules are needed in
1678 different tables to be able to handle packets in the correct
1679 way. To achieve that these packets are marked using the MARK
1680 target. With the MinimalMark property a block of marks can be
1681 reserved for private use; only marks over this value are used.
1682
1683 org.fedoraproject.FirewallD1.config.direct
1684 Interface for permanent direct configuration, see also
1685 firewalld.direct(5). For runtime direct configuration see
1686 org.fedoraproject.FirewallD1.direct interface.
1687
1688 Methods
1689 addChain(s: ipv, s: table, s: chain) → Nothing
1690 Add a new chain to table for ipv being either ipv4 (iptables)
1691 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1692 other chain with this name already. There already exist basic
1693 chains to use with direct methods, for example INPUT_direct
1694 chain. These chains are jumped into before chains for zones,
1695 i.e. every rule put into INPUT_direct will be checked before
1696 rules in zones. For runtime operation see
1697 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1698
1699 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1700
1701 addPassthrough(s: ipv, as: args) → Nothing
1702 Add a passthrough rule with the arguments args for ipv being
1703 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1704 For runtime operation see
1705 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1706
1707 Possible errors: INVALID_IPV, ALREADY_ENABLED
1708
1709 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1710 Nothing
1711 Add a rule with the arguments args to chain in table with
1712 priority for ipv being either ipv4 (iptables) or ipv6
1713 (ip6tables) or eb (ebtables). The priority is used to order
1714 rules. Priority 0 means add rule on top of the chain, with a
1715 higher priority the rule will be added further down. Rules with
1716 the same priority are on the same level and the order of these
1717 rules is not fixed and may change. If you want to make sure
1718 that a rule will be added after another one, use a low priority
1719 for the first and a higher for the following. For runtime
1720 operation see
1721 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1722
1723 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1724
1725 getAllChains() → a(sss)
1726 Get all chains added to all tables in format: ipv, table,
1727 chain. This concerns only chains previously added with
1728 addChain. Return value is a array of (ipv, table, chain). For
1729 runtime operation see
1730 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1731
1732 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1733 (ebtables).
1734
1735 table (s): one of filter, mangle, nat, raw, security
1736
1737 chain (s): name of a chain.
1738
1739
1740 getAllPassthroughs() → a(sas)
1741 Get all passthrough rules added in all ipv types in format:
1742 ipv, rule. This concerns only rules previously added with
1743 addPassthrough. Return value is a array of (ipv, array of
1744 arguments). For runtime operation see
1745 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1746
1747 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1748 (ebtables).
1749
1750 arguments (as): array of commands, parameters and other
1751 iptables/ip6tables/ebtables command line options.
1752
1753
1754 getAllRules() → a(sssias)
1755 Get all rules added to all chains in all tables in format: ipv,
1756 table, chain, priority, rule. This concerns only rules
1757 previously added with addRule. Return value is a array of (ipv,
1758 table, chain, priority, array of arguments). For runtime
1759 operation see
1760 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1761
1762 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1763 (ebtables).
1764
1765 table (s): one of filter, mangle, nat, raw, security
1766
1767 chain (s): name of a chain.
1768
1769 priority (i): used to order rules.
1770
1771 arguments (as): array of commands, parameters and other
1772 iptables/ip6tables/ebtables command line options.
1773
1774
1775 getChains(s: ipv, s: table) → as
1776 Return an array of chains (s) added to table for ipv being
1777 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1778 This concerns only chains previously added with addChain. For
1779 runtime operation see
1780 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1781
1782 Possible errors: INVALID_IPV, INVALID_TABLE
1783
1784 getPassthroughs(s: ipv) → aas
1785 Get tracked passthrough rules added in either ipv4 (iptables)
1786 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1787 previously added with addPassthrough. Return value is a array
1788 of (array of arguments). For runtime operation see
1789 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1790
1791 arguments (as): array of commands, parameters and other
1792 iptables/ip6tables/ebtables command line options.
1793
1794
1795 getRules(s: ipv, s: table, s: chain) → a(ias)
1796 Get all rules added to chain in table for ipv being either ipv4
1797 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1798 only rules previously added with addRule. Return value is a
1799 array of (priority, array of arguments). For runtime operation
1800 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1801
1802 priority (i): used to order rules.
1803
1804 arguments (as): array of commands, parameters and other
1805 iptables/ip6tables/ebtables command line options.
1806
1807 Possible errors: INVALID_IPV, INVALID_TABLE
1808
1809 getSettings() → (a(sss)a(sssias)a(sas))
1810 Get settings of permanent direct configuration in format: array
1811 of chains, array of rules, array of passthroughs.
1812
1813 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1814 firewalld.direct(5).
1815 .
1816 .PP rules (a(sssias)): array of (ipv, table,
1817 chain, priority, array of arguments), see 'rule' in
1818 firewalld.direct(5).
1819 .
1820 .PP passthroughs (a(sas)): array of (ipv,
1821 array of arguments), see passthrough in firewalld.direct(5).
1822 .
1823 .sp
1824
1825 queryChain(s: ipv, s: table, s: chain) → b
1826 Return whether a chain exists in table for ipv being either
1827 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1828 concerns only chains previously added with addChain. For
1829 runtime operation see
1830 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1831
1832 Possible errors: INVALID_IPV, INVALID_TABLE
1833
1834 queryPassthrough(s: ipv, as: args) → b
1835 Return whether a tracked passthrough rule with the arguments
1836 args exists for ipv being either ipv4 (iptables) or ipv6
1837 (ip6tables) or eb (ebtables). This concerns only rules
1838 previously added with addPassthrough. For runtime operation see
1839 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1840
1841 Possible errors: INVALID_IPV
1842
1843 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1844 Return whether a rule with priority and the arguments args
1845 exists in chain in table for ipv being either ipv4 (iptables)
1846 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1847 previously added with addRule. For runtime operation see
1848 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1849
1850 Possible errors: INVALID_IPV, INVALID_TABLE
1851
1852 removeChain(s: ipv, s: table, s: chain) → Nothing
1853 Remove a chain from table for ipv being either ipv4 (iptables)
1854 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1855 added with addChain can be removed this way. For runtime
1856 operation see
1857 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1858
1859 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1860
1861 removePassthrough(s: ipv, as: args) → Nothing
1862 Remove a passthrough rule with arguments args for ipv being
1863 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1864 Only rules previously added with addPassthrough can be removed
1865 this way. For runtime operation see
1866 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1867
1868 Possible errors: INVALID_IPV, NOT_ENABLED
1869
1870 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1871 Nothing
1872 Remove a rule with priority and arguments args from chain in
1873 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1874 or eb (ebtables). Only rules previously added with addRule can
1875 be removed this way. For runtime operation see
1876 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1877
1878 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1879
1880 removeRules(s: ipv, s: table, s: chain) → Nothing
1881 Remove all rules from chain in table for ipv being either ipv4
1882 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1883 only rules previously added with addRule. For runtime operation
1884 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1885
1886 Possible errors: INVALID_IPV, INVALID_TABLE
1887
1888 update((a(sss)a(sssias)a(sas)): settings) → Nothing
1889 Update permanent direct configuration with given settings.
1890 Settings are in format: array of chains, array of rules, array
1891 of passthroughs.
1892
1893 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1894 firewalld.direct(5).
1895 .
1896 .PP rules (a(sssias)): array of (ipv, table,
1897 chain, priority, array of arguments), see 'rule' in
1898 firewalld.direct(5).
1899 .
1900 .PP passthroughs (a(sas)): array of (ipv,
1901 array of arguments), see passthrough in firewalld.direct(5).
1902 .
1903 .sp Possible errors: INVALID_TYPE
1904
1905 Signals
1906 Updated()
1907 Emitted when configuration has been updated.
1908
1909 org.fedoraproject.FirewallD1.config.policies
1910 Interface for permanent lockdown-whitelist configuration, see also
1911 firewalld.lockdown-whitelist(5). For runtime configuration see
1912 org.fedoraproject.FirewallD1.policies interface.
1913
1914 Methods
1915 addLockdownWhitelistCommand(s: command) → Nothing
1916 Add command to whitelist. See command option in
1917 firewalld.lockdown-whitelist(5). For runtime operation see
1918 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1919
1920 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1921
1922 addLockdownWhitelistContext(s: context) → Nothing
1923 Add context to whitelist. See selinux option in
1924 firewalld.lockdown-whitelist(5). For runtime operation see
1925 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1926
1927 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1928
1929 addLockdownWhitelistUid(i: uid) → Nothing
1930 Add user id uid to whitelist. See user option in
1931 firewalld.lockdown-whitelist(5). For runtime operation see
1932 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1933
1934 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1935
1936 addLockdownWhitelistUser(s: user) → Nothing
1937 Add user name to whitelist. See user option in
1938 firewalld.lockdown-whitelist(5). For runtime operation see
1939 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1940
1941 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1942
1943 getLockdownWhitelist() → (asasasai)
1944 Get settings of permanent lockdown-whitelist configuration in
1945 format: commands, selinux contexts, users, uids
1946
1947 commands (as): see command option in firewalld.lockdown-
1948 whitelist(5).
1949
1950 selinux contexts (as): see selinux option in
1951 firewalld.lockdown-whitelist(5).
1952
1953 users (as): see name attribute of user option in
1954 firewalld.lockdown-whitelist(5).
1955
1956 uids (ai): see id attribute of user option in
1957 firewalld.lockdown-whitelist(5).
1958
1959
1960 getLockdownWhitelistCommands() → as
1961 List all command lines (s) that are on whitelist. For runtime
1962 operation see
1963 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1964
1965 getLockdownWhitelistContexts() → as
1966 List all contexts (s) that are on whitelist. For runtime
1967 operation see
1968 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
1969
1970 getLockdownWhitelistUids() → ai
1971 List all user ids (i) that are on whitelist. For runtime
1972 operation see
1973 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
1974
1975 getLockdownWhitelistUsers() → as
1976 List all users (s) that are on whitelist. For runtime operation
1977 see
1978 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
1979
1980 queryLockdownWhitelistCommand(s: command) → b
1981 Query whether command is on whitelist. For runtime operation
1982 see
1983 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
1984
1985 queryLockdownWhitelistContext(s: context) → b
1986 Query whether context is on whitelist. For runtime operation
1987 see
1988 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
1989
1990 queryLockdownWhitelistUid(i: uid) → b
1991 Query whether user id uid is on whitelist. For runtime
1992 operation see
1993 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
1994
1995 queryLockdownWhitelistUser(s: user) → b
1996 Query whether user is on whitelist. For runtime operation see
1997 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
1998
1999 removeLockdownWhitelistCommand(s: command) → Nothing
2000 Remove command from whitelist. For runtime operation see
2001 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2002
2003 Possible errors: NOT_ENABLED
2004
2005 removeLockdownWhitelistContext(s: context) → Nothing
2006 Remove context from whitelist. For runtime operation see
2007 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2008
2009 Possible errors: NOT_ENABLED
2010
2011 removeLockdownWhitelistUid(i: uid) → Nothing
2012 Remove user id uid from whitelist. For runtime operation see
2013 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2014
2015 Possible errors: NOT_ENABLED
2016
2017 removeLockdownWhitelistUser(s: user) → Nothing
2018 Remove user from whitelist. For runtime operation see
2019 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2020
2021 Possible errors: NOT_ENABLED
2022
2023 setLockdownWhitelist((asasasai): settings) → Nothing
2024 Set permanent lockdown-whitelist configuration to settings.
2025 Settings are in format: commands, selinux contexts, users, uids
2026
2027 commands (as): see command option in firewalld.lockdown-
2028 whitelist(5).
2029
2030 selinux contexts (as): see selinux option in
2031 firewalld.lockdown-whitelist(5).
2032
2033 users (as): see name attribute of user option in
2034 firewalld.lockdown-whitelist(5).
2035
2036 uids (ai): see id attribute of user option in
2037 firewalld.lockdown-whitelist(5).
2038
2039 Possible errors: INVALID_TYPE
2040
2041 Signals
2042 LockdownWhitelistUpdated()
2043 Emitted when permanent lockdown-whitelist configuration has
2044 been updated.
2045
2046 org.fedoraproject.FirewallD1.config.ipset
2047 Interface for permanent ipset configuration, see also
2048 firewalld.ipset(5).
2049
2050 Methods
2051 addEntry(s: entry) → Nothing
2052 Permanently add entry to list of entries of ipset. See entry
2053 tag in firewalld.ipset(5). For runtime operation see
2054 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2055
2056 Possible errors: ALREADY_ENABLED
2057
2058 addOption(s: key, s: value) → Nothing
2059 Permanently add (key, value) to the ipset. See option tag in
2060 firewalld.ipset(5).
2061
2062 Possible errors: ALREADY_ENABLED
2063
2064 getDescription() → s
2065 Get description of ipset. See description tag in
2066 firewalld.ipset(5).
2067
2068 getEntries() → as
2069 Get list of entries added to ipset. See entry tag in
2070 firewalld.ipset(5). For runtime operation see
2071 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2072
2073 Possible errors: IPSET_WITH_TIMEOUT
2074
2075 getOptions() → a{ss}
2076 Get dictionary of options set for ipset. See option tag in
2077 firewalld.ipset(5).
2078
2079 getSettings() → (ssssa{ss}as)
2080 Return permament settings of the ipset. For getting runtime
2081 settings see
2082 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2083 Settings are in format: version, name, description, type,
2084 dictionary of options and array of entries.
2085
2086 version (s): see version attribute of ipset tag in
2087 firewalld.ipset(5).
2088
2089 name (s): see short tag in firewalld.ipset(5).
2090
2091 description (s): see description tag in firewalld.ipset(5).
2092
2093 type (s): see type attribute of ipset tag in
2094 firewalld.ipset(5).
2095
2096 options (a{ss}): dictionary of {option : value} . See options
2097 tag in firewalld.ipset(5).
2098
2099 entries (as): array of entries, see entry tag in
2100 firewalld.ipset(5).
2101
2102
2103 getShort() → s
2104 Get name of ipset. See short tag in firewalld.ipset(5).
2105
2106 getType() → s
2107 Get type of ipset. See type attribute of ipset tag in
2108 firewalld.ipset(5).
2109
2110 getVersion() → s
2111 Get version of ipset. See version attribute of ipset tag in
2112 firewalld.ipset(5).
2113
2114 loadDefaults() → Nothing
2115 Load default settings for built-in ipset.
2116
2117 Possible errors: NO_DEFAULTS
2118
2119 queryEntry(s: entry) → b
2120 Return whether entry has been added to ipset. For runtime
2121 operation see
2122 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2123
2124 queryOption(s: key, s: value) → b
2125 Return whether (key, value) has been added to options of the
2126 ipset.
2127
2128 remove() → Nothing
2129 Remove not built-in ipset.
2130
2131 Possible errors: BUILTIN_IPSET
2132
2133 removeEntry(s: entry) → Nothing
2134 Permanently remove entry from ipset. See entry tag in
2135 firewalld.ipset(5). For runtime operation see
2136 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2137
2138 Possible errors: NOT_ENABLED
2139
2140 removeOption(s: key) → Nothing
2141 Permanently remove key from the ipset. See option tag in
2142 firewalld.ipset(5).
2143
2144 Possible errors: NOT_ENABLED
2145
2146 rename(s: name) → Nothing
2147 Rename not built-in ipset to name.
2148
2149 Possible errors: BUILTIN_IPSET
2150
2151 setDescription(s: description) → Nothing
2152 Permanently set description of ipset to description. See
2153 description tag in firewalld.ipset(5).
2154
2155 setEntries(as: entries) → Nothing
2156 Permanently set list of entries to entries. See entry tag in
2157 firewalld.ipset(5).
2158
2159 setOptions(a{ss}: options) → Nothing
2160 Permanently set dict of options to options. See option tag in
2161 firewalld.ipset(5).
2162
2163 setShort(s: short) → Nothing
2164 Permanently set name of ipset to short. See short tag in
2165 firewalld.ipset(5).
2166
2167 setType(s: ipset_type) → Nothing
2168 Permanently set type of ipset to ipset_type. See type attribute
2169 of ipset tag in firewalld.ipset(5).
2170
2171 setVersion(s: version) → Nothing
2172 Permanently set version of ipset to version. See version
2173 attribute of ipset tag in firewalld.ipset(5).
2174
2175 update((ssssa{ss}as): settings) → Nothing
2176 Update settings of ipset to settings. Settings are in format:
2177 version, name, description, type, dictionary of options and
2178 array of entries.
2179
2180 version (s): see version attribute of ipset tag in
2181 firewalld.ipset(5).
2182
2183 name (s): see short tag in firewalld.ipset(5).
2184
2185 description (s): see description tag in firewalld.ipset(5).
2186
2187 type (s): see type attribute of ipset tag in
2188 firewalld.ipset(5).
2189
2190 options (a{ss}): dictionary of {option : value} . See options
2191 tag in firewalld.ipset(5).
2192
2193 entries (as): array of entries, see entry tag in
2194 firewalld.ipset(5).
2195
2196 Possible errors: INVALID_TYPE
2197
2198 Signals
2199 Removed(s: name)
2200 Emitted when ipset with name has been removed.
2201
2202 Renamed(s: name)
2203 Emitted when ipset has been renamed to name.
2204
2205 Updated(s: name)
2206 Emitted when ipset with name has been updated.
2207
2208 Properties
2209 builtin - b - (ro)
2210 True if ipset is build-in, false else.
2211
2212 default - b - (ro)
2213 True if build-in ipset has default settings. False if it has
2214 been modified. Always False for not build-in ipsets.
2215
2216 filename - s - (ro)
2217 Name (including .xml extension) of file where the configuration
2218 is stored.
2219
2220 name - s - (ro)
2221 Name of ipset.
2222
2223 path - s - (ro)
2224 Path to directory where the ipset configuration is stored.
2225 Should be either /usr/lib/firewalld/ipsets or
2226 /etc/firewalld/ipsets.
2227
2228 org.fedoraproject.FirewallD1.config.zone
2229 Interface for permanent zone configuration, see also firewalld.zone(5).
2230
2231 Methods
2232 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2233 Nothing
2234 Permanently add (port, protocol, toport, toaddr) to list of
2235 forward ports of zone. See forward-port tag in
2236 firewalld.zone(5). For runtime operation see
2237 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2238
2239 Possible errors: ALREADY_ENABLED
2240
2241 addIcmpBlock(s: icmptype) → Nothing
2242 Permanently add icmptype to list of icmp types blocked in zone.
2243 See icmp-block tag in firewalld.zone(5). For runtime operation
2244 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2245
2246 Possible errors: ALREADY_ENABLED
2247
2248 addIcmpBlock(s: icmptype) → Nothing
2249 Permanently add icmp block inversion to zone. See
2250 icmp-block-inversion tag in firewalld.zone(5). For runtime
2251 operation see
2252 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2253
2254 Possible errors: ALREADY_ENABLED
2255
2256 addInterface(s: interface) → Nothing
2257 Permanently add interface to list of interfaces bound to zone.
2258 See interface tag in firewalld.zone(5). For runtime operation
2259 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2260
2261 Possible errors: ALREADY_ENABLED
2262
2263 addMasquerade() → Nothing
2264 Permanently enable masquerading in zone. See masquerade tag in
2265 firewalld.zone(5). For runtime operation see
2266 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2267
2268 Possible errors: ALREADY_ENABLED
2269
2270 addPort(s: port, s: protocol) → Nothing
2271 Permanently add (port, protocol) to list of ports of zone. See
2272 port tag in firewalld.zone(5). For runtime operation see
2273 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2274
2275 Possible errors: ALREADY_ENABLED
2276
2277 addProtocol(s: protocol) → Nothing
2278 Permanently add protocol into zone. The protocol can be any
2279 protocol supported by the system. Please have a look at
2280 /etc/protocols for supported protocols. For runtime operation
2281 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2282
2283 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2284
2285 addRichRule(s: rule) → Nothing
2286 Permanently add rule to list of rich-language rules in zone.
2287 See rule tag in firewalld.zone(5). For runtime operation see
2288 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2289
2290 Possible errors: ALREADY_ENABLED
2291
2292 addService(s: service) → Nothing
2293 Permanently add service to list of services used in zone. See
2294 service tag in firewalld.zone(5). For runtime operation see
2295 org.fedoraproject.FirewallD1.zone.Methods.addService.
2296
2297 Possible errors: ALREADY_ENABLED
2298
2299 addSource(s: source) → Nothing
2300 Permanently add source to list of source addresses bound to
2301 zone. See source tag in firewalld.zone(5). For runtime
2302 operation see
2303 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2304
2305 Possible errors: ALREADY_ENABLED
2306
2307 addSourcePort(s: port, s: protocol) → Nothing
2308 Permanently add (port, protocol) to list of source ports of
2309 zone. See source-port tag in firewalld.zone(5). For runtime
2310 operation see
2311 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2312
2313 Possible errors: ALREADY_ENABLED
2314
2315 getDescription() → s
2316 Get description of zone. See description tag in
2317 firewalld.zone(5).
2318
2319 getForwardPorts() → a(ssss)
2320 Get list of (port, protocol, toport, toaddr) defined in zone.
2321 See forward-port tag in firewalld.zone(5). For runtime
2322 operation see
2323 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2324
2325 getIcmpBlockInversion() → b
2326 Get icmp block inversion flag of zone. See icmp-block-inversion
2327 tag in firewalld.zone(5).
2328
2329 getIcmpBlocks() → as
2330 Get list of icmp type names blocked in zone. See icmp-block tag
2331 in firewalld.zone(5). For runtime operation see
2332 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2333
2334 getInterfaces() → as
2335 Get list of interfaces bound to zone. See interface tag in
2336 firewalld.zone(5). For runtime operation see
2337 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2338
2339 getMasquerade() → b
2340 Return whether masquerade is enabled in zone. This is the same
2341 as queryMasquerade() method. See masquerade tag in
2342 firewalld.zone(5).
2343
2344 getPorts() → a(ss)
2345 Get list of (port, protocol) defined in zone. See port tag in
2346 firewalld.zone(5). For runtime operation see
2347 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2348
2349 getProtocols() → as
2350 Return array of protocols (s) previously enabled in zone. For
2351 getting runtime settings see
2352 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2353
2354 getRichRules() → as
2355 Get list of rich-language rules in zone. See rule tag in
2356 firewalld.zone(5). For runtime operation see
2357 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2358
2359 getServices() → as
2360 Get list of service names used in zone. See service tag in
2361 firewalld.zone(5). For runtime operation see
2362 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2363
2364 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2365 Return permanent settings of given zone. For getting runtime
2366 settings see
2367 org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2368 are in format: version, name, description, UNUSED, target,
2369 array of services, array of ports (port, protocol), array of
2370 icmp-blocks, masquerade, array of forward-ports (port,
2371 protocol, to-port, to-addr), array of interfaces, array of
2372 sources, array of rich rules, array of protocols and array of
2373 source-ports (port, protocol).
2374
2375 version (s): see version attribute of zone tag in
2376 firewalld.zone(5).
2377
2378 name (s): see short tag in firewalld.zone(5).
2379
2380 description (s): see description tag in firewalld.zone(5).
2381
2382 UNUSED (b): this boolean value is no longer used for anything.
2383
2384 target (s): see target attribute of zone tag in
2385 firewalld.zone(5).
2386
2387 services (as): array of service names, see service tag in
2388 firewalld.zone(5).
2389
2390 ports (a(ss)): array of port and protocol pairs. See port tag
2391 in firewalld.zone(5).
2392
2393 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2394 firewalld.zone(5).
2395
2396 masquerade (b): see masquerade tag in firewalld.zone(5).
2397
2398 forward-ports (a(ssss)): array of (port, protocol, to-port,
2399 to-addr). See forward-port tag in firewalld.zone(5).
2400
2401 interfaces (as): array of interfaces. See interface tag in
2402 firewalld.zone(5).
2403
2404 source addresses (as): array of source addresses. See source
2405 tag in firewalld.zone(5).
2406
2407 rich rules (as): array of rich-language rules. See rule tag in
2408 firewalld.zone(5).
2409
2410 protocols (as): array of protocols. See protocol tag in
2411 firewalld.zone(5).
2412
2413 source-ports (a(ss)): array of port and protocol pairs. See
2414 source-port tag in firewalld.zone(5).
2415
2416
2417 getShort() → s
2418 Get name of zone. See short tag in firewalld.zone(5).
2419
2420 getSourcePorts() → a(ss)
2421 Get list of (port, protocol) defined in zone. See source-port
2422 tag in firewalld.zone(5). For runtime operation see
2423 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2424
2425 getSources() → as
2426 Get list of source addresses bound to zone. See source tag in
2427 firewalld.zone(5). For runtime operation see
2428 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2429
2430 getTarget() → s
2431 Get target of zone. See target attribute of zone tag in
2432 firewalld.zone(5).
2433
2434 getVersion() → s
2435 Get version of zone. See version attribute of zone tag in
2436 firewalld.zone(5).
2437
2438 loadDefaults() → Nothing
2439 Load default settings for built-in zone.
2440
2441 Possible errors: NO_DEFAULTS
2442
2443 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2444 Return whether (port, protocol, toport, toaddr) is in list of
2445 forward ports of zone. See forward-port tag in
2446 firewalld.zone(5). For runtime operation see
2447 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2448
2449 queryIcmpBlock(s: icmptype) → b
2450 Return whether icmptype is in list of icmp types blocked in
2451 zone. See icmp-block tag in firewalld.zone(5). For runtime
2452 operation see
2453 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2454
2455 queryIcmpBlockInversion() → b
2456 Return whether icmp block inversion is in enabled in zone. See
2457 icmp-block-inversion tag in firewalld.zone(5). For runtime
2458 operation see
2459 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2460
2461 queryInterface(s: interface) → b
2462 Return whether interface is in list of interfaces bound to
2463 zone. See interface tag in firewalld.zone(5). For runtime
2464 operation see
2465 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2466
2467 queryMasquerade() → b
2468 Return whether masquerade is enabled in zone. This is the same
2469 as getMasquerade() method. See masquerade tag in
2470 firewalld.zone(5). For runtime operation see
2471 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2472
2473 queryPort(s: port, s: protocol) → b
2474 Return whether (port, protocol) is in list of ports of zone.
2475 See port tag in firewalld.zone(5). For runtime operation see
2476 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2477
2478 queryProtocol(s: protocol) → b
2479 Return whether protocol has been added in zone. For runtime
2480 operation see
2481 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2482
2483 Possible errors: INVALID_PROTOCOL
2484
2485 queryRichRule(s: rule) → b
2486 Return whether rule is in list of rich-language rules in zone.
2487 See rule tag in firewalld.zone(5). For runtime operation see
2488 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2489
2490 queryService(s: service) → b
2491 Return whether service is in list of services used in zone. See
2492 service tag in firewalld.zone(5). For runtime operation see
2493 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2494
2495 querySource(s: source) → b
2496 Return whether source is in list of source addresses bound to
2497 zone. See source tag in firewalld.zone(5). For runtime
2498 operation see
2499 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2500
2501 querySourcePort(s: port, s: protocol) → b
2502 Return whether (port, protocol) is in list of source ports of
2503 zone. See source-port tag in firewalld.zone(5). For runtime
2504 operation see
2505 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2506
2507 remove() → Nothing
2508 Remove not built-in zone.
2509
2510 Possible errors: BUILTIN_ZONE
2511
2512 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2513 Nothing
2514 Permanently remove (port, protocol, toport, toaddr) from list
2515 of forward ports of zone. See forward-port tag in
2516 firewalld.zone(5). For runtime operation see
2517 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2518
2519 Possible errors: NOT_ENABLED
2520
2521 removeIcmpBlock(s: icmptype) → Nothing
2522 Permanently remove icmptype from list of icmp types blocked in
2523 zone. See icmp-block tag in firewalld.zone(5). For runtime
2524 operation see
2525 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2526
2527 Possible errors: NOT_ENABLED
2528
2529 removeIcmpBlockInversion() → Nothing
2530 Permanently remove icmp block inversion from the zone. See
2531 icmp-block-inversion tag in firewalld.zone(5). For runtime
2532 operation see
2533 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2534
2535 Possible errors: NOT_ENABLED
2536
2537 removeInterface(s: interface) → Nothing
2538 Permanently remove interface from list of interfaces bound to
2539 zone. See interface tag in firewalld.zone(5). For runtime
2540 operation see
2541 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2542
2543 Possible errors: NOT_ENABLED
2544
2545 removeMasquerade() → Nothing
2546 Permanently disable masquerading in zone. See masquerade tag in
2547 firewalld.zone(5). For runtime operation see
2548 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2549
2550 Possible errors: NOT_ENABLED
2551
2552 removePort(s: port, s: protocol) → Nothing
2553 Permanently remove (port, protocol) from list of ports of zone.
2554 See port tag in firewalld.zone(5). For runtime operation see
2555 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2556
2557 Possible errors: NOT_ENABLED
2558
2559 removeProtocol(s: protocol) → Nothing
2560 Permanently remove protocol from zone. For runtime operation
2561 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2562
2563 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2564
2565 removeRichRule(s: rule) → Nothing
2566 Permanently remove rule from list of rich-language rules in
2567 zone. See rule tag in firewalld.zone(5). For runtime operation
2568 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2569
2570 Possible errors: NOT_ENABLED
2571
2572 removeService(s: service) → Nothing
2573 Permanently remove service from list of services used in zone.
2574 See service tag in firewalld.zone(5). For runtime operation see
2575 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2576
2577 Possible errors: NOT_ENABLED
2578
2579 removeSource(s: source) → Nothing
2580 Permanently remove source from list of source addresses bound
2581 to zone. See source tag in firewalld.zone(5). For runtime
2582 operation see
2583 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2584
2585 Possible errors: NOT_ENABLED
2586
2587 removeSourcePort(s: port, s: protocol) → Nothing
2588 Permanently remove (port, protocol) from list of source ports
2589 of zone. See source-port tag in firewalld.zone(5). For runtime
2590 operation see
2591 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2592
2593 Possible errors: NOT_ENABLED
2594
2595 rename(s: name) → Nothing
2596 Rename not built-in zone to name.
2597
2598 Possible errors: BUILTIN_ZONE
2599
2600 setDescription(s: description) → Nothing
2601 Permanently set description of zone to description. See
2602 description tag in firewalld.zone(5).
2603
2604 setForwardPorts(a(ssss): ports) → Nothing
2605 Permanently set forward ports of zone to list of (port,
2606 protocol, toport, toaddr). See forward-port tag in
2607 firewalld.zone(5).
2608
2609 setIcmpBlockInversion(b: flag) → Nothing
2610 Permanently set icmp block inversion flag of zone to flag. See
2611 icmp-block-inversion tag in firewalld.zone(5).
2612
2613 setIcmpBlocks(as: icmptypes) → Nothing
2614 Permanently set list of icmp types blocked in zone to
2615 icmptypes. See icmp-block tag in firewalld.zone(5).
2616
2617 setInterfaces(as: interfaces) → Nothing
2618 Permanently set list of interfaces bound to zone to interfaces.
2619 See interface tag in firewalld.zone(5).
2620
2621 setMasquerade(b: masquerade) → Nothing
2622 Permanently set masquerading in zone to masquerade. See
2623 masquerade tag in firewalld.zone(5).
2624
2625 setPorts(a(ss): ports) → Nothing
2626 Permanently set ports of zone to list of (port, protocol). See
2627 port tag in firewalld.zone(5).
2628
2629 setProtocols(as: protocols) → Nothing
2630 Permanently set list of protocols used in zone to protocols.
2631 See protocol tag in firewalld.zone(5).
2632
2633 setRichRules(as: rules) → Nothing
2634 Permanently set list of rich-language rules to rules. See rule
2635 tag in firewalld.zone(5).
2636
2637 setServices(as: services) → Nothing
2638 Permanently set list of services used in zone to services. See
2639 service tag in firewalld.zone(5).
2640
2641 setShort(s: short) → Nothing
2642 Permanently set name of zone to short. See short tag in
2643 firewalld.zone(5).
2644
2645 setSourcePorts(a(ss): ports) → Nothing
2646 Permanently set source-ports of zone to list of (port,
2647 protocol). See source-port tag in firewalld.zone(5).
2648
2649 setSources(as: sources) → Nothing
2650 Permanently set list of source addresses bound to zone to
2651 sources. See source tag in firewalld.zone(5).
2652
2653 setTarget(s: target) → Nothing
2654 Permanently set target of zone to target. See target attribute
2655 of zone tag in firewalld.zone(5).
2656
2657 setVersion(s: version) → Nothing
2658 Permanently set version of zone to version. See version
2659 attribute of zone tag in firewalld.zone(5).
2660
2661 update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2662 Update settings of zone to settings. Settings are in format:
2663 version, name, description, UNUSED, target, array of services,
2664 array of ports (port, protocol), array of icmp-blocks,
2665 masquerade, array of forward-ports (port, protocol, to-port,
2666 to-addr), array of interfaces, array of sources, array of rich
2667 rules, array of protocols and array of source-ports (port,
2668 protocol).
2669
2670 version (s): see version attribute of zone tag in
2671 firewalld.zone(5).
2672
2673 name (s): see short tag in firewalld.zone(5).
2674
2675 description (s): see description tag in firewalld.zone(5).
2676
2677 UNUSED (b): this boolean value is no longer used for anything.
2678
2679 target (s): see target attribute of zone tag in
2680 firewalld.zone(5).
2681
2682 services (as): array of service names, see service tag in
2683 firewalld.zone(5).
2684
2685 ports (a(ss)): array of port and protocol pairs. See port tag
2686 in firewalld.zone(5).
2687
2688 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2689 firewalld.zone(5).
2690
2691 masquerade (b): see masquerade tag in firewalld.zone(5).
2692
2693 forward-ports (a(ssss)): array of (port, protocol, to-port,
2694 to-addr). See forward-port tag in firewalld.zone(5).
2695
2696 interfaces (as): array of interfaces. See interface tag in
2697 firewalld.zone(5).
2698
2699 source addresses (as): array of source addresses. See source
2700 tag in firewalld.zone(5).
2701
2702 rich rules (as): array of rich-language rules. See rule tag in
2703 firewalld.zone(5).
2704
2705 protocols (as): array of protocols. See protocol tag in
2706 firewalld.zone(5).
2707
2708 source-ports (a(ss)): array of port and protocol pairs. See
2709 source-port tag in firewalld.zone(5).
2710
2711 Possible errors: INVALID_TYPE
2712
2713 Signals
2714 Removed(s: name)
2715 Emitted when zone with name has been removed.
2716
2717 Renamed(s: name)
2718 Emitted when zone has been renamed to name.
2719
2720 Updated(s: name)
2721 Emitted when zone with name has been updated.
2722
2723 Properties
2724 builtin - b - (ro)
2725 True if zone is build-in, false else.
2726
2727 default - b - (ro)
2728 True if build-in zone has default settings. False if it has
2729 been modified. Always False for not build-in zones.
2730
2731 filename - s - (ro)
2732 Name (including .xml extension) of file where the configuration
2733 is stored.
2734
2735 name - s - (ro)
2736 Name of zone.
2737
2738 path - s - (ro)
2739 Path to directory where the zone configuration is stored.
2740 Should be either /usr/lib/firewalld/zones or
2741 /etc/firewalld/zones.
2742
2743 org.fedoraproject.FirewallD1.config.service
2744 Interface for permanent service configuration, see also
2745 firewalld.service(5).
2746
2747 Methods
2748 addModule(s: module) → Nothing
2749 Permanently add module to list of modules (netfilter kernel
2750 helpers) used in service. See module tag in
2751 firewalld.service(5).
2752
2753 Possible errors: ALREADY_ENABLED
2754
2755 addPort(s: port, s: protocol) → Nothing
2756 Permanently add (port, protocol) to list of ports in service.
2757 See port tag in firewalld.service(5).
2758
2759 Possible errors: ALREADY_ENABLED
2760
2761 addProtocol(s: protocol) → Nothing
2762 Permanently add protocol into zone. The protocol can be any
2763 protocol supported by the system. Please have a look at
2764 /etc/protocols for supported protocols. See protocol tag in
2765 firewalld.service(5).
2766
2767 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2768
2769 addSourcePort(s: port, s: protocol) → Nothing
2770 Permanently add (port, protocol) to list of source ports in
2771 service. See source-port tag in firewalld.service(5).
2772
2773 Possible errors: ALREADY_ENABLED
2774
2775 getDescription() → s
2776 Get description of service. See description tag in
2777 firewalld.service(5).
2778
2779 getDestination(s: family) → s
2780 Get destination for IP family being either 'ipv4' or 'ipv6'.
2781 See destination tag in firewalld.service(5).
2782
2783 Possible errors: ALREADY_ENABLED
2784
2785 getDestinations() → a{ss}
2786 Get list of destinations. Return value is a dictionary of {IP
2787 family : IP address} where 'IP family' key can be either 'ipv4'
2788 or 'ipv6'. See destination tag in firewalld.service(5).
2789
2790 getModules() → as
2791 Get list of modules (netfilter kernel helpers) used in service.
2792 See module tag in firewalld.service(5).
2793
2794 getPorts() → a(ss)
2795 Get list of (port, protocol) defined in service. See port tag
2796 in firewalld.service(5).
2797
2798 getProtocols() → as
2799 Return array of protocols (s) defined in service. See protocol
2800 tag in firewalld.service(5).
2801
2802 getSettings() → (sssa(ss)asa{ss}asa(ss))
2803 Return permanent settings of a service. For getting runtime
2804 settings see
2805 org.fedoraproject.FirewallD1.Methods.getServiceSettings.
2806 Settings are in format: version, name, description, array of
2807 ports (port, protocol), array of module names, dictionary of
2808 destinations, array of protocols and array of source-ports
2809 (port, protocol).
2810
2811 version (s): see version attribute of service tag in
2812 firewalld.service(5).
2813
2814 name (s): see short tag in firewalld.service(5).
2815
2816 description (s): see description tag in firewalld.service(5).
2817
2818 ports (a(ss)): array of port and protocol pairs. See port tag
2819 in firewalld.service(5).
2820
2821 module names (as): array of kernel netfilter helpers, see
2822 module tag in firewalld.service(5).
2823
2824 destinations (a{ss}): dictionary of {IP family : IP address}
2825 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2826 destination tag in firewalld.service(5).
2827
2828 protocols (as): array of protocols. See protocol tag in
2829 firewalld.service(5).
2830
2831 source-ports (a(ss)): array of port and protocol pairs. See
2832 source-port tag in firewalld.service(5).
2833
2834
2835 getShort() → s
2836 Get name of service. See short tag in firewalld.service(5).
2837
2838 getSourcePorts() → a(ss)
2839 Get list of (port, protocol) defined in service. See
2840 source-port tag in firewalld.service(5).
2841
2842 getVersion() → s
2843 Get version of service. See version attribute of service tag in
2844 firewalld.service(5).
2845
2846 loadDefaults() → Nothing
2847 Load default settings for built-in service.
2848
2849 Possible errors: NO_DEFAULTS
2850
2851 queryDestination(s: family, s: address) → b
2852 Return whether a destination is in dictionary of destinations
2853 of this service. destination is in format: (IP family, IP
2854 address) where IP family can be either 'ipv4' or 'ipv6'. See
2855 destination tag in firewalld.service(5).
2856
2857 queryModule(s: module) → b
2858 Return whether module is in list of modules (netfilter kernel
2859 helpers) used in service. See module tag in
2860 firewalld.service(5).
2861
2862 queryPort(s: port, s: protocol) → b
2863 Return whether (port, protocol) is in list of ports in service.
2864 See port tag in firewalld.service(5).
2865
2866 queryProtocol(s: protocol) → b
2867 Return whether protocol is in list of protocols in service. See
2868 protocol tag in firewalld.service(5).
2869
2870 querySourcePort(s: port, s: protocol) → b
2871 Return whether (port, protocol) is in list of source ports in
2872 service. See source-port tag in firewalld.service(5).
2873
2874 remove() → Nothing
2875 Remove not built-in service.
2876
2877 Possible errors: BUILTIN_SERVICE
2878
2879 removeDestination(s: family) → Nothing
2880 Permanently remove a destination with family ('ipv4' or 'ipv6')
2881 from service. See destination tag in firewalld.service(5).
2882
2883 Possible errors: NOT_ENABLED
2884
2885 removeModule(s: module) → Nothing
2886 Permanently remove module from list of modules (netfilter
2887 kernel helpers) used in service. See module tag in
2888 firewalld.service(5).
2889
2890 Possible errors: NOT_ENABLED
2891
2892 removePort(s: port, s: protocol) → Nothing
2893 Permanently remove (port, protocol) from list of ports in
2894 service. See port tag in firewalld.service(5).
2895
2896 Possible errors: NOT_ENABLED
2897
2898 removeProtocol(s: protocol) → Nothing
2899 Permanently remove protocol from list of protocols in service.
2900 See protocol tag in firewalld.service(5).
2901
2902 Possible errors: NOT_ENABLED
2903
2904 removeSourcePort(s: port, s: protocol) → Nothing
2905 Permanently remove (port, protocol) from list of source ports
2906 in service. See source-port tag in firewalld.service(5).
2907
2908 Possible errors: NOT_ENABLED
2909
2910 rename(s: name) → Nothing
2911 Rename not built-in service to name.
2912
2913 Possible errors: BUILTIN_SERVICE
2914
2915 setDescription(s: description) → Nothing
2916 Permanently set description of service to description. See
2917 description tag in firewalld.service(5).
2918
2919 setDestination(s: family, s: address) → Nothing
2920 Permanently set a destination address. destination is in
2921 format: (IP family, IP address) where IP family can be either
2922 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2923
2924 Possible errors: ALREADY_ENABLED
2925
2926 setDestinations(a{ss}: destinations) → Nothing
2927 Permanently set destinations of service to destinations, which
2928 is a dictionary of {IP family : IP address} where 'IP family'
2929 key can be either 'ipv4' or 'ipv6'. See destination tag in
2930 firewalld.service(5).
2931
2932 setModules(as: modules) → Nothing
2933 Permanently set list of modules (netfilter kernel helpers) used
2934 in service to modules. See module tag in firewalld.service(5).
2935
2936 setPorts(a(ss): ports) → Nothing
2937 Permanently set ports of service to list of (port, protocol).
2938 See port tag in firewalld.service(5).
2939
2940 setProtocols(as: protocols) → Nothing
2941 Permanently set protocols of service to list of protocols. See
2942 protocol tag in firewalld.service(5).
2943
2944 setShort(s: short) → Nothing
2945 Permanently set name of service to short. See short tag in
2946 firewalld.service(5).
2947
2948 setSourcePorts(a(ss): ports) → Nothing
2949 Permanently set source-ports of service to list of (port,
2950 protocol). See source-port tag in firewalld.service(5).
2951
2952 setVersion(s: version) → Nothing
2953 Permanently set version of service to version. See version
2954 attribute of service tag in firewalld.service(5).
2955
2956 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2957 Update settings of service to settings. Settings are in format:
2958 version, name, description, array of ports (port, protocol),
2959 array of module names, dictionary of destinations, array of
2960 protocols and array of source-ports (port, protocol).
2961
2962 version (s): see version attribute of service tag in
2963 firewalld.service(5).
2964
2965 name (s): see short tag in firewalld.service(5).
2966
2967 description (s): see description tag in firewalld.service(5).
2968
2969 ports (a(ss)): array of port and protocol pairs. See port tag
2970 in firewalld.service(5).
2971
2972 module names (as): array of kernel netfilter helpers, see
2973 module tag in firewalld.service(5).
2974
2975 destinations (a{ss}): dictionary of {IP family : IP address}
2976 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2977 destination tag in firewalld.service(5).
2978
2979 protocols (as): array of protocols. See protocol tag in
2980 firewalld.service(5).
2981
2982 Possible errors: INVALID_TYPE
2983
2984 Signals
2985 Removed(s: name)
2986 Emitted when service with name has been removed.
2987
2988 Renamed(s: name)
2989 Emitted when service has been renamed to name.
2990
2991 Updated(s: name)
2992 Emitted when service with name has been updated.
2993
2994 Properties
2995 builtin - b - (ro)
2996 True if service is build-in, false else.
2997
2998 default - b - (ro)
2999 True if build-in service has default settings. False if it has
3000 been modified. Always False for not build-in services.
3001
3002 filename - s - (ro)
3003 Name (including .xml extension) of file where the configuration
3004 is stored.
3005
3006 name - s - (ro)
3007 Name of service.
3008
3009 path - s - (ro)
3010 Path to directory where the configuration is stored. Should be
3011 either /usr/lib/firewalld/services or /etc/firewalld/services.
3012
3013 org.fedoraproject.FirewallD1.config.helper
3014 Interface for permanent helper configuration, see also
3015 firewalld.helper(5).
3016
3017 Methods
3018 addPort(s: port, s: protocol) → Nothing
3019 Permanently add (port, protocol) to list of ports in helper.
3020 See port tag in firewalld.helper(5).
3021
3022 Possible errors: ALREADY_ENABLED
3023
3024 getDescription() → s
3025 Get description of helper. See description tag in
3026 firewalld.helper(5).
3027
3028 getFamily() → s
3029 Get family being 'ipv4', 'ipv6' or empty for both. See family
3030 tag in firewalld.helper(5).
3031
3032 getModule() → s
3033 Get modules (netfilter kernel helpers) used in helper. See
3034 module tag in firewalld.helper(5).
3035
3036 getPorts() → a(ss)
3037 Get list of (port, protocol) defined in helper. See port tag in
3038 firewalld.helper(5).
3039
3040 getSettings() → (sssssa(ss))
3041 Return permanent settings of a helper. For getting runtime
3042 settings see
3043 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3044 Settings are in format: version, name, description, family,
3045 module, array of ports (port, protocol).
3046
3047 version (s): see version attribute of helper tag in
3048 firewalld.helper(5).
3049
3050 name (s): see short tag in firewalld.helper(5).
3051
3052 description (s): see description tag in firewalld.helper(5).
3053
3054 family (s): see family tag in firewalld.helper(5).
3055
3056 module (s): see module tag in firewalld.helper(5).
3057
3058 ports (a(ss)): array of port and protocol pairs. See port tag
3059 in firewalld.helper(5).
3060
3061
3062 getShort() → s
3063 Get name of helper. See short tag in firewalld.helper(5).
3064
3065 getVersion() → s
3066 Get version of helper. See version attribute of helper tag in
3067 firewalld.helper(5).
3068
3069 loadDefaults() → Nothing
3070 Load default settings for built-in helper.
3071
3072 Possible errors: NO_DEFAULTS
3073
3074 queryFamily(s: module) → b
3075 Return whether family is set for helper. See family tag in
3076 firewalld.helper(5).
3077
3078 queryModule(s: module) → b
3079 Return whether module (netfilter kernel helpers) is used in
3080 helper. See module tag in firewalld.helper(5).
3081
3082 queryPort(s: port, s: protocol) → b
3083 Return whether (port, protocol) is in list of ports in helper.
3084 See port tag in firewalld.helper(5).
3085
3086 remove() → Nothing
3087 Remove not built-in helper.
3088
3089 Possible errors: BUILTIN_HELPER
3090
3091 removePort(s: port, s: protocol) → Nothing
3092 Permanently remove (port, protocol) from list of ports in
3093 helper. See port tag in firewalld.helper(5).
3094
3095 Possible errors: NOT_ENABLED
3096
3097 rename(s: name) → Nothing
3098 Rename not built-in helper to name.
3099
3100 Possible errors: BUILTIN_HELPER
3101
3102 setDescription(s: description) → Nothing
3103 Permanently set description of helper to description. See
3104 description tag in firewalld.helper(5).
3105
3106 setFamily(s: family) → Nothing
3107 Permanently set family of helper to family. See family tag in
3108 firewalld.helper(5).
3109
3110 setModule(s: module) → Nothing
3111 Permanently set module of helper to description. See module tag
3112 in firewalld.helper(5).
3113
3114 setPorts(a(ss): ports) → Nothing
3115 Permanently set ports of helper to list of (port, protocol).
3116 See port tag in firewalld.helper(5).
3117
3118 setShort(s: short) → Nothing
3119 Permanently set name of helper to short. See short tag in
3120 firewalld.helper(5).
3121
3122 setVersion(s: version) → Nothing
3123 Permanently set version of helper to version. See version
3124 attribute of helper tag in firewalld.helper(5).
3125
3126 update((sssssa(ss)): settings) → Nothing
3127 Update settings of helper to settings. Settings are in format:
3128 version, name, description, family, module and array of ports.
3129
3130 version (s): see version attribute of helper tag in
3131 firewalld.helper(5).
3132
3133 name (s): see short tag in firewalld.helper(5).
3134
3135 description (s): see description tag in firewalld.helper(5).
3136
3137 family (s): see family tag in firewalld.helper(5).
3138
3139 module (s): see module tag in firewalld.helper(5).
3140
3141 ports (a(ss)): array of port and protocol pairs. See port tag
3142 in firewalld.helper(5).
3143
3144 Possible errors: INVALID_HELPER
3145
3146 Signals
3147 Removed(s: name)
3148 Emitted when helper with name has been removed.
3149
3150 Renamed(s: name)
3151 Emitted when helper has been renamed to name.
3152
3153 Updated(s: name)
3154 Emitted when helper with name has been updated.
3155
3156 Properties
3157 builtin - b - (ro)
3158 True if helper is build-in, false else.
3159
3160 default - b - (ro)
3161 True if build-in helper has default settings. False if it has
3162 been modified. Always False for not build-in helpers.
3163
3164 filename - s - (ro)
3165 Name (including .xml extension) of file where the configuration
3166 is stored.
3167
3168 name - s - (ro)
3169 Name of helper.
3170
3171 path - s - (ro)
3172 Path to directory where the configuration is stored. Should be
3173 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3174
3175 org.fedoraproject.FirewallD1.config.icmptype
3176 Interface for permanent icmp type configuration, see also
3177 firewalld.icmptype(5).
3178
3179 Methods
3180 addDestination(s: destination) → Nothing
3181 Permanently add a destination ('ipv4' or 'ipv6') to list of
3182 destinations of this icmp type. See destination tag in
3183 firewalld.icmptype(5).
3184
3185 Possible errors: ALREADY_ENABLED
3186
3187 getDescription() → s
3188 Get description of icmp type. See description tag in
3189 firewalld.icmptype(5).
3190
3191 getDestinations() → as
3192 Get list of destinations. See destination tag in
3193 firewalld.icmptype(5).
3194
3195 getSettings() → (sssas)
3196 Return permanent settings of icmp type. For getting runtime
3197 settings see
3198 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3199 Settings are in format: version, name, description, array of
3200 destinations.
3201
3202 version (s): see version attribute of icmptype tag in
3203 firewalld.icmptype(5).
3204
3205 name (s): see short tag in firewalld.icmptype(5).
3206
3207 description (s): see description tag in firewalld.icmptype(5).
3208
3209 destinations (as): array, either empty or containing strings
3210 'ipv4' and/or 'ipv6', see destination tag in
3211 firewalld.icmptype(5).
3212
3213
3214 getShort() → s
3215 Get name of icmp type. See short tag in firewalld.icmptype(5).
3216
3217 getVersion() → s
3218 Get version of icmp type. See version attribute of icmptype tag
3219 in firewalld.icmptype(5).
3220
3221 loadDefaults() → Nothing
3222 Load default settings for built-in icmp type.
3223
3224 Possible errors: NO_DEFAULTS
3225
3226 queryDestination(s: destination) → b
3227 Return whether a destination ('ipv4' or 'ipv6') is in list of
3228 destinations of this icmp type. See destination tag in
3229 firewalld.icmptype(5).
3230
3231 remove() → Nothing
3232 Remove not built-in icmp type.
3233
3234 Possible errors: BUILTIN_ICMPTYPE
3235
3236 removeDestination(s: destination) → Nothing
3237 Permanently remove a destination ('ipv4' or 'ipv6') from list
3238 of destinations of this icmp type. See destination tag in
3239 firewalld.icmptype(5).
3240
3241 Possible errors: NOT_ENABLED
3242
3243 rename(s: name) → Nothing
3244 Rename not built-in icmp type to name.
3245
3246 Possible errors: BUILTIN_ICMPTYPE
3247
3248 setDescription(s: description) → Nothing
3249 Permanently set description of icmp type to description. See
3250 description tag in firewalld.icmptype(5).
3251
3252 setDestinations(as: destinations) → Nothing
3253 Permanently set destinations of icmp type to destinations,
3254 which is array, either empty or containing strings 'ipv4'
3255 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3256
3257 setShort(s: short) → Nothing
3258 Permanently set name of icmp type to short. See short tag in
3259 firewalld.icmptype(5).
3260
3261 setVersion(s: version) → Nothing
3262 Permanently set version of icmp type to version. See version
3263 attribute of icmptype tag in firewalld.icmptype(5).
3264
3265 update((sssas): settings) → Nothing
3266 Update permanent settings of icmp type to settings. Settings
3267 are in format: version, name, description, array of
3268 destinations.
3269
3270 version (s): see version attribute of icmptype tag in
3271 firewalld.icmptype(5).
3272
3273 name (s): see short tag in firewalld.icmptype(5).
3274
3275 description (s): see description tag in firewalld.icmptype(5).
3276
3277 destinations (as): array, either empty or containing strings
3278 'ipv4' and/or 'ipv6', see destination tag in
3279 firewalld.icmptype(5).
3280
3281
3282 Signals
3283 Removed(s: name)
3284 Emitted when icmp type with name has been removed.
3285
3286 Renamed(s: name)
3287 Emitted when icmp type has been renamed to name.
3288
3289 Updated(s: name)
3290 Emitted when icmp type with name has been updated.
3291
3292 Properties
3293 builtin - b - (ro)
3294 True if icmptype is build-in, false else.
3295
3296 default - b - (ro)
3297 True if build-in icmp type has default settings. False if it
3298 has been modified. Always False for not build-in zones.
3299
3300 filename - s - (ro)
3301 Name (including .xml extension) of file where the configuration
3302 is stored.
3303
3304 name - s - (ro)
3305 Name of icmp type.
3306
3307 path - s - (ro)
3308 Path to directory where the icmp type configuration is stored.
3309 Should be either /usr/lib/firewalld/icmptypes or
3310 /etc/firewalld/icmptypes.
3311
3313 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3314 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3315 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3316 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3317 firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3318 firewalld.helper(5)
3319
3321 firewalld home page:
3322 http://www.firewalld.org
3323
3324 More documentation with examples:
3325 http://fedoraproject.org/wiki/FirewallD
3326
3328 Thomas Woerner <twoerner@redhat.com>
3329 Developer
3330
3331 Jiri Popelka <jpopelka@redhat.com>
3332 Developer
3333
3334
3335
3336firewalld 0.5.3 FIREWALLD.DBUS(5)