1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80 Possible errors: NOT_ENABLED, COMMAND_FAILED
82 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89 getAutomaticHelpers() → s
91 Return the AutomaticHelpers value. For the secure use of
92 iptables and connection tracking helpers it is recommended to
93 turn AutomaticHelpers off. But this might have side effects on
94 other services using the netfilter helpers as the sysctl
95 setting in /proc/sys/net/netfilter/nf_conntrack_helper will be
96 changed. With the system setting, the default value set in the
97 kernel or with sysctl will be used. Possible values are: yes,
98 no and system. The default value is system.
99 getDefaultZone() → s
101 Return default zone.
102 getHelperSettings(s: helper) → (sssssa(ss))
104 Return runtime settings of given helper. For getting permanent
105 settings see
106 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
107 Settings are in format: version, name, description, family,
108 module and array of ports.
109 version (s): see version attribute of helper tag in
111 firewalld.helper(5).
112 name (s): see short tag in firewalld.helper(5).
114 description (s): see description tag in firewalld.helper(5).
116 family (s): see family tag in firewalld.helper(5).
118 module (s): see module tag in firewalld.helper(5).
120 ports (a(ss)): array of port and protocol pairs. See port tag
122 in firewalld.helper(5).
123 Possible errors: INVALID_HELPER
125 getHelpers() → as
127 Return array of helper names (s) in runtime configuration. For
128 permanent configuration see
129 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
130 getIcmpTypeSettings(s: icmptype) → (sssas)
132 Return runtime settings of given icmptype. For getting
133 permanent settings see
134 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
135 Settings are in format: version, name, description, array of
136 destinations.
137 version (s): see version attribute of icmptype tag in
139 firewalld.icmptype(5).
140 name (s): see short tag in firewalld.icmptype(5).
142 description (s): see description tag in firewalld.icmptype(5).
144 destinations (as): array, either empty or containing strings
146 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
147 Possible errors: INVALID_ICMPTYPE
149 getLogDenied() → s
151 Retruns the LogDenied value. If LogDenied is enabled, then
152 logging rules are added right before reject and drop rules in
153 the INPUT, FORWARD and OUTPUT chains for the default rules and
154 also final reject and drop rules in zones. Possible values are:
155 all, unicast, broadcast, multicast and off. The default value
156 is off
157 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
159 Return runtime settings of given service. For getting permanent
160 settings see
161 org.fedoraproject.FirewallD1.config.service.Methods.getSettings.
162 Settings are in format: version, name, description, array of
163 ports (port, protocol), array of module names, dictionary of
164 destinations, array of protocols and array of source-ports
165 (port, protocol).
166 version (s): see version attribute of service tag in
168 firewalld.service(5).
169 name (s): see short tag in firewalld.service(5).
171 description (s): see description tag in firewalld.service(5).
173 ports (a(ss)): array of port and protocol pairs. See port tag
175 in firewalld.service(5).
176 module names (as): array of kernel netfilter helpers, see
178 module tag in firewalld.service(5).
179 destinations (a{ss}): dictionary of {IP family : IP address}
181 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
182 destination tag in firewalld.service(5).
183 protocols (as): array of protocols, see protocol tag in
185 firewalld.service(5).
186 source-ports (a(ss)): array of port and protocol pairs. See
188 source-port tag in firewalld.service(5).
189 Possible errors: INVALID_SERVICE
191 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
193 Return runtime settings of given zone. For getting permanent
194 settings see
195 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
196 Settings are in format: version, name, description, UNUSED,
197 target, array of services, array of ports (port, protocol),
198 array of icmp-blocks, masquerade, array of forward-ports (port,
199 protocol, to-port, to-addr), array of interfaces, array of
200 sources, array of rich rules, array of protocols and array of
201 source-ports (port, protocol).
202 version (s): see version attribute of zone tag in
204 firewalld.zone(5).
205 name (s): see short tag in firewalld.zone(5).
207 description (s): see description tag in firewalld.zone(5).
209 UNUSED (b): this boolean value is no longer used for anything.
211 target (s): see target attribute of zone tag in
213 firewalld.zone(5).
214 services (as): array of service names, see service tag in
216 firewalld.zone(5).
217 ports (a(ss)): array of port and protocol pairs. See port tag
219 in firewalld.zone(5).
220 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
222 firewalld.zone(5).
223 masquerade (b): see masquerade tag in firewalld.zone(5).
225 forward-ports (a(ssss)): array of (port, protocol, to-port,
227 to-addr). See forward-port tag in firewalld.zone(5).
228 interfaces (as): array of interfaces. See interface tag in
230 firewalld.zone(5).
231 source addresses (as): array of source addresses. See source
233 tag in firewalld.zone(5).
234 rich rules (as): array of rich-language rules. See rule tag in
236 firewalld.zone(5).
237 protocols (as): array of protocols, see protocol tag in
239 firewalld.zone(5).
240 source-ports (a(ss)): array of port and protocol pairs. See
242 source-port tag in firewalld.zone(5).
243 Possible errors: INVALID_ZONE
245 listIcmpTypes() → as
247 Return array of names (s) of icmp types in runtime
248 configuration. For permanent configuration see
249 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
250 listServices() → as
252 Return array of service names (s) in runtime configuration. For
253 permanent configuration see
254 org.fedoraproject.FirewallD1.config.Methods.listServices.
255 queryPanicMode() → b
257 Return true if panic mode is enabled, false otherwise. In panic
258 mode all incoming and outgoing packets are dropped.
259 reload() → Nothing
261 Reload firewall rules and keep state information. Current
262 permanent configuration will become new runtime configuration,
263 i.e. all runtime only changes done until reload are lost with
264 reload if they have not been also in permanent configuration.
265 runtimeToPermanent() → Nothing
267 Make runtime settings permanent. Replaces permanent settings
268 with runtime settings for zones, services, icmptypes, direct
269 and policies (lockdown whitelist).
270 Possible errors: RT_TO_PERM_FAILED
272 checkPermanentConfig() → Nothing
274 Run checks on the permanent configuration. This is most useful
275 if changes were made manually to configuration files.
276 Possible errors: any
278 setDefaultZone(s: zone) → Nothing
280 Set default zone for connections and interfaces where no zone
281 has been selected to zone. Setting the default zone changes the
282 zone for the connections or interfaces, that are using the
283 default zone. This is a runtime and permanent change.
284 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
286 setLogDenied(s: value) → Nothing
288 Set LogDenied value to value. If LogDenied is enabled, then
289 logging rules are added right before reject and drop rules in
290 the INPUT, FORWARD and OUTPUT chains for the default rules and
291 also final reject and drop rules in zones. Possible values are:
292 all, unicast, broadcast, multicast and off. The default value
293 is off This is a runtime and permanent change.
294 Possible errors: ALREADY_SET, INVALID_VALUE
296 Signals
298 DefaultZoneChanged(s: zone)
299 Emitted when default zone has been changed to zone.
300 LogDeniedChanged(s: value)
302 Emitted when LogDenied value has been changed.
303 PanicModeDisabled()
305 Emitted when panic mode has been deactivated.
306 PanicModeEnabled()
308 Emitted when panic mode has been activated.
309 Reloaded()
311 Emitted when firewalld has been reloaded. Also emitted for a
312 complete reload.
313 Properties
315 BRIDGE - b - (ro)
316 Indicates whether the firewall has ethernet bridge support.
317 IPSet - b - (ro)
319 Indicates whether the firewall has IPSet support.
320 IPSetTypes - as - (ro)
322 The supported IPSet types by ipset and firewalld.
323 IPv4 - b - (ro)
325 Indicates whether the firewall has IPv4 support.
326 IPv4ICMPTypes - as - (ro)
328 The list of supported IPv4 ICMP types.
329 IPv6 - b - (ro)
331 Indicates whether the firewall has IPv6 support.
332 IPv6_rpfilter - b - (ro)
334 Indicates whether the reverse path filter test on a packet for
335 IPv6 is enabled. If a reply to the packet would be sent via the
336 same interface that the packet arrived on, the packet will
337 match and be accepted, otherwise dropped.
338 IPv6ICMPTypes - as - (ro)
340 The list of supported IPv6 ICMP types.
341 nf_conntrach_helper_setting - b - (ro)
343 Kernel nf_conntrack_helper setting.
344 nf_conntrack_helpers - a{sas} - (ro)
346 The list of conntrack helpers supported by the kernel.
347 nf_nat_helpers - a{sas} - (ro)
349 The list of nat helpers supported by the kernel.
350 interface_version - s - (ro)
352 firewalld D-Bus interface version string.
353 state - s - (ro)
355 firewalld state. This can be either INIT, FAILED, or RUNNING.
356 In INIT state, firewalld is starting up and initializing. In
357 FAILED state, firewalld completely started but experienced a
358 failure.
359 version - s - (ro)
361 firewalld version string.
362 org.fedoraproject.FirewallD1.ipset
364 Operations in this interface allows to get, add, remove and query
365 runtime ipset settings. For permanent configuration see
366 org.fedoraproject.FirewallD1.config.ipset interface.
367 Methods
369 addEntry(s: ipset, s: entry) → as
370 Add a new entry to ipset. The entry must match the type of the
371 ipset. If the ipset is using the timeout option, it is not
372 possible to see the entries, as they are timing out
373 automatically in the kernel. For permanent operation see
374 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
375 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
377 getEntries(s: ipset) → Nothing
379 Get all entries added to the ipset. If the ipset is using the
380 timeout option, it is not possible to see the entries, as they
381 are timing out automatically in the kernel. Return value is a
382 array of entry. For permanent operation see
383 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
384 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
386 getSettings(s: ipset) → (ssssa{ss}as)
388 Return runtime settings of given ipset. For getting permanent
389 settings see
390 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
391 Settings are in format: version, name, description, type,
392 dictionary of options and array of entries.
393 version (s): see version attribute of ipset tag in
395 firewalld.ipset(5).
396 name (s): see short tag in firewalld.ipset(5).
398 description (s): see description tag in firewalld.ipset(5).
400 type (s): see type attribute of ipset tag in
402 firewalld.ipset(5).
403 options (a{ss}): dictionary of {option : value} . See options
405 tag in firewalld.ipset(5).
406 entries (as): array of entries, see entry tag in
408 firewalld.ipset(5).
409 Possible errors: INVALID_IPSET
411 getIPSets() → as
413 Return array of ipset names (s) in runtime configuration. For
414 permanent configuration see
415 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
416 queryService(s: ipset, s: entry) → b
418 Return whether entry has been added to ipset. For permanent
419 operation see
420 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
421 Possible errors: INVALID_IPSET
423 queryService(s: ipset) → b
425 Return whether ipset is defined in runtime configuration.
426 removeEntry(s: ipset, s: entry) → as
428 Removes an entry from ipset. For permanent operation see
429 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
430 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
432 setEntries(as: entries) → Nothing
434 Permanently set list of entries to entries. For permanent
435 operation see
436 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
437 See entry tag in firewalld.ipset(5).
438 Signals
440 EntryAdded(s: ipset, s: entry)
441 Emitted when entry has been added to ipset.
442 EntryRemoved(s: ipset, s: entry)
444 Emitted when entry has been removed from ipset.
445 org.fedoraproject.FirewallD1.direct
447 This interface enables more direct access to the firewall. It enables
448 runtime manipulation with chains and rules. For permanent configuration
449 see org.fedoraproject.FirewallD1.config.direct interface.
450 Methods
452 addChain(s: ipv, s: table, s: chain) → Nothing
453 Add a new chain to table for ipv being either ipv4 (iptables)
454 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
455 other chain with this name already. There already exist basic
456 chains to use with direct methods, for example INPUT_direct
457 chain. These chains are jumped into before chains for zones,
458 i.e. every rule put into INPUT_direct will be checked before
459 rules in zones. For permanent operation see
460 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
461 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
463 COMMAND_FAILED
464 addPassthrough(s: ipv, as: args) → Nothing
466 Add a tracked passthrough rule with the arguments args for ipv
467 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
468 (ebtables). Valid commands in args are only -A/--append,
469 -I/--insert and -N/--new-chain. This method is (unlike
470 passthrough method) tracked, i.e. firewalld remembers it. It's
471 useful with
472 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
473 permanent operation see
474 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
475 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
477 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
479 Nothing
480 Add a rule with the arguments args to chain in table with
481 priority for ipv being either ipv4 (iptables) or ipv6
482 (ip6tables) or eb (ebtables). The priority is used to order
483 rules. Priority 0 means add rule on top of the chain, with a
484 higher priority the rule will be added further down. Rules with
485 the same priority are on the same level and the order of these
486 rules is not fixed and may change. If you want to make sure
487 that a rule will be added after another one, use a low priority
488 for the first and a higher for the following. For permanent
489 operation see
490 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
491 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
493 COMMAND_FAILED
494 getAllChains() → a(sss)
496 Get all chains added to all tables in format: ipv, table,
497 chain. This concerns only chains previously added with
498 addChain. Return value is a array of (ipv, table, chain). For
499 permanent operation see
500 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
501 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
503 (ebtables).
504 table (s): one of filter, mangle, nat, raw, security
506 chain (s): name of a chain.
508 getAllPassthroughs() → a(sas)
511 Get all tracked passthrough rules added in all ipv types in
512 format: ipv, rule. This concerns only rules previously added
513 with addPassthrough. Return value is a array of (ipv, array of
514 arguments). For permanent operation see
515 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
516 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
518 (ebtables).
519 arguments (as): array of commands, parameters and other
521 iptables/ip6tables/ebtables command line options.
522 getAllRules() → a(sssias)
525 Get all rules added to all chains in all tables in format: ipv,
526 table, chain, priority, rule. This concerns only rules
527 previously added with addRule. Return value is a array of (ipv,
528 table, chain, priority, array of arguments). For permanent
529 operation see
530 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
531 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
533 (ebtables).
534 table (s): one of filter, mangle, nat, raw, security
536 chain (s): name of a chain.
538 priority (i): used to order rules.
540 arguments (as): array of commands, parameters and other
542 iptables/ip6tables/ebtables command line options.
543 getChains(s: ipv, s: table) → as
546 Return an array of chains (s) added to table for ipv being
547 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
548 This concerns only chains previously added with addChain. For
549 permanent operation see
550 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
551 Possible errors: INVALID_IPV, INVALID_TABLE
553 getPassthroughs(s: ipv) → aas
555 Get tracked passthrough rules added in either ipv4 (iptables)
556 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
557 previously added with addPassthrough. Return value is a array
558 of (array of arguments). For permanent operation see
559 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
560 arguments (as): array of commands, parameters and other
562 iptables/ip6tables/ebtables command line options.
563 getRules(s: ipv, s: table, s: chain) → a(ias)
566 Get all rules added to chain in table for ipv being either ipv4
567 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
568 only rules previously added with addRule. Return value is a
569 array of (priority, array of arguments). For permanent
570 operation see
571 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
572 priority (i): used to order rules.
574 arguments (as): array of commands, parameters and other
576 iptables/ip6tables/ebtables command line options.
577 Possible errors: INVALID_IPV, INVALID_TABLE
579 passthrough(s: ipv, as: args) → s
581 Pass a command through to the firewall. ipv can be either ipv4
582 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
583 all iptables, ip6tables and ebtables command line arguments.
584 args can be all iptables, ip6tables and ebtables command line
585 arguments. This command is untracked, which means that
586 firewalld is not able to provide information about this command
587 later on.
588 Possible errors: COMMAND_FAILED
590 queryChain(s: ipv, s: table, s: chain) → b
592 Return whether a chain exists in table for ipv being either
593 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
594 concerns only chains previously added with addChain. For
595 permanent operation see
596 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
597 Possible errors: INVALID_IPV, INVALID_TABLE
599 queryPassthrough(s: ipv, as: args) → b
601 Return whether a tracked passthrough rule with the arguments
602 args exists for ipv being either ipv4 (iptables) or ipv6
603 (ip6tables) or eb (ebtables). This concerns only rules
604 previously added with addPassthrough. For permanent operation
605 see
606 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
607 Possible errors: INVALID_IPV
609 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
611 Return whether a rule with priority and the arguments args
612 exists in chain in table for ipv being either ipv4 (iptables)
613 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
614 previously added with addRule. For permanent operation see
615 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
616 Possible errors: INVALID_IPV, INVALID_TABLE
618 removeAllPassthroughs() → Nothing
620 Remove all passthrough rules previously added with
621 addPassthrough.
622 removeChain(s: ipv, s: table, s: chain) → Nothing
624 Remove a chain from table for ipv being either ipv4 (iptables)
625 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
626 added with addChain can be removed this way. For permanent
627 operation see
628 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
629 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
631 COMMAND_FAILED
632 removePassthrough(s: ipv, as: args) → Nothing
634 Remove a tracked passthrough rule with arguments args for ipv
635 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
636 (ebtables). Only rules previously added with addPassthrough can
637 be removed this way. For permanent operation see
638 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
639 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
641 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
643 Nothing
644 Remove a rule with priority and arguments args from chain in
645 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
646 or eb (ebtables). Only rules previously added with addRule can
647 be removed this way. For permanent operation see
648 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
649 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
651 COMMAND_FAILED
652 removeRules(s: ipv, s: table, s: chain) → Nothing
654 Remove all rules from chain in table for ipv being either ipv4
655 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
656 only rules previously added with addRule. For permanent
657 operation see
658 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
659 Possible errors: INVALID_IPV, INVALID_TABLE
661 Signals
663 ChainAdded(s: ipv, s: table, s: chain)
664 Emitted when chain has been added into table for ipv being
665 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
666 ChainRemoved(s: ipv, s: table, s: chain)
668 Emitted when chain has been removed from table for ipv being
669 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
670 PassthroughAdded(s: ipv, as: args)
672 Emitted when a tracked passthruogh rule with args has been
673 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
674 or eb (ebtables).
675 PassthroughRemoved(s: ipv, as: args)
677 Emitted when a tracked passthrough rule with args has been
678 removed for ipv being either ipv4 (iptables) or ipv6
679 (ip6tables) or eb (ebtables).
680 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
682 Emitted when a rule with args has been added to chain in table
683 with priority for ipv being either ipv4 (iptables) or ipv6
684 (ip6tables) or eb (ebtables).
685 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
687 Emitted when a rule with args has been removed from chain in
688 table with priority for ipv being either ipv4 (iptables) or
689 ipv6 (ip6tables) or eb (ebtables).
690 org.fedoraproject.FirewallD1.policies
692 Enables firewalld to be able to lock down configuration changes from
693 local applications. Local applications or services are able to change
694 the firewall configuration if they are running as root (example:
695 libvirt). With these operations administrator can lock the firewall
696 configuration so that either none or only applications that are in the
697 whitelist are able to request firewall changes. For permanent
698 configuration see org.fedoraproject.FirewallD1.config.policies
699 interface.
700 Methods
702 addLockdownWhitelistCommand(s: command) → Nothing
703 Add command to whitelist. See command option in
704 firewalld.lockdown-whitelist(5). For permanent operation see
705 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
706 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
708 addLockdownWhitelistContext(s: context) → Nothing
710 Add context to whitelist. See selinux option in
711 firewalld.lockdown-whitelist(5). For permanent operation see
712 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
713 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
715 addLockdownWhitelistUid(i: uid) → Nothing
717 Add user id uid to whitelist. See user option in
718 firewalld.lockdown-whitelist(5). For permanent operation see
719 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
720 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
722 addLockdownWhitelistUser(s: user) → Nothing
724 Add user name to whitelist. See user option in
725 firewalld.lockdown-whitelist(5). For permanent operation see
726 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
727 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
729 disableLockdown() → Nothing
731 Disable lockdown. This is a runtime and permanent change.
732 Possible errors: NOT_ENABLED
734 enableLockdown() → Nothing
736 Enable lockdown. Be careful - if the calling application/user
737 is not on lockdown whitelist when you enable lockdown you won't
738 be able to disable it again with the application, you would
739 need to edit firewalld.conf. This is a runtime and permanent
740 change.
741 Possible errors: ALREADY_ENABLED
743 getLockdownWhitelistCommands() → as
745 List all command lines (s) that are on whitelist. For permanent
746 operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
748 getLockdownWhitelistContexts() → as
750 List all contexts (s) that are on whitelist. For permanent
751 operation see
752 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
753 getLockdownWhitelistUids() → ai
755 List all user ids (i) that are on whitelist. For permanent
756 operation see
757 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
758 getLockdownWhitelistUsers() → as
760 List all users (s) that are on whitelist. For permanent
761 operation see
762 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
763 queryLockdown() → b
765 Query whether lockdown is enabled.
766 queryLockdownWhitelistCommand(s: command) → b
768 Query whether command is on whitelist. For permanent operation
769 see
770 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
771 queryLockdownWhitelistContext(s: context) → b
773 Query whether context is on whitelist. For permanent operation
774 see
775 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
776 queryLockdownWhitelistUid(i: uid) → b
778 Query whether user id uid is on whitelist. For permanent
779 operation see
780 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
781 queryLockdownWhitelistUser(s: user) → b
783 Query whether user is on whitelist. For permanent operation see
784 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
785 removeLockdownWhitelistCommand(s: command) → Nothing
787 Remove command from whitelist. For permanent operation see
788 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
789 Possible errors: NOT_ENABLED
791 removeLockdownWhitelistContext(s: context) → Nothing
793 Remove context from whitelist. For permanent operation see
794 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
795 Possible errors: NOT_ENABLED
797 removeLockdownWhitelistUid(i: uid) → Nothing
799 Remove user id uid from whitelist. For permanent operation see
800 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
801 Possible errors: NOT_ENABLED
803 removeLockdownWhitelistUser(s: user) → Nothing
805 Remove user from whitelist. For permanent operation see
806 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
807 Possible errors: NOT_ENABLED
809 Signals
811 LockdownDisabled()
812 Emitted when lockdown has been disabled.
813 LockdownEnabled()
815 Emitted when lockdown has been enabled.
816 LockdownWhitelistCommandAdded(s: command)
818 Emitted when command has been added to whitelist.
819 LockdownWhitelistCommandRemoved(s: command)
821 Emitted when command has been removed from whitelist.
822 LockdownWhitelistContextAdded(s: context)
824 Emitted when context has been added to whitelist.
825 LockdownWhitelistContextRemoved(s: context)
827 Emitted when context has been removed from whitelist.
828 LockdownWhitelistUidAdded(i: uid)
830 Emitted when user id uid has been added to whitelist.
831 LockdownWhitelistUidRemoved(i: uid)
833 Emitted when user id uid has been removed from whitelist.
834 LockdownWhitelistUserAdded(s: user)
836 Emitted when user has been added to whitelist.
837 LockdownWhitelistUserRemoved(s: user)
839 Emitted when user has been removed from whitelist.
840 org.fedoraproject.FirewallD1.zone
842 Operations in this interface allows to get, add, remove and query
843 runtime zone's settings. For permanent settings see
844 org.fedoraproject.FirewallD1.config.zone interface.
845 Methods
847 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
848 i: timeout) → s
849 Add the IPv4 forward port into zone. If zone is empty, use
850 default zone. The port can either be a single port number
851 portid or a port range portid-portid. The protocol can either
852 be tcp or udp. The destination address is a simple IP address.
853 If timeout is non-zero, the operation will be active only for
854 the amount of seconds. For permanent settings see
855 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
856 Returns name of zone to which the forward port was added.
858 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
860 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
861 ALREADY_ENABLED, INVALID_COMMAND
862 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
864 Add an ICMP block icmp into zone. The icmp is the one of the
865 icmp types firewalld supports. To get a listing of supported
866 icmp types use
867 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
868 empty, use default zone. If timeout is non-zero, the operation
869 will be active only for the amount of seconds. For permanent
870 settings see
871 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
872 Returns name of zone to which the ICMP block was added.
874 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
876 ALREADY_ENABLED, INVALID_COMMAND
877 addIcmpBlockInversion(s: zone) → s
879 Add ICMP block inversion to zone. If zone is empty, use default
880 zone. For permanent settings see
881 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
882 Returns name of zone to which the ICMP block inversion was
884 added.
885 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
887 addInterface(s: zone, s: interface) → s
889 Bind interface with zone. From now on all traffic going through
890 the interface will respect the zone's settings. If zone is
891 empty, use default zone. For permanent settings see
892 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
893 Returns name of zone to which the interface was bound.
895 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
897 ALREADY_ENABLED, INVALID_COMMAND
898 addMasquerade(s: zone, i: timeout) → s
900 Enable masquerade in zone. If zone is empty, use default zone.
901 If timeout is non-zero, masquerading will be active for the
902 amount of seconds. For permanent settings see
903 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
904 Returns name of zone in which the masquerade was enabled.
906 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
908 addPort(s: zone, s: port, s: protocol, i: timeout) → s
910 Add port into zone. If zone is empty, use default zone. The
911 port can either be a single port number or a port range
912 portid-portid. The protocol can either be tcp or udp. If
913 timeout is non-zero, the operation will be active only for the
914 amount of seconds. For permanent settings see
915 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
916 Returns name of zone to which the port was added.
918 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
920 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
921 addProtocol(s: zone, s: protocol, i: timeout) → s
923 Add protocol into zone. If zone is empty, use default zone. The
924 protocol can be any protocol supported by the system. Please
925 have a look at /etc/protocols for supported protocols. If
926 timeout is non-zero, the operation will be active only for the
927 amount of seconds. For permanent settings see
928 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
929 Returns name of zone to which the protocol was added.
931 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
933 ALREADY_ENABLED, INVALID_COMMAND
934 addRichRule(s: zone, s: rule, i: timeout) → s
936 Add rich language rule into zone. For the rich language rule
937 syntax, please have a look at firewalld.direct(5). If zone is
938 empty, use default zone. If timeout is non-zero, the operation
939 will be active only for the amount of seconds. For permanent
940 settings see
941 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
942 Returns name of zone to which the rich language rule was added.
944 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
946 INVALID_COMMAND
947 addService(s: zone, s: service, i: timeout) → s
949 Add service into zone. If zone is empty, use default zone. If
950 timeout is non-zero, the operation will be active only for the
951 amount of seconds. To get a list of supported services, use
952 org.fedoraproject.FirewallD1.Methods.listServices. For
953 permanent settings see
954 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
955 Returns name of zone to which the service was added.
957 Possible errors: INVALID_ZONE, INVALID_SERVICE,
959 ALREADY_ENABLED, INVALID_COMMAND
960 addSource(s: zone, s: source) → s
962 Bind source with zone. From now on all traffic going from this
963 source will respect the zone's settings. A source address or
964 address range is either an IP address or a network IP address
965 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
966 network mask or a plain number. For IPv6 the mask is a plain
967 number. Use of host names is not supported. If zone is empty,
968 use default zone. For permanent settings see
969 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
970 Returns name of zone to which the source was bound.
972 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
974 INVALID_COMMAND
975 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
977 Add source port into zone. If zone is empty, use default zone.
978 The port can either be a single port number or a port range
979 portid-portid. The protocol can either be tcp or udp. If
980 timeout is non-zero, the operation will be active only for the
981 amount of seconds. For permanent settings see
982 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
983 Returns name of zone to which the port was added.
985 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
987 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
988 changeZone(s: zone, s: interface) → s
990 This function is deprecated, use
991 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
992 instead.
993 changeZoneOfInterface(s: zone, s: interface) → s
995 Change a zone an interface is bound to to zone. It's basically
996 removeInterface(interface) followed by addInterface(zone,
997 interface). If interface has not been bound to a zone before,
998 it behaves like addInterface. If zone is empty, use default
999 zone.
1000 Returns name of zone to which the interface was bound.
1002 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1004 changeZoneOfSource(s: zone, s: source) → s
1006 Change a zone an source is bound to to zone. It's basically
1007 removeSource(source) followed by addSource(zone, source). If
1008 source has not been bound to a zone before, it behaves like
1009 addSource. If zone is empty, use default zone.
1010 Returns name of zone to which the source was bound.
1012 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1014 getActiveZones() → a{sa{sas}}
1016 Return dictionary of currently active zones altogether with
1017 interfaces and sources used in these zones. Active zones are
1018 zones, that have a binding to an interface or source.
1019 Return value is a dictionary where keys are zone names (s) and
1021 values are again dictionaries where keys are either
1022 'interfaces' or 'sources' and values are arrays of interface
1023 names (s) or sources (s).
1024 getForwardPorts(s: zone) → aas
1026 Return array of IPv4 forward ports previously added into zone.
1027 If zone is empty, use default zone. For getting permanent
1028 settings see
1029 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1030 Return value is array of 4-tuples, where each 4-tuple consists
1032 of (port, protocol, to-port, to-addr). to-addr might be empty
1033 in case of local forwarding.
1034 Possible errors: INVALID_ZONE
1036 getIcmpBlocks(s: zone) → as
1038 Return array of ICMP type (s) blocks previously added into
1039 zone. If zone is empty, use default zone. For getting permanent
1040 settings see
1041 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1042 Possible errors: INVALID_ZONE
1044 getIcmpBlockInversion(s: zone) → b
1046 Return whether ICMP block inversion was previously added to
1047 zone. If zone is empty, use default zone. For getting permanent
1048 settings see
1049 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1050 Possible errors: INVALID_ZONE
1052 getInterfaces(s: zone) → as
1054 Return array of interfaces (s) previously bound with zone. If
1055 zone is empty, use default zone. For getting permanent settings
1056 see
1057 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1058 Possible errors: INVALID_ZONE
1060 getPorts(s: zone) → aas
1062 Return array of ports (2-tuple of port and protocol) previously
1063 enabled in zone. If zone is empty, use default zone. For
1064 getting permanent settings see
1065 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1066 Possible errors: INVALID_ZONE
1068 getProtocols(s: zone) → as
1070 Return array of protocols (s) previously enabled in zone. If
1071 zone is empty, use default zone. For getting permanent settings
1072 see
1073 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1074 Possible errors: INVALID_ZONE
1076 getRichRules(s: zone) → as
1078 Return array of rich language rules (s) previously added into
1079 zone. If zone is empty, use default zone. For getting permanent
1080 settings see
1081 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1082 Possible errors: INVALID_ZONE
1084 getServices(s: zone) → as
1086 Return array of services (s) previously enabled in zone. If
1087 zone is empty, use default zone. For getting permanent settings
1088 see
1089 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1090 Possible errors: INVALID_ZONE
1092 getSourcePorts(s: zone) → aas
1094 Return array of source ports (2-tuple of port and protocol)
1095 previously enabled in zone. If zone is empty, use default zone.
1096 For getting permanent settings see
1097 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1098 Possible errors: INVALID_ZONE
1100 getSources(s: zone) → as
1102 Return array of sources (s) previously bound with zone. If zone
1103 is empty, use default zone. For getting permanent settings see
1104 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1105 Possible errors: INVALID_ZONE
1107 getZoneOfInterface(s: interface) → s
1109 Return name (s) of zone the interface is bound to or empty
1110 string.
1111 getZoneOfSource(s: source) → s
1113 Return name (s) of zone the source is bound to or empty string.
1114 getZones() → as
1116 Return array of names (s) of predefined zones known to current
1117 runtime environment. For list of zones known to permanent
1118 environment see
1119 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1120 lists (of zones known to runtime and permanent environment)
1121 will contain same zones in most cases, but might differ for
1122 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1123 has been called recently, but firewalld has not been reloaded
1124 since then.
1125 isImmutable(s: zone) → b
1127 Deprecated.
1128 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1130 toaddr) → b
1131 Return whether the IPv4 forward port (port, protocol, toport,
1132 toaddr) has been added into zone. If zone is empty, use default
1133 zone. For permanent operation see
1134 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1135 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1137 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1138 queryIcmpBlock(s: zone, s: icmp) → b
1140 Return whether an ICMP block for icmp has been added into zone.
1141 If zone is empty, use default zone. For permanent operation see
1142 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1143 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1145 queryIcmpBlockInversion(s: zone) → b
1147 Return whether ICMP block inversion has been added to zone. If
1148 zone is empty, use default zone. For permanent operation see
1149 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1150 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1152 queryInterface(s: zone, s: interface) → b
1154 Query whether interface has been bound to zone. If zone is
1155 empty, use default zone. For permanent operation see
1156 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1157 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1159 queryMasquerade(s: zone) → b
1161 Return whether masquerading has been enabled in zone If zone is
1162 empty, use default zone. For permanent operation see
1163 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1164 Possible errors: INVALID_ZONE
1166 queryPort(s: zone, s: port, s: protocol) → b
1168 Return whether port/protocol has been added in zone. If zone is
1169 empty, use default zone. For permanent operation see
1170 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1171 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1173 INVALID_PROTOCOL
1174 queryProtocol(s: zone, s: protocol) → b
1176 Return whether protocol has been added in zone. If zone is
1177 empty, use default zone. For permanent operation see
1178 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1179 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1181 queryRichRule(s: zone, s: rule) → b
1183 Return whether rich rule rule has been added in zone. If zone
1184 is empty, use default zone. For permanent operation see
1185 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1186 Possible errors: INVALID_ZONE, INVALID_RULE
1188 queryService(s: zone, s: service) → b
1190 Return whether service has been added for zone. If zone is
1191 empty, use default zone. For permanent operation see
1192 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1193 Possible errors: INVALID_ZONE, INVALID_SERVICE
1195 querySource(s: zone, s: source) → b
1197 Query whether sourcehas been bound to zone. If zone is empty,
1198 use default zone. For permanent operation see
1199 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1200 Possible errors: INVALID_ZONE, INVALID_ADDR
1202 querySourcePort(s: zone, s: port, s: protocol) → b
1204 Return whether port/protocol has been added in zone. If zone is
1205 empty, use default zone. For permanent operation see
1206 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1207 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1209 INVALID_PROTOCOL
1210 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1212 toaddr) → s
1213 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1214 from zone. If zone is empty, use default zone. For permanent
1215 operation see
1216 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1217 Returns name of zone from which the forward port was removed.
1219 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1221 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1222 INVALID_COMMAND
1223 removeIcmpBlock(s: zone, s: icmp) → s
1225 Remove ICMP block icmp from zone. If zone is empty, use default
1226 zone. For permanent operation see
1227 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1228 Returns name of zone from which the ICMP block was removed.
1230 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1232 INVALID_COMMAND
1233 removeIcmpBlockInversion(s: zone) → s
1235 Remove ICMP block inversion from zone. If zone is empty, use
1236 default zone. For permanent operation see
1237 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1238 Returns name of zone from which the ICMP block inversion was
1240 removed.
1241 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1243 removeInterface(s: zone, s: interface) → s
1245 Remove binding of interface from zone. If zone is empty, the
1246 interface will be removed from zone it belongs to. For
1247 permanent operation see
1248 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1249 Returns name of zone from which the interface was removed.
1251 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1253 INVALID_COMMAND
1254 removeMasquerade(s: zone) → s
1256 Disable masquerade for zone. If zone is empty, use default
1257 zone. For permanent operation see
1258 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1259 Returns name of zone for which the masquerade was disabled.
1261 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1263 removePort(s: zone, s: port, s: protocol) → s
1265 Remove port/protocol from zone. If zone is empty, use default
1266 zone. For permanent operation see
1267 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1268 Returns name of zone from which the port was removed.
1270 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1272 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1273 removeProtocol(s: zone, s: protocol) → s
1275 Remove protocol from zone. If zone is empty, use default zone.
1276 For permanent operation see
1277 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1278 Returns name of zone from which the protocol was removed.
1280 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1282 INVALID_COMMAND
1283 removeRichRule(s: zone, s: rule) → s
1285 Remove rich language rule from zone. If zone is empty, use
1286 default zone. For permanent operation see
1287 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1288 Returns name of zone from which the rich language rule was
1290 removed.
1291 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1293 INVALID_COMMAND
1294 removeService(s: zone, s: service) → s
1296 Remove service from zone. If zone is empty, use default zone.
1297 For permanent operation see
1298 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1299 Returns name of zone from which the service was removed.
1301 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1303 INVALID_COMMAND
1304 removeSource(s: zone, s: source) → s
1306 Remove binding of source from zone. If zone is empty, the
1307 source will be removed from zone it belongs to. For permanent
1308 operation see
1309 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1310 Returns name of zone from which the source was removed.
1312 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1314 INVALID_COMMAND
1315 removeSourcePort(s: zone, s: port, s: protocol) → s
1317 Remove port/protocol from zone. If zone is empty, use default
1318 zone. For permanent operation see
1319 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1320 Returns name of zone from which the source port was removed.
1322 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1324 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1325 Signals
1327 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1328 toaddr, i: timeout)
1329 Emitted when forward port has been added to zone with timeout.
1330 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1332 toaddr)
1333 Emitted when forward port has been removed from zone.
1334 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1336 Emitted when ICMP block for icmp has been added to zone with
1337 timeout.
1338 IcmpBlockInversionAdded(s: zone)
1340 Emitted when ICMP block inversion has been added to zone.
1341 IcmpBlockInversionRemoved(s: zone)
1343 Emitted when ICMP block inversion has been removed from zone.
1344 IcmpBlockRemoved(s: zone, s: icmp)
1346 Emitted when ICMP block for icmp has been removed from zone.
1347 InterfaceAdded(s: zone, s: interface)
1349 Emitted when interface has been added to zone.
1350 InterfaceRemoved(s: zone, s: interface)
1352 Emitted when interface has been removed from zone.
1353 MasqueradeAdded(s: zone, i: timeout)
1355 Emitted when masquerade has been enabled for zone.
1356 MasqueradeRemoved(s: zone)
1358 Emitted when masquerade has been disabled for zone.
1359 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1361 Emitted when port/protocol has been added to zone with timeout.
1362 PortRemoved(s: zone, s: port, s: protocol)
1364 Emitted when port/protocol has been removed from zone.
1365 ProtocolAdded(s: zone, s: protocol, i: timeout)
1367 Emitted when protocol has been added to zone with timeout.
1368 ProtocolRemoved(s: zone, s: protocol)
1370 Emitted when protocol has been removed from zone.
1371 RichRuleAdded(s: zone, s: rule, i: timeout)
1373 Emitted when rich language rule has been added to zone with
1374 timeout.
1375 RichRuleRemoved(s: zone, s: rule)
1377 Emitted when rich language rule has been removed from zone.
1378 ServiceAdded(s: zone, s: service, i: timeout)
1380 Emitted when service has been added to zone with timeout.
1381 ServiceRemoved(s: zone, s: service)
1383 Emitted when service has been removed from zone.
1384 SourceAdded(s: zone, s: source)
1386 Emitted when source has been added to zone.
1387 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1389 Emitted when source-port/protocol has been added to zone with
1390 timeout.
1391 SourcePortRemoved(s: zone, s: port, s: protocol)
1393 Emitted when source-port/protocol has been removed from zone.
1394 SourceRemoved(s: zone, s: source)
1396 Emitted when source has been removed from zone.
1397 ZoneChanged(s: zone, s: interface)
1399 Deprecated
1400 ZoneOfInterfaceChanged(s: zone, s: interface)
1402 Emitted when a zone an interface is part of has been changed to
1403 zone.
1404 ZoneOfSourceChanged(s: zone, s: source)
1406 Emitted when a zone an source is part of has been changed to
1407 zone.
1408 org.fedoraproject.FirewallD1.config
1410 Allows to permanently add, remove and query zones, services and icmp
1411 types.
1412 Methods
1414 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1415 Add ipset with given settings into permanent configuration.
1416 Settings are in format: version, name, description, type,
1417 dictionary of options and array of entries.
1418 version (s): see version attribute of ipset tag in
1420 firewalld.ipset(5).
1421 name (s): see short tag in firewalld.ipset(5).
1423 description (s): see description tag in firewalld.ipset(5).
1425 type (s): see type attribute of ipset tag in
1427 firewalld.ipset(5).
1428 options (a{ss}): dictionary of {option : value} . See options
1430 tag in firewalld.ipset(5).
1431 entries (as): array of entries, see entry tag in
1433 firewalld.ipset(5).
1434 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1436 addIcmpType(s: icmptype, (sssas): settings) → o
1438 Add icmptype with given settings into permanent configuration.
1439 Settings are in format: version, name, description, array of
1440 destinations. Returns object path of the new icmp type.
1441 version (s): see version attribute of icmptype tag in
1443 firewalld.icmptype(5).
1444 name (s): see short tag in firewalld.icmptype(5).
1446 description (s): see description tag in firewalld.icmptype(5).
1448 destinations (as): array, either empty or containing strings
1450 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1451 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1453 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1455 Add service with given settings into permanent configuration.
1456 Settings are in format: version, name, description, array of
1457 ports (port, protocol), array of module names, dictionary of
1458 destinations, array of protocols and array of source-ports
1459 (port, protocol). Returns object path of the new icmp type.
1460 version (s): see version attribute of service tag in
1462 firewalld.service(5).
1463 name (s): see short tag in firewalld.service(5).
1465 description (s): see description tag in firewalld.service(5).
1467 ports (a(ss)): array of port and protocol pairs. See port tag
1469 in firewalld.service(5).
1470 module names (as): array of kernel netfilter helpers, see
1472 module tag in firewalld.service(5).
1473 destinations (a{ss}): dictionary of {IP family : IP address}
1475 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1476 destination tag in firewalld.service(5).
1477 protocols (as): array of protocols. See protocol tag in
1479 firewalld.service(5).
1480 source-ports (a(ss)): array of port and protocol pairs. See
1482 source-port tag in firewalld.service(5).
1483 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1485 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1487 o
1488 Add zone with given settings into permanent configuration.
1489 Settings are in format: version, name, description, UNUSED,
1490 target, array of services, array of ports (port, protocol),
1491 array of icmp-blocks, masquerade, array of forward-ports (port,
1492 protocol, to-port, to-addr), array of interfaces, array of
1493 sources, array of rich rules, array of protocols and array of
1494 source-ports (port, protocol).
1495 version (s): see version attribute of zone tag in
1497 firewalld.zone(5).
1498 name (s): see short tag in firewalld.zone(5).
1500 description (s): see description tag in firewalld.zone(5).
1502 UNUSED (b): this boolean value is no longer used for anything.
1504 target (s): see target attribute of zone tag in
1506 firewalld.zone(5).
1507 services (as): array of service names, see service tag in
1509 firewalld.zone(5).
1510 ports (a(ss)): array of port and protocol pairs. See port tag
1512 in firewalld.zone(5).
1513 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1515 firewalld.zone(5).
1516 masquerade (b): see masquerade tag in firewalld.zone(5).
1518 forward-ports (a(ssss)): array of (port, protocol, to-port,
1520 to-addr). See forward-port tag in firewalld.zone(5).
1521 interfaces (as): array of interfaces. See interface tag in
1523 firewalld.zone(5).
1524 source addresses (as): array of source addresses. See source
1526 tag in firewalld.zone(5).
1527 rich rules (as): array of rich-language rules. See rule tag in
1529 firewalld.zone(5).
1530 protocols (as): array of protocols. See protocol tag in
1532 firewalld.zone(5).
1533 source-ports (a(ss)): array of port and protocol pairs. See
1535 source-port tag in firewalld.zone(5).
1536 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1538 getHelperByName(s: helper) → o
1540 Return object path (permanent configuration) of helper with
1541 given name.
1542 Possible errors: INVALID_HELPER
1544 getHelperNames() → as
1546 Return list of helper names (permanent configuration).
1547 getIPSetByName(s: ipset) → o
1549 Return object path (permanent configuration) of ipset with
1550 given name.
1551 Possible errors: INVALID_IPSET
1553 getIPSetNames() → as
1555 Return list of ipset names (permanent configuration).
1556 getIcmpTypeByName(s: icmptype) → o
1558 Return object path (permanent configuration) of icmptype with
1559 given name.
1560 Possible errors: INVALID_ICMPTYPE
1562 getIcmpTypeNames() → as
1564 Return list of icmptype names (permanent configuration).
1565 getServiceByName(s: service) → o
1567 Return object path (permanent configuration) of service with
1568 given name.
1569 Possible errors: INVALID_SERVICE
1571 getServiceNames() → as
1573 Return list of service names (permanent configuration).
1574 getZoneByName(s: zone) → o
1576 Return object path (permanent configuration) of zone with given
1577 name.
1578 Possible errors: INVALID_ZONE
1580 getZoneNames() → as
1582 Return list of zone names (permanent configuration) of.
1583 getZoneOfInterface(s: iface) → s
1585 Return name of zone the iface is bound to or empty string.
1586 getZoneOfSource(s: source) → s
1588 Return name of zone the source is bound to or empty string.
1589 listHelpers() → ao
1591 Return array of object paths (o) of helper in permanent
1592 configuration. For runtime configuration see
1593 org.fedoraproject.FirewallD1.Methods.getHelpers.
1594 listIPSets() → ao
1596 Return array of object paths (o) of ipset in permanent
1597 configuration. For runtime configuration see
1598 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1599 listIcmpTypes() → ao
1601 Return array of object paths (o) of icmp types in permanent
1602 configuration. For runtime configuration see
1603 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1604 listServices() → ao
1606 Return array of objects paths (o) of services in permanent
1607 configuration. For runtime configuration see
1608 org.fedoraproject.FirewallD1.Methods.listServices.
1609 listZones() → ao
1611 List object paths of zones known to permanent environment. For
1612 list of zones known to runtime environment see
1613 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1614 (of zones known to runtime and permanent environment) will
1615 contain same zones in most cases, but might differ for example
1616 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1617 called recently, but firewalld has not been reloaded since
1618 then.
1619 Signals
1621 HelperAdded(s: helper)
1622 Emitted when helper has been added.
1623 IPSetAdded(s: ipset)
1625 Emitted when ipset has been added.
1626 IcmpTypeAdded(s: icmptype)
1628 Emitted when icmptype has been added.
1629 ServiceAdded(s: service)
1631 Emitted when service has been added.
1632 ZoneAdded(s: zone)
1634 Emitted when zone has been added.
1635 Properties
1637 AutomaticHelpers - s - (rw)
1638 Indicates whether automatic helper assignment in kernel should
1639 be used or not. With the system setting this is left to the
1640 kernel or system default.
1641 CleanupOnExit - s - (rw)
1643 If firewalld stops, it cleans up all firewall rules. Setting
1644 this option to no or false leaves the current firewall rules
1645 untouched.
1646 DefaultZone - s - (ro)
1648 Default zone for connections or interfaces if the zone is not
1649 selected or specified by NetworkManager, initscripts or command
1650 line tool.
1651 IPv6_rpfilter - s - (rw)
1653 Indicates whether the reverse path filter test on a packet for
1654 IPv6 is enabled. If a reply to the packet would be sent via the
1655 same interface that the packet arrived on, the packet will
1656 match and be accepted, otherwise dropped.
1657 IndividualCalls - s - (ro)
1659 Indicates whether individual calls combined -restore calls are
1660 used. If enabled, this increases the time that is needed to
1661 apply changes and to start the daemon, but is good for
1662 debugging.
1663 Lockdown - s - (rw)
1665 If this property is enabled, firewall changes with the D-Bus
1666 interface will be limited to applications that are listed in
1667 the lockdown whitelist.
1668 LogDenied - s - (rw)
1670 If LogDenied is enabled, then logging rules are added right
1671 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1672 chains for the default rules and also final reject and drop
1673 rules in zones. Possible values are: all, unicast, broadcast,
1674 multicast and off.
1675 MinimalMark - i - (rw)
1677 For some firewall settings several rules are needed in
1678 different tables to be able to handle packets in the correct
1679 way. To achieve that these packets are marked using the MARK
1680 target. With the MinimalMark property a block of marks can be
1681 reserved for private use; only marks over this value are used.
1682 org.fedoraproject.FirewallD1.config.direct
1684 Interface for permanent direct configuration, see also
1685 firewalld.direct(5). For runtime direct configuration see
1686 org.fedoraproject.FirewallD1.direct interface.
1687 Methods
1689 addChain(s: ipv, s: table, s: chain) → Nothing
1690 Add a new chain to table for ipv being either ipv4 (iptables)
1691 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1692 other chain with this name already. There already exist basic
1693 chains to use with direct methods, for example INPUT_direct
1694 chain. These chains are jumped into before chains for zones,
1695 i.e. every rule put into INPUT_direct will be checked before
1696 rules in zones. For runtime operation see
1697 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1698 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1700 addPassthrough(s: ipv, as: args) → Nothing
1702 Add a passthrough rule with the arguments args for ipv being
1703 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1704 For runtime operation see
1705 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1706 Possible errors: INVALID_IPV, ALREADY_ENABLED
1708 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1710 Nothing
1711 Add a rule with the arguments args to chain in table with
1712 priority for ipv being either ipv4 (iptables) or ipv6
1713 (ip6tables) or eb (ebtables). The priority is used to order
1714 rules. Priority 0 means add rule on top of the chain, with a
1715 higher priority the rule will be added further down. Rules with
1716 the same priority are on the same level and the order of these
1717 rules is not fixed and may change. If you want to make sure
1718 that a rule will be added after another one, use a low priority
1719 for the first and a higher for the following. For runtime
1720 operation see
1721 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1722 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1724 getAllChains() → a(sss)
1726 Get all chains added to all tables in format: ipv, table,
1727 chain. This concerns only chains previously added with
1728 addChain. Return value is a array of (ipv, table, chain). For
1729 runtime operation see
1730 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1731 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1733 (ebtables).
1734 table (s): one of filter, mangle, nat, raw, security
1736 chain (s): name of a chain.
1738 getAllPassthroughs() → a(sas)
1741 Get all passthrough rules added in all ipv types in format:
1742 ipv, rule. This concerns only rules previously added with
1743 addPassthrough. Return value is a array of (ipv, array of
1744 arguments). For runtime operation see
1745 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1746 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1748 (ebtables).
1749 arguments (as): array of commands, parameters and other
1751 iptables/ip6tables/ebtables command line options.
1752 getAllRules() → a(sssias)
1755 Get all rules added to all chains in all tables in format: ipv,
1756 table, chain, priority, rule. This concerns only rules
1757 previously added with addRule. Return value is a array of (ipv,
1758 table, chain, priority, array of arguments). For runtime
1759 operation see
1760 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1761 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1763 (ebtables).
1764 table (s): one of filter, mangle, nat, raw, security
1766 chain (s): name of a chain.
1768 priority (i): used to order rules.
1770 arguments (as): array of commands, parameters and other
1772 iptables/ip6tables/ebtables command line options.
1773 getChains(s: ipv, s: table) → as
1776 Return an array of chains (s) added to table for ipv being
1777 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1778 This concerns only chains previously added with addChain. For
1779 runtime operation see
1780 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1781 Possible errors: INVALID_IPV, INVALID_TABLE
1783 getPassthroughs(s: ipv) → aas
1785 Get tracked passthrough rules added in either ipv4 (iptables)
1786 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1787 previously added with addPassthrough. Return value is a array
1788 of (array of arguments). For runtime operation see
1789 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1790 arguments (as): array of commands, parameters and other
1792 iptables/ip6tables/ebtables command line options.
1793 getRules(s: ipv, s: table, s: chain) → a(ias)
1796 Get all rules added to chain in table for ipv being either ipv4
1797 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1798 only rules previously added with addRule. Return value is a
1799 array of (priority, array of arguments). For runtime operation
1800 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1801 priority (i): used to order rules.
1803 arguments (as): array of commands, parameters and other
1805 iptables/ip6tables/ebtables command line options.
1806 Possible errors: INVALID_IPV, INVALID_TABLE
1808 getSettings() → (a(sss)a(sssias)a(sas))
1810 Get settings of permanent direct configuration in format: array
1811 of chains, array of rules, array of passthroughs.
1812 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1814 firewalld.direct(5).
1815 .
1816 .PP rules (a(sssias)): array of (ipv, table,
1817 chain, priority, array of arguments), see 'rule' in
1818 firewalld.direct(5).
1819 .
1820 .PP passthroughs (a(sas)): array of (ipv,
1821 array of arguments), see passthrough in firewalld.direct(5).
1822 .
1823 .sp
1824 queryChain(s: ipv, s: table, s: chain) → b
1826 Return whether a chain exists in table for ipv being either
1827 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1828 concerns only chains previously added with addChain. For
1829 runtime operation see
1830 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1831 Possible errors: INVALID_IPV, INVALID_TABLE
1833 queryPassthrough(s: ipv, as: args) → b
1835 Return whether a tracked passthrough rule with the arguments
1836 args exists for ipv being either ipv4 (iptables) or ipv6
1837 (ip6tables) or eb (ebtables). This concerns only rules
1838 previously added with addPassthrough. For runtime operation see
1839 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1840 Possible errors: INVALID_IPV
1842 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1844 Return whether a rule with priority and the arguments args
1845 exists in chain in table for ipv being either ipv4 (iptables)
1846 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1847 previously added with addRule. For runtime operation see
1848 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1849 Possible errors: INVALID_IPV, INVALID_TABLE
1851 removeChain(s: ipv, s: table, s: chain) → Nothing
1853 Remove a chain from table for ipv being either ipv4 (iptables)
1854 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1855 added with addChain can be removed this way. For runtime
1856 operation see
1857 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1858 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1860 removePassthrough(s: ipv, as: args) → Nothing
1862 Remove a passthrough rule with arguments args for ipv being
1863 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1864 Only rules previously added with addPassthrough can be removed
1865 this way. For runtime operation see
1866 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1867 Possible errors: INVALID_IPV, NOT_ENABLED
1869 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1871 Nothing
1872 Remove a rule with priority and arguments args from chain in
1873 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1874 or eb (ebtables). Only rules previously added with addRule can
1875 be removed this way. For runtime operation see
1876 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1877 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1879 removeRules(s: ipv, s: table, s: chain) → Nothing
1881 Remove all rules from chain in table for ipv being either ipv4
1882 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1883 only rules previously added with addRule. For runtime operation
1884 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1885 Possible errors: INVALID_IPV, INVALID_TABLE
1887 update((a(sss)a(sssias)a(sas)): settings) → Nothing
1889 Update permanent direct configuration with given settings.
1890 Settings are in format: array of chains, array of rules, array
1891 of passthroughs.
1892 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1894 firewalld.direct(5).
1895 .
1896 .PP rules (a(sssias)): array of (ipv, table,
1897 chain, priority, array of arguments), see 'rule' in
1898 firewalld.direct(5).
1899 .
1900 .PP passthroughs (a(sas)): array of (ipv,
1901 array of arguments), see passthrough in firewalld.direct(5).
1902 .
1903 .sp Possible errors: INVALID_TYPE
1904 Signals
1906 Updated()
1907 Emitted when configuration has been updated.
1908 org.fedoraproject.FirewallD1.config.policies
1910 Interface for permanent lockdown-whitelist configuration, see also
1911 firewalld.lockdown-whitelist(5). For runtime configuration see
1912 org.fedoraproject.FirewallD1.policies interface.
1913 Methods
1915 addLockdownWhitelistCommand(s: command) → Nothing
1916 Add command to whitelist. See command option in
1917 firewalld.lockdown-whitelist(5). For runtime operation see
1918 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1919 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1921 addLockdownWhitelistContext(s: context) → Nothing
1923 Add context to whitelist. See selinux option in
1924 firewalld.lockdown-whitelist(5). For runtime operation see
1925 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1926 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1928 addLockdownWhitelistUid(i: uid) → Nothing
1930 Add user id uid to whitelist. See user option in
1931 firewalld.lockdown-whitelist(5). For runtime operation see
1932 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1933 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1935 addLockdownWhitelistUser(s: user) → Nothing
1937 Add user name to whitelist. See user option in
1938 firewalld.lockdown-whitelist(5). For runtime operation see
1939 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1940 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1942 getLockdownWhitelist() → (asasasai)
1944 Get settings of permanent lockdown-whitelist configuration in
1945 format: commands, selinux contexts, users, uids
1946 commands (as): see command option in firewalld.lockdown-
1948 whitelist(5).
1949 selinux contexts (as): see selinux option in
1951 firewalld.lockdown-whitelist(5).
1952 users (as): see name attribute of user option in
1954 firewalld.lockdown-whitelist(5).
1955 uids (ai): see id attribute of user option in
1957 firewalld.lockdown-whitelist(5).
1958 getLockdownWhitelistCommands() → as
1961 List all command lines (s) that are on whitelist. For runtime
1962 operation see
1963 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1964 getLockdownWhitelistContexts() → as
1966 List all contexts (s) that are on whitelist. For runtime
1967 operation see
1968 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
1969 getLockdownWhitelistUids() → ai
1971 List all user ids (i) that are on whitelist. For runtime
1972 operation see
1973 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
1974 getLockdownWhitelistUsers() → as
1976 List all users (s) that are on whitelist. For runtime operation
1977 see
1978 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
1979 queryLockdownWhitelistCommand(s: command) → b
1981 Query whether command is on whitelist. For runtime operation
1982 see
1983 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
1984 queryLockdownWhitelistContext(s: context) → b
1986 Query whether context is on whitelist. For runtime operation
1987 see
1988 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
1989 queryLockdownWhitelistUid(i: uid) → b
1991 Query whether user id uid is on whitelist. For runtime
1992 operation see
1993 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
1994 queryLockdownWhitelistUser(s: user) → b
1996 Query whether user is on whitelist. For runtime operation see
1997 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
1998 removeLockdownWhitelistCommand(s: command) → Nothing
2000 Remove command from whitelist. For runtime operation see
2001 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2002 Possible errors: NOT_ENABLED
2004 removeLockdownWhitelistContext(s: context) → Nothing
2006 Remove context from whitelist. For runtime operation see
2007 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2008 Possible errors: NOT_ENABLED
2010 removeLockdownWhitelistUid(i: uid) → Nothing
2012 Remove user id uid from whitelist. For runtime operation see
2013 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2014 Possible errors: NOT_ENABLED
2016 removeLockdownWhitelistUser(s: user) → Nothing
2018 Remove user from whitelist. For runtime operation see
2019 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2020 Possible errors: NOT_ENABLED
2022 setLockdownWhitelist((asasasai): settings) → Nothing
2024 Set permanent lockdown-whitelist configuration to settings.
2025 Settings are in format: commands, selinux contexts, users, uids
2026 commands (as): see command option in firewalld.lockdown-
2028 whitelist(5).
2029 selinux contexts (as): see selinux option in
2031 firewalld.lockdown-whitelist(5).
2032 users (as): see name attribute of user option in
2034 firewalld.lockdown-whitelist(5).
2035 uids (ai): see id attribute of user option in
2037 firewalld.lockdown-whitelist(5).
2038 Possible errors: INVALID_TYPE
2040 Signals
2042 LockdownWhitelistUpdated()
2043 Emitted when permanent lockdown-whitelist configuration has
2044 been updated.
2045 org.fedoraproject.FirewallD1.config.ipset
2047 Interface for permanent ipset configuration, see also
2048 firewalld.ipset(5).
2049 Methods
2051 addEntry(s: entry) → Nothing
2052 Permanently add entry to list of entries of ipset. See entry
2053 tag in firewalld.ipset(5). For runtime operation see
2054 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2055 Possible errors: ALREADY_ENABLED
2057 addOption(s: key, s: value) → Nothing
2059 Permanently add (key, value) to the ipset. See option tag in
2060 firewalld.ipset(5).
2061 Possible errors: ALREADY_ENABLED
2063 getDescription() → s
2065 Get description of ipset. See description tag in
2066 firewalld.ipset(5).
2067 getEntries() → as
2069 Get list of entries added to ipset. See entry tag in
2070 firewalld.ipset(5). For runtime operation see
2071 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2072 Possible errors: IPSET_WITH_TIMEOUT
2074 getOptions() → a{ss}
2076 Get dictionary of options set for ipset. See option tag in
2077 firewalld.ipset(5).
2078 getSettings() → (ssssa{ss}as)
2080 Return permament settings of the ipset. For getting runtime
2081 settings see
2082 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2083 Settings are in format: version, name, description, type,
2084 dictionary of options and array of entries.
2085 version (s): see version attribute of ipset tag in
2087 firewalld.ipset(5).
2088 name (s): see short tag in firewalld.ipset(5).
2090 description (s): see description tag in firewalld.ipset(5).
2092 type (s): see type attribute of ipset tag in
2094 firewalld.ipset(5).
2095 options (a{ss}): dictionary of {option : value} . See options
2097 tag in firewalld.ipset(5).
2098 entries (as): array of entries, see entry tag in
2100 firewalld.ipset(5).
2101 getShort() → s
2104 Get name of ipset. See short tag in firewalld.ipset(5).
2105 getType() → s
2107 Get type of ipset. See type attribute of ipset tag in
2108 firewalld.ipset(5).
2109 getVersion() → s
2111 Get version of ipset. See version attribute of ipset tag in
2112 firewalld.ipset(5).
2113 loadDefaults() → Nothing
2115 Load default settings for built-in ipset.
2116 Possible errors: NO_DEFAULTS
2118 queryEntry(s: entry) → b
2120 Return whether entry has been added to ipset. For runtime
2121 operation see
2122 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2123 queryOption(s: key, s: value) → b
2125 Return whether (key, value) has been added to options of the
2126 ipset.
2127 remove() → Nothing
2129 Remove not built-in ipset.
2130 Possible errors: BUILTIN_IPSET
2132 removeEntry(s: entry) → Nothing
2134 Permanently remove entry from ipset. See entry tag in
2135 firewalld.ipset(5). For runtime operation see
2136 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2137 Possible errors: NOT_ENABLED
2139 removeOption(s: key) → Nothing
2141 Permanently remove key from the ipset. See option tag in
2142 firewalld.ipset(5).
2143 Possible errors: NOT_ENABLED
2145 rename(s: name) → Nothing
2147 Rename not built-in ipset to name.
2148 Possible errors: BUILTIN_IPSET
2150 setDescription(s: description) → Nothing
2152 Permanently set description of ipset to description. See
2153 description tag in firewalld.ipset(5).
2154 setEntries(as: entries) → Nothing
2156 Permanently set list of entries to entries. See entry tag in
2157 firewalld.ipset(5).
2158 setOptions(a{ss}: options) → Nothing
2160 Permanently set dict of options to options. See option tag in
2161 firewalld.ipset(5).
2162 setShort(s: short) → Nothing
2164 Permanently set name of ipset to short. See short tag in
2165 firewalld.ipset(5).
2166 setType(s: ipset_type) → Nothing
2168 Permanently set type of ipset to ipset_type. See type attribute
2169 of ipset tag in firewalld.ipset(5).
2170 setVersion(s: version) → Nothing
2172 Permanently set version of ipset to version. See version
2173 attribute of ipset tag in firewalld.ipset(5).
2174 update((ssssa{ss}as): settings) → Nothing
2176 Update settings of ipset to settings. Settings are in format:
2177 version, name, description, type, dictionary of options and
2178 array of entries.
2179 version (s): see version attribute of ipset tag in
2181 firewalld.ipset(5).
2182 name (s): see short tag in firewalld.ipset(5).
2184 description (s): see description tag in firewalld.ipset(5).
2186 type (s): see type attribute of ipset tag in
2188 firewalld.ipset(5).
2189 options (a{ss}): dictionary of {option : value} . See options
2191 tag in firewalld.ipset(5).
2192 entries (as): array of entries, see entry tag in
2194 firewalld.ipset(5).
2195 Possible errors: INVALID_TYPE
2197 Signals
2199 Removed(s: name)
2200 Emitted when ipset with name has been removed.
2201 Renamed(s: name)
2203 Emitted when ipset has been renamed to name.
2204 Updated(s: name)
2206 Emitted when ipset with name has been updated.
2207 Properties
2209 builtin - b - (ro)
2210 True if ipset is build-in, false else.
2211 default - b - (ro)
2213 True if build-in ipset has default settings. False if it has
2214 been modified. Always False for not build-in ipsets.
2215 filename - s - (ro)
2217 Name (including .xml extension) of file where the configuration
2218 is stored.
2219 name - s - (ro)
2221 Name of ipset.
2222 path - s - (ro)
2224 Path to directory where the ipset configuration is stored.
2225 Should be either /usr/lib/firewalld/ipsets or
2226 /etc/firewalld/ipsets.
2227 org.fedoraproject.FirewallD1.config.zone
2229 Interface for permanent zone configuration, see also firewalld.zone(5).
2230 Methods
2232 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2233 Nothing
2234 Permanently add (port, protocol, toport, toaddr) to list of
2235 forward ports of zone. See forward-port tag in
2236 firewalld.zone(5). For runtime operation see
2237 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2238 Possible errors: ALREADY_ENABLED
2240 addIcmpBlock(s: icmptype) → Nothing
2242 Permanently add icmptype to list of icmp types blocked in zone.
2243 See icmp-block tag in firewalld.zone(5). For runtime operation
2244 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2245 Possible errors: ALREADY_ENABLED
2247 addIcmpBlock(s: icmptype) → Nothing
2249 Permanently add icmp block inversion to zone. See
2250 icmp-block-inversion tag in firewalld.zone(5). For runtime
2251 operation see
2252 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2253 Possible errors: ALREADY_ENABLED
2255 addInterface(s: interface) → Nothing
2257 Permanently add interface to list of interfaces bound to zone.
2258 See interface tag in firewalld.zone(5). For runtime operation
2259 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2260 Possible errors: ALREADY_ENABLED
2262 addMasquerade() → Nothing
2264 Permanently enable masquerading in zone. See masquerade tag in
2265 firewalld.zone(5). For runtime operation see
2266 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2267 Possible errors: ALREADY_ENABLED
2269 addPort(s: port, s: protocol) → Nothing
2271 Permanently add (port, protocol) to list of ports of zone. See
2272 port tag in firewalld.zone(5). For runtime operation see
2273 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2274 Possible errors: ALREADY_ENABLED
2276 addProtocol(s: protocol) → Nothing
2278 Permanently add protocol into zone. The protocol can be any
2279 protocol supported by the system. Please have a look at
2280 /etc/protocols for supported protocols. For runtime operation
2281 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2282 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2284 addRichRule(s: rule) → Nothing
2286 Permanently add rule to list of rich-language rules in zone.
2287 See rule tag in firewalld.zone(5). For runtime operation see
2288 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2289 Possible errors: ALREADY_ENABLED
2291 addService(s: service) → Nothing
2293 Permanently add service to list of services used in zone. See
2294 service tag in firewalld.zone(5). For runtime operation see
2295 org.fedoraproject.FirewallD1.zone.Methods.addService.
2296 Possible errors: ALREADY_ENABLED
2298 addSource(s: source) → Nothing
2300 Permanently add source to list of source addresses bound to
2301 zone. See source tag in firewalld.zone(5). For runtime
2302 operation see
2303 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2304 Possible errors: ALREADY_ENABLED
2306 addSourcePort(s: port, s: protocol) → Nothing
2308 Permanently add (port, protocol) to list of source ports of
2309 zone. See source-port tag in firewalld.zone(5). For runtime
2310 operation see
2311 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2312 Possible errors: ALREADY_ENABLED
2314 getDescription() → s
2316 Get description of zone. See description tag in
2317 firewalld.zone(5).
2318 getForwardPorts() → a(ssss)
2320 Get list of (port, protocol, toport, toaddr) defined in zone.
2321 See forward-port tag in firewalld.zone(5). For runtime
2322 operation see
2323 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2324 getIcmpBlockInversion() → b
2326 Get icmp block inversion flag of zone. See icmp-block-inversion
2327 tag in firewalld.zone(5).
2328 getIcmpBlocks() → as
2330 Get list of icmp type names blocked in zone. See icmp-block tag
2331 in firewalld.zone(5). For runtime operation see
2332 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2333 getInterfaces() → as
2335 Get list of interfaces bound to zone. See interface tag in
2336 firewalld.zone(5). For runtime operation see
2337 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2338 getMasquerade() → b
2340 Return whether masquerade is enabled in zone. This is the same
2341 as queryMasquerade() method. See masquerade tag in
2342 firewalld.zone(5).
2343 getPorts() → a(ss)
2345 Get list of (port, protocol) defined in zone. See port tag in
2346 firewalld.zone(5). For runtime operation see
2347 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2348 getProtocols() → as
2350 Return array of protocols (s) previously enabled in zone. For
2351 getting runtime settings see
2352 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2353 getRichRules() → as
2355 Get list of rich-language rules in zone. See rule tag in
2356 firewalld.zone(5). For runtime operation see
2357 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2358 getServices() → as
2360 Get list of service names used in zone. See service tag in
2361 firewalld.zone(5). For runtime operation see
2362 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2363 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2365 Return permanent settings of given zone. For getting runtime
2366 settings see
2367 org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2368 are in format: version, name, description, UNUSED, target,
2369 array of services, array of ports (port, protocol), array of
2370 icmp-blocks, masquerade, array of forward-ports (port,
2371 protocol, to-port, to-addr), array of interfaces, array of
2372 sources, array of rich rules, array of protocols and array of
2373 source-ports (port, protocol).
2374 version (s): see version attribute of zone tag in
2376 firewalld.zone(5).
2377 name (s): see short tag in firewalld.zone(5).
2379 description (s): see description tag in firewalld.zone(5).
2381 UNUSED (b): this boolean value is no longer used for anything.
2383 target (s): see target attribute of zone tag in
2385 firewalld.zone(5).
2386 services (as): array of service names, see service tag in
2388 firewalld.zone(5).
2389 ports (a(ss)): array of port and protocol pairs. See port tag
2391 in firewalld.zone(5).
2392 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2394 firewalld.zone(5).
2395 masquerade (b): see masquerade tag in firewalld.zone(5).
2397 forward-ports (a(ssss)): array of (port, protocol, to-port,
2399 to-addr). See forward-port tag in firewalld.zone(5).
2400 interfaces (as): array of interfaces. See interface tag in
2402 firewalld.zone(5).
2403 source addresses (as): array of source addresses. See source
2405 tag in firewalld.zone(5).
2406 rich rules (as): array of rich-language rules. See rule tag in
2408 firewalld.zone(5).
2409 protocols (as): array of protocols. See protocol tag in
2411 firewalld.zone(5).
2412 source-ports (a(ss)): array of port and protocol pairs. See
2414 source-port tag in firewalld.zone(5).
2415 getShort() → s
2418 Get name of zone. See short tag in firewalld.zone(5).
2419 getSourcePorts() → a(ss)
2421 Get list of (port, protocol) defined in zone. See source-port
2422 tag in firewalld.zone(5). For runtime operation see
2423 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2424 getSources() → as
2426 Get list of source addresses bound to zone. See source tag in
2427 firewalld.zone(5). For runtime operation see
2428 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2429 getTarget() → s
2431 Get target of zone. See target attribute of zone tag in
2432 firewalld.zone(5).
2433 getVersion() → s
2435 Get version of zone. See version attribute of zone tag in
2436 firewalld.zone(5).
2437 loadDefaults() → Nothing
2439 Load default settings for built-in zone.
2440 Possible errors: NO_DEFAULTS
2442 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2444 Return whether (port, protocol, toport, toaddr) is in list of
2445 forward ports of zone. See forward-port tag in
2446 firewalld.zone(5). For runtime operation see
2447 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2448 queryIcmpBlock(s: icmptype) → b
2450 Return whether icmptype is in list of icmp types blocked in
2451 zone. See icmp-block tag in firewalld.zone(5). For runtime
2452 operation see
2453 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2454 queryIcmpBlockInversion() → b
2456 Return whether icmp block inversion is in enabled in zone. See
2457 icmp-block-inversion tag in firewalld.zone(5). For runtime
2458 operation see
2459 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2460 queryInterface(s: interface) → b
2462 Return whether interface is in list of interfaces bound to
2463 zone. See interface tag in firewalld.zone(5). For runtime
2464 operation see
2465 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2466 queryMasquerade() → b
2468 Return whether masquerade is enabled in zone. This is the same
2469 as getMasquerade() method. See masquerade tag in
2470 firewalld.zone(5). For runtime operation see
2471 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2472 queryPort(s: port, s: protocol) → b
2474 Return whether (port, protocol) is in list of ports of zone.
2475 See port tag in firewalld.zone(5). For runtime operation see
2476 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2477 queryProtocol(s: protocol) → b
2479 Return whether protocol has been added in zone. For runtime
2480 operation see
2481 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2482 Possible errors: INVALID_PROTOCOL
2484 queryRichRule(s: rule) → b
2486 Return whether rule is in list of rich-language rules in zone.
2487 See rule tag in firewalld.zone(5). For runtime operation see
2488 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2489 queryService(s: service) → b
2491 Return whether service is in list of services used in zone. See
2492 service tag in firewalld.zone(5). For runtime operation see
2493 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2494 querySource(s: source) → b
2496 Return whether source is in list of source addresses bound to
2497 zone. See source tag in firewalld.zone(5). For runtime
2498 operation see
2499 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2500 querySourcePort(s: port, s: protocol) → b
2502 Return whether (port, protocol) is in list of source ports of
2503 zone. See source-port tag in firewalld.zone(5). For runtime
2504 operation see
2505 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2506 remove() → Nothing
2508 Remove not built-in zone.
2509 Possible errors: BUILTIN_ZONE
2511 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2513 Nothing
2514 Permanently remove (port, protocol, toport, toaddr) from list
2515 of forward ports of zone. See forward-port tag in
2516 firewalld.zone(5). For runtime operation see
2517 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2518 Possible errors: NOT_ENABLED
2520 removeIcmpBlock(s: icmptype) → Nothing
2522 Permanently remove icmptype from list of icmp types blocked in
2523 zone. See icmp-block tag in firewalld.zone(5). For runtime
2524 operation see
2525 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2526 Possible errors: NOT_ENABLED
2528 removeIcmpBlockInversion() → Nothing
2530 Permanently remove icmp block inversion from the zone. See
2531 icmp-block-inversion tag in firewalld.zone(5). For runtime
2532 operation see
2533 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2534 Possible errors: NOT_ENABLED
2536 removeInterface(s: interface) → Nothing
2538 Permanently remove interface from list of interfaces bound to
2539 zone. See interface tag in firewalld.zone(5). For runtime
2540 operation see
2541 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2542 Possible errors: NOT_ENABLED
2544 removeMasquerade() → Nothing
2546 Permanently disable masquerading in zone. See masquerade tag in
2547 firewalld.zone(5). For runtime operation see
2548 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2549 Possible errors: NOT_ENABLED
2551 removePort(s: port, s: protocol) → Nothing
2553 Permanently remove (port, protocol) from list of ports of zone.
2554 See port tag in firewalld.zone(5). For runtime operation see
2555 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2556 Possible errors: NOT_ENABLED
2558 removeProtocol(s: protocol) → Nothing
2560 Permanently remove protocol from zone. For runtime operation
2561 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2562 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2564 removeRichRule(s: rule) → Nothing
2566 Permanently remove rule from list of rich-language rules in
2567 zone. See rule tag in firewalld.zone(5). For runtime operation
2568 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2569 Possible errors: NOT_ENABLED
2571 removeService(s: service) → Nothing
2573 Permanently remove service from list of services used in zone.
2574 See service tag in firewalld.zone(5). For runtime operation see
2575 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2576 Possible errors: NOT_ENABLED
2578 removeSource(s: source) → Nothing
2580 Permanently remove source from list of source addresses bound
2581 to zone. See source tag in firewalld.zone(5). For runtime
2582 operation see
2583 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2584 Possible errors: NOT_ENABLED
2586 removeSourcePort(s: port, s: protocol) → Nothing
2588 Permanently remove (port, protocol) from list of source ports
2589 of zone. See source-port tag in firewalld.zone(5). For runtime
2590 operation see
2591 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2592 Possible errors: NOT_ENABLED
2594 rename(s: name) → Nothing
2596 Rename not built-in zone to name.
2597 Possible errors: BUILTIN_ZONE
2599 setDescription(s: description) → Nothing
2601 Permanently set description of zone to description. See
2602 description tag in firewalld.zone(5).
2603 setForwardPorts(a(ssss): ports) → Nothing
2605 Permanently set forward ports of zone to list of (port,
2606 protocol, toport, toaddr). See forward-port tag in
2607 firewalld.zone(5).
2608 setIcmpBlockInversion(b: flag) → Nothing
2610 Permanently set icmp block inversion flag of zone to flag. See
2611 icmp-block-inversion tag in firewalld.zone(5).
2612 setIcmpBlocks(as: icmptypes) → Nothing
2614 Permanently set list of icmp types blocked in zone to
2615 icmptypes. See icmp-block tag in firewalld.zone(5).
2616 setInterfaces(as: interfaces) → Nothing
2618 Permanently set list of interfaces bound to zone to interfaces.
2619 See interface tag in firewalld.zone(5).
2620 setMasquerade(b: masquerade) → Nothing
2622 Permanently set masquerading in zone to masquerade. See
2623 masquerade tag in firewalld.zone(5).
2624 setPorts(a(ss): ports) → Nothing
2626 Permanently set ports of zone to list of (port, protocol). See
2627 port tag in firewalld.zone(5).
2628 setProtocols(as: protocols) → Nothing
2630 Permanently set list of protocols used in zone to protocols.
2631 See protocol tag in firewalld.zone(5).
2632 setRichRules(as: rules) → Nothing
2634 Permanently set list of rich-language rules to rules. See rule
2635 tag in firewalld.zone(5).
2636 setServices(as: services) → Nothing
2638 Permanently set list of services used in zone to services. See
2639 service tag in firewalld.zone(5).
2640 setShort(s: short) → Nothing
2642 Permanently set name of zone to short. See short tag in
2643 firewalld.zone(5).
2644 setSourcePorts(a(ss): ports) → Nothing
2646 Permanently set source-ports of zone to list of (port,
2647 protocol). See source-port tag in firewalld.zone(5).
2648 setSources(as: sources) → Nothing
2650 Permanently set list of source addresses bound to zone to
2651 sources. See source tag in firewalld.zone(5).
2652 setTarget(s: target) → Nothing
2654 Permanently set target of zone to target. See target attribute
2655 of zone tag in firewalld.zone(5).
2656 setVersion(s: version) → Nothing
2658 Permanently set version of zone to version. See version
2659 attribute of zone tag in firewalld.zone(5).
2660 update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2662 Update settings of zone to settings. Settings are in format:
2663 version, name, description, UNUSED, target, array of services,
2664 array of ports (port, protocol), array of icmp-blocks,
2665 masquerade, array of forward-ports (port, protocol, to-port,
2666 to-addr), array of interfaces, array of sources, array of rich
2667 rules, array of protocols and array of source-ports (port,
2668 protocol).
2669 version (s): see version attribute of zone tag in
2671 firewalld.zone(5).
2672 name (s): see short tag in firewalld.zone(5).
2674 description (s): see description tag in firewalld.zone(5).
2676 UNUSED (b): this boolean value is no longer used for anything.
2678 target (s): see target attribute of zone tag in
2680 firewalld.zone(5).
2681 services (as): array of service names, see service tag in
2683 firewalld.zone(5).
2684 ports (a(ss)): array of port and protocol pairs. See port tag
2686 in firewalld.zone(5).
2687 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2689 firewalld.zone(5).
2690 masquerade (b): see masquerade tag in firewalld.zone(5).
2692 forward-ports (a(ssss)): array of (port, protocol, to-port,
2694 to-addr). See forward-port tag in firewalld.zone(5).
2695 interfaces (as): array of interfaces. See interface tag in
2697 firewalld.zone(5).
2698 source addresses (as): array of source addresses. See source
2700 tag in firewalld.zone(5).
2701 rich rules (as): array of rich-language rules. See rule tag in
2703 firewalld.zone(5).
2704 protocols (as): array of protocols. See protocol tag in
2706 firewalld.zone(5).
2707 source-ports (a(ss)): array of port and protocol pairs. See
2709 source-port tag in firewalld.zone(5).
2710 Possible errors: INVALID_TYPE
2712 Signals
2714 Removed(s: name)
2715 Emitted when zone with name has been removed.
2716 Renamed(s: name)
2718 Emitted when zone has been renamed to name.
2719 Updated(s: name)
2721 Emitted when zone with name has been updated.
2722 Properties
2724 builtin - b - (ro)
2725 True if zone is build-in, false else.
2726 default - b - (ro)
2728 True if build-in zone has default settings. False if it has
2729 been modified. Always False for not build-in zones.
2730 filename - s - (ro)
2732 Name (including .xml extension) of file where the configuration
2733 is stored.
2734 name - s - (ro)
2736 Name of zone.
2737 path - s - (ro)
2739 Path to directory where the zone configuration is stored.
2740 Should be either /usr/lib/firewalld/zones or
2741 /etc/firewalld/zones.
2742 org.fedoraproject.FirewallD1.config.service
2744 Interface for permanent service configuration, see also
2745 firewalld.service(5).
2746 Methods
2748 addModule(s: module) → Nothing
2749 Permanently add module to list of modules (netfilter kernel
2750 helpers) used in service. See module tag in
2751 firewalld.service(5).
2752 Possible errors: ALREADY_ENABLED
2754 addPort(s: port, s: protocol) → Nothing
2756 Permanently add (port, protocol) to list of ports in service.
2757 See port tag in firewalld.service(5).
2758 Possible errors: ALREADY_ENABLED
2760 addProtocol(s: protocol) → Nothing
2762 Permanently add protocol into zone. The protocol can be any
2763 protocol supported by the system. Please have a look at
2764 /etc/protocols for supported protocols. See protocol tag in
2765 firewalld.service(5).
2766 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2768 addSourcePort(s: port, s: protocol) → Nothing
2770 Permanently add (port, protocol) to list of source ports in
2771 service. See source-port tag in firewalld.service(5).
2772 Possible errors: ALREADY_ENABLED
2774 getDescription() → s
2776 Get description of service. See description tag in
2777 firewalld.service(5).
2778 getDestination(s: family) → s
2780 Get destination for IP family being either 'ipv4' or 'ipv6'.
2781 See destination tag in firewalld.service(5).
2782 Possible errors: ALREADY_ENABLED
2784 getDestinations() → a{ss}
2786 Get list of destinations. Return value is a dictionary of {IP
2787 family : IP address} where 'IP family' key can be either 'ipv4'
2788 or 'ipv6'. See destination tag in firewalld.service(5).
2789 getModules() → as
2791 Get list of modules (netfilter kernel helpers) used in service.
2792 See module tag in firewalld.service(5).
2793 getPorts() → a(ss)
2795 Get list of (port, protocol) defined in service. See port tag
2796 in firewalld.service(5).
2797 getProtocols() → as
2799 Return array of protocols (s) defined in service. See protocol
2800 tag in firewalld.service(5).
2801 getSettings() → (sssa(ss)asa{ss}asa(ss))
2803 Return permanent settings of a service. For getting runtime
2804 settings see
2805 org.fedoraproject.FirewallD1.Methods.getServiceSettings.
2806 Settings are in format: version, name, description, array of
2807 ports (port, protocol), array of module names, dictionary of
2808 destinations, array of protocols and array of source-ports
2809 (port, protocol).
2810 version (s): see version attribute of service tag in
2812 firewalld.service(5).
2813 name (s): see short tag in firewalld.service(5).
2815 description (s): see description tag in firewalld.service(5).
2817 ports (a(ss)): array of port and protocol pairs. See port tag
2819 in firewalld.service(5).
2820 module names (as): array of kernel netfilter helpers, see
2822 module tag in firewalld.service(5).
2823 destinations (a{ss}): dictionary of {IP family : IP address}
2825 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2826 destination tag in firewalld.service(5).
2827 protocols (as): array of protocols. See protocol tag in
2829 firewalld.service(5).
2830 source-ports (a(ss)): array of port and protocol pairs. See
2832 source-port tag in firewalld.service(5).
2833 getShort() → s
2836 Get name of service. See short tag in firewalld.service(5).
2837 getSourcePorts() → a(ss)
2839 Get list of (port, protocol) defined in service. See
2840 source-port tag in firewalld.service(5).
2841 getVersion() → s
2843 Get version of service. See version attribute of service tag in
2844 firewalld.service(5).
2845 loadDefaults() → Nothing
2847 Load default settings for built-in service.
2848 Possible errors: NO_DEFAULTS
2850 queryDestination(s: family, s: address) → b
2852 Return whether a destination is in dictionary of destinations
2853 of this service. destination is in format: (IP family, IP
2854 address) where IP family can be either 'ipv4' or 'ipv6'. See
2855 destination tag in firewalld.service(5).
2856 queryModule(s: module) → b
2858 Return whether module is in list of modules (netfilter kernel
2859 helpers) used in service. See module tag in
2860 firewalld.service(5).
2861 queryPort(s: port, s: protocol) → b
2863 Return whether (port, protocol) is in list of ports in service.
2864 See port tag in firewalld.service(5).
2865 queryProtocol(s: protocol) → b
2867 Return whether protocol is in list of protocols in service. See
2868 protocol tag in firewalld.service(5).
2869 querySourcePort(s: port, s: protocol) → b
2871 Return whether (port, protocol) is in list of source ports in
2872 service. See source-port tag in firewalld.service(5).
2873 remove() → Nothing
2875 Remove not built-in service.
2876 Possible errors: BUILTIN_SERVICE
2878 removeDestination(s: family) → Nothing
2880 Permanently remove a destination with family ('ipv4' or 'ipv6')
2881 from service. See destination tag in firewalld.service(5).
2882 Possible errors: NOT_ENABLED
2884 removeModule(s: module) → Nothing
2886 Permanently remove module from list of modules (netfilter
2887 kernel helpers) used in service. See module tag in
2888 firewalld.service(5).
2889 Possible errors: NOT_ENABLED
2891 removePort(s: port, s: protocol) → Nothing
2893 Permanently remove (port, protocol) from list of ports in
2894 service. See port tag in firewalld.service(5).
2895 Possible errors: NOT_ENABLED
2897 removeProtocol(s: protocol) → Nothing
2899 Permanently remove protocol from list of protocols in service.
2900 See protocol tag in firewalld.service(5).
2901 Possible errors: NOT_ENABLED
2903 removeSourcePort(s: port, s: protocol) → Nothing
2905 Permanently remove (port, protocol) from list of source ports
2906 in service. See source-port tag in firewalld.service(5).
2907 Possible errors: NOT_ENABLED
2909 rename(s: name) → Nothing
2911 Rename not built-in service to name.
2912 Possible errors: BUILTIN_SERVICE
2914 setDescription(s: description) → Nothing
2916 Permanently set description of service to description. See
2917 description tag in firewalld.service(5).
2918 setDestination(s: family, s: address) → Nothing
2920 Permanently set a destination address. destination is in
2921 format: (IP family, IP address) where IP family can be either
2922 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2923 Possible errors: ALREADY_ENABLED
2925 setDestinations(a{ss}: destinations) → Nothing
2927 Permanently set destinations of service to destinations, which
2928 is a dictionary of {IP family : IP address} where 'IP family'
2929 key can be either 'ipv4' or 'ipv6'. See destination tag in
2930 firewalld.service(5).
2931 setModules(as: modules) → Nothing
2933 Permanently set list of modules (netfilter kernel helpers) used
2934 in service to modules. See module tag in firewalld.service(5).
2935 setPorts(a(ss): ports) → Nothing
2937 Permanently set ports of service to list of (port, protocol).
2938 See port tag in firewalld.service(5).
2939 setProtocols(as: protocols) → Nothing
2941 Permanently set protocols of service to list of protocols. See
2942 protocol tag in firewalld.service(5).
2943 setShort(s: short) → Nothing
2945 Permanently set name of service to short. See short tag in
2946 firewalld.service(5).
2947 setSourcePorts(a(ss): ports) → Nothing
2949 Permanently set source-ports of service to list of (port,
2950 protocol). See source-port tag in firewalld.service(5).
2951 setVersion(s: version) → Nothing
2953 Permanently set version of service to version. See version
2954 attribute of service tag in firewalld.service(5).
2955 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2957 Update settings of service to settings. Settings are in format:
2958 version, name, description, array of ports (port, protocol),
2959 array of module names, dictionary of destinations, array of
2960 protocols and array of source-ports (port, protocol).
2961 version (s): see version attribute of service tag in
2963 firewalld.service(5).
2964 name (s): see short tag in firewalld.service(5).
2966 description (s): see description tag in firewalld.service(5).
2968 ports (a(ss)): array of port and protocol pairs. See port tag
2970 in firewalld.service(5).
2971 module names (as): array of kernel netfilter helpers, see
2973 module tag in firewalld.service(5).
2974 destinations (a{ss}): dictionary of {IP family : IP address}
2976 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2977 destination tag in firewalld.service(5).
2978 protocols (as): array of protocols. See protocol tag in
2980 firewalld.service(5).
2981 Possible errors: INVALID_TYPE
2983 Signals
2985 Removed(s: name)
2986 Emitted when service with name has been removed.
2987 Renamed(s: name)
2989 Emitted when service has been renamed to name.
2990 Updated(s: name)
2992 Emitted when service with name has been updated.
2993 Properties
2995 builtin - b - (ro)
2996 True if service is build-in, false else.
2997 default - b - (ro)
2999 True if build-in service has default settings. False if it has
3000 been modified. Always False for not build-in services.
3001 filename - s - (ro)
3003 Name (including .xml extension) of file where the configuration
3004 is stored.
3005 name - s - (ro)
3007 Name of service.
3008 path - s - (ro)
3010 Path to directory where the configuration is stored. Should be
3011 either /usr/lib/firewalld/services or /etc/firewalld/services.
3012 org.fedoraproject.FirewallD1.config.helper
3014 Interface for permanent helper configuration, see also
3015 firewalld.helper(5).
3016 Methods
3018 addPort(s: port, s: protocol) → Nothing
3019 Permanently add (port, protocol) to list of ports in helper.
3020 See port tag in firewalld.helper(5).
3021 Possible errors: ALREADY_ENABLED
3023 getDescription() → s
3025 Get description of helper. See description tag in
3026 firewalld.helper(5).
3027 getFamily() → s
3029 Get family being 'ipv4', 'ipv6' or empty for both. See family
3030 tag in firewalld.helper(5).
3031 getModule() → s
3033 Get modules (netfilter kernel helpers) used in helper. See
3034 module tag in firewalld.helper(5).
3035 getPorts() → a(ss)
3037 Get list of (port, protocol) defined in helper. See port tag in
3038 firewalld.helper(5).
3039 getSettings() → (sssssa(ss))
3041 Return permanent settings of a helper. For getting runtime
3042 settings see
3043 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3044 Settings are in format: version, name, description, family,
3045 module, array of ports (port, protocol).
3046 version (s): see version attribute of helper tag in
3048 firewalld.helper(5).
3049 name (s): see short tag in firewalld.helper(5).
3051 description (s): see description tag in firewalld.helper(5).
3053 family (s): see family tag in firewalld.helper(5).
3055 module (s): see module tag in firewalld.helper(5).
3057 ports (a(ss)): array of port and protocol pairs. See port tag
3059 in firewalld.helper(5).
3060 getShort() → s
3063 Get name of helper. See short tag in firewalld.helper(5).
3064 getVersion() → s
3066 Get version of helper. See version attribute of helper tag in
3067 firewalld.helper(5).
3068 loadDefaults() → Nothing
3070 Load default settings for built-in helper.
3071 Possible errors: NO_DEFAULTS
3073 queryFamily(s: module) → b
3075 Return whether family is set for helper. See family tag in
3076 firewalld.helper(5).
3077 queryModule(s: module) → b
3079 Return whether module (netfilter kernel helpers) is used in
3080 helper. See module tag in firewalld.helper(5).
3081 queryPort(s: port, s: protocol) → b
3083 Return whether (port, protocol) is in list of ports in helper.
3084 See port tag in firewalld.helper(5).
3085 remove() → Nothing
3087 Remove not built-in helper.
3088 Possible errors: BUILTIN_HELPER
3090 removePort(s: port, s: protocol) → Nothing
3092 Permanently remove (port, protocol) from list of ports in
3093 helper. See port tag in firewalld.helper(5).
3094 Possible errors: NOT_ENABLED
3096 rename(s: name) → Nothing
3098 Rename not built-in helper to name.
3099 Possible errors: BUILTIN_HELPER
3101 setDescription(s: description) → Nothing
3103 Permanently set description of helper to description. See
3104 description tag in firewalld.helper(5).
3105 setFamily(s: family) → Nothing
3107 Permanently set family of helper to family. See family tag in
3108 firewalld.helper(5).
3109 setModule(s: module) → Nothing
3111 Permanently set module of helper to description. See module tag
3112 in firewalld.helper(5).
3113 setPorts(a(ss): ports) → Nothing
3115 Permanently set ports of helper to list of (port, protocol).
3116 See port tag in firewalld.helper(5).
3117 setShort(s: short) → Nothing
3119 Permanently set name of helper to short. See short tag in
3120 firewalld.helper(5).
3121 setVersion(s: version) → Nothing
3123 Permanently set version of helper to version. See version
3124 attribute of helper tag in firewalld.helper(5).
3125 update((sssssa(ss)): settings) → Nothing
3127 Update settings of helper to settings. Settings are in format:
3128 version, name, description, family, module and array of ports.
3129 version (s): see version attribute of helper tag in
3131 firewalld.helper(5).
3132 name (s): see short tag in firewalld.helper(5).
3134 description (s): see description tag in firewalld.helper(5).
3136 family (s): see family tag in firewalld.helper(5).
3138 module (s): see module tag in firewalld.helper(5).
3140 ports (a(ss)): array of port and protocol pairs. See port tag
3142 in firewalld.helper(5).
3143 Possible errors: INVALID_HELPER
3145 Signals
3147 Removed(s: name)
3148 Emitted when helper with name has been removed.
3149 Renamed(s: name)
3151 Emitted when helper has been renamed to name.
3152 Updated(s: name)
3154 Emitted when helper with name has been updated.
3155 Properties
3157 builtin - b - (ro)
3158 True if helper is build-in, false else.
3159 default - b - (ro)
3161 True if build-in helper has default settings. False if it has
3162 been modified. Always False for not build-in helpers.
3163 filename - s - (ro)
3165 Name (including .xml extension) of file where the configuration
3166 is stored.
3167 name - s - (ro)
3169 Name of helper.
3170 path - s - (ro)
3172 Path to directory where the configuration is stored. Should be
3173 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3174 org.fedoraproject.FirewallD1.config.icmptype
3176 Interface for permanent icmp type configuration, see also
3177 firewalld.icmptype(5).
3178 Methods
3180 addDestination(s: destination) → Nothing
3181 Permanently add a destination ('ipv4' or 'ipv6') to list of
3182 destinations of this icmp type. See destination tag in
3183 firewalld.icmptype(5).
3184 Possible errors: ALREADY_ENABLED
3186 getDescription() → s
3188 Get description of icmp type. See description tag in
3189 firewalld.icmptype(5).
3190 getDestinations() → as
3192 Get list of destinations. See destination tag in
3193 firewalld.icmptype(5).
3194 getSettings() → (sssas)
3196 Return permanent settings of icmp type. For getting runtime
3197 settings see
3198 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3199 Settings are in format: version, name, description, array of
3200 destinations.
3201 version (s): see version attribute of icmptype tag in
3203 firewalld.icmptype(5).
3204 name (s): see short tag in firewalld.icmptype(5).
3206 description (s): see description tag in firewalld.icmptype(5).
3208 destinations (as): array, either empty or containing strings
3210 'ipv4' and/or 'ipv6', see destination tag in
3211 firewalld.icmptype(5).
3212 getShort() → s
3215 Get name of icmp type. See short tag in firewalld.icmptype(5).
3216 getVersion() → s
3218 Get version of icmp type. See version attribute of icmptype tag
3219 in firewalld.icmptype(5).
3220 loadDefaults() → Nothing
3222 Load default settings for built-in icmp type.
3223 Possible errors: NO_DEFAULTS
3225 queryDestination(s: destination) → b
3227 Return whether a destination ('ipv4' or 'ipv6') is in list of
3228 destinations of this icmp type. See destination tag in
3229 firewalld.icmptype(5).
3230 remove() → Nothing
3232 Remove not built-in icmp type.
3233 Possible errors: BUILTIN_ICMPTYPE
3235 removeDestination(s: destination) → Nothing
3237 Permanently remove a destination ('ipv4' or 'ipv6') from list
3238 of destinations of this icmp type. See destination tag in
3239 firewalld.icmptype(5).
3240 Possible errors: NOT_ENABLED
3242 rename(s: name) → Nothing
3244 Rename not built-in icmp type to name.
3245 Possible errors: BUILTIN_ICMPTYPE
3247 setDescription(s: description) → Nothing
3249 Permanently set description of icmp type to description. See
3250 description tag in firewalld.icmptype(5).
3251 setDestinations(as: destinations) → Nothing
3253 Permanently set destinations of icmp type to destinations,
3254 which is array, either empty or containing strings 'ipv4'
3255 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3256 setShort(s: short) → Nothing
3258 Permanently set name of icmp type to short. See short tag in
3259 firewalld.icmptype(5).
3260 setVersion(s: version) → Nothing
3262 Permanently set version of icmp type to version. See version
3263 attribute of icmptype tag in firewalld.icmptype(5).
3264 update((sssas): settings) → Nothing
3266 Update permanent settings of icmp type to settings. Settings
3267 are in format: version, name, description, array of
3268 destinations.
3269 version (s): see version attribute of icmptype tag in
3271 firewalld.icmptype(5).
3272 name (s): see short tag in firewalld.icmptype(5).
3274 description (s): see description tag in firewalld.icmptype(5).
3276 destinations (as): array, either empty or containing strings
3278 'ipv4' and/or 'ipv6', see destination tag in
3279 firewalld.icmptype(5).
3280 Signals
3283 Removed(s: name)
3284 Emitted when icmp type with name has been removed.
3285 Renamed(s: name)
3287 Emitted when icmp type has been renamed to name.
3288 Updated(s: name)
3290 Emitted when icmp type with name has been updated.
3291 Properties
3293 builtin - b - (ro)
3294 True if icmptype is build-in, false else.
3295 default - b - (ro)
3297 True if build-in icmp type has default settings. False if it
3298 has been modified. Always False for not build-in zones.
3299 filename - s - (ro)
3301 Name (including .xml extension) of file where the configuration
3302 is stored.
3303 name - s - (ro)
3305 Name of icmp type.
3306 path - s - (ro)
3308 Path to directory where the icmp type configuration is stored.
3309 Should be either /usr/lib/firewalld/icmptypes or
3310 /etc/firewalld/icmptypes.
3311
3313 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3314 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3315 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3316 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3317 firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3318 firewalld.helper(5)
3319
3321 firewalld home page:
3322 http://www.firewalld.org
3323 More documentation with examples:
3325 http://fedoraproject.org/wiki/FirewallD
3326
3328 Thomas Woerner <twoerner@redhat.com>
3329 Developer
3330 Jiri Popelka <jpopelka@redhat.com>
3332 Developer
3333firewalld 0.5.3 FIREWALLD.DBUS(5)