1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
3
4
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11
12 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21
22 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29
30 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35
36 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41
42 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47
48 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
54
55
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61
62 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67
68 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75
76 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80
81 Possible errors: NOT_ENABLED, COMMAND_FAILED
82
83 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87
88 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89
90 getAutomaticHelpers() → s
91 Return the AutomaticHelpers value. For the secure use of
92 iptables and connection tracking helpers it is recommended to
93 turn AutomaticHelpers off. But this might have side effects on
94 other services using the netfilter helpers as the sysctl
95 setting in /proc/sys/net/netfilter/nf_conntrack_helper will be
96 changed. With the system setting, the default value set in the
97 kernel or with sysctl will be used. Possible values are: yes,
98 no and system. The default value is system.
99
100 getDefaultZone() → s
101 Return default zone.
102
103 getHelperSettings(s: helper) → (sssssa(ss))
104 Return runtime settings of given helper. For getting permanent
105 settings see
106 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
107 Settings are in format: version, name, description, family,
108 module and array of ports.
109
110 version (s): see version attribute of helper tag in
111 firewalld.helper(5).
112
113 name (s): see short tag in firewalld.helper(5).
114
115 description (s): see description tag in firewalld.helper(5).
116
117 family (s): see family tag in firewalld.helper(5).
118
119 module (s): see module tag in firewalld.helper(5).
120
121 ports (a(ss)): array of port and protocol pairs. See port tag
122 in firewalld.helper(5).
123
124 Possible errors: INVALID_HELPER
125
126 getHelpers() → as
127 Return array of helper names (s) in runtime configuration. For
128 permanent configuration see
129 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
130
131 getIcmpTypeSettings(s: icmptype) → (sssas)
132 Return runtime settings of given icmptype. For getting
133 permanent settings see
134 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
135 Settings are in format: version, name, description, array of
136 destinations.
137
138 version (s): see version attribute of icmptype tag in
139 firewalld.icmptype(5).
140
141 name (s): see short tag in firewalld.icmptype(5).
142
143 description (s): see description tag in firewalld.icmptype(5).
144
145 destinations (as): array, either empty or containing strings
146 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
147
148 Possible errors: INVALID_ICMPTYPE
149
150 getLogDenied() → s
151 Retruns the LogDenied value. If LogDenied is enabled, then
152 logging rules are added right before reject and drop rules in
153 the INPUT, FORWARD and OUTPUT chains for the default rules and
154 also final reject and drop rules in zones. Possible values are:
155 all, unicast, broadcast, multicast and off. The default value
156 is off
157
158 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
159 This function is deprecated, use
160 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
161 instead.
162
163 getServiceSettings2(s: service) → s{sv}
164 Return runtime settings of given service. For getting permanent
165 settings see
166 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
167 Settings are a dictionary indexed by keywords. For the type of
168 each value see below. If the value is empty it may be ommitted.
169
170 version (s): see version attribute of service tag in
171 firewalld.service(5).
172
173 name (s): see short tag in firewalld.service(5).
174
175 description (s): see description tag in firewalld.service(5).
176
177 ports (a(ss)): array of port and protocol pairs. See port tag
178 in firewalld.service(5).
179
180 module names (as): array of kernel netfilter helpers, see
181 module tag in firewalld.service(5).
182
183 destinations (a{ss}): dictionary of {IP family : IP address}
184 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
185 destination tag in firewalld.service(5).
186
187 protocols (as): array of protocols, see protocol tag in
188 firewalld.service(5).
189
190 source_ports (a(ss)): array of port and protocol pairs. See
191 source-port tag in firewalld.service(5).
192
193 includes (as): array of service includes, see include tag in
194 firewalld.service(5).
195
196 Possible errors: INVALID_SERVICE
197
198 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
199 Return runtime settings of given zone. For getting permanent
200 settings see
201 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
202 Settings are in format: version, name, description, UNUSED,
203 target, array of services, array of ports (port, protocol),
204 array of icmp-blocks, masquerade, array of forward-ports (port,
205 protocol, to-port, to-addr), array of interfaces, array of
206 sources, array of rich rules, array of protocols and array of
207 source-ports (port, protocol).
208
209 version (s): see version attribute of zone tag in
210 firewalld.zone(5).
211
212 name (s): see short tag in firewalld.zone(5).
213
214 description (s): see description tag in firewalld.zone(5).
215
216 UNUSED (b): this boolean value is no longer used for anything.
217
218 target (s): see target attribute of zone tag in
219 firewalld.zone(5).
220
221 services (as): array of service names, see service tag in
222 firewalld.zone(5).
223
224 ports (a(ss)): array of port and protocol pairs. See port tag
225 in firewalld.zone(5).
226
227 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
228 firewalld.zone(5).
229
230 masquerade (b): see masquerade tag in firewalld.zone(5).
231
232 forward-ports (a(ssss)): array of (port, protocol, to-port,
233 to-addr). See forward-port tag in firewalld.zone(5).
234
235 interfaces (as): array of interfaces. See interface tag in
236 firewalld.zone(5).
237
238 source addresses (as): array of source addresses. See source
239 tag in firewalld.zone(5).
240
241 rich rules (as): array of rich-language rules. See rule tag in
242 firewalld.zone(5).
243
244 protocols (as): array of protocols, see protocol tag in
245 firewalld.zone(5).
246
247 source-ports (a(ss)): array of port and protocol pairs. See
248 source-port tag in firewalld.zone(5).
249
250 Possible errors: INVALID_ZONE
251
252 listIcmpTypes() → as
253 Return array of names (s) of icmp types in runtime
254 configuration. For permanent configuration see
255 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
256
257 listServices() → as
258 Return array of service names (s) in runtime configuration. For
259 permanent configuration see
260 org.fedoraproject.FirewallD1.config.Methods.listServices.
261
262 queryPanicMode() → b
263 Return true if panic mode is enabled, false otherwise. In panic
264 mode all incoming and outgoing packets are dropped.
265
266 reload() → Nothing
267 Reload firewall rules and keep state information. Current
268 permanent configuration will become new runtime configuration,
269 i.e. all runtime only changes done until reload are lost with
270 reload if they have not been also in permanent configuration.
271
272 runtimeToPermanent() → Nothing
273 Make runtime settings permanent. Replaces permanent settings
274 with runtime settings for zones, services, icmptypes, direct
275 and policies (lockdown whitelist).
276
277 Possible errors: RT_TO_PERM_FAILED
278
279 checkPermanentConfig() → Nothing
280 Run checks on the permanent configuration. This is most useful
281 if changes were made manually to configuration files.
282
283 Possible errors: any
284
285 setDefaultZone(s: zone) → Nothing
286 Set default zone for connections and interfaces where no zone
287 has been selected to zone. Setting the default zone changes the
288 zone for the connections or interfaces, that are using the
289 default zone. This is a runtime and permanent change.
290
291 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
292
293 setLogDenied(s: value) → Nothing
294 Set LogDenied value to value. If LogDenied is enabled, then
295 logging rules are added right before reject and drop rules in
296 the INPUT, FORWARD and OUTPUT chains for the default rules and
297 also final reject and drop rules in zones. Possible values are:
298 all, unicast, broadcast, multicast and off. The default value
299 is off This is a runtime and permanent change.
300
301 Possible errors: ALREADY_SET, INVALID_VALUE
302
303 Signals
304 DefaultZoneChanged(s: zone)
305 Emitted when default zone has been changed to zone.
306
307 LogDeniedChanged(s: value)
308 Emitted when LogDenied value has been changed.
309
310 PanicModeDisabled()
311 Emitted when panic mode has been deactivated.
312
313 PanicModeEnabled()
314 Emitted when panic mode has been activated.
315
316 Reloaded()
317 Emitted when firewalld has been reloaded. Also emitted for a
318 complete reload.
319
320 Properties
321 BRIDGE - b - (ro)
322 Indicates whether the firewall has ethernet bridge support.
323
324 IPSet - b - (ro)
325 Indicates whether the firewall has IPSet support.
326
327 IPSetTypes - as - (ro)
328 The supported IPSet types by ipset and firewalld.
329
330 IPv4 - b - (ro)
331 Indicates whether the firewall has IPv4 support.
332
333 IPv4ICMPTypes - as - (ro)
334 The list of supported IPv4 ICMP types.
335
336 IPv6 - b - (ro)
337 Indicates whether the firewall has IPv6 support.
338
339 IPv6_rpfilter - b - (ro)
340 Indicates whether the reverse path filter test on a packet for
341 IPv6 is enabled. If a reply to the packet would be sent via the
342 same interface that the packet arrived on, the packet will
343 match and be accepted, otherwise dropped.
344
345 IPv6ICMPTypes - as - (ro)
346 The list of supported IPv6 ICMP types.
347
348 nf_conntrach_helper_setting - b - (ro)
349 Kernel nf_conntrack_helper setting.
350
351 nf_conntrack_helpers - a{sas} - (ro)
352 The list of conntrack helpers supported by the kernel.
353
354 nf_nat_helpers - a{sas} - (ro)
355 The list of nat helpers supported by the kernel.
356
357 interface_version - s - (ro)
358 firewalld D-Bus interface version string.
359
360 state - s - (ro)
361 firewalld state. This can be either INIT, FAILED, or RUNNING.
362 In INIT state, firewalld is starting up and initializing. In
363 FAILED state, firewalld completely started but experienced a
364 failure.
365
366 version - s - (ro)
367 firewalld version string.
368
369 org.fedoraproject.FirewallD1.ipset
370 Operations in this interface allows to get, add, remove and query
371 runtime ipset settings. For permanent configuration see
372 org.fedoraproject.FirewallD1.config.ipset interface.
373
374 Methods
375 addEntry(s: ipset, s: entry) → as
376 Add a new entry to ipset. The entry must match the type of the
377 ipset. If the ipset is using the timeout option, it is not
378 possible to see the entries, as they are timing out
379 automatically in the kernel. For permanent operation see
380 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
381
382 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
383
384 getEntries(s: ipset) → Nothing
385 Get all entries added to the ipset. If the ipset is using the
386 timeout option, it is not possible to see the entries, as they
387 are timing out automatically in the kernel. Return value is a
388 array of entry. For permanent operation see
389 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
390
391 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
392
393 getSettings(s: ipset) → (ssssa{ss}as)
394 Return runtime settings of given ipset. For getting permanent
395 settings see
396 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
397 Settings are in format: version, name, description, type,
398 dictionary of options and array of entries.
399
400 version (s): see version attribute of ipset tag in
401 firewalld.ipset(5).
402
403 name (s): see short tag in firewalld.ipset(5).
404
405 description (s): see description tag in firewalld.ipset(5).
406
407 type (s): see type attribute of ipset tag in
408 firewalld.ipset(5).
409
410 options (a{ss}): dictionary of {option : value} . See options
411 tag in firewalld.ipset(5).
412
413 entries (as): array of entries, see entry tag in
414 firewalld.ipset(5).
415
416 Possible errors: INVALID_IPSET
417
418 getIPSets() → as
419 Return array of ipset names (s) in runtime configuration. For
420 permanent configuration see
421 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
422
423 queryService(s: ipset, s: entry) → b
424 Return whether entry has been added to ipset. For permanent
425 operation see
426 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
427
428 Possible errors: INVALID_IPSET
429
430 queryService(s: ipset) → b
431 Return whether ipset is defined in runtime configuration.
432
433 removeEntry(s: ipset, s: entry) → as
434 Removes an entry from ipset. For permanent operation see
435 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
436
437 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
438
439 setEntries(as: entries) → Nothing
440 Permanently set list of entries to entries. For permanent
441 operation see
442 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
443 See entry tag in firewalld.ipset(5).
444
445 Signals
446 EntryAdded(s: ipset, s: entry)
447 Emitted when entry has been added to ipset.
448
449 EntryRemoved(s: ipset, s: entry)
450 Emitted when entry has been removed from ipset.
451
452 org.fedoraproject.FirewallD1.direct
453 This interface enables more direct access to the firewall. It enables
454 runtime manipulation with chains and rules. For permanent configuration
455 see org.fedoraproject.FirewallD1.config.direct interface.
456
457 Methods
458 addChain(s: ipv, s: table, s: chain) → Nothing
459 Add a new chain to table for ipv being either ipv4 (iptables)
460 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
461 other chain with this name already. There already exist basic
462 chains to use with direct methods, for example INPUT_direct
463 chain. These chains are jumped into before chains for zones,
464 i.e. every rule put into INPUT_direct will be checked before
465 rules in zones. For permanent operation see
466 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
467
468 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
469 COMMAND_FAILED
470
471 addPassthrough(s: ipv, as: args) → Nothing
472 Add a tracked passthrough rule with the arguments args for ipv
473 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
474 (ebtables). Valid commands in args are only -A/--append,
475 -I/--insert and -N/--new-chain. This method is (unlike
476 passthrough method) tracked, i.e. firewalld remembers it. It's
477 useful with
478 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
479 permanent operation see
480 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
481
482 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
483
484 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
485 Nothing
486 Add a rule with the arguments args to chain in table with
487 priority for ipv being either ipv4 (iptables) or ipv6
488 (ip6tables) or eb (ebtables). The priority is used to order
489 rules. Priority 0 means add rule on top of the chain, with a
490 higher priority the rule will be added further down. Rules with
491 the same priority are on the same level and the order of these
492 rules is not fixed and may change. If you want to make sure
493 that a rule will be added after another one, use a low priority
494 for the first and a higher for the following. For permanent
495 operation see
496 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
497
498 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
499 COMMAND_FAILED
500
501 getAllChains() → a(sss)
502 Get all chains added to all tables in format: ipv, table,
503 chain. This concerns only chains previously added with
504 addChain. Return value is a array of (ipv, table, chain). For
505 permanent operation see
506 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
507
508 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
509 (ebtables).
510
511 table (s): one of filter, mangle, nat, raw, security
512
513 chain (s): name of a chain.
514
515
516 getAllPassthroughs() → a(sas)
517 Get all tracked passthrough rules added in all ipv types in
518 format: ipv, rule. This concerns only rules previously added
519 with addPassthrough. Return value is a array of (ipv, array of
520 arguments). For permanent operation see
521 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
522
523 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
524 (ebtables).
525
526 arguments (as): array of commands, parameters and other
527 iptables/ip6tables/ebtables command line options.
528
529
530 getAllRules() → a(sssias)
531 Get all rules added to all chains in all tables in format: ipv,
532 table, chain, priority, rule. This concerns only rules
533 previously added with addRule. Return value is a array of (ipv,
534 table, chain, priority, array of arguments). For permanent
535 operation see
536 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
537
538 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
539 (ebtables).
540
541 table (s): one of filter, mangle, nat, raw, security
542
543 chain (s): name of a chain.
544
545 priority (i): used to order rules.
546
547 arguments (as): array of commands, parameters and other
548 iptables/ip6tables/ebtables command line options.
549
550
551 getChains(s: ipv, s: table) → as
552 Return an array of chains (s) added to table for ipv being
553 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
554 This concerns only chains previously added with addChain. For
555 permanent operation see
556 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
557
558 Possible errors: INVALID_IPV, INVALID_TABLE
559
560 getPassthroughs(s: ipv) → aas
561 Get tracked passthrough rules added in either ipv4 (iptables)
562 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
563 previously added with addPassthrough. Return value is a array
564 of (array of arguments). For permanent operation see
565 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
566
567 arguments (as): array of commands, parameters and other
568 iptables/ip6tables/ebtables command line options.
569
570
571 getRules(s: ipv, s: table, s: chain) → a(ias)
572 Get all rules added to chain in table for ipv being either ipv4
573 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
574 only rules previously added with addRule. Return value is a
575 array of (priority, array of arguments). For permanent
576 operation see
577 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
578
579 priority (i): used to order rules.
580
581 arguments (as): array of commands, parameters and other
582 iptables/ip6tables/ebtables command line options.
583
584 Possible errors: INVALID_IPV, INVALID_TABLE
585
586 passthrough(s: ipv, as: args) → s
587 Pass a command through to the firewall. ipv can be either ipv4
588 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
589 all iptables, ip6tables and ebtables command line arguments.
590 args can be all iptables, ip6tables and ebtables command line
591 arguments. This command is untracked, which means that
592 firewalld is not able to provide information about this command
593 later on.
594
595 Possible errors: COMMAND_FAILED
596
597 queryChain(s: ipv, s: table, s: chain) → b
598 Return whether a chain exists in table for ipv being either
599 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
600 concerns only chains previously added with addChain. For
601 permanent operation see
602 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
603
604 Possible errors: INVALID_IPV, INVALID_TABLE
605
606 queryPassthrough(s: ipv, as: args) → b
607 Return whether a tracked passthrough rule with the arguments
608 args exists for ipv being either ipv4 (iptables) or ipv6
609 (ip6tables) or eb (ebtables). This concerns only rules
610 previously added with addPassthrough. For permanent operation
611 see
612 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
613
614 Possible errors: INVALID_IPV
615
616 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
617 Return whether a rule with priority and the arguments args
618 exists in chain in table for ipv being either ipv4 (iptables)
619 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
620 previously added with addRule. For permanent operation see
621 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
622
623 Possible errors: INVALID_IPV, INVALID_TABLE
624
625 removeAllPassthroughs() → Nothing
626 Remove all passthrough rules previously added with
627 addPassthrough.
628
629 removeChain(s: ipv, s: table, s: chain) → Nothing
630 Remove a chain from table for ipv being either ipv4 (iptables)
631 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
632 added with addChain can be removed this way. For permanent
633 operation see
634 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
635
636 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
637 COMMAND_FAILED
638
639 removePassthrough(s: ipv, as: args) → Nothing
640 Remove a tracked passthrough rule with arguments args for ipv
641 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
642 (ebtables). Only rules previously added with addPassthrough can
643 be removed this way. For permanent operation see
644 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
645
646 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
647
648 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
649 Nothing
650 Remove a rule with priority and arguments args from chain in
651 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
652 or eb (ebtables). Only rules previously added with addRule can
653 be removed this way. For permanent operation see
654 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
655
656 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
657 COMMAND_FAILED
658
659 removeRules(s: ipv, s: table, s: chain) → Nothing
660 Remove all rules from chain in table for ipv being either ipv4
661 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
662 only rules previously added with addRule. For permanent
663 operation see
664 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
665
666 Possible errors: INVALID_IPV, INVALID_TABLE
667
668 Signals
669 ChainAdded(s: ipv, s: table, s: chain)
670 Emitted when chain has been added into table for ipv being
671 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
672
673 ChainRemoved(s: ipv, s: table, s: chain)
674 Emitted when chain has been removed from table for ipv being
675 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
676
677 PassthroughAdded(s: ipv, as: args)
678 Emitted when a tracked passthruogh rule with args has been
679 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
680 or eb (ebtables).
681
682 PassthroughRemoved(s: ipv, as: args)
683 Emitted when a tracked passthrough rule with args has been
684 removed for ipv being either ipv4 (iptables) or ipv6
685 (ip6tables) or eb (ebtables).
686
687 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
688 Emitted when a rule with args has been added to chain in table
689 with priority for ipv being either ipv4 (iptables) or ipv6
690 (ip6tables) or eb (ebtables).
691
692 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
693 Emitted when a rule with args has been removed from chain in
694 table with priority for ipv being either ipv4 (iptables) or
695 ipv6 (ip6tables) or eb (ebtables).
696
697 org.fedoraproject.FirewallD1.policies
698 Enables firewalld to be able to lock down configuration changes from
699 local applications. Local applications or services are able to change
700 the firewall configuration if they are running as root (example:
701 libvirt). With these operations administrator can lock the firewall
702 configuration so that either none or only applications that are in the
703 whitelist are able to request firewall changes. For permanent
704 configuration see org.fedoraproject.FirewallD1.config.policies
705 interface.
706
707 Methods
708 addLockdownWhitelistCommand(s: command) → Nothing
709 Add command to whitelist. See command option in
710 firewalld.lockdown-whitelist(5). For permanent operation see
711 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
712
713 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
714
715 addLockdownWhitelistContext(s: context) → Nothing
716 Add context to whitelist. See selinux option in
717 firewalld.lockdown-whitelist(5). For permanent operation see
718 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
719
720 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
721
722 addLockdownWhitelistUid(i: uid) → Nothing
723 Add user id uid to whitelist. See user option in
724 firewalld.lockdown-whitelist(5). For permanent operation see
725 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
726
727 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
728
729 addLockdownWhitelistUser(s: user) → Nothing
730 Add user name to whitelist. See user option in
731 firewalld.lockdown-whitelist(5). For permanent operation see
732 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
733
734 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
735
736 disableLockdown() → Nothing
737 Disable lockdown. This is a runtime and permanent change.
738
739 Possible errors: NOT_ENABLED
740
741 enableLockdown() → Nothing
742 Enable lockdown. Be careful - if the calling application/user
743 is not on lockdown whitelist when you enable lockdown you won't
744 be able to disable it again with the application, you would
745 need to edit firewalld.conf. This is a runtime and permanent
746 change.
747
748 Possible errors: ALREADY_ENABLED
749
750 getLockdownWhitelistCommands() → as
751 List all command lines (s) that are on whitelist. For permanent
752 operation see
753 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
754
755 getLockdownWhitelistContexts() → as
756 List all contexts (s) that are on whitelist. For permanent
757 operation see
758 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
759
760 getLockdownWhitelistUids() → ai
761 List all user ids (i) that are on whitelist. For permanent
762 operation see
763 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
764
765 getLockdownWhitelistUsers() → as
766 List all users (s) that are on whitelist. For permanent
767 operation see
768 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
769
770 queryLockdown() → b
771 Query whether lockdown is enabled.
772
773 queryLockdownWhitelistCommand(s: command) → b
774 Query whether command is on whitelist. For permanent operation
775 see
776 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
777
778 queryLockdownWhitelistContext(s: context) → b
779 Query whether context is on whitelist. For permanent operation
780 see
781 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
782
783 queryLockdownWhitelistUid(i: uid) → b
784 Query whether user id uid is on whitelist. For permanent
785 operation see
786 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
787
788 queryLockdownWhitelistUser(s: user) → b
789 Query whether user is on whitelist. For permanent operation see
790 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
791
792 removeLockdownWhitelistCommand(s: command) → Nothing
793 Remove command from whitelist. For permanent operation see
794 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
795
796 Possible errors: NOT_ENABLED
797
798 removeLockdownWhitelistContext(s: context) → Nothing
799 Remove context from whitelist. For permanent operation see
800 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
801
802 Possible errors: NOT_ENABLED
803
804 removeLockdownWhitelistUid(i: uid) → Nothing
805 Remove user id uid from whitelist. For permanent operation see
806 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
807
808 Possible errors: NOT_ENABLED
809
810 removeLockdownWhitelistUser(s: user) → Nothing
811 Remove user from whitelist. For permanent operation see
812 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
813
814 Possible errors: NOT_ENABLED
815
816 Signals
817 LockdownDisabled()
818 Emitted when lockdown has been disabled.
819
820 LockdownEnabled()
821 Emitted when lockdown has been enabled.
822
823 LockdownWhitelistCommandAdded(s: command)
824 Emitted when command has been added to whitelist.
825
826 LockdownWhitelistCommandRemoved(s: command)
827 Emitted when command has been removed from whitelist.
828
829 LockdownWhitelistContextAdded(s: context)
830 Emitted when context has been added to whitelist.
831
832 LockdownWhitelistContextRemoved(s: context)
833 Emitted when context has been removed from whitelist.
834
835 LockdownWhitelistUidAdded(i: uid)
836 Emitted when user id uid has been added to whitelist.
837
838 LockdownWhitelistUidRemoved(i: uid)
839 Emitted when user id uid has been removed from whitelist.
840
841 LockdownWhitelistUserAdded(s: user)
842 Emitted when user has been added to whitelist.
843
844 LockdownWhitelistUserRemoved(s: user)
845 Emitted when user has been removed from whitelist.
846
847 org.fedoraproject.FirewallD1.zone
848 Operations in this interface allows to get, add, remove and query
849 runtime zone's settings. For permanent settings see
850 org.fedoraproject.FirewallD1.config.zone interface.
851
852 Methods
853 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
854 i: timeout) → s
855 Add the IPv4 forward port into zone. If zone is empty, use
856 default zone. The port can either be a single port number
857 portid or a port range portid-portid. The protocol can either
858 be tcp or udp. The destination address is a simple IP address.
859 If timeout is non-zero, the operation will be active only for
860 the amount of seconds. For permanent settings see
861 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
862
863 Returns name of zone to which the forward port was added.
864
865 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
866 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
867 ALREADY_ENABLED, INVALID_COMMAND
868
869 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
870 Add an ICMP block icmp into zone. The icmp is the one of the
871 icmp types firewalld supports. To get a listing of supported
872 icmp types use
873 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
874 empty, use default zone. If timeout is non-zero, the operation
875 will be active only for the amount of seconds. For permanent
876 settings see
877 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
878
879 Returns name of zone to which the ICMP block was added.
880
881 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
882 ALREADY_ENABLED, INVALID_COMMAND
883
884 addIcmpBlockInversion(s: zone) → s
885 Add ICMP block inversion to zone. If zone is empty, use default
886 zone. For permanent settings see
887 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
888
889 Returns name of zone to which the ICMP block inversion was
890 added.
891
892 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
893
894 addInterface(s: zone, s: interface) → s
895 Bind interface with zone. From now on all traffic going through
896 the interface will respect the zone's settings. If zone is
897 empty, use default zone. For permanent settings see
898 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
899
900 Returns name of zone to which the interface was bound.
901
902 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
903 ALREADY_ENABLED, INVALID_COMMAND
904
905 addMasquerade(s: zone, i: timeout) → s
906 Enable masquerade in zone. If zone is empty, use default zone.
907 If timeout is non-zero, masquerading will be active for the
908 amount of seconds. For permanent settings see
909 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
910
911 Returns name of zone in which the masquerade was enabled.
912
913 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
914
915 addPort(s: zone, s: port, s: protocol, i: timeout) → s
916 Add port into zone. If zone is empty, use default zone. The
917 port can either be a single port number or a port range
918 portid-portid. The protocol can either be tcp or udp. If
919 timeout is non-zero, the operation will be active only for the
920 amount of seconds. For permanent settings see
921 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
922
923 Returns name of zone to which the port was added.
924
925 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
926 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
927
928 addProtocol(s: zone, s: protocol, i: timeout) → s
929 Add protocol into zone. If zone is empty, use default zone. The
930 protocol can be any protocol supported by the system. Please
931 have a look at /etc/protocols for supported protocols. If
932 timeout is non-zero, the operation will be active only for the
933 amount of seconds. For permanent settings see
934 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
935
936 Returns name of zone to which the protocol was added.
937
938 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
939 ALREADY_ENABLED, INVALID_COMMAND
940
941 addRichRule(s: zone, s: rule, i: timeout) → s
942 Add rich language rule into zone. For the rich language rule
943 syntax, please have a look at firewalld.direct(5). If zone is
944 empty, use default zone. If timeout is non-zero, the operation
945 will be active only for the amount of seconds. For permanent
946 settings see
947 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
948
949 Returns name of zone to which the rich language rule was added.
950
951 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
952 INVALID_COMMAND
953
954 addService(s: zone, s: service, i: timeout) → s
955 Add service into zone. If zone is empty, use default zone. If
956 timeout is non-zero, the operation will be active only for the
957 amount of seconds. To get a list of supported services, use
958 org.fedoraproject.FirewallD1.Methods.listServices. For
959 permanent settings see
960 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
961
962 Returns name of zone to which the service was added.
963
964 Possible errors: INVALID_ZONE, INVALID_SERVICE,
965 ALREADY_ENABLED, INVALID_COMMAND
966
967 addSource(s: zone, s: source) → s
968 Bind source with zone. From now on all traffic going from this
969 source will respect the zone's settings. A source address or
970 address range is either an IP address or a network IP address
971 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
972 network mask or a plain number. For IPv6 the mask is a plain
973 number. Use of host names is not supported. If zone is empty,
974 use default zone. For permanent settings see
975 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
976
977 Returns name of zone to which the source was bound.
978
979 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
980 INVALID_COMMAND
981
982 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
983 Add source port into zone. If zone is empty, use default zone.
984 The port can either be a single port number or a port range
985 portid-portid. The protocol can either be tcp or udp. If
986 timeout is non-zero, the operation will be active only for the
987 amount of seconds. For permanent settings see
988 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
989
990 Returns name of zone to which the port was added.
991
992 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
993 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
994
995 changeZone(s: zone, s: interface) → s
996 This function is deprecated, use
997 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
998 instead.
999
1000 changeZoneOfInterface(s: zone, s: interface) → s
1001 Change a zone an interface is bound to to zone. It's basically
1002 removeInterface(interface) followed by addInterface(zone,
1003 interface). If interface has not been bound to a zone before,
1004 it behaves like addInterface. If zone is empty, use default
1005 zone.
1006
1007 Returns name of zone to which the interface was bound.
1008
1009 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1010
1011 changeZoneOfSource(s: zone, s: source) → s
1012 Change a zone an source is bound to to zone. It's basically
1013 removeSource(source) followed by addSource(zone, source). If
1014 source has not been bound to a zone before, it behaves like
1015 addSource. If zone is empty, use default zone.
1016
1017 Returns name of zone to which the source was bound.
1018
1019 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1020
1021 getActiveZones() → a{sa{sas}}
1022 Return dictionary of currently active zones altogether with
1023 interfaces and sources used in these zones. Active zones are
1024 zones, that have a binding to an interface or source.
1025
1026 Return value is a dictionary where keys are zone names (s) and
1027 values are again dictionaries where keys are either
1028 'interfaces' or 'sources' and values are arrays of interface
1029 names (s) or sources (s).
1030
1031 getForwardPorts(s: zone) → aas
1032 Return array of IPv4 forward ports previously added into zone.
1033 If zone is empty, use default zone. For getting permanent
1034 settings see
1035 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1036
1037 Return value is array of 4-tuples, where each 4-tuple consists
1038 of (port, protocol, to-port, to-addr). to-addr might be empty
1039 in case of local forwarding.
1040
1041 Possible errors: INVALID_ZONE
1042
1043 getIcmpBlocks(s: zone) → as
1044 Return array of ICMP type (s) blocks previously added into
1045 zone. If zone is empty, use default zone. For getting permanent
1046 settings see
1047 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1048
1049 Possible errors: INVALID_ZONE
1050
1051 getIcmpBlockInversion(s: zone) → b
1052 Return whether ICMP block inversion was previously added to
1053 zone. If zone is empty, use default zone. For getting permanent
1054 settings see
1055 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1056
1057 Possible errors: INVALID_ZONE
1058
1059 getInterfaces(s: zone) → as
1060 Return array of interfaces (s) previously bound with zone. If
1061 zone is empty, use default zone. For getting permanent settings
1062 see
1063 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1064
1065 Possible errors: INVALID_ZONE
1066
1067 getPorts(s: zone) → aas
1068 Return array of ports (2-tuple of port and protocol) previously
1069 enabled in zone. If zone is empty, use default zone. For
1070 getting permanent settings see
1071 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1072
1073 Possible errors: INVALID_ZONE
1074
1075 getProtocols(s: zone) → as
1076 Return array of protocols (s) previously enabled in zone. If
1077 zone is empty, use default zone. For getting permanent settings
1078 see
1079 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1080
1081 Possible errors: INVALID_ZONE
1082
1083 getRichRules(s: zone) → as
1084 Return array of rich language rules (s) previously added into
1085 zone. If zone is empty, use default zone. For getting permanent
1086 settings see
1087 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1088
1089 Possible errors: INVALID_ZONE
1090
1091 getServices(s: zone) → as
1092 Return array of services (s) previously enabled in zone. If
1093 zone is empty, use default zone. For getting permanent settings
1094 see
1095 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1096
1097 Possible errors: INVALID_ZONE
1098
1099 getSourcePorts(s: zone) → aas
1100 Return array of source ports (2-tuple of port and protocol)
1101 previously enabled in zone. If zone is empty, use default zone.
1102 For getting permanent settings see
1103 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1104
1105 Possible errors: INVALID_ZONE
1106
1107 getSources(s: zone) → as
1108 Return array of sources (s) previously bound with zone. If zone
1109 is empty, use default zone. For getting permanent settings see
1110 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1111
1112 Possible errors: INVALID_ZONE
1113
1114 getZoneOfInterface(s: interface) → s
1115 Return name (s) of zone the interface is bound to or empty
1116 string.
1117
1118 getZoneOfSource(s: source) → s
1119 Return name (s) of zone the source is bound to or empty string.
1120
1121 getZones() → as
1122 Return array of names (s) of predefined zones known to current
1123 runtime environment. For list of zones known to permanent
1124 environment see
1125 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1126 lists (of zones known to runtime and permanent environment)
1127 will contain same zones in most cases, but might differ for
1128 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1129 has been called recently, but firewalld has not been reloaded
1130 since then.
1131
1132 isImmutable(s: zone) → b
1133 Deprecated.
1134
1135 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1136 toaddr) → b
1137 Return whether the IPv4 forward port (port, protocol, toport,
1138 toaddr) has been added into zone. If zone is empty, use default
1139 zone. For permanent operation see
1140 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1141
1142 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1143 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1144
1145 queryIcmpBlock(s: zone, s: icmp) → b
1146 Return whether an ICMP block for icmp has been added into zone.
1147 If zone is empty, use default zone. For permanent operation see
1148 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1149
1150 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1151
1152 queryIcmpBlockInversion(s: zone) → b
1153 Return whether ICMP block inversion has been added to zone. If
1154 zone is empty, use default zone. For permanent operation see
1155 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1156
1157 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1158
1159 queryInterface(s: zone, s: interface) → b
1160 Query whether interface has been bound to zone. If zone is
1161 empty, use default zone. For permanent operation see
1162 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1163
1164 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1165
1166 queryMasquerade(s: zone) → b
1167 Return whether masquerading has been enabled in zone If zone is
1168 empty, use default zone. For permanent operation see
1169 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1170
1171 Possible errors: INVALID_ZONE
1172
1173 queryPort(s: zone, s: port, s: protocol) → b
1174 Return whether port/protocol has been added in zone. If zone is
1175 empty, use default zone. For permanent operation see
1176 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1177
1178 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1179 INVALID_PROTOCOL
1180
1181 queryProtocol(s: zone, s: protocol) → b
1182 Return whether protocol has been added in zone. If zone is
1183 empty, use default zone. For permanent operation see
1184 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1185
1186 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1187
1188 queryRichRule(s: zone, s: rule) → b
1189 Return whether rich rule rule has been added in zone. If zone
1190 is empty, use default zone. For permanent operation see
1191 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1192
1193 Possible errors: INVALID_ZONE, INVALID_RULE
1194
1195 queryService(s: zone, s: service) → b
1196 Return whether service has been added for zone. If zone is
1197 empty, use default zone. For permanent operation see
1198 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1199
1200 Possible errors: INVALID_ZONE, INVALID_SERVICE
1201
1202 querySource(s: zone, s: source) → b
1203 Query whether sourcehas been bound to zone. If zone is empty,
1204 use default zone. For permanent operation see
1205 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1206
1207 Possible errors: INVALID_ZONE, INVALID_ADDR
1208
1209 querySourcePort(s: zone, s: port, s: protocol) → b
1210 Return whether port/protocol has been added in zone. If zone is
1211 empty, use default zone. For permanent operation see
1212 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1213
1214 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1215 INVALID_PROTOCOL
1216
1217 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1218 toaddr) → s
1219 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1220 from zone. If zone is empty, use default zone. For permanent
1221 operation see
1222 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1223
1224 Returns name of zone from which the forward port was removed.
1225
1226 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1227 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1228 INVALID_COMMAND
1229
1230 removeIcmpBlock(s: zone, s: icmp) → s
1231 Remove ICMP block icmp from zone. If zone is empty, use default
1232 zone. For permanent operation see
1233 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1234
1235 Returns name of zone from which the ICMP block was removed.
1236
1237 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1238 INVALID_COMMAND
1239
1240 removeIcmpBlockInversion(s: zone) → s
1241 Remove ICMP block inversion from zone. If zone is empty, use
1242 default zone. For permanent operation see
1243 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1244
1245 Returns name of zone from which the ICMP block inversion was
1246 removed.
1247
1248 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1249
1250 removeInterface(s: zone, s: interface) → s
1251 Remove binding of interface from zone. If zone is empty, the
1252 interface will be removed from zone it belongs to. For
1253 permanent operation see
1254 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1255
1256 Returns name of zone from which the interface was removed.
1257
1258 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1259 INVALID_COMMAND
1260
1261 removeMasquerade(s: zone) → s
1262 Disable masquerade for zone. If zone is empty, use default
1263 zone. For permanent operation see
1264 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1265
1266 Returns name of zone for which the masquerade was disabled.
1267
1268 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1269
1270 removePort(s: zone, s: port, s: protocol) → s
1271 Remove port/protocol from zone. If zone is empty, use default
1272 zone. For permanent operation see
1273 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1274
1275 Returns name of zone from which the port was removed.
1276
1277 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1278 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1279
1280 removeProtocol(s: zone, s: protocol) → s
1281 Remove protocol from zone. If zone is empty, use default zone.
1282 For permanent operation see
1283 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1284
1285 Returns name of zone from which the protocol was removed.
1286
1287 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1288 INVALID_COMMAND
1289
1290 removeRichRule(s: zone, s: rule) → s
1291 Remove rich language rule from zone. If zone is empty, use
1292 default zone. For permanent operation see
1293 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1294
1295 Returns name of zone from which the rich language rule was
1296 removed.
1297
1298 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1299 INVALID_COMMAND
1300
1301 removeService(s: zone, s: service) → s
1302 Remove service from zone. If zone is empty, use default zone.
1303 For permanent operation see
1304 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1305
1306 Returns name of zone from which the service was removed.
1307
1308 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1309 INVALID_COMMAND
1310
1311 removeSource(s: zone, s: source) → s
1312 Remove binding of source from zone. If zone is empty, the
1313 source will be removed from zone it belongs to. For permanent
1314 operation see
1315 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1316
1317 Returns name of zone from which the source was removed.
1318
1319 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1320 INVALID_COMMAND
1321
1322 removeSourcePort(s: zone, s: port, s: protocol) → s
1323 Remove port/protocol from zone. If zone is empty, use default
1324 zone. For permanent operation see
1325 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1326
1327 Returns name of zone from which the source port was removed.
1328
1329 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1330 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1331
1332 Signals
1333 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1334 toaddr, i: timeout)
1335 Emitted when forward port has been added to zone with timeout.
1336
1337 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1338 toaddr)
1339 Emitted when forward port has been removed from zone.
1340
1341 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1342 Emitted when ICMP block for icmp has been added to zone with
1343 timeout.
1344
1345 IcmpBlockInversionAdded(s: zone)
1346 Emitted when ICMP block inversion has been added to zone.
1347
1348 IcmpBlockInversionRemoved(s: zone)
1349 Emitted when ICMP block inversion has been removed from zone.
1350
1351 IcmpBlockRemoved(s: zone, s: icmp)
1352 Emitted when ICMP block for icmp has been removed from zone.
1353
1354 InterfaceAdded(s: zone, s: interface)
1355 Emitted when interface has been added to zone.
1356
1357 InterfaceRemoved(s: zone, s: interface)
1358 Emitted when interface has been removed from zone.
1359
1360 MasqueradeAdded(s: zone, i: timeout)
1361 Emitted when masquerade has been enabled for zone.
1362
1363 MasqueradeRemoved(s: zone)
1364 Emitted when masquerade has been disabled for zone.
1365
1366 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1367 Emitted when port/protocol has been added to zone with timeout.
1368
1369 PortRemoved(s: zone, s: port, s: protocol)
1370 Emitted when port/protocol has been removed from zone.
1371
1372 ProtocolAdded(s: zone, s: protocol, i: timeout)
1373 Emitted when protocol has been added to zone with timeout.
1374
1375 ProtocolRemoved(s: zone, s: protocol)
1376 Emitted when protocol has been removed from zone.
1377
1378 RichRuleAdded(s: zone, s: rule, i: timeout)
1379 Emitted when rich language rule has been added to zone with
1380 timeout.
1381
1382 RichRuleRemoved(s: zone, s: rule)
1383 Emitted when rich language rule has been removed from zone.
1384
1385 ServiceAdded(s: zone, s: service, i: timeout)
1386 Emitted when service has been added to zone with timeout.
1387
1388 ServiceRemoved(s: zone, s: service)
1389 Emitted when service has been removed from zone.
1390
1391 SourceAdded(s: zone, s: source)
1392 Emitted when source has been added to zone.
1393
1394 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1395 Emitted when source-port/protocol has been added to zone with
1396 timeout.
1397
1398 SourcePortRemoved(s: zone, s: port, s: protocol)
1399 Emitted when source-port/protocol has been removed from zone.
1400
1401 SourceRemoved(s: zone, s: source)
1402 Emitted when source has been removed from zone.
1403
1404 ZoneChanged(s: zone, s: interface)
1405 Deprecated
1406
1407 ZoneOfInterfaceChanged(s: zone, s: interface)
1408 Emitted when a zone an interface is part of has been changed to
1409 zone.
1410
1411 ZoneOfSourceChanged(s: zone, s: source)
1412 Emitted when a zone an source is part of has been changed to
1413 zone.
1414
1415 org.fedoraproject.FirewallD1.config
1416 Allows to permanently add, remove and query zones, services and icmp
1417 types.
1418
1419 Methods
1420 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1421 Add ipset with given settings into permanent configuration.
1422 Settings are in format: version, name, description, type,
1423 dictionary of options and array of entries.
1424
1425 version (s): see version attribute of ipset tag in
1426 firewalld.ipset(5).
1427
1428 name (s): see short tag in firewalld.ipset(5).
1429
1430 description (s): see description tag in firewalld.ipset(5).
1431
1432 type (s): see type attribute of ipset tag in
1433 firewalld.ipset(5).
1434
1435 options (a{ss}): dictionary of {option : value} . See options
1436 tag in firewalld.ipset(5).
1437
1438 entries (as): array of entries, see entry tag in
1439 firewalld.ipset(5).
1440
1441 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1442
1443 addIcmpType(s: icmptype, (sssas): settings) → o
1444 Add icmptype with given settings into permanent configuration.
1445 Settings are in format: version, name, description, array of
1446 destinations. Returns object path of the new icmp type.
1447
1448 version (s): see version attribute of icmptype tag in
1449 firewalld.icmptype(5).
1450
1451 name (s): see short tag in firewalld.icmptype(5).
1452
1453 description (s): see description tag in firewalld.icmptype(5).
1454
1455 destinations (as): array, either empty or containing strings
1456 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1457
1458 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1459
1460 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1461 This function is deprecated, use
1462 org.fedoraproject.FirewallD1.config.Methods.addService2
1463 instead.
1464
1465 addService2s: service, a{sv}: settings) → o
1466 Add service with given settings into permanent configuration.
1467 Settings are a dictionary indexed by keywords. For the type of
1468 each value see below. To zero a value pass an empty string or
1469 list.
1470
1471 version (s): see version attribute of service tag in
1472 firewalld.service(5).
1473
1474 name (s): see short tag in firewalld.service(5).
1475
1476 description (s): see description tag in firewalld.service(5).
1477
1478 ports (a(ss)): array of port and protocol pairs. See port tag
1479 in firewalld.service(5).
1480
1481 module names (as): array of kernel netfilter helpers, see
1482 module tag in firewalld.service(5).
1483
1484 destinations (a{ss}): dictionary of {IP family : IP address}
1485 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1486 destination tag in firewalld.service(5).
1487
1488 protocols (as): array of protocols, see protocol tag in
1489 firewalld.service(5).
1490
1491 source_ports (a(ss)): array of port and protocol pairs. See
1492 source-port tag in firewalld.service(5).
1493
1494 includes (as): array of service includes, see include tag in
1495 firewalld.service(5).
1496
1497 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1498
1499 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1500 o
1501 Add zone with given settings into permanent configuration.
1502 Settings are in format: version, name, description, UNUSED,
1503 target, array of services, array of ports (port, protocol),
1504 array of icmp-blocks, masquerade, array of forward-ports (port,
1505 protocol, to-port, to-addr), array of interfaces, array of
1506 sources, array of rich rules, array of protocols and array of
1507 source-ports (port, protocol).
1508
1509 version (s): see version attribute of zone tag in
1510 firewalld.zone(5).
1511
1512 name (s): see short tag in firewalld.zone(5).
1513
1514 description (s): see description tag in firewalld.zone(5).
1515
1516 UNUSED (b): this boolean value is no longer used for anything.
1517
1518 target (s): see target attribute of zone tag in
1519 firewalld.zone(5).
1520
1521 services (as): array of service names, see service tag in
1522 firewalld.zone(5).
1523
1524 ports (a(ss)): array of port and protocol pairs. See port tag
1525 in firewalld.zone(5).
1526
1527 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1528 firewalld.zone(5).
1529
1530 masquerade (b): see masquerade tag in firewalld.zone(5).
1531
1532 forward-ports (a(ssss)): array of (port, protocol, to-port,
1533 to-addr). See forward-port tag in firewalld.zone(5).
1534
1535 interfaces (as): array of interfaces. See interface tag in
1536 firewalld.zone(5).
1537
1538 source addresses (as): array of source addresses. See source
1539 tag in firewalld.zone(5).
1540
1541 rich rules (as): array of rich-language rules. See rule tag in
1542 firewalld.zone(5).
1543
1544 protocols (as): array of protocols. See protocol tag in
1545 firewalld.zone(5).
1546
1547 source-ports (a(ss)): array of port and protocol pairs. See
1548 source-port tag in firewalld.zone(5).
1549
1550 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1551
1552 getHelperByName(s: helper) → o
1553 Return object path (permanent configuration) of helper with
1554 given name.
1555
1556 Possible errors: INVALID_HELPER
1557
1558 getHelperNames() → as
1559 Return list of helper names (permanent configuration).
1560
1561 getIPSetByName(s: ipset) → o
1562 Return object path (permanent configuration) of ipset with
1563 given name.
1564
1565 Possible errors: INVALID_IPSET
1566
1567 getIPSetNames() → as
1568 Return list of ipset names (permanent configuration).
1569
1570 getIcmpTypeByName(s: icmptype) → o
1571 Return object path (permanent configuration) of icmptype with
1572 given name.
1573
1574 Possible errors: INVALID_ICMPTYPE
1575
1576 getIcmpTypeNames() → as
1577 Return list of icmptype names (permanent configuration).
1578
1579 getServiceByName(s: service) → o
1580 Return object path (permanent configuration) of service with
1581 given name.
1582
1583 Possible errors: INVALID_SERVICE
1584
1585 getServiceNames() → as
1586 Return list of service names (permanent configuration).
1587
1588 getZoneByName(s: zone) → o
1589 Return object path (permanent configuration) of zone with given
1590 name.
1591
1592 Possible errors: INVALID_ZONE
1593
1594 getZoneNames() → as
1595 Return list of zone names (permanent configuration) of.
1596
1597 getZoneOfInterface(s: iface) → s
1598 Return name of zone the iface is bound to or empty string.
1599
1600 getZoneOfSource(s: source) → s
1601 Return name of zone the source is bound to or empty string.
1602
1603 listHelpers() → ao
1604 Return array of object paths (o) of helper in permanent
1605 configuration. For runtime configuration see
1606 org.fedoraproject.FirewallD1.Methods.getHelpers.
1607
1608 listIPSets() → ao
1609 Return array of object paths (o) of ipset in permanent
1610 configuration. For runtime configuration see
1611 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1612
1613 listIcmpTypes() → ao
1614 Return array of object paths (o) of icmp types in permanent
1615 configuration. For runtime configuration see
1616 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1617
1618 listServices() → ao
1619 Return array of objects paths (o) of services in permanent
1620 configuration. For runtime configuration see
1621 org.fedoraproject.FirewallD1.Methods.listServices.
1622
1623 listZones() → ao
1624 List object paths of zones known to permanent environment. For
1625 list of zones known to runtime environment see
1626 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1627 (of zones known to runtime and permanent environment) will
1628 contain same zones in most cases, but might differ for example
1629 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1630 called recently, but firewalld has not been reloaded since
1631 then.
1632
1633 Signals
1634 HelperAdded(s: helper)
1635 Emitted when helper has been added.
1636
1637 IPSetAdded(s: ipset)
1638 Emitted when ipset has been added.
1639
1640 IcmpTypeAdded(s: icmptype)
1641 Emitted when icmptype has been added.
1642
1643 ServiceAdded(s: service)
1644 Emitted when service has been added.
1645
1646 ZoneAdded(s: zone)
1647 Emitted when zone has been added.
1648
1649 Properties
1650 AutomaticHelpers - s - (rw)
1651 Indicates whether automatic helper assignment in kernel should
1652 be used or not. With the system setting this is left to the
1653 kernel or system default.
1654
1655 CleanupOnExit - s - (rw)
1656 If firewalld stops, it cleans up all firewall rules. Setting
1657 this option to no or false leaves the current firewall rules
1658 untouched.
1659
1660 DefaultZone - s - (ro)
1661 Default zone for connections or interfaces if the zone is not
1662 selected or specified by NetworkManager, initscripts or command
1663 line tool.
1664
1665 FirewallBackend - s - (rw)
1666 Selects the firewalld backend for all rules except the direct
1667 interface. Valid options are; nftables, iptables. Default in
1668 nftables.
1669
1670 FirewallBackend - s - (rw)
1671 Flush all runtime rules on a reload. Valid options are; yes,
1672 no.
1673
1674 IPv6_rpfilter - s - (rw)
1675 Indicates whether the reverse path filter test on a packet for
1676 IPv6 is enabled. If a reply to the packet would be sent via the
1677 same interface that the packet arrived on, the packet will
1678 match and be accepted, otherwise dropped.
1679
1680 IndividualCalls - s - (ro)
1681 Indicates whether individual calls combined -restore calls are
1682 used. If enabled, this increases the time that is needed to
1683 apply changes and to start the daemon, but is good for
1684 debugging.
1685
1686 Lockdown - s - (rw)
1687 If this property is enabled, firewall changes with the D-Bus
1688 interface will be limited to applications that are listed in
1689 the lockdown whitelist.
1690
1691 LogDenied - s - (rw)
1692 If LogDenied is enabled, then logging rules are added right
1693 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1694 chains for the default rules and also final reject and drop
1695 rules in zones. Possible values are: all, unicast, broadcast,
1696 multicast and off.
1697
1698 MinimalMark - i - (rw)
1699 Deprecated. This option is ignored and no longer used. Marks
1700 are no longer used internally.
1701
1702 FirewallBackend - s - (rw)
1703 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1704 addresses that correspond to IPv4 addresses that should not be
1705 routed over the public internet. Valid options are; yes, no.
1706
1707 org.fedoraproject.FirewallD1.config.direct
1708 Interface for permanent direct configuration, see also
1709 firewalld.direct(5). For runtime direct configuration see
1710 org.fedoraproject.FirewallD1.direct interface.
1711
1712 Methods
1713 addChain(s: ipv, s: table, s: chain) → Nothing
1714 Add a new chain to table for ipv being either ipv4 (iptables)
1715 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1716 other chain with this name already. There already exist basic
1717 chains to use with direct methods, for example INPUT_direct
1718 chain. These chains are jumped into before chains for zones,
1719 i.e. every rule put into INPUT_direct will be checked before
1720 rules in zones. For runtime operation see
1721 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1722
1723 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1724
1725 addPassthrough(s: ipv, as: args) → Nothing
1726 Add a passthrough rule with the arguments args for ipv being
1727 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1728 For runtime operation see
1729 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1730
1731 Possible errors: INVALID_IPV, ALREADY_ENABLED
1732
1733 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1734 Nothing
1735 Add a rule with the arguments args to chain in table with
1736 priority for ipv being either ipv4 (iptables) or ipv6
1737 (ip6tables) or eb (ebtables). The priority is used to order
1738 rules. Priority 0 means add rule on top of the chain, with a
1739 higher priority the rule will be added further down. Rules with
1740 the same priority are on the same level and the order of these
1741 rules is not fixed and may change. If you want to make sure
1742 that a rule will be added after another one, use a low priority
1743 for the first and a higher for the following. For runtime
1744 operation see
1745 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1746
1747 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1748
1749 getAllChains() → a(sss)
1750 Get all chains added to all tables in format: ipv, table,
1751 chain. This concerns only chains previously added with
1752 addChain. Return value is a array of (ipv, table, chain). For
1753 runtime operation see
1754 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1755
1756 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1757 (ebtables).
1758
1759 table (s): one of filter, mangle, nat, raw, security
1760
1761 chain (s): name of a chain.
1762
1763
1764 getAllPassthroughs() → a(sas)
1765 Get all passthrough rules added in all ipv types in format:
1766 ipv, rule. This concerns only rules previously added with
1767 addPassthrough. Return value is a array of (ipv, array of
1768 arguments). For runtime operation see
1769 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1770
1771 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1772 (ebtables).
1773
1774 arguments (as): array of commands, parameters and other
1775 iptables/ip6tables/ebtables command line options.
1776
1777
1778 getAllRules() → a(sssias)
1779 Get all rules added to all chains in all tables in format: ipv,
1780 table, chain, priority, rule. This concerns only rules
1781 previously added with addRule. Return value is a array of (ipv,
1782 table, chain, priority, array of arguments). For runtime
1783 operation see
1784 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1785
1786 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1787 (ebtables).
1788
1789 table (s): one of filter, mangle, nat, raw, security
1790
1791 chain (s): name of a chain.
1792
1793 priority (i): used to order rules.
1794
1795 arguments (as): array of commands, parameters and other
1796 iptables/ip6tables/ebtables command line options.
1797
1798
1799 getChains(s: ipv, s: table) → as
1800 Return an array of chains (s) added to table for ipv being
1801 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1802 This concerns only chains previously added with addChain. For
1803 runtime operation see
1804 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1805
1806 Possible errors: INVALID_IPV, INVALID_TABLE
1807
1808 getPassthroughs(s: ipv) → aas
1809 Get tracked passthrough rules added in either ipv4 (iptables)
1810 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1811 previously added with addPassthrough. Return value is a array
1812 of (array of arguments). For runtime operation see
1813 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1814
1815 arguments (as): array of commands, parameters and other
1816 iptables/ip6tables/ebtables command line options.
1817
1818
1819 getRules(s: ipv, s: table, s: chain) → a(ias)
1820 Get all rules added to chain in table for ipv being either ipv4
1821 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1822 only rules previously added with addRule. Return value is a
1823 array of (priority, array of arguments). For runtime operation
1824 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1825
1826 priority (i): used to order rules.
1827
1828 arguments (as): array of commands, parameters and other
1829 iptables/ip6tables/ebtables command line options.
1830
1831 Possible errors: INVALID_IPV, INVALID_TABLE
1832
1833 getSettings() → (a(sss)a(sssias)a(sas))
1834 Get settings of permanent direct configuration in format: array
1835 of chains, array of rules, array of passthroughs.
1836
1837 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1838 firewalld.direct(5).
1839 .
1840 .PP rules (a(sssias)): array of (ipv, table,
1841 chain, priority, array of arguments), see 'rule' in
1842 firewalld.direct(5).
1843 .
1844 .PP passthroughs (a(sas)): array of (ipv,
1845 array of arguments), see passthrough in firewalld.direct(5).
1846 .
1847 .sp
1848
1849 queryChain(s: ipv, s: table, s: chain) → b
1850 Return whether a chain exists in table for ipv being either
1851 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1852 concerns only chains previously added with addChain. For
1853 runtime operation see
1854 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1855
1856 Possible errors: INVALID_IPV, INVALID_TABLE
1857
1858 queryPassthrough(s: ipv, as: args) → b
1859 Return whether a tracked passthrough rule with the arguments
1860 args exists for ipv being either ipv4 (iptables) or ipv6
1861 (ip6tables) or eb (ebtables). This concerns only rules
1862 previously added with addPassthrough. For runtime operation see
1863 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1864
1865 Possible errors: INVALID_IPV
1866
1867 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1868 Return whether a rule with priority and the arguments args
1869 exists in chain in table for ipv being either ipv4 (iptables)
1870 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1871 previously added with addRule. For runtime operation see
1872 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1873
1874 Possible errors: INVALID_IPV, INVALID_TABLE
1875
1876 removeChain(s: ipv, s: table, s: chain) → Nothing
1877 Remove a chain from table for ipv being either ipv4 (iptables)
1878 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1879 added with addChain can be removed this way. For runtime
1880 operation see
1881 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1882
1883 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1884
1885 removePassthrough(s: ipv, as: args) → Nothing
1886 Remove a passthrough rule with arguments args for ipv being
1887 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1888 Only rules previously added with addPassthrough can be removed
1889 this way. For runtime operation see
1890 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1891
1892 Possible errors: INVALID_IPV, NOT_ENABLED
1893
1894 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1895 Nothing
1896 Remove a rule with priority and arguments args from chain in
1897 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1898 or eb (ebtables). Only rules previously added with addRule can
1899 be removed this way. For runtime operation see
1900 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1901
1902 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1903
1904 removeRules(s: ipv, s: table, s: chain) → Nothing
1905 Remove all rules from chain in table for ipv being either ipv4
1906 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1907 only rules previously added with addRule. For runtime operation
1908 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1909
1910 Possible errors: INVALID_IPV, INVALID_TABLE
1911
1912 update((a(sss)a(sssias)a(sas)): settings) → Nothing
1913 Update permanent direct configuration with given settings.
1914 Settings are in format: array of chains, array of rules, array
1915 of passthroughs.
1916
1917 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1918 firewalld.direct(5).
1919 .
1920 .PP rules (a(sssias)): array of (ipv, table,
1921 chain, priority, array of arguments), see 'rule' in
1922 firewalld.direct(5).
1923 .
1924 .PP passthroughs (a(sas)): array of (ipv,
1925 array of arguments), see passthrough in firewalld.direct(5).
1926 .
1927 .sp Possible errors: INVALID_TYPE
1928
1929 Signals
1930 Updated()
1931 Emitted when configuration has been updated.
1932
1933 org.fedoraproject.FirewallD1.config.policies
1934 Interface for permanent lockdown-whitelist configuration, see also
1935 firewalld.lockdown-whitelist(5). For runtime configuration see
1936 org.fedoraproject.FirewallD1.policies interface.
1937
1938 Methods
1939 addLockdownWhitelistCommand(s: command) → Nothing
1940 Add command to whitelist. See command option in
1941 firewalld.lockdown-whitelist(5). For runtime operation see
1942 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1943
1944 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1945
1946 addLockdownWhitelistContext(s: context) → Nothing
1947 Add context to whitelist. See selinux option in
1948 firewalld.lockdown-whitelist(5). For runtime operation see
1949 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1950
1951 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1952
1953 addLockdownWhitelistUid(i: uid) → Nothing
1954 Add user id uid to whitelist. See user option in
1955 firewalld.lockdown-whitelist(5). For runtime operation see
1956 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1957
1958 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1959
1960 addLockdownWhitelistUser(s: user) → Nothing
1961 Add user name to whitelist. See user option in
1962 firewalld.lockdown-whitelist(5). For runtime operation see
1963 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1964
1965 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1966
1967 getLockdownWhitelist() → (asasasai)
1968 Get settings of permanent lockdown-whitelist configuration in
1969 format: commands, selinux contexts, users, uids
1970
1971 commands (as): see command option in firewalld.lockdown-
1972 whitelist(5).
1973
1974 selinux contexts (as): see selinux option in
1975 firewalld.lockdown-whitelist(5).
1976
1977 users (as): see name attribute of user option in
1978 firewalld.lockdown-whitelist(5).
1979
1980 uids (ai): see id attribute of user option in
1981 firewalld.lockdown-whitelist(5).
1982
1983
1984 getLockdownWhitelistCommands() → as
1985 List all command lines (s) that are on whitelist. For runtime
1986 operation see
1987 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1988
1989 getLockdownWhitelistContexts() → as
1990 List all contexts (s) that are on whitelist. For runtime
1991 operation see
1992 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
1993
1994 getLockdownWhitelistUids() → ai
1995 List all user ids (i) that are on whitelist. For runtime
1996 operation see
1997 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
1998
1999 getLockdownWhitelistUsers() → as
2000 List all users (s) that are on whitelist. For runtime operation
2001 see
2002 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2003
2004 queryLockdownWhitelistCommand(s: command) → b
2005 Query whether command is on whitelist. For runtime operation
2006 see
2007 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2008
2009 queryLockdownWhitelistContext(s: context) → b
2010 Query whether context is on whitelist. For runtime operation
2011 see
2012 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2013
2014 queryLockdownWhitelistUid(i: uid) → b
2015 Query whether user id uid is on whitelist. For runtime
2016 operation see
2017 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2018
2019 queryLockdownWhitelistUser(s: user) → b
2020 Query whether user is on whitelist. For runtime operation see
2021 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2022
2023 removeLockdownWhitelistCommand(s: command) → Nothing
2024 Remove command from whitelist. For runtime operation see
2025 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2026
2027 Possible errors: NOT_ENABLED
2028
2029 removeLockdownWhitelistContext(s: context) → Nothing
2030 Remove context from whitelist. For runtime operation see
2031 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2032
2033 Possible errors: NOT_ENABLED
2034
2035 removeLockdownWhitelistUid(i: uid) → Nothing
2036 Remove user id uid from whitelist. For runtime operation see
2037 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2038
2039 Possible errors: NOT_ENABLED
2040
2041 removeLockdownWhitelistUser(s: user) → Nothing
2042 Remove user from whitelist. For runtime operation see
2043 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2044
2045 Possible errors: NOT_ENABLED
2046
2047 setLockdownWhitelist((asasasai): settings) → Nothing
2048 Set permanent lockdown-whitelist configuration to settings.
2049 Settings are in format: commands, selinux contexts, users, uids
2050
2051 commands (as): see command option in firewalld.lockdown-
2052 whitelist(5).
2053
2054 selinux contexts (as): see selinux option in
2055 firewalld.lockdown-whitelist(5).
2056
2057 users (as): see name attribute of user option in
2058 firewalld.lockdown-whitelist(5).
2059
2060 uids (ai): see id attribute of user option in
2061 firewalld.lockdown-whitelist(5).
2062
2063 Possible errors: INVALID_TYPE
2064
2065 Signals
2066 LockdownWhitelistUpdated()
2067 Emitted when permanent lockdown-whitelist configuration has
2068 been updated.
2069
2070 org.fedoraproject.FirewallD1.config.ipset
2071 Interface for permanent ipset configuration, see also
2072 firewalld.ipset(5).
2073
2074 Methods
2075 addEntry(s: entry) → Nothing
2076 Permanently add entry to list of entries of ipset. See entry
2077 tag in firewalld.ipset(5). For runtime operation see
2078 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2079
2080 Possible errors: ALREADY_ENABLED
2081
2082 addOption(s: key, s: value) → Nothing
2083 Permanently add (key, value) to the ipset. See option tag in
2084 firewalld.ipset(5).
2085
2086 Possible errors: ALREADY_ENABLED
2087
2088 getDescription() → s
2089 Get description of ipset. See description tag in
2090 firewalld.ipset(5).
2091
2092 getEntries() → as
2093 Get list of entries added to ipset. See entry tag in
2094 firewalld.ipset(5). For runtime operation see
2095 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2096
2097 Possible errors: IPSET_WITH_TIMEOUT
2098
2099 getOptions() → a{ss}
2100 Get dictionary of options set for ipset. See option tag in
2101 firewalld.ipset(5).
2102
2103 getSettings() → (ssssa{ss}as)
2104 Return permament settings of the ipset. For getting runtime
2105 settings see
2106 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2107 Settings are in format: version, name, description, type,
2108 dictionary of options and array of entries.
2109
2110 version (s): see version attribute of ipset tag in
2111 firewalld.ipset(5).
2112
2113 name (s): see short tag in firewalld.ipset(5).
2114
2115 description (s): see description tag in firewalld.ipset(5).
2116
2117 type (s): see type attribute of ipset tag in
2118 firewalld.ipset(5).
2119
2120 options (a{ss}): dictionary of {option : value} . See options
2121 tag in firewalld.ipset(5).
2122
2123 entries (as): array of entries, see entry tag in
2124 firewalld.ipset(5).
2125
2126
2127 getShort() → s
2128 Get name of ipset. See short tag in firewalld.ipset(5).
2129
2130 getType() → s
2131 Get type of ipset. See type attribute of ipset tag in
2132 firewalld.ipset(5).
2133
2134 getVersion() → s
2135 Get version of ipset. See version attribute of ipset tag in
2136 firewalld.ipset(5).
2137
2138 loadDefaults() → Nothing
2139 Load default settings for built-in ipset.
2140
2141 Possible errors: NO_DEFAULTS
2142
2143 queryEntry(s: entry) → b
2144 Return whether entry has been added to ipset. For runtime
2145 operation see
2146 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2147
2148 queryOption(s: key, s: value) → b
2149 Return whether (key, value) has been added to options of the
2150 ipset.
2151
2152 remove() → Nothing
2153 Remove not built-in ipset.
2154
2155 Possible errors: BUILTIN_IPSET
2156
2157 removeEntry(s: entry) → Nothing
2158 Permanently remove entry from ipset. See entry tag in
2159 firewalld.ipset(5). For runtime operation see
2160 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2161
2162 Possible errors: NOT_ENABLED
2163
2164 removeOption(s: key) → Nothing
2165 Permanently remove key from the ipset. See option tag in
2166 firewalld.ipset(5).
2167
2168 Possible errors: NOT_ENABLED
2169
2170 rename(s: name) → Nothing
2171 Rename not built-in ipset to name.
2172
2173 Possible errors: BUILTIN_IPSET
2174
2175 setDescription(s: description) → Nothing
2176 Permanently set description of ipset to description. See
2177 description tag in firewalld.ipset(5).
2178
2179 setEntries(as: entries) → Nothing
2180 Permanently set list of entries to entries. See entry tag in
2181 firewalld.ipset(5).
2182
2183 setOptions(a{ss}: options) → Nothing
2184 Permanently set dict of options to options. See option tag in
2185 firewalld.ipset(5).
2186
2187 setShort(s: short) → Nothing
2188 Permanently set name of ipset to short. See short tag in
2189 firewalld.ipset(5).
2190
2191 setType(s: ipset_type) → Nothing
2192 Permanently set type of ipset to ipset_type. See type attribute
2193 of ipset tag in firewalld.ipset(5).
2194
2195 setVersion(s: version) → Nothing
2196 Permanently set version of ipset to version. See version
2197 attribute of ipset tag in firewalld.ipset(5).
2198
2199 update((ssssa{ss}as): settings) → Nothing
2200 Update settings of ipset to settings. Settings are in format:
2201 version, name, description, type, dictionary of options and
2202 array of entries.
2203
2204 version (s): see version attribute of ipset tag in
2205 firewalld.ipset(5).
2206
2207 name (s): see short tag in firewalld.ipset(5).
2208
2209 description (s): see description tag in firewalld.ipset(5).
2210
2211 type (s): see type attribute of ipset tag in
2212 firewalld.ipset(5).
2213
2214 options (a{ss}): dictionary of {option : value} . See options
2215 tag in firewalld.ipset(5).
2216
2217 entries (as): array of entries, see entry tag in
2218 firewalld.ipset(5).
2219
2220 Possible errors: INVALID_TYPE
2221
2222 Signals
2223 Removed(s: name)
2224 Emitted when ipset with name has been removed.
2225
2226 Renamed(s: name)
2227 Emitted when ipset has been renamed to name.
2228
2229 Updated(s: name)
2230 Emitted when ipset with name has been updated.
2231
2232 Properties
2233 builtin - b - (ro)
2234 True if ipset is build-in, false else.
2235
2236 default - b - (ro)
2237 True if build-in ipset has default settings. False if it has
2238 been modified. Always False for not build-in ipsets.
2239
2240 filename - s - (ro)
2241 Name (including .xml extension) of file where the configuration
2242 is stored.
2243
2244 name - s - (ro)
2245 Name of ipset.
2246
2247 path - s - (ro)
2248 Path to directory where the ipset configuration is stored.
2249 Should be either /usr/lib/firewalld/ipsets or
2250 /etc/firewalld/ipsets.
2251
2252 org.fedoraproject.FirewallD1.config.zone
2253 Interface for permanent zone configuration, see also firewalld.zone(5).
2254
2255 Methods
2256 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2257 Nothing
2258 Permanently add (port, protocol, toport, toaddr) to list of
2259 forward ports of zone. See forward-port tag in
2260 firewalld.zone(5). For runtime operation see
2261 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2262
2263 Possible errors: ALREADY_ENABLED
2264
2265 addIcmpBlock(s: icmptype) → Nothing
2266 Permanently add icmptype to list of icmp types blocked in zone.
2267 See icmp-block tag in firewalld.zone(5). For runtime operation
2268 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2269
2270 Possible errors: ALREADY_ENABLED
2271
2272 addIcmpBlock(s: icmptype) → Nothing
2273 Permanently add icmp block inversion to zone. See
2274 icmp-block-inversion tag in firewalld.zone(5). For runtime
2275 operation see
2276 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2277
2278 Possible errors: ALREADY_ENABLED
2279
2280 addInterface(s: interface) → Nothing
2281 Permanently add interface to list of interfaces bound to zone.
2282 See interface tag in firewalld.zone(5). For runtime operation
2283 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2284
2285 Possible errors: ALREADY_ENABLED
2286
2287 addMasquerade() → Nothing
2288 Permanently enable masquerading in zone. See masquerade tag in
2289 firewalld.zone(5). For runtime operation see
2290 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2291
2292 Possible errors: ALREADY_ENABLED
2293
2294 addPort(s: port, s: protocol) → Nothing
2295 Permanently add (port, protocol) to list of ports of zone. See
2296 port tag in firewalld.zone(5). For runtime operation see
2297 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2298
2299 Possible errors: ALREADY_ENABLED
2300
2301 addProtocol(s: protocol) → Nothing
2302 Permanently add protocol into zone. The protocol can be any
2303 protocol supported by the system. Please have a look at
2304 /etc/protocols for supported protocols. For runtime operation
2305 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2306
2307 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2308
2309 addRichRule(s: rule) → Nothing
2310 Permanently add rule to list of rich-language rules in zone.
2311 See rule tag in firewalld.zone(5). For runtime operation see
2312 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2313
2314 Possible errors: ALREADY_ENABLED
2315
2316 addService(s: service) → Nothing
2317 Permanently add service to list of services used in zone. See
2318 service tag in firewalld.zone(5). For runtime operation see
2319 org.fedoraproject.FirewallD1.zone.Methods.addService.
2320
2321 Possible errors: ALREADY_ENABLED
2322
2323 addSource(s: source) → Nothing
2324 Permanently add source to list of source addresses bound to
2325 zone. See source tag in firewalld.zone(5). For runtime
2326 operation see
2327 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2328
2329 Possible errors: ALREADY_ENABLED
2330
2331 addSourcePort(s: port, s: protocol) → Nothing
2332 Permanently add (port, protocol) to list of source ports of
2333 zone. See source-port tag in firewalld.zone(5). For runtime
2334 operation see
2335 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2336
2337 Possible errors: ALREADY_ENABLED
2338
2339 getDescription() → s
2340 Get description of zone. See description tag in
2341 firewalld.zone(5).
2342
2343 getForwardPorts() → a(ssss)
2344 Get list of (port, protocol, toport, toaddr) defined in zone.
2345 See forward-port tag in firewalld.zone(5). For runtime
2346 operation see
2347 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2348
2349 getIcmpBlockInversion() → b
2350 Get icmp block inversion flag of zone. See icmp-block-inversion
2351 tag in firewalld.zone(5).
2352
2353 getIcmpBlocks() → as
2354 Get list of icmp type names blocked in zone. See icmp-block tag
2355 in firewalld.zone(5). For runtime operation see
2356 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2357
2358 getInterfaces() → as
2359 Get list of interfaces bound to zone. See interface tag in
2360 firewalld.zone(5). For runtime operation see
2361 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2362
2363 getMasquerade() → b
2364 Return whether masquerade is enabled in zone. This is the same
2365 as queryMasquerade() method. See masquerade tag in
2366 firewalld.zone(5).
2367
2368 getPorts() → a(ss)
2369 Get list of (port, protocol) defined in zone. See port tag in
2370 firewalld.zone(5). For runtime operation see
2371 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2372
2373 getProtocols() → as
2374 Return array of protocols (s) previously enabled in zone. For
2375 getting runtime settings see
2376 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2377
2378 getRichRules() → as
2379 Get list of rich-language rules in zone. See rule tag in
2380 firewalld.zone(5). For runtime operation see
2381 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2382
2383 getServices() → as
2384 Get list of service names used in zone. See service tag in
2385 firewalld.zone(5). For runtime operation see
2386 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2387
2388 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2389 Return permanent settings of given zone. For getting runtime
2390 settings see
2391 org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2392 are in format: version, name, description, UNUSED, target,
2393 array of services, array of ports (port, protocol), array of
2394 icmp-blocks, masquerade, array of forward-ports (port,
2395 protocol, to-port, to-addr), array of interfaces, array of
2396 sources, array of rich rules, array of protocols and array of
2397 source-ports (port, protocol).
2398
2399 version (s): see version attribute of zone tag in
2400 firewalld.zone(5).
2401
2402 name (s): see short tag in firewalld.zone(5).
2403
2404 description (s): see description tag in firewalld.zone(5).
2405
2406 UNUSED (b): this boolean value is no longer used for anything.
2407
2408 target (s): see target attribute of zone tag in
2409 firewalld.zone(5).
2410
2411 services (as): array of service names, see service tag in
2412 firewalld.zone(5).
2413
2414 ports (a(ss)): array of port and protocol pairs. See port tag
2415 in firewalld.zone(5).
2416
2417 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2418 firewalld.zone(5).
2419
2420 masquerade (b): see masquerade tag in firewalld.zone(5).
2421
2422 forward-ports (a(ssss)): array of (port, protocol, to-port,
2423 to-addr). See forward-port tag in firewalld.zone(5).
2424
2425 interfaces (as): array of interfaces. See interface tag in
2426 firewalld.zone(5).
2427
2428 source addresses (as): array of source addresses. See source
2429 tag in firewalld.zone(5).
2430
2431 rich rules (as): array of rich-language rules. See rule tag in
2432 firewalld.zone(5).
2433
2434 protocols (as): array of protocols. See protocol tag in
2435 firewalld.zone(5).
2436
2437 source-ports (a(ss)): array of port and protocol pairs. See
2438 source-port tag in firewalld.zone(5).
2439
2440
2441 getShort() → s
2442 Get name of zone. See short tag in firewalld.zone(5).
2443
2444 getSourcePorts() → a(ss)
2445 Get list of (port, protocol) defined in zone. See source-port
2446 tag in firewalld.zone(5). For runtime operation see
2447 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2448
2449 getSources() → as
2450 Get list of source addresses bound to zone. See source tag in
2451 firewalld.zone(5). For runtime operation see
2452 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2453
2454 getTarget() → s
2455 Get target of zone. See target attribute of zone tag in
2456 firewalld.zone(5).
2457
2458 getVersion() → s
2459 Get version of zone. See version attribute of zone tag in
2460 firewalld.zone(5).
2461
2462 loadDefaults() → Nothing
2463 Load default settings for built-in zone.
2464
2465 Possible errors: NO_DEFAULTS
2466
2467 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2468 Return whether (port, protocol, toport, toaddr) is in list of
2469 forward ports of zone. See forward-port tag in
2470 firewalld.zone(5). For runtime operation see
2471 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2472
2473 queryIcmpBlock(s: icmptype) → b
2474 Return whether icmptype is in list of icmp types blocked in
2475 zone. See icmp-block tag in firewalld.zone(5). For runtime
2476 operation see
2477 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2478
2479 queryIcmpBlockInversion() → b
2480 Return whether icmp block inversion is in enabled in zone. See
2481 icmp-block-inversion tag in firewalld.zone(5). For runtime
2482 operation see
2483 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2484
2485 queryInterface(s: interface) → b
2486 Return whether interface is in list of interfaces bound to
2487 zone. See interface tag in firewalld.zone(5). For runtime
2488 operation see
2489 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2490
2491 queryMasquerade() → b
2492 Return whether masquerade is enabled in zone. This is the same
2493 as getMasquerade() method. See masquerade tag in
2494 firewalld.zone(5). For runtime operation see
2495 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2496
2497 queryPort(s: port, s: protocol) → b
2498 Return whether (port, protocol) is in list of ports of zone.
2499 See port tag in firewalld.zone(5). For runtime operation see
2500 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2501
2502 queryProtocol(s: protocol) → b
2503 Return whether protocol has been added in zone. For runtime
2504 operation see
2505 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2506
2507 Possible errors: INVALID_PROTOCOL
2508
2509 queryRichRule(s: rule) → b
2510 Return whether rule is in list of rich-language rules in zone.
2511 See rule tag in firewalld.zone(5). For runtime operation see
2512 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2513
2514 queryService(s: service) → b
2515 Return whether service is in list of services used in zone. See
2516 service tag in firewalld.zone(5). For runtime operation see
2517 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2518
2519 querySource(s: source) → b
2520 Return whether source is in list of source addresses bound to
2521 zone. See source tag in firewalld.zone(5). For runtime
2522 operation see
2523 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2524
2525 querySourcePort(s: port, s: protocol) → b
2526 Return whether (port, protocol) is in list of source ports of
2527 zone. See source-port tag in firewalld.zone(5). For runtime
2528 operation see
2529 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2530
2531 remove() → Nothing
2532 Remove not built-in zone.
2533
2534 Possible errors: BUILTIN_ZONE
2535
2536 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2537 Nothing
2538 Permanently remove (port, protocol, toport, toaddr) from list
2539 of forward ports of zone. See forward-port tag in
2540 firewalld.zone(5). For runtime operation see
2541 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2542
2543 Possible errors: NOT_ENABLED
2544
2545 removeIcmpBlock(s: icmptype) → Nothing
2546 Permanently remove icmptype from list of icmp types blocked in
2547 zone. See icmp-block tag in firewalld.zone(5). For runtime
2548 operation see
2549 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2550
2551 Possible errors: NOT_ENABLED
2552
2553 removeIcmpBlockInversion() → Nothing
2554 Permanently remove icmp block inversion from the zone. See
2555 icmp-block-inversion tag in firewalld.zone(5). For runtime
2556 operation see
2557 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2558
2559 Possible errors: NOT_ENABLED
2560
2561 removeInterface(s: interface) → Nothing
2562 Permanently remove interface from list of interfaces bound to
2563 zone. See interface tag in firewalld.zone(5). For runtime
2564 operation see
2565 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2566
2567 Possible errors: NOT_ENABLED
2568
2569 removeMasquerade() → Nothing
2570 Permanently disable masquerading in zone. See masquerade tag in
2571 firewalld.zone(5). For runtime operation see
2572 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2573
2574 Possible errors: NOT_ENABLED
2575
2576 removePort(s: port, s: protocol) → Nothing
2577 Permanently remove (port, protocol) from list of ports of zone.
2578 See port tag in firewalld.zone(5). For runtime operation see
2579 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2580
2581 Possible errors: NOT_ENABLED
2582
2583 removeProtocol(s: protocol) → Nothing
2584 Permanently remove protocol from zone. For runtime operation
2585 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2586
2587 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2588
2589 removeRichRule(s: rule) → Nothing
2590 Permanently remove rule from list of rich-language rules in
2591 zone. See rule tag in firewalld.zone(5). For runtime operation
2592 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2593
2594 Possible errors: NOT_ENABLED
2595
2596 removeService(s: service) → Nothing
2597 Permanently remove service from list of services used in zone.
2598 See service tag in firewalld.zone(5). For runtime operation see
2599 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2600
2601 Possible errors: NOT_ENABLED
2602
2603 removeSource(s: source) → Nothing
2604 Permanently remove source from list of source addresses bound
2605 to zone. See source tag in firewalld.zone(5). For runtime
2606 operation see
2607 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2608
2609 Possible errors: NOT_ENABLED
2610
2611 removeSourcePort(s: port, s: protocol) → Nothing
2612 Permanently remove (port, protocol) from list of source ports
2613 of zone. See source-port tag in firewalld.zone(5). For runtime
2614 operation see
2615 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2616
2617 Possible errors: NOT_ENABLED
2618
2619 rename(s: name) → Nothing
2620 Rename not built-in zone to name.
2621
2622 Possible errors: BUILTIN_ZONE
2623
2624 setDescription(s: description) → Nothing
2625 Permanently set description of zone to description. See
2626 description tag in firewalld.zone(5).
2627
2628 setForwardPorts(a(ssss): ports) → Nothing
2629 Permanently set forward ports of zone to list of (port,
2630 protocol, toport, toaddr). See forward-port tag in
2631 firewalld.zone(5).
2632
2633 setIcmpBlockInversion(b: flag) → Nothing
2634 Permanently set icmp block inversion flag of zone to flag. See
2635 icmp-block-inversion tag in firewalld.zone(5).
2636
2637 setIcmpBlocks(as: icmptypes) → Nothing
2638 Permanently set list of icmp types blocked in zone to
2639 icmptypes. See icmp-block tag in firewalld.zone(5).
2640
2641 setInterfaces(as: interfaces) → Nothing
2642 Permanently set list of interfaces bound to zone to interfaces.
2643 See interface tag in firewalld.zone(5).
2644
2645 setMasquerade(b: masquerade) → Nothing
2646 Permanently set masquerading in zone to masquerade. See
2647 masquerade tag in firewalld.zone(5).
2648
2649 setPorts(a(ss): ports) → Nothing
2650 Permanently set ports of zone to list of (port, protocol). See
2651 port tag in firewalld.zone(5).
2652
2653 setProtocols(as: protocols) → Nothing
2654 Permanently set list of protocols used in zone to protocols.
2655 See protocol tag in firewalld.zone(5).
2656
2657 setRichRules(as: rules) → Nothing
2658 Permanently set list of rich-language rules to rules. See rule
2659 tag in firewalld.zone(5).
2660
2661 setServices(as: services) → Nothing
2662 Permanently set list of services used in zone to services. See
2663 service tag in firewalld.zone(5).
2664
2665 setShort(s: short) → Nothing
2666 Permanently set name of zone to short. See short tag in
2667 firewalld.zone(5).
2668
2669 setSourcePorts(a(ss): ports) → Nothing
2670 Permanently set source-ports of zone to list of (port,
2671 protocol). See source-port tag in firewalld.zone(5).
2672
2673 setSources(as: sources) → Nothing
2674 Permanently set list of source addresses bound to zone to
2675 sources. See source tag in firewalld.zone(5).
2676
2677 setTarget(s: target) → Nothing
2678 Permanently set target of zone to target. See target attribute
2679 of zone tag in firewalld.zone(5).
2680
2681 setVersion(s: version) → Nothing
2682 Permanently set version of zone to version. See version
2683 attribute of zone tag in firewalld.zone(5).
2684
2685 update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2686 Update settings of zone to settings. Settings are in format:
2687 version, name, description, UNUSED, target, array of services,
2688 array of ports (port, protocol), array of icmp-blocks,
2689 masquerade, array of forward-ports (port, protocol, to-port,
2690 to-addr), array of interfaces, array of sources, array of rich
2691 rules, array of protocols and array of source-ports (port,
2692 protocol).
2693
2694 version (s): see version attribute of zone tag in
2695 firewalld.zone(5).
2696
2697 name (s): see short tag in firewalld.zone(5).
2698
2699 description (s): see description tag in firewalld.zone(5).
2700
2701 UNUSED (b): this boolean value is no longer used for anything.
2702
2703 target (s): see target attribute of zone tag in
2704 firewalld.zone(5).
2705
2706 services (as): array of service names, see service tag in
2707 firewalld.zone(5).
2708
2709 ports (a(ss)): array of port and protocol pairs. See port tag
2710 in firewalld.zone(5).
2711
2712 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2713 firewalld.zone(5).
2714
2715 masquerade (b): see masquerade tag in firewalld.zone(5).
2716
2717 forward-ports (a(ssss)): array of (port, protocol, to-port,
2718 to-addr). See forward-port tag in firewalld.zone(5).
2719
2720 interfaces (as): array of interfaces. See interface tag in
2721 firewalld.zone(5).
2722
2723 source addresses (as): array of source addresses. See source
2724 tag in firewalld.zone(5).
2725
2726 rich rules (as): array of rich-language rules. See rule tag in
2727 firewalld.zone(5).
2728
2729 protocols (as): array of protocols. See protocol tag in
2730 firewalld.zone(5).
2731
2732 source-ports (a(ss)): array of port and protocol pairs. See
2733 source-port tag in firewalld.zone(5).
2734
2735 Possible errors: INVALID_TYPE
2736
2737 Signals
2738 Removed(s: name)
2739 Emitted when zone with name has been removed.
2740
2741 Renamed(s: name)
2742 Emitted when zone has been renamed to name.
2743
2744 Updated(s: name)
2745 Emitted when zone with name has been updated.
2746
2747 Properties
2748 builtin - b - (ro)
2749 True if zone is build-in, false else.
2750
2751 default - b - (ro)
2752 True if build-in zone has default settings. False if it has
2753 been modified. Always False for not build-in zones.
2754
2755 filename - s - (ro)
2756 Name (including .xml extension) of file where the configuration
2757 is stored.
2758
2759 name - s - (ro)
2760 Name of zone.
2761
2762 path - s - (ro)
2763 Path to directory where the zone configuration is stored.
2764 Should be either /usr/lib/firewalld/zones or
2765 /etc/firewalld/zones.
2766
2767 org.fedoraproject.FirewallD1.config.service
2768 Interface for permanent service configuration, see also
2769 firewalld.service(5).
2770
2771 Methods
2772 addModule(s: module) → Nothing
2773 Permanently add module to list of modules (netfilter kernel
2774 helpers) used in service. See module tag in
2775 firewalld.service(5).
2776
2777 Possible errors: ALREADY_ENABLED
2778
2779 addPort(s: port, s: protocol) → Nothing
2780 Permanently add (port, protocol) to list of ports in service.
2781 See port tag in firewalld.service(5).
2782
2783 Possible errors: ALREADY_ENABLED
2784
2785 addProtocol(s: protocol) → Nothing
2786 Permanently add protocol into zone. The protocol can be any
2787 protocol supported by the system. Please have a look at
2788 /etc/protocols for supported protocols. See protocol tag in
2789 firewalld.service(5).
2790
2791 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2792
2793 addSourcePort(s: port, s: protocol) → Nothing
2794 Permanently add (port, protocol) to list of source ports in
2795 service. See source-port tag in firewalld.service(5).
2796
2797 Possible errors: ALREADY_ENABLED
2798
2799 getDescription() → s
2800 Get description of service. See description tag in
2801 firewalld.service(5).
2802
2803 getDestination(s: family) → s
2804 Get destination for IP family being either 'ipv4' or 'ipv6'.
2805 See destination tag in firewalld.service(5).
2806
2807 Possible errors: ALREADY_ENABLED
2808
2809 getDestinations() → a{ss}
2810 Get list of destinations. Return value is a dictionary of {IP
2811 family : IP address} where 'IP family' key can be either 'ipv4'
2812 or 'ipv6'. See destination tag in firewalld.service(5).
2813
2814 getModules() → as
2815 Get list of modules (netfilter kernel helpers) used in service.
2816 See module tag in firewalld.service(5).
2817
2818 getPorts() → a(ss)
2819 Get list of (port, protocol) defined in service. See port tag
2820 in firewalld.service(5).
2821
2822 getProtocols() → as
2823 Return array of protocols (s) defined in service. See protocol
2824 tag in firewalld.service(5).
2825
2826 getSettings() → (sssa(ss)asa{ss}asa(ss))
2827 This function is deprecated, use
2828 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
2829 instead.
2830
2831 getSettings2(s: service) → s{sv}
2832 Return runtime settings of given service. For getting runtime
2833 settings see
2834 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
2835 Settings are a dictionary indexed by keywords. For the type of
2836 each value see below. If the value is empty it may be ommitted.
2837
2838 version (s): see version attribute of service tag in
2839 firewalld.service(5).
2840
2841 name (s): see short tag in firewalld.service(5).
2842
2843 description (s): see description tag in firewalld.service(5).
2844
2845 ports (a(ss)): array of port and protocol pairs. See port tag
2846 in firewalld.service(5).
2847
2848 module names (as): array of kernel netfilter helpers, see
2849 module tag in firewalld.service(5).
2850
2851 destinations (a{ss}): dictionary of {IP family : IP address}
2852 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2853 destination tag in firewalld.service(5).
2854
2855 protocols (as): array of protocols, see protocol tag in
2856 firewalld.service(5).
2857
2858 source_ports (a(ss)): array of port and protocol pairs. See
2859 source-port tag in firewalld.service(5).
2860
2861 includes (as): array of service includes, see include tag in
2862 firewalld.service(5).
2863
2864
2865 getShort() → s
2866 Get name of service. See short tag in firewalld.service(5).
2867
2868 getSourcePorts() → a(ss)
2869 Get list of (port, protocol) defined in service. See
2870 source-port tag in firewalld.service(5).
2871
2872 getVersion() → s
2873 Get version of service. See version attribute of service tag in
2874 firewalld.service(5).
2875
2876 loadDefaults() → Nothing
2877 Load default settings for built-in service.
2878
2879 Possible errors: NO_DEFAULTS
2880
2881 queryDestination(s: family, s: address) → b
2882 Return whether a destination is in dictionary of destinations
2883 of this service. destination is in format: (IP family, IP
2884 address) where IP family can be either 'ipv4' or 'ipv6'. See
2885 destination tag in firewalld.service(5).
2886
2887 queryModule(s: module) → b
2888 Return whether module is in list of modules (netfilter kernel
2889 helpers) used in service. See module tag in
2890 firewalld.service(5).
2891
2892 queryPort(s: port, s: protocol) → b
2893 Return whether (port, protocol) is in list of ports in service.
2894 See port tag in firewalld.service(5).
2895
2896 queryProtocol(s: protocol) → b
2897 Return whether protocol is in list of protocols in service. See
2898 protocol tag in firewalld.service(5).
2899
2900 querySourcePort(s: port, s: protocol) → b
2901 Return whether (port, protocol) is in list of source ports in
2902 service. See source-port tag in firewalld.service(5).
2903
2904 remove() → Nothing
2905 Remove not built-in service.
2906
2907 Possible errors: BUILTIN_SERVICE
2908
2909 removeDestination(s: family) → Nothing
2910 Permanently remove a destination with family ('ipv4' or 'ipv6')
2911 from service. See destination tag in firewalld.service(5).
2912
2913 Possible errors: NOT_ENABLED
2914
2915 removeModule(s: module) → Nothing
2916 Permanently remove module from list of modules (netfilter
2917 kernel helpers) used in service. See module tag in
2918 firewalld.service(5).
2919
2920 Possible errors: NOT_ENABLED
2921
2922 removePort(s: port, s: protocol) → Nothing
2923 Permanently remove (port, protocol) from list of ports in
2924 service. See port tag in firewalld.service(5).
2925
2926 Possible errors: NOT_ENABLED
2927
2928 removeProtocol(s: protocol) → Nothing
2929 Permanently remove protocol from list of protocols in service.
2930 See protocol tag in firewalld.service(5).
2931
2932 Possible errors: NOT_ENABLED
2933
2934 removeSourcePort(s: port, s: protocol) → Nothing
2935 Permanently remove (port, protocol) from list of source ports
2936 in service. See source-port tag in firewalld.service(5).
2937
2938 Possible errors: NOT_ENABLED
2939
2940 rename(s: name) → Nothing
2941 Rename not built-in service to name.
2942
2943 Possible errors: BUILTIN_SERVICE
2944
2945 setDescription(s: description) → Nothing
2946 Permanently set description of service to description. See
2947 description tag in firewalld.service(5).
2948
2949 setDestination(s: family, s: address) → Nothing
2950 Permanently set a destination address. destination is in
2951 format: (IP family, IP address) where IP family can be either
2952 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2953
2954 Possible errors: ALREADY_ENABLED
2955
2956 setDestinations(a{ss}: destinations) → Nothing
2957 Permanently set destinations of service to destinations, which
2958 is a dictionary of {IP family : IP address} where 'IP family'
2959 key can be either 'ipv4' or 'ipv6'. See destination tag in
2960 firewalld.service(5).
2961
2962 setModules(as: modules) → Nothing
2963 Permanently set list of modules (netfilter kernel helpers) used
2964 in service to modules. See module tag in firewalld.service(5).
2965
2966 setPorts(a(ss): ports) → Nothing
2967 Permanently set ports of service to list of (port, protocol).
2968 See port tag in firewalld.service(5).
2969
2970 setProtocols(as: protocols) → Nothing
2971 Permanently set protocols of service to list of protocols. See
2972 protocol tag in firewalld.service(5).
2973
2974 setShort(s: short) → Nothing
2975 Permanently set name of service to short. See short tag in
2976 firewalld.service(5).
2977
2978 setSourcePorts(a(ss): ports) → Nothing
2979 Permanently set source-ports of service to list of (port,
2980 protocol). See source-port tag in firewalld.service(5).
2981
2982 setVersion(s: version) → Nothing
2983 Permanently set version of service to version. See version
2984 attribute of service tag in firewalld.service(5).
2985
2986 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2987 This function is deprecated, use
2988 org.fedoraproject.FirewallD1.config.service.Methods.update2
2989 instead.
2990
2991 update2a{sv}: settings) → Nothing
2992 Update settings of service to settings. Settings are a
2993 dictionary indexed by keywords. For the type of each value see
2994 below. To zero a value pass an empty string or list.
2995
2996 version (s): see version attribute of service tag in
2997 firewalld.service(5).
2998
2999 name (s): see short tag in firewalld.service(5).
3000
3001 description (s): see description tag in firewalld.service(5).
3002
3003 ports (a(ss)): array of port and protocol pairs. See port tag
3004 in firewalld.service(5).
3005
3006 module names (as): array of kernel netfilter helpers, see
3007 module tag in firewalld.service(5).
3008
3009 destinations (a{ss}): dictionary of {IP family : IP address}
3010 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3011 destination tag in firewalld.service(5).
3012
3013 protocols (as): array of protocols, see protocol tag in
3014 firewalld.service(5).
3015
3016 source_ports (a(ss)): array of port and protocol pairs. See
3017 source-port tag in firewalld.service(5).
3018
3019 includes (as): array of service includes, see include tag in
3020 firewalld.service(5).
3021
3022 Possible errors: INVALID_TYPE
3023
3024 Signals
3025 Removed(s: name)
3026 Emitted when service with name has been removed.
3027
3028 Renamed(s: name)
3029 Emitted when service has been renamed to name.
3030
3031 Updated(s: name)
3032 Emitted when service with name has been updated.
3033
3034 Properties
3035 builtin - b - (ro)
3036 True if service is build-in, false else.
3037
3038 default - b - (ro)
3039 True if build-in service has default settings. False if it has
3040 been modified. Always False for not build-in services.
3041
3042 filename - s - (ro)
3043 Name (including .xml extension) of file where the configuration
3044 is stored.
3045
3046 name - s - (ro)
3047 Name of service.
3048
3049 path - s - (ro)
3050 Path to directory where the configuration is stored. Should be
3051 either /usr/lib/firewalld/services or /etc/firewalld/services.
3052
3053 org.fedoraproject.FirewallD1.config.helper
3054 Interface for permanent helper configuration, see also
3055 firewalld.helper(5).
3056
3057 Methods
3058 addPort(s: port, s: protocol) → Nothing
3059 Permanently add (port, protocol) to list of ports in helper.
3060 See port tag in firewalld.helper(5).
3061
3062 Possible errors: ALREADY_ENABLED
3063
3064 getDescription() → s
3065 Get description of helper. See description tag in
3066 firewalld.helper(5).
3067
3068 getFamily() → s
3069 Get family being 'ipv4', 'ipv6' or empty for both. See family
3070 tag in firewalld.helper(5).
3071
3072 getModule() → s
3073 Get modules (netfilter kernel helpers) used in helper. See
3074 module tag in firewalld.helper(5).
3075
3076 getPorts() → a(ss)
3077 Get list of (port, protocol) defined in helper. See port tag in
3078 firewalld.helper(5).
3079
3080 getSettings() → (sssssa(ss))
3081 Return permanent settings of a helper. For getting runtime
3082 settings see
3083 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3084 Settings are in format: version, name, description, family,
3085 module, array of ports (port, protocol).
3086
3087 version (s): see version attribute of helper tag in
3088 firewalld.helper(5).
3089
3090 name (s): see short tag in firewalld.helper(5).
3091
3092 description (s): see description tag in firewalld.helper(5).
3093
3094 family (s): see family tag in firewalld.helper(5).
3095
3096 module (s): see module tag in firewalld.helper(5).
3097
3098 ports (a(ss)): array of port and protocol pairs. See port tag
3099 in firewalld.helper(5).
3100
3101
3102 getShort() → s
3103 Get name of helper. See short tag in firewalld.helper(5).
3104
3105 getVersion() → s
3106 Get version of helper. See version attribute of helper tag in
3107 firewalld.helper(5).
3108
3109 loadDefaults() → Nothing
3110 Load default settings for built-in helper.
3111
3112 Possible errors: NO_DEFAULTS
3113
3114 queryFamily(s: module) → b
3115 Return whether family is set for helper. See family tag in
3116 firewalld.helper(5).
3117
3118 queryModule(s: module) → b
3119 Return whether module (netfilter kernel helpers) is used in
3120 helper. See module tag in firewalld.helper(5).
3121
3122 queryPort(s: port, s: protocol) → b
3123 Return whether (port, protocol) is in list of ports in helper.
3124 See port tag in firewalld.helper(5).
3125
3126 remove() → Nothing
3127 Remove not built-in helper.
3128
3129 Possible errors: BUILTIN_HELPER
3130
3131 removePort(s: port, s: protocol) → Nothing
3132 Permanently remove (port, protocol) from list of ports in
3133 helper. See port tag in firewalld.helper(5).
3134
3135 Possible errors: NOT_ENABLED
3136
3137 rename(s: name) → Nothing
3138 Rename not built-in helper to name.
3139
3140 Possible errors: BUILTIN_HELPER
3141
3142 setDescription(s: description) → Nothing
3143 Permanently set description of helper to description. See
3144 description tag in firewalld.helper(5).
3145
3146 setFamily(s: family) → Nothing
3147 Permanently set family of helper to family. See family tag in
3148 firewalld.helper(5).
3149
3150 setModule(s: module) → Nothing
3151 Permanently set module of helper to description. See module tag
3152 in firewalld.helper(5).
3153
3154 setPorts(a(ss): ports) → Nothing
3155 Permanently set ports of helper to list of (port, protocol).
3156 See port tag in firewalld.helper(5).
3157
3158 setShort(s: short) → Nothing
3159 Permanently set name of helper to short. See short tag in
3160 firewalld.helper(5).
3161
3162 setVersion(s: version) → Nothing
3163 Permanently set version of helper to version. See version
3164 attribute of helper tag in firewalld.helper(5).
3165
3166 update((sssssa(ss)): settings) → Nothing
3167 Update settings of helper to settings. Settings are in format:
3168 version, name, description, family, module and array of ports.
3169
3170 version (s): see version attribute of helper tag in
3171 firewalld.helper(5).
3172
3173 name (s): see short tag in firewalld.helper(5).
3174
3175 description (s): see description tag in firewalld.helper(5).
3176
3177 family (s): see family tag in firewalld.helper(5).
3178
3179 module (s): see module tag in firewalld.helper(5).
3180
3181 ports (a(ss)): array of port and protocol pairs. See port tag
3182 in firewalld.helper(5).
3183
3184 Possible errors: INVALID_HELPER
3185
3186 Signals
3187 Removed(s: name)
3188 Emitted when helper with name has been removed.
3189
3190 Renamed(s: name)
3191 Emitted when helper has been renamed to name.
3192
3193 Updated(s: name)
3194 Emitted when helper with name has been updated.
3195
3196 Properties
3197 builtin - b - (ro)
3198 True if helper is build-in, false else.
3199
3200 default - b - (ro)
3201 True if build-in helper has default settings. False if it has
3202 been modified. Always False for not build-in helpers.
3203
3204 filename - s - (ro)
3205 Name (including .xml extension) of file where the configuration
3206 is stored.
3207
3208 name - s - (ro)
3209 Name of helper.
3210
3211 path - s - (ro)
3212 Path to directory where the configuration is stored. Should be
3213 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3214
3215 org.fedoraproject.FirewallD1.config.icmptype
3216 Interface for permanent icmp type configuration, see also
3217 firewalld.icmptype(5).
3218
3219 Methods
3220 addDestination(s: destination) → Nothing
3221 Permanently add a destination ('ipv4' or 'ipv6') to list of
3222 destinations of this icmp type. See destination tag in
3223 firewalld.icmptype(5).
3224
3225 Possible errors: ALREADY_ENABLED
3226
3227 getDescription() → s
3228 Get description of icmp type. See description tag in
3229 firewalld.icmptype(5).
3230
3231 getDestinations() → as
3232 Get list of destinations. See destination tag in
3233 firewalld.icmptype(5).
3234
3235 getSettings() → (sssas)
3236 Return permanent settings of icmp type. For getting runtime
3237 settings see
3238 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3239 Settings are in format: version, name, description, array of
3240 destinations.
3241
3242 version (s): see version attribute of icmptype tag in
3243 firewalld.icmptype(5).
3244
3245 name (s): see short tag in firewalld.icmptype(5).
3246
3247 description (s): see description tag in firewalld.icmptype(5).
3248
3249 destinations (as): array, either empty or containing strings
3250 'ipv4' and/or 'ipv6', see destination tag in
3251 firewalld.icmptype(5).
3252
3253
3254 getShort() → s
3255 Get name of icmp type. See short tag in firewalld.icmptype(5).
3256
3257 getVersion() → s
3258 Get version of icmp type. See version attribute of icmptype tag
3259 in firewalld.icmptype(5).
3260
3261 loadDefaults() → Nothing
3262 Load default settings for built-in icmp type.
3263
3264 Possible errors: NO_DEFAULTS
3265
3266 queryDestination(s: destination) → b
3267 Return whether a destination ('ipv4' or 'ipv6') is in list of
3268 destinations of this icmp type. See destination tag in
3269 firewalld.icmptype(5).
3270
3271 remove() → Nothing
3272 Remove not built-in icmp type.
3273
3274 Possible errors: BUILTIN_ICMPTYPE
3275
3276 removeDestination(s: destination) → Nothing
3277 Permanently remove a destination ('ipv4' or 'ipv6') from list
3278 of destinations of this icmp type. See destination tag in
3279 firewalld.icmptype(5).
3280
3281 Possible errors: NOT_ENABLED
3282
3283 rename(s: name) → Nothing
3284 Rename not built-in icmp type to name.
3285
3286 Possible errors: BUILTIN_ICMPTYPE
3287
3288 setDescription(s: description) → Nothing
3289 Permanently set description of icmp type to description. See
3290 description tag in firewalld.icmptype(5).
3291
3292 setDestinations(as: destinations) → Nothing
3293 Permanently set destinations of icmp type to destinations,
3294 which is array, either empty or containing strings 'ipv4'
3295 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3296
3297 setShort(s: short) → Nothing
3298 Permanently set name of icmp type to short. See short tag in
3299 firewalld.icmptype(5).
3300
3301 setVersion(s: version) → Nothing
3302 Permanently set version of icmp type to version. See version
3303 attribute of icmptype tag in firewalld.icmptype(5).
3304
3305 update((sssas): settings) → Nothing
3306 Update permanent settings of icmp type to settings. Settings
3307 are in format: version, name, description, array of
3308 destinations.
3309
3310 version (s): see version attribute of icmptype tag in
3311 firewalld.icmptype(5).
3312
3313 name (s): see short tag in firewalld.icmptype(5).
3314
3315 description (s): see description tag in firewalld.icmptype(5).
3316
3317 destinations (as): array, either empty or containing strings
3318 'ipv4' and/or 'ipv6', see destination tag in
3319 firewalld.icmptype(5).
3320
3321
3322 Signals
3323 Removed(s: name)
3324 Emitted when icmp type with name has been removed.
3325
3326 Renamed(s: name)
3327 Emitted when icmp type has been renamed to name.
3328
3329 Updated(s: name)
3330 Emitted when icmp type with name has been updated.
3331
3332 Properties
3333 builtin - b - (ro)
3334 True if icmptype is build-in, false else.
3335
3336 default - b - (ro)
3337 True if build-in icmp type has default settings. False if it
3338 has been modified. Always False for not build-in zones.
3339
3340 filename - s - (ro)
3341 Name (including .xml extension) of file where the configuration
3342 is stored.
3343
3344 name - s - (ro)
3345 Name of icmp type.
3346
3347 path - s - (ro)
3348 Path to directory where the icmp type configuration is stored.
3349 Should be either /usr/lib/firewalld/icmptypes or
3350 /etc/firewalld/icmptypes.
3351
3353 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3354 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3355 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3356 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3357 firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3358 firewalld.helper(5)
3359
3361 firewalld home page:
3362 http://firewalld.org
3363
3364 More documentation with examples:
3365 http://fedoraproject.org/wiki/FirewallD
3366
3368 Thomas Woerner <twoerner@redhat.com>
3369 Developer
3370
3371 Jiri Popelka <jpopelka@redhat.com>
3372 Developer
3373
3374
3375
3376firewalld 0.7.2 FIREWALLD.DBUS(5)