1FIREWALLD.DBUS(5)               firewalld.dbus               FIREWALLD.DBUS(5)
2
3
4

NAME

6       firewalld.dbus - firewalld D-Bus interface description
7

OBJECT PATHS

9       This is the basic firewalld object path structure. The used interfaces
10       are explained below in the section called “INTERFACES”.
11
12           /org/fedoraproject/FirewallD1
13             Interfaces
14               org.fedoraproject.FirewallD1
15               org.fedoraproject.FirewallD1.direct
16               org.fedoraproject.FirewallD1.ipset
17               org.fedoraproject.FirewallD1.policies
18               org.fedoraproject.FirewallD1.zone
19               org.freedesktop.DBus.Introspectable
20               org.freedesktop.DBus.Properties
21
22           /org/fedoraproject/FirewallD1/config
23             Interfaces
24               org.fedoraproject.FirewallD1.config
25               org.fedoraproject.FirewallD1.config.direct
26               org.fedoraproject.FirewallD1.config.policies
27               org.freedesktop.DBus.Introspectable
28               org.freedesktop.DBus.Properties
29
30           /org/fedoraproject/FirewallD1/config/zone/i
31             Interfaces
32               org.fedoraproject.FirewallD1.config.zone
33               org.freedesktop.DBus.Introspectable
34               org.freedesktop.DBus.Properties
35
36           /org/fedoraproject/FirewallD1/config/service/i
37             Interfaces:
38               org.fedoraproject.FirewallD1.config.service
39               org.freedesktop.DBus.Introspectable
40               org.freedesktop.DBus.Properties
41
42           /org/fedoraproject/FirewallD1/config/ipset/i
43             Interfaces
44               org.fedoraproject.FirewallD1.config.ipset
45               org.freedesktop.DBus.Introspectable
46               org.freedesktop.DBus.Properties
47
48           /org/fedoraproject/FirewallD1/config/icmptype/i
49             Interfaces
50               org.fedoraproject.FirewallD1.config.icmptype
51               org.freedesktop.DBus.Introspectable
52               org.freedesktop.DBus.Properties
53
54
55

INTERFACES

57   org.fedoraproject.FirewallD1
58       This interface contains general runtime operations, like: reloading,
59       panic mode, default zone handling, getting services and icmp types and
60       their settings.
61
62       Methods
63           authorizeAll() → Nothing
64               Initiate authorization for the complete firewalld D-Bus
65               interface. This method it mostly useful for configuration
66               applications.
67
68           completeReload() → Nothing
69               Reload firewall completely, even netfilter kernel modules. This
70               will most likely terminate active connections, because state
71               information is lost. This option should only be used in case of
72               severe firewall problems. For example if there are state
73               information problems that no connection can be established with
74               correct firewall rules.
75
76           disablePanicMode() → Nothing
77               Disable panic mode. After disabling panic mode established
78               connections might work again, if panic mode was enabled for a
79               short period of time.
80
81               Possible errors: NOT_ENABLED, COMMAND_FAILED
82
83           enablePanicMode() → Nothing
84               Enable panic mode. All incoming and outgoing packets are
85               dropped, active connections will expire. Enable this only if
86               there are serious problems with your network environment.
87
88               Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89
90           getAutomaticHelpers() → s
91               Return the AutomaticHelpers value. For the secure use of
92               iptables and connection tracking helpers it is recommended to
93               turn AutomaticHelpers off. But this might have side effects on
94               other services using the netfilter helpers as the sysctl
95               setting in /proc/sys/net/netfilter/nf_conntrack_helper will be
96               changed. With the system setting, the default value set in the
97               kernel or with sysctl will be used. Possible values are: yes,
98               no and system. The default value is system.
99
100           getDefaultZone() → s
101               Return default zone.
102
103           getHelperSettings(s: helper) → (sssssa(ss))
104               Return runtime settings of given helper. For getting permanent
105               settings see
106               org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
107               Settings are in format: version, name, description, family,
108               module and array of ports.
109
110               version (s): see version attribute of helper tag in
111               firewalld.helper(5).
112
113               name (s): see short tag in firewalld.helper(5).
114
115               description (s): see description tag in firewalld.helper(5).
116
117               family (s): see family tag in firewalld.helper(5).
118
119               module (s): see module tag in firewalld.helper(5).
120
121               ports (a(ss)): array of port and protocol pairs. See port tag
122               in firewalld.helper(5).
123
124               Possible errors: INVALID_HELPER
125
126           getHelpers() → as
127               Return array of helper names (s) in runtime configuration. For
128               permanent configuration see
129               org.fedoraproject.FirewallD1.config.Methods.listHelpers.
130
131           getIcmpTypeSettings(s: icmptype) → (sssas)
132               Return runtime settings of given icmptype. For getting
133               permanent settings see
134               org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
135               Settings are in format: version, name, description, array of
136               destinations.
137
138               version (s): see version attribute of icmptype tag in
139               firewalld.icmptype(5).
140
141               name (s): see short tag in firewalld.icmptype(5).
142
143               description (s): see description tag in firewalld.icmptype(5).
144
145               destinations (as): array, either empty or containing strings
146               'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
147
148               Possible errors: INVALID_ICMPTYPE
149
150           getLogDenied() → s
151               Retruns the LogDenied value. If LogDenied is enabled, then
152               logging rules are added right before reject and drop rules in
153               the INPUT, FORWARD and OUTPUT chains for the default rules and
154               also final reject and drop rules in zones. Possible values are:
155               all, unicast, broadcast, multicast and off. The default value
156               is off
157
158           getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
159               This function is deprecated, use
160               org.fedoraproject.FirewallD1.Methods.getServiceSettings2
161               instead.
162
163           getServiceSettings2(s: service) → s{sv}
164               Return runtime settings of given service. For getting permanent
165               settings see
166               org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
167               Settings are a dictionary indexed by keywords. For the type of
168               each value see below. If the value is empty it may be ommitted.
169
170               version (s): see version attribute of service tag in
171               firewalld.service(5).
172
173               name (s): see short tag in firewalld.service(5).
174
175               description (s): see description tag in firewalld.service(5).
176
177               ports (a(ss)): array of port and protocol pairs. See port tag
178               in firewalld.service(5).
179
180               module names (as): array of kernel netfilter helpers, see
181               module tag in firewalld.service(5).
182
183               destinations (a{ss}): dictionary of {IP family : IP address}
184               where 'IP family' key can be either 'ipv4' or 'ipv6'. See
185               destination tag in firewalld.service(5).
186
187               protocols (as): array of protocols, see protocol tag in
188               firewalld.service(5).
189
190               source_ports (a(ss)): array of port and protocol pairs. See
191               source-port tag in firewalld.service(5).
192
193               includes (as): array of service includes, see include tag in
194               firewalld.service(5).
195
196               Possible errors: INVALID_SERVICE
197
198           getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
199               Return runtime settings of given zone. For getting permanent
200               settings see
201               org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
202               Settings are in format: version, name, description, UNUSED,
203               target, array of services, array of ports (port, protocol),
204               array of icmp-blocks, masquerade, array of forward-ports (port,
205               protocol, to-port, to-addr), array of interfaces, array of
206               sources, array of rich rules, array of protocols and array of
207               source-ports (port, protocol).
208
209               version (s): see version attribute of zone tag in
210               firewalld.zone(5).
211
212               name (s): see short tag in firewalld.zone(5).
213
214               description (s): see description tag in firewalld.zone(5).
215
216               UNUSED (b): this boolean value is no longer used for anything.
217
218               target (s): see target attribute of zone tag in
219               firewalld.zone(5).
220
221               services (as): array of service names, see service tag in
222               firewalld.zone(5).
223
224               ports (a(ss)): array of port and protocol pairs. See port tag
225               in firewalld.zone(5).
226
227               icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
228               firewalld.zone(5).
229
230               masquerade (b): see masquerade tag in firewalld.zone(5).
231
232               forward-ports (a(ssss)): array of (port, protocol, to-port,
233               to-addr). See forward-port tag in firewalld.zone(5).
234
235               interfaces (as): array of interfaces. See interface tag in
236               firewalld.zone(5).
237
238               source addresses (as): array of source addresses. See source
239               tag in firewalld.zone(5).
240
241               rich rules (as): array of rich-language rules. See rule tag in
242               firewalld.zone(5).
243
244               protocols (as): array of protocols, see protocol tag in
245               firewalld.zone(5).
246
247               source-ports (a(ss)): array of port and protocol pairs. See
248               source-port tag in firewalld.zone(5).
249
250               Possible errors: INVALID_ZONE
251
252           listIcmpTypes() → as
253               Return array of names (s) of icmp types in runtime
254               configuration. For permanent configuration see
255               org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
256
257           listServices() → as
258               Return array of service names (s) in runtime configuration. For
259               permanent configuration see
260               org.fedoraproject.FirewallD1.config.Methods.listServices.
261
262           queryPanicMode() → b
263               Return true if panic mode is enabled, false otherwise. In panic
264               mode all incoming and outgoing packets are dropped.
265
266           reload() → Nothing
267               Reload firewall rules and keep state information. Current
268               permanent configuration will become new runtime configuration,
269               i.e. all runtime only changes done until reload are lost with
270               reload if they have not been also in permanent configuration.
271
272           runtimeToPermanent() → Nothing
273               Make runtime settings permanent. Replaces permanent settings
274               with runtime settings for zones, services, icmptypes, direct
275               and policies (lockdown whitelist).
276
277               Possible errors: RT_TO_PERM_FAILED
278
279           checkPermanentConfig() → Nothing
280               Run checks on the permanent configuration. This is most useful
281               if changes were made manually to configuration files.
282
283               Possible errors: any
284
285           setDefaultZone(s: zone) → Nothing
286               Set default zone for connections and interfaces where no zone
287               has been selected to zone. Setting the default zone changes the
288               zone for the connections or interfaces, that are using the
289               default zone. This is a runtime and permanent change.
290
291               Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
292
293           setLogDenied(s: value) → Nothing
294               Set LogDenied value to value. If LogDenied is enabled, then
295               logging rules are added right before reject and drop rules in
296               the INPUT, FORWARD and OUTPUT chains for the default rules and
297               also final reject and drop rules in zones. Possible values are:
298               all, unicast, broadcast, multicast and off. The default value
299               is off This is a runtime and permanent change.
300
301               Possible errors: ALREADY_SET, INVALID_VALUE
302
303       Signals
304           DefaultZoneChanged(s: zone)
305               Emitted when default zone has been changed to zone.
306
307           LogDeniedChanged(s: value)
308               Emitted when LogDenied value has been changed.
309
310           PanicModeDisabled()
311               Emitted when panic mode has been deactivated.
312
313           PanicModeEnabled()
314               Emitted when panic mode has been activated.
315
316           Reloaded()
317               Emitted when firewalld has been reloaded. Also emitted for a
318               complete reload.
319
320       Properties
321           BRIDGE - b - (ro)
322               Indicates whether the firewall has ethernet bridge support.
323
324           IPSet - b - (ro)
325               Indicates whether the firewall has IPSet support.
326
327           IPSetTypes - as - (ro)
328               The supported IPSet types by ipset and firewalld.
329
330           IPv4 - b - (ro)
331               Indicates whether the firewall has IPv4 support.
332
333           IPv4ICMPTypes - as - (ro)
334               The list of supported IPv4 ICMP types.
335
336           IPv6 - b - (ro)
337               Indicates whether the firewall has IPv6 support.
338
339           IPv6_rpfilter - b - (ro)
340               Indicates whether the reverse path filter test on a packet for
341               IPv6 is enabled. If a reply to the packet would be sent via the
342               same interface that the packet arrived on, the packet will
343               match and be accepted, otherwise dropped.
344
345           IPv6ICMPTypes - as - (ro)
346               The list of supported IPv6 ICMP types.
347
348           nf_conntrach_helper_setting - b - (ro)
349               Kernel nf_conntrack_helper setting.
350
351           nf_conntrack_helpers - a{sas} - (ro)
352               The list of conntrack helpers supported by the kernel.
353
354           nf_nat_helpers - a{sas} - (ro)
355               The list of nat helpers supported by the kernel.
356
357           interface_version - s - (ro)
358               firewalld D-Bus interface version string.
359
360           state - s - (ro)
361               firewalld state. This can be either INIT, FAILED, or RUNNING.
362               In INIT state, firewalld is starting up and initializing. In
363               FAILED state, firewalld completely started but experienced a
364               failure.
365
366           version - s - (ro)
367               firewalld version string.
368
369   org.fedoraproject.FirewallD1.ipset
370       Operations in this interface allows to get, add, remove and query
371       runtime ipset settings. For permanent configuration see
372       org.fedoraproject.FirewallD1.config.ipset interface.
373
374       Methods
375           addEntry(s: ipset, s: entry) → as
376               Add a new entry to ipset. The entry must match the type of the
377               ipset. If the ipset is using the timeout option, it is not
378               possible to see the entries, as they are timing out
379               automatically in the kernel. For permanent operation see
380               org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
381
382               Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
383
384           getEntries(s: ipset) → Nothing
385               Get all entries added to the ipset. If the ipset is using the
386               timeout option, it is not possible to see the entries, as they
387               are timing out automatically in the kernel. Return value is a
388               array of entry. For permanent operation see
389               org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
390
391               Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
392
393           getSettings(s: ipset) → (ssssa{ss}as)
394               Return runtime settings of given ipset. For getting permanent
395               settings see
396               org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
397               Settings are in format: version, name, description, type,
398               dictionary of options and array of entries.
399
400               version (s): see version attribute of ipset tag in
401               firewalld.ipset(5).
402
403               name (s): see short tag in firewalld.ipset(5).
404
405               description (s): see description tag in firewalld.ipset(5).
406
407               type (s): see type attribute of ipset tag in
408               firewalld.ipset(5).
409
410               options (a{ss}): dictionary of {option : value} . See options
411               tag in firewalld.ipset(5).
412
413               entries (as): array of entries, see entry tag in
414               firewalld.ipset(5).
415
416               Possible errors: INVALID_IPSET
417
418           getIPSets() → as
419               Return array of ipset names (s) in runtime configuration. For
420               permanent configuration see
421               org.fedoraproject.FirewallD1.config.Methods.listIPSets.
422
423           queryService(s: ipset, s: entry) → b
424               Return whether entry has been added to ipset. For permanent
425               operation see
426               org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
427
428               Possible errors: INVALID_IPSET
429
430           queryService(s: ipset) → b
431               Return whether ipset is defined in runtime configuration.
432
433           removeEntry(s: ipset, s: entry) → as
434               Removes an entry from ipset. For permanent operation see
435               org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
436
437               Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
438
439           setEntries(as: entries) → Nothing
440               Permanently set list of entries to entries. For permanent
441               operation see
442               org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
443               See entry tag in firewalld.ipset(5).
444
445       Signals
446           EntryAdded(s: ipset, s: entry)
447               Emitted when entry has been added to ipset.
448
449           EntryRemoved(s: ipset, s: entry)
450               Emitted when entry has been removed from ipset.
451
452   org.fedoraproject.FirewallD1.direct
453       This interface enables more direct access to the firewall. It enables
454       runtime manipulation with chains and rules. For permanent configuration
455       see org.fedoraproject.FirewallD1.config.direct interface.
456
457       Methods
458           addChain(s: ipv, s: table, s: chain) → Nothing
459               Add a new chain to table for ipv being either ipv4 (iptables)
460               or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
461               other chain with this name already. There already exist basic
462               chains to use with direct methods, for example INPUT_direct
463               chain. These chains are jumped into before chains for zones,
464               i.e. every rule put into INPUT_direct will be checked before
465               rules in zones. For permanent operation see
466               org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
467
468               Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
469               COMMAND_FAILED
470
471           addPassthrough(s: ipv, as: args) → Nothing
472               Add a tracked passthrough rule with the arguments args for ipv
473               being either ipv4 (iptables) or ipv6 (ip6tables) or eb
474               (ebtables). Valid commands in args are only -A/--append,
475               -I/--insert and -N/--new-chain. This method is (unlike
476               passthrough method) tracked, i.e. firewalld remembers it. It's
477               useful with
478               org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
479               permanent operation see
480               org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
481
482               Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
483
484           addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
485           Nothing
486               Add a rule with the arguments args to chain in table with
487               priority for ipv being either ipv4 (iptables) or ipv6
488               (ip6tables) or eb (ebtables). The priority is used to order
489               rules. Priority 0 means add rule on top of the chain, with a
490               higher priority the rule will be added further down. Rules with
491               the same priority are on the same level and the order of these
492               rules is not fixed and may change. If you want to make sure
493               that a rule will be added after another one, use a low priority
494               for the first and a higher for the following. For permanent
495               operation see
496               org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
497
498               Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
499               COMMAND_FAILED
500
501           getAllChains() → a(sss)
502               Get all chains added to all tables in format: ipv, table,
503               chain. This concerns only chains previously added with
504               addChain. Return value is a array of (ipv, table, chain). For
505               permanent operation see
506               org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
507
508               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
509               (ebtables).
510
511               table (s): one of filter, mangle, nat, raw, security
512
513               chain (s): name of a chain.
514
515
516           getAllPassthroughs() → a(sas)
517               Get all tracked passthrough rules added in all ipv types in
518               format: ipv, rule. This concerns only rules previously added
519               with addPassthrough. Return value is a array of (ipv, array of
520               arguments). For permanent operation see
521               org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
522
523               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
524               (ebtables).
525
526               arguments (as): array of commands, parameters and other
527               iptables/ip6tables/ebtables command line options.
528
529
530           getAllRules() → a(sssias)
531               Get all rules added to all chains in all tables in format: ipv,
532               table, chain, priority, rule. This concerns only rules
533               previously added with addRule. Return value is a array of (ipv,
534               table, chain, priority, array of arguments). For permanent
535               operation see
536               org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
537
538               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
539               (ebtables).
540
541               table (s): one of filter, mangle, nat, raw, security
542
543               chain (s): name of a chain.
544
545               priority (i): used to order rules.
546
547               arguments (as): array of commands, parameters and other
548               iptables/ip6tables/ebtables command line options.
549
550
551           getChains(s: ipv, s: table) → as
552               Return an array of chains (s) added to table for ipv being
553               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
554               This concerns only chains previously added with addChain. For
555               permanent operation see
556               org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
557
558               Possible errors: INVALID_IPV, INVALID_TABLE
559
560           getPassthroughs(s: ipv) → aas
561               Get tracked passthrough rules added in either ipv4 (iptables)
562               or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
563               previously added with addPassthrough. Return value is a array
564               of (array of arguments). For permanent operation see
565               org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
566
567               arguments (as): array of commands, parameters and other
568               iptables/ip6tables/ebtables command line options.
569
570
571           getRules(s: ipv, s: table, s: chain) → a(ias)
572               Get all rules added to chain in table for ipv being either ipv4
573               (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
574               only rules previously added with addRule. Return value is a
575               array of (priority, array of arguments). For permanent
576               operation see
577               org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
578
579               priority (i): used to order rules.
580
581               arguments (as): array of commands, parameters and other
582               iptables/ip6tables/ebtables command line options.
583
584               Possible errors: INVALID_IPV, INVALID_TABLE
585
586           passthrough(s: ipv, as: args) → s
587               Pass a command through to the firewall.  ipv can be either ipv4
588               (iptables) or ipv6 (ip6tables) or eb (ebtables).  args can be
589               all iptables, ip6tables and ebtables command line arguments.
590               args can be all iptables, ip6tables and ebtables command line
591               arguments. This command is untracked, which means that
592               firewalld is not able to provide information about this command
593               later on.
594
595               Possible errors: COMMAND_FAILED
596
597           queryChain(s: ipv, s: table, s: chain) → b
598               Return whether a chain exists in table for ipv being either
599               ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
600               concerns only chains previously added with addChain. For
601               permanent operation see
602               org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
603
604               Possible errors: INVALID_IPV, INVALID_TABLE
605
606           queryPassthrough(s: ipv, as: args) → b
607               Return whether a tracked passthrough rule with the arguments
608               args exists for ipv being either ipv4 (iptables) or ipv6
609               (ip6tables) or eb (ebtables). This concerns only rules
610               previously added with addPassthrough. For permanent operation
611               see
612               org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
613
614               Possible errors: INVALID_IPV
615
616           queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
617               Return whether a rule with priority and the arguments args
618               exists in chain in table for ipv being either ipv4 (iptables)
619               or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
620               previously added with addRule. For permanent operation see
621               org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
622
623               Possible errors: INVALID_IPV, INVALID_TABLE
624
625           removeAllPassthroughs() → Nothing
626               Remove all passthrough rules previously added with
627               addPassthrough.
628
629           removeChain(s: ipv, s: table, s: chain) → Nothing
630               Remove a chain from table for ipv being either ipv4 (iptables)
631               or ipv6 (ip6tables) or eb (ebtables). Only chains previously
632               added with addChain can be removed this way. For permanent
633               operation see
634               org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
635
636               Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
637               COMMAND_FAILED
638
639           removePassthrough(s: ipv, as: args) → Nothing
640               Remove a tracked passthrough rule with arguments args for ipv
641               being either ipv4 (iptables) or ipv6 (ip6tables) or eb
642               (ebtables). Only rules previously added with addPassthrough can
643               be removed this way. For permanent operation see
644               org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
645
646               Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
647
648           removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
649           Nothing
650               Remove a rule with priority and arguments args from chain in
651               table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
652               or eb (ebtables). Only rules previously added with addRule can
653               be removed this way. For permanent operation see
654               org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
655
656               Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
657               COMMAND_FAILED
658
659           removeRules(s: ipv, s: table, s: chain) → Nothing
660               Remove all rules from chain in table for ipv being either ipv4
661               (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
662               only rules previously added with addRule. For permanent
663               operation see
664               org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
665
666               Possible errors: INVALID_IPV, INVALID_TABLE
667
668       Signals
669           ChainAdded(s: ipv, s: table, s: chain)
670               Emitted when chain has been added into table for ipv being
671               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
672
673           ChainRemoved(s: ipv, s: table, s: chain)
674               Emitted when chain has been removed from table for ipv being
675               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
676
677           PassthroughAdded(s: ipv, as: args)
678               Emitted when a tracked passthruogh rule with args has been
679               added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
680               or eb (ebtables).
681
682           PassthroughRemoved(s: ipv, as: args)
683               Emitted when a tracked passthrough rule with args has been
684               removed for ipv being either ipv4 (iptables) or ipv6
685               (ip6tables) or eb (ebtables).
686
687           RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
688               Emitted when a rule with args has been added to chain in table
689               with priority for ipv being either ipv4 (iptables) or ipv6
690               (ip6tables) or eb (ebtables).
691
692           RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
693               Emitted when a rule with args has been removed from chain in
694               table with priority for ipv being either ipv4 (iptables) or
695               ipv6 (ip6tables) or eb (ebtables).
696
697   org.fedoraproject.FirewallD1.policies
698       Enables firewalld to be able to lock down configuration changes from
699       local applications. Local applications or services are able to change
700       the firewall configuration if they are running as root (example:
701       libvirt). With these operations administrator can lock the firewall
702       configuration so that either none or only applications that are in the
703       whitelist are able to request firewall changes. For permanent
704       configuration see org.fedoraproject.FirewallD1.config.policies
705       interface.
706
707       Methods
708           addLockdownWhitelistCommand(s: command) → Nothing
709               Add command to whitelist. See command option in
710               firewalld.lockdown-whitelist(5). For permanent operation see
711               org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
712
713               Possible errors: ALREADY_ENABLED, INVALID_COMMAND
714
715           addLockdownWhitelistContext(s: context) → Nothing
716               Add context to whitelist. See selinux option in
717               firewalld.lockdown-whitelist(5). For permanent operation see
718               org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
719
720               Possible errors: ALREADY_ENABLED, INVALID_COMMAND
721
722           addLockdownWhitelistUid(i: uid) → Nothing
723               Add user id uid to whitelist. See user option in
724               firewalld.lockdown-whitelist(5). For permanent operation see
725               org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
726
727               Possible errors: ALREADY_ENABLED, INVALID_COMMAND
728
729           addLockdownWhitelistUser(s: user) → Nothing
730               Add user name to whitelist. See user option in
731               firewalld.lockdown-whitelist(5). For permanent operation see
732               org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
733
734               Possible errors: ALREADY_ENABLED, INVALID_COMMAND
735
736           disableLockdown() → Nothing
737               Disable lockdown. This is a runtime and permanent change.
738
739               Possible errors: NOT_ENABLED
740
741           enableLockdown() → Nothing
742               Enable lockdown. Be careful - if the calling application/user
743               is not on lockdown whitelist when you enable lockdown you won't
744               be able to disable it again with the application, you would
745               need to edit firewalld.conf. This is a runtime and permanent
746               change.
747
748               Possible errors: ALREADY_ENABLED
749
750           getLockdownWhitelistCommands() → as
751               List all command lines (s) that are on whitelist. For permanent
752               operation see
753               org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
754
755           getLockdownWhitelistContexts() → as
756               List all contexts (s) that are on whitelist. For permanent
757               operation see
758               org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
759
760           getLockdownWhitelistUids() → ai
761               List all user ids (i) that are on whitelist. For permanent
762               operation see
763               org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
764
765           getLockdownWhitelistUsers() → as
766               List all users (s) that are on whitelist. For permanent
767               operation see
768               org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
769
770           queryLockdown() → b
771               Query whether lockdown is enabled.
772
773           queryLockdownWhitelistCommand(s: command) → b
774               Query whether command is on whitelist. For permanent operation
775               see
776               org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
777
778           queryLockdownWhitelistContext(s: context) → b
779               Query whether context is on whitelist. For permanent operation
780               see
781               org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
782
783           queryLockdownWhitelistUid(i: uid) → b
784               Query whether user id uid is on whitelist. For permanent
785               operation see
786               org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
787
788           queryLockdownWhitelistUser(s: user) → b
789               Query whether user is on whitelist. For permanent operation see
790               org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
791
792           removeLockdownWhitelistCommand(s: command) → Nothing
793               Remove command from whitelist. For permanent operation see
794               org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
795
796               Possible errors: NOT_ENABLED
797
798           removeLockdownWhitelistContext(s: context) → Nothing
799               Remove context from whitelist. For permanent operation see
800               org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
801
802               Possible errors: NOT_ENABLED
803
804           removeLockdownWhitelistUid(i: uid) → Nothing
805               Remove user id uid from whitelist. For permanent operation see
806               org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
807
808               Possible errors: NOT_ENABLED
809
810           removeLockdownWhitelistUser(s: user) → Nothing
811               Remove user from whitelist. For permanent operation see
812               org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
813
814               Possible errors: NOT_ENABLED
815
816       Signals
817           LockdownDisabled()
818               Emitted when lockdown has been disabled.
819
820           LockdownEnabled()
821               Emitted when lockdown has been enabled.
822
823           LockdownWhitelistCommandAdded(s: command)
824               Emitted when command has been added to whitelist.
825
826           LockdownWhitelistCommandRemoved(s: command)
827               Emitted when command has been removed from whitelist.
828
829           LockdownWhitelistContextAdded(s: context)
830               Emitted when context has been added to whitelist.
831
832           LockdownWhitelistContextRemoved(s: context)
833               Emitted when context has been removed from whitelist.
834
835           LockdownWhitelistUidAdded(i: uid)
836               Emitted when user id uid has been added to whitelist.
837
838           LockdownWhitelistUidRemoved(i: uid)
839               Emitted when user id uid has been removed from whitelist.
840
841           LockdownWhitelistUserAdded(s: user)
842               Emitted when user has been added to whitelist.
843
844           LockdownWhitelistUserRemoved(s: user)
845               Emitted when user has been removed from whitelist.
846
847   org.fedoraproject.FirewallD1.zone
848       Operations in this interface allows to get, add, remove and query
849       runtime zone's settings. For permanent settings see
850       org.fedoraproject.FirewallD1.config.zone interface.
851
852       Methods
853           addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
854           i: timeout) → s
855               Add the IPv4 forward port into zone. If zone is empty, use
856               default zone. The port can either be a single port number
857               portid or a port range portid-portid. The protocol can either
858               be tcp or udp. The destination address is a simple IP address.
859               If timeout is non-zero, the operation will be active only for
860               the amount of seconds. For permanent settings see
861               org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
862
863               Returns name of zone to which the forward port was added.
864
865               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
866               INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
867               ALREADY_ENABLED, INVALID_COMMAND
868
869           addIcmpBlock(s: zone, s: icmp, i: timeout) → s
870               Add an ICMP block icmp into zone. The icmp is the one of the
871               icmp types firewalld supports. To get a listing of supported
872               icmp types use
873               org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
874               empty, use default zone. If timeout is non-zero, the operation
875               will be active only for the amount of seconds. For permanent
876               settings see
877               org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
878
879               Returns name of zone to which the ICMP block was added.
880
881               Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
882               ALREADY_ENABLED, INVALID_COMMAND
883
884           addIcmpBlockInversion(s: zone) → s
885               Add ICMP block inversion to zone. If zone is empty, use default
886               zone. For permanent settings see
887               org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
888
889               Returns name of zone to which the ICMP block inversion was
890               added.
891
892               Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
893
894           addInterface(s: zone, s: interface) → s
895               Bind interface with zone. From now on all traffic going through
896               the interface will respect the zone's settings. If zone is
897               empty, use default zone. For permanent settings see
898               org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
899
900               Returns name of zone to which the interface was bound.
901
902               Possible errors: INVALID_ZONE, INVALID_INTERFACE,
903               ALREADY_ENABLED, INVALID_COMMAND
904
905           addMasquerade(s: zone, i: timeout) → s
906               Enable masquerade in zone. If zone is empty, use default zone.
907               If timeout is non-zero, masquerading will be active for the
908               amount of seconds. For permanent settings see
909               org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
910
911               Returns name of zone in which the masquerade was enabled.
912
913               Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
914
915           addPort(s: zone, s: port, s: protocol, i: timeout) → s
916               Add port into zone. If zone is empty, use default zone. The
917               port can either be a single port number or a port range
918               portid-portid. The protocol can either be tcp or udp. If
919               timeout is non-zero, the operation will be active only for the
920               amount of seconds. For permanent settings see
921               org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
922
923               Returns name of zone to which the port was added.
924
925               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
926               INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
927
928           addProtocol(s: zone, s: protocol, i: timeout) → s
929               Add protocol into zone. If zone is empty, use default zone. The
930               protocol can be any protocol supported by the system. Please
931               have a look at /etc/protocols for supported protocols. If
932               timeout is non-zero, the operation will be active only for the
933               amount of seconds. For permanent settings see
934               org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
935
936               Returns name of zone to which the protocol was added.
937
938               Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
939               ALREADY_ENABLED, INVALID_COMMAND
940
941           addRichRule(s: zone, s: rule, i: timeout) → s
942               Add rich language rule into zone. For the rich language rule
943               syntax, please have a look at firewalld.direct(5). If zone is
944               empty, use default zone. If timeout is non-zero, the operation
945               will be active only for the amount of seconds. For permanent
946               settings see
947               org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
948
949               Returns name of zone to which the rich language rule was added.
950
951               Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
952               INVALID_COMMAND
953
954           addService(s: zone, s: service, i: timeout) → s
955               Add service into zone. If zone is empty, use default zone. If
956               timeout is non-zero, the operation will be active only for the
957               amount of seconds. To get a list of supported services, use
958               org.fedoraproject.FirewallD1.Methods.listServices. For
959               permanent settings see
960               org.fedoraproject.FirewallD1.config.zone.Methods.addService.
961
962               Returns name of zone to which the service was added.
963
964               Possible errors: INVALID_ZONE, INVALID_SERVICE,
965               ALREADY_ENABLED, INVALID_COMMAND
966
967           addSource(s: zone, s: source) → s
968               Bind source with zone. From now on all traffic going from this
969               source will respect the zone's settings. A source address or
970               address range is either an IP address or a network IP address
971               with a mask for IPv4 or IPv6. For IPv4, the mask can be a
972               network mask or a plain number. For IPv6 the mask is a plain
973               number. Use of host names is not supported. If zone is empty,
974               use default zone. For permanent settings see
975               org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
976
977               Returns name of zone to which the source was bound.
978
979               Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
980               INVALID_COMMAND
981
982           addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
983               Add source port into zone. If zone is empty, use default zone.
984               The port can either be a single port number or a port range
985               portid-portid. The protocol can either be tcp or udp. If
986               timeout is non-zero, the operation will be active only for the
987               amount of seconds. For permanent settings see
988               org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
989
990               Returns name of zone to which the port was added.
991
992               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
993               INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
994
995           changeZone(s: zone, s: interface) → s
996               This function is deprecated, use
997               org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
998               instead.
999
1000           changeZoneOfInterface(s: zone, s: interface) → s
1001               Change a zone an interface is bound to to zone. It's basically
1002               removeInterface(interface) followed by addInterface(zone,
1003               interface). If interface has not been bound to a zone before,
1004               it behaves like addInterface. If zone is empty, use default
1005               zone.
1006
1007               Returns name of zone to which the interface was bound.
1008
1009               Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1010
1011           changeZoneOfSource(s: zone, s: source) → s
1012               Change a zone an source is bound to to zone. It's basically
1013               removeSource(source) followed by addSource(zone, source). If
1014               source has not been bound to a zone before, it behaves like
1015               addSource. If zone is empty, use default zone.
1016
1017               Returns name of zone to which the source was bound.
1018
1019               Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1020
1021           getActiveZones() → a{sa{sas}}
1022               Return dictionary of currently active zones altogether with
1023               interfaces and sources used in these zones. Active zones are
1024               zones, that have a binding to an interface or source.
1025
1026               Return value is a dictionary where keys are zone names (s) and
1027               values are again dictionaries where keys are either
1028               'interfaces' or 'sources' and values are arrays of interface
1029               names (s) or sources (s).
1030
1031           getForwardPorts(s: zone) → aas
1032               Return array of IPv4 forward ports previously added into zone.
1033               If zone is empty, use default zone. For getting permanent
1034               settings see
1035               org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1036
1037               Return value is array of 4-tuples, where each 4-tuple consists
1038               of (port, protocol, to-port, to-addr). to-addr might be empty
1039               in case of local forwarding.
1040
1041               Possible errors: INVALID_ZONE
1042
1043           getIcmpBlocks(s: zone) → as
1044               Return array of ICMP type (s) blocks previously added into
1045               zone. If zone is empty, use default zone. For getting permanent
1046               settings see
1047               org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1048
1049               Possible errors: INVALID_ZONE
1050
1051           getIcmpBlockInversion(s: zone) → b
1052               Return whether ICMP block inversion was previously added to
1053               zone. If zone is empty, use default zone. For getting permanent
1054               settings see
1055               org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1056
1057               Possible errors: INVALID_ZONE
1058
1059           getInterfaces(s: zone) → as
1060               Return array of interfaces (s) previously bound with zone. If
1061               zone is empty, use default zone. For getting permanent settings
1062               see
1063               org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1064
1065               Possible errors: INVALID_ZONE
1066
1067           getPorts(s: zone) → aas
1068               Return array of ports (2-tuple of port and protocol) previously
1069               enabled in zone. If zone is empty, use default zone. For
1070               getting permanent settings see
1071               org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1072
1073               Possible errors: INVALID_ZONE
1074
1075           getProtocols(s: zone) → as
1076               Return array of protocols (s) previously enabled in zone. If
1077               zone is empty, use default zone. For getting permanent settings
1078               see
1079               org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1080
1081               Possible errors: INVALID_ZONE
1082
1083           getRichRules(s: zone) → as
1084               Return array of rich language rules (s) previously added into
1085               zone. If zone is empty, use default zone. For getting permanent
1086               settings see
1087               org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1088
1089               Possible errors: INVALID_ZONE
1090
1091           getServices(s: zone) → as
1092               Return array of services (s) previously enabled in zone. If
1093               zone is empty, use default zone. For getting permanent settings
1094               see
1095               org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1096
1097               Possible errors: INVALID_ZONE
1098
1099           getSourcePorts(s: zone) → aas
1100               Return array of source ports (2-tuple of port and protocol)
1101               previously enabled in zone. If zone is empty, use default zone.
1102               For getting permanent settings see
1103               org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1104
1105               Possible errors: INVALID_ZONE
1106
1107           getSources(s: zone) → as
1108               Return array of sources (s) previously bound with zone. If zone
1109               is empty, use default zone. For getting permanent settings see
1110               org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1111
1112               Possible errors: INVALID_ZONE
1113
1114           getZoneOfInterface(s: interface) → s
1115               Return name (s) of zone the interface is bound to or empty
1116               string.
1117
1118           getZoneOfSource(s: source) → s
1119               Return name (s) of zone the source is bound to or empty string.
1120
1121           getZones() → as
1122               Return array of names (s) of predefined zones known to current
1123               runtime environment. For list of zones known to permanent
1124               environment see
1125               org.fedoraproject.FirewallD1.config.Methods.listZones. The
1126               lists (of zones known to runtime and permanent environment)
1127               will contain same zones in most cases, but might differ for
1128               example if org.fedoraproject.FirewallD1.config.Methods.addZone
1129               has been called recently, but firewalld has not been reloaded
1130               since then.
1131
1132           isImmutable(s: zone) → b
1133               Deprecated.
1134
1135           queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1136           toaddr) → b
1137               Return whether the IPv4 forward port (port, protocol, toport,
1138               toaddr) has been added into zone. If zone is empty, use default
1139               zone. For permanent operation see
1140               org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1141
1142               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1143               INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1144
1145           queryIcmpBlock(s: zone, s: icmp) → b
1146               Return whether an ICMP block for icmp has been added into zone.
1147               If zone is empty, use default zone. For permanent operation see
1148               org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1149
1150               Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1151
1152           queryIcmpBlockInversion(s: zone) → b
1153               Return whether ICMP block inversion has been added to zone. If
1154               zone is empty, use default zone. For permanent operation see
1155               org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1156
1157               Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1158
1159           queryInterface(s: zone, s: interface) → b
1160               Query whether interface has been bound to zone. If zone is
1161               empty, use default zone. For permanent operation see
1162               org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1163
1164               Possible errors: INVALID_ZONE, INVALID_INTERFACE
1165
1166           queryMasquerade(s: zone) → b
1167               Return whether masquerading has been enabled in zone If zone is
1168               empty, use default zone. For permanent operation see
1169               org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1170
1171               Possible errors: INVALID_ZONE
1172
1173           queryPort(s: zone, s: port, s: protocol) → b
1174               Return whether port/protocol has been added in zone. If zone is
1175               empty, use default zone. For permanent operation see
1176               org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1177
1178               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1179               INVALID_PROTOCOL
1180
1181           queryProtocol(s: zone, s: protocol) → b
1182               Return whether protocol has been added in zone. If zone is
1183               empty, use default zone. For permanent operation see
1184               org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1185
1186               Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1187
1188           queryRichRule(s: zone, s: rule) → b
1189               Return whether rich rule rule has been added in zone. If zone
1190               is empty, use default zone. For permanent operation see
1191               org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1192
1193               Possible errors: INVALID_ZONE, INVALID_RULE
1194
1195           queryService(s: zone, s: service) → b
1196               Return whether service has been added for zone. If zone is
1197               empty, use default zone. For permanent operation see
1198               org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1199
1200               Possible errors: INVALID_ZONE, INVALID_SERVICE
1201
1202           querySource(s: zone, s: source) → b
1203               Query whether sourcehas been bound to zone. If zone is empty,
1204               use default zone. For permanent operation see
1205               org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1206
1207               Possible errors: INVALID_ZONE, INVALID_ADDR
1208
1209           querySourcePort(s: zone, s: port, s: protocol) → b
1210               Return whether port/protocol has been added in zone. If zone is
1211               empty, use default zone. For permanent operation see
1212               org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1213
1214               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1215               INVALID_PROTOCOL
1216
1217           removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1218           toaddr) → s
1219               Remove IPv4 forward port ((port, protocol, toport, toaddr))
1220               from zone. If zone is empty, use default zone. For permanent
1221               operation see
1222               org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1223
1224               Returns name of zone from which the forward port was removed.
1225
1226               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1227               INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1228               INVALID_COMMAND
1229
1230           removeIcmpBlock(s: zone, s: icmp) → s
1231               Remove ICMP block icmp from zone. If zone is empty, use default
1232               zone. For permanent operation see
1233               org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1234
1235               Returns name of zone from which the ICMP block was removed.
1236
1237               Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1238               INVALID_COMMAND
1239
1240           removeIcmpBlockInversion(s: zone) → s
1241               Remove ICMP block inversion from zone. If zone is empty, use
1242               default zone. For permanent operation see
1243               org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1244
1245               Returns name of zone from which the ICMP block inversion was
1246               removed.
1247
1248               Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1249
1250           removeInterface(s: zone, s: interface) → s
1251               Remove binding of interface from zone. If zone is empty, the
1252               interface will be removed from zone it belongs to. For
1253               permanent operation see
1254               org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1255
1256               Returns name of zone from which the interface was removed.
1257
1258               Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1259               INVALID_COMMAND
1260
1261           removeMasquerade(s: zone) → s
1262               Disable masquerade for zone. If zone is empty, use default
1263               zone. For permanent operation see
1264               org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1265
1266               Returns name of zone for which the masquerade was disabled.
1267
1268               Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1269
1270           removePort(s: zone, s: port, s: protocol) → s
1271               Remove port/protocol from zone. If zone is empty, use default
1272               zone. For permanent operation see
1273               org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1274
1275               Returns name of zone from which the port was removed.
1276
1277               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1278               INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1279
1280           removeProtocol(s: zone, s: protocol) → s
1281               Remove protocol from zone. If zone is empty, use default zone.
1282               For permanent operation see
1283               org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1284
1285               Returns name of zone from which the protocol was removed.
1286
1287               Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1288               INVALID_COMMAND
1289
1290           removeRichRule(s: zone, s: rule) → s
1291               Remove rich language rule from zone. If zone is empty, use
1292               default zone. For permanent operation see
1293               org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1294
1295               Returns name of zone from which the rich language rule was
1296               removed.
1297
1298               Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1299               INVALID_COMMAND
1300
1301           removeService(s: zone, s: service) → s
1302               Remove service from zone. If zone is empty, use default zone.
1303               For permanent operation see
1304               org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1305
1306               Returns name of zone from which the service was removed.
1307
1308               Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1309               INVALID_COMMAND
1310
1311           removeSource(s: zone, s: source) → s
1312               Remove binding of source from zone. If zone is empty, the
1313               source will be removed from zone it belongs to. For permanent
1314               operation see
1315               org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1316
1317               Returns name of zone from which the source was removed.
1318
1319               Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1320               INVALID_COMMAND
1321
1322           removeSourcePort(s: zone, s: port, s: protocol) → s
1323               Remove port/protocol from zone. If zone is empty, use default
1324               zone. For permanent operation see
1325               org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1326
1327               Returns name of zone from which the source port was removed.
1328
1329               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1330               INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1331
1332       Signals
1333           ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1334           toaddr, i: timeout)
1335               Emitted when forward port has been added to zone with timeout.
1336
1337           ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1338           toaddr)
1339               Emitted when forward port has been removed from zone.
1340
1341           IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1342               Emitted when ICMP block for icmp has been added to zone with
1343               timeout.
1344
1345           IcmpBlockInversionAdded(s: zone)
1346               Emitted when ICMP block inversion has been added to zone.
1347
1348           IcmpBlockInversionRemoved(s: zone)
1349               Emitted when ICMP block inversion has been removed from zone.
1350
1351           IcmpBlockRemoved(s: zone, s: icmp)
1352               Emitted when ICMP block for icmp has been removed from zone.
1353
1354           InterfaceAdded(s: zone, s: interface)
1355               Emitted when interface has been added to zone.
1356
1357           InterfaceRemoved(s: zone, s: interface)
1358               Emitted when interface has been removed from zone.
1359
1360           MasqueradeAdded(s: zone, i: timeout)
1361               Emitted when masquerade has been enabled for zone.
1362
1363           MasqueradeRemoved(s: zone)
1364               Emitted when masquerade has been disabled for zone.
1365
1366           PortAdded(s: zone, s: port, s: protocol, i: timeout)
1367               Emitted when port/protocol has been added to zone with timeout.
1368
1369           PortRemoved(s: zone, s: port, s: protocol)
1370               Emitted when port/protocol has been removed from zone.
1371
1372           ProtocolAdded(s: zone, s: protocol, i: timeout)
1373               Emitted when protocol has been added to zone with timeout.
1374
1375           ProtocolRemoved(s: zone, s: protocol)
1376               Emitted when protocol has been removed from zone.
1377
1378           RichRuleAdded(s: zone, s: rule, i: timeout)
1379               Emitted when rich language rule has been added to zone with
1380               timeout.
1381
1382           RichRuleRemoved(s: zone, s: rule)
1383               Emitted when rich language rule has been removed from zone.
1384
1385           ServiceAdded(s: zone, s: service, i: timeout)
1386               Emitted when service has been added to zone with timeout.
1387
1388           ServiceRemoved(s: zone, s: service)
1389               Emitted when service has been removed from zone.
1390
1391           SourceAdded(s: zone, s: source)
1392               Emitted when source has been added to zone.
1393
1394           SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1395               Emitted when source-port/protocol has been added to zone with
1396               timeout.
1397
1398           SourcePortRemoved(s: zone, s: port, s: protocol)
1399               Emitted when source-port/protocol has been removed from zone.
1400
1401           SourceRemoved(s: zone, s: source)
1402               Emitted when source has been removed from zone.
1403
1404           ZoneChanged(s: zone, s: interface)
1405               Deprecated
1406
1407           ZoneOfInterfaceChanged(s: zone, s: interface)
1408               Emitted when a zone an interface is part of has been changed to
1409               zone.
1410
1411           ZoneOfSourceChanged(s: zone, s: source)
1412               Emitted when a zone an source is part of has been changed to
1413               zone.
1414
1415   org.fedoraproject.FirewallD1.config
1416       Allows to permanently add, remove and query zones, services and icmp
1417       types.
1418
1419       Methods
1420           addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1421               Add ipset with given settings into permanent configuration.
1422               Settings are in format: version, name, description, type,
1423               dictionary of options and array of entries.
1424
1425               version (s): see version attribute of ipset tag in
1426               firewalld.ipset(5).
1427
1428               name (s): see short tag in firewalld.ipset(5).
1429
1430               description (s): see description tag in firewalld.ipset(5).
1431
1432               type (s): see type attribute of ipset tag in
1433               firewalld.ipset(5).
1434
1435               options (a{ss}): dictionary of {option : value} . See options
1436               tag in firewalld.ipset(5).
1437
1438               entries (as): array of entries, see entry tag in
1439               firewalld.ipset(5).
1440
1441               Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1442
1443           addIcmpType(s: icmptype, (sssas): settings) → o
1444               Add icmptype with given settings into permanent configuration.
1445               Settings are in format: version, name, description, array of
1446               destinations. Returns object path of the new icmp type.
1447
1448               version (s): see version attribute of icmptype tag in
1449               firewalld.icmptype(5).
1450
1451               name (s): see short tag in firewalld.icmptype(5).
1452
1453               description (s): see description tag in firewalld.icmptype(5).
1454
1455               destinations (as): array, either empty or containing strings
1456               'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1457
1458               Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1459
1460           addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1461               This function is deprecated, use
1462               org.fedoraproject.FirewallD1.config.Methods.addService2
1463               instead.
1464
1465           addService2s: service, a{sv}: settings) → o
1466               Add service with given settings into permanent configuration.
1467               Settings are a dictionary indexed by keywords. For the type of
1468               each value see below. To zero a value pass an empty string or
1469               list.
1470
1471               version (s): see version attribute of service tag in
1472               firewalld.service(5).
1473
1474               name (s): see short tag in firewalld.service(5).
1475
1476               description (s): see description tag in firewalld.service(5).
1477
1478               ports (a(ss)): array of port and protocol pairs. See port tag
1479               in firewalld.service(5).
1480
1481               module names (as): array of kernel netfilter helpers, see
1482               module tag in firewalld.service(5).
1483
1484               destinations (a{ss}): dictionary of {IP family : IP address}
1485               where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1486               destination tag in firewalld.service(5).
1487
1488               protocols (as): array of protocols, see protocol tag in
1489               firewalld.service(5).
1490
1491               source_ports (a(ss)): array of port and protocol pairs. See
1492               source-port tag in firewalld.service(5).
1493
1494               includes (as): array of service includes, see include tag in
1495               firewalld.service(5).
1496
1497               Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1498
1499           addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1500           o
1501               Add zone with given settings into permanent configuration.
1502               Settings are in format: version, name, description, UNUSED,
1503               target, array of services, array of ports (port, protocol),
1504               array of icmp-blocks, masquerade, array of forward-ports (port,
1505               protocol, to-port, to-addr), array of interfaces, array of
1506               sources, array of rich rules, array of protocols and array of
1507               source-ports (port, protocol).
1508
1509               version (s): see version attribute of zone tag in
1510               firewalld.zone(5).
1511
1512               name (s): see short tag in firewalld.zone(5).
1513
1514               description (s): see description tag in firewalld.zone(5).
1515
1516               UNUSED (b): this boolean value is no longer used for anything.
1517
1518               target (s): see target attribute of zone tag in
1519               firewalld.zone(5).
1520
1521               services (as): array of service names, see service tag in
1522               firewalld.zone(5).
1523
1524               ports (a(ss)): array of port and protocol pairs. See port tag
1525               in firewalld.zone(5).
1526
1527               icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1528               firewalld.zone(5).
1529
1530               masquerade (b): see masquerade tag in firewalld.zone(5).
1531
1532               forward-ports (a(ssss)): array of (port, protocol, to-port,
1533               to-addr). See forward-port tag in firewalld.zone(5).
1534
1535               interfaces (as): array of interfaces. See interface tag in
1536               firewalld.zone(5).
1537
1538               source addresses (as): array of source addresses. See source
1539               tag in firewalld.zone(5).
1540
1541               rich rules (as): array of rich-language rules. See rule tag in
1542               firewalld.zone(5).
1543
1544               protocols (as): array of protocols. See protocol tag in
1545               firewalld.zone(5).
1546
1547               source-ports (a(ss)): array of port and protocol pairs. See
1548               source-port tag in firewalld.zone(5).
1549
1550               Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1551
1552           getHelperByName(s: helper) → o
1553               Return object path (permanent configuration) of helper with
1554               given name.
1555
1556               Possible errors: INVALID_HELPER
1557
1558           getHelperNames() → as
1559               Return list of helper names (permanent configuration).
1560
1561           getIPSetByName(s: ipset) → o
1562               Return object path (permanent configuration) of ipset with
1563               given name.
1564
1565               Possible errors: INVALID_IPSET
1566
1567           getIPSetNames() → as
1568               Return list of ipset names (permanent configuration).
1569
1570           getIcmpTypeByName(s: icmptype) → o
1571               Return object path (permanent configuration) of icmptype with
1572               given name.
1573
1574               Possible errors: INVALID_ICMPTYPE
1575
1576           getIcmpTypeNames() → as
1577               Return list of icmptype names (permanent configuration).
1578
1579           getServiceByName(s: service) → o
1580               Return object path (permanent configuration) of service with
1581               given name.
1582
1583               Possible errors: INVALID_SERVICE
1584
1585           getServiceNames() → as
1586               Return list of service names (permanent configuration).
1587
1588           getZoneByName(s: zone) → o
1589               Return object path (permanent configuration) of zone with given
1590               name.
1591
1592               Possible errors: INVALID_ZONE
1593
1594           getZoneNames() → as
1595               Return list of zone names (permanent configuration) of.
1596
1597           getZoneOfInterface(s: iface) → s
1598               Return name of zone the iface is bound to or empty string.
1599
1600           getZoneOfSource(s: source) → s
1601               Return name of zone the source is bound to or empty string.
1602
1603           listHelpers() → ao
1604               Return array of object paths (o) of helper in permanent
1605               configuration. For runtime configuration see
1606               org.fedoraproject.FirewallD1.Methods.getHelpers.
1607
1608           listIPSets() → ao
1609               Return array of object paths (o) of ipset in permanent
1610               configuration. For runtime configuration see
1611               org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1612
1613           listIcmpTypes() → ao
1614               Return array of object paths (o) of icmp types in permanent
1615               configuration. For runtime configuration see
1616               org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1617
1618           listServices() → ao
1619               Return array of objects paths (o) of services in permanent
1620               configuration. For runtime configuration see
1621               org.fedoraproject.FirewallD1.Methods.listServices.
1622
1623           listZones() → ao
1624               List object paths of zones known to permanent environment. For
1625               list of zones known to runtime environment see
1626               org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1627               (of zones known to runtime and permanent environment) will
1628               contain same zones in most cases, but might differ for example
1629               if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1630               called recently, but firewalld has not been reloaded since
1631               then.
1632
1633       Signals
1634           HelperAdded(s: helper)
1635               Emitted when helper has been added.
1636
1637           IPSetAdded(s: ipset)
1638               Emitted when ipset has been added.
1639
1640           IcmpTypeAdded(s: icmptype)
1641               Emitted when icmptype has been added.
1642
1643           ServiceAdded(s: service)
1644               Emitted when service has been added.
1645
1646           ZoneAdded(s: zone)
1647               Emitted when zone has been added.
1648
1649       Properties
1650           AutomaticHelpers - s - (rw)
1651               Indicates whether automatic helper assignment in kernel should
1652               be used or not. With the system setting this is left to the
1653               kernel or system default.
1654
1655           CleanupOnExit - s - (rw)
1656               If firewalld stops, it cleans up all firewall rules. Setting
1657               this option to no or false leaves the current firewall rules
1658               untouched.
1659
1660           DefaultZone - s - (ro)
1661               Default zone for connections or interfaces if the zone is not
1662               selected or specified by NetworkManager, initscripts or command
1663               line tool.
1664
1665           FirewallBackend - s - (rw)
1666               Selects the firewalld backend for all rules except the direct
1667               interface. Valid options are; nftables, iptables. Default in
1668               nftables.
1669
1670           FirewallBackend - s - (rw)
1671               Flush all runtime rules on a reload. Valid options are; yes,
1672               no.
1673
1674           IPv6_rpfilter - s - (rw)
1675               Indicates whether the reverse path filter test on a packet for
1676               IPv6 is enabled. If a reply to the packet would be sent via the
1677               same interface that the packet arrived on, the packet will
1678               match and be accepted, otherwise dropped.
1679
1680           IndividualCalls - s - (ro)
1681               Indicates whether individual calls combined -restore calls are
1682               used. If enabled, this increases the time that is needed to
1683               apply changes and to start the daemon, but is good for
1684               debugging.
1685
1686           Lockdown - s - (rw)
1687               If this property is enabled, firewall changes with the D-Bus
1688               interface will be limited to applications that are listed in
1689               the lockdown whitelist.
1690
1691           LogDenied - s - (rw)
1692               If LogDenied is enabled, then logging rules are added right
1693               before reject and drop rules in the INPUT, FORWARD and OUTPUT
1694               chains for the default rules and also final reject and drop
1695               rules in zones. Possible values are: all, unicast, broadcast,
1696               multicast and off.
1697
1698           MinimalMark - i - (rw)
1699               Deprecated. This option is ignored and no longer used. Marks
1700               are no longer used internally.
1701
1702           FirewallBackend - s - (rw)
1703               As per RFC 3964, filter IPv6 traffic with 6to4 destination
1704               addresses that correspond to IPv4 addresses that should not be
1705               routed over the public internet. Valid options are; yes, no.
1706
1707   org.fedoraproject.FirewallD1.config.direct
1708       Interface for permanent direct configuration, see also
1709       firewalld.direct(5). For runtime direct configuration see
1710       org.fedoraproject.FirewallD1.direct interface.
1711
1712       Methods
1713           addChain(s: ipv, s: table, s: chain) → Nothing
1714               Add a new chain to table for ipv being either ipv4 (iptables)
1715               or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1716               other chain with this name already. There already exist basic
1717               chains to use with direct methods, for example INPUT_direct
1718               chain. These chains are jumped into before chains for zones,
1719               i.e. every rule put into INPUT_direct will be checked before
1720               rules in zones. For runtime operation see
1721               org.fedoraproject.FirewallD1.direct.Methods.addChain.
1722
1723               Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1724
1725           addPassthrough(s: ipv, as: args) → Nothing
1726               Add a passthrough rule with the arguments args for ipv being
1727               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1728               For runtime operation see
1729               org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1730
1731               Possible errors: INVALID_IPV, ALREADY_ENABLED
1732
1733           addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1734           Nothing
1735               Add a rule with the arguments args to chain in table with
1736               priority for ipv being either ipv4 (iptables) or ipv6
1737               (ip6tables) or eb (ebtables). The priority is used to order
1738               rules. Priority 0 means add rule on top of the chain, with a
1739               higher priority the rule will be added further down. Rules with
1740               the same priority are on the same level and the order of these
1741               rules is not fixed and may change. If you want to make sure
1742               that a rule will be added after another one, use a low priority
1743               for the first and a higher for the following. For runtime
1744               operation see
1745               org.fedoraproject.FirewallD1.direct.Methods.addRule.
1746
1747               Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1748
1749           getAllChains() → a(sss)
1750               Get all chains added to all tables in format: ipv, table,
1751               chain. This concerns only chains previously added with
1752               addChain. Return value is a array of (ipv, table, chain). For
1753               runtime operation see
1754               org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1755
1756               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1757               (ebtables).
1758
1759               table (s): one of filter, mangle, nat, raw, security
1760
1761               chain (s): name of a chain.
1762
1763
1764           getAllPassthroughs() → a(sas)
1765               Get all passthrough rules added in all ipv types in format:
1766               ipv, rule. This concerns only rules previously added with
1767               addPassthrough. Return value is a array of (ipv, array of
1768               arguments). For runtime operation see
1769               org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1770
1771               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1772               (ebtables).
1773
1774               arguments (as): array of commands, parameters and other
1775               iptables/ip6tables/ebtables command line options.
1776
1777
1778           getAllRules() → a(sssias)
1779               Get all rules added to all chains in all tables in format: ipv,
1780               table, chain, priority, rule. This concerns only rules
1781               previously added with addRule. Return value is a array of (ipv,
1782               table, chain, priority, array of arguments). For runtime
1783               operation see
1784               org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1785
1786               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1787               (ebtables).
1788
1789               table (s): one of filter, mangle, nat, raw, security
1790
1791               chain (s): name of a chain.
1792
1793               priority (i): used to order rules.
1794
1795               arguments (as): array of commands, parameters and other
1796               iptables/ip6tables/ebtables command line options.
1797
1798
1799           getChains(s: ipv, s: table) → as
1800               Return an array of chains (s) added to table for ipv being
1801               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1802               This concerns only chains previously added with addChain. For
1803               runtime operation see
1804               org.fedoraproject.FirewallD1.direct.Methods.getChains.
1805
1806               Possible errors: INVALID_IPV, INVALID_TABLE
1807
1808           getPassthroughs(s: ipv) → aas
1809               Get tracked passthrough rules added in either ipv4 (iptables)
1810               or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1811               previously added with addPassthrough. Return value is a array
1812               of (array of arguments). For runtime operation see
1813               org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1814
1815               arguments (as): array of commands, parameters and other
1816               iptables/ip6tables/ebtables command line options.
1817
1818
1819           getRules(s: ipv, s: table, s: chain) → a(ias)
1820               Get all rules added to chain in table for ipv being either ipv4
1821               (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1822               only rules previously added with addRule. Return value is a
1823               array of (priority, array of arguments). For runtime operation
1824               see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1825
1826               priority (i): used to order rules.
1827
1828               arguments (as): array of commands, parameters and other
1829               iptables/ip6tables/ebtables command line options.
1830
1831               Possible errors: INVALID_IPV, INVALID_TABLE
1832
1833           getSettings() → (a(sss)a(sssias)a(sas))
1834               Get settings of permanent direct configuration in format: array
1835               of chains, array of rules, array of passthroughs.
1836
1837               chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1838               firewalld.direct(5).
1839               .
1840                                 .PP rules (a(sssias)): array of (ipv, table,
1841               chain, priority, array of arguments), see 'rule' in
1842               firewalld.direct(5).
1843               .
1844                                 .PP passthroughs (a(sas)): array of (ipv,
1845               array of arguments), see passthrough in firewalld.direct(5).
1846               .
1847                               .sp
1848
1849           queryChain(s: ipv, s: table, s: chain) → b
1850               Return whether a chain exists in table for ipv being either
1851               ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1852               concerns only chains previously added with addChain. For
1853               runtime operation see
1854               org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1855
1856               Possible errors: INVALID_IPV, INVALID_TABLE
1857
1858           queryPassthrough(s: ipv, as: args) → b
1859               Return whether a tracked passthrough rule with the arguments
1860               args exists for ipv being either ipv4 (iptables) or ipv6
1861               (ip6tables) or eb (ebtables). This concerns only rules
1862               previously added with addPassthrough. For runtime operation see
1863               org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1864
1865               Possible errors: INVALID_IPV
1866
1867           queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1868               Return whether a rule with priority and the arguments args
1869               exists in chain in table for ipv being either ipv4 (iptables)
1870               or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1871               previously added with addRule. For runtime operation see
1872               org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1873
1874               Possible errors: INVALID_IPV, INVALID_TABLE
1875
1876           removeChain(s: ipv, s: table, s: chain) → Nothing
1877               Remove a chain from table for ipv being either ipv4 (iptables)
1878               or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1879               added with addChain can be removed this way. For runtime
1880               operation see
1881               org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1882
1883               Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1884
1885           removePassthrough(s: ipv, as: args) → Nothing
1886               Remove a passthrough rule with arguments args for ipv being
1887               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1888               Only rules previously added with addPassthrough can be removed
1889               this way. For runtime operation see
1890               org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1891
1892               Possible errors: INVALID_IPV, NOT_ENABLED
1893
1894           removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1895           Nothing
1896               Remove a rule with priority and arguments args from chain in
1897               table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1898               or eb (ebtables). Only rules previously added with addRule can
1899               be removed this way. For runtime operation see
1900               org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1901
1902               Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1903
1904           removeRules(s: ipv, s: table, s: chain) → Nothing
1905               Remove all rules from chain in table for ipv being either ipv4
1906               (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1907               only rules previously added with addRule. For runtime operation
1908               see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1909
1910               Possible errors: INVALID_IPV, INVALID_TABLE
1911
1912           update((a(sss)a(sssias)a(sas)): settings) → Nothing
1913               Update permanent direct configuration with given settings.
1914               Settings are in format: array of chains, array of rules, array
1915               of passthroughs.
1916
1917               chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1918               firewalld.direct(5).
1919               .
1920                                 .PP rules (a(sssias)): array of (ipv, table,
1921               chain, priority, array of arguments), see 'rule' in
1922               firewalld.direct(5).
1923               .
1924                                 .PP passthroughs (a(sas)): array of (ipv,
1925               array of arguments), see passthrough in firewalld.direct(5).
1926               .
1927                               .sp Possible errors: INVALID_TYPE
1928
1929       Signals
1930           Updated()
1931               Emitted when configuration has been updated.
1932
1933   org.fedoraproject.FirewallD1.config.policies
1934       Interface for permanent lockdown-whitelist configuration, see also
1935       firewalld.lockdown-whitelist(5). For runtime configuration see
1936       org.fedoraproject.FirewallD1.policies interface.
1937
1938       Methods
1939           addLockdownWhitelistCommand(s: command) → Nothing
1940               Add command to whitelist. See command option in
1941               firewalld.lockdown-whitelist(5). For runtime operation see
1942               org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1943
1944               Possible errors: ALREADY_ENABLED, INVALID_TYPE
1945
1946           addLockdownWhitelistContext(s: context) → Nothing
1947               Add context to whitelist. See selinux option in
1948               firewalld.lockdown-whitelist(5). For runtime operation see
1949               org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1950
1951               Possible errors: ALREADY_ENABLED, INVALID_TYPE
1952
1953           addLockdownWhitelistUid(i: uid) → Nothing
1954               Add user id uid to whitelist. See user option in
1955               firewalld.lockdown-whitelist(5). For runtime operation see
1956               org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1957
1958               Possible errors: ALREADY_ENABLED, INVALID_TYPE
1959
1960           addLockdownWhitelistUser(s: user) → Nothing
1961               Add user name to whitelist. See user option in
1962               firewalld.lockdown-whitelist(5). For runtime operation see
1963               org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1964
1965               Possible errors: ALREADY_ENABLED, INVALID_TYPE
1966
1967           getLockdownWhitelist() → (asasasai)
1968               Get settings of permanent lockdown-whitelist configuration in
1969               format: commands, selinux contexts, users, uids
1970
1971               commands (as): see command option in firewalld.lockdown-
1972               whitelist(5).
1973
1974               selinux contexts (as): see selinux option in
1975               firewalld.lockdown-whitelist(5).
1976
1977               users (as): see name attribute of user option in
1978               firewalld.lockdown-whitelist(5).
1979
1980               uids (ai): see id attribute of user option in
1981               firewalld.lockdown-whitelist(5).
1982
1983
1984           getLockdownWhitelistCommands() → as
1985               List all command lines (s) that are on whitelist. For runtime
1986               operation see
1987               org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1988
1989           getLockdownWhitelistContexts() → as
1990               List all contexts (s) that are on whitelist. For runtime
1991               operation see
1992               org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
1993
1994           getLockdownWhitelistUids() → ai
1995               List all user ids (i) that are on whitelist. For runtime
1996               operation see
1997               org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
1998
1999           getLockdownWhitelistUsers() → as
2000               List all users (s) that are on whitelist. For runtime operation
2001               see
2002               org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2003
2004           queryLockdownWhitelistCommand(s: command) → b
2005               Query whether command is on whitelist. For runtime operation
2006               see
2007               org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2008
2009           queryLockdownWhitelistContext(s: context) → b
2010               Query whether context is on whitelist. For runtime operation
2011               see
2012               org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2013
2014           queryLockdownWhitelistUid(i: uid) → b
2015               Query whether user id uid is on whitelist. For runtime
2016               operation see
2017               org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2018
2019           queryLockdownWhitelistUser(s: user) → b
2020               Query whether user is on whitelist. For runtime operation see
2021               org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2022
2023           removeLockdownWhitelistCommand(s: command) → Nothing
2024               Remove command from whitelist. For runtime operation see
2025               org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2026
2027               Possible errors: NOT_ENABLED
2028
2029           removeLockdownWhitelistContext(s: context) → Nothing
2030               Remove context from whitelist. For runtime operation see
2031               org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2032
2033               Possible errors: NOT_ENABLED
2034
2035           removeLockdownWhitelistUid(i: uid) → Nothing
2036               Remove user id uid from whitelist. For runtime operation see
2037               org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2038
2039               Possible errors: NOT_ENABLED
2040
2041           removeLockdownWhitelistUser(s: user) → Nothing
2042               Remove user from whitelist. For runtime operation see
2043               org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2044
2045               Possible errors: NOT_ENABLED
2046
2047           setLockdownWhitelist((asasasai): settings) → Nothing
2048               Set permanent lockdown-whitelist configuration to settings.
2049               Settings are in format: commands, selinux contexts, users, uids
2050
2051               commands (as): see command option in firewalld.lockdown-
2052               whitelist(5).
2053
2054               selinux contexts (as): see selinux option in
2055               firewalld.lockdown-whitelist(5).
2056
2057               users (as): see name attribute of user option in
2058               firewalld.lockdown-whitelist(5).
2059
2060               uids (ai): see id attribute of user option in
2061               firewalld.lockdown-whitelist(5).
2062
2063               Possible errors: INVALID_TYPE
2064
2065       Signals
2066           LockdownWhitelistUpdated()
2067               Emitted when permanent lockdown-whitelist configuration has
2068               been updated.
2069
2070   org.fedoraproject.FirewallD1.config.ipset
2071       Interface for permanent ipset configuration, see also
2072       firewalld.ipset(5).
2073
2074       Methods
2075           addEntry(s: entry) → Nothing
2076               Permanently add entry to list of entries of ipset. See entry
2077               tag in firewalld.ipset(5). For runtime operation see
2078               org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2079
2080               Possible errors: ALREADY_ENABLED
2081
2082           addOption(s: key, s: value) → Nothing
2083               Permanently add (key, value) to the ipset. See option tag in
2084               firewalld.ipset(5).
2085
2086               Possible errors: ALREADY_ENABLED
2087
2088           getDescription() → s
2089               Get description of ipset. See description tag in
2090               firewalld.ipset(5).
2091
2092           getEntries() → as
2093               Get list of entries added to ipset. See entry tag in
2094               firewalld.ipset(5). For runtime operation see
2095               org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2096
2097               Possible errors: IPSET_WITH_TIMEOUT
2098
2099           getOptions() → a{ss}
2100               Get dictionary of options set for ipset. See option tag in
2101               firewalld.ipset(5).
2102
2103           getSettings() → (ssssa{ss}as)
2104               Return permament settings of the ipset. For getting runtime
2105               settings see
2106               org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2107               Settings are in format: version, name, description, type,
2108               dictionary of options and array of entries.
2109
2110               version (s): see version attribute of ipset tag in
2111               firewalld.ipset(5).
2112
2113               name (s): see short tag in firewalld.ipset(5).
2114
2115               description (s): see description tag in firewalld.ipset(5).
2116
2117               type (s): see type attribute of ipset tag in
2118               firewalld.ipset(5).
2119
2120               options (a{ss}): dictionary of {option : value} . See options
2121               tag in firewalld.ipset(5).
2122
2123               entries (as): array of entries, see entry tag in
2124               firewalld.ipset(5).
2125
2126
2127           getShort() → s
2128               Get name of ipset. See short tag in firewalld.ipset(5).
2129
2130           getType() → s
2131               Get type of ipset. See type attribute of ipset tag in
2132               firewalld.ipset(5).
2133
2134           getVersion() → s
2135               Get version of ipset. See version attribute of ipset tag in
2136               firewalld.ipset(5).
2137
2138           loadDefaults() → Nothing
2139               Load default settings for built-in ipset.
2140
2141               Possible errors: NO_DEFAULTS
2142
2143           queryEntry(s: entry) → b
2144               Return whether entry has been added to ipset. For runtime
2145               operation see
2146               org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2147
2148           queryOption(s: key, s: value) → b
2149               Return whether (key, value) has been added to options of the
2150               ipset.
2151
2152           remove() → Nothing
2153               Remove not built-in ipset.
2154
2155               Possible errors: BUILTIN_IPSET
2156
2157           removeEntry(s: entry) → Nothing
2158               Permanently remove entry from ipset. See entry tag in
2159               firewalld.ipset(5). For runtime operation see
2160               org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2161
2162               Possible errors: NOT_ENABLED
2163
2164           removeOption(s: key) → Nothing
2165               Permanently remove key from the ipset. See option tag in
2166               firewalld.ipset(5).
2167
2168               Possible errors: NOT_ENABLED
2169
2170           rename(s: name) → Nothing
2171               Rename not built-in ipset to name.
2172
2173               Possible errors: BUILTIN_IPSET
2174
2175           setDescription(s: description) → Nothing
2176               Permanently set description of ipset to description. See
2177               description tag in firewalld.ipset(5).
2178
2179           setEntries(as: entries) → Nothing
2180               Permanently set list of entries to entries. See entry tag in
2181               firewalld.ipset(5).
2182
2183           setOptions(a{ss}: options) → Nothing
2184               Permanently set dict of options to options. See option tag in
2185               firewalld.ipset(5).
2186
2187           setShort(s: short) → Nothing
2188               Permanently set name of ipset to short. See short tag in
2189               firewalld.ipset(5).
2190
2191           setType(s: ipset_type) → Nothing
2192               Permanently set type of ipset to ipset_type. See type attribute
2193               of ipset tag in firewalld.ipset(5).
2194
2195           setVersion(s: version) → Nothing
2196               Permanently set version of ipset to version. See version
2197               attribute of ipset tag in firewalld.ipset(5).
2198
2199           update((ssssa{ss}as): settings) → Nothing
2200               Update settings of ipset to settings. Settings are in format:
2201               version, name, description, type, dictionary of options and
2202               array of entries.
2203
2204               version (s): see version attribute of ipset tag in
2205               firewalld.ipset(5).
2206
2207               name (s): see short tag in firewalld.ipset(5).
2208
2209               description (s): see description tag in firewalld.ipset(5).
2210
2211               type (s): see type attribute of ipset tag in
2212               firewalld.ipset(5).
2213
2214               options (a{ss}): dictionary of {option : value} . See options
2215               tag in firewalld.ipset(5).
2216
2217               entries (as): array of entries, see entry tag in
2218               firewalld.ipset(5).
2219
2220               Possible errors: INVALID_TYPE
2221
2222       Signals
2223           Removed(s: name)
2224               Emitted when ipset with name has been removed.
2225
2226           Renamed(s: name)
2227               Emitted when ipset has been renamed to name.
2228
2229           Updated(s: name)
2230               Emitted when ipset with name has been updated.
2231
2232       Properties
2233           builtin - b - (ro)
2234               True if ipset is build-in, false else.
2235
2236           default - b - (ro)
2237               True if build-in ipset has default settings. False if it has
2238               been modified. Always False for not build-in ipsets.
2239
2240           filename - s - (ro)
2241               Name (including .xml extension) of file where the configuration
2242               is stored.
2243
2244           name - s - (ro)
2245               Name of ipset.
2246
2247           path - s - (ro)
2248               Path to directory where the ipset configuration is stored.
2249               Should be either /usr/lib/firewalld/ipsets or
2250               /etc/firewalld/ipsets.
2251
2252   org.fedoraproject.FirewallD1.config.zone
2253       Interface for permanent zone configuration, see also firewalld.zone(5).
2254
2255       Methods
2256           addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2257           Nothing
2258               Permanently add (port, protocol, toport, toaddr) to list of
2259               forward ports of zone. See forward-port tag in
2260               firewalld.zone(5). For runtime operation see
2261               org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2262
2263               Possible errors: ALREADY_ENABLED
2264
2265           addIcmpBlock(s: icmptype) → Nothing
2266               Permanently add icmptype to list of icmp types blocked in zone.
2267               See icmp-block tag in firewalld.zone(5). For runtime operation
2268               see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2269
2270               Possible errors: ALREADY_ENABLED
2271
2272           addIcmpBlock(s: icmptype) → Nothing
2273               Permanently add icmp block inversion to zone. See
2274               icmp-block-inversion tag in firewalld.zone(5). For runtime
2275               operation see
2276               org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2277
2278               Possible errors: ALREADY_ENABLED
2279
2280           addInterface(s: interface) → Nothing
2281               Permanently add interface to list of interfaces bound to zone.
2282               See interface tag in firewalld.zone(5). For runtime operation
2283               see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2284
2285               Possible errors: ALREADY_ENABLED
2286
2287           addMasquerade() → Nothing
2288               Permanently enable masquerading in zone. See masquerade tag in
2289               firewalld.zone(5). For runtime operation see
2290               org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2291
2292               Possible errors: ALREADY_ENABLED
2293
2294           addPort(s: port, s: protocol) → Nothing
2295               Permanently add (port, protocol) to list of ports of zone. See
2296               port tag in firewalld.zone(5). For runtime operation see
2297               org.fedoraproject.FirewallD1.zone.Methods.addPort.
2298
2299               Possible errors: ALREADY_ENABLED
2300
2301           addProtocol(s: protocol) → Nothing
2302               Permanently add protocol into zone. The protocol can be any
2303               protocol supported by the system. Please have a look at
2304               /etc/protocols for supported protocols. For runtime operation
2305               see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2306
2307               Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2308
2309           addRichRule(s: rule) → Nothing
2310               Permanently add rule to list of rich-language rules in zone.
2311               See rule tag in firewalld.zone(5). For runtime operation see
2312               org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2313
2314               Possible errors: ALREADY_ENABLED
2315
2316           addService(s: service) → Nothing
2317               Permanently add service to list of services used in zone. See
2318               service tag in firewalld.zone(5). For runtime operation see
2319               org.fedoraproject.FirewallD1.zone.Methods.addService.
2320
2321               Possible errors: ALREADY_ENABLED
2322
2323           addSource(s: source) → Nothing
2324               Permanently add source to list of source addresses bound to
2325               zone. See source tag in firewalld.zone(5). For runtime
2326               operation see
2327               org.fedoraproject.FirewallD1.zone.Methods.addSource.
2328
2329               Possible errors: ALREADY_ENABLED
2330
2331           addSourcePort(s: port, s: protocol) → Nothing
2332               Permanently add (port, protocol) to list of source ports of
2333               zone. See source-port tag in firewalld.zone(5). For runtime
2334               operation see
2335               org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2336
2337               Possible errors: ALREADY_ENABLED
2338
2339           getDescription() → s
2340               Get description of zone. See description tag in
2341               firewalld.zone(5).
2342
2343           getForwardPorts() → a(ssss)
2344               Get list of (port, protocol, toport, toaddr) defined in zone.
2345               See forward-port tag in firewalld.zone(5). For runtime
2346               operation see
2347               org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2348
2349           getIcmpBlockInversion() → b
2350               Get icmp block inversion flag of zone. See icmp-block-inversion
2351               tag in firewalld.zone(5).
2352
2353           getIcmpBlocks() → as
2354               Get list of icmp type names blocked in zone. See icmp-block tag
2355               in firewalld.zone(5). For runtime operation see
2356               org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2357
2358           getInterfaces() → as
2359               Get list of interfaces bound to zone. See interface tag in
2360               firewalld.zone(5). For runtime operation see
2361               org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2362
2363           getMasquerade() → b
2364               Return whether masquerade is enabled in zone. This is the same
2365               as queryMasquerade() method. See masquerade tag in
2366               firewalld.zone(5).
2367
2368           getPorts() → a(ss)
2369               Get list of (port, protocol) defined in zone. See port tag in
2370               firewalld.zone(5). For runtime operation see
2371               org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2372
2373           getProtocols() → as
2374               Return array of protocols (s) previously enabled in zone. For
2375               getting runtime settings see
2376               org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2377
2378           getRichRules() → as
2379               Get list of rich-language rules in zone. See rule tag in
2380               firewalld.zone(5). For runtime operation see
2381               org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2382
2383           getServices() → as
2384               Get list of service names used in zone. See service tag in
2385               firewalld.zone(5). For runtime operation see
2386               org.fedoraproject.FirewallD1.zone.Methods.getServices.
2387
2388           getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2389               Return permanent settings of given zone. For getting runtime
2390               settings see
2391               org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2392               are in format: version, name, description, UNUSED, target,
2393               array of services, array of ports (port, protocol), array of
2394               icmp-blocks, masquerade, array of forward-ports (port,
2395               protocol, to-port, to-addr), array of interfaces, array of
2396               sources, array of rich rules, array of protocols and array of
2397               source-ports (port, protocol).
2398
2399               version (s): see version attribute of zone tag in
2400               firewalld.zone(5).
2401
2402               name (s): see short tag in firewalld.zone(5).
2403
2404               description (s): see description tag in firewalld.zone(5).
2405
2406               UNUSED (b): this boolean value is no longer used for anything.
2407
2408               target (s): see target attribute of zone tag in
2409               firewalld.zone(5).
2410
2411               services (as): array of service names, see service tag in
2412               firewalld.zone(5).
2413
2414               ports (a(ss)): array of port and protocol pairs. See port tag
2415               in firewalld.zone(5).
2416
2417               icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2418               firewalld.zone(5).
2419
2420               masquerade (b): see masquerade tag in firewalld.zone(5).
2421
2422               forward-ports (a(ssss)): array of (port, protocol, to-port,
2423               to-addr). See forward-port tag in firewalld.zone(5).
2424
2425               interfaces (as): array of interfaces. See interface tag in
2426               firewalld.zone(5).
2427
2428               source addresses (as): array of source addresses. See source
2429               tag in firewalld.zone(5).
2430
2431               rich rules (as): array of rich-language rules. See rule tag in
2432               firewalld.zone(5).
2433
2434               protocols (as): array of protocols. See protocol tag in
2435               firewalld.zone(5).
2436
2437               source-ports (a(ss)): array of port and protocol pairs. See
2438               source-port tag in firewalld.zone(5).
2439
2440
2441           getShort() → s
2442               Get name of zone. See short tag in firewalld.zone(5).
2443
2444           getSourcePorts() → a(ss)
2445               Get list of (port, protocol) defined in zone. See source-port
2446               tag in firewalld.zone(5). For runtime operation see
2447               org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2448
2449           getSources() → as
2450               Get list of source addresses bound to zone. See source tag in
2451               firewalld.zone(5). For runtime operation see
2452               org.fedoraproject.FirewallD1.zone.Methods.getSources.
2453
2454           getTarget() → s
2455               Get target of zone. See target attribute of zone tag in
2456               firewalld.zone(5).
2457
2458           getVersion() → s
2459               Get version of zone. See version attribute of zone tag in
2460               firewalld.zone(5).
2461
2462           loadDefaults() → Nothing
2463               Load default settings for built-in zone.
2464
2465               Possible errors: NO_DEFAULTS
2466
2467           queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2468               Return whether (port, protocol, toport, toaddr) is in list of
2469               forward ports of zone. See forward-port tag in
2470               firewalld.zone(5). For runtime operation see
2471               org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2472
2473           queryIcmpBlock(s: icmptype) → b
2474               Return whether icmptype is in list of icmp types blocked in
2475               zone. See icmp-block tag in firewalld.zone(5). For runtime
2476               operation see
2477               org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2478
2479           queryIcmpBlockInversion() → b
2480               Return whether icmp block inversion is in enabled in zone. See
2481               icmp-block-inversion tag in firewalld.zone(5). For runtime
2482               operation see
2483               org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2484
2485           queryInterface(s: interface) → b
2486               Return whether interface is in list of interfaces bound to
2487               zone. See interface tag in firewalld.zone(5). For runtime
2488               operation see
2489               org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2490
2491           queryMasquerade() → b
2492               Return whether masquerade is enabled in zone. This is the same
2493               as getMasquerade() method. See masquerade tag in
2494               firewalld.zone(5). For runtime operation see
2495               org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2496
2497           queryPort(s: port, s: protocol) → b
2498               Return whether (port, protocol) is in list of ports of zone.
2499               See port tag in firewalld.zone(5). For runtime operation see
2500               org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2501
2502           queryProtocol(s: protocol) → b
2503               Return whether protocol has been added in zone. For runtime
2504               operation see
2505               org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2506
2507               Possible errors: INVALID_PROTOCOL
2508
2509           queryRichRule(s: rule) → b
2510               Return whether rule is in list of rich-language rules in zone.
2511               See rule tag in firewalld.zone(5). For runtime operation see
2512               org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2513
2514           queryService(s: service) → b
2515               Return whether service is in list of services used in zone. See
2516               service tag in firewalld.zone(5). For runtime operation see
2517               org.fedoraproject.FirewallD1.zone.Methods.queryService.
2518
2519           querySource(s: source) → b
2520               Return whether source is in list of source addresses bound to
2521               zone. See source tag in firewalld.zone(5). For runtime
2522               operation see
2523               org.fedoraproject.FirewallD1.zone.Methods.querySource.
2524
2525           querySourcePort(s: port, s: protocol) → b
2526               Return whether (port, protocol) is in list of source ports of
2527               zone. See source-port tag in firewalld.zone(5). For runtime
2528               operation see
2529               org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2530
2531           remove() → Nothing
2532               Remove not built-in zone.
2533
2534               Possible errors: BUILTIN_ZONE
2535
2536           removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2537           Nothing
2538               Permanently remove (port, protocol, toport, toaddr) from list
2539               of forward ports of zone. See forward-port tag in
2540               firewalld.zone(5). For runtime operation see
2541               org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2542
2543               Possible errors: NOT_ENABLED
2544
2545           removeIcmpBlock(s: icmptype) → Nothing
2546               Permanently remove icmptype from list of icmp types blocked in
2547               zone. See icmp-block tag in firewalld.zone(5). For runtime
2548               operation see
2549               org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2550
2551               Possible errors: NOT_ENABLED
2552
2553           removeIcmpBlockInversion() → Nothing
2554               Permanently remove icmp block inversion from the zone. See
2555               icmp-block-inversion tag in firewalld.zone(5). For runtime
2556               operation see
2557               org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2558
2559               Possible errors: NOT_ENABLED
2560
2561           removeInterface(s: interface) → Nothing
2562               Permanently remove interface from list of interfaces bound to
2563               zone. See interface tag in firewalld.zone(5). For runtime
2564               operation see
2565               org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2566
2567               Possible errors: NOT_ENABLED
2568
2569           removeMasquerade() → Nothing
2570               Permanently disable masquerading in zone. See masquerade tag in
2571               firewalld.zone(5). For runtime operation see
2572               org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2573
2574               Possible errors: NOT_ENABLED
2575
2576           removePort(s: port, s: protocol) → Nothing
2577               Permanently remove (port, protocol) from list of ports of zone.
2578               See port tag in firewalld.zone(5). For runtime operation see
2579               org.fedoraproject.FirewallD1.zone.Methods.removePort.
2580
2581               Possible errors: NOT_ENABLED
2582
2583           removeProtocol(s: protocol) → Nothing
2584               Permanently remove protocol from zone. For runtime operation
2585               see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2586
2587               Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2588
2589           removeRichRule(s: rule) → Nothing
2590               Permanently remove rule from list of rich-language rules in
2591               zone. See rule tag in firewalld.zone(5). For runtime operation
2592               see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2593
2594               Possible errors: NOT_ENABLED
2595
2596           removeService(s: service) → Nothing
2597               Permanently remove service from list of services used in zone.
2598               See service tag in firewalld.zone(5). For runtime operation see
2599               org.fedoraproject.FirewallD1.zone.Methods.removeService.
2600
2601               Possible errors: NOT_ENABLED
2602
2603           removeSource(s: source) → Nothing
2604               Permanently remove source from list of source addresses bound
2605               to zone. See source tag in firewalld.zone(5). For runtime
2606               operation see
2607               org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2608
2609               Possible errors: NOT_ENABLED
2610
2611           removeSourcePort(s: port, s: protocol) → Nothing
2612               Permanently remove (port, protocol) from list of source ports
2613               of zone. See source-port tag in firewalld.zone(5). For runtime
2614               operation see
2615               org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2616
2617               Possible errors: NOT_ENABLED
2618
2619           rename(s: name) → Nothing
2620               Rename not built-in zone to name.
2621
2622               Possible errors: BUILTIN_ZONE
2623
2624           setDescription(s: description) → Nothing
2625               Permanently set description of zone to description. See
2626               description tag in firewalld.zone(5).
2627
2628           setForwardPorts(a(ssss): ports) → Nothing
2629               Permanently set forward ports of zone to list of (port,
2630               protocol, toport, toaddr). See forward-port tag in
2631               firewalld.zone(5).
2632
2633           setIcmpBlockInversion(b: flag) → Nothing
2634               Permanently set icmp block inversion flag of zone to flag. See
2635               icmp-block-inversion tag in firewalld.zone(5).
2636
2637           setIcmpBlocks(as: icmptypes) → Nothing
2638               Permanently set list of icmp types blocked in zone to
2639               icmptypes. See icmp-block tag in firewalld.zone(5).
2640
2641           setInterfaces(as: interfaces) → Nothing
2642               Permanently set list of interfaces bound to zone to interfaces.
2643               See interface tag in firewalld.zone(5).
2644
2645           setMasquerade(b: masquerade) → Nothing
2646               Permanently set masquerading in zone to masquerade. See
2647               masquerade tag in firewalld.zone(5).
2648
2649           setPorts(a(ss): ports) → Nothing
2650               Permanently set ports of zone to list of (port, protocol). See
2651               port tag in firewalld.zone(5).
2652
2653           setProtocols(as: protocols) → Nothing
2654               Permanently set list of protocols used in zone to protocols.
2655               See protocol tag in firewalld.zone(5).
2656
2657           setRichRules(as: rules) → Nothing
2658               Permanently set list of rich-language rules to rules. See rule
2659               tag in firewalld.zone(5).
2660
2661           setServices(as: services) → Nothing
2662               Permanently set list of services used in zone to services. See
2663               service tag in firewalld.zone(5).
2664
2665           setShort(s: short) → Nothing
2666               Permanently set name of zone to short. See short tag in
2667               firewalld.zone(5).
2668
2669           setSourcePorts(a(ss): ports) → Nothing
2670               Permanently set source-ports of zone to list of (port,
2671               protocol). See source-port tag in firewalld.zone(5).
2672
2673           setSources(as: sources) → Nothing
2674               Permanently set list of source addresses bound to zone to
2675               sources. See source tag in firewalld.zone(5).
2676
2677           setTarget(s: target) → Nothing
2678               Permanently set target of zone to target. See target attribute
2679               of zone tag in firewalld.zone(5).
2680
2681           setVersion(s: version) → Nothing
2682               Permanently set version of zone to version. See version
2683               attribute of zone tag in firewalld.zone(5).
2684
2685           update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2686               Update settings of zone to settings. Settings are in format:
2687               version, name, description, UNUSED, target, array of services,
2688               array of ports (port, protocol), array of icmp-blocks,
2689               masquerade, array of forward-ports (port, protocol, to-port,
2690               to-addr), array of interfaces, array of sources, array of rich
2691               rules, array of protocols and array of source-ports (port,
2692               protocol).
2693
2694               version (s): see version attribute of zone tag in
2695               firewalld.zone(5).
2696
2697               name (s): see short tag in firewalld.zone(5).
2698
2699               description (s): see description tag in firewalld.zone(5).
2700
2701               UNUSED (b): this boolean value is no longer used for anything.
2702
2703               target (s): see target attribute of zone tag in
2704               firewalld.zone(5).
2705
2706               services (as): array of service names, see service tag in
2707               firewalld.zone(5).
2708
2709               ports (a(ss)): array of port and protocol pairs. See port tag
2710               in firewalld.zone(5).
2711
2712               icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2713               firewalld.zone(5).
2714
2715               masquerade (b): see masquerade tag in firewalld.zone(5).
2716
2717               forward-ports (a(ssss)): array of (port, protocol, to-port,
2718               to-addr). See forward-port tag in firewalld.zone(5).
2719
2720               interfaces (as): array of interfaces. See interface tag in
2721               firewalld.zone(5).
2722
2723               source addresses (as): array of source addresses. See source
2724               tag in firewalld.zone(5).
2725
2726               rich rules (as): array of rich-language rules. See rule tag in
2727               firewalld.zone(5).
2728
2729               protocols (as): array of protocols. See protocol tag in
2730               firewalld.zone(5).
2731
2732               source-ports (a(ss)): array of port and protocol pairs. See
2733               source-port tag in firewalld.zone(5).
2734
2735               Possible errors: INVALID_TYPE
2736
2737       Signals
2738           Removed(s: name)
2739               Emitted when zone with name has been removed.
2740
2741           Renamed(s: name)
2742               Emitted when zone has been renamed to name.
2743
2744           Updated(s: name)
2745               Emitted when zone with name has been updated.
2746
2747       Properties
2748           builtin - b - (ro)
2749               True if zone is build-in, false else.
2750
2751           default - b - (ro)
2752               True if build-in zone has default settings. False if it has
2753               been modified. Always False for not build-in zones.
2754
2755           filename - s - (ro)
2756               Name (including .xml extension) of file where the configuration
2757               is stored.
2758
2759           name - s - (ro)
2760               Name of zone.
2761
2762           path - s - (ro)
2763               Path to directory where the zone configuration is stored.
2764               Should be either /usr/lib/firewalld/zones or
2765               /etc/firewalld/zones.
2766
2767   org.fedoraproject.FirewallD1.config.service
2768       Interface for permanent service configuration, see also
2769       firewalld.service(5).
2770
2771       Methods
2772           addModule(s: module) → Nothing
2773               Permanently add module to list of modules (netfilter kernel
2774               helpers) used in service. See module tag in
2775               firewalld.service(5).
2776
2777               Possible errors: ALREADY_ENABLED
2778
2779           addPort(s: port, s: protocol) → Nothing
2780               Permanently add (port, protocol) to list of ports in service.
2781               See port tag in firewalld.service(5).
2782
2783               Possible errors: ALREADY_ENABLED
2784
2785           addProtocol(s: protocol) → Nothing
2786               Permanently add protocol into zone. The protocol can be any
2787               protocol supported by the system. Please have a look at
2788               /etc/protocols for supported protocols. See protocol tag in
2789               firewalld.service(5).
2790
2791               Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2792
2793           addSourcePort(s: port, s: protocol) → Nothing
2794               Permanently add (port, protocol) to list of source ports in
2795               service. See source-port tag in firewalld.service(5).
2796
2797               Possible errors: ALREADY_ENABLED
2798
2799           getDescription() → s
2800               Get description of service. See description tag in
2801               firewalld.service(5).
2802
2803           getDestination(s: family) → s
2804               Get destination for IP family being either 'ipv4' or 'ipv6'.
2805               See destination tag in firewalld.service(5).
2806
2807               Possible errors: ALREADY_ENABLED
2808
2809           getDestinations() → a{ss}
2810               Get list of destinations. Return value is a dictionary of {IP
2811               family : IP address} where 'IP family' key can be either 'ipv4'
2812               or 'ipv6'. See destination tag in firewalld.service(5).
2813
2814           getModules() → as
2815               Get list of modules (netfilter kernel helpers) used in service.
2816               See module tag in firewalld.service(5).
2817
2818           getPorts() → a(ss)
2819               Get list of (port, protocol) defined in service. See port tag
2820               in firewalld.service(5).
2821
2822           getProtocols() → as
2823               Return array of protocols (s) defined in service. See protocol
2824               tag in firewalld.service(5).
2825
2826           getSettings() → (sssa(ss)asa{ss}asa(ss))
2827               This function is deprecated, use
2828               org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
2829               instead.
2830
2831           getSettings2(s: service) → s{sv}
2832               Return runtime settings of given service. For getting runtime
2833               settings see
2834               org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
2835               Settings are a dictionary indexed by keywords. For the type of
2836               each value see below. If the value is empty it may be ommitted.
2837
2838               version (s): see version attribute of service tag in
2839               firewalld.service(5).
2840
2841               name (s): see short tag in firewalld.service(5).
2842
2843               description (s): see description tag in firewalld.service(5).
2844
2845               ports (a(ss)): array of port and protocol pairs. See port tag
2846               in firewalld.service(5).
2847
2848               module names (as): array of kernel netfilter helpers, see
2849               module tag in firewalld.service(5).
2850
2851               destinations (a{ss}): dictionary of {IP family : IP address}
2852               where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2853               destination tag in firewalld.service(5).
2854
2855               protocols (as): array of protocols, see protocol tag in
2856               firewalld.service(5).
2857
2858               source_ports (a(ss)): array of port and protocol pairs. See
2859               source-port tag in firewalld.service(5).
2860
2861               includes (as): array of service includes, see include tag in
2862               firewalld.service(5).
2863
2864
2865           getShort() → s
2866               Get name of service. See short tag in firewalld.service(5).
2867
2868           getSourcePorts() → a(ss)
2869               Get list of (port, protocol) defined in service. See
2870               source-port tag in firewalld.service(5).
2871
2872           getVersion() → s
2873               Get version of service. See version attribute of service tag in
2874               firewalld.service(5).
2875
2876           loadDefaults() → Nothing
2877               Load default settings for built-in service.
2878
2879               Possible errors: NO_DEFAULTS
2880
2881           queryDestination(s: family, s: address) → b
2882               Return whether a destination is in dictionary of destinations
2883               of this service. destination is in format: (IP family, IP
2884               address) where IP family can be either 'ipv4' or 'ipv6'. See
2885               destination tag in firewalld.service(5).
2886
2887           queryModule(s: module) → b
2888               Return whether module is in list of modules (netfilter kernel
2889               helpers) used in service. See module tag in
2890               firewalld.service(5).
2891
2892           queryPort(s: port, s: protocol) → b
2893               Return whether (port, protocol) is in list of ports in service.
2894               See port tag in firewalld.service(5).
2895
2896           queryProtocol(s: protocol) → b
2897               Return whether protocol is in list of protocols in service. See
2898               protocol tag in firewalld.service(5).
2899
2900           querySourcePort(s: port, s: protocol) → b
2901               Return whether (port, protocol) is in list of source ports in
2902               service. See source-port tag in firewalld.service(5).
2903
2904           remove() → Nothing
2905               Remove not built-in service.
2906
2907               Possible errors: BUILTIN_SERVICE
2908
2909           removeDestination(s: family) → Nothing
2910               Permanently remove a destination with family ('ipv4' or 'ipv6')
2911               from service. See destination tag in firewalld.service(5).
2912
2913               Possible errors: NOT_ENABLED
2914
2915           removeModule(s: module) → Nothing
2916               Permanently remove module from list of modules (netfilter
2917               kernel helpers) used in service. See module tag in
2918               firewalld.service(5).
2919
2920               Possible errors: NOT_ENABLED
2921
2922           removePort(s: port, s: protocol) → Nothing
2923               Permanently remove (port, protocol) from list of ports in
2924               service. See port tag in firewalld.service(5).
2925
2926               Possible errors: NOT_ENABLED
2927
2928           removeProtocol(s: protocol) → Nothing
2929               Permanently remove protocol from list of protocols in service.
2930               See protocol tag in firewalld.service(5).
2931
2932               Possible errors: NOT_ENABLED
2933
2934           removeSourcePort(s: port, s: protocol) → Nothing
2935               Permanently remove (port, protocol) from list of source ports
2936               in service. See source-port tag in firewalld.service(5).
2937
2938               Possible errors: NOT_ENABLED
2939
2940           rename(s: name) → Nothing
2941               Rename not built-in service to name.
2942
2943               Possible errors: BUILTIN_SERVICE
2944
2945           setDescription(s: description) → Nothing
2946               Permanently set description of service to description. See
2947               description tag in firewalld.service(5).
2948
2949           setDestination(s: family, s: address) → Nothing
2950               Permanently set a destination address. destination is in
2951               format: (IP family, IP address) where IP family can be either
2952               'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2953
2954               Possible errors: ALREADY_ENABLED
2955
2956           setDestinations(a{ss}: destinations) → Nothing
2957               Permanently set destinations of service to destinations, which
2958               is a dictionary of {IP family : IP address} where 'IP family'
2959               key can be either 'ipv4' or 'ipv6'. See destination tag in
2960               firewalld.service(5).
2961
2962           setModules(as: modules) → Nothing
2963               Permanently set list of modules (netfilter kernel helpers) used
2964               in service to modules. See module tag in firewalld.service(5).
2965
2966           setPorts(a(ss): ports) → Nothing
2967               Permanently set ports of service to list of (port, protocol).
2968               See port tag in firewalld.service(5).
2969
2970           setProtocols(as: protocols) → Nothing
2971               Permanently set protocols of service to list of protocols. See
2972               protocol tag in firewalld.service(5).
2973
2974           setShort(s: short) → Nothing
2975               Permanently set name of service to short. See short tag in
2976               firewalld.service(5).
2977
2978           setSourcePorts(a(ss): ports) → Nothing
2979               Permanently set source-ports of service to list of (port,
2980               protocol). See source-port tag in firewalld.service(5).
2981
2982           setVersion(s: version) → Nothing
2983               Permanently set version of service to version. See version
2984               attribute of service tag in firewalld.service(5).
2985
2986           update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2987               This function is deprecated, use
2988               org.fedoraproject.FirewallD1.config.service.Methods.update2
2989               instead.
2990
2991           update2a{sv}: settings) → Nothing
2992               Update settings of service to settings. Settings are a
2993               dictionary indexed by keywords. For the type of each value see
2994               below. To zero a value pass an empty string or list.
2995
2996               version (s): see version attribute of service tag in
2997               firewalld.service(5).
2998
2999               name (s): see short tag in firewalld.service(5).
3000
3001               description (s): see description tag in firewalld.service(5).
3002
3003               ports (a(ss)): array of port and protocol pairs. See port tag
3004               in firewalld.service(5).
3005
3006               module names (as): array of kernel netfilter helpers, see
3007               module tag in firewalld.service(5).
3008
3009               destinations (a{ss}): dictionary of {IP family : IP address}
3010               where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3011               destination tag in firewalld.service(5).
3012
3013               protocols (as): array of protocols, see protocol tag in
3014               firewalld.service(5).
3015
3016               source_ports (a(ss)): array of port and protocol pairs. See
3017               source-port tag in firewalld.service(5).
3018
3019               includes (as): array of service includes, see include tag in
3020               firewalld.service(5).
3021
3022               Possible errors: INVALID_TYPE
3023
3024       Signals
3025           Removed(s: name)
3026               Emitted when service with name has been removed.
3027
3028           Renamed(s: name)
3029               Emitted when service has been renamed to name.
3030
3031           Updated(s: name)
3032               Emitted when service with name has been updated.
3033
3034       Properties
3035           builtin - b - (ro)
3036               True if service is build-in, false else.
3037
3038           default - b - (ro)
3039               True if build-in service has default settings. False if it has
3040               been modified. Always False for not build-in services.
3041
3042           filename - s - (ro)
3043               Name (including .xml extension) of file where the configuration
3044               is stored.
3045
3046           name - s - (ro)
3047               Name of service.
3048
3049           path - s - (ro)
3050               Path to directory where the configuration is stored. Should be
3051               either /usr/lib/firewalld/services or /etc/firewalld/services.
3052
3053   org.fedoraproject.FirewallD1.config.helper
3054       Interface for permanent helper configuration, see also
3055       firewalld.helper(5).
3056
3057       Methods
3058           addPort(s: port, s: protocol) → Nothing
3059               Permanently add (port, protocol) to list of ports in helper.
3060               See port tag in firewalld.helper(5).
3061
3062               Possible errors: ALREADY_ENABLED
3063
3064           getDescription() → s
3065               Get description of helper. See description tag in
3066               firewalld.helper(5).
3067
3068           getFamily() → s
3069               Get family being 'ipv4', 'ipv6' or empty for both. See family
3070               tag in firewalld.helper(5).
3071
3072           getModule() → s
3073               Get modules (netfilter kernel helpers) used in helper. See
3074               module tag in firewalld.helper(5).
3075
3076           getPorts() → a(ss)
3077               Get list of (port, protocol) defined in helper. See port tag in
3078               firewalld.helper(5).
3079
3080           getSettings() → (sssssa(ss))
3081               Return permanent settings of a helper. For getting runtime
3082               settings see
3083               org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3084               Settings are in format: version, name, description, family,
3085               module, array of ports (port, protocol).
3086
3087               version (s): see version attribute of helper tag in
3088               firewalld.helper(5).
3089
3090               name (s): see short tag in firewalld.helper(5).
3091
3092               description (s): see description tag in firewalld.helper(5).
3093
3094               family (s): see family tag in firewalld.helper(5).
3095
3096               module (s): see module tag in firewalld.helper(5).
3097
3098               ports (a(ss)): array of port and protocol pairs. See port tag
3099               in firewalld.helper(5).
3100
3101
3102           getShort() → s
3103               Get name of helper. See short tag in firewalld.helper(5).
3104
3105           getVersion() → s
3106               Get version of helper. See version attribute of helper tag in
3107               firewalld.helper(5).
3108
3109           loadDefaults() → Nothing
3110               Load default settings for built-in helper.
3111
3112               Possible errors: NO_DEFAULTS
3113
3114           queryFamily(s: module) → b
3115               Return whether family is set for helper. See family tag in
3116               firewalld.helper(5).
3117
3118           queryModule(s: module) → b
3119               Return whether module (netfilter kernel helpers) is used in
3120               helper. See module tag in firewalld.helper(5).
3121
3122           queryPort(s: port, s: protocol) → b
3123               Return whether (port, protocol) is in list of ports in helper.
3124               See port tag in firewalld.helper(5).
3125
3126           remove() → Nothing
3127               Remove not built-in helper.
3128
3129               Possible errors: BUILTIN_HELPER
3130
3131           removePort(s: port, s: protocol) → Nothing
3132               Permanently remove (port, protocol) from list of ports in
3133               helper. See port tag in firewalld.helper(5).
3134
3135               Possible errors: NOT_ENABLED
3136
3137           rename(s: name) → Nothing
3138               Rename not built-in helper to name.
3139
3140               Possible errors: BUILTIN_HELPER
3141
3142           setDescription(s: description) → Nothing
3143               Permanently set description of helper to description. See
3144               description tag in firewalld.helper(5).
3145
3146           setFamily(s: family) → Nothing
3147               Permanently set family of helper to family. See family tag in
3148               firewalld.helper(5).
3149
3150           setModule(s: module) → Nothing
3151               Permanently set module of helper to description. See module tag
3152               in firewalld.helper(5).
3153
3154           setPorts(a(ss): ports) → Nothing
3155               Permanently set ports of helper to list of (port, protocol).
3156               See port tag in firewalld.helper(5).
3157
3158           setShort(s: short) → Nothing
3159               Permanently set name of helper to short. See short tag in
3160               firewalld.helper(5).
3161
3162           setVersion(s: version) → Nothing
3163               Permanently set version of helper to version. See version
3164               attribute of helper tag in firewalld.helper(5).
3165
3166           update((sssssa(ss)): settings) → Nothing
3167               Update settings of helper to settings. Settings are in format:
3168               version, name, description, family, module and array of ports.
3169
3170               version (s): see version attribute of helper tag in
3171               firewalld.helper(5).
3172
3173               name (s): see short tag in firewalld.helper(5).
3174
3175               description (s): see description tag in firewalld.helper(5).
3176
3177               family (s): see family tag in firewalld.helper(5).
3178
3179               module (s): see module tag in firewalld.helper(5).
3180
3181               ports (a(ss)): array of port and protocol pairs. See port tag
3182               in firewalld.helper(5).
3183
3184               Possible errors: INVALID_HELPER
3185
3186       Signals
3187           Removed(s: name)
3188               Emitted when helper with name has been removed.
3189
3190           Renamed(s: name)
3191               Emitted when helper has been renamed to name.
3192
3193           Updated(s: name)
3194               Emitted when helper with name has been updated.
3195
3196       Properties
3197           builtin - b - (ro)
3198               True if helper is build-in, false else.
3199
3200           default - b - (ro)
3201               True if build-in helper has default settings. False if it has
3202               been modified. Always False for not build-in helpers.
3203
3204           filename - s - (ro)
3205               Name (including .xml extension) of file where the configuration
3206               is stored.
3207
3208           name - s - (ro)
3209               Name of helper.
3210
3211           path - s - (ro)
3212               Path to directory where the configuration is stored. Should be
3213               either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3214
3215   org.fedoraproject.FirewallD1.config.icmptype
3216       Interface for permanent icmp type configuration, see also
3217       firewalld.icmptype(5).
3218
3219       Methods
3220           addDestination(s: destination) → Nothing
3221               Permanently add a destination ('ipv4' or 'ipv6') to list of
3222               destinations of this icmp type. See destination tag in
3223               firewalld.icmptype(5).
3224
3225               Possible errors: ALREADY_ENABLED
3226
3227           getDescription() → s
3228               Get description of icmp type. See description tag in
3229               firewalld.icmptype(5).
3230
3231           getDestinations() → as
3232               Get list of destinations. See destination tag in
3233               firewalld.icmptype(5).
3234
3235           getSettings() → (sssas)
3236               Return permanent settings of icmp type. For getting runtime
3237               settings see
3238               org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3239               Settings are in format: version, name, description, array of
3240               destinations.
3241
3242               version (s): see version attribute of icmptype tag in
3243               firewalld.icmptype(5).
3244
3245               name (s): see short tag in firewalld.icmptype(5).
3246
3247               description (s): see description tag in firewalld.icmptype(5).
3248
3249               destinations (as): array, either empty or containing strings
3250               'ipv4' and/or 'ipv6', see destination tag in
3251               firewalld.icmptype(5).
3252
3253
3254           getShort() → s
3255               Get name of icmp type. See short tag in firewalld.icmptype(5).
3256
3257           getVersion() → s
3258               Get version of icmp type. See version attribute of icmptype tag
3259               in firewalld.icmptype(5).
3260
3261           loadDefaults() → Nothing
3262               Load default settings for built-in icmp type.
3263
3264               Possible errors: NO_DEFAULTS
3265
3266           queryDestination(s: destination) → b
3267               Return whether a destination ('ipv4' or 'ipv6') is in list of
3268               destinations of this icmp type. See destination tag in
3269               firewalld.icmptype(5).
3270
3271           remove() → Nothing
3272               Remove not built-in icmp type.
3273
3274               Possible errors: BUILTIN_ICMPTYPE
3275
3276           removeDestination(s: destination) → Nothing
3277               Permanently remove a destination ('ipv4' or 'ipv6') from list
3278               of destinations of this icmp type. See destination tag in
3279               firewalld.icmptype(5).
3280
3281               Possible errors: NOT_ENABLED
3282
3283           rename(s: name) → Nothing
3284               Rename not built-in icmp type to name.
3285
3286               Possible errors: BUILTIN_ICMPTYPE
3287
3288           setDescription(s: description) → Nothing
3289               Permanently set description of icmp type to description. See
3290               description tag in firewalld.icmptype(5).
3291
3292           setDestinations(as: destinations) → Nothing
3293               Permanently set destinations of icmp type to destinations,
3294               which is array, either empty or containing strings 'ipv4'
3295               and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3296
3297           setShort(s: short) → Nothing
3298               Permanently set name of icmp type to short. See short tag in
3299               firewalld.icmptype(5).
3300
3301           setVersion(s: version) → Nothing
3302               Permanently set version of icmp type to version. See version
3303               attribute of icmptype tag in firewalld.icmptype(5).
3304
3305           update((sssas): settings) → Nothing
3306               Update permanent settings of icmp type to settings. Settings
3307               are in format: version, name, description, array of
3308               destinations.
3309
3310               version (s): see version attribute of icmptype tag in
3311               firewalld.icmptype(5).
3312
3313               name (s): see short tag in firewalld.icmptype(5).
3314
3315               description (s): see description tag in firewalld.icmptype(5).
3316
3317               destinations (as): array, either empty or containing strings
3318               'ipv4' and/or 'ipv6', see destination tag in
3319               firewalld.icmptype(5).
3320
3321
3322       Signals
3323           Removed(s: name)
3324               Emitted when icmp type with name has been removed.
3325
3326           Renamed(s: name)
3327               Emitted when icmp type has been renamed to name.
3328
3329           Updated(s: name)
3330               Emitted when icmp type with name has been updated.
3331
3332       Properties
3333           builtin - b - (ro)
3334               True if icmptype is build-in, false else.
3335
3336           default - b - (ro)
3337               True if build-in icmp type has default settings. False if it
3338               has been modified. Always False for not build-in zones.
3339
3340           filename - s - (ro)
3341               Name (including .xml extension) of file where the configuration
3342               is stored.
3343
3344           name - s - (ro)
3345               Name of icmp type.
3346
3347           path - s - (ro)
3348               Path to directory where the icmp type configuration is stored.
3349               Should be either /usr/lib/firewalld/icmptypes or
3350               /etc/firewalld/icmptypes.
3351

SEE ALSO

3353       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3354       firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3355       firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3356       offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3357       firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3358       firewalld.helper(5)
3359

NOTES

3361       firewalld home page:
3362           http://firewalld.org
3363
3364       More documentation with examples:
3365           http://fedoraproject.org/wiki/FirewallD
3366

AUTHORS

3368       Thomas Woerner <twoerner@redhat.com>
3369           Developer
3370
3371       Jiri Popelka <jpopelka@redhat.com>
3372           Developer
3373
3374
3375
3376firewalld 0.7.2                                              FIREWALLD.DBUS(5)
Impressum