1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80 Possible errors: NOT_ENABLED, COMMAND_FAILED
82 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89 getAutomaticHelpers() → s
91 Deprecated. This always returns "no".
92 getDefaultZone() → s
94 Return default zone.
95 getHelperSettings(s: helper) → (sssssa(ss))
97 Return runtime settings of given helper. For getting permanent
98 settings see
99 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
100 Settings are in format: version, name, description, family,
101 module and array of ports.
102 version (s): see version attribute of helper tag in
104 firewalld.helper(5).
105 name (s): see short tag in firewalld.helper(5).
107 description (s): see description tag in firewalld.helper(5).
109 family (s): see family tag in firewalld.helper(5).
111 module (s): see module tag in firewalld.helper(5).
113 ports (a(ss)): array of port and protocol pairs. See port tag
115 in firewalld.helper(5).
116 Possible errors: INVALID_HELPER
118 getHelpers() → as
120 Return array of helper names (s) in runtime configuration. For
121 permanent configuration see
122 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
123 getIcmpTypeSettings(s: icmptype) → (sssas)
125 Return runtime settings of given icmptype. For getting
126 permanent settings see
127 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
128 Settings are in format: version, name, description, array of
129 destinations.
130 version (s): see version attribute of icmptype tag in
132 firewalld.icmptype(5).
133 name (s): see short tag in firewalld.icmptype(5).
135 description (s): see description tag in firewalld.icmptype(5).
137 destinations (as): array, either empty or containing strings
139 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
140 Possible errors: INVALID_ICMPTYPE
142 getLogDenied() → s
144 Retruns the LogDenied value. If LogDenied is enabled, then
145 logging rules are added right before reject and drop rules in
146 the INPUT, FORWARD and OUTPUT chains for the default rules and
147 also final reject and drop rules in zones. Possible values are:
148 all, unicast, broadcast, multicast and off. The default value
149 is off
150 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
152 This function is deprecated, use
153 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
154 instead.
155 getServiceSettings2(s: service) → s{sv}
157 Return runtime settings of given service. For getting permanent
158 settings see
159 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
160 Settings are a dictionary indexed by keywords. For the type of
161 each value see below. If the value is empty it may be ommitted.
162 version (s): see version attribute of service tag in
164 firewalld.service(5).
165 name (s): see short tag in firewalld.service(5).
167 description (s): see description tag in firewalld.service(5).
169 ports (a(ss)): array of port and protocol pairs. See port tag
171 in firewalld.service(5).
172 module names (as): array of kernel netfilter helpers, see
174 module tag in firewalld.service(5).
175 destinations (a{ss}): dictionary of {IP family : IP address}
177 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
178 destination tag in firewalld.service(5).
179 protocols (as): array of protocols, see protocol tag in
181 firewalld.service(5).
182 source_ports (a(ss)): array of port and protocol pairs. See
184 source-port tag in firewalld.service(5).
185 includes (as): array of service includes, see include tag in
187 firewalld.service(5).
188 helpers (as): array of service helpers, see helper tag in
190 firewalld.service(5).
191 Possible errors: INVALID_SERVICE
193 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
195 Return runtime settings of given zone. For getting permanent
196 settings see
197 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
198 Settings are in format: version, name, description, UNUSED,
199 target, array of services, array of ports (port, protocol),
200 array of icmp-blocks, masquerade, array of forward-ports (port,
201 protocol, to-port, to-addr), array of interfaces, array of
202 sources, array of rich rules, array of protocols and array of
203 source-ports (port, protocol).
204 version (s): see version attribute of zone tag in
206 firewalld.zone(5).
207 name (s): see short tag in firewalld.zone(5).
209 description (s): see description tag in firewalld.zone(5).
211 UNUSED (b): this boolean value is no longer used for anything.
213 target (s): see target attribute of zone tag in
215 firewalld.zone(5).
216 services (as): array of service names, see service tag in
218 firewalld.zone(5).
219 ports (a(ss)): array of port and protocol pairs. See port tag
221 in firewalld.zone(5).
222 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
224 firewalld.zone(5).
225 masquerade (b): see masquerade tag in firewalld.zone(5).
227 forward-ports (a(ssss)): array of (port, protocol, to-port,
229 to-addr). See forward-port tag in firewalld.zone(5).
230 interfaces (as): array of interfaces. See interface tag in
232 firewalld.zone(5).
233 source addresses (as): array of source addresses. See source
235 tag in firewalld.zone(5).
236 rich rules (as): array of rich-language rules. See rule tag in
238 firewalld.zone(5).
239 protocols (as): array of protocols, see protocol tag in
241 firewalld.zone(5).
242 source-ports (a(ss)): array of port and protocol pairs. See
244 source-port tag in firewalld.zone(5).
245 Possible errors: INVALID_ZONE
247 listIcmpTypes() → as
249 Return array of names (s) of icmp types in runtime
250 configuration. For permanent configuration see
251 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
252 listServices() → as
254 Return array of service names (s) in runtime configuration. For
255 permanent configuration see
256 org.fedoraproject.FirewallD1.config.Methods.listServices.
257 queryPanicMode() → b
259 Return true if panic mode is enabled, false otherwise. In panic
260 mode all incoming and outgoing packets are dropped.
261 reload() → Nothing
263 Reload firewall rules and keep state information. Current
264 permanent configuration will become new runtime configuration,
265 i.e. all runtime only changes done until reload are lost with
266 reload if they have not been also in permanent configuration.
267 runtimeToPermanent() → Nothing
269 Make runtime settings permanent. Replaces permanent settings
270 with runtime settings for zones, services, icmptypes, direct
271 and policies (lockdown whitelist).
272 Possible errors: RT_TO_PERM_FAILED
274 checkPermanentConfig() → Nothing
276 Run checks on the permanent configuration. This is most useful
277 if changes were made manually to configuration files.
278 Possible errors: any
280 setDefaultZone(s: zone) → Nothing
282 Set default zone for connections and interfaces where no zone
283 has been selected to zone. Setting the default zone changes the
284 zone for the connections or interfaces, that are using the
285 default zone. This is a runtime and permanent change.
286 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
288 setLogDenied(s: value) → Nothing
290 Set LogDenied value to value. If LogDenied is enabled, then
291 logging rules are added right before reject and drop rules in
292 the INPUT, FORWARD and OUTPUT chains for the default rules and
293 also final reject and drop rules in zones. Possible values are:
294 all, unicast, broadcast, multicast and off. The default value
295 is off This is a runtime and permanent change.
296 Possible errors: ALREADY_SET, INVALID_VALUE
298 Signals
300 DefaultZoneChanged(s: zone)
301 Emitted when default zone has been changed to zone.
302 LogDeniedChanged(s: value)
304 Emitted when LogDenied value has been changed.
305 PanicModeDisabled()
307 Emitted when panic mode has been deactivated.
308 PanicModeEnabled()
310 Emitted when panic mode has been activated.
311 Reloaded()
313 Emitted when firewalld has been reloaded. Also emitted for a
314 complete reload.
315 Properties
317 BRIDGE - b - (ro)
318 Indicates whether the firewall has ethernet bridge support.
319 IPSet - b - (ro)
321 Indicates whether the firewall has IPSet support.
322 IPSetTypes - as - (ro)
324 The supported IPSet types by ipset and firewalld.
325 IPv4 - b - (ro)
327 Indicates whether the firewall has IPv4 support.
328 IPv4ICMPTypes - as - (ro)
330 The list of supported IPv4 ICMP types.
331 IPv6 - b - (ro)
333 Indicates whether the firewall has IPv6 support.
334 IPv6_rpfilter - b - (ro)
336 Indicates whether the reverse path filter test on a packet for
337 IPv6 is enabled. If a reply to the packet would be sent via the
338 same interface that the packet arrived on, the packet will
339 match and be accepted, otherwise dropped.
340 IPv6ICMPTypes - as - (ro)
342 The list of supported IPv6 ICMP types.
343 nf_conntrach_helper_setting - b - (ro)
345 Deprecated. Always False.
346 nf_conntrack_helpers - a{sas} - (ro)
348 Deprecated. Always returns an empty dictionary.
349 nf_nat_helpers - a{sas} - (ro)
351 Deprecated. Always returns an empty dictionary.
352 interface_version - s - (ro)
354 firewalld D-Bus interface version string.
355 state - s - (ro)
357 firewalld state. This can be either INIT, FAILED, or RUNNING.
358 In INIT state, firewalld is starting up and initializing. In
359 FAILED state, firewalld completely started but experienced a
360 failure.
361 version - s - (ro)
363 firewalld version string.
364 org.fedoraproject.FirewallD1.ipset
366 Operations in this interface allows to get, add, remove and query
367 runtime ipset settings. For permanent configuration see
368 org.fedoraproject.FirewallD1.config.ipset interface.
369 Methods
371 addEntry(s: ipset, s: entry) → as
372 Add a new entry to ipset. The entry must match the type of the
373 ipset. If the ipset is using the timeout option, it is not
374 possible to see the entries, as they are timing out
375 automatically in the kernel. For permanent operation see
376 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
377 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
379 getEntries(s: ipset) → Nothing
381 Get all entries added to the ipset. If the ipset is using the
382 timeout option, it is not possible to see the entries, as they
383 are timing out automatically in the kernel. Return value is a
384 array of entry. For permanent operation see
385 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
386 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
388 getSettings(s: ipset) → (ssssa{ss}as)
390 Return runtime settings of given ipset. For getting permanent
391 settings see
392 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
393 Settings are in format: version, name, description, type,
394 dictionary of options and array of entries.
395 version (s): see version attribute of ipset tag in
397 firewalld.ipset(5).
398 name (s): see short tag in firewalld.ipset(5).
400 description (s): see description tag in firewalld.ipset(5).
402 type (s): see type attribute of ipset tag in
404 firewalld.ipset(5).
405 options (a{ss}): dictionary of {option : value} . See options
407 tag in firewalld.ipset(5).
408 entries (as): array of entries, see entry tag in
410 firewalld.ipset(5).
411 Possible errors: INVALID_IPSET
413 getIPSets() → as
415 Return array of ipset names (s) in runtime configuration. For
416 permanent configuration see
417 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
418 queryService(s: ipset, s: entry) → b
420 Return whether entry has been added to ipset. For permanent
421 operation see
422 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
423 Possible errors: INVALID_IPSET
425 queryService(s: ipset) → b
427 Return whether ipset is defined in runtime configuration.
428 removeEntry(s: ipset, s: entry) → as
430 Removes an entry from ipset. For permanent operation see
431 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
432 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
434 setEntries(as: entries) → Nothing
436 Permanently set list of entries to entries. For permanent
437 operation see
438 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
439 See entry tag in firewalld.ipset(5).
440 Signals
442 EntryAdded(s: ipset, s: entry)
443 Emitted when entry has been added to ipset.
444 EntryRemoved(s: ipset, s: entry)
446 Emitted when entry has been removed from ipset.
447 org.fedoraproject.FirewallD1.direct
449 This interface enables more direct access to the firewall. It enables
450 runtime manipulation with chains and rules. For permanent configuration
451 see org.fedoraproject.FirewallD1.config.direct interface.
452 Methods
454 addChain(s: ipv, s: table, s: chain) → Nothing
455 Add a new chain to table for ipv being either ipv4 (iptables)
456 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
457 other chain with this name already. There already exist basic
458 chains to use with direct methods, for example INPUT_direct
459 chain. These chains are jumped into before chains for zones,
460 i.e. every rule put into INPUT_direct will be checked before
461 rules in zones. For permanent operation see
462 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
463 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
465 COMMAND_FAILED
466 addPassthrough(s: ipv, as: args) → Nothing
468 Add a tracked passthrough rule with the arguments args for ipv
469 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
470 (ebtables). Valid commands in args are only -A/--append,
471 -I/--insert and -N/--new-chain. This method is (unlike
472 passthrough method) tracked, i.e. firewalld remembers it. It's
473 useful with
474 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
475 permanent operation see
476 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
477 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
479 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
481 Nothing
482 Add a rule with the arguments args to chain in table with
483 priority for ipv being either ipv4 (iptables) or ipv6
484 (ip6tables) or eb (ebtables). The priority is used to order
485 rules. Priority 0 means add rule on top of the chain, with a
486 higher priority the rule will be added further down. Rules with
487 the same priority are on the same level and the order of these
488 rules is not fixed and may change. If you want to make sure
489 that a rule will be added after another one, use a low priority
490 for the first and a higher for the following. For permanent
491 operation see
492 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
493 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
495 COMMAND_FAILED
496 getAllChains() → a(sss)
498 Get all chains added to all tables in format: ipv, table,
499 chain. This concerns only chains previously added with
500 addChain. Return value is a array of (ipv, table, chain). For
501 permanent operation see
502 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
503 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
505 (ebtables).
506 table (s): one of filter, mangle, nat, raw, security
508 chain (s): name of a chain.
510 getAllPassthroughs() → a(sas)
513 Get all tracked passthrough rules added in all ipv types in
514 format: ipv, rule. This concerns only rules previously added
515 with addPassthrough. Return value is a array of (ipv, array of
516 arguments). For permanent operation see
517 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
518 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
520 (ebtables).
521 arguments (as): array of commands, parameters and other
523 iptables/ip6tables/ebtables command line options.
524 getAllRules() → a(sssias)
527 Get all rules added to all chains in all tables in format: ipv,
528 table, chain, priority, rule. This concerns only rules
529 previously added with addRule. Return value is a array of (ipv,
530 table, chain, priority, array of arguments). For permanent
531 operation see
532 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
533 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
535 (ebtables).
536 table (s): one of filter, mangle, nat, raw, security
538 chain (s): name of a chain.
540 priority (i): used to order rules.
542 arguments (as): array of commands, parameters and other
544 iptables/ip6tables/ebtables command line options.
545 getChains(s: ipv, s: table) → as
548 Return an array of chains (s) added to table for ipv being
549 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
550 This concerns only chains previously added with addChain. For
551 permanent operation see
552 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
553 Possible errors: INVALID_IPV, INVALID_TABLE
555 getPassthroughs(s: ipv) → aas
557 Get tracked passthrough rules added in either ipv4 (iptables)
558 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
559 previously added with addPassthrough. Return value is a array
560 of (array of arguments). For permanent operation see
561 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
562 arguments (as): array of commands, parameters and other
564 iptables/ip6tables/ebtables command line options.
565 getRules(s: ipv, s: table, s: chain) → a(ias)
568 Get all rules added to chain in table for ipv being either ipv4
569 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
570 only rules previously added with addRule. Return value is a
571 array of (priority, array of arguments). For permanent
572 operation see
573 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
574 priority (i): used to order rules.
576 arguments (as): array of commands, parameters and other
578 iptables/ip6tables/ebtables command line options.
579 Possible errors: INVALID_IPV, INVALID_TABLE
581 passthrough(s: ipv, as: args) → s
583 Pass a command through to the firewall. ipv can be either ipv4
584 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
585 all iptables, ip6tables and ebtables command line arguments.
586 args can be all iptables, ip6tables and ebtables command line
587 arguments. This command is untracked, which means that
588 firewalld is not able to provide information about this command
589 later on.
590 Possible errors: COMMAND_FAILED
592 queryChain(s: ipv, s: table, s: chain) → b
594 Return whether a chain exists in table for ipv being either
595 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
596 concerns only chains previously added with addChain. For
597 permanent operation see
598 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
599 Possible errors: INVALID_IPV, INVALID_TABLE
601 queryPassthrough(s: ipv, as: args) → b
603 Return whether a tracked passthrough rule with the arguments
604 args exists for ipv being either ipv4 (iptables) or ipv6
605 (ip6tables) or eb (ebtables). This concerns only rules
606 previously added with addPassthrough. For permanent operation
607 see
608 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
609 Possible errors: INVALID_IPV
611 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
613 Return whether a rule with priority and the arguments args
614 exists in chain in table for ipv being either ipv4 (iptables)
615 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
616 previously added with addRule. For permanent operation see
617 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
618 Possible errors: INVALID_IPV, INVALID_TABLE
620 removeAllPassthroughs() → Nothing
622 Remove all passthrough rules previously added with
623 addPassthrough.
624 removeChain(s: ipv, s: table, s: chain) → Nothing
626 Remove a chain from table for ipv being either ipv4 (iptables)
627 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
628 added with addChain can be removed this way. For permanent
629 operation see
630 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
631 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
633 COMMAND_FAILED
634 removePassthrough(s: ipv, as: args) → Nothing
636 Remove a tracked passthrough rule with arguments args for ipv
637 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
638 (ebtables). Only rules previously added with addPassthrough can
639 be removed this way. For permanent operation see
640 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
641 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
643 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
645 Nothing
646 Remove a rule with priority and arguments args from chain in
647 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
648 or eb (ebtables). Only rules previously added with addRule can
649 be removed this way. For permanent operation see
650 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
651 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
653 COMMAND_FAILED
654 removeRules(s: ipv, s: table, s: chain) → Nothing
656 Remove all rules from chain in table for ipv being either ipv4
657 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
658 only rules previously added with addRule. For permanent
659 operation see
660 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
661 Possible errors: INVALID_IPV, INVALID_TABLE
663 Signals
665 ChainAdded(s: ipv, s: table, s: chain)
666 Emitted when chain has been added into table for ipv being
667 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
668 ChainRemoved(s: ipv, s: table, s: chain)
670 Emitted when chain has been removed from table for ipv being
671 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
672 PassthroughAdded(s: ipv, as: args)
674 Emitted when a tracked passthruogh rule with args has been
675 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
676 or eb (ebtables).
677 PassthroughRemoved(s: ipv, as: args)
679 Emitted when a tracked passthrough rule with args has been
680 removed for ipv being either ipv4 (iptables) or ipv6
681 (ip6tables) or eb (ebtables).
682 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
684 Emitted when a rule with args has been added to chain in table
685 with priority for ipv being either ipv4 (iptables) or ipv6
686 (ip6tables) or eb (ebtables).
687 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
689 Emitted when a rule with args has been removed from chain in
690 table with priority for ipv being either ipv4 (iptables) or
691 ipv6 (ip6tables) or eb (ebtables).
692 org.fedoraproject.FirewallD1.policies
694 Enables firewalld to be able to lock down configuration changes from
695 local applications. Local applications or services are able to change
696 the firewall configuration if they are running as root (example:
697 libvirt). With these operations administrator can lock the firewall
698 configuration so that either none or only applications that are in the
699 whitelist are able to request firewall changes. For permanent
700 configuration see org.fedoraproject.FirewallD1.config.policies
701 interface.
702 Methods
704 addLockdownWhitelistCommand(s: command) → Nothing
705 Add command to whitelist. See command option in
706 firewalld.lockdown-whitelist(5). For permanent operation see
707 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
708 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
710 addLockdownWhitelistContext(s: context) → Nothing
712 Add context to whitelist. See selinux option in
713 firewalld.lockdown-whitelist(5). For permanent operation see
714 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
715 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
717 addLockdownWhitelistUid(i: uid) → Nothing
719 Add user id uid to whitelist. See user option in
720 firewalld.lockdown-whitelist(5). For permanent operation see
721 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
722 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
724 addLockdownWhitelistUser(s: user) → Nothing
726 Add user name to whitelist. See user option in
727 firewalld.lockdown-whitelist(5). For permanent operation see
728 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
729 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
731 disableLockdown() → Nothing
733 Disable lockdown. This is a runtime and permanent change.
734 Possible errors: NOT_ENABLED
736 enableLockdown() → Nothing
738 Enable lockdown. Be careful - if the calling application/user
739 is not on lockdown whitelist when you enable lockdown you won't
740 be able to disable it again with the application, you would
741 need to edit firewalld.conf. This is a runtime and permanent
742 change.
743 Possible errors: ALREADY_ENABLED
745 getLockdownWhitelistCommands() → as
747 List all command lines (s) that are on whitelist. For permanent
748 operation see
749 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
750 getLockdownWhitelistContexts() → as
752 List all contexts (s) that are on whitelist. For permanent
753 operation see
754 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
755 getLockdownWhitelistUids() → ai
757 List all user ids (i) that are on whitelist. For permanent
758 operation see
759 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
760 getLockdownWhitelistUsers() → as
762 List all users (s) that are on whitelist. For permanent
763 operation see
764 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
765 queryLockdown() → b
767 Query whether lockdown is enabled.
768 queryLockdownWhitelistCommand(s: command) → b
770 Query whether command is on whitelist. For permanent operation
771 see
772 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
773 queryLockdownWhitelistContext(s: context) → b
775 Query whether context is on whitelist. For permanent operation
776 see
777 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
778 queryLockdownWhitelistUid(i: uid) → b
780 Query whether user id uid is on whitelist. For permanent
781 operation see
782 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
783 queryLockdownWhitelistUser(s: user) → b
785 Query whether user is on whitelist. For permanent operation see
786 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
787 removeLockdownWhitelistCommand(s: command) → Nothing
789 Remove command from whitelist. For permanent operation see
790 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
791 Possible errors: NOT_ENABLED
793 removeLockdownWhitelistContext(s: context) → Nothing
795 Remove context from whitelist. For permanent operation see
796 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
797 Possible errors: NOT_ENABLED
799 removeLockdownWhitelistUid(i: uid) → Nothing
801 Remove user id uid from whitelist. For permanent operation see
802 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
803 Possible errors: NOT_ENABLED
805 removeLockdownWhitelistUser(s: user) → Nothing
807 Remove user from whitelist. For permanent operation see
808 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
809 Possible errors: NOT_ENABLED
811 Signals
813 LockdownDisabled()
814 Emitted when lockdown has been disabled.
815 LockdownEnabled()
817 Emitted when lockdown has been enabled.
818 LockdownWhitelistCommandAdded(s: command)
820 Emitted when command has been added to whitelist.
821 LockdownWhitelistCommandRemoved(s: command)
823 Emitted when command has been removed from whitelist.
824 LockdownWhitelistContextAdded(s: context)
826 Emitted when context has been added to whitelist.
827 LockdownWhitelistContextRemoved(s: context)
829 Emitted when context has been removed from whitelist.
830 LockdownWhitelistUidAdded(i: uid)
832 Emitted when user id uid has been added to whitelist.
833 LockdownWhitelistUidRemoved(i: uid)
835 Emitted when user id uid has been removed from whitelist.
836 LockdownWhitelistUserAdded(s: user)
838 Emitted when user has been added to whitelist.
839 LockdownWhitelistUserRemoved(s: user)
841 Emitted when user has been removed from whitelist.
842 org.fedoraproject.FirewallD1.zone
844 Operations in this interface allows to get, add, remove and query
845 runtime zone's settings. For permanent settings see
846 org.fedoraproject.FirewallD1.config.zone interface.
847 Methods
849 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
850 i: timeout) → s
851 Add the IPv4 forward port into zone. If zone is empty, use
852 default zone. The port can either be a single port number
853 portid or a port range portid-portid. The protocol can either
854 be tcp or udp. The destination address is a simple IP address.
855 If timeout is non-zero, the operation will be active only for
856 the amount of seconds. For permanent settings see
857 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
858 Returns name of zone to which the forward port was added.
860 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
862 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
863 ALREADY_ENABLED, INVALID_COMMAND
864 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
866 Add an ICMP block icmp into zone. The icmp is the one of the
867 icmp types firewalld supports. To get a listing of supported
868 icmp types use
869 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
870 empty, use default zone. If timeout is non-zero, the operation
871 will be active only for the amount of seconds. For permanent
872 settings see
873 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
874 Returns name of zone to which the ICMP block was added.
876 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
878 ALREADY_ENABLED, INVALID_COMMAND
879 addIcmpBlockInversion(s: zone) → s
881 Add ICMP block inversion to zone. If zone is empty, use default
882 zone. For permanent settings see
883 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
884 Returns name of zone to which the ICMP block inversion was
886 added.
887 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
889 addInterface(s: zone, s: interface) → s
891 Bind interface with zone. From now on all traffic going through
892 the interface will respect the zone's settings. If zone is
893 empty, use default zone. For permanent settings see
894 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
895 Returns name of zone to which the interface was bound.
897 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
899 ALREADY_ENABLED, INVALID_COMMAND
900 addMasquerade(s: zone, i: timeout) → s
902 Enable masquerade in zone. If zone is empty, use default zone.
903 If timeout is non-zero, masquerading will be active for the
904 amount of seconds. For permanent settings see
905 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
906 Returns name of zone in which the masquerade was enabled.
908 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
910 addPort(s: zone, s: port, s: protocol, i: timeout) → s
912 Add port into zone. If zone is empty, use default zone. The
913 port can either be a single port number or a port range
914 portid-portid. The protocol can either be tcp or udp. If
915 timeout is non-zero, the operation will be active only for the
916 amount of seconds. For permanent settings see
917 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
918 Returns name of zone to which the port was added.
920 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
922 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
923 addProtocol(s: zone, s: protocol, i: timeout) → s
925 Add protocol into zone. If zone is empty, use default zone. The
926 protocol can be any protocol supported by the system. Please
927 have a look at /etc/protocols for supported protocols. If
928 timeout is non-zero, the operation will be active only for the
929 amount of seconds. For permanent settings see
930 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
931 Returns name of zone to which the protocol was added.
933 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
935 ALREADY_ENABLED, INVALID_COMMAND
936 addRichRule(s: zone, s: rule, i: timeout) → s
938 Add rich language rule into zone. For the rich language rule
939 syntax, please have a look at firewalld.direct(5). If zone is
940 empty, use default zone. If timeout is non-zero, the operation
941 will be active only for the amount of seconds. For permanent
942 settings see
943 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
944 Returns name of zone to which the rich language rule was added.
946 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
948 INVALID_COMMAND
949 addService(s: zone, s: service, i: timeout) → s
951 Add service into zone. If zone is empty, use default zone. If
952 timeout is non-zero, the operation will be active only for the
953 amount of seconds. To get a list of supported services, use
954 org.fedoraproject.FirewallD1.Methods.listServices. For
955 permanent settings see
956 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
957 Returns name of zone to which the service was added.
959 Possible errors: INVALID_ZONE, INVALID_SERVICE,
961 ALREADY_ENABLED, INVALID_COMMAND
962 addSource(s: zone, s: source) → s
964 Bind source with zone. From now on all traffic going from this
965 source will respect the zone's settings. A source address or
966 address range is either an IP address or a network IP address
967 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
968 network mask or a plain number. For IPv6 the mask is a plain
969 number. Use of host names is not supported. If zone is empty,
970 use default zone. For permanent settings see
971 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
972 Returns name of zone to which the source was bound.
974 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
976 INVALID_COMMAND
977 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
979 Add source port into zone. If zone is empty, use default zone.
980 The port can either be a single port number or a port range
981 portid-portid. The protocol can either be tcp or udp. If
982 timeout is non-zero, the operation will be active only for the
983 amount of seconds. For permanent settings see
984 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
985 Returns name of zone to which the port was added.
987 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
989 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
990 changeZone(s: zone, s: interface) → s
992 This function is deprecated, use
993 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
994 instead.
995 changeZoneOfInterface(s: zone, s: interface) → s
997 Change a zone an interface is bound to to zone. It's basically
998 removeInterface(interface) followed by addInterface(zone,
999 interface). If interface has not been bound to a zone before,
1000 it behaves like addInterface. If zone is empty, use default
1001 zone.
1002 Returns name of zone to which the interface was bound.
1004 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1006 changeZoneOfSource(s: zone, s: source) → s
1008 Change a zone an source is bound to to zone. It's basically
1009 removeSource(source) followed by addSource(zone, source). If
1010 source has not been bound to a zone before, it behaves like
1011 addSource. If zone is empty, use default zone.
1012 Returns name of zone to which the source was bound.
1014 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1016 getActiveZones() → a{sa{sas}}
1018 Return dictionary of currently active zones altogether with
1019 interfaces and sources used in these zones. Active zones are
1020 zones, that have a binding to an interface or source.
1021 Return value is a dictionary where keys are zone names (s) and
1023 values are again dictionaries where keys are either
1024 'interfaces' or 'sources' and values are arrays of interface
1025 names (s) or sources (s).
1026 getForwardPorts(s: zone) → aas
1028 Return array of IPv4 forward ports previously added into zone.
1029 If zone is empty, use default zone. For getting permanent
1030 settings see
1031 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1032 Return value is array of 4-tuples, where each 4-tuple consists
1034 of (port, protocol, to-port, to-addr). to-addr might be empty
1035 in case of local forwarding.
1036 Possible errors: INVALID_ZONE
1038 getIcmpBlocks(s: zone) → as
1040 Return array of ICMP type (s) blocks previously added into
1041 zone. If zone is empty, use default zone. For getting permanent
1042 settings see
1043 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1044 Possible errors: INVALID_ZONE
1046 getIcmpBlockInversion(s: zone) → b
1048 Return whether ICMP block inversion was previously added to
1049 zone. If zone is empty, use default zone. For getting permanent
1050 settings see
1051 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1052 Possible errors: INVALID_ZONE
1054 getInterfaces(s: zone) → as
1056 Return array of interfaces (s) previously bound with zone. If
1057 zone is empty, use default zone. For getting permanent settings
1058 see
1059 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1060 Possible errors: INVALID_ZONE
1062 getPorts(s: zone) → aas
1064 Return array of ports (2-tuple of port and protocol) previously
1065 enabled in zone. If zone is empty, use default zone. For
1066 getting permanent settings see
1067 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1068 Possible errors: INVALID_ZONE
1070 getProtocols(s: zone) → as
1072 Return array of protocols (s) previously enabled in zone. If
1073 zone is empty, use default zone. For getting permanent settings
1074 see
1075 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1076 Possible errors: INVALID_ZONE
1078 getRichRules(s: zone) → as
1080 Return array of rich language rules (s) previously added into
1081 zone. If zone is empty, use default zone. For getting permanent
1082 settings see
1083 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1084 Possible errors: INVALID_ZONE
1086 getServices(s: zone) → as
1088 Return array of services (s) previously enabled in zone. If
1089 zone is empty, use default zone. For getting permanent settings
1090 see
1091 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1092 Possible errors: INVALID_ZONE
1094 getSourcePorts(s: zone) → aas
1096 Return array of source ports (2-tuple of port and protocol)
1097 previously enabled in zone. If zone is empty, use default zone.
1098 For getting permanent settings see
1099 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1100 Possible errors: INVALID_ZONE
1102 getSources(s: zone) → as
1104 Return array of sources (s) previously bound with zone. If zone
1105 is empty, use default zone. For getting permanent settings see
1106 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1107 Possible errors: INVALID_ZONE
1109 getZoneOfInterface(s: interface) → s
1111 Return name (s) of zone the interface is bound to or empty
1112 string.
1113 getZoneOfSource(s: source) → s
1115 Return name (s) of zone the source is bound to or empty string.
1116 getZones() → as
1118 Return array of names (s) of predefined zones known to current
1119 runtime environment. For list of zones known to permanent
1120 environment see
1121 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1122 lists (of zones known to runtime and permanent environment)
1123 will contain same zones in most cases, but might differ for
1124 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1125 has been called recently, but firewalld has not been reloaded
1126 since then.
1127 isImmutable(s: zone) → b
1129 Deprecated.
1130 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1132 toaddr) → b
1133 Return whether the IPv4 forward port (port, protocol, toport,
1134 toaddr) has been added into zone. If zone is empty, use default
1135 zone. For permanent operation see
1136 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1137 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1139 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1140 queryIcmpBlock(s: zone, s: icmp) → b
1142 Return whether an ICMP block for icmp has been added into zone.
1143 If zone is empty, use default zone. For permanent operation see
1144 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1145 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1147 queryIcmpBlockInversion(s: zone) → b
1149 Return whether ICMP block inversion has been added to zone. If
1150 zone is empty, use default zone. For permanent operation see
1151 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1152 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1154 queryInterface(s: zone, s: interface) → b
1156 Query whether interface has been bound to zone. If zone is
1157 empty, use default zone. For permanent operation see
1158 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1159 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1161 queryMasquerade(s: zone) → b
1163 Return whether masquerading has been enabled in zone If zone is
1164 empty, use default zone. For permanent operation see
1165 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1166 Possible errors: INVALID_ZONE
1168 queryPort(s: zone, s: port, s: protocol) → b
1170 Return whether port/protocol has been added in zone. If zone is
1171 empty, use default zone. For permanent operation see
1172 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1173 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1175 INVALID_PROTOCOL
1176 queryProtocol(s: zone, s: protocol) → b
1178 Return whether protocol has been added in zone. If zone is
1179 empty, use default zone. For permanent operation see
1180 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1181 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1183 queryRichRule(s: zone, s: rule) → b
1185 Return whether rich rule rule has been added in zone. If zone
1186 is empty, use default zone. For permanent operation see
1187 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1188 Possible errors: INVALID_ZONE, INVALID_RULE
1190 queryService(s: zone, s: service) → b
1192 Return whether service has been added for zone. If zone is
1193 empty, use default zone. For permanent operation see
1194 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1195 Possible errors: INVALID_ZONE, INVALID_SERVICE
1197 querySource(s: zone, s: source) → b
1199 Query whether sourcehas been bound to zone. If zone is empty,
1200 use default zone. For permanent operation see
1201 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1202 Possible errors: INVALID_ZONE, INVALID_ADDR
1204 querySourcePort(s: zone, s: port, s: protocol) → b
1206 Return whether port/protocol has been added in zone. If zone is
1207 empty, use default zone. For permanent operation see
1208 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1209 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1211 INVALID_PROTOCOL
1212 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1214 toaddr) → s
1215 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1216 from zone. If zone is empty, use default zone. For permanent
1217 operation see
1218 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1219 Returns name of zone from which the forward port was removed.
1221 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1223 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1224 INVALID_COMMAND
1225 removeIcmpBlock(s: zone, s: icmp) → s
1227 Remove ICMP block icmp from zone. If zone is empty, use default
1228 zone. For permanent operation see
1229 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1230 Returns name of zone from which the ICMP block was removed.
1232 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1234 INVALID_COMMAND
1235 removeIcmpBlockInversion(s: zone) → s
1237 Remove ICMP block inversion from zone. If zone is empty, use
1238 default zone. For permanent operation see
1239 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1240 Returns name of zone from which the ICMP block inversion was
1242 removed.
1243 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1245 removeInterface(s: zone, s: interface) → s
1247 Remove binding of interface from zone. If zone is empty, the
1248 interface will be removed from zone it belongs to. For
1249 permanent operation see
1250 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1251 Returns name of zone from which the interface was removed.
1253 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1255 INVALID_COMMAND
1256 removeMasquerade(s: zone) → s
1258 Disable masquerade for zone. If zone is empty, use default
1259 zone. For permanent operation see
1260 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1261 Returns name of zone for which the masquerade was disabled.
1263 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1265 removePort(s: zone, s: port, s: protocol) → s
1267 Remove port/protocol from zone. If zone is empty, use default
1268 zone. For permanent operation see
1269 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1270 Returns name of zone from which the port was removed.
1272 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1274 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1275 removeProtocol(s: zone, s: protocol) → s
1277 Remove protocol from zone. If zone is empty, use default zone.
1278 For permanent operation see
1279 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1280 Returns name of zone from which the protocol was removed.
1282 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1284 INVALID_COMMAND
1285 removeRichRule(s: zone, s: rule) → s
1287 Remove rich language rule from zone. If zone is empty, use
1288 default zone. For permanent operation see
1289 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1290 Returns name of zone from which the rich language rule was
1292 removed.
1293 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1295 INVALID_COMMAND
1296 removeService(s: zone, s: service) → s
1298 Remove service from zone. If zone is empty, use default zone.
1299 For permanent operation see
1300 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1301 Returns name of zone from which the service was removed.
1303 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1305 INVALID_COMMAND
1306 removeSource(s: zone, s: source) → s
1308 Remove binding of source from zone. If zone is empty, the
1309 source will be removed from zone it belongs to. For permanent
1310 operation see
1311 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1312 Returns name of zone from which the source was removed.
1314 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1316 INVALID_COMMAND
1317 removeSourcePort(s: zone, s: port, s: protocol) → s
1319 Remove port/protocol from zone. If zone is empty, use default
1320 zone. For permanent operation see
1321 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1322 Returns name of zone from which the source port was removed.
1324 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1326 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1327 Signals
1329 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1330 toaddr, i: timeout)
1331 Emitted when forward port has been added to zone with timeout.
1332 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1334 toaddr)
1335 Emitted when forward port has been removed from zone.
1336 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1338 Emitted when ICMP block for icmp has been added to zone with
1339 timeout.
1340 IcmpBlockInversionAdded(s: zone)
1342 Emitted when ICMP block inversion has been added to zone.
1343 IcmpBlockInversionRemoved(s: zone)
1345 Emitted when ICMP block inversion has been removed from zone.
1346 IcmpBlockRemoved(s: zone, s: icmp)
1348 Emitted when ICMP block for icmp has been removed from zone.
1349 InterfaceAdded(s: zone, s: interface)
1351 Emitted when interface has been added to zone.
1352 InterfaceRemoved(s: zone, s: interface)
1354 Emitted when interface has been removed from zone.
1355 MasqueradeAdded(s: zone, i: timeout)
1357 Emitted when masquerade has been enabled for zone.
1358 MasqueradeRemoved(s: zone)
1360 Emitted when masquerade has been disabled for zone.
1361 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1363 Emitted when port/protocol has been added to zone with timeout.
1364 PortRemoved(s: zone, s: port, s: protocol)
1366 Emitted when port/protocol has been removed from zone.
1367 ProtocolAdded(s: zone, s: protocol, i: timeout)
1369 Emitted when protocol has been added to zone with timeout.
1370 ProtocolRemoved(s: zone, s: protocol)
1372 Emitted when protocol has been removed from zone.
1373 RichRuleAdded(s: zone, s: rule, i: timeout)
1375 Emitted when rich language rule has been added to zone with
1376 timeout.
1377 RichRuleRemoved(s: zone, s: rule)
1379 Emitted when rich language rule has been removed from zone.
1380 ServiceAdded(s: zone, s: service, i: timeout)
1382 Emitted when service has been added to zone with timeout.
1383 ServiceRemoved(s: zone, s: service)
1385 Emitted when service has been removed from zone.
1386 SourceAdded(s: zone, s: source)
1388 Emitted when source has been added to zone.
1389 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1391 Emitted when source-port/protocol has been added to zone with
1392 timeout.
1393 SourcePortRemoved(s: zone, s: port, s: protocol)
1395 Emitted when source-port/protocol has been removed from zone.
1396 SourceRemoved(s: zone, s: source)
1398 Emitted when source has been removed from zone.
1399 ZoneChanged(s: zone, s: interface)
1401 Deprecated
1402 ZoneOfInterfaceChanged(s: zone, s: interface)
1404 Emitted when a zone an interface is part of has been changed to
1405 zone.
1406 ZoneOfSourceChanged(s: zone, s: source)
1408 Emitted when a zone an source is part of has been changed to
1409 zone.
1410 org.fedoraproject.FirewallD1.config
1412 Allows to permanently add, remove and query zones, services and icmp
1413 types.
1414 Methods
1416 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1417 Add ipset with given settings into permanent configuration.
1418 Settings are in format: version, name, description, type,
1419 dictionary of options and array of entries.
1420 version (s): see version attribute of ipset tag in
1422 firewalld.ipset(5).
1423 name (s): see short tag in firewalld.ipset(5).
1425 description (s): see description tag in firewalld.ipset(5).
1427 type (s): see type attribute of ipset tag in
1429 firewalld.ipset(5).
1430 options (a{ss}): dictionary of {option : value} . See options
1432 tag in firewalld.ipset(5).
1433 entries (as): array of entries, see entry tag in
1435 firewalld.ipset(5).
1436 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1438 addIcmpType(s: icmptype, (sssas): settings) → o
1440 Add icmptype with given settings into permanent configuration.
1441 Settings are in format: version, name, description, array of
1442 destinations. Returns object path of the new icmp type.
1443 version (s): see version attribute of icmptype tag in
1445 firewalld.icmptype(5).
1446 name (s): see short tag in firewalld.icmptype(5).
1448 description (s): see description tag in firewalld.icmptype(5).
1450 destinations (as): array, either empty or containing strings
1452 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1453 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1455 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1457 This function is deprecated, use
1458 org.fedoraproject.FirewallD1.config.Methods.addService2
1459 instead.
1460 addService2s: service, a{sv}: settings) → o
1462 Add service with given settings into permanent configuration.
1463 Settings are a dictionary indexed by keywords. For the type of
1464 each value see below. To zero a value pass an empty string or
1465 list.
1466 version (s): see version attribute of service tag in
1468 firewalld.service(5).
1469 name (s): see short tag in firewalld.service(5).
1471 description (s): see description tag in firewalld.service(5).
1473 ports (a(ss)): array of port and protocol pairs. See port tag
1475 in firewalld.service(5).
1476 module names (as): array of kernel netfilter helpers, see
1478 module tag in firewalld.service(5).
1479 destinations (a{ss}): dictionary of {IP family : IP address}
1481 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1482 destination tag in firewalld.service(5).
1483 protocols (as): array of protocols, see protocol tag in
1485 firewalld.service(5).
1486 source_ports (a(ss)): array of port and protocol pairs. See
1488 source-port tag in firewalld.service(5).
1489 includes (as): array of service includes, see include tag in
1491 firewalld.service(5).
1492 helpers (as): array of service helpers, see helper tag in
1494 firewalld.service(5).
1495 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1497 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1499 o
1500 Add zone with given settings into permanent configuration.
1501 Settings are in format: version, name, description, UNUSED,
1502 target, array of services, array of ports (port, protocol),
1503 array of icmp-blocks, masquerade, array of forward-ports (port,
1504 protocol, to-port, to-addr), array of interfaces, array of
1505 sources, array of rich rules, array of protocols and array of
1506 source-ports (port, protocol).
1507 version (s): see version attribute of zone tag in
1509 firewalld.zone(5).
1510 name (s): see short tag in firewalld.zone(5).
1512 description (s): see description tag in firewalld.zone(5).
1514 UNUSED (b): this boolean value is no longer used for anything.
1516 target (s): see target attribute of zone tag in
1518 firewalld.zone(5).
1519 services (as): array of service names, see service tag in
1521 firewalld.zone(5).
1522 ports (a(ss)): array of port and protocol pairs. See port tag
1524 in firewalld.zone(5).
1525 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1527 firewalld.zone(5).
1528 masquerade (b): see masquerade tag in firewalld.zone(5).
1530 forward-ports (a(ssss)): array of (port, protocol, to-port,
1532 to-addr). See forward-port tag in firewalld.zone(5).
1533 interfaces (as): array of interfaces. See interface tag in
1535 firewalld.zone(5).
1536 source addresses (as): array of source addresses. See source
1538 tag in firewalld.zone(5).
1539 rich rules (as): array of rich-language rules. See rule tag in
1541 firewalld.zone(5).
1542 protocols (as): array of protocols. See protocol tag in
1544 firewalld.zone(5).
1545 source-ports (a(ss)): array of port and protocol pairs. See
1547 source-port tag in firewalld.zone(5).
1548 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1550 getHelperByName(s: helper) → o
1552 Return object path (permanent configuration) of helper with
1553 given name.
1554 Possible errors: INVALID_HELPER
1556 getHelperNames() → as
1558 Return list of helper names (permanent configuration).
1559 getIPSetByName(s: ipset) → o
1561 Return object path (permanent configuration) of ipset with
1562 given name.
1563 Possible errors: INVALID_IPSET
1565 getIPSetNames() → as
1567 Return list of ipset names (permanent configuration).
1568 getIcmpTypeByName(s: icmptype) → o
1570 Return object path (permanent configuration) of icmptype with
1571 given name.
1572 Possible errors: INVALID_ICMPTYPE
1574 getIcmpTypeNames() → as
1576 Return list of icmptype names (permanent configuration).
1577 getServiceByName(s: service) → o
1579 Return object path (permanent configuration) of service with
1580 given name.
1581 Possible errors: INVALID_SERVICE
1583 getServiceNames() → as
1585 Return list of service names (permanent configuration).
1586 getZoneByName(s: zone) → o
1588 Return object path (permanent configuration) of zone with given
1589 name.
1590 Possible errors: INVALID_ZONE
1592 getZoneNames() → as
1594 Return list of zone names (permanent configuration) of.
1595 getZoneOfInterface(s: iface) → s
1597 Return name of zone the iface is bound to or empty string.
1598 getZoneOfSource(s: source) → s
1600 Return name of zone the source is bound to or empty string.
1601 listHelpers() → ao
1603 Return array of object paths (o) of helper in permanent
1604 configuration. For runtime configuration see
1605 org.fedoraproject.FirewallD1.Methods.getHelpers.
1606 listIPSets() → ao
1608 Return array of object paths (o) of ipset in permanent
1609 configuration. For runtime configuration see
1610 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1611 listIcmpTypes() → ao
1613 Return array of object paths (o) of icmp types in permanent
1614 configuration. For runtime configuration see
1615 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1616 listServices() → ao
1618 Return array of objects paths (o) of services in permanent
1619 configuration. For runtime configuration see
1620 org.fedoraproject.FirewallD1.Methods.listServices.
1621 listZones() → ao
1623 List object paths of zones known to permanent environment. For
1624 list of zones known to runtime environment see
1625 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1626 (of zones known to runtime and permanent environment) will
1627 contain same zones in most cases, but might differ for example
1628 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1629 called recently, but firewalld has not been reloaded since
1630 then.
1631 Signals
1633 HelperAdded(s: helper)
1634 Emitted when helper has been added.
1635 IPSetAdded(s: ipset)
1637 Emitted when ipset has been added.
1638 IcmpTypeAdded(s: icmptype)
1640 Emitted when icmptype has been added.
1641 ServiceAdded(s: service)
1643 Emitted when service has been added.
1644 ZoneAdded(s: zone)
1646 Emitted when zone has been added.
1647 Properties
1649 AllowZoneDrifting - s - (rw)
1650 Older versions of firewalld had undocumented behavior known as
1651 "zone drifting". This allowed packets to ingress multiple zones
1652 - this is a violation of zone based firewalls. However, some
1653 users rely on this behavior to have a "catch-all" zone, e.g.
1654 the default zone. You can enable this if you desire such
1655 behavior. It's disabled by default for security reasons. Note:
1656 If "yes" packets will only drift from source based zones to
1657 interface based zones (including the default zone). Packets
1658 never drift from interface based zones to other interfaces
1659 based zones (including the default zone). Valid values; "yes",
1660 "no". Defaults to "no".
1661 AutomaticHelpers - s - (rw)
1663 Deprecated. Getting this value always returns "no". Setting
1664 this value is ignored.
1665 CleanupOnExit - s - (rw)
1667 If firewalld stops, it cleans up all firewall rules. Setting
1668 this option to no or false leaves the current firewall rules
1669 untouched.
1670 DefaultZone - s - (ro)
1672 Default zone for connections or interfaces if the zone is not
1673 selected or specified by NetworkManager, initscripts or command
1674 line tool.
1675 FirewallBackend - s - (rw)
1677 Selects the firewalld backend for all rules except the direct
1678 interface. Valid options are; nftables, iptables. Default in
1679 nftables.
1680 FirewallBackend - s - (rw)
1682 Flush all runtime rules on a reload. Valid options are; yes,
1683 no.
1684 IPv6_rpfilter - s - (rw)
1686 Indicates whether the reverse path filter test on a packet for
1687 IPv6 is enabled. If a reply to the packet would be sent via the
1688 same interface that the packet arrived on, the packet will
1689 match and be accepted, otherwise dropped.
1690 IndividualCalls - s - (ro)
1692 Indicates whether individual calls combined -restore calls are
1693 used. If enabled, this increases the time that is needed to
1694 apply changes and to start the daemon, but is good for
1695 debugging.
1696 Lockdown - s - (rw)
1698 If this property is enabled, firewall changes with the D-Bus
1699 interface will be limited to applications that are listed in
1700 the lockdown whitelist.
1701 LogDenied - s - (rw)
1703 If LogDenied is enabled, then logging rules are added right
1704 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1705 chains for the default rules and also final reject and drop
1706 rules in zones. Possible values are: all, unicast, broadcast,
1707 multicast and off.
1708 MinimalMark - i - (rw)
1710 Deprecated. This option is ignored and no longer used. Marks
1711 are no longer used internally.
1712 FirewallBackend - s - (rw)
1714 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1715 addresses that correspond to IPv4 addresses that should not be
1716 routed over the public internet. Valid options are; yes, no.
1717 org.fedoraproject.FirewallD1.config.direct
1719 Interface for permanent direct configuration, see also
1720 firewalld.direct(5). For runtime direct configuration see
1721 org.fedoraproject.FirewallD1.direct interface.
1722 Methods
1724 addChain(s: ipv, s: table, s: chain) → Nothing
1725 Add a new chain to table for ipv being either ipv4 (iptables)
1726 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1727 other chain with this name already. There already exist basic
1728 chains to use with direct methods, for example INPUT_direct
1729 chain. These chains are jumped into before chains for zones,
1730 i.e. every rule put into INPUT_direct will be checked before
1731 rules in zones. For runtime operation see
1732 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1733 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1735 addPassthrough(s: ipv, as: args) → Nothing
1737 Add a passthrough rule with the arguments args for ipv being
1738 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1739 For runtime operation see
1740 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1741 Possible errors: INVALID_IPV, ALREADY_ENABLED
1743 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1745 Nothing
1746 Add a rule with the arguments args to chain in table with
1747 priority for ipv being either ipv4 (iptables) or ipv6
1748 (ip6tables) or eb (ebtables). The priority is used to order
1749 rules. Priority 0 means add rule on top of the chain, with a
1750 higher priority the rule will be added further down. Rules with
1751 the same priority are on the same level and the order of these
1752 rules is not fixed and may change. If you want to make sure
1753 that a rule will be added after another one, use a low priority
1754 for the first and a higher for the following. For runtime
1755 operation see
1756 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1757 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1759 getAllChains() → a(sss)
1761 Get all chains added to all tables in format: ipv, table,
1762 chain. This concerns only chains previously added with
1763 addChain. Return value is a array of (ipv, table, chain). For
1764 runtime operation see
1765 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1766 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1768 (ebtables).
1769 table (s): one of filter, mangle, nat, raw, security
1771 chain (s): name of a chain.
1773 getAllPassthroughs() → a(sas)
1776 Get all passthrough rules added in all ipv types in format:
1777 ipv, rule. This concerns only rules previously added with
1778 addPassthrough. Return value is a array of (ipv, array of
1779 arguments). For runtime operation see
1780 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1781 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1783 (ebtables).
1784 arguments (as): array of commands, parameters and other
1786 iptables/ip6tables/ebtables command line options.
1787 getAllRules() → a(sssias)
1790 Get all rules added to all chains in all tables in format: ipv,
1791 table, chain, priority, rule. This concerns only rules
1792 previously added with addRule. Return value is a array of (ipv,
1793 table, chain, priority, array of arguments). For runtime
1794 operation see
1795 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1796 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1798 (ebtables).
1799 table (s): one of filter, mangle, nat, raw, security
1801 chain (s): name of a chain.
1803 priority (i): used to order rules.
1805 arguments (as): array of commands, parameters and other
1807 iptables/ip6tables/ebtables command line options.
1808 getChains(s: ipv, s: table) → as
1811 Return an array of chains (s) added to table for ipv being
1812 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1813 This concerns only chains previously added with addChain. For
1814 runtime operation see
1815 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1816 Possible errors: INVALID_IPV, INVALID_TABLE
1818 getPassthroughs(s: ipv) → aas
1820 Get tracked passthrough rules added in either ipv4 (iptables)
1821 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1822 previously added with addPassthrough. Return value is a array
1823 of (array of arguments). For runtime operation see
1824 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1825 arguments (as): array of commands, parameters and other
1827 iptables/ip6tables/ebtables command line options.
1828 getRules(s: ipv, s: table, s: chain) → a(ias)
1831 Get all rules added to chain in table for ipv being either ipv4
1832 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1833 only rules previously added with addRule. Return value is a
1834 array of (priority, array of arguments). For runtime operation
1835 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1836 priority (i): used to order rules.
1838 arguments (as): array of commands, parameters and other
1840 iptables/ip6tables/ebtables command line options.
1841 Possible errors: INVALID_IPV, INVALID_TABLE
1843 getSettings() → (a(sss)a(sssias)a(sas))
1845 Get settings of permanent direct configuration in format: array
1846 of chains, array of rules, array of passthroughs.
1847 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1849 firewalld.direct(5).
1850 .
1851 .PP rules (a(sssias)): array of (ipv, table,
1852 chain, priority, array of arguments), see 'rule' in
1853 firewalld.direct(5).
1854 .
1855 .PP passthroughs (a(sas)): array of (ipv,
1856 array of arguments), see passthrough in firewalld.direct(5).
1857 .
1858 .sp
1859 queryChain(s: ipv, s: table, s: chain) → b
1861 Return whether a chain exists in table for ipv being either
1862 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1863 concerns only chains previously added with addChain. For
1864 runtime operation see
1865 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1866 Possible errors: INVALID_IPV, INVALID_TABLE
1868 queryPassthrough(s: ipv, as: args) → b
1870 Return whether a tracked passthrough rule with the arguments
1871 args exists for ipv being either ipv4 (iptables) or ipv6
1872 (ip6tables) or eb (ebtables). This concerns only rules
1873 previously added with addPassthrough. For runtime operation see
1874 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1875 Possible errors: INVALID_IPV
1877 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1879 Return whether a rule with priority and the arguments args
1880 exists in chain in table for ipv being either ipv4 (iptables)
1881 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1882 previously added with addRule. For runtime operation see
1883 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1884 Possible errors: INVALID_IPV, INVALID_TABLE
1886 removeChain(s: ipv, s: table, s: chain) → Nothing
1888 Remove a chain from table for ipv being either ipv4 (iptables)
1889 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1890 added with addChain can be removed this way. For runtime
1891 operation see
1892 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1893 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1895 removePassthrough(s: ipv, as: args) → Nothing
1897 Remove a passthrough rule with arguments args for ipv being
1898 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1899 Only rules previously added with addPassthrough can be removed
1900 this way. For runtime operation see
1901 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1902 Possible errors: INVALID_IPV, NOT_ENABLED
1904 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1906 Nothing
1907 Remove a rule with priority and arguments args from chain in
1908 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1909 or eb (ebtables). Only rules previously added with addRule can
1910 be removed this way. For runtime operation see
1911 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1912 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1914 removeRules(s: ipv, s: table, s: chain) → Nothing
1916 Remove all rules from chain in table for ipv being either ipv4
1917 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1918 only rules previously added with addRule. For runtime operation
1919 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1920 Possible errors: INVALID_IPV, INVALID_TABLE
1922 update((a(sss)a(sssias)a(sas)): settings) → Nothing
1924 Update permanent direct configuration with given settings.
1925 Settings are in format: array of chains, array of rules, array
1926 of passthroughs.
1927 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1929 firewalld.direct(5).
1930 .
1931 .PP rules (a(sssias)): array of (ipv, table,
1932 chain, priority, array of arguments), see 'rule' in
1933 firewalld.direct(5).
1934 .
1935 .PP passthroughs (a(sas)): array of (ipv,
1936 array of arguments), see passthrough in firewalld.direct(5).
1937 .
1938 .sp Possible errors: INVALID_TYPE
1939 Signals
1941 Updated()
1942 Emitted when configuration has been updated.
1943 org.fedoraproject.FirewallD1.config.policies
1945 Interface for permanent lockdown-whitelist configuration, see also
1946 firewalld.lockdown-whitelist(5). For runtime configuration see
1947 org.fedoraproject.FirewallD1.policies interface.
1948 Methods
1950 addLockdownWhitelistCommand(s: command) → Nothing
1951 Add command to whitelist. See command option in
1952 firewalld.lockdown-whitelist(5). For runtime operation see
1953 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1954 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1956 addLockdownWhitelistContext(s: context) → Nothing
1958 Add context to whitelist. See selinux option in
1959 firewalld.lockdown-whitelist(5). For runtime operation see
1960 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1961 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1963 addLockdownWhitelistUid(i: uid) → Nothing
1965 Add user id uid to whitelist. See user option in
1966 firewalld.lockdown-whitelist(5). For runtime operation see
1967 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1968 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1970 addLockdownWhitelistUser(s: user) → Nothing
1972 Add user name to whitelist. See user option in
1973 firewalld.lockdown-whitelist(5). For runtime operation see
1974 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1975 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1977 getLockdownWhitelist() → (asasasai)
1979 Get settings of permanent lockdown-whitelist configuration in
1980 format: commands, selinux contexts, users, uids
1981 commands (as): see command option in firewalld.lockdown-
1983 whitelist(5).
1984 selinux contexts (as): see selinux option in
1986 firewalld.lockdown-whitelist(5).
1987 users (as): see name attribute of user option in
1989 firewalld.lockdown-whitelist(5).
1990 uids (ai): see id attribute of user option in
1992 firewalld.lockdown-whitelist(5).
1993 getLockdownWhitelistCommands() → as
1996 List all command lines (s) that are on whitelist. For runtime
1997 operation see
1998 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1999 getLockdownWhitelistContexts() → as
2001 List all contexts (s) that are on whitelist. For runtime
2002 operation see
2003 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2004 getLockdownWhitelistUids() → ai
2006 List all user ids (i) that are on whitelist. For runtime
2007 operation see
2008 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2009 getLockdownWhitelistUsers() → as
2011 List all users (s) that are on whitelist. For runtime operation
2012 see
2013 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2014 queryLockdownWhitelistCommand(s: command) → b
2016 Query whether command is on whitelist. For runtime operation
2017 see
2018 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2019 queryLockdownWhitelistContext(s: context) → b
2021 Query whether context is on whitelist. For runtime operation
2022 see
2023 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2024 queryLockdownWhitelistUid(i: uid) → b
2026 Query whether user id uid is on whitelist. For runtime
2027 operation see
2028 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2029 queryLockdownWhitelistUser(s: user) → b
2031 Query whether user is on whitelist. For runtime operation see
2032 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2033 removeLockdownWhitelistCommand(s: command) → Nothing
2035 Remove command from whitelist. For runtime operation see
2036 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2037 Possible errors: NOT_ENABLED
2039 removeLockdownWhitelistContext(s: context) → Nothing
2041 Remove context from whitelist. For runtime operation see
2042 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2043 Possible errors: NOT_ENABLED
2045 removeLockdownWhitelistUid(i: uid) → Nothing
2047 Remove user id uid from whitelist. For runtime operation see
2048 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2049 Possible errors: NOT_ENABLED
2051 removeLockdownWhitelistUser(s: user) → Nothing
2053 Remove user from whitelist. For runtime operation see
2054 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2055 Possible errors: NOT_ENABLED
2057 setLockdownWhitelist((asasasai): settings) → Nothing
2059 Set permanent lockdown-whitelist configuration to settings.
2060 Settings are in format: commands, selinux contexts, users, uids
2061 commands (as): see command option in firewalld.lockdown-
2063 whitelist(5).
2064 selinux contexts (as): see selinux option in
2066 firewalld.lockdown-whitelist(5).
2067 users (as): see name attribute of user option in
2069 firewalld.lockdown-whitelist(5).
2070 uids (ai): see id attribute of user option in
2072 firewalld.lockdown-whitelist(5).
2073 Possible errors: INVALID_TYPE
2075 Signals
2077 LockdownWhitelistUpdated()
2078 Emitted when permanent lockdown-whitelist configuration has
2079 been updated.
2080 org.fedoraproject.FirewallD1.config.ipset
2082 Interface for permanent ipset configuration, see also
2083 firewalld.ipset(5).
2084 Methods
2086 addEntry(s: entry) → Nothing
2087 Permanently add entry to list of entries of ipset. See entry
2088 tag in firewalld.ipset(5). For runtime operation see
2089 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2090 Possible errors: ALREADY_ENABLED
2092 addOption(s: key, s: value) → Nothing
2094 Permanently add (key, value) to the ipset. See option tag in
2095 firewalld.ipset(5).
2096 Possible errors: ALREADY_ENABLED
2098 getDescription() → s
2100 Get description of ipset. See description tag in
2101 firewalld.ipset(5).
2102 getEntries() → as
2104 Get list of entries added to ipset. See entry tag in
2105 firewalld.ipset(5). For runtime operation see
2106 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2107 Possible errors: IPSET_WITH_TIMEOUT
2109 getOptions() → a{ss}
2111 Get dictionary of options set for ipset. See option tag in
2112 firewalld.ipset(5).
2113 getSettings() → (ssssa{ss}as)
2115 Return permament settings of the ipset. For getting runtime
2116 settings see
2117 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2118 Settings are in format: version, name, description, type,
2119 dictionary of options and array of entries.
2120 version (s): see version attribute of ipset tag in
2122 firewalld.ipset(5).
2123 name (s): see short tag in firewalld.ipset(5).
2125 description (s): see description tag in firewalld.ipset(5).
2127 type (s): see type attribute of ipset tag in
2129 firewalld.ipset(5).
2130 options (a{ss}): dictionary of {option : value} . See options
2132 tag in firewalld.ipset(5).
2133 entries (as): array of entries, see entry tag in
2135 firewalld.ipset(5).
2136 getShort() → s
2139 Get name of ipset. See short tag in firewalld.ipset(5).
2140 getType() → s
2142 Get type of ipset. See type attribute of ipset tag in
2143 firewalld.ipset(5).
2144 getVersion() → s
2146 Get version of ipset. See version attribute of ipset tag in
2147 firewalld.ipset(5).
2148 loadDefaults() → Nothing
2150 Load default settings for built-in ipset.
2151 Possible errors: NO_DEFAULTS
2153 queryEntry(s: entry) → b
2155 Return whether entry has been added to ipset. For runtime
2156 operation see
2157 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2158 queryOption(s: key, s: value) → b
2160 Return whether (key, value) has been added to options of the
2161 ipset.
2162 remove() → Nothing
2164 Remove not built-in ipset.
2165 Possible errors: BUILTIN_IPSET
2167 removeEntry(s: entry) → Nothing
2169 Permanently remove entry from ipset. See entry tag in
2170 firewalld.ipset(5). For runtime operation see
2171 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2172 Possible errors: NOT_ENABLED
2174 removeOption(s: key) → Nothing
2176 Permanently remove key from the ipset. See option tag in
2177 firewalld.ipset(5).
2178 Possible errors: NOT_ENABLED
2180 rename(s: name) → Nothing
2182 Rename not built-in ipset to name.
2183 Possible errors: BUILTIN_IPSET
2185 setDescription(s: description) → Nothing
2187 Permanently set description of ipset to description. See
2188 description tag in firewalld.ipset(5).
2189 setEntries(as: entries) → Nothing
2191 Permanently set list of entries to entries. See entry tag in
2192 firewalld.ipset(5).
2193 setOptions(a{ss}: options) → Nothing
2195 Permanently set dict of options to options. See option tag in
2196 firewalld.ipset(5).
2197 setShort(s: short) → Nothing
2199 Permanently set name of ipset to short. See short tag in
2200 firewalld.ipset(5).
2201 setType(s: ipset_type) → Nothing
2203 Permanently set type of ipset to ipset_type. See type attribute
2204 of ipset tag in firewalld.ipset(5).
2205 setVersion(s: version) → Nothing
2207 Permanently set version of ipset to version. See version
2208 attribute of ipset tag in firewalld.ipset(5).
2209 update((ssssa{ss}as): settings) → Nothing
2211 Update settings of ipset to settings. Settings are in format:
2212 version, name, description, type, dictionary of options and
2213 array of entries.
2214 version (s): see version attribute of ipset tag in
2216 firewalld.ipset(5).
2217 name (s): see short tag in firewalld.ipset(5).
2219 description (s): see description tag in firewalld.ipset(5).
2221 type (s): see type attribute of ipset tag in
2223 firewalld.ipset(5).
2224 options (a{ss}): dictionary of {option : value} . See options
2226 tag in firewalld.ipset(5).
2227 entries (as): array of entries, see entry tag in
2229 firewalld.ipset(5).
2230 Possible errors: INVALID_TYPE
2232 Signals
2234 Removed(s: name)
2235 Emitted when ipset with name has been removed.
2236 Renamed(s: name)
2238 Emitted when ipset has been renamed to name.
2239 Updated(s: name)
2241 Emitted when ipset with name has been updated.
2242 Properties
2244 builtin - b - (ro)
2245 True if ipset is build-in, false else.
2246 default - b - (ro)
2248 True if build-in ipset has default settings. False if it has
2249 been modified. Always False for not build-in ipsets.
2250 filename - s - (ro)
2252 Name (including .xml extension) of file where the configuration
2253 is stored.
2254 name - s - (ro)
2256 Name of ipset.
2257 path - s - (ro)
2259 Path to directory where the ipset configuration is stored.
2260 Should be either /usr/lib/firewalld/ipsets or
2261 /etc/firewalld/ipsets.
2262 org.fedoraproject.FirewallD1.config.zone
2264 Interface for permanent zone configuration, see also firewalld.zone(5).
2265 Methods
2267 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2268 Nothing
2269 Permanently add (port, protocol, toport, toaddr) to list of
2270 forward ports of zone. See forward-port tag in
2271 firewalld.zone(5). For runtime operation see
2272 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2273 Possible errors: ALREADY_ENABLED
2275 addIcmpBlock(s: icmptype) → Nothing
2277 Permanently add icmptype to list of icmp types blocked in zone.
2278 See icmp-block tag in firewalld.zone(5). For runtime operation
2279 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2280 Possible errors: ALREADY_ENABLED
2282 addIcmpBlock(s: icmptype) → Nothing
2284 Permanently add icmp block inversion to zone. See
2285 icmp-block-inversion tag in firewalld.zone(5). For runtime
2286 operation see
2287 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2288 Possible errors: ALREADY_ENABLED
2290 addInterface(s: interface) → Nothing
2292 Permanently add interface to list of interfaces bound to zone.
2293 See interface tag in firewalld.zone(5). For runtime operation
2294 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2295 Possible errors: ALREADY_ENABLED
2297 addMasquerade() → Nothing
2299 Permanently enable masquerading in zone. See masquerade tag in
2300 firewalld.zone(5). For runtime operation see
2301 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2302 Possible errors: ALREADY_ENABLED
2304 addPort(s: port, s: protocol) → Nothing
2306 Permanently add (port, protocol) to list of ports of zone. See
2307 port tag in firewalld.zone(5). For runtime operation see
2308 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2309 Possible errors: ALREADY_ENABLED
2311 addProtocol(s: protocol) → Nothing
2313 Permanently add protocol into zone. The protocol can be any
2314 protocol supported by the system. Please have a look at
2315 /etc/protocols for supported protocols. For runtime operation
2316 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2317 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2319 addRichRule(s: rule) → Nothing
2321 Permanently add rule to list of rich-language rules in zone.
2322 See rule tag in firewalld.zone(5). For runtime operation see
2323 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2324 Possible errors: ALREADY_ENABLED
2326 addService(s: service) → Nothing
2328 Permanently add service to list of services used in zone. See
2329 service tag in firewalld.zone(5). For runtime operation see
2330 org.fedoraproject.FirewallD1.zone.Methods.addService.
2331 Possible errors: ALREADY_ENABLED
2333 addSource(s: source) → Nothing
2335 Permanently add source to list of source addresses bound to
2336 zone. See source tag in firewalld.zone(5). For runtime
2337 operation see
2338 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2339 Possible errors: ALREADY_ENABLED
2341 addSourcePort(s: port, s: protocol) → Nothing
2343 Permanently add (port, protocol) to list of source ports of
2344 zone. See source-port tag in firewalld.zone(5). For runtime
2345 operation see
2346 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2347 Possible errors: ALREADY_ENABLED
2349 getDescription() → s
2351 Get description of zone. See description tag in
2352 firewalld.zone(5).
2353 getForwardPorts() → a(ssss)
2355 Get list of (port, protocol, toport, toaddr) defined in zone.
2356 See forward-port tag in firewalld.zone(5). For runtime
2357 operation see
2358 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2359 getIcmpBlockInversion() → b
2361 Get icmp block inversion flag of zone. See icmp-block-inversion
2362 tag in firewalld.zone(5).
2363 getIcmpBlocks() → as
2365 Get list of icmp type names blocked in zone. See icmp-block tag
2366 in firewalld.zone(5). For runtime operation see
2367 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2368 getInterfaces() → as
2370 Get list of interfaces bound to zone. See interface tag in
2371 firewalld.zone(5). For runtime operation see
2372 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2373 getMasquerade() → b
2375 Return whether masquerade is enabled in zone. This is the same
2376 as queryMasquerade() method. See masquerade tag in
2377 firewalld.zone(5).
2378 getPorts() → a(ss)
2380 Get list of (port, protocol) defined in zone. See port tag in
2381 firewalld.zone(5). For runtime operation see
2382 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2383 getProtocols() → as
2385 Return array of protocols (s) previously enabled in zone. For
2386 getting runtime settings see
2387 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2388 getRichRules() → as
2390 Get list of rich-language rules in zone. See rule tag in
2391 firewalld.zone(5). For runtime operation see
2392 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2393 getServices() → as
2395 Get list of service names used in zone. See service tag in
2396 firewalld.zone(5). For runtime operation see
2397 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2398 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2400 Return permanent settings of given zone. For getting runtime
2401 settings see
2402 org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2403 are in format: version, name, description, UNUSED, target,
2404 array of services, array of ports (port, protocol), array of
2405 icmp-blocks, masquerade, array of forward-ports (port,
2406 protocol, to-port, to-addr), array of interfaces, array of
2407 sources, array of rich rules, array of protocols and array of
2408 source-ports (port, protocol).
2409 version (s): see version attribute of zone tag in
2411 firewalld.zone(5).
2412 name (s): see short tag in firewalld.zone(5).
2414 description (s): see description tag in firewalld.zone(5).
2416 UNUSED (b): this boolean value is no longer used for anything.
2418 target (s): see target attribute of zone tag in
2420 firewalld.zone(5).
2421 services (as): array of service names, see service tag in
2423 firewalld.zone(5).
2424 ports (a(ss)): array of port and protocol pairs. See port tag
2426 in firewalld.zone(5).
2427 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2429 firewalld.zone(5).
2430 masquerade (b): see masquerade tag in firewalld.zone(5).
2432 forward-ports (a(ssss)): array of (port, protocol, to-port,
2434 to-addr). See forward-port tag in firewalld.zone(5).
2435 interfaces (as): array of interfaces. See interface tag in
2437 firewalld.zone(5).
2438 source addresses (as): array of source addresses. See source
2440 tag in firewalld.zone(5).
2441 rich rules (as): array of rich-language rules. See rule tag in
2443 firewalld.zone(5).
2444 protocols (as): array of protocols. See protocol tag in
2446 firewalld.zone(5).
2447 source-ports (a(ss)): array of port and protocol pairs. See
2449 source-port tag in firewalld.zone(5).
2450 getShort() → s
2453 Get name of zone. See short tag in firewalld.zone(5).
2454 getSourcePorts() → a(ss)
2456 Get list of (port, protocol) defined in zone. See source-port
2457 tag in firewalld.zone(5). For runtime operation see
2458 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2459 getSources() → as
2461 Get list of source addresses bound to zone. See source tag in
2462 firewalld.zone(5). For runtime operation see
2463 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2464 getTarget() → s
2466 Get target of zone. See target attribute of zone tag in
2467 firewalld.zone(5).
2468 getVersion() → s
2470 Get version of zone. See version attribute of zone tag in
2471 firewalld.zone(5).
2472 loadDefaults() → Nothing
2474 Load default settings for built-in zone.
2475 Possible errors: NO_DEFAULTS
2477 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2479 Return whether (port, protocol, toport, toaddr) is in list of
2480 forward ports of zone. See forward-port tag in
2481 firewalld.zone(5). For runtime operation see
2482 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2483 queryIcmpBlock(s: icmptype) → b
2485 Return whether icmptype is in list of icmp types blocked in
2486 zone. See icmp-block tag in firewalld.zone(5). For runtime
2487 operation see
2488 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2489 queryIcmpBlockInversion() → b
2491 Return whether icmp block inversion is in enabled in zone. See
2492 icmp-block-inversion tag in firewalld.zone(5). For runtime
2493 operation see
2494 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2495 queryInterface(s: interface) → b
2497 Return whether interface is in list of interfaces bound to
2498 zone. See interface tag in firewalld.zone(5). For runtime
2499 operation see
2500 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2501 queryMasquerade() → b
2503 Return whether masquerade is enabled in zone. This is the same
2504 as getMasquerade() method. See masquerade tag in
2505 firewalld.zone(5). For runtime operation see
2506 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2507 queryPort(s: port, s: protocol) → b
2509 Return whether (port, protocol) is in list of ports of zone.
2510 See port tag in firewalld.zone(5). For runtime operation see
2511 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2512 queryProtocol(s: protocol) → b
2514 Return whether protocol has been added in zone. For runtime
2515 operation see
2516 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2517 Possible errors: INVALID_PROTOCOL
2519 queryRichRule(s: rule) → b
2521 Return whether rule is in list of rich-language rules in zone.
2522 See rule tag in firewalld.zone(5). For runtime operation see
2523 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2524 queryService(s: service) → b
2526 Return whether service is in list of services used in zone. See
2527 service tag in firewalld.zone(5). For runtime operation see
2528 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2529 querySource(s: source) → b
2531 Return whether source is in list of source addresses bound to
2532 zone. See source tag in firewalld.zone(5). For runtime
2533 operation see
2534 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2535 querySourcePort(s: port, s: protocol) → b
2537 Return whether (port, protocol) is in list of source ports of
2538 zone. See source-port tag in firewalld.zone(5). For runtime
2539 operation see
2540 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2541 remove() → Nothing
2543 Remove not built-in zone.
2544 Possible errors: BUILTIN_ZONE
2546 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2548 Nothing
2549 Permanently remove (port, protocol, toport, toaddr) from list
2550 of forward ports of zone. See forward-port tag in
2551 firewalld.zone(5). For runtime operation see
2552 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2553 Possible errors: NOT_ENABLED
2555 removeIcmpBlock(s: icmptype) → Nothing
2557 Permanently remove icmptype from list of icmp types blocked in
2558 zone. See icmp-block tag in firewalld.zone(5). For runtime
2559 operation see
2560 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2561 Possible errors: NOT_ENABLED
2563 removeIcmpBlockInversion() → Nothing
2565 Permanently remove icmp block inversion from the zone. See
2566 icmp-block-inversion tag in firewalld.zone(5). For runtime
2567 operation see
2568 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2569 Possible errors: NOT_ENABLED
2571 removeInterface(s: interface) → Nothing
2573 Permanently remove interface from list of interfaces bound to
2574 zone. See interface tag in firewalld.zone(5). For runtime
2575 operation see
2576 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2577 Possible errors: NOT_ENABLED
2579 removeMasquerade() → Nothing
2581 Permanently disable masquerading in zone. See masquerade tag in
2582 firewalld.zone(5). For runtime operation see
2583 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2584 Possible errors: NOT_ENABLED
2586 removePort(s: port, s: protocol) → Nothing
2588 Permanently remove (port, protocol) from list of ports of zone.
2589 See port tag in firewalld.zone(5). For runtime operation see
2590 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2591 Possible errors: NOT_ENABLED
2593 removeProtocol(s: protocol) → Nothing
2595 Permanently remove protocol from zone. For runtime operation
2596 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2597 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2599 removeRichRule(s: rule) → Nothing
2601 Permanently remove rule from list of rich-language rules in
2602 zone. See rule tag in firewalld.zone(5). For runtime operation
2603 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2604 Possible errors: NOT_ENABLED
2606 removeService(s: service) → Nothing
2608 Permanently remove service from list of services used in zone.
2609 See service tag in firewalld.zone(5). For runtime operation see
2610 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2611 Possible errors: NOT_ENABLED
2613 removeSource(s: source) → Nothing
2615 Permanently remove source from list of source addresses bound
2616 to zone. See source tag in firewalld.zone(5). For runtime
2617 operation see
2618 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2619 Possible errors: NOT_ENABLED
2621 removeSourcePort(s: port, s: protocol) → Nothing
2623 Permanently remove (port, protocol) from list of source ports
2624 of zone. See source-port tag in firewalld.zone(5). For runtime
2625 operation see
2626 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2627 Possible errors: NOT_ENABLED
2629 rename(s: name) → Nothing
2631 Rename not built-in zone to name.
2632 Possible errors: BUILTIN_ZONE
2634 setDescription(s: description) → Nothing
2636 Permanently set description of zone to description. See
2637 description tag in firewalld.zone(5).
2638 setForwardPorts(a(ssss): ports) → Nothing
2640 Permanently set forward ports of zone to list of (port,
2641 protocol, toport, toaddr). See forward-port tag in
2642 firewalld.zone(5).
2643 setIcmpBlockInversion(b: flag) → Nothing
2645 Permanently set icmp block inversion flag of zone to flag. See
2646 icmp-block-inversion tag in firewalld.zone(5).
2647 setIcmpBlocks(as: icmptypes) → Nothing
2649 Permanently set list of icmp types blocked in zone to
2650 icmptypes. See icmp-block tag in firewalld.zone(5).
2651 setInterfaces(as: interfaces) → Nothing
2653 Permanently set list of interfaces bound to zone to interfaces.
2654 See interface tag in firewalld.zone(5).
2655 setMasquerade(b: masquerade) → Nothing
2657 Permanently set masquerading in zone to masquerade. See
2658 masquerade tag in firewalld.zone(5).
2659 setPorts(a(ss): ports) → Nothing
2661 Permanently set ports of zone to list of (port, protocol). See
2662 port tag in firewalld.zone(5).
2663 setProtocols(as: protocols) → Nothing
2665 Permanently set list of protocols used in zone to protocols.
2666 See protocol tag in firewalld.zone(5).
2667 setRichRules(as: rules) → Nothing
2669 Permanently set list of rich-language rules to rules. See rule
2670 tag in firewalld.zone(5).
2671 setServices(as: services) → Nothing
2673 Permanently set list of services used in zone to services. See
2674 service tag in firewalld.zone(5).
2675 setShort(s: short) → Nothing
2677 Permanently set name of zone to short. See short tag in
2678 firewalld.zone(5).
2679 setSourcePorts(a(ss): ports) → Nothing
2681 Permanently set source-ports of zone to list of (port,
2682 protocol). See source-port tag in firewalld.zone(5).
2683 setSources(as: sources) → Nothing
2685 Permanently set list of source addresses bound to zone to
2686 sources. See source tag in firewalld.zone(5).
2687 setTarget(s: target) → Nothing
2689 Permanently set target of zone to target. See target attribute
2690 of zone tag in firewalld.zone(5).
2691 setVersion(s: version) → Nothing
2693 Permanently set version of zone to version. See version
2694 attribute of zone tag in firewalld.zone(5).
2695 update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2697 Update settings of zone to settings. Settings are in format:
2698 version, name, description, UNUSED, target, array of services,
2699 array of ports (port, protocol), array of icmp-blocks,
2700 masquerade, array of forward-ports (port, protocol, to-port,
2701 to-addr), array of interfaces, array of sources, array of rich
2702 rules, array of protocols and array of source-ports (port,
2703 protocol).
2704 version (s): see version attribute of zone tag in
2706 firewalld.zone(5).
2707 name (s): see short tag in firewalld.zone(5).
2709 description (s): see description tag in firewalld.zone(5).
2711 UNUSED (b): this boolean value is no longer used for anything.
2713 target (s): see target attribute of zone tag in
2715 firewalld.zone(5).
2716 services (as): array of service names, see service tag in
2718 firewalld.zone(5).
2719 ports (a(ss)): array of port and protocol pairs. See port tag
2721 in firewalld.zone(5).
2722 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2724 firewalld.zone(5).
2725 masquerade (b): see masquerade tag in firewalld.zone(5).
2727 forward-ports (a(ssss)): array of (port, protocol, to-port,
2729 to-addr). See forward-port tag in firewalld.zone(5).
2730 interfaces (as): array of interfaces. See interface tag in
2732 firewalld.zone(5).
2733 source addresses (as): array of source addresses. See source
2735 tag in firewalld.zone(5).
2736 rich rules (as): array of rich-language rules. See rule tag in
2738 firewalld.zone(5).
2739 protocols (as): array of protocols. See protocol tag in
2741 firewalld.zone(5).
2742 source-ports (a(ss)): array of port and protocol pairs. See
2744 source-port tag in firewalld.zone(5).
2745 Possible errors: INVALID_TYPE
2747 Signals
2749 Removed(s: name)
2750 Emitted when zone with name has been removed.
2751 Renamed(s: name)
2753 Emitted when zone has been renamed to name.
2754 Updated(s: name)
2756 Emitted when zone with name has been updated.
2757 Properties
2759 builtin - b - (ro)
2760 True if zone is build-in, false else.
2761 default - b - (ro)
2763 True if build-in zone has default settings. False if it has
2764 been modified. Always False for not build-in zones.
2765 filename - s - (ro)
2767 Name (including .xml extension) of file where the configuration
2768 is stored.
2769 name - s - (ro)
2771 Name of zone.
2772 path - s - (ro)
2774 Path to directory where the zone configuration is stored.
2775 Should be either /usr/lib/firewalld/zones or
2776 /etc/firewalld/zones.
2777 org.fedoraproject.FirewallD1.config.service
2779 Interface for permanent service configuration, see also
2780 firewalld.service(5).
2781 Methods
2783 addModule(s: module) → Nothing
2784 This method is deprecated. Please use "helpers" in the
2785 update2() method.
2786 addPort(s: port, s: protocol) → Nothing
2788 Permanently add (port, protocol) to list of ports in service.
2789 See port tag in firewalld.service(5).
2790 Possible errors: ALREADY_ENABLED
2792 addProtocol(s: protocol) → Nothing
2794 Permanently add protocol into zone. The protocol can be any
2795 protocol supported by the system. Please have a look at
2796 /etc/protocols for supported protocols. See protocol tag in
2797 firewalld.service(5).
2798 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2800 addSourcePort(s: port, s: protocol) → Nothing
2802 Permanently add (port, protocol) to list of source ports in
2803 service. See source-port tag in firewalld.service(5).
2804 Possible errors: ALREADY_ENABLED
2806 getDescription() → s
2808 Get description of service. See description tag in
2809 firewalld.service(5).
2810 getDestination(s: family) → s
2812 Get destination for IP family being either 'ipv4' or 'ipv6'.
2813 See destination tag in firewalld.service(5).
2814 Possible errors: ALREADY_ENABLED
2816 getDestinations() → a{ss}
2818 Get list of destinations. Return value is a dictionary of {IP
2819 family : IP address} where 'IP family' key can be either 'ipv4'
2820 or 'ipv6'. See destination tag in firewalld.service(5).
2821 getModules() → as
2823 This method is deprecated. Please use "helpers" in the
2824 getSettings2() method.
2825 getPorts() → a(ss)
2827 Get list of (port, protocol) defined in service. See port tag
2828 in firewalld.service(5).
2829 getProtocols() → as
2831 Return array of protocols (s) defined in service. See protocol
2832 tag in firewalld.service(5).
2833 getSettings() → (sssa(ss)asa{ss}asa(ss))
2835 This function is deprecated, use
2836 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
2837 instead.
2838 getSettings2(s: service) → s{sv}
2840 Return runtime settings of given service. For getting runtime
2841 settings see
2842 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
2843 Settings are a dictionary indexed by keywords. For the type of
2844 each value see below. If the value is empty it may be ommitted.
2845 version (s): see version attribute of service tag in
2847 firewalld.service(5).
2848 name (s): see short tag in firewalld.service(5).
2850 description (s): see description tag in firewalld.service(5).
2852 ports (a(ss)): array of port and protocol pairs. See port tag
2854 in firewalld.service(5).
2855 module names (as): array of kernel netfilter helpers, see
2857 module tag in firewalld.service(5).
2858 destinations (a{ss}): dictionary of {IP family : IP address}
2860 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2861 destination tag in firewalld.service(5).
2862 protocols (as): array of protocols, see protocol tag in
2864 firewalld.service(5).
2865 source_ports (a(ss)): array of port and protocol pairs. See
2867 source-port tag in firewalld.service(5).
2868 includes (as): array of service includes, see include tag in
2870 firewalld.service(5).
2871 helpers (as): array of service helpers, see helper tag in
2873 firewalld.service(5).
2874 getShort() → s
2877 Get name of service. See short tag in firewalld.service(5).
2878 getSourcePorts() → a(ss)
2880 Get list of (port, protocol) defined in service. See
2881 source-port tag in firewalld.service(5).
2882 getVersion() → s
2884 Get version of service. See version attribute of service tag in
2885 firewalld.service(5).
2886 loadDefaults() → Nothing
2888 Load default settings for built-in service.
2889 Possible errors: NO_DEFAULTS
2891 queryDestination(s: family, s: address) → b
2893 Return whether a destination is in dictionary of destinations
2894 of this service. destination is in format: (IP family, IP
2895 address) where IP family can be either 'ipv4' or 'ipv6'. See
2896 destination tag in firewalld.service(5).
2897 queryModule(s: module) → b
2899 This method is deprecated. Please use "helpers" in the
2900 getSettings2() method.
2901 queryPort(s: port, s: protocol) → b
2903 Return whether (port, protocol) is in list of ports in service.
2904 See port tag in firewalld.service(5).
2905 queryProtocol(s: protocol) → b
2907 Return whether protocol is in list of protocols in service. See
2908 protocol tag in firewalld.service(5).
2909 querySourcePort(s: port, s: protocol) → b
2911 Return whether (port, protocol) is in list of source ports in
2912 service. See source-port tag in firewalld.service(5).
2913 remove() → Nothing
2915 Remove not built-in service.
2916 Possible errors: BUILTIN_SERVICE
2918 removeDestination(s: family) → Nothing
2920 Permanently remove a destination with family ('ipv4' or 'ipv6')
2921 from service. See destination tag in firewalld.service(5).
2922 Possible errors: NOT_ENABLED
2924 removeModule(s: module) → Nothing
2926 This method is deprecated. Please use "helpers" in the
2927 update2() method.
2928 removePort(s: port, s: protocol) → Nothing
2930 Permanently remove (port, protocol) from list of ports in
2931 service. See port tag in firewalld.service(5).
2932 Possible errors: NOT_ENABLED
2934 removeProtocol(s: protocol) → Nothing
2936 Permanently remove protocol from list of protocols in service.
2937 See protocol tag in firewalld.service(5).
2938 Possible errors: NOT_ENABLED
2940 removeSourcePort(s: port, s: protocol) → Nothing
2942 Permanently remove (port, protocol) from list of source ports
2943 in service. See source-port tag in firewalld.service(5).
2944 Possible errors: NOT_ENABLED
2946 rename(s: name) → Nothing
2948 Rename not built-in service to name.
2949 Possible errors: BUILTIN_SERVICE
2951 setDescription(s: description) → Nothing
2953 Permanently set description of service to description. See
2954 description tag in firewalld.service(5).
2955 setDestination(s: family, s: address) → Nothing
2957 Permanently set a destination address. destination is in
2958 format: (IP family, IP address) where IP family can be either
2959 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2960 Possible errors: ALREADY_ENABLED
2962 setDestinations(a{ss}: destinations) → Nothing
2964 Permanently set destinations of service to destinations, which
2965 is a dictionary of {IP family : IP address} where 'IP family'
2966 key can be either 'ipv4' or 'ipv6'. See destination tag in
2967 firewalld.service(5).
2968 setModules(as: modules) → Nothing
2970 This method is deprecated. Please use "helpers" in the
2971 update2() method.
2972 setPorts(a(ss): ports) → Nothing
2974 Permanently set ports of service to list of (port, protocol).
2975 See port tag in firewalld.service(5).
2976 setProtocols(as: protocols) → Nothing
2978 Permanently set protocols of service to list of protocols. See
2979 protocol tag in firewalld.service(5).
2980 setShort(s: short) → Nothing
2982 Permanently set name of service to short. See short tag in
2983 firewalld.service(5).
2984 setSourcePorts(a(ss): ports) → Nothing
2986 Permanently set source-ports of service to list of (port,
2987 protocol). See source-port tag in firewalld.service(5).
2988 setVersion(s: version) → Nothing
2990 Permanently set version of service to version. See version
2991 attribute of service tag in firewalld.service(5).
2992 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2994 This function is deprecated, use
2995 org.fedoraproject.FirewallD1.config.service.Methods.update2
2996 instead.
2997 update2a{sv}: settings) → Nothing
2999 Update settings of service to settings. Settings are a
3000 dictionary indexed by keywords. For the type of each value see
3001 below. To zero a value pass an empty string or list.
3002 version (s): see version attribute of service tag in
3004 firewalld.service(5).
3005 name (s): see short tag in firewalld.service(5).
3007 description (s): see description tag in firewalld.service(5).
3009 ports (a(ss)): array of port and protocol pairs. See port tag
3011 in firewalld.service(5).
3012 module names (as): array of kernel netfilter helpers, see
3014 module tag in firewalld.service(5).
3015 destinations (a{ss}): dictionary of {IP family : IP address}
3017 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3018 destination tag in firewalld.service(5).
3019 protocols (as): array of protocols, see protocol tag in
3021 firewalld.service(5).
3022 source_ports (a(ss)): array of port and protocol pairs. See
3024 source-port tag in firewalld.service(5).
3025 includes (as): array of service includes, see include tag in
3027 firewalld.service(5).
3028 helpers (as): array of service helpers, see helper tag in
3030 firewalld.service(5).
3031 Possible errors: INVALID_TYPE
3033 Signals
3035 Removed(s: name)
3036 Emitted when service with name has been removed.
3037 Renamed(s: name)
3039 Emitted when service has been renamed to name.
3040 Updated(s: name)
3042 Emitted when service with name has been updated.
3043 Properties
3045 builtin - b - (ro)
3046 True if service is build-in, false else.
3047 default - b - (ro)
3049 True if build-in service has default settings. False if it has
3050 been modified. Always False for not build-in services.
3051 filename - s - (ro)
3053 Name (including .xml extension) of file where the configuration
3054 is stored.
3055 name - s - (ro)
3057 Name of service.
3058 path - s - (ro)
3060 Path to directory where the configuration is stored. Should be
3061 either /usr/lib/firewalld/services or /etc/firewalld/services.
3062 org.fedoraproject.FirewallD1.config.helper
3064 Interface for permanent helper configuration, see also
3065 firewalld.helper(5).
3066 Methods
3068 addPort(s: port, s: protocol) → Nothing
3069 Permanently add (port, protocol) to list of ports in helper.
3070 See port tag in firewalld.helper(5).
3071 Possible errors: ALREADY_ENABLED
3073 getDescription() → s
3075 Get description of helper. See description tag in
3076 firewalld.helper(5).
3077 getFamily() → s
3079 Get family being 'ipv4', 'ipv6' or empty for both. See family
3080 tag in firewalld.helper(5).
3081 getModule() → s
3083 Get modules (netfilter kernel helpers) used in helper. See
3084 module tag in firewalld.helper(5).
3085 getPorts() → a(ss)
3087 Get list of (port, protocol) defined in helper. See port tag in
3088 firewalld.helper(5).
3089 getSettings() → (sssssa(ss))
3091 Return permanent settings of a helper. For getting runtime
3092 settings see
3093 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3094 Settings are in format: version, name, description, family,
3095 module, array of ports (port, protocol).
3096 version (s): see version attribute of helper tag in
3098 firewalld.helper(5).
3099 name (s): see short tag in firewalld.helper(5).
3101 description (s): see description tag in firewalld.helper(5).
3103 family (s): see family tag in firewalld.helper(5).
3105 module (s): see module tag in firewalld.helper(5).
3107 ports (a(ss)): array of port and protocol pairs. See port tag
3109 in firewalld.helper(5).
3110 getShort() → s
3113 Get name of helper. See short tag in firewalld.helper(5).
3114 getVersion() → s
3116 Get version of helper. See version attribute of helper tag in
3117 firewalld.helper(5).
3118 loadDefaults() → Nothing
3120 Load default settings for built-in helper.
3121 Possible errors: NO_DEFAULTS
3123 queryFamily(s: module) → b
3125 Return whether family is set for helper. See family tag in
3126 firewalld.helper(5).
3127 queryModule(s: module) → b
3129 Return whether module (netfilter kernel helpers) is used in
3130 helper. See module tag in firewalld.helper(5).
3131 queryPort(s: port, s: protocol) → b
3133 Return whether (port, protocol) is in list of ports in helper.
3134 See port tag in firewalld.helper(5).
3135 remove() → Nothing
3137 Remove not built-in helper.
3138 Possible errors: BUILTIN_HELPER
3140 removePort(s: port, s: protocol) → Nothing
3142 Permanently remove (port, protocol) from list of ports in
3143 helper. See port tag in firewalld.helper(5).
3144 Possible errors: NOT_ENABLED
3146 rename(s: name) → Nothing
3148 Rename not built-in helper to name.
3149 Possible errors: BUILTIN_HELPER
3151 setDescription(s: description) → Nothing
3153 Permanently set description of helper to description. See
3154 description tag in firewalld.helper(5).
3155 setFamily(s: family) → Nothing
3157 Permanently set family of helper to family. See family tag in
3158 firewalld.helper(5).
3159 setModule(s: module) → Nothing
3161 Permanently set module of helper to description. See module tag
3162 in firewalld.helper(5).
3163 setPorts(a(ss): ports) → Nothing
3165 Permanently set ports of helper to list of (port, protocol).
3166 See port tag in firewalld.helper(5).
3167 setShort(s: short) → Nothing
3169 Permanently set name of helper to short. See short tag in
3170 firewalld.helper(5).
3171 setVersion(s: version) → Nothing
3173 Permanently set version of helper to version. See version
3174 attribute of helper tag in firewalld.helper(5).
3175 update((sssssa(ss)): settings) → Nothing
3177 Update settings of helper to settings. Settings are in format:
3178 version, name, description, family, module and array of ports.
3179 version (s): see version attribute of helper tag in
3181 firewalld.helper(5).
3182 name (s): see short tag in firewalld.helper(5).
3184 description (s): see description tag in firewalld.helper(5).
3186 family (s): see family tag in firewalld.helper(5).
3188 module (s): see module tag in firewalld.helper(5).
3190 ports (a(ss)): array of port and protocol pairs. See port tag
3192 in firewalld.helper(5).
3193 Possible errors: INVALID_HELPER
3195 Signals
3197 Removed(s: name)
3198 Emitted when helper with name has been removed.
3199 Renamed(s: name)
3201 Emitted when helper has been renamed to name.
3202 Updated(s: name)
3204 Emitted when helper with name has been updated.
3205 Properties
3207 builtin - b - (ro)
3208 True if helper is build-in, false else.
3209 default - b - (ro)
3211 True if build-in helper has default settings. False if it has
3212 been modified. Always False for not build-in helpers.
3213 filename - s - (ro)
3215 Name (including .xml extension) of file where the configuration
3216 is stored.
3217 name - s - (ro)
3219 Name of helper.
3220 path - s - (ro)
3222 Path to directory where the configuration is stored. Should be
3223 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3224 org.fedoraproject.FirewallD1.config.icmptype
3226 Interface for permanent icmp type configuration, see also
3227 firewalld.icmptype(5).
3228 Methods
3230 addDestination(s: destination) → Nothing
3231 Permanently add a destination ('ipv4' or 'ipv6') to list of
3232 destinations of this icmp type. See destination tag in
3233 firewalld.icmptype(5).
3234 Possible errors: ALREADY_ENABLED
3236 getDescription() → s
3238 Get description of icmp type. See description tag in
3239 firewalld.icmptype(5).
3240 getDestinations() → as
3242 Get list of destinations. See destination tag in
3243 firewalld.icmptype(5).
3244 getSettings() → (sssas)
3246 Return permanent settings of icmp type. For getting runtime
3247 settings see
3248 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3249 Settings are in format: version, name, description, array of
3250 destinations.
3251 version (s): see version attribute of icmptype tag in
3253 firewalld.icmptype(5).
3254 name (s): see short tag in firewalld.icmptype(5).
3256 description (s): see description tag in firewalld.icmptype(5).
3258 destinations (as): array, either empty or containing strings
3260 'ipv4' and/or 'ipv6', see destination tag in
3261 firewalld.icmptype(5).
3262 getShort() → s
3265 Get name of icmp type. See short tag in firewalld.icmptype(5).
3266 getVersion() → s
3268 Get version of icmp type. See version attribute of icmptype tag
3269 in firewalld.icmptype(5).
3270 loadDefaults() → Nothing
3272 Load default settings for built-in icmp type.
3273 Possible errors: NO_DEFAULTS
3275 queryDestination(s: destination) → b
3277 Return whether a destination ('ipv4' or 'ipv6') is in list of
3278 destinations of this icmp type. See destination tag in
3279 firewalld.icmptype(5).
3280 remove() → Nothing
3282 Remove not built-in icmp type.
3283 Possible errors: BUILTIN_ICMPTYPE
3285 removeDestination(s: destination) → Nothing
3287 Permanently remove a destination ('ipv4' or 'ipv6') from list
3288 of destinations of this icmp type. See destination tag in
3289 firewalld.icmptype(5).
3290 Possible errors: NOT_ENABLED
3292 rename(s: name) → Nothing
3294 Rename not built-in icmp type to name.
3295 Possible errors: BUILTIN_ICMPTYPE
3297 setDescription(s: description) → Nothing
3299 Permanently set description of icmp type to description. See
3300 description tag in firewalld.icmptype(5).
3301 setDestinations(as: destinations) → Nothing
3303 Permanently set destinations of icmp type to destinations,
3304 which is array, either empty or containing strings 'ipv4'
3305 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3306 setShort(s: short) → Nothing
3308 Permanently set name of icmp type to short. See short tag in
3309 firewalld.icmptype(5).
3310 setVersion(s: version) → Nothing
3312 Permanently set version of icmp type to version. See version
3313 attribute of icmptype tag in firewalld.icmptype(5).
3314 update((sssas): settings) → Nothing
3316 Update permanent settings of icmp type to settings. Settings
3317 are in format: version, name, description, array of
3318 destinations.
3319 version (s): see version attribute of icmptype tag in
3321 firewalld.icmptype(5).
3322 name (s): see short tag in firewalld.icmptype(5).
3324 description (s): see description tag in firewalld.icmptype(5).
3326 destinations (as): array, either empty or containing strings
3328 'ipv4' and/or 'ipv6', see destination tag in
3329 firewalld.icmptype(5).
3330 Signals
3333 Removed(s: name)
3334 Emitted when icmp type with name has been removed.
3335 Renamed(s: name)
3337 Emitted when icmp type has been renamed to name.
3338 Updated(s: name)
3340 Emitted when icmp type with name has been updated.
3341 Properties
3343 builtin - b - (ro)
3344 True if icmptype is build-in, false else.
3345 default - b - (ro)
3347 True if build-in icmp type has default settings. False if it
3348 has been modified. Always False for not build-in zones.
3349 filename - s - (ro)
3351 Name (including .xml extension) of file where the configuration
3352 is stored.
3353 name - s - (ro)
3355 Name of icmp type.
3356 path - s - (ro)
3358 Path to directory where the icmp type configuration is stored.
3359 Should be either /usr/lib/firewalld/icmptypes or
3360 /etc/firewalld/icmptypes.
3361
3363 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3364 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3365 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3366 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3367 firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3368 firewalld.helper(5)
3369
3371 firewalld home page:
3372 http://firewalld.org
3373 More documentation with examples:
3375 http://fedoraproject.org/wiki/FirewallD
3376
3378 Thomas Woerner <twoerner@redhat.com>
3379 Developer
3380 Jiri Popelka <jpopelka@redhat.com>
3382 Developer
3383 Eric Garver <eric@garver.life>
3385 Developer
3386firewalld 0.8.2 FIREWALLD.DBUS(5)