1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct (deprecated)
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct (deprecated)
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75 disablePanicMode() → Nothing
77 resetToDefaults() → Nothing
79 Reset firewall to its default configuration, then reload
80 firewall. This effects both runtime and permanent
81 configuration.
82 Disable panic mode. After disabling panic mode established
83 connections might work again, if panic mode was enabled for a
84 short period of time.
85 Possible errors: NOT_ENABLED, COMMAND_FAILED
87 enablePanicMode() → Nothing
89 Enable panic mode. All incoming and outgoing packets are
90 dropped, active connections will expire. Enable this only if
91 there are serious problems with your network environment.
92 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
94 getAutomaticHelpers() → s
96 Deprecated. This always returns "no".
97 getDefaultZone() → s
99 Return default zone.
100 getHelperSettings(s: helper) → (sssssa(ss))
102 Return runtime settings of given helper. For getting permanent
103 settings see
104 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
105 Settings are in format: version, name, description, family,
106 module and array of ports.
107 version (s): see version attribute of helper tag in
109 firewalld.helper(5).
110 name (s): see short tag in firewalld.helper(5).
112 description (s): see description tag in firewalld.helper(5).
114 family (s): see family tag in firewalld.helper(5).
116 module (s): see module tag in firewalld.helper(5).
118 ports (a(ss)): array of port and protocol pairs. See port tag
120 in firewalld.helper(5).
121 Possible errors: INVALID_HELPER
123 getHelpers() → as
125 Return array of helper names (s) in runtime configuration. For
126 permanent configuration see
127 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
128 getIcmpTypeSettings(s: icmptype) → (sssas)
130 Return runtime settings of given icmptype. For getting
131 permanent settings see
132 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
133 Settings are in format: version, name, description, array of
134 destinations.
135 version (s): see version attribute of icmptype tag in
137 firewalld.icmptype(5).
138 name (s): see short tag in firewalld.icmptype(5).
140 description (s): see description tag in firewalld.icmptype(5).
142 destinations (as): array, either empty or containing strings
144 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
145 Possible errors: INVALID_ICMPTYPE
147 getLogDenied() → s
149 Returns the LogDenied value. If LogDenied is enabled, then
150 logging rules are added right before reject and drop rules in
151 the INPUT, FORWARD and OUTPUT chains for the default rules and
152 also final reject and drop rules in zones. Possible values are:
153 all, unicast, broadcast, multicast and off. The default value
154 is off
155 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
157 This function is deprecated, use
158 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
159 instead.
160 getServiceSettings2(s: service) → s{sv}
162 Return runtime settings of given service. For getting permanent
163 settings see
164 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
165 Settings are a dictionary indexed by keywords. For the type of
166 each value see below. If the value is empty it may be omitted.
167 version (s): see version attribute of service tag in
169 firewalld.service(5).
170 name (s): see short tag in firewalld.service(5).
172 description (s): see description tag in firewalld.service(5).
174 ports (a(ss)): array of port and protocol pairs. See port tag
176 in firewalld.service(5).
177 module names (as): array of kernel netfilter helpers, see
179 module tag in firewalld.service(5).
180 destinations (a{ss}): dictionary of {IP family : IP address}
182 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
183 destination tag in firewalld.service(5).
184 protocols (as): array of protocols, see protocol tag in
186 firewalld.service(5).
187 source_ports (a(ss)): array of port and protocol pairs. See
189 source-port tag in firewalld.service(5).
190 includes (as): array of service includes, see include tag in
192 firewalld.service(5).
193 helpers (as): array of service helpers, see helper tag in
195 firewalld.service(5).
196 Possible errors: INVALID_SERVICE
198 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
200 This function is deprecated, use
201 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2
202 instead.
203 listIcmpTypes() → as
205 Return array of names (s) of icmp types in runtime
206 configuration. For permanent configuration see
207 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
208 listServices() → as
210 Return array of service names (s) in runtime configuration. For
211 permanent configuration see
212 org.fedoraproject.FirewallD1.config.Methods.listServices.
213 queryPanicMode() → b
215 Return true if panic mode is enabled, false otherwise. In panic
216 mode all incoming and outgoing packets are dropped.
217 reload() → Nothing
219 Reload firewall rules and keep state information. Current
220 permanent configuration will become new runtime configuration,
221 i.e. all runtime only changes done until reload are lost with
222 reload if they have not been also in permanent configuration.
223 runtimeToPermanent() → Nothing
225 Make runtime settings permanent. Replaces permanent settings
226 with runtime settings for zones, services, icmptypes, direct
227 (deprecated) and policies (lockdown whitelist).
228 Possible errors: RT_TO_PERM_FAILED
230 checkPermanentConfig() → Nothing
232 Run checks on the permanent configuration. This is most useful
233 if changes were made manually to configuration files.
234 Possible errors: any
236 setDefaultZone(s: zone) → Nothing
238 Set default zone for connections and interfaces where no zone
239 has been selected to zone. Setting the default zone changes the
240 zone for the connections or interfaces, that are using the
241 default zone. This is a runtime and permanent change.
242 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
244 setLogDenied(s: value) → Nothing
246 Set LogDenied value to value. If LogDenied is enabled, then
247 logging rules are added right before reject and drop rules in
248 the INPUT, FORWARD and OUTPUT chains for the default rules and
249 also final reject and drop rules in zones. Possible values are:
250 all, unicast, broadcast, multicast and off. The default value
251 is off This is a runtime and permanent change.
252 Possible errors: ALREADY_SET, INVALID_VALUE
254 Signals
256 DefaultZoneChanged(s: zone)
257 Emitted when default zone has been changed to zone.
258 LogDeniedChanged(s: value)
260 Emitted when LogDenied value has been changed.
261 PanicModeDisabled()
263 Emitted when panic mode has been deactivated.
264 PanicModeEnabled()
266 Emitted when panic mode has been activated.
267 Reloaded()
269 Emitted when firewalld has been reloaded. Also emitted for a
270 complete reload.
271 Properties
273 BRIDGE - b - (ro)
274 Indicates whether the firewall has ethernet bridge support.
275 IPSet - b - (ro)
277 Indicates whether the firewall has IPSet support.
278 IPSetTypes - as - (ro)
280 The supported IPSet types by ipset and firewalld.
281 IPv4 - b - (ro)
283 Indicates whether the firewall has IPv4 support.
284 IPv4ICMPTypes - as - (ro)
286 The list of supported IPv4 ICMP types.
287 IPv6 - b - (ro)
289 Indicates whether the firewall has IPv6 support.
290 IPv6_rpfilter - b - (ro)
292 Indicates whether the reverse path filter test on a packet for
293 IPv6 is enabled. If a reply to the packet would be sent via the
294 same interface that the packet arrived on, the packet will
295 match and be accepted, otherwise dropped.
296 IPv6ICMPTypes - as - (ro)
298 The list of supported IPv6 ICMP types.
299 nf_conntrach_helper_setting - b - (ro)
301 Deprecated. Always False.
302 nf_conntrack_helpers - a{sas} - (ro)
304 Deprecated. Always returns an empty dictionary.
305 nf_nat_helpers - a{sas} - (ro)
307 Deprecated. Always returns an empty dictionary.
308 interface_version - s - (ro)
310 firewalld D-Bus interface version string.
311 state - s - (ro)
313 firewalld state. This can be either INIT, FAILED, or RUNNING.
314 In INIT state, firewalld is starting up and initializing. In
315 FAILED state, firewalld completely started but experienced a
316 failure.
317 version - s - (ro)
319 firewalld version string.
320 org.fedoraproject.FirewallD1.ipset
322 Operations in this interface allows one to get, add, remove and query
323 runtime ipset settings. For permanent configuration see
324 org.fedoraproject.FirewallD1.config.ipset interface.
325 Methods
327 addEntry(s: ipset, s: entry) → as
328 Add a new entry to ipset. The entry must match the type of the
329 ipset. If the ipset is using the timeout option, it is not
330 possible to see the entries, as they are timing out
331 automatically in the kernel. For permanent operation see
332 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
333 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
335 getEntries(s: ipset) → Nothing
337 Get all entries added to the ipset. If the ipset is using the
338 timeout option, it is not possible to see the entries, as they
339 are timing out automatically in the kernel. Return value is a
340 array of entry. For permanent operation see
341 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
342 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
344 getIPSetSettings(s: ipset) → (ssssa{ss}as)
346 Return runtime settings of given ipset. For getting permanent
347 settings see
348 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
349 Settings are in format: version, name, description, type,
350 dictionary of options and array of entries.
351 version (s): see version attribute of ipset tag in
353 firewalld.ipset(5).
354 name (s): see short tag in firewalld.ipset(5).
356 description (s): see description tag in firewalld.ipset(5).
358 type (s): see type attribute of ipset tag in
360 firewalld.ipset(5).
361 options (a{ss}): dictionary of {option : value} . See options
363 tag in firewalld.ipset(5).
364 entries (as): array of entries, see entry tag in
366 firewalld.ipset(5).
367 Possible errors: INVALID_IPSET
369 getIPSets() → as
371 Return array of ipset names (s) in runtime configuration. For
372 permanent configuration see
373 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
374 queryEntry(s: ipset, s: entry) → b
376 Return whether entry has been added to ipset. For permanent
377 operation see
378 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
379 Possible errors: INVALID_IPSET
381 queryIPSet(s: ipset) → b
383 Return whether ipset is defined in runtime configuration.
384 removeEntry(s: ipset, s: entry) → as
386 Removes an entry from ipset. For permanent operation see
387 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
388 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
390 setEntries(as: entries) → Nothing
392 Permanently set list of entries to entries. For permanent
393 operation see
394 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
395 See entry tag in firewalld.ipset(5).
396 Signals
398 EntryAdded(s: ipset, s: entry)
399 Emitted when entry has been added to ipset.
400 EntryRemoved(s: ipset, s: entry)
402 Emitted when entry has been removed from ipset.
403 org.fedoraproject.FirewallD1.direct
405 DEPRECATED
406 The direct interface has been deprecated. It will be removed in a
407 future release. It is superseded by policies, see
408 firewalld.policies(5).
409 This interface enables more direct access to the firewall. It enables
411 runtime manipulation with chains and rules. For permanent configuration
412 see org.fedoraproject.FirewallD1.config.direct interface.
413 Methods
415 addChain(s: ipv, s: table, s: chain) → Nothing
416 Add a new chain to table for ipv being either ipv4 (iptables)
417 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
418 other chain with this name already. There already exist basic
419 chains to use with direct methods, for example INPUT_direct
420 chain. These chains are jumped into before chains for zones,
421 i.e. every rule put into INPUT_direct will be checked before
422 rules in zones. For permanent operation see
423 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
424 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
426 COMMAND_FAILED
427 addPassthrough(s: ipv, as: args) → Nothing
429 Add a tracked passthrough rule with the arguments args for ipv
430 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
431 (ebtables). Valid commands in args are only -A/--append,
432 -I/--insert and -N/--new-chain. This method is (unlike
433 passthrough method) tracked, i.e. firewalld remembers it. It's
434 useful with
435 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
436 permanent operation see
437 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
438 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
440 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
442 Nothing
443 Add a rule with the arguments args to chain in table with
444 priority for ipv being either ipv4 (iptables) or ipv6
445 (ip6tables) or eb (ebtables). The priority is used to order
446 rules. Priority 0 means add rule on top of the chain, with a
447 higher priority the rule will be added further down. Rules with
448 the same priority are on the same level and the order of these
449 rules is not fixed and may change. If you want to make sure
450 that a rule will be added after another one, use a low priority
451 for the first and a higher for the following. For permanent
452 operation see
453 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
454 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
456 COMMAND_FAILED
457 getAllChains() → a(sss)
459 Get all chains added to all tables in format: ipv, table,
460 chain. This concerns only chains previously added with
461 addChain. Return value is a array of (ipv, table, chain). For
462 permanent operation see
463 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
464 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
466 (ebtables).
467 table (s): one of filter, mangle, nat, raw, security
469 chain (s): name of a chain.
471 getAllPassthroughs() → a(sas)
474 Get all tracked passthrough rules added in all ipv types in
475 format: ipv, rule. This concerns only rules previously added
476 with addPassthrough. Return value is a array of (ipv, array of
477 arguments). For permanent operation see
478 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
479 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
481 (ebtables).
482 arguments (as): array of commands, parameters and other
484 iptables/ip6tables/ebtables command line options.
485 getAllRules() → a(sssias)
488 Get all rules added to all chains in all tables in format: ipv,
489 table, chain, priority, rule. This concerns only rules
490 previously added with addRule. Return value is a array of (ipv,
491 table, chain, priority, array of arguments). For permanent
492 operation see
493 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
494 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
496 (ebtables).
497 table (s): one of filter, mangle, nat, raw, security
499 chain (s): name of a chain.
501 priority (i): used to order rules.
503 arguments (as): array of commands, parameters and other
505 iptables/ip6tables/ebtables command line options.
506 getChains(s: ipv, s: table) → as
509 Return an array of chains (s) added to table for ipv being
510 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
511 This concerns only chains previously added with addChain. For
512 permanent operation see
513 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
514 Possible errors: INVALID_IPV, INVALID_TABLE
516 getPassthroughs(s: ipv) → aas
518 Get tracked passthrough rules added in either ipv4 (iptables)
519 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
520 previously added with addPassthrough. Return value is a array
521 of (array of arguments). For permanent operation see
522 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
523 arguments (as): array of commands, parameters and other
525 iptables/ip6tables/ebtables command line options.
526 getRules(s: ipv, s: table, s: chain) → a(ias)
529 Get all rules added to chain in table for ipv being either ipv4
530 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
531 only rules previously added with addRule. Return value is a
532 array of (priority, array of arguments). For permanent
533 operation see
534 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
535 priority (i): used to order rules.
537 arguments (as): array of commands, parameters and other
539 iptables/ip6tables/ebtables command line options.
540 Possible errors: INVALID_IPV, INVALID_TABLE
542 passthrough(s: ipv, as: args) → s
544 Pass a command through to the firewall. ipv can be either ipv4
545 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
546 all iptables, ip6tables and ebtables command line arguments.
547 args can be all iptables, ip6tables and ebtables command line
548 arguments. This command is untracked, which means that
549 firewalld is not able to provide information about this command
550 later on.
551 Possible errors: COMMAND_FAILED
553 queryChain(s: ipv, s: table, s: chain) → b
555 Return whether a chain exists in table for ipv being either
556 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
557 concerns only chains previously added with addChain. For
558 permanent operation see
559 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
560 Possible errors: INVALID_IPV, INVALID_TABLE
562 queryPassthrough(s: ipv, as: args) → b
564 Return whether a tracked passthrough rule with the arguments
565 args exists for ipv being either ipv4 (iptables) or ipv6
566 (ip6tables) or eb (ebtables). This concerns only rules
567 previously added with addPassthrough. For permanent operation
568 see
569 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
570 Possible errors: INVALID_IPV
572 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
574 Return whether a rule with priority and the arguments args
575 exists in chain in table for ipv being either ipv4 (iptables)
576 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
577 previously added with addRule. For permanent operation see
578 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
579 Possible errors: INVALID_IPV, INVALID_TABLE
581 removeAllPassthroughs() → Nothing
583 Remove all passthrough rules previously added with
584 addPassthrough.
585 removeChain(s: ipv, s: table, s: chain) → Nothing
587 Remove a chain from table for ipv being either ipv4 (iptables)
588 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
589 added with addChain can be removed this way. For permanent
590 operation see
591 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
592 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
594 COMMAND_FAILED
595 removePassthrough(s: ipv, as: args) → Nothing
597 Remove a tracked passthrough rule with arguments args for ipv
598 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
599 (ebtables). Only rules previously added with addPassthrough can
600 be removed this way. For permanent operation see
601 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
602 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
604 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
606 Nothing
607 Remove a rule with priority and arguments args from chain in
608 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
609 or eb (ebtables). Only rules previously added with addRule can
610 be removed this way. For permanent operation see
611 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
612 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
614 COMMAND_FAILED
615 removeRules(s: ipv, s: table, s: chain) → Nothing
617 Remove all rules from chain in table for ipv being either ipv4
618 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
619 only rules previously added with addRule. For permanent
620 operation see
621 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
622 Possible errors: INVALID_IPV, INVALID_TABLE
624 Signals
626 ChainAdded(s: ipv, s: table, s: chain)
627 Emitted when chain has been added into table for ipv being
628 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
629 ChainRemoved(s: ipv, s: table, s: chain)
631 Emitted when chain has been removed from table for ipv being
632 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
633 PassthroughAdded(s: ipv, as: args)
635 Emitted when a tracked passthrough rule with args has been
636 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
637 or eb (ebtables).
638 PassthroughRemoved(s: ipv, as: args)
640 Emitted when a tracked passthrough rule with args has been
641 removed for ipv being either ipv4 (iptables) or ipv6
642 (ip6tables) or eb (ebtables).
643 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
645 Emitted when a rule with args has been added to chain in table
646 with priority for ipv being either ipv4 (iptables) or ipv6
647 (ip6tables) or eb (ebtables).
648 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
650 Emitted when a rule with args has been removed from chain in
651 table with priority for ipv being either ipv4 (iptables) or
652 ipv6 (ip6tables) or eb (ebtables).
653 org.fedoraproject.FirewallD1.policies
655 Enables firewalld to be able to lock down configuration changes from
656 local applications. Local applications or services are able to change
657 the firewall configuration if they are running as root (example:
658 libvirt). With these operations administrator can lock the firewall
659 configuration so that either none or only applications that are in the
660 whitelist are able to request firewall changes. For permanent
661 configuration see org.fedoraproject.FirewallD1.config.policies
662 interface.
663 Methods
665 addLockdownWhitelistCommand(s: command) → Nothing
666 Add command to whitelist. See command option in
667 firewalld.lockdown-whitelist(5). For permanent operation see
668 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
669 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
671 addLockdownWhitelistContext(s: context) → Nothing
673 Add context to whitelist. See selinux option in
674 firewalld.lockdown-whitelist(5). For permanent operation see
675 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
676 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
678 addLockdownWhitelistUid(i: uid) → Nothing
680 Add user id uid to whitelist. See user option in
681 firewalld.lockdown-whitelist(5). For permanent operation see
682 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
683 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
685 addLockdownWhitelistUser(s: user) → Nothing
687 Add user name to whitelist. See user option in
688 firewalld.lockdown-whitelist(5). For permanent operation see
689 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
690 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
692 disableLockdown() → Nothing
694 Disable lockdown. This is a runtime and permanent change.
695 Possible errors: NOT_ENABLED
697 enableLockdown() → Nothing
699 Enable lockdown. Be careful - if the calling application/user
700 is not on lockdown whitelist when you enable lockdown you won't
701 be able to disable it again with the application, you would
702 need to edit firewalld.conf. This is a runtime and permanent
703 change.
704 Possible errors: ALREADY_ENABLED
706 getLockdownWhitelistCommands() → as
708 List all command lines (s) that are on whitelist. For permanent
709 operation see
710 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
711 getLockdownWhitelistContexts() → as
713 List all contexts (s) that are on whitelist. For permanent
714 operation see
715 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
716 getLockdownWhitelistUids() → ai
718 List all user ids (i) that are on whitelist. For permanent
719 operation see
720 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
721 getLockdownWhitelistUsers() → as
723 List all users (s) that are on whitelist. For permanent
724 operation see
725 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
726 queryLockdown() → b
728 Query whether lockdown is enabled.
729 queryLockdownWhitelistCommand(s: command) → b
731 Query whether command is on whitelist. For permanent operation
732 see
733 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
734 queryLockdownWhitelistContext(s: context) → b
736 Query whether context is on whitelist. For permanent operation
737 see
738 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
739 queryLockdownWhitelistUid(i: uid) → b
741 Query whether user id uid is on whitelist. For permanent
742 operation see
743 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
744 queryLockdownWhitelistUser(s: user) → b
746 Query whether user is on whitelist. For permanent operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
748 removeLockdownWhitelistCommand(s: command) → Nothing
750 Remove command from whitelist. For permanent operation see
751 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
752 Possible errors: NOT_ENABLED
754 removeLockdownWhitelistContext(s: context) → Nothing
756 Remove context from whitelist. For permanent operation see
757 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
758 Possible errors: NOT_ENABLED
760 removeLockdownWhitelistUid(i: uid) → Nothing
762 Remove user id uid from whitelist. For permanent operation see
763 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
764 Possible errors: NOT_ENABLED
766 removeLockdownWhitelistUser(s: user) → Nothing
768 Remove user from whitelist. For permanent operation see
769 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
770 Possible errors: NOT_ENABLED
772 Signals
774 LockdownDisabled()
775 Emitted when lockdown has been disabled.
776 LockdownEnabled()
778 Emitted when lockdown has been enabled.
779 LockdownWhitelistCommandAdded(s: command)
781 Emitted when command has been added to whitelist.
782 LockdownWhitelistCommandRemoved(s: command)
784 Emitted when command has been removed from whitelist.
785 LockdownWhitelistContextAdded(s: context)
787 Emitted when context has been added to whitelist.
788 LockdownWhitelistContextRemoved(s: context)
790 Emitted when context has been removed from whitelist.
791 LockdownWhitelistUidAdded(i: uid)
793 Emitted when user id uid has been added to whitelist.
794 LockdownWhitelistUidRemoved(i: uid)
796 Emitted when user id uid has been removed from whitelist.
797 LockdownWhitelistUserAdded(s: user)
799 Emitted when user has been added to whitelist.
800 LockdownWhitelistUserRemoved(s: user)
802 Emitted when user has been removed from whitelist.
803 org.fedoraproject.FirewallD1.zone
805 Operations in this interface allows one to get, add, remove and query
806 runtime zone's settings. For permanent settings see
807 org.fedoraproject.FirewallD1.config.zone interface.
808 Methods
810 getZoneSettings2(s: zone) → a{sv}
811 Return runtime settings of given zone. For getting permanent
812 settings see
813 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2.
814 Settings are a dictionary indexed by keywords. For the type of
815 each value see below. If the value is empty it may be omitted.
816 version (s): see version attribute of zone tag in
818 firewalld.zone(5).
819 name (s): see short tag in firewalld.zone(5).
821 description (s): see description tag in firewalld.zone(5).
823 target (s): see target attribute of zone tag in
825 firewalld.zone(5).
826 services (as): array of service names, see service tag in
828 firewalld.zone(5).
829 ports (a(ss)): array of port and protocol pairs. See port tag
831 in firewalld.zone(5).
832 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
834 firewalld.zone(5).
835 masquerade (b): see masquerade tag in firewalld.zone(5).
837 forward_ports (a(ssss)): array of (port, protocol, to-port,
839 to-addr). See forward-port tag in firewalld.zone(5).
840 interfaces (as): array of interfaces. See interface tag in
842 firewalld.zone(5).
843 sources (as): array of source addresses. See source tag in
845 firewalld.zone(5).
846 rules_str (as): array of rich-language rules. See rule tag in
848 firewalld.zone(5).
849 protocols (as): array of protocols, see protocol tag in
851 firewalld.zone(5).
852 source_ports (a(ss)): array of port and protocol pairs. See
854 source-port tag in firewalld.zone(5).
855 icmp_block_inversion (b): see icmp-block-inversion tag in
857 firewalld.zone(5).
858 forward (b): see forward tag in firewalld.zone(5).
860 Possible errors: INVALID_ZONE
862 setZoneSettings2(s: zone, a{sv}: settings, i: timeout)
864 Set runtime settings of given zone. For setting permanent
865 settings see
866 org.fedoraproject.FirewallD1.config.zone.Methods.update2.
867 Settings are a dictionary indexed by keywords. For the type of
868 each value see below. To zero a value pass an empty string or
869 list.
870 services (as): array of service names, see service tag in
872 firewalld.zone(5).
873 ports (a(ss)): array of port and protocol pairs. See port tag
875 in firewalld.zone(5).
876 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
878 firewalld.zone(5).
879 masquerade (b): see masquerade tag in firewalld.zone(5).
881 forward_ports (a(ssss)): array of (port, protocol, to-port,
883 to-addr). See forward-port tag in firewalld.zone(5).
884 interfaces (as): array of interfaces. See interface tag in
886 firewalld.zone(5).
887 sources (as): array of source addresses. See source tag in
889 firewalld.zone(5).
890 rules_str (as): array of rich-language rules. See rule tag in
892 firewalld.zone(5).
893 protocols (as): array of protocols, see protocol tag in
895 firewalld.zone(5).
896 source_ports (a(ss)): array of port and protocol pairs. See
898 source-port tag in firewalld.zone(5).
899 icmp_block_inversion (b): see icmp-block-inversion tag in
901 firewalld.zone(5).
902 forward (b): see forward tag in firewalld.zone(5).
904 Possible errors: INVALID_ZONE
906 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
908 i: timeout) → s
909 Add the IPv4 forward port into zone. If zone is empty, use
910 default zone. The port can either be a single port number
911 portid or a port range portid-portid. The protocol can either
912 be tcp or udp. The destination address is a simple IP address.
913 If timeout is non-zero, the operation will be active only for
914 the amount of seconds. For permanent settings see
915 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
916 Returns name of zone to which the forward port was added.
918 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
920 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
921 ALREADY_ENABLED, INVALID_COMMAND
922 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
924 Add an ICMP block icmp into zone. The icmp is the one of the
925 icmp types firewalld supports. To get a listing of supported
926 icmp types use
927 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
928 empty, use default zone. If timeout is non-zero, the operation
929 will be active only for the amount of seconds. For permanent
930 settings see
931 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
932 Returns name of zone to which the ICMP block was added.
934 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
936 ALREADY_ENABLED, INVALID_COMMAND
937 addIcmpBlockInversion(s: zone) → s
939 Add ICMP block inversion to zone. If zone is empty, use default
940 zone. For permanent settings see
941 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
942 Returns name of zone to which the ICMP block inversion was
944 added.
945 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
947 addInterface(s: zone, s: interface) → s
949 Bind interface with zone. From now on all traffic going through
950 the interface will respect the zone's settings. If zone is
951 empty, use default zone. For permanent settings see
952 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
953 Returns name of zone to which the interface was bound.
955 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
957 ALREADY_ENABLED, INVALID_COMMAND
958 addMasquerade(s: zone, i: timeout) → s
960 Enable masquerade in zone. If zone is empty, use default zone.
961 If timeout is non-zero, masquerading will be active for the
962 amount of seconds. For permanent settings see
963 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
964 Returns name of zone in which the masquerade was enabled.
966 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
968 addPort(s: zone, s: port, s: protocol, i: timeout) → s
970 Add port into zone. If zone is empty, use default zone. The
971 port can either be a single port number or a port range
972 portid-portid. The protocol can either be tcp or udp. If
973 timeout is non-zero, the operation will be active only for the
974 amount of seconds. For permanent settings see
975 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
976 Returns name of zone to which the port was added.
978 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
980 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
981 addProtocol(s: zone, s: protocol, i: timeout) → s
983 Add protocol into zone. If zone is empty, use default zone. The
984 protocol can be any protocol supported by the system. Please
985 have a look at /etc/protocols for supported protocols. If
986 timeout is non-zero, the operation will be active only for the
987 amount of seconds. For permanent settings see
988 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
989 Returns name of zone to which the protocol was added.
991 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
993 ALREADY_ENABLED, INVALID_COMMAND
994 addRichRule(s: zone, s: rule, i: timeout) → s
996 Add rich language rule into zone. For the rich language rule
997 syntax, please have a look at firewalld.direct(5). If zone is
998 empty, use default zone. If timeout is non-zero, the operation
999 will be active only for the amount of seconds. For permanent
1000 settings see
1001 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
1002 Returns name of zone to which the rich language rule was added.
1004 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
1006 INVALID_COMMAND
1007 addService(s: zone, s: service, i: timeout) → s
1009 Add service into zone. If zone is empty, use default zone. If
1010 timeout is non-zero, the operation will be active only for the
1011 amount of seconds. To get a list of supported services, use
1012 org.fedoraproject.FirewallD1.Methods.listServices. For
1013 permanent settings see
1014 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
1015 Returns name of zone to which the service was added.
1017 Possible errors: INVALID_ZONE, INVALID_SERVICE,
1019 ALREADY_ENABLED, INVALID_COMMAND
1020 addSource(s: zone, s: source) → s
1022 Bind source with zone. From now on all traffic going from this
1023 source will respect the zone's settings. A source address or
1024 address range is either an IP address or a network IP address
1025 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
1026 network mask or a plain number. For IPv6 the mask is a plain
1027 number. Use of host names is not supported. If zone is empty,
1028 use default zone. For permanent settings see
1029 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
1030 Returns name of zone to which the source was bound.
1032 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
1034 INVALID_COMMAND
1035 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
1037 Add source port into zone. If zone is empty, use default zone.
1038 The port can either be a single port number or a port range
1039 portid-portid. The protocol can either be tcp or udp. If
1040 timeout is non-zero, the operation will be active only for the
1041 amount of seconds. For permanent settings see
1042 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
1043 Returns name of zone to which the port was added.
1045 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1047 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
1048 changeZone(s: zone, s: interface) → s
1050 This function is deprecated, use
1051 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
1052 instead.
1053 changeZoneOfInterface(s: zone, s: interface) → s
1055 Change a zone an interface is bound to to zone. It's basically
1056 removeInterface(interface) followed by addInterface(zone,
1057 interface). If interface has not been bound to a zone before,
1058 it behaves like addInterface. If zone is empty, use default
1059 zone.
1060 Returns name of zone to which the interface was bound.
1062 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1064 changeZoneOfSource(s: zone, s: source) → s
1066 Change a zone an source is bound to to zone. It's basically
1067 removeSource(source) followed by addSource(zone, source). If
1068 source has not been bound to a zone before, it behaves like
1069 addSource. If zone is empty, use default zone.
1070 Returns name of zone to which the source was bound.
1072 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1074 getActiveZones() → a{sa{sas}}
1076 Return dictionary of currently active zones altogether with
1077 interfaces and sources used in these zones. Active zones are
1078 zones, that have a binding to an interface or source.
1079 Return value is a dictionary where keys are zone names (s) and
1081 values are again dictionaries where keys are either
1082 'interfaces' or 'sources' and values are arrays of interface
1083 names (s) or sources (s).
1084 getForwardPorts(s: zone) → aas
1086 Return array of IPv4 forward ports previously added into zone.
1087 If zone is empty, use default zone. For getting permanent
1088 settings see
1089 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1090 Return value is array of 4-tuples, where each 4-tuple consists
1092 of (port, protocol, to-port, to-addr). to-addr might be empty
1093 in case of local forwarding.
1094 Possible errors: INVALID_ZONE
1096 getIcmpBlocks(s: zone) → as
1098 Return array of ICMP type (s) blocks previously added into
1099 zone. If zone is empty, use default zone. For getting permanent
1100 settings see
1101 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1102 Possible errors: INVALID_ZONE
1104 getIcmpBlockInversion(s: zone) → b
1106 Return whether ICMP block inversion was previously added to
1107 zone. If zone is empty, use default zone. For getting permanent
1108 settings see
1109 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1110 Possible errors: INVALID_ZONE
1112 getInterfaces(s: zone) → as
1114 Return array of interfaces (s) previously bound with zone. If
1115 zone is empty, use default zone. For getting permanent settings
1116 see
1117 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1118 Possible errors: INVALID_ZONE
1120 getPorts(s: zone) → aas
1122 Return array of ports (2-tuple of port and protocol) previously
1123 enabled in zone. If zone is empty, use default zone. For
1124 getting permanent settings see
1125 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1126 Possible errors: INVALID_ZONE
1128 getProtocols(s: zone) → as
1130 Return array of protocols (s) previously enabled in zone. If
1131 zone is empty, use default zone. For getting permanent settings
1132 see
1133 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1134 Possible errors: INVALID_ZONE
1136 getRichRules(s: zone) → as
1138 Return array of rich language rules (s) previously added into
1139 zone. If zone is empty, use default zone. For getting permanent
1140 settings see
1141 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1142 Possible errors: INVALID_ZONE
1144 getServices(s: zone) → as
1146 Return array of services (s) previously enabled in zone. If
1147 zone is empty, use default zone. For getting permanent settings
1148 see
1149 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1150 Possible errors: INVALID_ZONE
1152 getSourcePorts(s: zone) → aas
1154 Return array of source ports (2-tuple of port and protocol)
1155 previously enabled in zone. If zone is empty, use default zone.
1156 For getting permanent settings see
1157 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1158 Possible errors: INVALID_ZONE
1160 getSources(s: zone) → as
1162 Return array of sources (s) previously bound with zone. If zone
1163 is empty, use default zone. For getting permanent settings see
1164 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1165 Possible errors: INVALID_ZONE
1167 getZoneOfInterface(s: interface) → s
1169 Return name (s) of zone the interface is bound to or empty
1170 string.
1171 getZoneOfSource(s: source) → s
1173 Return name (s) of zone the source is bound to or empty string.
1174 getZones() → as
1176 Return array of names (s) of predefined zones known to current
1177 runtime environment. For list of zones known to permanent
1178 environment see
1179 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1180 lists (of zones known to runtime and permanent environment)
1181 will contain same zones in most cases, but might differ for
1182 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1183 has been called recently, but firewalld has not been reloaded
1184 since then.
1185 isImmutable(s: zone) → b
1187 Deprecated.
1188 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1190 toaddr) → b
1191 Return whether the IPv4 forward port (port, protocol, toport,
1192 toaddr) has been added into zone. If zone is empty, use default
1193 zone. For permanent operation see
1194 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1195 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1197 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1198 queryIcmpBlock(s: zone, s: icmp) → b
1200 Return whether an ICMP block for icmp has been added into zone.
1201 If zone is empty, use default zone. For permanent operation see
1202 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1203 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1205 queryIcmpBlockInversion(s: zone) → b
1207 Return whether ICMP block inversion has been added to zone. If
1208 zone is empty, use default zone. For permanent operation see
1209 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1210 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1212 queryInterface(s: zone, s: interface) → b
1214 Query whether interface has been bound to zone. If zone is
1215 empty, use default zone. For permanent operation see
1216 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1217 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1219 queryMasquerade(s: zone) → b
1221 Return whether masquerading has been enabled in zone If zone is
1222 empty, use default zone. For permanent operation see
1223 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1224 Possible errors: INVALID_ZONE
1226 queryPort(s: zone, s: port, s: protocol) → b
1228 Return whether port/protocol has been added in zone. If zone is
1229 empty, use default zone. For permanent operation see
1230 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1231 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1233 INVALID_PROTOCOL
1234 queryProtocol(s: zone, s: protocol) → b
1236 Return whether protocol has been added in zone. If zone is
1237 empty, use default zone. For permanent operation see
1238 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1239 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1241 queryRichRule(s: zone, s: rule) → b
1243 Return whether rich rule rule has been added in zone. If zone
1244 is empty, use default zone. For permanent operation see
1245 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1246 Possible errors: INVALID_ZONE, INVALID_RULE
1248 queryService(s: zone, s: service) → b
1250 Return whether service has been added for zone. If zone is
1251 empty, use default zone. For permanent operation see
1252 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1253 Possible errors: INVALID_ZONE, INVALID_SERVICE
1255 querySource(s: zone, s: source) → b
1257 Query whether sourcehas been bound to zone. If zone is empty,
1258 use default zone. For permanent operation see
1259 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1260 Possible errors: INVALID_ZONE, INVALID_ADDR
1262 querySourcePort(s: zone, s: port, s: protocol) → b
1264 Return whether port/protocol has been added in zone. If zone is
1265 empty, use default zone. For permanent operation see
1266 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1267 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1269 INVALID_PROTOCOL
1270 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1272 toaddr) → s
1273 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1274 from zone. If zone is empty, use default zone. For permanent
1275 operation see
1276 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1277 Returns name of zone from which the forward port was removed.
1279 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1281 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1282 INVALID_COMMAND
1283 removeIcmpBlock(s: zone, s: icmp) → s
1285 Remove ICMP block icmp from zone. If zone is empty, use default
1286 zone. For permanent operation see
1287 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1288 Returns name of zone from which the ICMP block was removed.
1290 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1292 INVALID_COMMAND
1293 removeIcmpBlockInversion(s: zone) → s
1295 Remove ICMP block inversion from zone. If zone is empty, use
1296 default zone. For permanent operation see
1297 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1298 Returns name of zone from which the ICMP block inversion was
1300 removed.
1301 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1303 removeInterface(s: zone, s: interface) → s
1305 Remove binding of interface from zone. If zone is empty, the
1306 interface will be removed from zone it belongs to. For
1307 permanent operation see
1308 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1309 Returns name of zone from which the interface was removed.
1311 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1313 INVALID_COMMAND
1314 removeMasquerade(s: zone) → s
1316 Disable masquerade for zone. If zone is empty, use default
1317 zone. For permanent operation see
1318 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1319 Returns name of zone for which the masquerade was disabled.
1321 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1323 removePort(s: zone, s: port, s: protocol) → s
1325 Remove port/protocol from zone. If zone is empty, use default
1326 zone. For permanent operation see
1327 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1328 Returns name of zone from which the port was removed.
1330 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1332 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1333 removeProtocol(s: zone, s: protocol) → s
1335 Remove protocol from zone. If zone is empty, use default zone.
1336 For permanent operation see
1337 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1338 Returns name of zone from which the protocol was removed.
1340 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1342 INVALID_COMMAND
1343 removeRichRule(s: zone, s: rule) → s
1345 Remove rich language rule from zone. If zone is empty, use
1346 default zone. For permanent operation see
1347 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1348 Returns name of zone from which the rich language rule was
1350 removed.
1351 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1353 INVALID_COMMAND
1354 removeService(s: zone, s: service) → s
1356 Remove service from zone. If zone is empty, use default zone.
1357 For permanent operation see
1358 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1359 Returns name of zone from which the service was removed.
1361 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1363 INVALID_COMMAND
1364 removeSource(s: zone, s: source) → s
1366 Remove binding of source from zone. If zone is empty, the
1367 source will be removed from zone it belongs to. For permanent
1368 operation see
1369 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1370 Returns name of zone from which the source was removed.
1372 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1374 INVALID_COMMAND
1375 removeSourcePort(s: zone, s: port, s: protocol) → s
1377 Remove port/protocol from zone. If zone is empty, use default
1378 zone. For permanent operation see
1379 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1380 Returns name of zone from which the source port was removed.
1382 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1384 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1385 Signals
1387 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1388 toaddr, i: timeout)
1389 Emitted when forward port has been added to zone with timeout.
1390 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1392 toaddr)
1393 Emitted when forward port has been removed from zone.
1394 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1396 Emitted when ICMP block for icmp has been added to zone with
1397 timeout.
1398 IcmpBlockInversionAdded(s: zone)
1400 Emitted when ICMP block inversion has been added to zone.
1401 IcmpBlockInversionRemoved(s: zone)
1403 Emitted when ICMP block inversion has been removed from zone.
1404 IcmpBlockRemoved(s: zone, s: icmp)
1406 Emitted when ICMP block for icmp has been removed from zone.
1407 InterfaceAdded(s: zone, s: interface)
1409 Emitted when interface has been added to zone.
1410 InterfaceRemoved(s: zone, s: interface)
1412 Emitted when interface has been removed from zone.
1413 MasqueradeAdded(s: zone, i: timeout)
1415 Emitted when masquerade has been enabled for zone.
1416 MasqueradeRemoved(s: zone)
1418 Emitted when masquerade has been disabled for zone.
1419 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1421 Emitted when port/protocol has been added to zone with timeout.
1422 PortRemoved(s: zone, s: port, s: protocol)
1424 Emitted when port/protocol has been removed from zone.
1425 ProtocolAdded(s: zone, s: protocol, i: timeout)
1427 Emitted when protocol has been added to zone with timeout.
1428 ProtocolRemoved(s: zone, s: protocol)
1430 Emitted when protocol has been removed from zone.
1431 RichRuleAdded(s: zone, s: rule, i: timeout)
1433 Emitted when rich language rule has been added to zone with
1434 timeout.
1435 RichRuleRemoved(s: zone, s: rule)
1437 Emitted when rich language rule has been removed from zone.
1438 ServiceAdded(s: zone, s: service, i: timeout)
1440 Emitted when service has been added to zone with timeout.
1441 ServiceRemoved(s: zone, s: service)
1443 Emitted when service has been removed from zone.
1444 SourceAdded(s: zone, s: source)
1446 Emitted when source has been added to zone.
1447 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1449 Emitted when source-port/protocol has been added to zone with
1450 timeout.
1451 SourcePortRemoved(s: zone, s: port, s: protocol)
1453 Emitted when source-port/protocol has been removed from zone.
1454 SourceRemoved(s: zone, s: source)
1456 Emitted when source has been removed from zone.
1457 ZoneChanged(s: zone, s: interface)
1459 Deprecated
1460 ZoneOfInterfaceChanged(s: zone, s: interface)
1462 Emitted when a zone an interface is part of has been changed to
1463 zone.
1464 ZoneOfSourceChanged(s: zone, s: source)
1466 Emitted when a zone an source is part of has been changed to
1467 zone.
1468 ZoneUpdated2(s: zone, a{sv}: settings)
1470 Emitted when a zone's settings are updated via
1471 org.fedoraproject.FirewallD1.zone.Methods.setZoneSettings2
1472 org.fedoraproject.FirewallD1.policy
1474 Operations in this interface allows one to get, add, remove and query
1475 runtime policy settings. For permanent settings see
1476 org.fedoraproject.FirewallD1.config.policy interface.
1477 Methods
1479 getActivePolicies() → a{sa{sas}}
1480 Return dictionary of currently active policies altogether with
1481 ingress zones and egress zones used in these policies. Active
1482 policies are policies, that have a binding to an active ingress
1483 zone and an active egress zone.
1484 Return value is a dictionary where keys are policy names (s)
1486 and values are again dictionaries where keys are either
1487 'ingress_zones' or 'egress_zones' and values are arrays of zone
1488 names (s).
1489 getPolicies() → as
1491 Return array of names (s) of predefined policies known to
1492 current runtime environment. For list of policies known to
1493 permanent environment see
1494 org.fedoraproject.FirewallD1.config.Methods.listPolicies. The
1495 lists (of policies known to runtime and permanent environment)
1496 will contain same policies in most cases, but might differ for
1497 example if
1498 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1499 called recently, but firewalld has not been reloaded since
1500 then.
1501 getPolicySettings(s: policy) → a{sv}
1503 Return runtime settings of given policy. For getting permanent
1504 settings see
1505 org.fedoraproject.FirewallD1.config.policy.Methods.getSettings.
1506 Settings are a dictionary indexed by keywords. For possible
1507 keywords see
1508 org.fedoraproject.FirewallD1.config.Methods.addPolicy. If the
1509 value is empty it may be omitted.
1510 Possible errors: INVALID_POLICY
1512 setPolicySettings(s: policy, a{sv}: settings, i: timeout)
1514 Set runtime settings of given policy. For setting permanent
1515 settings see
1516 org.fedoraproject.FirewallD1.config.policy.Methods.update.
1517 Settings are a dictionary indexed by keywords. For possible
1518 keywords see
1519 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
1520 a value pass an empty string or list. Some keywords are not
1521 available to modify in the runtime: description, name,
1522 priority, target, version.
1523 Possible errors: INVALID_POLICY
1525 Signals
1527 ForwardPortAdded(s: policy, a{sv}: settings)
1528 Emitted when a policy's settings are updated via
1529 org.fedoraproject.FirewallD1.policy.Methods.setPolicySettings
1530 org.fedoraproject.FirewallD1.config
1532 Allows one to permanently add, remove and query zones, services and
1533 icmp types.
1534 Methods
1536 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1537 Add ipset with given settings into permanent configuration.
1538 Settings are in format: version, name, description, type,
1539 dictionary of options and array of entries.
1540 version (s): see version attribute of ipset tag in
1542 firewalld.ipset(5).
1543 name (s): see short tag in firewalld.ipset(5).
1545 description (s): see description tag in firewalld.ipset(5).
1547 type (s): see type attribute of ipset tag in
1549 firewalld.ipset(5).
1550 options (a{ss}): dictionary of {option : value} . See options
1552 tag in firewalld.ipset(5).
1553 entries (as): array of entries, see entry tag in
1555 firewalld.ipset(5).
1556 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1558 addIcmpType(s: icmptype, (sssas): settings) → o
1560 Add icmptype with given settings into permanent configuration.
1561 Settings are in format: version, name, description, array of
1562 destinations. Returns object path of the new icmp type.
1563 version (s): see version attribute of icmptype tag in
1565 firewalld.icmptype(5).
1566 name (s): see short tag in firewalld.icmptype(5).
1568 description (s): see description tag in firewalld.icmptype(5).
1570 destinations (as): array, either empty or containing strings
1572 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1573 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1575 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1577 This function is deprecated, use
1578 org.fedoraproject.FirewallD1.config.Methods.addService2
1579 instead.
1580 addService2s: service, a{sv}: settings) → o
1582 Add service with given settings into permanent configuration.
1583 Settings are a dictionary indexed by keywords. For the type of
1584 each value see below. To zero a value pass an empty string or
1585 list.
1586 version (s): see version attribute of service tag in
1588 firewalld.service(5).
1589 name (s): see short tag in firewalld.service(5).
1591 description (s): see description tag in firewalld.service(5).
1593 ports (a(ss)): array of port and protocol pairs. See port tag
1595 in firewalld.service(5).
1596 module names (as): array of kernel netfilter helpers, see
1598 module tag in firewalld.service(5).
1599 destinations (a{ss}): dictionary of {IP family : IP address}
1601 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1602 destination tag in firewalld.service(5).
1603 protocols (as): array of protocols, see protocol tag in
1605 firewalld.service(5).
1606 source_ports (a(ss)): array of port and protocol pairs. See
1608 source-port tag in firewalld.service(5).
1609 includes (as): array of service includes, see include tag in
1611 firewalld.service(5).
1612 helpers (as): array of service helpers, see helper tag in
1614 firewalld.service(5).
1615 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1617 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings)
1619 → o
1620 This function is deprecated, use
1621 org.fedoraproject.FirewallD1.config.Methods.addZone2 instead.
1622 addZone2(s: zone, a{sv}: settings) → o
1624 Add zone with given settings into permanent configuration.
1625 Settings are a dictionary indexed by keywords. For the type of
1626 each value see below. To zero a value pass an empty string or
1627 list.
1628 version (s): see version attribute of zone tag in
1630 firewalld.zone(5).
1631 name (s): see short tag in firewalld.zone(5).
1633 description (s): see description tag in firewalld.zone(5).
1635 target (s): see target attribute of zone tag in
1637 firewalld.zone(5).
1638 services (as): array of service names, see service tag in
1640 firewalld.zone(5).
1641 ports (a(ss)): array of port and protocol pairs. See port tag
1643 in firewalld.zone(5).
1644 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1646 firewalld.zone(5).
1647 masquerade (b): see masquerade tag in firewalld.zone(5).
1649 forward_ports (a(ssss)): array of (port, protocol, to-port,
1651 to-addr). See forward-port tag in firewalld.zone(5).
1652 interfaces (as): array of interfaces. See interface tag in
1654 firewalld.zone(5).
1655 sources (as): array of source addresses. See source tag in
1657 firewalld.zone(5).
1658 rules_str (as): array of rich-language rules. See rule tag in
1660 firewalld.zone(5).
1661 protocols (as): array of protocols, see protocol tag in
1663 firewalld.zone(5).
1664 source_ports (a(ss)): array of port and protocol pairs. See
1666 source-port tag in firewalld.zone(5).
1667 icmp_block_inversion (b): see icmp-block-inversion tag in
1669 firewalld.zone(5).
1670 forward (b): see forward tag in firewalld.zone(5).
1672 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1674 addPolicy(s: policy, a{sv}: settings) → o
1676 Add policy with given settings into permanent configuration.
1677 Settings are a dictionary indexed by keywords. For the type of
1678 each value see below. If a keyword is omitted the default value
1679 will be used.
1680 description (s): see description tag in firewalld.policy(5).
1682 egress_zones as: array of zone names. See egress-zone tag in
1684 firewalld.policy(5).
1685 forward_ports (a(ssss)): array of (port, protocol, to-port,
1687 to-addr). See forward-port tag in firewalld.policy(5).
1688 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1690 firewalld.policy(5).
1691 ingress_zones as: array of zone names. See ingress-zone tag in
1693 firewalld.policy(5).
1694 masquerade (b): see masquerade tag in firewalld.policy(5).
1696 ports (a(ss)): array of port and protocol pairs. See port tag
1698 in firewalld.policy(5).
1699 priority (i): see priority tag in firewalld.policy(5).
1701 protocols (as): array of protocols, see protocol tag in
1703 firewalld.policy(5).
1704 rich_rules (as): array of rich-language rules. See rule tag in
1706 firewalld.policy(5).
1707 services (as): array of service names, see service tag in
1709 firewalld.policy(5).
1710 short (s): see short tag in firewalld.policy(5).
1712 source_ports (a(ss)): array of port and protocol pairs. See
1714 source-port tag in firewalld.policy(5).
1715 target (s): see target attribute of policy tag in
1717 firewalld.policy(5).
1718 version (s): see version attribute of policy tag in
1720 firewalld.policy(5).
1721 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1723 getHelperByName(s: helper) → o
1725 Return object path (permanent configuration) of helper with
1726 given name.
1727 Possible errors: INVALID_HELPER
1729 getHelperNames() → as
1731 Return list of helper names (permanent configuration).
1732 getIPSetByName(s: ipset) → o
1734 Return object path (permanent configuration) of ipset with
1735 given name.
1736 Possible errors: INVALID_IPSET
1738 getIPSetNames() → as
1740 Return list of ipset names (permanent configuration).
1741 getIcmpTypeByName(s: icmptype) → o
1743 Return object path (permanent configuration) of icmptype with
1744 given name.
1745 Possible errors: INVALID_ICMPTYPE
1747 getIcmpTypeNames() → as
1749 Return list of icmptype names (permanent configuration).
1750 getServiceByName(s: service) → o
1752 Return object path (permanent configuration) of service with
1753 given name.
1754 Possible errors: INVALID_SERVICE
1756 getServiceNames() → as
1758 Return list of service names (permanent configuration).
1759 getZoneByName(s: zone) → o
1761 Return object path (permanent configuration) of zone with given
1762 name.
1763 Possible errors: INVALID_ZONE
1765 getZoneNames() → as
1767 Return list of zone names (permanent configuration) of.
1768 getZoneOfInterface(s: iface) → s
1770 Return name of zone the iface is bound to or empty string.
1771 getZoneOfSource(s: source) → s
1773 Return name of zone the source is bound to or empty string.
1774 getPolicyByName(s: policy) → o
1776 Return object path (permanent configuration) of policy with
1777 given name.
1778 Possible errors: INVALID_POLICY
1780 getPolicyNames() → as
1782 Return list of policy names (permanent configuration).
1783 listHelpers() → ao
1785 Return array of object paths (o) of helper in permanent
1786 configuration. For runtime configuration see
1787 org.fedoraproject.FirewallD1.Methods.getHelpers.
1788 listIPSets() → ao
1790 Return array of object paths (o) of ipset in permanent
1791 configuration. For runtime configuration see
1792 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1793 listIcmpTypes() → ao
1795 Return array of object paths (o) of icmp types in permanent
1796 configuration. For runtime configuration see
1797 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1798 listServices() → ao
1800 Return array of objects paths (o) of services in permanent
1801 configuration. For runtime configuration see
1802 org.fedoraproject.FirewallD1.Methods.listServices.
1803 listZones() → ao
1805 List object paths of zones known to permanent environment. For
1806 list of zones known to runtime environment see
1807 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1808 (of zones known to runtime and permanent environment) will
1809 contain same zones in most cases, but might differ for example
1810 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1811 called recently, but firewalld has not been reloaded since
1812 then.
1813 listPolicies() → ao
1815 List object paths of policies known to permanent environment.
1816 For list of policies known to runtime environment see
1817 org.fedoraproject.FirewallD1.policy.Methods.getPolicies. The
1818 lists (of policies known to runtime and permanent environment)
1819 will contain same policies in most cases, but might differ for
1820 example if
1821 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1822 called recently, but firewalld has not been reloaded since
1823 then.
1824 Signals
1826 HelperAdded(s: helper)
1827 Emitted when helper has been added.
1828 IPSetAdded(s: ipset)
1830 Emitted when ipset has been added.
1831 IcmpTypeAdded(s: icmptype)
1833 Emitted when icmptype has been added.
1834 ServiceAdded(s: service)
1836 Emitted when service has been added.
1837 ZoneAdded(s: zone)
1839 Emitted when zone has been added.
1840 Properties
1842 AllowZoneDrifting - s - (rw)
1843 Deprecated. Getting this value always returns "no". Setting
1844 this value is ignored.
1845 AutomaticHelpers - s - (rw)
1847 Deprecated. Getting this value always returns "no". Setting
1848 this value is ignored.
1849 CleanupModulesOnExit - s - (rw)
1851 Setting this option to yes or true unloads all firewall-related
1852 kernel modules when firewalld is stopped.
1853 CleanupOnExit - s - (rw)
1855 If firewalld stops, it cleans up all firewall rules. Setting
1856 this option to no or false leaves the current firewall rules
1857 untouched.
1858 DefaultZone - s - (ro)
1860 Default zone for connections or interfaces if the zone is not
1861 selected or specified by NetworkManager, initscripts or command
1862 line tool.
1863 FirewallBackend - s - (rw)
1865 Selects the firewalld backend for all rules except the direct
1866 interface. Valid options are; nftables, iptables. Default in
1867 nftables.
1868 Note: The iptables backend is deprecated. It will be removed in
1870 a future release.
1871 FlushAllOnReload - s - (rw)
1873 Flush all runtime rules on a reload. Valid options are; yes,
1874 no.
1875 IPv6_rpfilter - s - (rw)
1877 Indicates whether the reverse path filter test on a packet for
1878 IPv6 is enabled. If a reply to the packet would be sent via the
1879 same interface that the packet arrived on, the packet will
1880 match and be accepted, otherwise dropped.
1881 IndividualCalls - s - (ro)
1883 Indicates whether individual calls combined -restore calls are
1884 used. If enabled, this increases the time that is needed to
1885 apply changes and to start the daemon, but is good for
1886 debugging.
1887 Lockdown - s - (rw)
1889 If this property is enabled, firewall changes with the D-Bus
1890 interface will be limited to applications that are listed in
1891 the lockdown whitelist.
1892 LogDenied - s - (rw)
1894 If LogDenied is enabled, then logging rules are added right
1895 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1896 chains for the default rules and also final reject and drop
1897 rules in zones. Possible values are: all, unicast, broadcast,
1898 multicast and off.
1899 MinimalMark - i - (rw)
1901 Deprecated. This option is ignored and no longer used. Marks
1902 are no longer used internally.
1903 RFC3964_IPv4 - s - (rw)
1905 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1906 addresses that correspond to IPv4 addresses that should not be
1907 routed over the public internet. Valid options are; yes, no.
1908 org.fedoraproject.FirewallD1.config.direct
1910 DEPRECATED
1911 The direct interface has been deprecated. It will be removed in a
1912 future release. It is superseded by policies, see
1913 firewalld.policies(5).
1914 Interface for permanent direct configuration, see also
1916 firewalld.direct(5). For runtime direct configuration see
1917 org.fedoraproject.FirewallD1.direct interface.
1918 Methods
1920 addChain(s: ipv, s: table, s: chain) → Nothing
1921 Add a new chain to table for ipv being either ipv4 (iptables)
1922 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1923 other chain with this name already. There already exist basic
1924 chains to use with direct methods, for example INPUT_direct
1925 chain. These chains are jumped into before chains for zones,
1926 i.e. every rule put into INPUT_direct will be checked before
1927 rules in zones. For runtime operation see
1928 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1929 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1931 addPassthrough(s: ipv, as: args) → Nothing
1933 Add a passthrough rule with the arguments args for ipv being
1934 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1935 For runtime operation see
1936 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1937 Possible errors: INVALID_IPV, ALREADY_ENABLED
1939 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1941 Nothing
1942 Add a rule with the arguments args to chain in table with
1943 priority for ipv being either ipv4 (iptables) or ipv6
1944 (ip6tables) or eb (ebtables). The priority is used to order
1945 rules. Priority 0 means add rule on top of the chain, with a
1946 higher priority the rule will be added further down. Rules with
1947 the same priority are on the same level and the order of these
1948 rules is not fixed and may change. If you want to make sure
1949 that a rule will be added after another one, use a low priority
1950 for the first and a higher for the following. For runtime
1951 operation see
1952 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1953 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1955 getAllChains() → a(sss)
1957 Get all chains added to all tables in format: ipv, table,
1958 chain. This concerns only chains previously added with
1959 addChain. Return value is a array of (ipv, table, chain). For
1960 runtime operation see
1961 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1962 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1964 (ebtables).
1965 table (s): one of filter, mangle, nat, raw, security
1967 chain (s): name of a chain.
1969 getAllPassthroughs() → a(sas)
1972 Get all passthrough rules added in all ipv types in format:
1973 ipv, rule. This concerns only rules previously added with
1974 addPassthrough. Return value is a array of (ipv, array of
1975 arguments). For runtime operation see
1976 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1977 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1979 (ebtables).
1980 arguments (as): array of commands, parameters and other
1982 iptables/ip6tables/ebtables command line options.
1983 getAllRules() → a(sssias)
1986 Get all rules added to all chains in all tables in format: ipv,
1987 table, chain, priority, rule. This concerns only rules
1988 previously added with addRule. Return value is a array of (ipv,
1989 table, chain, priority, array of arguments). For runtime
1990 operation see
1991 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1992 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1994 (ebtables).
1995 table (s): one of filter, mangle, nat, raw, security
1997 chain (s): name of a chain.
1999 priority (i): used to order rules.
2001 arguments (as): array of commands, parameters and other
2003 iptables/ip6tables/ebtables command line options.
2004 getChains(s: ipv, s: table) → as
2007 Return an array of chains (s) added to table for ipv being
2008 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2009 This concerns only chains previously added with addChain. For
2010 runtime operation see
2011 org.fedoraproject.FirewallD1.direct.Methods.getChains.
2012 Possible errors: INVALID_IPV, INVALID_TABLE
2014 getPassthroughs(s: ipv) → aas
2016 Get tracked passthrough rules added in either ipv4 (iptables)
2017 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2018 previously added with addPassthrough. Return value is a array
2019 of (array of arguments). For runtime operation see
2020 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
2021 arguments (as): array of commands, parameters and other
2023 iptables/ip6tables/ebtables command line options.
2024 getRules(s: ipv, s: table, s: chain) → a(ias)
2027 Get all rules added to chain in table for ipv being either ipv4
2028 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2029 only rules previously added with addRule. Return value is a
2030 array of (priority, array of arguments). For runtime operation
2031 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
2032 priority (i): used to order rules.
2034 arguments (as): array of commands, parameters and other
2036 iptables/ip6tables/ebtables command line options.
2037 Possible errors: INVALID_IPV, INVALID_TABLE
2039 getSettings() → (a(sss)a(sssias)a(sas))
2041 Get settings of permanent direct configuration in format: array
2042 of chains, array of rules, array of passthroughs.
2043 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2045 firewalld.direct(5).
2046 .
2047 .PP rules (a(sssias)): array of (ipv, table,
2048 chain, priority, array of arguments), see 'rule' in
2049 firewalld.direct(5).
2050 .
2051 .PP passthroughs (a(sas)): array of (ipv,
2052 array of arguments), see passthrough in firewalld.direct(5).
2053 .
2054 .sp
2055 queryChain(s: ipv, s: table, s: chain) → b
2057 Return whether a chain exists in table for ipv being either
2058 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
2059 concerns only chains previously added with addChain. For
2060 runtime operation see
2061 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
2062 Possible errors: INVALID_IPV, INVALID_TABLE
2064 queryPassthrough(s: ipv, as: args) → b
2066 Return whether a tracked passthrough rule with the arguments
2067 args exists for ipv being either ipv4 (iptables) or ipv6
2068 (ip6tables) or eb (ebtables). This concerns only rules
2069 previously added with addPassthrough. For runtime operation see
2070 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
2071 Possible errors: INVALID_IPV
2073 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
2075 Return whether a rule with priority and the arguments args
2076 exists in chain in table for ipv being either ipv4 (iptables)
2077 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2078 previously added with addRule. For runtime operation see
2079 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
2080 Possible errors: INVALID_IPV, INVALID_TABLE
2082 removeChain(s: ipv, s: table, s: chain) → Nothing
2084 Remove a chain from table for ipv being either ipv4 (iptables)
2085 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
2086 added with addChain can be removed this way. For runtime
2087 operation see
2088 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
2089 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2091 removePassthrough(s: ipv, as: args) → Nothing
2093 Remove a passthrough rule with arguments args for ipv being
2094 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2095 Only rules previously added with addPassthrough can be removed
2096 this way. For runtime operation see
2097 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
2098 Possible errors: INVALID_IPV, NOT_ENABLED
2100 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
2102 Nothing
2103 Remove a rule with priority and arguments args from chain in
2104 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
2105 or eb (ebtables). Only rules previously added with addRule can
2106 be removed this way. For runtime operation see
2107 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
2108 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2110 removeRules(s: ipv, s: table, s: chain) → Nothing
2112 Remove all rules from chain in table for ipv being either ipv4
2113 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2114 only rules previously added with addRule. For runtime operation
2115 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
2116 Possible errors: INVALID_IPV, INVALID_TABLE
2118 update((a(sss)a(sssias)a(sas)): settings) → Nothing
2120 Update permanent direct configuration with given settings.
2121 Settings are in format: array of chains, array of rules, array
2122 of passthroughs.
2123 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2125 firewalld.direct(5).
2126 .
2127 .PP rules (a(sssias)): array of (ipv, table,
2128 chain, priority, array of arguments), see 'rule' in
2129 firewalld.direct(5).
2130 .
2131 .PP passthroughs (a(sas)): array of (ipv,
2132 array of arguments), see passthrough in firewalld.direct(5).
2133 .
2134 .sp Possible errors: INVALID_TYPE
2135 Signals
2137 Updated()
2138 Emitted when configuration has been updated.
2139 org.fedoraproject.FirewallD1.config.policies
2141 Interface for permanent lockdown-whitelist configuration, see also
2142 firewalld.lockdown-whitelist(5). For runtime configuration see
2143 org.fedoraproject.FirewallD1.policies interface.
2144 Methods
2146 addLockdownWhitelistCommand(s: command) → Nothing
2147 Add command to whitelist. See command option in
2148 firewalld.lockdown-whitelist(5). For runtime operation see
2149 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
2150 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2152 addLockdownWhitelistContext(s: context) → Nothing
2154 Add context to whitelist. See selinux option in
2155 firewalld.lockdown-whitelist(5). For runtime operation see
2156 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
2157 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2159 addLockdownWhitelistUid(i: uid) → Nothing
2161 Add user id uid to whitelist. See user option in
2162 firewalld.lockdown-whitelist(5). For runtime operation see
2163 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
2164 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2166 addLockdownWhitelistUser(s: user) → Nothing
2168 Add user name to whitelist. See user option in
2169 firewalld.lockdown-whitelist(5). For runtime operation see
2170 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
2171 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2173 getLockdownWhitelist() → (asasasai)
2175 Get settings of permanent lockdown-whitelist configuration in
2176 format: commands, selinux contexts, users, uids
2177 commands (as): see command option in firewalld.lockdown-
2179 whitelist(5).
2180 selinux contexts (as): see selinux option in
2182 firewalld.lockdown-whitelist(5).
2183 users (as): see name attribute of user option in
2185 firewalld.lockdown-whitelist(5).
2186 uids (ai): see id attribute of user option in
2188 firewalld.lockdown-whitelist(5).
2189 getLockdownWhitelistCommands() → as
2192 List all command lines (s) that are on whitelist. For runtime
2193 operation see
2194 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
2195 getLockdownWhitelistContexts() → as
2197 List all contexts (s) that are on whitelist. For runtime
2198 operation see
2199 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2200 getLockdownWhitelistUids() → ai
2202 List all user ids (i) that are on whitelist. For runtime
2203 operation see
2204 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2205 getLockdownWhitelistUsers() → as
2207 List all users (s) that are on whitelist. For runtime operation
2208 see
2209 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2210 queryLockdownWhitelistCommand(s: command) → b
2212 Query whether command is on whitelist. For runtime operation
2213 see
2214 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2215 queryLockdownWhitelistContext(s: context) → b
2217 Query whether context is on whitelist. For runtime operation
2218 see
2219 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2220 queryLockdownWhitelistUid(i: uid) → b
2222 Query whether user id uid is on whitelist. For runtime
2223 operation see
2224 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2225 queryLockdownWhitelistUser(s: user) → b
2227 Query whether user is on whitelist. For runtime operation see
2228 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2229 removeLockdownWhitelistCommand(s: command) → Nothing
2231 Remove command from whitelist. For runtime operation see
2232 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2233 Possible errors: NOT_ENABLED
2235 removeLockdownWhitelistContext(s: context) → Nothing
2237 Remove context from whitelist. For runtime operation see
2238 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2239 Possible errors: NOT_ENABLED
2241 removeLockdownWhitelistUid(i: uid) → Nothing
2243 Remove user id uid from whitelist. For runtime operation see
2244 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2245 Possible errors: NOT_ENABLED
2247 removeLockdownWhitelistUser(s: user) → Nothing
2249 Remove user from whitelist. For runtime operation see
2250 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2251 Possible errors: NOT_ENABLED
2253 setLockdownWhitelist((asasasai): settings) → Nothing
2255 Set permanent lockdown-whitelist configuration to settings.
2256 Settings are in format: commands, selinux contexts, users, uids
2257 commands (as): see command option in firewalld.lockdown-
2259 whitelist(5).
2260 selinux contexts (as): see selinux option in
2262 firewalld.lockdown-whitelist(5).
2263 users (as): see name attribute of user option in
2265 firewalld.lockdown-whitelist(5).
2266 uids (ai): see id attribute of user option in
2268 firewalld.lockdown-whitelist(5).
2269 Possible errors: INVALID_TYPE
2271 Signals
2273 LockdownWhitelistUpdated()
2274 Emitted when permanent lockdown-whitelist configuration has
2275 been updated.
2276 org.fedoraproject.FirewallD1.config.ipset
2278 Interface for permanent ipset configuration, see also
2279 firewalld.ipset(5).
2280 Methods
2282 addEntry(s: entry) → Nothing
2283 Permanently add entry to list of entries of ipset. See entry
2284 tag in firewalld.ipset(5). For runtime operation see
2285 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2286 Possible errors: ALREADY_ENABLED
2288 addOption(s: key, s: value) → Nothing
2290 Permanently add (key, value) to the ipset. See option tag in
2291 firewalld.ipset(5).
2292 Possible errors: ALREADY_ENABLED
2294 getDescription() → s
2296 Get description of ipset. See description tag in
2297 firewalld.ipset(5).
2298 getEntries() → as
2300 Get list of entries added to ipset. See entry tag in
2301 firewalld.ipset(5). For runtime operation see
2302 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2303 Possible errors: IPSET_WITH_TIMEOUT
2305 getOptions() → a{ss}
2307 Get dictionary of options set for ipset. See option tag in
2308 firewalld.ipset(5).
2309 getSettings() → (ssssa{ss}as)
2311 Return permanent settings of the ipset. For getting runtime
2312 settings see
2313 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2314 Settings are in format: version, name, description, type,
2315 dictionary of options and array of entries.
2316 version (s): see version attribute of ipset tag in
2318 firewalld.ipset(5).
2319 name (s): see short tag in firewalld.ipset(5).
2321 description (s): see description tag in firewalld.ipset(5).
2323 type (s): see type attribute of ipset tag in
2325 firewalld.ipset(5).
2326 options (a{ss}): dictionary of {option : value} . See options
2328 tag in firewalld.ipset(5).
2329 entries (as): array of entries, see entry tag in
2331 firewalld.ipset(5).
2332 getShort() → s
2335 Get name of ipset. See short tag in firewalld.ipset(5).
2336 getType() → s
2338 Get type of ipset. See type attribute of ipset tag in
2339 firewalld.ipset(5).
2340 getVersion() → s
2342 Get version of ipset. See version attribute of ipset tag in
2343 firewalld.ipset(5).
2344 loadDefaults() → Nothing
2346 Load default settings for built-in ipset.
2347 Possible errors: NO_DEFAULTS
2349 queryEntry(s: entry) → b
2351 Return whether entry has been added to ipset. For runtime
2352 operation see
2353 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2354 queryOption(s: key, s: value) → b
2356 Return whether (key, value) has been added to options of the
2357 ipset.
2358 remove() → Nothing
2360 Remove not built-in ipset.
2361 Possible errors: BUILTIN_IPSET
2363 removeEntry(s: entry) → Nothing
2365 Permanently remove entry from ipset. See entry tag in
2366 firewalld.ipset(5). For runtime operation see
2367 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2368 Possible errors: NOT_ENABLED
2370 removeOption(s: key) → Nothing
2372 Permanently remove key from the ipset. See option tag in
2373 firewalld.ipset(5).
2374 Possible errors: NOT_ENABLED
2376 rename(s: name) → Nothing
2378 Rename not built-in ipset to name.
2379 Possible errors: BUILTIN_IPSET
2381 setDescription(s: description) → Nothing
2383 Permanently set description of ipset to description. See
2384 description tag in firewalld.ipset(5).
2385 setEntries(as: entries) → Nothing
2387 Permanently set list of entries to entries. See entry tag in
2388 firewalld.ipset(5).
2389 setOptions(a{ss}: options) → Nothing
2391 Permanently set dict of options to options. See option tag in
2392 firewalld.ipset(5).
2393 setShort(s: short) → Nothing
2395 Permanently set name of ipset to short. See short tag in
2396 firewalld.ipset(5).
2397 setType(s: ipset_type) → Nothing
2399 Permanently set type of ipset to ipset_type. See type attribute
2400 of ipset tag in firewalld.ipset(5).
2401 setVersion(s: version) → Nothing
2403 Permanently set version of ipset to version. See version
2404 attribute of ipset tag in firewalld.ipset(5).
2405 update((ssssa{ss}as): settings) → Nothing
2407 Update settings of ipset to settings. Settings are in format:
2408 version, name, description, type, dictionary of options and
2409 array of entries.
2410 version (s): see version attribute of ipset tag in
2412 firewalld.ipset(5).
2413 name (s): see short tag in firewalld.ipset(5).
2415 description (s): see description tag in firewalld.ipset(5).
2417 type (s): see type attribute of ipset tag in
2419 firewalld.ipset(5).
2420 options (a{ss}): dictionary of {option : value} . See options
2422 tag in firewalld.ipset(5).
2423 entries (as): array of entries, see entry tag in
2425 firewalld.ipset(5).
2426 Possible errors: INVALID_TYPE
2428 Signals
2430 Removed(s: name)
2431 Emitted when ipset with name has been removed.
2432 Renamed(s: name)
2434 Emitted when ipset has been renamed to name.
2435 Updated(s: name)
2437 Emitted when ipset with name has been updated.
2438 Properties
2440 builtin - b - (ro)
2441 True if ipset is build-in, false else.
2442 default - b - (ro)
2444 True if build-in ipset has default settings. False if it has
2445 been modified. Always False for not build-in ipsets.
2446 filename - s - (ro)
2448 Name (including .xml extension) of file where the configuration
2449 is stored.
2450 name - s - (ro)
2452 Name of ipset.
2453 path - s - (ro)
2455 Path to directory where the ipset configuration is stored.
2456 Should be either /usr/lib/firewalld/ipsets or
2457 /etc/firewalld/ipsets.
2458 org.fedoraproject.FirewallD1.config.zone
2460 Interface for permanent zone configuration, see also firewalld.zone(5).
2461 Methods
2463 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2464 Nothing
2465 Permanently add (port, protocol, toport, toaddr) to list of
2466 forward ports of zone. See forward-port tag in
2467 firewalld.zone(5). For runtime operation see
2468 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2469 Possible errors: ALREADY_ENABLED
2471 addIcmpBlock(s: icmptype) → Nothing
2473 Permanently add icmptype to list of icmp types blocked in zone.
2474 See icmp-block tag in firewalld.zone(5). For runtime operation
2475 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2476 Possible errors: ALREADY_ENABLED
2478 addIcmpBlock(s: icmptype) → Nothing
2480 Permanently add icmp block inversion to zone. See
2481 icmp-block-inversion tag in firewalld.zone(5). For runtime
2482 operation see
2483 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2484 Possible errors: ALREADY_ENABLED
2486 addInterface(s: interface) → Nothing
2488 Permanently add interface to list of interfaces bound to zone.
2489 See interface tag in firewalld.zone(5). For runtime operation
2490 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2491 Possible errors: ALREADY_ENABLED
2493 addMasquerade() → Nothing
2495 Permanently enable masquerading in zone. See masquerade tag in
2496 firewalld.zone(5). For runtime operation see
2497 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2498 Possible errors: ALREADY_ENABLED
2500 addPort(s: port, s: protocol) → Nothing
2502 Permanently add (port, protocol) to list of ports of zone. See
2503 port tag in firewalld.zone(5). For runtime operation see
2504 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2505 Possible errors: ALREADY_ENABLED
2507 addProtocol(s: protocol) → Nothing
2509 Permanently add protocol into zone. The protocol can be any
2510 protocol supported by the system. Please have a look at
2511 /etc/protocols for supported protocols. For runtime operation
2512 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2513 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2515 addRichRule(s: rule) → Nothing
2517 Permanently add rule to list of rich-language rules in zone.
2518 See rule tag in firewalld.zone(5). For runtime operation see
2519 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2520 Possible errors: ALREADY_ENABLED
2522 addService(s: service) → Nothing
2524 Permanently add service to list of services used in zone. See
2525 service tag in firewalld.zone(5). For runtime operation see
2526 org.fedoraproject.FirewallD1.zone.Methods.addService.
2527 Possible errors: ALREADY_ENABLED
2529 addSource(s: source) → Nothing
2531 Permanently add source to list of source addresses bound to
2532 zone. See source tag in firewalld.zone(5). For runtime
2533 operation see
2534 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2535 Possible errors: ALREADY_ENABLED
2537 addSourcePort(s: port, s: protocol) → Nothing
2539 Permanently add (port, protocol) to list of source ports of
2540 zone. See source-port tag in firewalld.zone(5). For runtime
2541 operation see
2542 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2543 Possible errors: ALREADY_ENABLED
2545 getDescription() → s
2547 Get description of zone. See description tag in
2548 firewalld.zone(5).
2549 getForwardPorts() → a(ssss)
2551 Get list of (port, protocol, toport, toaddr) defined in zone.
2552 See forward-port tag in firewalld.zone(5). For runtime
2553 operation see
2554 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2555 getIcmpBlockInversion() → b
2557 Get icmp block inversion flag of zone. See icmp-block-inversion
2558 tag in firewalld.zone(5).
2559 getIcmpBlocks() → as
2561 Get list of icmp type names blocked in zone. See icmp-block tag
2562 in firewalld.zone(5). For runtime operation see
2563 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2564 getInterfaces() → as
2566 Get list of interfaces bound to zone. See interface tag in
2567 firewalld.zone(5). For runtime operation see
2568 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2569 getMasquerade() → b
2571 Return whether masquerade is enabled in zone. This is the same
2572 as queryMasquerade() method. See masquerade tag in
2573 firewalld.zone(5).
2574 getPorts() → a(ss)
2576 Get list of (port, protocol) defined in zone. See port tag in
2577 firewalld.zone(5). For runtime operation see
2578 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2579 getProtocols() → as
2581 Return array of protocols (s) previously enabled in zone. For
2582 getting runtime settings see
2583 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2584 getRichRules() → as
2586 Get list of rich-language rules in zone. See rule tag in
2587 firewalld.zone(5). For runtime operation see
2588 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2589 getServices() → as
2591 Get list of service names used in zone. See service tag in
2592 firewalld.zone(5). For runtime operation see
2593 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2594 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
2596 This function is deprecated, use
2597 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2
2598 instead.
2599 getSettings2() → a{sv}
2601 Return permanent settings of given zone. For getting runtime
2602 settings see
2603 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2.
2604 Settings are a dictionary indexed by keywords. For the type of
2605 each value see below. If the value is empty it may be omitted.
2606 version (s): see version attribute of zone tag in
2608 firewalld.zone(5).
2609 name (s): see short tag in firewalld.zone(5).
2611 description (s): see description tag in firewalld.zone(5).
2613 target (s): see target attribute of zone tag in
2615 firewalld.zone(5).
2616 services (as): array of service names, see service tag in
2618 firewalld.zone(5).
2619 ports (a(ss)): array of port and protocol pairs. See port tag
2621 in firewalld.zone(5).
2622 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2624 firewalld.zone(5).
2625 masquerade (b): see masquerade tag in firewalld.zone(5).
2627 forward_ports (a(ssss)): array of (port, protocol, to-port,
2629 to-addr). See forward-port tag in firewalld.zone(5).
2630 interfaces (as): array of interfaces. See interface tag in
2632 firewalld.zone(5).
2633 sources (as): array of source addresses. See source tag in
2635 firewalld.zone(5).
2636 rules_str (as): array of rich-language rules. See rule tag in
2638 firewalld.zone(5).
2639 protocols (as): array of protocols, see protocol tag in
2641 firewalld.zone(5).
2642 source_ports (a(ss)): array of port and protocol pairs. See
2644 source-port tag in firewalld.zone(5).
2645 icmp_block_inversion (b): see icmp-block-inversion tag in
2647 firewalld.zone(5).
2648 forward (b): see forward tag in firewalld.zone(5).
2650 getShort() → s
2653 Get name of zone. See short tag in firewalld.zone(5).
2654 getSourcePorts() → a(ss)
2656 Get list of (port, protocol) defined in zone. See source-port
2657 tag in firewalld.zone(5). For runtime operation see
2658 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2659 getSources() → as
2661 Get list of source addresses bound to zone. See source tag in
2662 firewalld.zone(5). For runtime operation see
2663 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2664 getTarget() → s
2666 Get target of zone. See target attribute of zone tag in
2667 firewalld.zone(5).
2668 getVersion() → s
2670 Get version of zone. See version attribute of zone tag in
2671 firewalld.zone(5).
2672 loadDefaults() → Nothing
2674 Load default settings for built-in zone.
2675 Possible errors: NO_DEFAULTS
2677 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2679 Return whether (port, protocol, toport, toaddr) is in list of
2680 forward ports of zone. See forward-port tag in
2681 firewalld.zone(5). For runtime operation see
2682 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2683 queryIcmpBlock(s: icmptype) → b
2685 Return whether icmptype is in list of icmp types blocked in
2686 zone. See icmp-block tag in firewalld.zone(5). For runtime
2687 operation see
2688 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2689 queryIcmpBlockInversion() → b
2691 Return whether icmp block inversion is in enabled in zone. See
2692 icmp-block-inversion tag in firewalld.zone(5). For runtime
2693 operation see
2694 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2695 queryInterface(s: interface) → b
2697 Return whether interface is in list of interfaces bound to
2698 zone. See interface tag in firewalld.zone(5). For runtime
2699 operation see
2700 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2701 queryMasquerade() → b
2703 Return whether masquerade is enabled in zone. This is the same
2704 as getMasquerade() method. See masquerade tag in
2705 firewalld.zone(5). For runtime operation see
2706 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2707 queryPort(s: port, s: protocol) → b
2709 Return whether (port, protocol) is in list of ports of zone.
2710 See port tag in firewalld.zone(5). For runtime operation see
2711 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2712 queryProtocol(s: protocol) → b
2714 Return whether protocol has been added in zone. For runtime
2715 operation see
2716 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2717 Possible errors: INVALID_PROTOCOL
2719 queryRichRule(s: rule) → b
2721 Return whether rule is in list of rich-language rules in zone.
2722 See rule tag in firewalld.zone(5). For runtime operation see
2723 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2724 queryService(s: service) → b
2726 Return whether service is in list of services used in zone. See
2727 service tag in firewalld.zone(5). For runtime operation see
2728 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2729 querySource(s: source) → b
2731 Return whether source is in list of source addresses bound to
2732 zone. See source tag in firewalld.zone(5). For runtime
2733 operation see
2734 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2735 querySourcePort(s: port, s: protocol) → b
2737 Return whether (port, protocol) is in list of source ports of
2738 zone. See source-port tag in firewalld.zone(5). For runtime
2739 operation see
2740 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2741 remove() → Nothing
2743 Remove not built-in zone.
2744 Possible errors: BUILTIN_ZONE
2746 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2748 Nothing
2749 Permanently remove (port, protocol, toport, toaddr) from list
2750 of forward ports of zone. See forward-port tag in
2751 firewalld.zone(5). For runtime operation see
2752 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2753 Possible errors: NOT_ENABLED
2755 removeIcmpBlock(s: icmptype) → Nothing
2757 Permanently remove icmptype from list of icmp types blocked in
2758 zone. See icmp-block tag in firewalld.zone(5). For runtime
2759 operation see
2760 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2761 Possible errors: NOT_ENABLED
2763 removeIcmpBlockInversion() → Nothing
2765 Permanently remove icmp block inversion from the zone. See
2766 icmp-block-inversion tag in firewalld.zone(5). For runtime
2767 operation see
2768 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2769 Possible errors: NOT_ENABLED
2771 removeInterface(s: interface) → Nothing
2773 Permanently remove interface from list of interfaces bound to
2774 zone. See interface tag in firewalld.zone(5). For runtime
2775 operation see
2776 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2777 Possible errors: NOT_ENABLED
2779 removeMasquerade() → Nothing
2781 Permanently disable masquerading in zone. See masquerade tag in
2782 firewalld.zone(5). For runtime operation see
2783 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2784 Possible errors: NOT_ENABLED
2786 removePort(s: port, s: protocol) → Nothing
2788 Permanently remove (port, protocol) from list of ports of zone.
2789 See port tag in firewalld.zone(5). For runtime operation see
2790 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2791 Possible errors: NOT_ENABLED
2793 removeProtocol(s: protocol) → Nothing
2795 Permanently remove protocol from zone. For runtime operation
2796 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2797 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2799 removeRichRule(s: rule) → Nothing
2801 Permanently remove rule from list of rich-language rules in
2802 zone. See rule tag in firewalld.zone(5). For runtime operation
2803 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2804 Possible errors: NOT_ENABLED
2806 removeService(s: service) → Nothing
2808 Permanently remove service from list of services used in zone.
2809 See service tag in firewalld.zone(5). For runtime operation see
2810 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2811 Possible errors: NOT_ENABLED
2813 removeSource(s: source) → Nothing
2815 Permanently remove source from list of source addresses bound
2816 to zone. See source tag in firewalld.zone(5). For runtime
2817 operation see
2818 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2819 Possible errors: NOT_ENABLED
2821 removeSourcePort(s: port, s: protocol) → Nothing
2823 Permanently remove (port, protocol) from list of source ports
2824 of zone. See source-port tag in firewalld.zone(5). For runtime
2825 operation see
2826 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2827 Possible errors: NOT_ENABLED
2829 rename(s: name) → Nothing
2831 Rename not built-in zone to name.
2832 Possible errors: BUILTIN_ZONE
2834 setDescription(s: description) → Nothing
2836 Permanently set description of zone to description. See
2837 description tag in firewalld.zone(5).
2838 setForwardPorts(a(ssss): ports) → Nothing
2840 Permanently set forward ports of zone to list of (port,
2841 protocol, toport, toaddr). See forward-port tag in
2842 firewalld.zone(5).
2843 setIcmpBlockInversion(b: flag) → Nothing
2845 Permanently set icmp block inversion flag of zone to flag. See
2846 icmp-block-inversion tag in firewalld.zone(5).
2847 setIcmpBlocks(as: icmptypes) → Nothing
2849 Permanently set list of icmp types blocked in zone to
2850 icmptypes. See icmp-block tag in firewalld.zone(5).
2851 setInterfaces(as: interfaces) → Nothing
2853 Permanently set list of interfaces bound to zone to interfaces.
2854 See interface tag in firewalld.zone(5).
2855 setMasquerade(b: masquerade) → Nothing
2857 Permanently set masquerading in zone to masquerade. See
2858 masquerade tag in firewalld.zone(5).
2859 setPorts(a(ss): ports) → Nothing
2861 Permanently set ports of zone to list of (port, protocol). See
2862 port tag in firewalld.zone(5).
2863 setProtocols(as: protocols) → Nothing
2865 Permanently set list of protocols used in zone to protocols.
2866 See protocol tag in firewalld.zone(5).
2867 setRichRules(as: rules) → Nothing
2869 Permanently set list of rich-language rules to rules. See rule
2870 tag in firewalld.zone(5).
2871 setServices(as: services) → Nothing
2873 Permanently set list of services used in zone to services. See
2874 service tag in firewalld.zone(5).
2875 setShort(s: short) → Nothing
2877 Permanently set name of zone to short. See short tag in
2878 firewalld.zone(5).
2879 setSourcePorts(a(ss): ports) → Nothing
2881 Permanently set source-ports of zone to list of (port,
2882 protocol). See source-port tag in firewalld.zone(5).
2883 setSources(as: sources) → Nothing
2885 Permanently set list of source addresses bound to zone to
2886 sources. See source tag in firewalld.zone(5).
2887 setTarget(s: target) → Nothing
2889 Permanently set target of zone to target. See target attribute
2890 of zone tag in firewalld.zone(5).
2891 setVersion(s: version) → Nothing
2893 Permanently set version of zone to version. See version
2894 attribute of zone tag in firewalld.zone(5).
2895 update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing
2897 This function is deprecated, use
2898 org.fedoraproject.FirewallD1.config.zone.Methods.update2
2899 instead.
2900 update2(a{sv}: settings) → Nothing
2902 Update settings of zone to settings. Settings are a dictionary
2903 indexed by keywords. For the type of each value see below. To
2904 zero a value pass an empty string or list.
2905 version (s): see version attribute of zone tag in
2907 firewalld.zone(5).
2908 name (s): see short tag in firewalld.zone(5).
2910 description (s): see description tag in firewalld.zone(5).
2912 target (s): see target attribute of zone tag in
2914 firewalld.zone(5).
2915 services (as): array of service names, see service tag in
2917 firewalld.zone(5).
2918 ports (a(ss)): array of port and protocol pairs. See port tag
2920 in firewalld.zone(5).
2921 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2923 firewalld.zone(5).
2924 masquerade (b): see masquerade tag in firewalld.zone(5).
2926 forward_ports (a(ssss)): array of (port, protocol, to-port,
2928 to-addr). See forward-port tag in firewalld.zone(5).
2929 interfaces (as): array of interfaces. See interface tag in
2931 firewalld.zone(5).
2932 sources (as): array of source addresses. See source tag in
2934 firewalld.zone(5).
2935 rules_str (as): array of rich-language rules. See rule tag in
2937 firewalld.zone(5).
2938 protocols (as): array of protocols, see protocol tag in
2940 firewalld.zone(5).
2941 source_ports (a(ss)): array of port and protocol pairs. See
2943 source-port tag in firewalld.zone(5).
2944 icmp_block_inversion (b): see icmp-block-inversion tag in
2946 firewalld.zone(5).
2947 forward (b): see forward tag in firewalld.zone(5).
2949 Possible errors: INVALID_TYPE
2951 Signals
2953 Removed(s: name)
2954 Emitted when zone with name has been removed.
2955 Renamed(s: name)
2957 Emitted when zone has been renamed to name.
2958 Updated(s: name)
2960 Emitted when zone with name has been updated.
2961 Properties
2963 builtin - b - (ro)
2964 True if zone is build-in, false else.
2965 default - b - (ro)
2967 True if build-in zone has default settings. False if it has
2968 been modified. Always False for not build-in zones.
2969 filename - s - (ro)
2971 Name (including .xml extension) of file where the configuration
2972 is stored.
2973 name - s - (ro)
2975 Name of zone.
2976 path - s - (ro)
2978 Path to directory where the zone configuration is stored.
2979 Should be either /usr/lib/firewalld/zones or
2980 /etc/firewalld/zones.
2981 org.fedoraproject.FirewallD1.config.policy
2983 Interface for permanent policy configuration, see also
2984 firewalld.policy(5).
2985 Methods
2987 getSettings() → a{sv}
2988 Return permanent settings of given policy. For getting runtime
2989 settings see
2990 org.fedoraproject.FirewallD1.policy.Methods.getPolicySettings.
2991 Settings are a dictionary indexed by keywords. For possible
2992 keywords see
2993 org.fedoraproject.FirewallD1.config.Methods.addPolicy.
2994 loadDefaults() → Nothing
2996 Load default settings for built-in policy.
2997 Possible errors: NO_DEFAULTS
2999 remove() → Nothing
3001 Remove not built-in policy.
3002 Possible errors: BUILTIN_POLICY
3004 rename(s: name) → Nothing
3006 Rename not built-in policy to name.
3007 Possible errors: BUILTIN_POLICY
3009 update(a{sv}: settings) → Nothing
3011 Update settings of policy to settings. Settings are a
3012 dictionary indexed by keywords. For possible keywords see
3013 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
3014 a value pass an empty string or list.
3015 Possible errors: INVALID_TYPE
3017 Signals
3019 Removed(s: name)
3020 Emitted when policy with name has been removed.
3021 Renamed(s: name)
3023 Emitted when policy has been renamed to name.
3024 Updated(s: name)
3026 Emitted when policy with name has been updated.
3027 Properties
3029 builtin - b - (ro)
3030 True if policy is build-in, false else.
3031 default - b - (ro)
3033 True if build-in policy has default settings. False if it has
3034 been modified. Always False for not build-in policies.
3035 filename - s - (ro)
3037 Name (including .xml extension) of file where the configuration
3038 is stored.
3039 name - s - (ro)
3041 Name of policy.
3042 path - s - (ro)
3044 Path to directory where the policy configuration is stored.
3045 Should be either /usr/lib/firewalld/policies or
3046 /etc/firewalld/policies.
3047 org.fedoraproject.FirewallD1.config.service
3049 Interface for permanent service configuration, see also
3050 firewalld.service(5).
3051 Methods
3053 addModule(s: module) → Nothing
3054 This method is deprecated. Please use "helpers" in the
3055 update2() method.
3056 addPort(s: port, s: protocol) → Nothing
3058 Permanently add (port, protocol) to list of ports in service.
3059 See port tag in firewalld.service(5).
3060 Possible errors: ALREADY_ENABLED
3062 addProtocol(s: protocol) → Nothing
3064 Permanently add protocol into zone. The protocol can be any
3065 protocol supported by the system. Please have a look at
3066 /etc/protocols for supported protocols. See protocol tag in
3067 firewalld.service(5).
3068 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
3070 addSourcePort(s: port, s: protocol) → Nothing
3072 Permanently add (port, protocol) to list of source ports in
3073 service. See source-port tag in firewalld.service(5).
3074 Possible errors: ALREADY_ENABLED
3076 getDescription() → s
3078 Get description of service. See description tag in
3079 firewalld.service(5).
3080 getDestination(s: family) → s
3082 Get destination for IP family being either 'ipv4' or 'ipv6'.
3083 See destination tag in firewalld.service(5).
3084 Possible errors: ALREADY_ENABLED
3086 getDestinations() → a{ss}
3088 Get list of destinations. Return value is a dictionary of {IP
3089 family : IP address} where 'IP family' key can be either 'ipv4'
3090 or 'ipv6'. See destination tag in firewalld.service(5).
3091 getModules() → as
3093 This method is deprecated. Please use "helpers" in the
3094 getSettings2() method.
3095 getPorts() → a(ss)
3097 Get list of (port, protocol) defined in service. See port tag
3098 in firewalld.service(5).
3099 getProtocols() → as
3101 Return array of protocols (s) defined in service. See protocol
3102 tag in firewalld.service(5).
3103 getSettings() → (sssa(ss)asa{ss}asa(ss))
3105 This function is deprecated, use
3106 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
3107 instead.
3108 getSettings2(s: service) → s{sv}
3110 Return runtime settings of given service. For getting runtime
3111 settings see
3112 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
3113 Settings are a dictionary indexed by keywords. For the type of
3114 each value see below. If the value is empty it may be omitted.
3115 version (s): see version attribute of service tag in
3117 firewalld.service(5).
3118 name (s): see short tag in firewalld.service(5).
3120 description (s): see description tag in firewalld.service(5).
3122 ports (a(ss)): array of port and protocol pairs. See port tag
3124 in firewalld.service(5).
3125 module names (as): array of kernel netfilter helpers, see
3127 module tag in firewalld.service(5).
3128 destinations (a{ss}): dictionary of {IP family : IP address}
3130 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3131 destination tag in firewalld.service(5).
3132 protocols (as): array of protocols, see protocol tag in
3134 firewalld.service(5).
3135 source_ports (a(ss)): array of port and protocol pairs. See
3137 source-port tag in firewalld.service(5).
3138 includes (as): array of service includes, see include tag in
3140 firewalld.service(5).
3141 helpers (as): array of service helpers, see helper tag in
3143 firewalld.service(5).
3144 getShort() → s
3147 Get name of service. See short tag in firewalld.service(5).
3148 getSourcePorts() → a(ss)
3150 Get list of (port, protocol) defined in service. See
3151 source-port tag in firewalld.service(5).
3152 getVersion() → s
3154 Get version of service. See version attribute of service tag in
3155 firewalld.service(5).
3156 loadDefaults() → Nothing
3158 Load default settings for built-in service.
3159 Possible errors: NO_DEFAULTS
3161 queryDestination(s: family, s: address) → b
3163 Return whether a destination is in dictionary of destinations
3164 of this service. destination is in format: (IP family, IP
3165 address) where IP family can be either 'ipv4' or 'ipv6'. See
3166 destination tag in firewalld.service(5).
3167 queryModule(s: module) → b
3169 This method is deprecated. Please use "helpers" in the
3170 getSettings2() method.
3171 queryPort(s: port, s: protocol) → b
3173 Return whether (port, protocol) is in list of ports in service.
3174 See port tag in firewalld.service(5).
3175 queryProtocol(s: protocol) → b
3177 Return whether protocol is in list of protocols in service. See
3178 protocol tag in firewalld.service(5).
3179 querySourcePort(s: port, s: protocol) → b
3181 Return whether (port, protocol) is in list of source ports in
3182 service. See source-port tag in firewalld.service(5).
3183 remove() → Nothing
3185 Remove not built-in service.
3186 Possible errors: BUILTIN_SERVICE
3188 removeDestination(s: family) → Nothing
3190 Permanently remove a destination with family ('ipv4' or 'ipv6')
3191 from service. See destination tag in firewalld.service(5).
3192 Possible errors: NOT_ENABLED
3194 removeModule(s: module) → Nothing
3196 This method is deprecated. Please use "helpers" in the
3197 update2() method.
3198 removePort(s: port, s: protocol) → Nothing
3200 Permanently remove (port, protocol) from list of ports in
3201 service. See port tag in firewalld.service(5).
3202 Possible errors: NOT_ENABLED
3204 removeProtocol(s: protocol) → Nothing
3206 Permanently remove protocol from list of protocols in service.
3207 See protocol tag in firewalld.service(5).
3208 Possible errors: NOT_ENABLED
3210 removeSourcePort(s: port, s: protocol) → Nothing
3212 Permanently remove (port, protocol) from list of source ports
3213 in service. See source-port tag in firewalld.service(5).
3214 Possible errors: NOT_ENABLED
3216 rename(s: name) → Nothing
3218 Rename not built-in service to name.
3219 Possible errors: BUILTIN_SERVICE
3221 setDescription(s: description) → Nothing
3223 Permanently set description of service to description. See
3224 description tag in firewalld.service(5).
3225 setDestination(s: family, s: address) → Nothing
3227 Permanently set a destination address. destination is in
3228 format: (IP family, IP address) where IP family can be either
3229 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
3230 Possible errors: ALREADY_ENABLED
3232 setDestinations(a{ss}: destinations) → Nothing
3234 Permanently set destinations of service to destinations, which
3235 is a dictionary of {IP family : IP address} where 'IP family'
3236 key can be either 'ipv4' or 'ipv6'. See destination tag in
3237 firewalld.service(5).
3238 setModules(as: modules) → Nothing
3240 This method is deprecated. Please use "helpers" in the
3241 update2() method.
3242 setPorts(a(ss): ports) → Nothing
3244 Permanently set ports of service to list of (port, protocol).
3245 See port tag in firewalld.service(5).
3246 setProtocols(as: protocols) → Nothing
3248 Permanently set protocols of service to list of protocols. See
3249 protocol tag in firewalld.service(5).
3250 setShort(s: short) → Nothing
3252 Permanently set name of service to short. See short tag in
3253 firewalld.service(5).
3254 setSourcePorts(a(ss): ports) → Nothing
3256 Permanently set source-ports of service to list of (port,
3257 protocol). See source-port tag in firewalld.service(5).
3258 setVersion(s: version) → Nothing
3260 Permanently set version of service to version. See version
3261 attribute of service tag in firewalld.service(5).
3262 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
3264 This function is deprecated, use
3265 org.fedoraproject.FirewallD1.config.service.Methods.update2
3266 instead.
3267 update2a{sv}: settings) → Nothing
3269 Update settings of service to settings. Settings are a
3270 dictionary indexed by keywords. For the type of each value see
3271 below. To zero a value pass an empty string or list.
3272 version (s): see version attribute of service tag in
3274 firewalld.service(5).
3275 name (s): see short tag in firewalld.service(5).
3277 description (s): see description tag in firewalld.service(5).
3279 ports (a(ss)): array of port and protocol pairs. See port tag
3281 in firewalld.service(5).
3282 module names (as): array of kernel netfilter helpers, see
3284 module tag in firewalld.service(5).
3285 destinations (a{ss}): dictionary of {IP family : IP address}
3287 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3288 destination tag in firewalld.service(5).
3289 protocols (as): array of protocols, see protocol tag in
3291 firewalld.service(5).
3292 source_ports (a(ss)): array of port and protocol pairs. See
3294 source-port tag in firewalld.service(5).
3295 includes (as): array of service includes, see include tag in
3297 firewalld.service(5).
3298 helpers (as): array of service helpers, see helper tag in
3300 firewalld.service(5).
3301 Possible errors: INVALID_TYPE
3303 Signals
3305 Removed(s: name)
3306 Emitted when service with name has been removed.
3307 Renamed(s: name)
3309 Emitted when service has been renamed to name.
3310 Updated(s: name)
3312 Emitted when service with name has been updated.
3313 Properties
3315 builtin - b - (ro)
3316 True if service is build-in, false else.
3317 default - b - (ro)
3319 True if build-in service has default settings. False if it has
3320 been modified. Always False for not build-in services.
3321 filename - s - (ro)
3323 Name (including .xml extension) of file where the configuration
3324 is stored.
3325 name - s - (ro)
3327 Name of service.
3328 path - s - (ro)
3330 Path to directory where the configuration is stored. Should be
3331 either /usr/lib/firewalld/services or /etc/firewalld/services.
3332 org.fedoraproject.FirewallD1.config.helper
3334 Interface for permanent helper configuration, see also
3335 firewalld.helper(5).
3336 Methods
3338 addPort(s: port, s: protocol) → Nothing
3339 Permanently add (port, protocol) to list of ports in helper.
3340 See port tag in firewalld.helper(5).
3341 Possible errors: ALREADY_ENABLED
3343 getDescription() → s
3345 Get description of helper. See description tag in
3346 firewalld.helper(5).
3347 getFamily() → s
3349 Get family being 'ipv4', 'ipv6' or empty for both. See family
3350 tag in firewalld.helper(5).
3351 getModule() → s
3353 Get modules (netfilter kernel helpers) used in helper. See
3354 module tag in firewalld.helper(5).
3355 getPorts() → a(ss)
3357 Get list of (port, protocol) defined in helper. See port tag in
3358 firewalld.helper(5).
3359 getSettings() → (sssssa(ss))
3361 Return permanent settings of a helper. For getting runtime
3362 settings see
3363 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3364 Settings are in format: version, name, description, family,
3365 module, array of ports (port, protocol).
3366 version (s): see version attribute of helper tag in
3368 firewalld.helper(5).
3369 name (s): see short tag in firewalld.helper(5).
3371 description (s): see description tag in firewalld.helper(5).
3373 family (s): see family tag in firewalld.helper(5).
3375 module (s): see module tag in firewalld.helper(5).
3377 ports (a(ss)): array of port and protocol pairs. See port tag
3379 in firewalld.helper(5).
3380 getShort() → s
3383 Get name of helper. See short tag in firewalld.helper(5).
3384 getVersion() → s
3386 Get version of helper. See version attribute of helper tag in
3387 firewalld.helper(5).
3388 loadDefaults() → Nothing
3390 Load default settings for built-in helper.
3391 Possible errors: NO_DEFAULTS
3393 queryFamily(s: module) → b
3395 Return whether family is set for helper. See family tag in
3396 firewalld.helper(5).
3397 queryModule(s: module) → b
3399 Return whether module (netfilter kernel helpers) is used in
3400 helper. See module tag in firewalld.helper(5).
3401 queryPort(s: port, s: protocol) → b
3403 Return whether (port, protocol) is in list of ports in helper.
3404 See port tag in firewalld.helper(5).
3405 remove() → Nothing
3407 Remove not built-in helper.
3408 Possible errors: BUILTIN_HELPER
3410 removePort(s: port, s: protocol) → Nothing
3412 Permanently remove (port, protocol) from list of ports in
3413 helper. See port tag in firewalld.helper(5).
3414 Possible errors: NOT_ENABLED
3416 rename(s: name) → Nothing
3418 Rename not built-in helper to name.
3419 Possible errors: BUILTIN_HELPER
3421 setDescription(s: description) → Nothing
3423 Permanently set description of helper to description. See
3424 description tag in firewalld.helper(5).
3425 setFamily(s: family) → Nothing
3427 Permanently set family of helper to family. See family tag in
3428 firewalld.helper(5).
3429 setModule(s: module) → Nothing
3431 Permanently set module of helper to description. See module tag
3432 in firewalld.helper(5).
3433 setPorts(a(ss): ports) → Nothing
3435 Permanently set ports of helper to list of (port, protocol).
3436 See port tag in firewalld.helper(5).
3437 setShort(s: short) → Nothing
3439 Permanently set name of helper to short. See short tag in
3440 firewalld.helper(5).
3441 setVersion(s: version) → Nothing
3443 Permanently set version of helper to version. See version
3444 attribute of helper tag in firewalld.helper(5).
3445 update((sssssa(ss)): settings) → Nothing
3447 Update settings of helper to settings. Settings are in format:
3448 version, name, description, family, module and array of ports.
3449 version (s): see version attribute of helper tag in
3451 firewalld.helper(5).
3452 name (s): see short tag in firewalld.helper(5).
3454 description (s): see description tag in firewalld.helper(5).
3456 family (s): see family tag in firewalld.helper(5).
3458 module (s): see module tag in firewalld.helper(5).
3460 ports (a(ss)): array of port and protocol pairs. See port tag
3462 in firewalld.helper(5).
3463 Possible errors: INVALID_HELPER
3465 Signals
3467 Removed(s: name)
3468 Emitted when helper with name has been removed.
3469 Renamed(s: name)
3471 Emitted when helper has been renamed to name.
3472 Updated(s: name)
3474 Emitted when helper with name has been updated.
3475 Properties
3477 builtin - b - (ro)
3478 True if helper is build-in, false else.
3479 default - b - (ro)
3481 True if build-in helper has default settings. False if it has
3482 been modified. Always False for not build-in helpers.
3483 filename - s - (ro)
3485 Name (including .xml extension) of file where the configuration
3486 is stored.
3487 name - s - (ro)
3489 Name of helper.
3490 path - s - (ro)
3492 Path to directory where the configuration is stored. Should be
3493 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3494 org.fedoraproject.FirewallD1.config.icmptype
3496 Interface for permanent icmp type configuration, see also
3497 firewalld.icmptype(5).
3498 Methods
3500 addDestination(s: destination) → Nothing
3501 Permanently add a destination ('ipv4' or 'ipv6') to list of
3502 destinations of this icmp type. See destination tag in
3503 firewalld.icmptype(5).
3504 Possible errors: ALREADY_ENABLED
3506 getDescription() → s
3508 Get description of icmp type. See description tag in
3509 firewalld.icmptype(5).
3510 getDestinations() → as
3512 Get list of destinations. See destination tag in
3513 firewalld.icmptype(5).
3514 getSettings() → (sssas)
3516 Return permanent settings of icmp type. For getting runtime
3517 settings see
3518 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3519 Settings are in format: version, name, description, array of
3520 destinations.
3521 version (s): see version attribute of icmptype tag in
3523 firewalld.icmptype(5).
3524 name (s): see short tag in firewalld.icmptype(5).
3526 description (s): see description tag in firewalld.icmptype(5).
3528 destinations (as): array, either empty or containing strings
3530 'ipv4' and/or 'ipv6', see destination tag in
3531 firewalld.icmptype(5).
3532 getShort() → s
3535 Get name of icmp type. See short tag in firewalld.icmptype(5).
3536 getVersion() → s
3538 Get version of icmp type. See version attribute of icmptype tag
3539 in firewalld.icmptype(5).
3540 loadDefaults() → Nothing
3542 Load default settings for built-in icmp type.
3543 Possible errors: NO_DEFAULTS
3545 queryDestination(s: destination) → b
3547 Return whether a destination ('ipv4' or 'ipv6') is in list of
3548 destinations of this icmp type. See destination tag in
3549 firewalld.icmptype(5).
3550 remove() → Nothing
3552 Remove not built-in icmp type.
3553 Possible errors: BUILTIN_ICMPTYPE
3555 removeDestination(s: destination) → Nothing
3557 Permanently remove a destination ('ipv4' or 'ipv6') from list
3558 of destinations of this icmp type. See destination tag in
3559 firewalld.icmptype(5).
3560 Possible errors: NOT_ENABLED
3562 rename(s: name) → Nothing
3564 Rename not built-in icmp type to name.
3565 Possible errors: BUILTIN_ICMPTYPE
3567 setDescription(s: description) → Nothing
3569 Permanently set description of icmp type to description. See
3570 description tag in firewalld.icmptype(5).
3571 setDestinations(as: destinations) → Nothing
3573 Permanently set destinations of icmp type to destinations,
3574 which is array, either empty or containing strings 'ipv4'
3575 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3576 setShort(s: short) → Nothing
3578 Permanently set name of icmp type to short. See short tag in
3579 firewalld.icmptype(5).
3580 setVersion(s: version) → Nothing
3582 Permanently set version of icmp type to version. See version
3583 attribute of icmptype tag in firewalld.icmptype(5).
3584 update((sssas): settings) → Nothing
3586 Update permanent settings of icmp type to settings. Settings
3587 are in format: version, name, description, array of
3588 destinations.
3589 version (s): see version attribute of icmptype tag in
3591 firewalld.icmptype(5).
3592 name (s): see short tag in firewalld.icmptype(5).
3594 description (s): see description tag in firewalld.icmptype(5).
3596 destinations (as): array, either empty or containing strings
3598 'ipv4' and/or 'ipv6', see destination tag in
3599 firewalld.icmptype(5).
3600 Signals
3603 Removed(s: name)
3604 Emitted when icmp type with name has been removed.
3605 Renamed(s: name)
3607 Emitted when icmp type has been renamed to name.
3608 Updated(s: name)
3610 Emitted when icmp type with name has been updated.
3611 Properties
3613 builtin - b - (ro)
3614 True if icmptype is build-in, false else.
3615 default - b - (ro)
3617 True if build-in icmp type has default settings. False if it
3618 has been modified. Always False for not build-in zones.
3619 filename - s - (ro)
3621 Name (including .xml extension) of file where the configuration
3622 is stored.
3623 name - s - (ro)
3625 Name of icmp type.
3626 path - s - (ro)
3628 Path to directory where the icmp type configuration is stored.
3629 Should be either /usr/lib/firewalld/icmptypes or
3630 /etc/firewalld/icmptypes.
3631
3633 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3634 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3635 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3636 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3637 firewalld.zone(5), firewalld.zones(5), firewalld.policy(5),
3638 firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
3639
3641 firewalld home page:
3642 http://firewalld.org
3643 More documentation with examples:
3645 http://fedoraproject.org/wiki/FirewallD
3646
3648 Thomas Woerner <twoerner@redhat.com>
3649 Developer
3650 Jiri Popelka <jpopelka@redhat.com>
3652 Developer
3653 Eric Garver <eric@garver.life>
3655 Developer
3656firewalld 1.3.4 FIREWALLD.DBUS(5)