1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
3
4
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11
12 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct (deprecated)
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21
22 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct (deprecated)
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29
30 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35
36 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41
42 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47
48 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
54
55
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61
62 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67
68 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75
76 disablePanicMode() → Nothing
77
78 resetToDefaults() → Nothing
79 Reset firewall to its default configuration, then reload
80 firewall. This effects both runtime and permanent
81 configuration.
82 Disable panic mode. After disabling panic mode established
83 connections might work again, if panic mode was enabled for a
84 short period of time.
85
86 Possible errors: NOT_ENABLED, COMMAND_FAILED
87
88 enablePanicMode() → Nothing
89 Enable panic mode. All incoming and outgoing packets are
90 dropped, active connections will expire. Enable this only if
91 there are serious problems with your network environment.
92
93 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
94
95 getAutomaticHelpers() → s
96 Deprecated. This always returns "no".
97
98 getDefaultZone() → s
99 Return default zone.
100
101 getHelperSettings(s: helper) → (sssssa(ss))
102 Return runtime settings of given helper. For getting permanent
103 settings see
104 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
105 Settings are in format: version, name, description, family,
106 module and array of ports.
107
108 version (s): see version attribute of helper tag in
109 firewalld.helper(5).
110
111 name (s): see short tag in firewalld.helper(5).
112
113 description (s): see description tag in firewalld.helper(5).
114
115 family (s): see family tag in firewalld.helper(5).
116
117 module (s): see module tag in firewalld.helper(5).
118
119 ports (a(ss)): array of port and protocol pairs. See port tag
120 in firewalld.helper(5).
121
122 Possible errors: INVALID_HELPER
123
124 getHelpers() → as
125 Return array of helper names (s) in runtime configuration. For
126 permanent configuration see
127 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
128
129 getIcmpTypeSettings(s: icmptype) → (sssas)
130 Return runtime settings of given icmptype. For getting
131 permanent settings see
132 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
133 Settings are in format: version, name, description, array of
134 destinations.
135
136 version (s): see version attribute of icmptype tag in
137 firewalld.icmptype(5).
138
139 name (s): see short tag in firewalld.icmptype(5).
140
141 description (s): see description tag in firewalld.icmptype(5).
142
143 destinations (as): array, either empty or containing strings
144 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
145
146 Possible errors: INVALID_ICMPTYPE
147
148 getLogDenied() → s
149 Returns the LogDenied value. If LogDenied is enabled, then
150 logging rules are added right before reject and drop rules in
151 the INPUT, FORWARD and OUTPUT chains for the default rules and
152 also final reject and drop rules in zones. Possible values are:
153 all, unicast, broadcast, multicast and off. The default value
154 is off
155
156 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
157 This function is deprecated, use
158 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
159 instead.
160
161 getServiceSettings2(s: service) → s{sv}
162 Return runtime settings of given service. For getting permanent
163 settings see
164 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
165 Settings are a dictionary indexed by keywords. For the type of
166 each value see below. If the value is empty it may be omitted.
167
168 version (s): see version attribute of service tag in
169 firewalld.service(5).
170
171 name (s): see short tag in firewalld.service(5).
172
173 description (s): see description tag in firewalld.service(5).
174
175 ports (a(ss)): array of port and protocol pairs. See port tag
176 in firewalld.service(5).
177
178 module names (as): array of kernel netfilter helpers, see
179 module tag in firewalld.service(5).
180
181 destinations (a{ss}): dictionary of {IP family : IP address}
182 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
183 destination tag in firewalld.service(5).
184
185 protocols (as): array of protocols, see protocol tag in
186 firewalld.service(5).
187
188 source_ports (a(ss)): array of port and protocol pairs. See
189 source-port tag in firewalld.service(5).
190
191 includes (as): array of service includes, see include tag in
192 firewalld.service(5).
193
194 helpers (as): array of service helpers, see helper tag in
195 firewalld.service(5).
196
197 Possible errors: INVALID_SERVICE
198
199 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
200 This function is deprecated, use
201 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2
202 instead.
203
204 listIcmpTypes() → as
205 Return array of names (s) of icmp types in runtime
206 configuration. For permanent configuration see
207 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
208
209 listServices() → as
210 Return array of service names (s) in runtime configuration. For
211 permanent configuration see
212 org.fedoraproject.FirewallD1.config.Methods.listServices.
213
214 queryPanicMode() → b
215 Return true if panic mode is enabled, false otherwise. In panic
216 mode all incoming and outgoing packets are dropped.
217
218 reload() → Nothing
219 Reload firewall rules and keep state information. Current
220 permanent configuration will become new runtime configuration,
221 i.e. all runtime only changes done until reload are lost with
222 reload if they have not been also in permanent configuration.
223
224 runtimeToPermanent() → Nothing
225 Make runtime settings permanent. Replaces permanent settings
226 with runtime settings for zones, services, icmptypes, direct
227 (deprecated) and policies (lockdown whitelist).
228
229 Possible errors: RT_TO_PERM_FAILED
230
231 checkPermanentConfig() → Nothing
232 Run checks on the permanent configuration. This is most useful
233 if changes were made manually to configuration files.
234
235 Possible errors: any
236
237 setDefaultZone(s: zone) → Nothing
238 Set default zone for connections and interfaces where no zone
239 has been selected to zone. Setting the default zone changes the
240 zone for the connections or interfaces, that are using the
241 default zone. This is a runtime and permanent change.
242
243 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
244
245 setLogDenied(s: value) → Nothing
246 Set LogDenied value to value. If LogDenied is enabled, then
247 logging rules are added right before reject and drop rules in
248 the INPUT, FORWARD and OUTPUT chains for the default rules and
249 also final reject and drop rules in zones. Possible values are:
250 all, unicast, broadcast, multicast and off. The default value
251 is off This is a runtime and permanent change.
252
253 Possible errors: ALREADY_SET, INVALID_VALUE
254
255 Signals
256 DefaultZoneChanged(s: zone)
257 Emitted when default zone has been changed to zone.
258
259 LogDeniedChanged(s: value)
260 Emitted when LogDenied value has been changed.
261
262 PanicModeDisabled()
263 Emitted when panic mode has been deactivated.
264
265 PanicModeEnabled()
266 Emitted when panic mode has been activated.
267
268 Reloaded()
269 Emitted when firewalld has been reloaded. Also emitted for a
270 complete reload.
271
272 Properties
273 BRIDGE - b - (ro)
274 Indicates whether the firewall has ethernet bridge support.
275
276 IPSet - b - (ro)
277 Indicates whether the firewall has IPSet support.
278
279 IPSetTypes - as - (ro)
280 The supported IPSet types by ipset and firewalld.
281
282 IPv4 - b - (ro)
283 Indicates whether the firewall has IPv4 support.
284
285 IPv4ICMPTypes - as - (ro)
286 The list of supported IPv4 ICMP types.
287
288 IPv6 - b - (ro)
289 Indicates whether the firewall has IPv6 support.
290
291 IPv6_rpfilter - b - (ro)
292 Indicates whether the reverse path filter test on a packet for
293 IPv6 is enabled. If a reply to the packet would be sent via the
294 same interface that the packet arrived on, the packet will
295 match and be accepted, otherwise dropped.
296
297 IPv6ICMPTypes - as - (ro)
298 The list of supported IPv6 ICMP types.
299
300 nf_conntrach_helper_setting - b - (ro)
301 Deprecated. Always False.
302
303 nf_conntrack_helpers - a{sas} - (ro)
304 Deprecated. Always returns an empty dictionary.
305
306 nf_nat_helpers - a{sas} - (ro)
307 Deprecated. Always returns an empty dictionary.
308
309 interface_version - s - (ro)
310 firewalld D-Bus interface version string.
311
312 state - s - (ro)
313 firewalld state. This can be either INIT, FAILED, or RUNNING.
314 In INIT state, firewalld is starting up and initializing. In
315 FAILED state, firewalld completely started but experienced a
316 failure.
317
318 version - s - (ro)
319 firewalld version string.
320
321 org.fedoraproject.FirewallD1.ipset
322 Operations in this interface allows one to get, add, remove and query
323 runtime ipset settings. For permanent configuration see
324 org.fedoraproject.FirewallD1.config.ipset interface.
325
326 Methods
327 addEntry(s: ipset, s: entry) → as
328 Add a new entry to ipset. The entry must match the type of the
329 ipset. If the ipset is using the timeout option, it is not
330 possible to see the entries, as they are timing out
331 automatically in the kernel. For permanent operation see
332 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
333
334 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
335
336 getEntries(s: ipset) → Nothing
337 Get all entries added to the ipset. If the ipset is using the
338 timeout option, it is not possible to see the entries, as they
339 are timing out automatically in the kernel. Return value is a
340 array of entry. For permanent operation see
341 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
342
343 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
344
345 getIPSetSettings(s: ipset) → (ssssa{ss}as)
346 Return runtime settings of given ipset. For getting permanent
347 settings see
348 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
349 Settings are in format: version, name, description, type,
350 dictionary of options and array of entries.
351
352 version (s): see version attribute of ipset tag in
353 firewalld.ipset(5).
354
355 name (s): see short tag in firewalld.ipset(5).
356
357 description (s): see description tag in firewalld.ipset(5).
358
359 type (s): see type attribute of ipset tag in
360 firewalld.ipset(5).
361
362 options (a{ss}): dictionary of {option : value} . See options
363 tag in firewalld.ipset(5).
364
365 entries (as): array of entries, see entry tag in
366 firewalld.ipset(5).
367
368 Possible errors: INVALID_IPSET
369
370 getIPSets() → as
371 Return array of ipset names (s) in runtime configuration. For
372 permanent configuration see
373 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
374
375 queryEntry(s: ipset, s: entry) → b
376 Return whether entry has been added to ipset. For permanent
377 operation see
378 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
379
380 Possible errors: INVALID_IPSET
381
382 queryIPSet(s: ipset) → b
383 Return whether ipset is defined in runtime configuration.
384
385 removeEntry(s: ipset, s: entry) → as
386 Removes an entry from ipset. For permanent operation see
387 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
388
389 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
390
391 setEntries(as: entries) → Nothing
392 Permanently set list of entries to entries. For permanent
393 operation see
394 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
395 See entry tag in firewalld.ipset(5).
396
397 Signals
398 EntryAdded(s: ipset, s: entry)
399 Emitted when entry has been added to ipset.
400
401 EntryRemoved(s: ipset, s: entry)
402 Emitted when entry has been removed from ipset.
403
404 org.fedoraproject.FirewallD1.direct
405 DEPRECATED
406 The direct interface has been deprecated. It will be removed in a
407 future release. It is superseded by policies, see
408 firewalld.policies(5).
409
410 This interface enables more direct access to the firewall. It enables
411 runtime manipulation with chains and rules. For permanent configuration
412 see org.fedoraproject.FirewallD1.config.direct interface.
413
414 Methods
415 addChain(s: ipv, s: table, s: chain) → Nothing
416 Add a new chain to table for ipv being either ipv4 (iptables)
417 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
418 other chain with this name already. There already exist basic
419 chains to use with direct methods, for example INPUT_direct
420 chain. These chains are jumped into before chains for zones,
421 i.e. every rule put into INPUT_direct will be checked before
422 rules in zones. For permanent operation see
423 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
424
425 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
426 COMMAND_FAILED
427
428 addPassthrough(s: ipv, as: args) → Nothing
429 Add a tracked passthrough rule with the arguments args for ipv
430 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
431 (ebtables). Valid commands in args are only -A/--append,
432 -I/--insert and -N/--new-chain. This method is (unlike
433 passthrough method) tracked, i.e. firewalld remembers it. It's
434 useful with
435 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
436 permanent operation see
437 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
438
439 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
440
441 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
442 Nothing
443 Add a rule with the arguments args to chain in table with
444 priority for ipv being either ipv4 (iptables) or ipv6
445 (ip6tables) or eb (ebtables). The priority is used to order
446 rules. Priority 0 means add rule on top of the chain, with a
447 higher priority the rule will be added further down. Rules with
448 the same priority are on the same level and the order of these
449 rules is not fixed and may change. If you want to make sure
450 that a rule will be added after another one, use a low priority
451 for the first and a higher for the following. For permanent
452 operation see
453 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
454
455 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
456 COMMAND_FAILED
457
458 getAllChains() → a(sss)
459 Get all chains added to all tables in format: ipv, table,
460 chain. This concerns only chains previously added with
461 addChain. Return value is a array of (ipv, table, chain). For
462 permanent operation see
463 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
464
465 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
466 (ebtables).
467
468 table (s): one of filter, mangle, nat, raw, security
469
470 chain (s): name of a chain.
471
472
473 getAllPassthroughs() → a(sas)
474 Get all tracked passthrough rules added in all ipv types in
475 format: ipv, rule. This concerns only rules previously added
476 with addPassthrough. Return value is a array of (ipv, array of
477 arguments). For permanent operation see
478 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
479
480 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
481 (ebtables).
482
483 arguments (as): array of commands, parameters and other
484 iptables/ip6tables/ebtables command line options.
485
486
487 getAllRules() → a(sssias)
488 Get all rules added to all chains in all tables in format: ipv,
489 table, chain, priority, rule. This concerns only rules
490 previously added with addRule. Return value is a array of (ipv,
491 table, chain, priority, array of arguments). For permanent
492 operation see
493 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
494
495 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
496 (ebtables).
497
498 table (s): one of filter, mangle, nat, raw, security
499
500 chain (s): name of a chain.
501
502 priority (i): used to order rules.
503
504 arguments (as): array of commands, parameters and other
505 iptables/ip6tables/ebtables command line options.
506
507
508 getChains(s: ipv, s: table) → as
509 Return an array of chains (s) added to table for ipv being
510 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
511 This concerns only chains previously added with addChain. For
512 permanent operation see
513 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
514
515 Possible errors: INVALID_IPV, INVALID_TABLE
516
517 getPassthroughs(s: ipv) → aas
518 Get tracked passthrough rules added in either ipv4 (iptables)
519 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
520 previously added with addPassthrough. Return value is a array
521 of (array of arguments). For permanent operation see
522 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
523
524 arguments (as): array of commands, parameters and other
525 iptables/ip6tables/ebtables command line options.
526
527
528 getRules(s: ipv, s: table, s: chain) → a(ias)
529 Get all rules added to chain in table for ipv being either ipv4
530 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
531 only rules previously added with addRule. Return value is a
532 array of (priority, array of arguments). For permanent
533 operation see
534 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
535
536 priority (i): used to order rules.
537
538 arguments (as): array of commands, parameters and other
539 iptables/ip6tables/ebtables command line options.
540
541 Possible errors: INVALID_IPV, INVALID_TABLE
542
543 passthrough(s: ipv, as: args) → s
544 Pass a command through to the firewall. ipv can be either ipv4
545 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
546 all iptables, ip6tables and ebtables command line arguments.
547 args can be all iptables, ip6tables and ebtables command line
548 arguments. This command is untracked, which means that
549 firewalld is not able to provide information about this command
550 later on.
551
552 Possible errors: COMMAND_FAILED
553
554 queryChain(s: ipv, s: table, s: chain) → b
555 Return whether a chain exists in table for ipv being either
556 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
557 concerns only chains previously added with addChain. For
558 permanent operation see
559 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
560
561 Possible errors: INVALID_IPV, INVALID_TABLE
562
563 queryPassthrough(s: ipv, as: args) → b
564 Return whether a tracked passthrough rule with the arguments
565 args exists for ipv being either ipv4 (iptables) or ipv6
566 (ip6tables) or eb (ebtables). This concerns only rules
567 previously added with addPassthrough. For permanent operation
568 see
569 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
570
571 Possible errors: INVALID_IPV
572
573 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
574 Return whether a rule with priority and the arguments args
575 exists in chain in table for ipv being either ipv4 (iptables)
576 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
577 previously added with addRule. For permanent operation see
578 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
579
580 Possible errors: INVALID_IPV, INVALID_TABLE
581
582 removeAllPassthroughs() → Nothing
583 Remove all passthrough rules previously added with
584 addPassthrough.
585
586 removeChain(s: ipv, s: table, s: chain) → Nothing
587 Remove a chain from table for ipv being either ipv4 (iptables)
588 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
589 added with addChain can be removed this way. For permanent
590 operation see
591 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
592
593 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
594 COMMAND_FAILED
595
596 removePassthrough(s: ipv, as: args) → Nothing
597 Remove a tracked passthrough rule with arguments args for ipv
598 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
599 (ebtables). Only rules previously added with addPassthrough can
600 be removed this way. For permanent operation see
601 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
602
603 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
604
605 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
606 Nothing
607 Remove a rule with priority and arguments args from chain in
608 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
609 or eb (ebtables). Only rules previously added with addRule can
610 be removed this way. For permanent operation see
611 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
612
613 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
614 COMMAND_FAILED
615
616 removeRules(s: ipv, s: table, s: chain) → Nothing
617 Remove all rules from chain in table for ipv being either ipv4
618 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
619 only rules previously added with addRule. For permanent
620 operation see
621 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
622
623 Possible errors: INVALID_IPV, INVALID_TABLE
624
625 Signals
626 ChainAdded(s: ipv, s: table, s: chain)
627 Emitted when chain has been added into table for ipv being
628 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
629
630 ChainRemoved(s: ipv, s: table, s: chain)
631 Emitted when chain has been removed from table for ipv being
632 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
633
634 PassthroughAdded(s: ipv, as: args)
635 Emitted when a tracked passthrough rule with args has been
636 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
637 or eb (ebtables).
638
639 PassthroughRemoved(s: ipv, as: args)
640 Emitted when a tracked passthrough rule with args has been
641 removed for ipv being either ipv4 (iptables) or ipv6
642 (ip6tables) or eb (ebtables).
643
644 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
645 Emitted when a rule with args has been added to chain in table
646 with priority for ipv being either ipv4 (iptables) or ipv6
647 (ip6tables) or eb (ebtables).
648
649 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
650 Emitted when a rule with args has been removed from chain in
651 table with priority for ipv being either ipv4 (iptables) or
652 ipv6 (ip6tables) or eb (ebtables).
653
654 org.fedoraproject.FirewallD1.policies
655 Enables firewalld to be able to lock down configuration changes from
656 local applications. Local applications or services are able to change
657 the firewall configuration if they are running as root (example:
658 libvirt). With these operations administrator can lock the firewall
659 configuration so that either none or only applications that are in the
660 whitelist are able to request firewall changes. For permanent
661 configuration see org.fedoraproject.FirewallD1.config.policies
662 interface.
663
664 Methods
665 addLockdownWhitelistCommand(s: command) → Nothing
666 Add command to whitelist. See command option in
667 firewalld.lockdown-whitelist(5). For permanent operation see
668 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
669
670 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
671
672 addLockdownWhitelistContext(s: context) → Nothing
673 Add context to whitelist. See selinux option in
674 firewalld.lockdown-whitelist(5). For permanent operation see
675 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
676
677 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
678
679 addLockdownWhitelistUid(i: uid) → Nothing
680 Add user id uid to whitelist. See user option in
681 firewalld.lockdown-whitelist(5). For permanent operation see
682 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
683
684 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
685
686 addLockdownWhitelistUser(s: user) → Nothing
687 Add user name to whitelist. See user option in
688 firewalld.lockdown-whitelist(5). For permanent operation see
689 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
690
691 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
692
693 disableLockdown() → Nothing
694 Disable lockdown. This is a runtime and permanent change.
695
696 Possible errors: NOT_ENABLED
697
698 enableLockdown() → Nothing
699 Enable lockdown. Be careful - if the calling application/user
700 is not on lockdown whitelist when you enable lockdown you won't
701 be able to disable it again with the application, you would
702 need to edit firewalld.conf. This is a runtime and permanent
703 change.
704
705 Possible errors: ALREADY_ENABLED
706
707 getLockdownWhitelistCommands() → as
708 List all command lines (s) that are on whitelist. For permanent
709 operation see
710 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
711
712 getLockdownWhitelistContexts() → as
713 List all contexts (s) that are on whitelist. For permanent
714 operation see
715 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
716
717 getLockdownWhitelistUids() → ai
718 List all user ids (i) that are on whitelist. For permanent
719 operation see
720 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
721
722 getLockdownWhitelistUsers() → as
723 List all users (s) that are on whitelist. For permanent
724 operation see
725 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
726
727 queryLockdown() → b
728 Query whether lockdown is enabled.
729
730 queryLockdownWhitelistCommand(s: command) → b
731 Query whether command is on whitelist. For permanent operation
732 see
733 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
734
735 queryLockdownWhitelistContext(s: context) → b
736 Query whether context is on whitelist. For permanent operation
737 see
738 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
739
740 queryLockdownWhitelistUid(i: uid) → b
741 Query whether user id uid is on whitelist. For permanent
742 operation see
743 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
744
745 queryLockdownWhitelistUser(s: user) → b
746 Query whether user is on whitelist. For permanent operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
748
749 removeLockdownWhitelistCommand(s: command) → Nothing
750 Remove command from whitelist. For permanent operation see
751 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
752
753 Possible errors: NOT_ENABLED
754
755 removeLockdownWhitelistContext(s: context) → Nothing
756 Remove context from whitelist. For permanent operation see
757 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
758
759 Possible errors: NOT_ENABLED
760
761 removeLockdownWhitelistUid(i: uid) → Nothing
762 Remove user id uid from whitelist. For permanent operation see
763 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
764
765 Possible errors: NOT_ENABLED
766
767 removeLockdownWhitelistUser(s: user) → Nothing
768 Remove user from whitelist. For permanent operation see
769 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
770
771 Possible errors: NOT_ENABLED
772
773 Signals
774 LockdownDisabled()
775 Emitted when lockdown has been disabled.
776
777 LockdownEnabled()
778 Emitted when lockdown has been enabled.
779
780 LockdownWhitelistCommandAdded(s: command)
781 Emitted when command has been added to whitelist.
782
783 LockdownWhitelistCommandRemoved(s: command)
784 Emitted when command has been removed from whitelist.
785
786 LockdownWhitelistContextAdded(s: context)
787 Emitted when context has been added to whitelist.
788
789 LockdownWhitelistContextRemoved(s: context)
790 Emitted when context has been removed from whitelist.
791
792 LockdownWhitelistUidAdded(i: uid)
793 Emitted when user id uid has been added to whitelist.
794
795 LockdownWhitelistUidRemoved(i: uid)
796 Emitted when user id uid has been removed from whitelist.
797
798 LockdownWhitelistUserAdded(s: user)
799 Emitted when user has been added to whitelist.
800
801 LockdownWhitelistUserRemoved(s: user)
802 Emitted when user has been removed from whitelist.
803
804 org.fedoraproject.FirewallD1.zone
805 Operations in this interface allows one to get, add, remove and query
806 runtime zone's settings. For permanent settings see
807 org.fedoraproject.FirewallD1.config.zone interface.
808
809 Methods
810 getZoneSettings2(s: zone) → a{sv}
811 Return runtime settings of given zone. For getting permanent
812 settings see
813 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2.
814 Settings are a dictionary indexed by keywords. For the type of
815 each value see below. If the value is empty it may be omitted.
816
817 version (s): see version attribute of zone tag in
818 firewalld.zone(5).
819
820 name (s): see short tag in firewalld.zone(5).
821
822 description (s): see description tag in firewalld.zone(5).
823
824 target (s): see target attribute of zone tag in
825 firewalld.zone(5).
826
827 services (as): array of service names, see service tag in
828 firewalld.zone(5).
829
830 ports (a(ss)): array of port and protocol pairs. See port tag
831 in firewalld.zone(5).
832
833 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
834 firewalld.zone(5).
835
836 masquerade (b): see masquerade tag in firewalld.zone(5).
837
838 forward_ports (a(ssss)): array of (port, protocol, to-port,
839 to-addr). See forward-port tag in firewalld.zone(5).
840
841 interfaces (as): array of interfaces. See interface tag in
842 firewalld.zone(5).
843
844 sources (as): array of source addresses. See source tag in
845 firewalld.zone(5).
846
847 rules_str (as): array of rich-language rules. See rule tag in
848 firewalld.zone(5).
849
850 protocols (as): array of protocols, see protocol tag in
851 firewalld.zone(5).
852
853 source_ports (a(ss)): array of port and protocol pairs. See
854 source-port tag in firewalld.zone(5).
855
856 icmp_block_inversion (b): see icmp-block-inversion tag in
857 firewalld.zone(5).
858
859 forward (b): see forward tag in firewalld.zone(5).
860
861 Possible errors: INVALID_ZONE
862
863 setZoneSettings2(s: zone, a{sv}: settings, i: timeout)
864 Set runtime settings of given zone. For setting permanent
865 settings see
866 org.fedoraproject.FirewallD1.config.zone.Methods.update2.
867 Settings are a dictionary indexed by keywords. For the type of
868 each value see below. To zero a value pass an empty string or
869 list.
870
871 services (as): array of service names, see service tag in
872 firewalld.zone(5).
873
874 ports (a(ss)): array of port and protocol pairs. See port tag
875 in firewalld.zone(5).
876
877 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
878 firewalld.zone(5).
879
880 masquerade (b): see masquerade tag in firewalld.zone(5).
881
882 forward_ports (a(ssss)): array of (port, protocol, to-port,
883 to-addr). See forward-port tag in firewalld.zone(5).
884
885 interfaces (as): array of interfaces. See interface tag in
886 firewalld.zone(5).
887
888 sources (as): array of source addresses. See source tag in
889 firewalld.zone(5).
890
891 rules_str (as): array of rich-language rules. See rule tag in
892 firewalld.zone(5).
893
894 protocols (as): array of protocols, see protocol tag in
895 firewalld.zone(5).
896
897 source_ports (a(ss)): array of port and protocol pairs. See
898 source-port tag in firewalld.zone(5).
899
900 icmp_block_inversion (b): see icmp-block-inversion tag in
901 firewalld.zone(5).
902
903 forward (b): see forward tag in firewalld.zone(5).
904
905 Possible errors: INVALID_ZONE
906
907 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
908 i: timeout) → s
909 Add the IPv4 forward port into zone. If zone is empty, use
910 default zone. The port can either be a single port number
911 portid or a port range portid-portid. The protocol can either
912 be tcp or udp. The destination address is a simple IP address.
913 If timeout is non-zero, the operation will be active only for
914 the amount of seconds. For permanent settings see
915 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
916
917 Returns name of zone to which the forward port was added.
918
919 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
920 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
921 ALREADY_ENABLED, INVALID_COMMAND
922
923 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
924 Add an ICMP block icmp into zone. The icmp is the one of the
925 icmp types firewalld supports. To get a listing of supported
926 icmp types use
927 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
928 empty, use default zone. If timeout is non-zero, the operation
929 will be active only for the amount of seconds. For permanent
930 settings see
931 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
932
933 Returns name of zone to which the ICMP block was added.
934
935 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
936 ALREADY_ENABLED, INVALID_COMMAND
937
938 addIcmpBlockInversion(s: zone) → s
939 Add ICMP block inversion to zone. If zone is empty, use default
940 zone. For permanent settings see
941 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
942
943 Returns name of zone to which the ICMP block inversion was
944 added.
945
946 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
947
948 addInterface(s: zone, s: interface) → s
949 Bind interface with zone. From now on all traffic going through
950 the interface will respect the zone's settings. If zone is
951 empty, use default zone. For permanent settings see
952 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
953
954 Returns name of zone to which the interface was bound.
955
956 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
957 ALREADY_ENABLED, INVALID_COMMAND
958
959 addMasquerade(s: zone, i: timeout) → s
960 Enable masquerade in zone. If zone is empty, use default zone.
961 If timeout is non-zero, masquerading will be active for the
962 amount of seconds. For permanent settings see
963 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
964
965 Returns name of zone in which the masquerade was enabled.
966
967 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
968
969 addPort(s: zone, s: port, s: protocol, i: timeout) → s
970 Add port into zone. If zone is empty, use default zone. The
971 port can either be a single port number or a port range
972 portid-portid. The protocol can either be tcp or udp. If
973 timeout is non-zero, the operation will be active only for the
974 amount of seconds. For permanent settings see
975 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
976
977 Returns name of zone to which the port was added.
978
979 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
980 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
981
982 addProtocol(s: zone, s: protocol, i: timeout) → s
983 Add protocol into zone. If zone is empty, use default zone. The
984 protocol can be any protocol supported by the system. Please
985 have a look at /etc/protocols for supported protocols. If
986 timeout is non-zero, the operation will be active only for the
987 amount of seconds. For permanent settings see
988 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
989
990 Returns name of zone to which the protocol was added.
991
992 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
993 ALREADY_ENABLED, INVALID_COMMAND
994
995 addRichRule(s: zone, s: rule, i: timeout) → s
996 Add rich language rule into zone. For the rich language rule
997 syntax, please have a look at firewalld.direct(5). If zone is
998 empty, use default zone. If timeout is non-zero, the operation
999 will be active only for the amount of seconds. For permanent
1000 settings see
1001 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
1002
1003 Returns name of zone to which the rich language rule was added.
1004
1005 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
1006 INVALID_COMMAND
1007
1008 addService(s: zone, s: service, i: timeout) → s
1009 Add service into zone. If zone is empty, use default zone. If
1010 timeout is non-zero, the operation will be active only for the
1011 amount of seconds. To get a list of supported services, use
1012 org.fedoraproject.FirewallD1.Methods.listServices. For
1013 permanent settings see
1014 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
1015
1016 Returns name of zone to which the service was added.
1017
1018 Possible errors: INVALID_ZONE, INVALID_SERVICE,
1019 ALREADY_ENABLED, INVALID_COMMAND
1020
1021 addSource(s: zone, s: source) → s
1022 Bind source with zone. From now on all traffic going from this
1023 source will respect the zone's settings. A source address or
1024 address range is either an IP address or a network IP address
1025 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
1026 network mask or a plain number. For IPv6 the mask is a plain
1027 number. Use of host names is not supported. If zone is empty,
1028 use default zone. For permanent settings see
1029 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
1030
1031 Returns name of zone to which the source was bound.
1032
1033 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
1034 INVALID_COMMAND
1035
1036 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
1037 Add source port into zone. If zone is empty, use default zone.
1038 The port can either be a single port number or a port range
1039 portid-portid. The protocol can either be tcp or udp. If
1040 timeout is non-zero, the operation will be active only for the
1041 amount of seconds. For permanent settings see
1042 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
1043
1044 Returns name of zone to which the port was added.
1045
1046 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1047 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
1048
1049 changeZone(s: zone, s: interface) → s
1050 This function is deprecated, use
1051 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
1052 instead.
1053
1054 changeZoneOfInterface(s: zone, s: interface) → s
1055 Change a zone an interface is bound to to zone. It's basically
1056 removeInterface(interface) followed by addInterface(zone,
1057 interface). If interface has not been bound to a zone before,
1058 it behaves like addInterface. If zone is empty, use default
1059 zone.
1060
1061 Returns name of zone to which the interface was bound.
1062
1063 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1064
1065 changeZoneOfSource(s: zone, s: source) → s
1066 Change a zone an source is bound to to zone. It's basically
1067 removeSource(source) followed by addSource(zone, source). If
1068 source has not been bound to a zone before, it behaves like
1069 addSource. If zone is empty, use default zone.
1070
1071 Returns name of zone to which the source was bound.
1072
1073 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1074
1075 getActiveZones() → a{sa{sas}}
1076 Return dictionary of currently active zones altogether with
1077 interfaces and sources used in these zones. Active zones are
1078 zones, that have a binding to an interface or source.
1079
1080 Return value is a dictionary where keys are zone names (s) and
1081 values are again dictionaries where keys are either
1082 'interfaces' or 'sources' and values are arrays of interface
1083 names (s) or sources (s).
1084
1085 getForwardPorts(s: zone) → aas
1086 Return array of IPv4 forward ports previously added into zone.
1087 If zone is empty, use default zone. For getting permanent
1088 settings see
1089 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1090
1091 Return value is array of 4-tuples, where each 4-tuple consists
1092 of (port, protocol, to-port, to-addr). to-addr might be empty
1093 in case of local forwarding.
1094
1095 Possible errors: INVALID_ZONE
1096
1097 getIcmpBlocks(s: zone) → as
1098 Return array of ICMP type (s) blocks previously added into
1099 zone. If zone is empty, use default zone. For getting permanent
1100 settings see
1101 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1102
1103 Possible errors: INVALID_ZONE
1104
1105 getIcmpBlockInversion(s: zone) → b
1106 Return whether ICMP block inversion was previously added to
1107 zone. If zone is empty, use default zone. For getting permanent
1108 settings see
1109 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1110
1111 Possible errors: INVALID_ZONE
1112
1113 getInterfaces(s: zone) → as
1114 Return array of interfaces (s) previously bound with zone. If
1115 zone is empty, use default zone. For getting permanent settings
1116 see
1117 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1118
1119 Possible errors: INVALID_ZONE
1120
1121 getPorts(s: zone) → aas
1122 Return array of ports (2-tuple of port and protocol) previously
1123 enabled in zone. If zone is empty, use default zone. For
1124 getting permanent settings see
1125 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1126
1127 Possible errors: INVALID_ZONE
1128
1129 getProtocols(s: zone) → as
1130 Return array of protocols (s) previously enabled in zone. If
1131 zone is empty, use default zone. For getting permanent settings
1132 see
1133 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1134
1135 Possible errors: INVALID_ZONE
1136
1137 getRichRules(s: zone) → as
1138 Return array of rich language rules (s) previously added into
1139 zone. If zone is empty, use default zone. For getting permanent
1140 settings see
1141 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1142
1143 Possible errors: INVALID_ZONE
1144
1145 getServices(s: zone) → as
1146 Return array of services (s) previously enabled in zone. If
1147 zone is empty, use default zone. For getting permanent settings
1148 see
1149 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1150
1151 Possible errors: INVALID_ZONE
1152
1153 getSourcePorts(s: zone) → aas
1154 Return array of source ports (2-tuple of port and protocol)
1155 previously enabled in zone. If zone is empty, use default zone.
1156 For getting permanent settings see
1157 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1158
1159 Possible errors: INVALID_ZONE
1160
1161 getSources(s: zone) → as
1162 Return array of sources (s) previously bound with zone. If zone
1163 is empty, use default zone. For getting permanent settings see
1164 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1165
1166 Possible errors: INVALID_ZONE
1167
1168 getZoneOfInterface(s: interface) → s
1169 Return name (s) of zone the interface is bound to or empty
1170 string.
1171
1172 getZoneOfSource(s: source) → s
1173 Return name (s) of zone the source is bound to or empty string.
1174
1175 getZones() → as
1176 Return array of names (s) of predefined zones known to current
1177 runtime environment. For list of zones known to permanent
1178 environment see
1179 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1180 lists (of zones known to runtime and permanent environment)
1181 will contain same zones in most cases, but might differ for
1182 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1183 has been called recently, but firewalld has not been reloaded
1184 since then.
1185
1186 isImmutable(s: zone) → b
1187 Deprecated.
1188
1189 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1190 toaddr) → b
1191 Return whether the IPv4 forward port (port, protocol, toport,
1192 toaddr) has been added into zone. If zone is empty, use default
1193 zone. For permanent operation see
1194 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1195
1196 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1197 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1198
1199 queryIcmpBlock(s: zone, s: icmp) → b
1200 Return whether an ICMP block for icmp has been added into zone.
1201 If zone is empty, use default zone. For permanent operation see
1202 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1203
1204 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1205
1206 queryIcmpBlockInversion(s: zone) → b
1207 Return whether ICMP block inversion has been added to zone. If
1208 zone is empty, use default zone. For permanent operation see
1209 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1210
1211 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1212
1213 queryInterface(s: zone, s: interface) → b
1214 Query whether interface has been bound to zone. If zone is
1215 empty, use default zone. For permanent operation see
1216 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1217
1218 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1219
1220 queryMasquerade(s: zone) → b
1221 Return whether masquerading has been enabled in zone If zone is
1222 empty, use default zone. For permanent operation see
1223 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1224
1225 Possible errors: INVALID_ZONE
1226
1227 queryPort(s: zone, s: port, s: protocol) → b
1228 Return whether port/protocol has been added in zone. If zone is
1229 empty, use default zone. For permanent operation see
1230 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1231
1232 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1233 INVALID_PROTOCOL
1234
1235 queryProtocol(s: zone, s: protocol) → b
1236 Return whether protocol has been added in zone. If zone is
1237 empty, use default zone. For permanent operation see
1238 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1239
1240 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1241
1242 queryRichRule(s: zone, s: rule) → b
1243 Return whether rich rule rule has been added in zone. If zone
1244 is empty, use default zone. For permanent operation see
1245 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1246
1247 Possible errors: INVALID_ZONE, INVALID_RULE
1248
1249 queryService(s: zone, s: service) → b
1250 Return whether service has been added for zone. If zone is
1251 empty, use default zone. For permanent operation see
1252 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1253
1254 Possible errors: INVALID_ZONE, INVALID_SERVICE
1255
1256 querySource(s: zone, s: source) → b
1257 Query whether sourcehas been bound to zone. If zone is empty,
1258 use default zone. For permanent operation see
1259 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1260
1261 Possible errors: INVALID_ZONE, INVALID_ADDR
1262
1263 querySourcePort(s: zone, s: port, s: protocol) → b
1264 Return whether port/protocol has been added in zone. If zone is
1265 empty, use default zone. For permanent operation see
1266 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1267
1268 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1269 INVALID_PROTOCOL
1270
1271 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1272 toaddr) → s
1273 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1274 from zone. If zone is empty, use default zone. For permanent
1275 operation see
1276 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1277
1278 Returns name of zone from which the forward port was removed.
1279
1280 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1281 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1282 INVALID_COMMAND
1283
1284 removeIcmpBlock(s: zone, s: icmp) → s
1285 Remove ICMP block icmp from zone. If zone is empty, use default
1286 zone. For permanent operation see
1287 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1288
1289 Returns name of zone from which the ICMP block was removed.
1290
1291 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1292 INVALID_COMMAND
1293
1294 removeIcmpBlockInversion(s: zone) → s
1295 Remove ICMP block inversion from zone. If zone is empty, use
1296 default zone. For permanent operation see
1297 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1298
1299 Returns name of zone from which the ICMP block inversion was
1300 removed.
1301
1302 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1303
1304 removeInterface(s: zone, s: interface) → s
1305 Remove binding of interface from zone. If zone is empty, the
1306 interface will be removed from zone it belongs to. For
1307 permanent operation see
1308 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1309
1310 Returns name of zone from which the interface was removed.
1311
1312 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1313 INVALID_COMMAND
1314
1315 removeMasquerade(s: zone) → s
1316 Disable masquerade for zone. If zone is empty, use default
1317 zone. For permanent operation see
1318 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1319
1320 Returns name of zone for which the masquerade was disabled.
1321
1322 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1323
1324 removePort(s: zone, s: port, s: protocol) → s
1325 Remove port/protocol from zone. If zone is empty, use default
1326 zone. For permanent operation see
1327 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1328
1329 Returns name of zone from which the port was removed.
1330
1331 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1332 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1333
1334 removeProtocol(s: zone, s: protocol) → s
1335 Remove protocol from zone. If zone is empty, use default zone.
1336 For permanent operation see
1337 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1338
1339 Returns name of zone from which the protocol was removed.
1340
1341 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1342 INVALID_COMMAND
1343
1344 removeRichRule(s: zone, s: rule) → s
1345 Remove rich language rule from zone. If zone is empty, use
1346 default zone. For permanent operation see
1347 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1348
1349 Returns name of zone from which the rich language rule was
1350 removed.
1351
1352 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1353 INVALID_COMMAND
1354
1355 removeService(s: zone, s: service) → s
1356 Remove service from zone. If zone is empty, use default zone.
1357 For permanent operation see
1358 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1359
1360 Returns name of zone from which the service was removed.
1361
1362 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1363 INVALID_COMMAND
1364
1365 removeSource(s: zone, s: source) → s
1366 Remove binding of source from zone. If zone is empty, the
1367 source will be removed from zone it belongs to. For permanent
1368 operation see
1369 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1370
1371 Returns name of zone from which the source was removed.
1372
1373 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1374 INVALID_COMMAND
1375
1376 removeSourcePort(s: zone, s: port, s: protocol) → s
1377 Remove port/protocol from zone. If zone is empty, use default
1378 zone. For permanent operation see
1379 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1380
1381 Returns name of zone from which the source port was removed.
1382
1383 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1384 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1385
1386 Signals
1387 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1388 toaddr, i: timeout)
1389 Emitted when forward port has been added to zone with timeout.
1390
1391 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1392 toaddr)
1393 Emitted when forward port has been removed from zone.
1394
1395 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1396 Emitted when ICMP block for icmp has been added to zone with
1397 timeout.
1398
1399 IcmpBlockInversionAdded(s: zone)
1400 Emitted when ICMP block inversion has been added to zone.
1401
1402 IcmpBlockInversionRemoved(s: zone)
1403 Emitted when ICMP block inversion has been removed from zone.
1404
1405 IcmpBlockRemoved(s: zone, s: icmp)
1406 Emitted when ICMP block for icmp has been removed from zone.
1407
1408 InterfaceAdded(s: zone, s: interface)
1409 Emitted when interface has been added to zone.
1410
1411 InterfaceRemoved(s: zone, s: interface)
1412 Emitted when interface has been removed from zone.
1413
1414 MasqueradeAdded(s: zone, i: timeout)
1415 Emitted when masquerade has been enabled for zone.
1416
1417 MasqueradeRemoved(s: zone)
1418 Emitted when masquerade has been disabled for zone.
1419
1420 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1421 Emitted when port/protocol has been added to zone with timeout.
1422
1423 PortRemoved(s: zone, s: port, s: protocol)
1424 Emitted when port/protocol has been removed from zone.
1425
1426 ProtocolAdded(s: zone, s: protocol, i: timeout)
1427 Emitted when protocol has been added to zone with timeout.
1428
1429 ProtocolRemoved(s: zone, s: protocol)
1430 Emitted when protocol has been removed from zone.
1431
1432 RichRuleAdded(s: zone, s: rule, i: timeout)
1433 Emitted when rich language rule has been added to zone with
1434 timeout.
1435
1436 RichRuleRemoved(s: zone, s: rule)
1437 Emitted when rich language rule has been removed from zone.
1438
1439 ServiceAdded(s: zone, s: service, i: timeout)
1440 Emitted when service has been added to zone with timeout.
1441
1442 ServiceRemoved(s: zone, s: service)
1443 Emitted when service has been removed from zone.
1444
1445 SourceAdded(s: zone, s: source)
1446 Emitted when source has been added to zone.
1447
1448 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1449 Emitted when source-port/protocol has been added to zone with
1450 timeout.
1451
1452 SourcePortRemoved(s: zone, s: port, s: protocol)
1453 Emitted when source-port/protocol has been removed from zone.
1454
1455 SourceRemoved(s: zone, s: source)
1456 Emitted when source has been removed from zone.
1457
1458 ZoneChanged(s: zone, s: interface)
1459 Deprecated
1460
1461 ZoneOfInterfaceChanged(s: zone, s: interface)
1462 Emitted when a zone an interface is part of has been changed to
1463 zone.
1464
1465 ZoneOfSourceChanged(s: zone, s: source)
1466 Emitted when a zone an source is part of has been changed to
1467 zone.
1468
1469 ZoneUpdated2(s: zone, a{sv}: settings)
1470 Emitted when a zone's settings are updated via
1471 org.fedoraproject.FirewallD1.zone.Methods.setZoneSettings2
1472
1473 org.fedoraproject.FirewallD1.policy
1474 Operations in this interface allows one to get, add, remove and query
1475 runtime policy settings. For permanent settings see
1476 org.fedoraproject.FirewallD1.config.policy interface.
1477
1478 Methods
1479 getActivePolicies() → a{sa{sas}}
1480 Return dictionary of currently active policies altogether with
1481 ingress zones and egress zones used in these policies. Active
1482 policies are policies, that have a binding to an active ingress
1483 zone and an active egress zone.
1484
1485 Return value is a dictionary where keys are policy names (s)
1486 and values are again dictionaries where keys are either
1487 'ingress_zones' or 'egress_zones' and values are arrays of zone
1488 names (s).
1489
1490 getPolicies() → as
1491 Return array of names (s) of predefined policies known to
1492 current runtime environment. For list of policies known to
1493 permanent environment see
1494 org.fedoraproject.FirewallD1.config.Methods.listPolicies. The
1495 lists (of policies known to runtime and permanent environment)
1496 will contain same policies in most cases, but might differ for
1497 example if
1498 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1499 called recently, but firewalld has not been reloaded since
1500 then.
1501
1502 getPolicySettings(s: policy) → a{sv}
1503 Return runtime settings of given policy. For getting permanent
1504 settings see
1505 org.fedoraproject.FirewallD1.config.policy.Methods.getSettings.
1506 Settings are a dictionary indexed by keywords. For possible
1507 keywords see
1508 org.fedoraproject.FirewallD1.config.Methods.addPolicy. If the
1509 value is empty it may be omitted.
1510
1511 Possible errors: INVALID_POLICY
1512
1513 setPolicySettings(s: policy, a{sv}: settings, i: timeout)
1514 Set runtime settings of given policy. For setting permanent
1515 settings see
1516 org.fedoraproject.FirewallD1.config.policy.Methods.update.
1517 Settings are a dictionary indexed by keywords. For possible
1518 keywords see
1519 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
1520 a value pass an empty string or list. Some keywords are not
1521 available to modify in the runtime: description, name,
1522 priority, target, version.
1523
1524 Possible errors: INVALID_POLICY
1525
1526 Signals
1527 ForwardPortAdded(s: policy, a{sv}: settings)
1528 Emitted when a policy's settings are updated via
1529 org.fedoraproject.FirewallD1.policy.Methods.setPolicySettings
1530
1531 org.fedoraproject.FirewallD1.config
1532 Allows one to permanently add, remove and query zones, services and
1533 icmp types.
1534
1535 Methods
1536 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1537 Add ipset with given settings into permanent configuration.
1538 Settings are in format: version, name, description, type,
1539 dictionary of options and array of entries.
1540
1541 version (s): see version attribute of ipset tag in
1542 firewalld.ipset(5).
1543
1544 name (s): see short tag in firewalld.ipset(5).
1545
1546 description (s): see description tag in firewalld.ipset(5).
1547
1548 type (s): see type attribute of ipset tag in
1549 firewalld.ipset(5).
1550
1551 options (a{ss}): dictionary of {option : value} . See options
1552 tag in firewalld.ipset(5).
1553
1554 entries (as): array of entries, see entry tag in
1555 firewalld.ipset(5).
1556
1557 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1558
1559 addIcmpType(s: icmptype, (sssas): settings) → o
1560 Add icmptype with given settings into permanent configuration.
1561 Settings are in format: version, name, description, array of
1562 destinations. Returns object path of the new icmp type.
1563
1564 version (s): see version attribute of icmptype tag in
1565 firewalld.icmptype(5).
1566
1567 name (s): see short tag in firewalld.icmptype(5).
1568
1569 description (s): see description tag in firewalld.icmptype(5).
1570
1571 destinations (as): array, either empty or containing strings
1572 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1573
1574 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1575
1576 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1577 This function is deprecated, use
1578 org.fedoraproject.FirewallD1.config.Methods.addService2
1579 instead.
1580
1581 addService2s: service, a{sv}: settings) → o
1582 Add service with given settings into permanent configuration.
1583 Settings are a dictionary indexed by keywords. For the type of
1584 each value see below. To zero a value pass an empty string or
1585 list.
1586
1587 version (s): see version attribute of service tag in
1588 firewalld.service(5).
1589
1590 name (s): see short tag in firewalld.service(5).
1591
1592 description (s): see description tag in firewalld.service(5).
1593
1594 ports (a(ss)): array of port and protocol pairs. See port tag
1595 in firewalld.service(5).
1596
1597 module names (as): array of kernel netfilter helpers, see
1598 module tag in firewalld.service(5).
1599
1600 destinations (a{ss}): dictionary of {IP family : IP address}
1601 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1602 destination tag in firewalld.service(5).
1603
1604 protocols (as): array of protocols, see protocol tag in
1605 firewalld.service(5).
1606
1607 source_ports (a(ss)): array of port and protocol pairs. See
1608 source-port tag in firewalld.service(5).
1609
1610 includes (as): array of service includes, see include tag in
1611 firewalld.service(5).
1612
1613 helpers (as): array of service helpers, see helper tag in
1614 firewalld.service(5).
1615
1616 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1617
1618 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings)
1619 → o
1620 This function is deprecated, use
1621 org.fedoraproject.FirewallD1.config.Methods.addZone2 instead.
1622
1623 addZone2(s: zone, a{sv}: settings) → o
1624 Add zone with given settings into permanent configuration.
1625 Settings are a dictionary indexed by keywords. For the type of
1626 each value see below. To zero a value pass an empty string or
1627 list.
1628
1629 version (s): see version attribute of zone tag in
1630 firewalld.zone(5).
1631
1632 name (s): see short tag in firewalld.zone(5).
1633
1634 description (s): see description tag in firewalld.zone(5).
1635
1636 target (s): see target attribute of zone tag in
1637 firewalld.zone(5).
1638
1639 services (as): array of service names, see service tag in
1640 firewalld.zone(5).
1641
1642 ports (a(ss)): array of port and protocol pairs. See port tag
1643 in firewalld.zone(5).
1644
1645 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1646 firewalld.zone(5).
1647
1648 masquerade (b): see masquerade tag in firewalld.zone(5).
1649
1650 forward_ports (a(ssss)): array of (port, protocol, to-port,
1651 to-addr). See forward-port tag in firewalld.zone(5).
1652
1653 interfaces (as): array of interfaces. See interface tag in
1654 firewalld.zone(5).
1655
1656 sources (as): array of source addresses. See source tag in
1657 firewalld.zone(5).
1658
1659 rules_str (as): array of rich-language rules. See rule tag in
1660 firewalld.zone(5).
1661
1662 protocols (as): array of protocols, see protocol tag in
1663 firewalld.zone(5).
1664
1665 source_ports (a(ss)): array of port and protocol pairs. See
1666 source-port tag in firewalld.zone(5).
1667
1668 icmp_block_inversion (b): see icmp-block-inversion tag in
1669 firewalld.zone(5).
1670
1671 forward (b): see forward tag in firewalld.zone(5).
1672
1673 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1674
1675 addPolicy(s: policy, a{sv}: settings) → o
1676 Add policy with given settings into permanent configuration.
1677 Settings are a dictionary indexed by keywords. For the type of
1678 each value see below. If a keyword is omitted the default value
1679 will be used.
1680
1681 description (s): see description tag in firewalld.policy(5).
1682
1683 egress_zones as: array of zone names. See egress-zone tag in
1684 firewalld.policy(5).
1685
1686 forward_ports (a(ssss)): array of (port, protocol, to-port,
1687 to-addr). See forward-port tag in firewalld.policy(5).
1688
1689 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1690 firewalld.policy(5).
1691
1692 ingress_zones as: array of zone names. See ingress-zone tag in
1693 firewalld.policy(5).
1694
1695 masquerade (b): see masquerade tag in firewalld.policy(5).
1696
1697 ports (a(ss)): array of port and protocol pairs. See port tag
1698 in firewalld.policy(5).
1699
1700 priority (i): see priority tag in firewalld.policy(5).
1701
1702 protocols (as): array of protocols, see protocol tag in
1703 firewalld.policy(5).
1704
1705 rich_rules (as): array of rich-language rules. See rule tag in
1706 firewalld.policy(5).
1707
1708 services (as): array of service names, see service tag in
1709 firewalld.policy(5).
1710
1711 short (s): see short tag in firewalld.policy(5).
1712
1713 source_ports (a(ss)): array of port and protocol pairs. See
1714 source-port tag in firewalld.policy(5).
1715
1716 target (s): see target attribute of policy tag in
1717 firewalld.policy(5).
1718
1719 version (s): see version attribute of policy tag in
1720 firewalld.policy(5).
1721
1722 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1723
1724 getHelperByName(s: helper) → o
1725 Return object path (permanent configuration) of helper with
1726 given name.
1727
1728 Possible errors: INVALID_HELPER
1729
1730 getHelperNames() → as
1731 Return list of helper names (permanent configuration).
1732
1733 getIPSetByName(s: ipset) → o
1734 Return object path (permanent configuration) of ipset with
1735 given name.
1736
1737 Possible errors: INVALID_IPSET
1738
1739 getIPSetNames() → as
1740 Return list of ipset names (permanent configuration).
1741
1742 getIcmpTypeByName(s: icmptype) → o
1743 Return object path (permanent configuration) of icmptype with
1744 given name.
1745
1746 Possible errors: INVALID_ICMPTYPE
1747
1748 getIcmpTypeNames() → as
1749 Return list of icmptype names (permanent configuration).
1750
1751 getServiceByName(s: service) → o
1752 Return object path (permanent configuration) of service with
1753 given name.
1754
1755 Possible errors: INVALID_SERVICE
1756
1757 getServiceNames() → as
1758 Return list of service names (permanent configuration).
1759
1760 getZoneByName(s: zone) → o
1761 Return object path (permanent configuration) of zone with given
1762 name.
1763
1764 Possible errors: INVALID_ZONE
1765
1766 getZoneNames() → as
1767 Return list of zone names (permanent configuration) of.
1768
1769 getZoneOfInterface(s: iface) → s
1770 Return name of zone the iface is bound to or empty string.
1771
1772 getZoneOfSource(s: source) → s
1773 Return name of zone the source is bound to or empty string.
1774
1775 getPolicyByName(s: policy) → o
1776 Return object path (permanent configuration) of policy with
1777 given name.
1778
1779 Possible errors: INVALID_POLICY
1780
1781 getPolicyNames() → as
1782 Return list of policy names (permanent configuration).
1783
1784 listHelpers() → ao
1785 Return array of object paths (o) of helper in permanent
1786 configuration. For runtime configuration see
1787 org.fedoraproject.FirewallD1.Methods.getHelpers.
1788
1789 listIPSets() → ao
1790 Return array of object paths (o) of ipset in permanent
1791 configuration. For runtime configuration see
1792 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1793
1794 listIcmpTypes() → ao
1795 Return array of object paths (o) of icmp types in permanent
1796 configuration. For runtime configuration see
1797 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1798
1799 listServices() → ao
1800 Return array of objects paths (o) of services in permanent
1801 configuration. For runtime configuration see
1802 org.fedoraproject.FirewallD1.Methods.listServices.
1803
1804 listZones() → ao
1805 List object paths of zones known to permanent environment. For
1806 list of zones known to runtime environment see
1807 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1808 (of zones known to runtime and permanent environment) will
1809 contain same zones in most cases, but might differ for example
1810 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1811 called recently, but firewalld has not been reloaded since
1812 then.
1813
1814 listPolicies() → ao
1815 List object paths of policies known to permanent environment.
1816 For list of policies known to runtime environment see
1817 org.fedoraproject.FirewallD1.policy.Methods.getPolicies. The
1818 lists (of policies known to runtime and permanent environment)
1819 will contain same policies in most cases, but might differ for
1820 example if
1821 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1822 called recently, but firewalld has not been reloaded since
1823 then.
1824
1825 Signals
1826 HelperAdded(s: helper)
1827 Emitted when helper has been added.
1828
1829 IPSetAdded(s: ipset)
1830 Emitted when ipset has been added.
1831
1832 IcmpTypeAdded(s: icmptype)
1833 Emitted when icmptype has been added.
1834
1835 ServiceAdded(s: service)
1836 Emitted when service has been added.
1837
1838 ZoneAdded(s: zone)
1839 Emitted when zone has been added.
1840
1841 Properties
1842 AllowZoneDrifting - s - (rw)
1843 Deprecated. Getting this value always returns "no". Setting
1844 this value is ignored.
1845
1846 AutomaticHelpers - s - (rw)
1847 Deprecated. Getting this value always returns "no". Setting
1848 this value is ignored.
1849
1850 CleanupModulesOnExit - s - (rw)
1851 Setting this option to yes or true unloads all firewall-related
1852 kernel modules when firewalld is stopped.
1853
1854 CleanupOnExit - s - (rw)
1855 If firewalld stops, it cleans up all firewall rules. Setting
1856 this option to no or false leaves the current firewall rules
1857 untouched.
1858
1859 DefaultZone - s - (ro)
1860 Default zone for connections or interfaces if the zone is not
1861 selected or specified by NetworkManager, initscripts or command
1862 line tool.
1863
1864 FirewallBackend - s - (rw)
1865 Selects the firewalld backend for all rules except the direct
1866 interface. Valid options are; nftables, iptables. Default in
1867 nftables.
1868
1869 Note: The iptables backend is deprecated. It will be removed in
1870 a future release.
1871
1872 FlushAllOnReload - s - (rw)
1873 Flush all runtime rules on a reload. Valid options are; yes,
1874 no.
1875
1876 IPv6_rpfilter - s - (rw)
1877 Indicates whether the reverse path filter test on a packet for
1878 IPv6 is enabled. If a reply to the packet would be sent via the
1879 same interface that the packet arrived on, the packet will
1880 match and be accepted, otherwise dropped.
1881
1882 IndividualCalls - s - (ro)
1883 Indicates whether individual calls combined -restore calls are
1884 used. If enabled, this increases the time that is needed to
1885 apply changes and to start the daemon, but is good for
1886 debugging.
1887
1888 Lockdown - s - (rw)
1889 If this property is enabled, firewall changes with the D-Bus
1890 interface will be limited to applications that are listed in
1891 the lockdown whitelist.
1892
1893 LogDenied - s - (rw)
1894 If LogDenied is enabled, then logging rules are added right
1895 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1896 chains for the default rules and also final reject and drop
1897 rules in zones. Possible values are: all, unicast, broadcast,
1898 multicast and off.
1899
1900 MinimalMark - i - (rw)
1901 Deprecated. This option is ignored and no longer used. Marks
1902 are no longer used internally.
1903
1904 RFC3964_IPv4 - s - (rw)
1905 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1906 addresses that correspond to IPv4 addresses that should not be
1907 routed over the public internet. Valid options are; yes, no.
1908
1909 org.fedoraproject.FirewallD1.config.direct
1910 DEPRECATED
1911 The direct interface has been deprecated. It will be removed in a
1912 future release. It is superseded by policies, see
1913 firewalld.policies(5).
1914
1915 Interface for permanent direct configuration, see also
1916 firewalld.direct(5). For runtime direct configuration see
1917 org.fedoraproject.FirewallD1.direct interface.
1918
1919 Methods
1920 addChain(s: ipv, s: table, s: chain) → Nothing
1921 Add a new chain to table for ipv being either ipv4 (iptables)
1922 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1923 other chain with this name already. There already exist basic
1924 chains to use with direct methods, for example INPUT_direct
1925 chain. These chains are jumped into before chains for zones,
1926 i.e. every rule put into INPUT_direct will be checked before
1927 rules in zones. For runtime operation see
1928 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1929
1930 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1931
1932 addPassthrough(s: ipv, as: args) → Nothing
1933 Add a passthrough rule with the arguments args for ipv being
1934 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1935 For runtime operation see
1936 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1937
1938 Possible errors: INVALID_IPV, ALREADY_ENABLED
1939
1940 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1941 Nothing
1942 Add a rule with the arguments args to chain in table with
1943 priority for ipv being either ipv4 (iptables) or ipv6
1944 (ip6tables) or eb (ebtables). The priority is used to order
1945 rules. Priority 0 means add rule on top of the chain, with a
1946 higher priority the rule will be added further down. Rules with
1947 the same priority are on the same level and the order of these
1948 rules is not fixed and may change. If you want to make sure
1949 that a rule will be added after another one, use a low priority
1950 for the first and a higher for the following. For runtime
1951 operation see
1952 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1953
1954 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1955
1956 getAllChains() → a(sss)
1957 Get all chains added to all tables in format: ipv, table,
1958 chain. This concerns only chains previously added with
1959 addChain. Return value is a array of (ipv, table, chain). For
1960 runtime operation see
1961 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1962
1963 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1964 (ebtables).
1965
1966 table (s): one of filter, mangle, nat, raw, security
1967
1968 chain (s): name of a chain.
1969
1970
1971 getAllPassthroughs() → a(sas)
1972 Get all passthrough rules added in all ipv types in format:
1973 ipv, rule. This concerns only rules previously added with
1974 addPassthrough. Return value is a array of (ipv, array of
1975 arguments). For runtime operation see
1976 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1977
1978 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1979 (ebtables).
1980
1981 arguments (as): array of commands, parameters and other
1982 iptables/ip6tables/ebtables command line options.
1983
1984
1985 getAllRules() → a(sssias)
1986 Get all rules added to all chains in all tables in format: ipv,
1987 table, chain, priority, rule. This concerns only rules
1988 previously added with addRule. Return value is a array of (ipv,
1989 table, chain, priority, array of arguments). For runtime
1990 operation see
1991 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1992
1993 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1994 (ebtables).
1995
1996 table (s): one of filter, mangle, nat, raw, security
1997
1998 chain (s): name of a chain.
1999
2000 priority (i): used to order rules.
2001
2002 arguments (as): array of commands, parameters and other
2003 iptables/ip6tables/ebtables command line options.
2004
2005
2006 getChains(s: ipv, s: table) → as
2007 Return an array of chains (s) added to table for ipv being
2008 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2009 This concerns only chains previously added with addChain. For
2010 runtime operation see
2011 org.fedoraproject.FirewallD1.direct.Methods.getChains.
2012
2013 Possible errors: INVALID_IPV, INVALID_TABLE
2014
2015 getPassthroughs(s: ipv) → aas
2016 Get tracked passthrough rules added in either ipv4 (iptables)
2017 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2018 previously added with addPassthrough. Return value is a array
2019 of (array of arguments). For runtime operation see
2020 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
2021
2022 arguments (as): array of commands, parameters and other
2023 iptables/ip6tables/ebtables command line options.
2024
2025
2026 getRules(s: ipv, s: table, s: chain) → a(ias)
2027 Get all rules added to chain in table for ipv being either ipv4
2028 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2029 only rules previously added with addRule. Return value is a
2030 array of (priority, array of arguments). For runtime operation
2031 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
2032
2033 priority (i): used to order rules.
2034
2035 arguments (as): array of commands, parameters and other
2036 iptables/ip6tables/ebtables command line options.
2037
2038 Possible errors: INVALID_IPV, INVALID_TABLE
2039
2040 getSettings() → (a(sss)a(sssias)a(sas))
2041 Get settings of permanent direct configuration in format: array
2042 of chains, array of rules, array of passthroughs.
2043
2044 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2045 firewalld.direct(5).
2046 .
2047 .PP rules (a(sssias)): array of (ipv, table,
2048 chain, priority, array of arguments), see 'rule' in
2049 firewalld.direct(5).
2050 .
2051 .PP passthroughs (a(sas)): array of (ipv,
2052 array of arguments), see passthrough in firewalld.direct(5).
2053 .
2054 .sp
2055
2056 queryChain(s: ipv, s: table, s: chain) → b
2057 Return whether a chain exists in table for ipv being either
2058 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
2059 concerns only chains previously added with addChain. For
2060 runtime operation see
2061 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
2062
2063 Possible errors: INVALID_IPV, INVALID_TABLE
2064
2065 queryPassthrough(s: ipv, as: args) → b
2066 Return whether a tracked passthrough rule with the arguments
2067 args exists for ipv being either ipv4 (iptables) or ipv6
2068 (ip6tables) or eb (ebtables). This concerns only rules
2069 previously added with addPassthrough. For runtime operation see
2070 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
2071
2072 Possible errors: INVALID_IPV
2073
2074 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
2075 Return whether a rule with priority and the arguments args
2076 exists in chain in table for ipv being either ipv4 (iptables)
2077 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2078 previously added with addRule. For runtime operation see
2079 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
2080
2081 Possible errors: INVALID_IPV, INVALID_TABLE
2082
2083 removeChain(s: ipv, s: table, s: chain) → Nothing
2084 Remove a chain from table for ipv being either ipv4 (iptables)
2085 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
2086 added with addChain can be removed this way. For runtime
2087 operation see
2088 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
2089
2090 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2091
2092 removePassthrough(s: ipv, as: args) → Nothing
2093 Remove a passthrough rule with arguments args for ipv being
2094 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2095 Only rules previously added with addPassthrough can be removed
2096 this way. For runtime operation see
2097 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
2098
2099 Possible errors: INVALID_IPV, NOT_ENABLED
2100
2101 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
2102 Nothing
2103 Remove a rule with priority and arguments args from chain in
2104 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
2105 or eb (ebtables). Only rules previously added with addRule can
2106 be removed this way. For runtime operation see
2107 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
2108
2109 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2110
2111 removeRules(s: ipv, s: table, s: chain) → Nothing
2112 Remove all rules from chain in table for ipv being either ipv4
2113 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2114 only rules previously added with addRule. For runtime operation
2115 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
2116
2117 Possible errors: INVALID_IPV, INVALID_TABLE
2118
2119 update((a(sss)a(sssias)a(sas)): settings) → Nothing
2120 Update permanent direct configuration with given settings.
2121 Settings are in format: array of chains, array of rules, array
2122 of passthroughs.
2123
2124 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2125 firewalld.direct(5).
2126 .
2127 .PP rules (a(sssias)): array of (ipv, table,
2128 chain, priority, array of arguments), see 'rule' in
2129 firewalld.direct(5).
2130 .
2131 .PP passthroughs (a(sas)): array of (ipv,
2132 array of arguments), see passthrough in firewalld.direct(5).
2133 .
2134 .sp Possible errors: INVALID_TYPE
2135
2136 Signals
2137 Updated()
2138 Emitted when configuration has been updated.
2139
2140 org.fedoraproject.FirewallD1.config.policies
2141 Interface for permanent lockdown-whitelist configuration, see also
2142 firewalld.lockdown-whitelist(5). For runtime configuration see
2143 org.fedoraproject.FirewallD1.policies interface.
2144
2145 Methods
2146 addLockdownWhitelistCommand(s: command) → Nothing
2147 Add command to whitelist. See command option in
2148 firewalld.lockdown-whitelist(5). For runtime operation see
2149 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
2150
2151 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2152
2153 addLockdownWhitelistContext(s: context) → Nothing
2154 Add context to whitelist. See selinux option in
2155 firewalld.lockdown-whitelist(5). For runtime operation see
2156 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
2157
2158 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2159
2160 addLockdownWhitelistUid(i: uid) → Nothing
2161 Add user id uid to whitelist. See user option in
2162 firewalld.lockdown-whitelist(5). For runtime operation see
2163 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
2164
2165 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2166
2167 addLockdownWhitelistUser(s: user) → Nothing
2168 Add user name to whitelist. See user option in
2169 firewalld.lockdown-whitelist(5). For runtime operation see
2170 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
2171
2172 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2173
2174 getLockdownWhitelist() → (asasasai)
2175 Get settings of permanent lockdown-whitelist configuration in
2176 format: commands, selinux contexts, users, uids
2177
2178 commands (as): see command option in firewalld.lockdown-
2179 whitelist(5).
2180
2181 selinux contexts (as): see selinux option in
2182 firewalld.lockdown-whitelist(5).
2183
2184 users (as): see name attribute of user option in
2185 firewalld.lockdown-whitelist(5).
2186
2187 uids (ai): see id attribute of user option in
2188 firewalld.lockdown-whitelist(5).
2189
2190
2191 getLockdownWhitelistCommands() → as
2192 List all command lines (s) that are on whitelist. For runtime
2193 operation see
2194 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
2195
2196 getLockdownWhitelistContexts() → as
2197 List all contexts (s) that are on whitelist. For runtime
2198 operation see
2199 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2200
2201 getLockdownWhitelistUids() → ai
2202 List all user ids (i) that are on whitelist. For runtime
2203 operation see
2204 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2205
2206 getLockdownWhitelistUsers() → as
2207 List all users (s) that are on whitelist. For runtime operation
2208 see
2209 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2210
2211 queryLockdownWhitelistCommand(s: command) → b
2212 Query whether command is on whitelist. For runtime operation
2213 see
2214 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2215
2216 queryLockdownWhitelistContext(s: context) → b
2217 Query whether context is on whitelist. For runtime operation
2218 see
2219 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2220
2221 queryLockdownWhitelistUid(i: uid) → b
2222 Query whether user id uid is on whitelist. For runtime
2223 operation see
2224 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2225
2226 queryLockdownWhitelistUser(s: user) → b
2227 Query whether user is on whitelist. For runtime operation see
2228 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2229
2230 removeLockdownWhitelistCommand(s: command) → Nothing
2231 Remove command from whitelist. For runtime operation see
2232 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2233
2234 Possible errors: NOT_ENABLED
2235
2236 removeLockdownWhitelistContext(s: context) → Nothing
2237 Remove context from whitelist. For runtime operation see
2238 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2239
2240 Possible errors: NOT_ENABLED
2241
2242 removeLockdownWhitelistUid(i: uid) → Nothing
2243 Remove user id uid from whitelist. For runtime operation see
2244 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2245
2246 Possible errors: NOT_ENABLED
2247
2248 removeLockdownWhitelistUser(s: user) → Nothing
2249 Remove user from whitelist. For runtime operation see
2250 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2251
2252 Possible errors: NOT_ENABLED
2253
2254 setLockdownWhitelist((asasasai): settings) → Nothing
2255 Set permanent lockdown-whitelist configuration to settings.
2256 Settings are in format: commands, selinux contexts, users, uids
2257
2258 commands (as): see command option in firewalld.lockdown-
2259 whitelist(5).
2260
2261 selinux contexts (as): see selinux option in
2262 firewalld.lockdown-whitelist(5).
2263
2264 users (as): see name attribute of user option in
2265 firewalld.lockdown-whitelist(5).
2266
2267 uids (ai): see id attribute of user option in
2268 firewalld.lockdown-whitelist(5).
2269
2270 Possible errors: INVALID_TYPE
2271
2272 Signals
2273 LockdownWhitelistUpdated()
2274 Emitted when permanent lockdown-whitelist configuration has
2275 been updated.
2276
2277 org.fedoraproject.FirewallD1.config.ipset
2278 Interface for permanent ipset configuration, see also
2279 firewalld.ipset(5).
2280
2281 Methods
2282 addEntry(s: entry) → Nothing
2283 Permanently add entry to list of entries of ipset. See entry
2284 tag in firewalld.ipset(5). For runtime operation see
2285 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2286
2287 Possible errors: ALREADY_ENABLED
2288
2289 addOption(s: key, s: value) → Nothing
2290 Permanently add (key, value) to the ipset. See option tag in
2291 firewalld.ipset(5).
2292
2293 Possible errors: ALREADY_ENABLED
2294
2295 getDescription() → s
2296 Get description of ipset. See description tag in
2297 firewalld.ipset(5).
2298
2299 getEntries() → as
2300 Get list of entries added to ipset. See entry tag in
2301 firewalld.ipset(5). For runtime operation see
2302 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2303
2304 Possible errors: IPSET_WITH_TIMEOUT
2305
2306 getOptions() → a{ss}
2307 Get dictionary of options set for ipset. See option tag in
2308 firewalld.ipset(5).
2309
2310 getSettings() → (ssssa{ss}as)
2311 Return permanent settings of the ipset. For getting runtime
2312 settings see
2313 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2314 Settings are in format: version, name, description, type,
2315 dictionary of options and array of entries.
2316
2317 version (s): see version attribute of ipset tag in
2318 firewalld.ipset(5).
2319
2320 name (s): see short tag in firewalld.ipset(5).
2321
2322 description (s): see description tag in firewalld.ipset(5).
2323
2324 type (s): see type attribute of ipset tag in
2325 firewalld.ipset(5).
2326
2327 options (a{ss}): dictionary of {option : value} . See options
2328 tag in firewalld.ipset(5).
2329
2330 entries (as): array of entries, see entry tag in
2331 firewalld.ipset(5).
2332
2333
2334 getShort() → s
2335 Get name of ipset. See short tag in firewalld.ipset(5).
2336
2337 getType() → s
2338 Get type of ipset. See type attribute of ipset tag in
2339 firewalld.ipset(5).
2340
2341 getVersion() → s
2342 Get version of ipset. See version attribute of ipset tag in
2343 firewalld.ipset(5).
2344
2345 loadDefaults() → Nothing
2346 Load default settings for built-in ipset.
2347
2348 Possible errors: NO_DEFAULTS
2349
2350 queryEntry(s: entry) → b
2351 Return whether entry has been added to ipset. For runtime
2352 operation see
2353 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2354
2355 queryOption(s: key, s: value) → b
2356 Return whether (key, value) has been added to options of the
2357 ipset.
2358
2359 remove() → Nothing
2360 Remove not built-in ipset.
2361
2362 Possible errors: BUILTIN_IPSET
2363
2364 removeEntry(s: entry) → Nothing
2365 Permanently remove entry from ipset. See entry tag in
2366 firewalld.ipset(5). For runtime operation see
2367 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2368
2369 Possible errors: NOT_ENABLED
2370
2371 removeOption(s: key) → Nothing
2372 Permanently remove key from the ipset. See option tag in
2373 firewalld.ipset(5).
2374
2375 Possible errors: NOT_ENABLED
2376
2377 rename(s: name) → Nothing
2378 Rename not built-in ipset to name.
2379
2380 Possible errors: BUILTIN_IPSET
2381
2382 setDescription(s: description) → Nothing
2383 Permanently set description of ipset to description. See
2384 description tag in firewalld.ipset(5).
2385
2386 setEntries(as: entries) → Nothing
2387 Permanently set list of entries to entries. See entry tag in
2388 firewalld.ipset(5).
2389
2390 setOptions(a{ss}: options) → Nothing
2391 Permanently set dict of options to options. See option tag in
2392 firewalld.ipset(5).
2393
2394 setShort(s: short) → Nothing
2395 Permanently set name of ipset to short. See short tag in
2396 firewalld.ipset(5).
2397
2398 setType(s: ipset_type) → Nothing
2399 Permanently set type of ipset to ipset_type. See type attribute
2400 of ipset tag in firewalld.ipset(5).
2401
2402 setVersion(s: version) → Nothing
2403 Permanently set version of ipset to version. See version
2404 attribute of ipset tag in firewalld.ipset(5).
2405
2406 update((ssssa{ss}as): settings) → Nothing
2407 Update settings of ipset to settings. Settings are in format:
2408 version, name, description, type, dictionary of options and
2409 array of entries.
2410
2411 version (s): see version attribute of ipset tag in
2412 firewalld.ipset(5).
2413
2414 name (s): see short tag in firewalld.ipset(5).
2415
2416 description (s): see description tag in firewalld.ipset(5).
2417
2418 type (s): see type attribute of ipset tag in
2419 firewalld.ipset(5).
2420
2421 options (a{ss}): dictionary of {option : value} . See options
2422 tag in firewalld.ipset(5).
2423
2424 entries (as): array of entries, see entry tag in
2425 firewalld.ipset(5).
2426
2427 Possible errors: INVALID_TYPE
2428
2429 Signals
2430 Removed(s: name)
2431 Emitted when ipset with name has been removed.
2432
2433 Renamed(s: name)
2434 Emitted when ipset has been renamed to name.
2435
2436 Updated(s: name)
2437 Emitted when ipset with name has been updated.
2438
2439 Properties
2440 builtin - b - (ro)
2441 True if ipset is build-in, false else.
2442
2443 default - b - (ro)
2444 True if build-in ipset has default settings. False if it has
2445 been modified. Always False for not build-in ipsets.
2446
2447 filename - s - (ro)
2448 Name (including .xml extension) of file where the configuration
2449 is stored.
2450
2451 name - s - (ro)
2452 Name of ipset.
2453
2454 path - s - (ro)
2455 Path to directory where the ipset configuration is stored.
2456 Should be either /usr/lib/firewalld/ipsets or
2457 /etc/firewalld/ipsets.
2458
2459 org.fedoraproject.FirewallD1.config.zone
2460 Interface for permanent zone configuration, see also firewalld.zone(5).
2461
2462 Methods
2463 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2464 Nothing
2465 Permanently add (port, protocol, toport, toaddr) to list of
2466 forward ports of zone. See forward-port tag in
2467 firewalld.zone(5). For runtime operation see
2468 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2469
2470 Possible errors: ALREADY_ENABLED
2471
2472 addIcmpBlock(s: icmptype) → Nothing
2473 Permanently add icmptype to list of icmp types blocked in zone.
2474 See icmp-block tag in firewalld.zone(5). For runtime operation
2475 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2476
2477 Possible errors: ALREADY_ENABLED
2478
2479 addIcmpBlock(s: icmptype) → Nothing
2480 Permanently add icmp block inversion to zone. See
2481 icmp-block-inversion tag in firewalld.zone(5). For runtime
2482 operation see
2483 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2484
2485 Possible errors: ALREADY_ENABLED
2486
2487 addInterface(s: interface) → Nothing
2488 Permanently add interface to list of interfaces bound to zone.
2489 See interface tag in firewalld.zone(5). For runtime operation
2490 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2491
2492 Possible errors: ALREADY_ENABLED
2493
2494 addMasquerade() → Nothing
2495 Permanently enable masquerading in zone. See masquerade tag in
2496 firewalld.zone(5). For runtime operation see
2497 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2498
2499 Possible errors: ALREADY_ENABLED
2500
2501 addPort(s: port, s: protocol) → Nothing
2502 Permanently add (port, protocol) to list of ports of zone. See
2503 port tag in firewalld.zone(5). For runtime operation see
2504 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2505
2506 Possible errors: ALREADY_ENABLED
2507
2508 addProtocol(s: protocol) → Nothing
2509 Permanently add protocol into zone. The protocol can be any
2510 protocol supported by the system. Please have a look at
2511 /etc/protocols for supported protocols. For runtime operation
2512 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2513
2514 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2515
2516 addRichRule(s: rule) → Nothing
2517 Permanently add rule to list of rich-language rules in zone.
2518 See rule tag in firewalld.zone(5). For runtime operation see
2519 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2520
2521 Possible errors: ALREADY_ENABLED
2522
2523 addService(s: service) → Nothing
2524 Permanently add service to list of services used in zone. See
2525 service tag in firewalld.zone(5). For runtime operation see
2526 org.fedoraproject.FirewallD1.zone.Methods.addService.
2527
2528 Possible errors: ALREADY_ENABLED
2529
2530 addSource(s: source) → Nothing
2531 Permanently add source to list of source addresses bound to
2532 zone. See source tag in firewalld.zone(5). For runtime
2533 operation see
2534 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2535
2536 Possible errors: ALREADY_ENABLED
2537
2538 addSourcePort(s: port, s: protocol) → Nothing
2539 Permanently add (port, protocol) to list of source ports of
2540 zone. See source-port tag in firewalld.zone(5). For runtime
2541 operation see
2542 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2543
2544 Possible errors: ALREADY_ENABLED
2545
2546 getDescription() → s
2547 Get description of zone. See description tag in
2548 firewalld.zone(5).
2549
2550 getForwardPorts() → a(ssss)
2551 Get list of (port, protocol, toport, toaddr) defined in zone.
2552 See forward-port tag in firewalld.zone(5). For runtime
2553 operation see
2554 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2555
2556 getIcmpBlockInversion() → b
2557 Get icmp block inversion flag of zone. See icmp-block-inversion
2558 tag in firewalld.zone(5).
2559
2560 getIcmpBlocks() → as
2561 Get list of icmp type names blocked in zone. See icmp-block tag
2562 in firewalld.zone(5). For runtime operation see
2563 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2564
2565 getInterfaces() → as
2566 Get list of interfaces bound to zone. See interface tag in
2567 firewalld.zone(5). For runtime operation see
2568 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2569
2570 getMasquerade() → b
2571 Return whether masquerade is enabled in zone. This is the same
2572 as queryMasquerade() method. See masquerade tag in
2573 firewalld.zone(5).
2574
2575 getPorts() → a(ss)
2576 Get list of (port, protocol) defined in zone. See port tag in
2577 firewalld.zone(5). For runtime operation see
2578 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2579
2580 getProtocols() → as
2581 Return array of protocols (s) previously enabled in zone. For
2582 getting runtime settings see
2583 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2584
2585 getRichRules() → as
2586 Get list of rich-language rules in zone. See rule tag in
2587 firewalld.zone(5). For runtime operation see
2588 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2589
2590 getServices() → as
2591 Get list of service names used in zone. See service tag in
2592 firewalld.zone(5). For runtime operation see
2593 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2594
2595 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
2596 This function is deprecated, use
2597 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2
2598 instead.
2599
2600 getSettings2() → a{sv}
2601 Return permanent settings of given zone. For getting runtime
2602 settings see
2603 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2.
2604 Settings are a dictionary indexed by keywords. For the type of
2605 each value see below. If the value is empty it may be omitted.
2606
2607 version (s): see version attribute of zone tag in
2608 firewalld.zone(5).
2609
2610 name (s): see short tag in firewalld.zone(5).
2611
2612 description (s): see description tag in firewalld.zone(5).
2613
2614 target (s): see target attribute of zone tag in
2615 firewalld.zone(5).
2616
2617 services (as): array of service names, see service tag in
2618 firewalld.zone(5).
2619
2620 ports (a(ss)): array of port and protocol pairs. See port tag
2621 in firewalld.zone(5).
2622
2623 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2624 firewalld.zone(5).
2625
2626 masquerade (b): see masquerade tag in firewalld.zone(5).
2627
2628 forward_ports (a(ssss)): array of (port, protocol, to-port,
2629 to-addr). See forward-port tag in firewalld.zone(5).
2630
2631 interfaces (as): array of interfaces. See interface tag in
2632 firewalld.zone(5).
2633
2634 sources (as): array of source addresses. See source tag in
2635 firewalld.zone(5).
2636
2637 rules_str (as): array of rich-language rules. See rule tag in
2638 firewalld.zone(5).
2639
2640 protocols (as): array of protocols, see protocol tag in
2641 firewalld.zone(5).
2642
2643 source_ports (a(ss)): array of port and protocol pairs. See
2644 source-port tag in firewalld.zone(5).
2645
2646 icmp_block_inversion (b): see icmp-block-inversion tag in
2647 firewalld.zone(5).
2648
2649 forward (b): see forward tag in firewalld.zone(5).
2650
2651
2652 getShort() → s
2653 Get name of zone. See short tag in firewalld.zone(5).
2654
2655 getSourcePorts() → a(ss)
2656 Get list of (port, protocol) defined in zone. See source-port
2657 tag in firewalld.zone(5). For runtime operation see
2658 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2659
2660 getSources() → as
2661 Get list of source addresses bound to zone. See source tag in
2662 firewalld.zone(5). For runtime operation see
2663 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2664
2665 getTarget() → s
2666 Get target of zone. See target attribute of zone tag in
2667 firewalld.zone(5).
2668
2669 getVersion() → s
2670 Get version of zone. See version attribute of zone tag in
2671 firewalld.zone(5).
2672
2673 loadDefaults() → Nothing
2674 Load default settings for built-in zone.
2675
2676 Possible errors: NO_DEFAULTS
2677
2678 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2679 Return whether (port, protocol, toport, toaddr) is in list of
2680 forward ports of zone. See forward-port tag in
2681 firewalld.zone(5). For runtime operation see
2682 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2683
2684 queryIcmpBlock(s: icmptype) → b
2685 Return whether icmptype is in list of icmp types blocked in
2686 zone. See icmp-block tag in firewalld.zone(5). For runtime
2687 operation see
2688 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2689
2690 queryIcmpBlockInversion() → b
2691 Return whether icmp block inversion is in enabled in zone. See
2692 icmp-block-inversion tag in firewalld.zone(5). For runtime
2693 operation see
2694 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2695
2696 queryInterface(s: interface) → b
2697 Return whether interface is in list of interfaces bound to
2698 zone. See interface tag in firewalld.zone(5). For runtime
2699 operation see
2700 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2701
2702 queryMasquerade() → b
2703 Return whether masquerade is enabled in zone. This is the same
2704 as getMasquerade() method. See masquerade tag in
2705 firewalld.zone(5). For runtime operation see
2706 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2707
2708 queryPort(s: port, s: protocol) → b
2709 Return whether (port, protocol) is in list of ports of zone.
2710 See port tag in firewalld.zone(5). For runtime operation see
2711 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2712
2713 queryProtocol(s: protocol) → b
2714 Return whether protocol has been added in zone. For runtime
2715 operation see
2716 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2717
2718 Possible errors: INVALID_PROTOCOL
2719
2720 queryRichRule(s: rule) → b
2721 Return whether rule is in list of rich-language rules in zone.
2722 See rule tag in firewalld.zone(5). For runtime operation see
2723 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2724
2725 queryService(s: service) → b
2726 Return whether service is in list of services used in zone. See
2727 service tag in firewalld.zone(5). For runtime operation see
2728 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2729
2730 querySource(s: source) → b
2731 Return whether source is in list of source addresses bound to
2732 zone. See source tag in firewalld.zone(5). For runtime
2733 operation see
2734 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2735
2736 querySourcePort(s: port, s: protocol) → b
2737 Return whether (port, protocol) is in list of source ports of
2738 zone. See source-port tag in firewalld.zone(5). For runtime
2739 operation see
2740 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2741
2742 remove() → Nothing
2743 Remove not built-in zone.
2744
2745 Possible errors: BUILTIN_ZONE
2746
2747 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2748 Nothing
2749 Permanently remove (port, protocol, toport, toaddr) from list
2750 of forward ports of zone. See forward-port tag in
2751 firewalld.zone(5). For runtime operation see
2752 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2753
2754 Possible errors: NOT_ENABLED
2755
2756 removeIcmpBlock(s: icmptype) → Nothing
2757 Permanently remove icmptype from list of icmp types blocked in
2758 zone. See icmp-block tag in firewalld.zone(5). For runtime
2759 operation see
2760 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2761
2762 Possible errors: NOT_ENABLED
2763
2764 removeIcmpBlockInversion() → Nothing
2765 Permanently remove icmp block inversion from the zone. See
2766 icmp-block-inversion tag in firewalld.zone(5). For runtime
2767 operation see
2768 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2769
2770 Possible errors: NOT_ENABLED
2771
2772 removeInterface(s: interface) → Nothing
2773 Permanently remove interface from list of interfaces bound to
2774 zone. See interface tag in firewalld.zone(5). For runtime
2775 operation see
2776 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2777
2778 Possible errors: NOT_ENABLED
2779
2780 removeMasquerade() → Nothing
2781 Permanently disable masquerading in zone. See masquerade tag in
2782 firewalld.zone(5). For runtime operation see
2783 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2784
2785 Possible errors: NOT_ENABLED
2786
2787 removePort(s: port, s: protocol) → Nothing
2788 Permanently remove (port, protocol) from list of ports of zone.
2789 See port tag in firewalld.zone(5). For runtime operation see
2790 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2791
2792 Possible errors: NOT_ENABLED
2793
2794 removeProtocol(s: protocol) → Nothing
2795 Permanently remove protocol from zone. For runtime operation
2796 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2797
2798 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2799
2800 removeRichRule(s: rule) → Nothing
2801 Permanently remove rule from list of rich-language rules in
2802 zone. See rule tag in firewalld.zone(5). For runtime operation
2803 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2804
2805 Possible errors: NOT_ENABLED
2806
2807 removeService(s: service) → Nothing
2808 Permanently remove service from list of services used in zone.
2809 See service tag in firewalld.zone(5). For runtime operation see
2810 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2811
2812 Possible errors: NOT_ENABLED
2813
2814 removeSource(s: source) → Nothing
2815 Permanently remove source from list of source addresses bound
2816 to zone. See source tag in firewalld.zone(5). For runtime
2817 operation see
2818 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2819
2820 Possible errors: NOT_ENABLED
2821
2822 removeSourcePort(s: port, s: protocol) → Nothing
2823 Permanently remove (port, protocol) from list of source ports
2824 of zone. See source-port tag in firewalld.zone(5). For runtime
2825 operation see
2826 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2827
2828 Possible errors: NOT_ENABLED
2829
2830 rename(s: name) → Nothing
2831 Rename not built-in zone to name.
2832
2833 Possible errors: BUILTIN_ZONE
2834
2835 setDescription(s: description) → Nothing
2836 Permanently set description of zone to description. See
2837 description tag in firewalld.zone(5).
2838
2839 setForwardPorts(a(ssss): ports) → Nothing
2840 Permanently set forward ports of zone to list of (port,
2841 protocol, toport, toaddr). See forward-port tag in
2842 firewalld.zone(5).
2843
2844 setIcmpBlockInversion(b: flag) → Nothing
2845 Permanently set icmp block inversion flag of zone to flag. See
2846 icmp-block-inversion tag in firewalld.zone(5).
2847
2848 setIcmpBlocks(as: icmptypes) → Nothing
2849 Permanently set list of icmp types blocked in zone to
2850 icmptypes. See icmp-block tag in firewalld.zone(5).
2851
2852 setInterfaces(as: interfaces) → Nothing
2853 Permanently set list of interfaces bound to zone to interfaces.
2854 See interface tag in firewalld.zone(5).
2855
2856 setMasquerade(b: masquerade) → Nothing
2857 Permanently set masquerading in zone to masquerade. See
2858 masquerade tag in firewalld.zone(5).
2859
2860 setPorts(a(ss): ports) → Nothing
2861 Permanently set ports of zone to list of (port, protocol). See
2862 port tag in firewalld.zone(5).
2863
2864 setProtocols(as: protocols) → Nothing
2865 Permanently set list of protocols used in zone to protocols.
2866 See protocol tag in firewalld.zone(5).
2867
2868 setRichRules(as: rules) → Nothing
2869 Permanently set list of rich-language rules to rules. See rule
2870 tag in firewalld.zone(5).
2871
2872 setServices(as: services) → Nothing
2873 Permanently set list of services used in zone to services. See
2874 service tag in firewalld.zone(5).
2875
2876 setShort(s: short) → Nothing
2877 Permanently set name of zone to short. See short tag in
2878 firewalld.zone(5).
2879
2880 setSourcePorts(a(ss): ports) → Nothing
2881 Permanently set source-ports of zone to list of (port,
2882 protocol). See source-port tag in firewalld.zone(5).
2883
2884 setSources(as: sources) → Nothing
2885 Permanently set list of source addresses bound to zone to
2886 sources. See source tag in firewalld.zone(5).
2887
2888 setTarget(s: target) → Nothing
2889 Permanently set target of zone to target. See target attribute
2890 of zone tag in firewalld.zone(5).
2891
2892 setVersion(s: version) → Nothing
2893 Permanently set version of zone to version. See version
2894 attribute of zone tag in firewalld.zone(5).
2895
2896 update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing
2897 This function is deprecated, use
2898 org.fedoraproject.FirewallD1.config.zone.Methods.update2
2899 instead.
2900
2901 update2(a{sv}: settings) → Nothing
2902 Update settings of zone to settings. Settings are a dictionary
2903 indexed by keywords. For the type of each value see below. To
2904 zero a value pass an empty string or list.
2905
2906 version (s): see version attribute of zone tag in
2907 firewalld.zone(5).
2908
2909 name (s): see short tag in firewalld.zone(5).
2910
2911 description (s): see description tag in firewalld.zone(5).
2912
2913 target (s): see target attribute of zone tag in
2914 firewalld.zone(5).
2915
2916 services (as): array of service names, see service tag in
2917 firewalld.zone(5).
2918
2919 ports (a(ss)): array of port and protocol pairs. See port tag
2920 in firewalld.zone(5).
2921
2922 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2923 firewalld.zone(5).
2924
2925 masquerade (b): see masquerade tag in firewalld.zone(5).
2926
2927 forward_ports (a(ssss)): array of (port, protocol, to-port,
2928 to-addr). See forward-port tag in firewalld.zone(5).
2929
2930 interfaces (as): array of interfaces. See interface tag in
2931 firewalld.zone(5).
2932
2933 sources (as): array of source addresses. See source tag in
2934 firewalld.zone(5).
2935
2936 rules_str (as): array of rich-language rules. See rule tag in
2937 firewalld.zone(5).
2938
2939 protocols (as): array of protocols, see protocol tag in
2940 firewalld.zone(5).
2941
2942 source_ports (a(ss)): array of port and protocol pairs. See
2943 source-port tag in firewalld.zone(5).
2944
2945 icmp_block_inversion (b): see icmp-block-inversion tag in
2946 firewalld.zone(5).
2947
2948 forward (b): see forward tag in firewalld.zone(5).
2949
2950 Possible errors: INVALID_TYPE
2951
2952 Signals
2953 Removed(s: name)
2954 Emitted when zone with name has been removed.
2955
2956 Renamed(s: name)
2957 Emitted when zone has been renamed to name.
2958
2959 Updated(s: name)
2960 Emitted when zone with name has been updated.
2961
2962 Properties
2963 builtin - b - (ro)
2964 True if zone is build-in, false else.
2965
2966 default - b - (ro)
2967 True if build-in zone has default settings. False if it has
2968 been modified. Always False for not build-in zones.
2969
2970 filename - s - (ro)
2971 Name (including .xml extension) of file where the configuration
2972 is stored.
2973
2974 name - s - (ro)
2975 Name of zone.
2976
2977 path - s - (ro)
2978 Path to directory where the zone configuration is stored.
2979 Should be either /usr/lib/firewalld/zones or
2980 /etc/firewalld/zones.
2981
2982 org.fedoraproject.FirewallD1.config.policy
2983 Interface for permanent policy configuration, see also
2984 firewalld.policy(5).
2985
2986 Methods
2987 getSettings() → a{sv}
2988 Return permanent settings of given policy. For getting runtime
2989 settings see
2990 org.fedoraproject.FirewallD1.policy.Methods.getPolicySettings.
2991 Settings are a dictionary indexed by keywords. For possible
2992 keywords see
2993 org.fedoraproject.FirewallD1.config.Methods.addPolicy.
2994
2995 loadDefaults() → Nothing
2996 Load default settings for built-in policy.
2997
2998 Possible errors: NO_DEFAULTS
2999
3000 remove() → Nothing
3001 Remove not built-in policy.
3002
3003 Possible errors: BUILTIN_POLICY
3004
3005 rename(s: name) → Nothing
3006 Rename not built-in policy to name.
3007
3008 Possible errors: BUILTIN_POLICY
3009
3010 update(a{sv}: settings) → Nothing
3011 Update settings of policy to settings. Settings are a
3012 dictionary indexed by keywords. For possible keywords see
3013 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
3014 a value pass an empty string or list.
3015
3016 Possible errors: INVALID_TYPE
3017
3018 Signals
3019 Removed(s: name)
3020 Emitted when policy with name has been removed.
3021
3022 Renamed(s: name)
3023 Emitted when policy has been renamed to name.
3024
3025 Updated(s: name)
3026 Emitted when policy with name has been updated.
3027
3028 Properties
3029 builtin - b - (ro)
3030 True if policy is build-in, false else.
3031
3032 default - b - (ro)
3033 True if build-in policy has default settings. False if it has
3034 been modified. Always False for not build-in policies.
3035
3036 filename - s - (ro)
3037 Name (including .xml extension) of file where the configuration
3038 is stored.
3039
3040 name - s - (ro)
3041 Name of policy.
3042
3043 path - s - (ro)
3044 Path to directory where the policy configuration is stored.
3045 Should be either /usr/lib/firewalld/policies or
3046 /etc/firewalld/policies.
3047
3048 org.fedoraproject.FirewallD1.config.service
3049 Interface for permanent service configuration, see also
3050 firewalld.service(5).
3051
3052 Methods
3053 addModule(s: module) → Nothing
3054 This method is deprecated. Please use "helpers" in the
3055 update2() method.
3056
3057 addPort(s: port, s: protocol) → Nothing
3058 Permanently add (port, protocol) to list of ports in service.
3059 See port tag in firewalld.service(5).
3060
3061 Possible errors: ALREADY_ENABLED
3062
3063 addProtocol(s: protocol) → Nothing
3064 Permanently add protocol into zone. The protocol can be any
3065 protocol supported by the system. Please have a look at
3066 /etc/protocols for supported protocols. See protocol tag in
3067 firewalld.service(5).
3068
3069 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
3070
3071 addSourcePort(s: port, s: protocol) → Nothing
3072 Permanently add (port, protocol) to list of source ports in
3073 service. See source-port tag in firewalld.service(5).
3074
3075 Possible errors: ALREADY_ENABLED
3076
3077 getDescription() → s
3078 Get description of service. See description tag in
3079 firewalld.service(5).
3080
3081 getDestination(s: family) → s
3082 Get destination for IP family being either 'ipv4' or 'ipv6'.
3083 See destination tag in firewalld.service(5).
3084
3085 Possible errors: ALREADY_ENABLED
3086
3087 getDestinations() → a{ss}
3088 Get list of destinations. Return value is a dictionary of {IP
3089 family : IP address} where 'IP family' key can be either 'ipv4'
3090 or 'ipv6'. See destination tag in firewalld.service(5).
3091
3092 getModules() → as
3093 This method is deprecated. Please use "helpers" in the
3094 getSettings2() method.
3095
3096 getPorts() → a(ss)
3097 Get list of (port, protocol) defined in service. See port tag
3098 in firewalld.service(5).
3099
3100 getProtocols() → as
3101 Return array of protocols (s) defined in service. See protocol
3102 tag in firewalld.service(5).
3103
3104 getSettings() → (sssa(ss)asa{ss}asa(ss))
3105 This function is deprecated, use
3106 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
3107 instead.
3108
3109 getSettings2(s: service) → s{sv}
3110 Return runtime settings of given service. For getting runtime
3111 settings see
3112 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
3113 Settings are a dictionary indexed by keywords. For the type of
3114 each value see below. If the value is empty it may be omitted.
3115
3116 version (s): see version attribute of service tag in
3117 firewalld.service(5).
3118
3119 name (s): see short tag in firewalld.service(5).
3120
3121 description (s): see description tag in firewalld.service(5).
3122
3123 ports (a(ss)): array of port and protocol pairs. See port tag
3124 in firewalld.service(5).
3125
3126 module names (as): array of kernel netfilter helpers, see
3127 module tag in firewalld.service(5).
3128
3129 destinations (a{ss}): dictionary of {IP family : IP address}
3130 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3131 destination tag in firewalld.service(5).
3132
3133 protocols (as): array of protocols, see protocol tag in
3134 firewalld.service(5).
3135
3136 source_ports (a(ss)): array of port and protocol pairs. See
3137 source-port tag in firewalld.service(5).
3138
3139 includes (as): array of service includes, see include tag in
3140 firewalld.service(5).
3141
3142 helpers (as): array of service helpers, see helper tag in
3143 firewalld.service(5).
3144
3145
3146 getShort() → s
3147 Get name of service. See short tag in firewalld.service(5).
3148
3149 getSourcePorts() → a(ss)
3150 Get list of (port, protocol) defined in service. See
3151 source-port tag in firewalld.service(5).
3152
3153 getVersion() → s
3154 Get version of service. See version attribute of service tag in
3155 firewalld.service(5).
3156
3157 loadDefaults() → Nothing
3158 Load default settings for built-in service.
3159
3160 Possible errors: NO_DEFAULTS
3161
3162 queryDestination(s: family, s: address) → b
3163 Return whether a destination is in dictionary of destinations
3164 of this service. destination is in format: (IP family, IP
3165 address) where IP family can be either 'ipv4' or 'ipv6'. See
3166 destination tag in firewalld.service(5).
3167
3168 queryModule(s: module) → b
3169 This method is deprecated. Please use "helpers" in the
3170 getSettings2() method.
3171
3172 queryPort(s: port, s: protocol) → b
3173 Return whether (port, protocol) is in list of ports in service.
3174 See port tag in firewalld.service(5).
3175
3176 queryProtocol(s: protocol) → b
3177 Return whether protocol is in list of protocols in service. See
3178 protocol tag in firewalld.service(5).
3179
3180 querySourcePort(s: port, s: protocol) → b
3181 Return whether (port, protocol) is in list of source ports in
3182 service. See source-port tag in firewalld.service(5).
3183
3184 remove() → Nothing
3185 Remove not built-in service.
3186
3187 Possible errors: BUILTIN_SERVICE
3188
3189 removeDestination(s: family) → Nothing
3190 Permanently remove a destination with family ('ipv4' or 'ipv6')
3191 from service. See destination tag in firewalld.service(5).
3192
3193 Possible errors: NOT_ENABLED
3194
3195 removeModule(s: module) → Nothing
3196 This method is deprecated. Please use "helpers" in the
3197 update2() method.
3198
3199 removePort(s: port, s: protocol) → Nothing
3200 Permanently remove (port, protocol) from list of ports in
3201 service. See port tag in firewalld.service(5).
3202
3203 Possible errors: NOT_ENABLED
3204
3205 removeProtocol(s: protocol) → Nothing
3206 Permanently remove protocol from list of protocols in service.
3207 See protocol tag in firewalld.service(5).
3208
3209 Possible errors: NOT_ENABLED
3210
3211 removeSourcePort(s: port, s: protocol) → Nothing
3212 Permanently remove (port, protocol) from list of source ports
3213 in service. See source-port tag in firewalld.service(5).
3214
3215 Possible errors: NOT_ENABLED
3216
3217 rename(s: name) → Nothing
3218 Rename not built-in service to name.
3219
3220 Possible errors: BUILTIN_SERVICE
3221
3222 setDescription(s: description) → Nothing
3223 Permanently set description of service to description. See
3224 description tag in firewalld.service(5).
3225
3226 setDestination(s: family, s: address) → Nothing
3227 Permanently set a destination address. destination is in
3228 format: (IP family, IP address) where IP family can be either
3229 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
3230
3231 Possible errors: ALREADY_ENABLED
3232
3233 setDestinations(a{ss}: destinations) → Nothing
3234 Permanently set destinations of service to destinations, which
3235 is a dictionary of {IP family : IP address} where 'IP family'
3236 key can be either 'ipv4' or 'ipv6'. See destination tag in
3237 firewalld.service(5).
3238
3239 setModules(as: modules) → Nothing
3240 This method is deprecated. Please use "helpers" in the
3241 update2() method.
3242
3243 setPorts(a(ss): ports) → Nothing
3244 Permanently set ports of service to list of (port, protocol).
3245 See port tag in firewalld.service(5).
3246
3247 setProtocols(as: protocols) → Nothing
3248 Permanently set protocols of service to list of protocols. See
3249 protocol tag in firewalld.service(5).
3250
3251 setShort(s: short) → Nothing
3252 Permanently set name of service to short. See short tag in
3253 firewalld.service(5).
3254
3255 setSourcePorts(a(ss): ports) → Nothing
3256 Permanently set source-ports of service to list of (port,
3257 protocol). See source-port tag in firewalld.service(5).
3258
3259 setVersion(s: version) → Nothing
3260 Permanently set version of service to version. See version
3261 attribute of service tag in firewalld.service(5).
3262
3263 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
3264 This function is deprecated, use
3265 org.fedoraproject.FirewallD1.config.service.Methods.update2
3266 instead.
3267
3268 update2a{sv}: settings) → Nothing
3269 Update settings of service to settings. Settings are a
3270 dictionary indexed by keywords. For the type of each value see
3271 below. To zero a value pass an empty string or list.
3272
3273 version (s): see version attribute of service tag in
3274 firewalld.service(5).
3275
3276 name (s): see short tag in firewalld.service(5).
3277
3278 description (s): see description tag in firewalld.service(5).
3279
3280 ports (a(ss)): array of port and protocol pairs. See port tag
3281 in firewalld.service(5).
3282
3283 module names (as): array of kernel netfilter helpers, see
3284 module tag in firewalld.service(5).
3285
3286 destinations (a{ss}): dictionary of {IP family : IP address}
3287 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3288 destination tag in firewalld.service(5).
3289
3290 protocols (as): array of protocols, see protocol tag in
3291 firewalld.service(5).
3292
3293 source_ports (a(ss)): array of port and protocol pairs. See
3294 source-port tag in firewalld.service(5).
3295
3296 includes (as): array of service includes, see include tag in
3297 firewalld.service(5).
3298
3299 helpers (as): array of service helpers, see helper tag in
3300 firewalld.service(5).
3301
3302 Possible errors: INVALID_TYPE
3303
3304 Signals
3305 Removed(s: name)
3306 Emitted when service with name has been removed.
3307
3308 Renamed(s: name)
3309 Emitted when service has been renamed to name.
3310
3311 Updated(s: name)
3312 Emitted when service with name has been updated.
3313
3314 Properties
3315 builtin - b - (ro)
3316 True if service is build-in, false else.
3317
3318 default - b - (ro)
3319 True if build-in service has default settings. False if it has
3320 been modified. Always False for not build-in services.
3321
3322 filename - s - (ro)
3323 Name (including .xml extension) of file where the configuration
3324 is stored.
3325
3326 name - s - (ro)
3327 Name of service.
3328
3329 path - s - (ro)
3330 Path to directory where the configuration is stored. Should be
3331 either /usr/lib/firewalld/services or /etc/firewalld/services.
3332
3333 org.fedoraproject.FirewallD1.config.helper
3334 Interface for permanent helper configuration, see also
3335 firewalld.helper(5).
3336
3337 Methods
3338 addPort(s: port, s: protocol) → Nothing
3339 Permanently add (port, protocol) to list of ports in helper.
3340 See port tag in firewalld.helper(5).
3341
3342 Possible errors: ALREADY_ENABLED
3343
3344 getDescription() → s
3345 Get description of helper. See description tag in
3346 firewalld.helper(5).
3347
3348 getFamily() → s
3349 Get family being 'ipv4', 'ipv6' or empty for both. See family
3350 tag in firewalld.helper(5).
3351
3352 getModule() → s
3353 Get modules (netfilter kernel helpers) used in helper. See
3354 module tag in firewalld.helper(5).
3355
3356 getPorts() → a(ss)
3357 Get list of (port, protocol) defined in helper. See port tag in
3358 firewalld.helper(5).
3359
3360 getSettings() → (sssssa(ss))
3361 Return permanent settings of a helper. For getting runtime
3362 settings see
3363 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3364 Settings are in format: version, name, description, family,
3365 module, array of ports (port, protocol).
3366
3367 version (s): see version attribute of helper tag in
3368 firewalld.helper(5).
3369
3370 name (s): see short tag in firewalld.helper(5).
3371
3372 description (s): see description tag in firewalld.helper(5).
3373
3374 family (s): see family tag in firewalld.helper(5).
3375
3376 module (s): see module tag in firewalld.helper(5).
3377
3378 ports (a(ss)): array of port and protocol pairs. See port tag
3379 in firewalld.helper(5).
3380
3381
3382 getShort() → s
3383 Get name of helper. See short tag in firewalld.helper(5).
3384
3385 getVersion() → s
3386 Get version of helper. See version attribute of helper tag in
3387 firewalld.helper(5).
3388
3389 loadDefaults() → Nothing
3390 Load default settings for built-in helper.
3391
3392 Possible errors: NO_DEFAULTS
3393
3394 queryFamily(s: module) → b
3395 Return whether family is set for helper. See family tag in
3396 firewalld.helper(5).
3397
3398 queryModule(s: module) → b
3399 Return whether module (netfilter kernel helpers) is used in
3400 helper. See module tag in firewalld.helper(5).
3401
3402 queryPort(s: port, s: protocol) → b
3403 Return whether (port, protocol) is in list of ports in helper.
3404 See port tag in firewalld.helper(5).
3405
3406 remove() → Nothing
3407 Remove not built-in helper.
3408
3409 Possible errors: BUILTIN_HELPER
3410
3411 removePort(s: port, s: protocol) → Nothing
3412 Permanently remove (port, protocol) from list of ports in
3413 helper. See port tag in firewalld.helper(5).
3414
3415 Possible errors: NOT_ENABLED
3416
3417 rename(s: name) → Nothing
3418 Rename not built-in helper to name.
3419
3420 Possible errors: BUILTIN_HELPER
3421
3422 setDescription(s: description) → Nothing
3423 Permanently set description of helper to description. See
3424 description tag in firewalld.helper(5).
3425
3426 setFamily(s: family) → Nothing
3427 Permanently set family of helper to family. See family tag in
3428 firewalld.helper(5).
3429
3430 setModule(s: module) → Nothing
3431 Permanently set module of helper to description. See module tag
3432 in firewalld.helper(5).
3433
3434 setPorts(a(ss): ports) → Nothing
3435 Permanently set ports of helper to list of (port, protocol).
3436 See port tag in firewalld.helper(5).
3437
3438 setShort(s: short) → Nothing
3439 Permanently set name of helper to short. See short tag in
3440 firewalld.helper(5).
3441
3442 setVersion(s: version) → Nothing
3443 Permanently set version of helper to version. See version
3444 attribute of helper tag in firewalld.helper(5).
3445
3446 update((sssssa(ss)): settings) → Nothing
3447 Update settings of helper to settings. Settings are in format:
3448 version, name, description, family, module and array of ports.
3449
3450 version (s): see version attribute of helper tag in
3451 firewalld.helper(5).
3452
3453 name (s): see short tag in firewalld.helper(5).
3454
3455 description (s): see description tag in firewalld.helper(5).
3456
3457 family (s): see family tag in firewalld.helper(5).
3458
3459 module (s): see module tag in firewalld.helper(5).
3460
3461 ports (a(ss)): array of port and protocol pairs. See port tag
3462 in firewalld.helper(5).
3463
3464 Possible errors: INVALID_HELPER
3465
3466 Signals
3467 Removed(s: name)
3468 Emitted when helper with name has been removed.
3469
3470 Renamed(s: name)
3471 Emitted when helper has been renamed to name.
3472
3473 Updated(s: name)
3474 Emitted when helper with name has been updated.
3475
3476 Properties
3477 builtin - b - (ro)
3478 True if helper is build-in, false else.
3479
3480 default - b - (ro)
3481 True if build-in helper has default settings. False if it has
3482 been modified. Always False for not build-in helpers.
3483
3484 filename - s - (ro)
3485 Name (including .xml extension) of file where the configuration
3486 is stored.
3487
3488 name - s - (ro)
3489 Name of helper.
3490
3491 path - s - (ro)
3492 Path to directory where the configuration is stored. Should be
3493 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3494
3495 org.fedoraproject.FirewallD1.config.icmptype
3496 Interface for permanent icmp type configuration, see also
3497 firewalld.icmptype(5).
3498
3499 Methods
3500 addDestination(s: destination) → Nothing
3501 Permanently add a destination ('ipv4' or 'ipv6') to list of
3502 destinations of this icmp type. See destination tag in
3503 firewalld.icmptype(5).
3504
3505 Possible errors: ALREADY_ENABLED
3506
3507 getDescription() → s
3508 Get description of icmp type. See description tag in
3509 firewalld.icmptype(5).
3510
3511 getDestinations() → as
3512 Get list of destinations. See destination tag in
3513 firewalld.icmptype(5).
3514
3515 getSettings() → (sssas)
3516 Return permanent settings of icmp type. For getting runtime
3517 settings see
3518 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3519 Settings are in format: version, name, description, array of
3520 destinations.
3521
3522 version (s): see version attribute of icmptype tag in
3523 firewalld.icmptype(5).
3524
3525 name (s): see short tag in firewalld.icmptype(5).
3526
3527 description (s): see description tag in firewalld.icmptype(5).
3528
3529 destinations (as): array, either empty or containing strings
3530 'ipv4' and/or 'ipv6', see destination tag in
3531 firewalld.icmptype(5).
3532
3533
3534 getShort() → s
3535 Get name of icmp type. See short tag in firewalld.icmptype(5).
3536
3537 getVersion() → s
3538 Get version of icmp type. See version attribute of icmptype tag
3539 in firewalld.icmptype(5).
3540
3541 loadDefaults() → Nothing
3542 Load default settings for built-in icmp type.
3543
3544 Possible errors: NO_DEFAULTS
3545
3546 queryDestination(s: destination) → b
3547 Return whether a destination ('ipv4' or 'ipv6') is in list of
3548 destinations of this icmp type. See destination tag in
3549 firewalld.icmptype(5).
3550
3551 remove() → Nothing
3552 Remove not built-in icmp type.
3553
3554 Possible errors: BUILTIN_ICMPTYPE
3555
3556 removeDestination(s: destination) → Nothing
3557 Permanently remove a destination ('ipv4' or 'ipv6') from list
3558 of destinations of this icmp type. See destination tag in
3559 firewalld.icmptype(5).
3560
3561 Possible errors: NOT_ENABLED
3562
3563 rename(s: name) → Nothing
3564 Rename not built-in icmp type to name.
3565
3566 Possible errors: BUILTIN_ICMPTYPE
3567
3568 setDescription(s: description) → Nothing
3569 Permanently set description of icmp type to description. See
3570 description tag in firewalld.icmptype(5).
3571
3572 setDestinations(as: destinations) → Nothing
3573 Permanently set destinations of icmp type to destinations,
3574 which is array, either empty or containing strings 'ipv4'
3575 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3576
3577 setShort(s: short) → Nothing
3578 Permanently set name of icmp type to short. See short tag in
3579 firewalld.icmptype(5).
3580
3581 setVersion(s: version) → Nothing
3582 Permanently set version of icmp type to version. See version
3583 attribute of icmptype tag in firewalld.icmptype(5).
3584
3585 update((sssas): settings) → Nothing
3586 Update permanent settings of icmp type to settings. Settings
3587 are in format: version, name, description, array of
3588 destinations.
3589
3590 version (s): see version attribute of icmptype tag in
3591 firewalld.icmptype(5).
3592
3593 name (s): see short tag in firewalld.icmptype(5).
3594
3595 description (s): see description tag in firewalld.icmptype(5).
3596
3597 destinations (as): array, either empty or containing strings
3598 'ipv4' and/or 'ipv6', see destination tag in
3599 firewalld.icmptype(5).
3600
3601
3602 Signals
3603 Removed(s: name)
3604 Emitted when icmp type with name has been removed.
3605
3606 Renamed(s: name)
3607 Emitted when icmp type has been renamed to name.
3608
3609 Updated(s: name)
3610 Emitted when icmp type with name has been updated.
3611
3612 Properties
3613 builtin - b - (ro)
3614 True if icmptype is build-in, false else.
3615
3616 default - b - (ro)
3617 True if build-in icmp type has default settings. False if it
3618 has been modified. Always False for not build-in zones.
3619
3620 filename - s - (ro)
3621 Name (including .xml extension) of file where the configuration
3622 is stored.
3623
3624 name - s - (ro)
3625 Name of icmp type.
3626
3627 path - s - (ro)
3628 Path to directory where the icmp type configuration is stored.
3629 Should be either /usr/lib/firewalld/icmptypes or
3630 /etc/firewalld/icmptypes.
3631
3633 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3634 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3635 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3636 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3637 firewalld.zone(5), firewalld.zones(5), firewalld.policy(5),
3638 firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
3639
3641 firewalld home page:
3642 http://firewalld.org
3643
3644 More documentation with examples:
3645 http://fedoraproject.org/wiki/FirewallD
3646
3648 Thomas Woerner <twoerner@redhat.com>
3649 Developer
3650
3651 Jiri Popelka <jpopelka@redhat.com>
3652 Developer
3653
3654 Eric Garver <eric@garver.life>
3655 Developer
3656
3657
3658
3659firewalld 1.3.4 FIREWALLD.DBUS(5)