1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
3
4
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11
12 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21
22 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29
30 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35
36 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41
42 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47
48 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
54
55
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61
62 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67
68 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75
76 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80
81 Possible errors: NOT_ENABLED, COMMAND_FAILED
82
83 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87
88 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89
90 getAutomaticHelpers() → s
91 Return the AutomaticHelpers value. For the secure use of
92 iptables and connection tracking helpers it is recommended to
93 turn AutomaticHelpers off. But this might have side effects on
94 other services using the netfilter helpers as the sysctl
95 setting in /proc/sys/net/netfilter/nf_conntrack_helper will be
96 changed. With the system setting, the default value set in the
97 kernel or with sysctl will be used. Possible values are: yes,
98 no and system. The default value is system.
99
100 getDefaultZone() → s
101 Return default zone.
102
103 getHelperSettings(s: helper) → (sssssa(ss))
104 Return runtime settings of given helper. For getting permanent
105 settings see
106 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
107 Settings are in format: version, name, description, family,
108 module and array of ports.
109
110 version (s): see version attribute of helper tag in
111 firewalld.helper(5).
112
113 name (s): see short tag in firewalld.helper(5).
114
115 description (s): see description tag in firewalld.helper(5).
116
117 family (s): see family tag in firewalld.helper(5).
118
119 module (s): see module tag in firewalld.helper(5).
120
121 ports (a(ss)): array of port and protocol pairs. See port tag
122 in firewalld.helper(5).
123
124 Possible errors: INVALID_HELPER
125
126 getHelpers() → as
127 Return array of helper names (s) in runtime configuration. For
128 permanent configuration see
129 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
130
131 getIcmpTypeSettings(s: icmptype) → (sssas)
132 Return runtime settings of given icmptype. For getting
133 permanent settings see
134 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
135 Settings are in format: version, name, description, array of
136 destinations.
137
138 version (s): see version attribute of icmptype tag in
139 firewalld.icmptype(5).
140
141 name (s): see short tag in firewalld.icmptype(5).
142
143 description (s): see description tag in firewalld.icmptype(5).
144
145 destinations (as): array, either empty or containing strings
146 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
147
148 Possible errors: INVALID_ICMPTYPE
149
150 getLogDenied() → s
151 Retruns the LogDenied value. If LogDenied is enabled, then
152 logging rules are added right before reject and drop rules in
153 the INPUT, FORWARD and OUTPUT chains for the default rules and
154 also final reject and drop rules in zones. Possible values are:
155 all, unicast, broadcast, multicast and off. The default value
156 is off
157
158 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
159 Return runtime settings of given service. For getting permanent
160 settings see
161 org.fedoraproject.FirewallD1.config.service.Methods.getSettings.
162 Settings are in format: version, name, description, array of
163 ports (port, protocol), array of module names, dictionary of
164 destinations, array of protocols and array of source-ports
165 (port, protocol).
166
167 version (s): see version attribute of service tag in
168 firewalld.service(5).
169
170 name (s): see short tag in firewalld.service(5).
171
172 description (s): see description tag in firewalld.service(5).
173
174 ports (a(ss)): array of port and protocol pairs. See port tag
175 in firewalld.service(5).
176
177 module names (as): array of kernel netfilter helpers, see
178 module tag in firewalld.service(5).
179
180 destinations (a{ss}): dictionary of {IP family : IP address}
181 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
182 destination tag in firewalld.service(5).
183
184 protocols (as): array of protocols, see protocol tag in
185 firewalld.service(5).
186
187 source-ports (a(ss)): array of port and protocol pairs. See
188 source-port tag in firewalld.service(5).
189
190 Possible errors: INVALID_SERVICE
191
192 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
193 Return runtime settings of given zone. For getting permanent
194 settings see
195 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
196 Settings are in format: version, name, description, UNUSED,
197 target, array of services, array of ports (port, protocol),
198 array of icmp-blocks, masquerade, array of forward-ports (port,
199 protocol, to-port, to-addr), array of interfaces, array of
200 sources, array of rich rules, array of protocols and array of
201 source-ports (port, protocol).
202
203 version (s): see version attribute of zone tag in
204 firewalld.zone(5).
205
206 name (s): see short tag in firewalld.zone(5).
207
208 description (s): see description tag in firewalld.zone(5).
209
210 UNUSED (b): this boolean value is no longer used for anything.
211
212 target (s): see target attribute of zone tag in
213 firewalld.zone(5).
214
215 services (as): array of service names, see service tag in
216 firewalld.zone(5).
217
218 ports (a(ss)): array of port and protocol pairs. See port tag
219 in firewalld.zone(5).
220
221 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
222 firewalld.zone(5).
223
224 masquerade (b): see masquerade tag in firewalld.zone(5).
225
226 forward-ports (a(ssss)): array of (port, protocol, to-port,
227 to-addr). See forward-port tag in firewalld.zone(5).
228
229 interfaces (as): array of interfaces. See interface tag in
230 firewalld.zone(5).
231
232 source addresses (as): array of source addresses. See source
233 tag in firewalld.zone(5).
234
235 rich rules (as): array of rich-language rules. See rule tag in
236 firewalld.zone(5).
237
238 protocols (as): array of protocols, see protocol tag in
239 firewalld.zone(5).
240
241 source-ports (a(ss)): array of port and protocol pairs. See
242 source-port tag in firewalld.zone(5).
243
244 Possible errors: INVALID_ZONE
245
246 listIcmpTypes() → as
247 Return array of names (s) of icmp types in runtime
248 configuration. For permanent configuration see
249 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
250
251 listServices() → as
252 Return array of service names (s) in runtime configuration. For
253 permanent configuration see
254 org.fedoraproject.FirewallD1.config.Methods.listServices.
255
256 queryPanicMode() → b
257 Return true if panic mode is enabled, false otherwise. In panic
258 mode all incoming and outgoing packets are dropped.
259
260 reload() → Nothing
261 Reload firewall rules and keep state information. Current
262 permanent configuration will become new runtime configuration,
263 i.e. all runtime only changes done until reload are lost with
264 reload if they have not been also in permanent configuration.
265
266 runtimeToPermanent() → Nothing
267 Make runtime settings permanent. Replaces permanent settings
268 with runtime settings for zones, services, icmptypes, direct
269 and policies (lockdown whitelist).
270
271 Possible errors: RT_TO_PERM_FAILED
272
273 checkPermanentConfig() → Nothing
274 Run checks on the permanent configuration. This is most useful
275 if changes were made manually to configuration files.
276
277 Possible errors: any
278
279 setDefaultZone(s: zone) → Nothing
280 Set default zone for connections and interfaces where no zone
281 has been selected to zone. Setting the default zone changes the
282 zone for the connections or interfaces, that are using the
283 default zone. This is a runtime and permanent change.
284
285 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
286
287 setLogDenied(s: value) → Nothing
288 Set LogDenied value to value. If LogDenied is enabled, then
289 logging rules are added right before reject and drop rules in
290 the INPUT, FORWARD and OUTPUT chains for the default rules and
291 also final reject and drop rules in zones. Possible values are:
292 all, unicast, broadcast, multicast and off. The default value
293 is off This is a runtime and permanent change.
294
295 Possible errors: ALREADY_SET, INVALID_VALUE
296
297 Signals
298 DefaultZoneChanged(s: zone)
299 Emitted when default zone has been changed to zone.
300
301 LogDeniedChanged(s: value)
302 Emitted when LogDenied value has been changed.
303
304 PanicModeDisabled()
305 Emitted when panic mode has been deactivated.
306
307 PanicModeEnabled()
308 Emitted when panic mode has been activated.
309
310 Reloaded()
311 Emitted when firewalld has been reloaded. Also emitted for a
312 complete reload.
313
314 Properties
315 BRIDGE - b - (ro)
316 Indicates whether the firewall has ethernet bridge support.
317
318 IPSet - b - (ro)
319 Indicates whether the firewall has IPSet support.
320
321 IPSetTypes - as - (ro)
322 The supported IPSet types by ipset and firewalld.
323
324 IPv4 - b - (ro)
325 Indicates whether the firewall has IPv4 support.
326
327 IPv4ICMPTypes - as - (ro)
328 The list of supported IPv4 ICMP types.
329
330 IPv6 - b - (ro)
331 Indicates whether the firewall has IPv6 support.
332
333 IPv6_rpfilter - b - (ro)
334 Indicates whether the reverse path filter test on a packet for
335 IPv6 is enabled. If a reply to the packet would be sent via the
336 same interface that the packet arrived on, the packet will
337 match and be accepted, otherwise dropped.
338
339 IPv6ICMPTypes - as - (ro)
340 The list of supported IPv6 ICMP types.
341
342 nf_conntrach_helper_setting - b - (ro)
343 Kernel nf_conntrack_helper setting.
344
345 nf_conntrack_helpers - a{sas} - (ro)
346 The list of conntrack helpers supported by the kernel.
347
348 nf_nat_helpers - a{sas} - (ro)
349 The list of nat helpers supported by the kernel.
350
351 interface_version - s - (ro)
352 firewalld D-Bus interface version string.
353
354 state - s - (ro)
355 firewalld state. This can be either INIT, FAILED, or RUNNING.
356 In INIT state, firewalld is starting up and initializing. In
357 FAILED state, firewalld completely started but experienced a
358 failure.
359
360 version - s - (ro)
361 firewalld version string.
362
363 org.fedoraproject.FirewallD1.ipset
364 Operations in this interface allows to get, add, remove and query
365 runtime ipset settings. For permanent configuration see
366 org.fedoraproject.FirewallD1.config.ipset interface.
367
368 Methods
369 addEntry(s: ipset, s: entry) → as
370 Add a new entry to ipset. The entry must match the type of the
371 ipset. If the ipset is using the timeout option, it is not
372 possible to see the entries, as they are timing out
373 automatically in the kernel. For permanent operation see
374 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
375
376 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
377
378 getEntries(s: ipset) → Nothing
379 Get all entries added to the ipset. If the ipset is using the
380 timeout option, it is not possible to see the entries, as they
381 are timing out automatically in the kernel. Return value is a
382 array of entry. For permanent operation see
383 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
384
385 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
386
387 getSettings(s: ipset) → (ssssa{ss}as)
388 Return runtime settings of given ipset. For getting permanent
389 settings see
390 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
391 Settings are in format: version, name, description, type,
392 dictionary of options and array of entries.
393
394 version (s): see version attribute of ipset tag in
395 firewalld.ipset(5).
396
397 name (s): see short tag in firewalld.ipset(5).
398
399 description (s): see description tag in firewalld.ipset(5).
400
401 type (s): see type attribute of ipset tag in
402 firewalld.ipset(5).
403
404 options (a{ss}): dictionary of {option : value} . See options
405 tag in firewalld.ipset(5).
406
407 entries (as): array of entries, see entry tag in
408 firewalld.ipset(5).
409
410 Possible errors: INVALID_IPSET
411
412 getIPSets() → as
413 Return array of ipset names (s) in runtime configuration. For
414 permanent configuration see
415 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
416
417 queryService(s: ipset, s: entry) → b
418 Return whether entry has been added to ipset. For permanent
419 operation see
420 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
421
422 Possible errors: INVALID_IPSET
423
424 queryService(s: ipset) → b
425 Return whether ipset is defined in runtime configuration.
426
427 removeEntry(s: ipset, s: entry) → as
428 Removes an entry from ipset. For permanent operation see
429 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
430
431 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
432
433 setEntries(as: entries) → Nothing
434 Permanently set list of entries to entries. For permanent
435 operation see
436 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
437 See entry tag in firewalld.ipset(5).
438
439 Signals
440 EntryAdded(s: ipset, s: entry)
441 Emitted when entry has been added to ipset.
442
443 EntryRemoved(s: ipset, s: entry)
444 Emitted when entry has been removed from ipset.
445
446 org.fedoraproject.FirewallD1.direct
447 This interface enables more direct access to the firewall. It enables
448 runtime manipulation with chains and rules. For permanent configuration
449 see org.fedoraproject.FirewallD1.config.direct interface.
450
451 Methods
452 addChain(s: ipv, s: table, s: chain) → Nothing
453 Add a new chain to table for ipv being either ipv4 (iptables)
454 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
455 other chain with this name already. There already exist basic
456 chains to use with direct methods, for example INPUT_direct
457 chain. These chains are jumped into before chains for zones,
458 i.e. every rule put into INPUT_direct will be checked before
459 rules in zones. For permanent operation see
460 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
461
462 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
463 COMMAND_FAILED
464
465 addPassthrough(s: ipv, as: args) → Nothing
466 Add a tracked passthrough rule with the arguments args for ipv
467 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
468 (ebtables). Valid commands in args are only -A/--append,
469 -I/--insert and -N/--new-chain. This method is (unlike
470 passthrough method) tracked, i.e. firewalld remembers it. It's
471 useful with
472 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
473 permanent operation see
474 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
475
476 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
477
478 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
479 Nothing
480 Add a rule with the arguments args to chain in table with
481 priority for ipv being either ipv4 (iptables) or ipv6
482 (ip6tables) or eb (ebtables). The priority is used to order
483 rules. Priority 0 means add rule on top of the chain, with a
484 higher priority the rule will be added further down. Rules with
485 the same priority are on the same level and the order of these
486 rules is not fixed and may change. If you want to make sure
487 that a rule will be added after another one, use a low priority
488 for the first and a higher for the following. For permanent
489 operation see
490 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
491
492 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
493 COMMAND_FAILED
494
495 getAllChains() → a(sss)
496 Get all chains added to all tables in format: ipv, table,
497 chain. This concerns only chains previously added with
498 addChain. Return value is a array of (ipv, table, chain). For
499 permanent operation see
500 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
501
502 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
503 (ebtables).
504
505 table (s): one of filter, mangle, nat, raw, security
506
507 chain (s): name of a chain.
508
509
510 getAllPassthroughs() → a(sas)
511 Get all tracked passthrough rules added in all ipv types in
512 format: ipv, rule. This concerns only rules previously added
513 with addPassthrough. Return value is a array of (ipv, array of
514 arguments). For permanent operation see
515 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
516
517 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
518 (ebtables).
519
520 arguments (as): array of commands, parameters and other
521 iptables/ip6tables/ebtables command line options.
522
523
524 getAllRules() → a(sssias)
525 Get all rules added to all chains in all tables in format: ipv,
526 table, chain, priority, rule. This concerns only rules
527 previously added with addRule. Return value is a array of (ipv,
528 table, chain, priority, array of arguments). For permanent
529 operation see
530 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
531
532 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
533 (ebtables).
534
535 table (s): one of filter, mangle, nat, raw, security
536
537 chain (s): name of a chain.
538
539 priority (i): used to order rules.
540
541 arguments (as): array of commands, parameters and other
542 iptables/ip6tables/ebtables command line options.
543
544
545 getChains(s: ipv, s: table) → as
546 Return an array of chains (s) added to table for ipv being
547 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
548 This concerns only chains previously added with addChain. For
549 permanent operation see
550 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
551
552 Possible errors: INVALID_IPV, INVALID_TABLE
553
554 getPassthroughs(s: ipv) → aas
555 Get tracked passthrough rules added in either ipv4 (iptables)
556 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
557 previously added with addPassthrough. Return value is a array
558 of (array of arguments). For permanent operation see
559 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
560
561 arguments (as): array of commands, parameters and other
562 iptables/ip6tables/ebtables command line options.
563
564
565 getRules(s: ipv, s: table, s: chain) → a(ias)
566 Get all rules added to chain in table for ipv being either ipv4
567 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
568 only rules previously added with addRule. Return value is a
569 array of (priority, array of arguments). For permanent
570 operation see
571 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
572
573 priority (i): used to order rules.
574
575 arguments (as): array of commands, parameters and other
576 iptables/ip6tables/ebtables command line options.
577
578 Possible errors: INVALID_IPV, INVALID_TABLE
579
580 passthrough(s: ipv, as: args) → s
581 Pass a command through to the firewall. ipv can be either ipv4
582 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
583 all iptables, ip6tables and ebtables command line arguments.
584 args can be all iptables, ip6tables and ebtables command line
585 arguments. This command is untracked, which means that
586 firewalld is not able to provide information about this command
587 later on.
588
589 Possible errors: COMMAND_FAILED
590
591 queryChain(s: ipv, s: table, s: chain) → b
592 Return whether a chain exists in table for ipv being either
593 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
594 concerns only chains previously added with addChain. For
595 permanent operation see
596 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
597
598 Possible errors: INVALID_IPV, INVALID_TABLE
599
600 queryPassthrough(s: ipv, as: args) → b
601 Return whether a tracked passthrough rule with the arguments
602 args exists for ipv being either ipv4 (iptables) or ipv6
603 (ip6tables) or eb (ebtables). This concerns only rules
604 previously added with addPassthrough. For permanent operation
605 see
606 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
607
608 Possible errors: INVALID_IPV
609
610 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
611 Return whether a rule with priority and the arguments args
612 exists in chain in table for ipv being either ipv4 (iptables)
613 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
614 previously added with addRule. For permanent operation see
615 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
616
617 Possible errors: INVALID_IPV, INVALID_TABLE
618
619 removeAllPassthroughs() → Nothing
620 Remove all passthrough rules previously added with
621 addPassthrough.
622
623 removeChain(s: ipv, s: table, s: chain) → Nothing
624 Remove a chain from table for ipv being either ipv4 (iptables)
625 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
626 added with addChain can be removed this way. For permanent
627 operation see
628 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
629
630 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
631 COMMAND_FAILED
632
633 removePassthrough(s: ipv, as: args) → Nothing
634 Remove a tracked passthrough rule with arguments args for ipv
635 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
636 (ebtables). Only rules previously added with addPassthrough can
637 be removed this way. For permanent operation see
638 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
639
640 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
641
642 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
643 Nothing
644 Remove a rule with priority and arguments args from chain in
645 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
646 or eb (ebtables). Only rules previously added with addRule can
647 be removed this way. For permanent operation see
648 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
649
650 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
651 COMMAND_FAILED
652
653 removeRules(s: ipv, s: table, s: chain) → Nothing
654 Remove all rules from chain in table for ipv being either ipv4
655 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
656 only rules previously added with addRule. For permanent
657 operation see
658 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
659
660 Possible errors: INVALID_IPV, INVALID_TABLE
661
662 Signals
663 ChainAdded(s: ipv, s: table, s: chain)
664 Emitted when chain has been added into table for ipv being
665 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
666
667 ChainRemoved(s: ipv, s: table, s: chain)
668 Emitted when chain has been removed from table for ipv being
669 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
670
671 PassthroughAdded(s: ipv, as: args)
672 Emitted when a tracked passthruogh rule with args has been
673 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
674 or eb (ebtables).
675
676 PassthroughRemoved(s: ipv, as: args)
677 Emitted when a tracked passthrough rule with args has been
678 removed for ipv being either ipv4 (iptables) or ipv6
679 (ip6tables) or eb (ebtables).
680
681 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
682 Emitted when a rule with args has been added to chain in table
683 with priority for ipv being either ipv4 (iptables) or ipv6
684 (ip6tables) or eb (ebtables).
685
686 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
687 Emitted when a rule with args has been removed from chain in
688 table with priority for ipv being either ipv4 (iptables) or
689 ipv6 (ip6tables) or eb (ebtables).
690
691 org.fedoraproject.FirewallD1.policies
692 Enables firewalld to be able to lock down configuration changes from
693 local applications. Local applications or services are able to change
694 the firewall configuration if they are running as root (example:
695 libvirt). With these operations administrator can lock the firewall
696 configuration so that either none or only applications that are in the
697 whitelist are able to request firewall changes. For permanent
698 configuration see org.fedoraproject.FirewallD1.config.policies
699 interface.
700
701 Methods
702 addLockdownWhitelistCommand(s: command) → Nothing
703 Add command to whitelist. See command option in
704 firewalld.lockdown-whitelist(5). For permanent operation see
705 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
706
707 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
708
709 addLockdownWhitelistContext(s: context) → Nothing
710 Add context to whitelist. See selinux option in
711 firewalld.lockdown-whitelist(5). For permanent operation see
712 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
713
714 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
715
716 addLockdownWhitelistUid(i: uid) → Nothing
717 Add user id uid to whitelist. See user option in
718 firewalld.lockdown-whitelist(5). For permanent operation see
719 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
720
721 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
722
723 addLockdownWhitelistUser(s: user) → Nothing
724 Add user name to whitelist. See user option in
725 firewalld.lockdown-whitelist(5). For permanent operation see
726 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
727
728 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
729
730 disableLockdown() → Nothing
731 Disable lockdown. This is a runtime and permanent change.
732
733 Possible errors: NOT_ENABLED
734
735 enableLockdown() → Nothing
736 Enable lockdown. Be careful - if the calling application/user
737 is not on lockdown whitelist when you enable lockdown you won't
738 be able to disable it again with the application, you would
739 need to edit firewalld.conf. This is a runtime and permanent
740 change.
741
742 Possible errors: ALREADY_ENABLED
743
744 getLockdownWhitelistCommands() → as
745 List all command lines (s) that are on whitelist. For permanent
746 operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
748
749 getLockdownWhitelistContexts() → as
750 List all contexts (s) that are on whitelist. For permanent
751 operation see
752 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
753
754 getLockdownWhitelistUids() → ai
755 List all user ids (i) that are on whitelist. For permanent
756 operation see
757 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
758
759 getLockdownWhitelistUsers() → as
760 List all users (s) that are on whitelist. For permanent
761 operation see
762 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
763
764 queryLockdown() → b
765 Query whether lockdown is enabled.
766
767 queryLockdownWhitelistCommand(s: command) → b
768 Query whether command is on whitelist. For permanent operation
769 see
770 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
771
772 queryLockdownWhitelistContext(s: context) → b
773 Query whether context is on whitelist. For permanent operation
774 see
775 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
776
777 queryLockdownWhitelistUid(i: uid) → b
778 Query whether user id uid is on whitelist. For permanent
779 operation see
780 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
781
782 queryLockdownWhitelistUser(s: user) → b
783 Query whether user is on whitelist. For permanent operation see
784 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
785
786 removeLockdownWhitelistCommand(s: command) → Nothing
787 Remove command from whitelist. For permanent operation see
788 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
789
790 Possible errors: NOT_ENABLED
791
792 removeLockdownWhitelistContext(s: context) → Nothing
793 Remove context from whitelist. For permanent operation see
794 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
795
796 Possible errors: NOT_ENABLED
797
798 removeLockdownWhitelistUid(i: uid) → Nothing
799 Remove user id uid from whitelist. For permanent operation see
800 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
801
802 Possible errors: NOT_ENABLED
803
804 removeLockdownWhitelistUser(s: user) → Nothing
805 Remove user from whitelist. For permanent operation see
806 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
807
808 Possible errors: NOT_ENABLED
809
810 Signals
811 LockdownDisabled()
812 Emitted when lockdown has been disabled.
813
814 LockdownEnabled()
815 Emitted when lockdown has been enabled.
816
817 LockdownWhitelistCommandAdded(s: command)
818 Emitted when command has been added to whitelist.
819
820 LockdownWhitelistCommandRemoved(s: command)
821 Emitted when command has been removed from whitelist.
822
823 LockdownWhitelistContextAdded(s: context)
824 Emitted when context has been added to whitelist.
825
826 LockdownWhitelistContextRemoved(s: context)
827 Emitted when context has been removed from whitelist.
828
829 LockdownWhitelistUidAdded(i: uid)
830 Emitted when user id uid has been added to whitelist.
831
832 LockdownWhitelistUidRemoved(i: uid)
833 Emitted when user id uid has been removed from whitelist.
834
835 LockdownWhitelistUserAdded(s: user)
836 Emitted when user has been added to whitelist.
837
838 LockdownWhitelistUserRemoved(s: user)
839 Emitted when user has been removed from whitelist.
840
841 org.fedoraproject.FirewallD1.zone
842 Operations in this interface allows to get, add, remove and query
843 runtime zone's settings. For permanent settings see
844 org.fedoraproject.FirewallD1.config.zone interface.
845
846 Methods
847 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
848 i: timeout) → s
849 Add the IPv4 forward port into zone. If zone is empty, use
850 default zone. The port can either be a single port number
851 portid or a port range portid-portid. The protocol can either
852 be tcp or udp. The destination address is a simple IP address.
853 If timeout is non-zero, the operation will be active only for
854 the amount of seconds. For permanent settings see
855 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
856
857 Returns name of zone to which the forward port was added.
858
859 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
860 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
861 ALREADY_ENABLED, INVALID_COMMAND
862
863 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
864 Add an ICMP block icmp into zone. The icmp is the one of the
865 icmp types firewalld supports. To get a listing of supported
866 icmp types use
867 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
868 empty, use default zone. If timeout is non-zero, the operation
869 will be active only for the amount of seconds. For permanent
870 settings see
871 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
872
873 Returns name of zone to which the ICMP block was added.
874
875 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
876 ALREADY_ENABLED, INVALID_COMMAND
877
878 addIcmpBlockInversion(s: zone) → s
879 Add ICMP block inversion to zone. If zone is empty, use default
880 zone. For permanent settings see
881 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
882
883 Returns name of zone to which the ICMP block inversion was
884 added.
885
886 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
887
888 addInterface(s: zone, s: interface) → s
889 Bind interface with zone. From now on all traffic going through
890 the interface will respect the zone's settings. If zone is
891 empty, use default zone. For permanent settings see
892 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
893
894 Returns name of zone to which the interface was bound.
895
896 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
897 ALREADY_ENABLED, INVALID_COMMAND
898
899 addMasquerade(s: zone, i: timeout) → s
900 Enable masquerade in zone. If zone is empty, use default zone.
901 If timeout is non-zero, masquerading will be active for the
902 amount of seconds. For permanent settings see
903 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
904
905 Returns name of zone in which the masquerade was enabled.
906
907 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
908
909 addPort(s: zone, s: port, s: protocol, i: timeout) → s
910 Add port into zone. If zone is empty, use default zone. The
911 port can either be a single port number or a port range
912 portid-portid. The protocol can either be tcp or udp. If
913 timeout is non-zero, the operation will be active only for the
914 amount of seconds. For permanent settings see
915 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
916
917 Returns name of zone to which the port was added.
918
919 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
920 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
921
922 addProtocol(s: zone, s: protocol, i: timeout) → s
923 Add protocol into zone. If zone is empty, use default zone. The
924 protocol can be any protocol supported by the system. Please
925 have a look at /etc/protocols for supported protocols. If
926 timeout is non-zero, the operation will be active only for the
927 amount of seconds. For permanent settings see
928 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
929
930 Returns name of zone to which the protocol was added.
931
932 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
933 ALREADY_ENABLED, INVALID_COMMAND
934
935 addRichRule(s: zone, s: rule, i: timeout) → s
936 Add rich language rule into zone. For the rich language rule
937 syntax, please have a look at firewalld.direct(5). If zone is
938 empty, use default zone. If timeout is non-zero, the operation
939 will be active only for the amount of seconds. For permanent
940 settings see
941 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
942
943 Returns name of zone to which the rich language rule was added.
944
945 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
946 INVALID_COMMAND
947
948 addService(s: zone, s: service, i: timeout) → s
949 Add service into zone. If zone is empty, use default zone. If
950 timeout is non-zero, the operation will be active only for the
951 amount of seconds. To get a list of supported services, use
952 org.fedoraproject.FirewallD1.Methods.listServices. For
953 permanent settings see
954 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
955
956 Returns name of zone to which the service was added.
957
958 Possible errors: INVALID_ZONE, INVALID_SERVICE,
959 ALREADY_ENABLED, INVALID_COMMAND
960
961 addSource(s: zone, s: source) → s
962 Bind source with zone. From now on all traffic going from this
963 source will respect the zone's settings. A source address or
964 address range is either an IP address or a network IP address
965 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
966 network mask or a plain number. For IPv6 the mask is a plain
967 number. Use of host names is not supported. If zone is empty,
968 use default zone. For permanent settings see
969 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
970
971 Returns name of zone to which the source was bound.
972
973 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
974 INVALID_COMMAND
975
976 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
977 Add source port into zone. If zone is empty, use default zone.
978 The port can either be a single port number or a port range
979 portid-portid. The protocol can either be tcp or udp. If
980 timeout is non-zero, the operation will be active only for the
981 amount of seconds. For permanent settings see
982 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
983
984 Returns name of zone to which the port was added.
985
986 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
987 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
988
989 changeZone(s: zone, s: interface) → s
990 This function is deprecated, use
991 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
992 instead.
993
994 changeZoneOfInterface(s: zone, s: interface) → s
995 Change a zone an interface is bound to to zone. It's basically
996 removeInterface(interface) followed by addInterface(zone,
997 interface). If interface has not been bound to a zone before,
998 it behaves like addInterface. If zone is empty, use default
999 zone.
1000
1001 Returns name of zone to which the interface was bound.
1002
1003 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1004
1005 changeZoneOfSource(s: zone, s: source) → s
1006 Change a zone an source is bound to to zone. It's basically
1007 removeSource(source) followed by addSource(zone, source). If
1008 source has not been bound to a zone before, it behaves like
1009 addSource. If zone is empty, use default zone.
1010
1011 Returns name of zone to which the source was bound.
1012
1013 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1014
1015 getActiveZones() → a{sa{sas}}
1016 Return dictionary of currently active zones altogether with
1017 interfaces and sources used in these zones. Active zones are
1018 zones, that have a binding to an interface or source.
1019
1020 Return value is a dictionary where keys are zone names (s) and
1021 values are again dictionaries where keys are either
1022 'interfaces' or 'sources' and values are arrays of interface
1023 names (s) or sources (s).
1024
1025 getForwardPorts(s: zone) → aas
1026 Return array of IPv4 forward ports previously added into zone.
1027 If zone is empty, use default zone. For getting permanent
1028 settings see
1029 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1030
1031 Return value is array of 4-tuples, where each 4-tuple consists
1032 of (port, protocol, to-port, to-addr). to-addr might be empty
1033 in case of local forwarding.
1034
1035 Possible errors: INVALID_ZONE
1036
1037 getIcmpBlocks(s: zone) → as
1038 Return array of ICMP type (s) blocks previously added into
1039 zone. If zone is empty, use default zone. For getting permanent
1040 settings see
1041 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1042
1043 Possible errors: INVALID_ZONE
1044
1045 getIcmpBlockInversion(s: zone) → b
1046 Return whether ICMP block inversion was previously added to
1047 zone. If zone is empty, use default zone. For getting permanent
1048 settings see
1049 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1050
1051 Possible errors: INVALID_ZONE
1052
1053 getInterfaces(s: zone) → as
1054 Return array of interfaces (s) previously bound with zone. If
1055 zone is empty, use default zone. For getting permanent settings
1056 see
1057 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1058
1059 Possible errors: INVALID_ZONE
1060
1061 getPorts(s: zone) → aas
1062 Return array of ports (2-tuple of port and protocol) previously
1063 enabled in zone. If zone is empty, use default zone. For
1064 getting permanent settings see
1065 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1066
1067 Possible errors: INVALID_ZONE
1068
1069 getProtocols(s: zone) → as
1070 Return array of protocols (s) previously enabled in zone. If
1071 zone is empty, use default zone. For getting permanent settings
1072 see
1073 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1074
1075 Possible errors: INVALID_ZONE
1076
1077 getRichRules(s: zone) → as
1078 Return array of rich language rules (s) previously added into
1079 zone. If zone is empty, use default zone. For getting permanent
1080 settings see
1081 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1082
1083 Possible errors: INVALID_ZONE
1084
1085 getServices(s: zone) → as
1086 Return array of services (s) previously enabled in zone. If
1087 zone is empty, use default zone. For getting permanent settings
1088 see
1089 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1090
1091 Possible errors: INVALID_ZONE
1092
1093 getSourcePorts(s: zone) → aas
1094 Return array of source ports (2-tuple of port and protocol)
1095 previously enabled in zone. If zone is empty, use default zone.
1096 For getting permanent settings see
1097 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1098
1099 Possible errors: INVALID_ZONE
1100
1101 getSources(s: zone) → as
1102 Return array of sources (s) previously bound with zone. If zone
1103 is empty, use default zone. For getting permanent settings see
1104 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1105
1106 Possible errors: INVALID_ZONE
1107
1108 getZoneOfInterface(s: interface) → s
1109 Return name (s) of zone the interface is bound to or empty
1110 string.
1111
1112 getZoneOfSource(s: source) → s
1113 Return name (s) of zone the source is bound to or empty string.
1114
1115 getZones() → as
1116 Return array of names (s) of predefined zones known to current
1117 runtime environment. For list of zones known to permanent
1118 environment see
1119 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1120 lists (of zones known to runtime and permanent environment)
1121 will contain same zones in most cases, but might differ for
1122 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1123 has been called recently, but firewalld has not been reloaded
1124 since then.
1125
1126 isImmutable(s: zone) → b
1127 Deprecated.
1128
1129 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1130 toaddr) → b
1131 Return whether the IPv4 forward port (port, protocol, toport,
1132 toaddr) has been added into zone. If zone is empty, use default
1133 zone. For permanent operation see
1134 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1135
1136 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1137 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1138
1139 queryIcmpBlock(s: zone, s: icmp) → b
1140 Return whether an ICMP block for icmp has been added into zone.
1141 If zone is empty, use default zone. For permanent operation see
1142 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1143
1144 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1145
1146 queryIcmpBlockInversion(s: zone) → b
1147 Return whether ICMP block inversion has been added to zone. If
1148 zone is empty, use default zone. For permanent operation see
1149 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1150
1151 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1152
1153 queryInterface(s: zone, s: interface) → b
1154 Query whether interface has been bound to zone. If zone is
1155 empty, use default zone. For permanent operation see
1156 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1157
1158 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1159
1160 queryMasquerade(s: zone) → b
1161 Return whether masquerading has been enabled in zone If zone is
1162 empty, use default zone. For permanent operation see
1163 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1164
1165 Possible errors: INVALID_ZONE
1166
1167 queryPort(s: zone, s: port, s: protocol) → b
1168 Return whether port/protocol has been added in zone. If zone is
1169 empty, use default zone. For permanent operation see
1170 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1171
1172 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1173 INVALID_PROTOCOL
1174
1175 queryProtocol(s: zone, s: protocol) → b
1176 Return whether protocol has been added in zone. If zone is
1177 empty, use default zone. For permanent operation see
1178 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1179
1180 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1181
1182 queryRichRule(s: zone, s: rule) → b
1183 Return whether rich rule rule has been added in zone. If zone
1184 is empty, use default zone. For permanent operation see
1185 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1186
1187 Possible errors: INVALID_ZONE, INVALID_RULE
1188
1189 queryService(s: zone, s: service) → b
1190 Return whether service has been added for zone. If zone is
1191 empty, use default zone. For permanent operation see
1192 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1193
1194 Possible errors: INVALID_ZONE, INVALID_SERVICE
1195
1196 querySource(s: zone, s: source) → b
1197 Query whether sourcehas been bound to zone. If zone is empty,
1198 use default zone. For permanent operation see
1199 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1200
1201 Possible errors: INVALID_ZONE, INVALID_ADDR
1202
1203 querySourcePort(s: zone, s: port, s: protocol) → b
1204 Return whether port/protocol has been added in zone. If zone is
1205 empty, use default zone. For permanent operation see
1206 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1207
1208 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1209 INVALID_PROTOCOL
1210
1211 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1212 toaddr) → s
1213 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1214 from zone. If zone is empty, use default zone. For permanent
1215 operation see
1216 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1217
1218 Returns name of zone from which the forward port was removed.
1219
1220 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1221 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1222 INVALID_COMMAND
1223
1224 removeIcmpBlock(s: zone, s: icmp) → s
1225 Remove ICMP block icmp from zone. If zone is empty, use default
1226 zone. For permanent operation see
1227 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1228
1229 Returns name of zone from which the ICMP block was removed.
1230
1231 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1232 INVALID_COMMAND
1233
1234 removeIcmpBlockInversion(s: zone) → s
1235 Remove ICMP block inversion from zone. If zone is empty, use
1236 default zone. For permanent operation see
1237 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1238
1239 Returns name of zone from which the ICMP block inversion was
1240 removed.
1241
1242 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1243
1244 removeInterface(s: zone, s: interface) → s
1245 Remove binding of interface from zone. If zone is empty, the
1246 interface will be removed from zone it belongs to. For
1247 permanent operation see
1248 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1249
1250 Returns name of zone from which the interface was removed.
1251
1252 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1253 INVALID_COMMAND
1254
1255 removeMasquerade(s: zone) → s
1256 Disable masquerade for zone. If zone is empty, use default
1257 zone. For permanent operation see
1258 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1259
1260 Returns name of zone for which the masquerade was disabled.
1261
1262 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1263
1264 removePort(s: zone, s: port, s: protocol) → s
1265 Remove port/protocol from zone. If zone is empty, use default
1266 zone. For permanent operation see
1267 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1268
1269 Returns name of zone from which the port was removed.
1270
1271 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1272 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1273
1274 removeProtocol(s: zone, s: protocol) → s
1275 Remove protocol from zone. If zone is empty, use default zone.
1276 For permanent operation see
1277 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1278
1279 Returns name of zone from which the protocol was removed.
1280
1281 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1282 INVALID_COMMAND
1283
1284 removeRichRule(s: zone, s: rule) → s
1285 Remove rich language rule from zone. If zone is empty, use
1286 default zone. For permanent operation see
1287 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1288
1289 Returns name of zone from which the rich language rule was
1290 removed.
1291
1292 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1293 INVALID_COMMAND
1294
1295 removeService(s: zone, s: service) → s
1296 Remove service from zone. If zone is empty, use default zone.
1297 For permanent operation see
1298 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1299
1300 Returns name of zone from which the service was removed.
1301
1302 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1303 INVALID_COMMAND
1304
1305 removeSource(s: zone, s: source) → s
1306 Remove binding of source from zone. If zone is empty, the
1307 source will be removed from zone it belongs to. For permanent
1308 operation see
1309 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1310
1311 Returns name of zone from which the source was removed.
1312
1313 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1314 INVALID_COMMAND
1315
1316 removeSourcePort(s: zone, s: port, s: protocol) → s
1317 Remove port/protocol from zone. If zone is empty, use default
1318 zone. For permanent operation see
1319 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1320
1321 Returns name of zone from which the source port was removed.
1322
1323 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1324 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1325
1326 Signals
1327 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1328 toaddr, i: timeout)
1329 Emitted when forward port has been added to zone with timeout.
1330
1331 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1332 toaddr)
1333 Emitted when forward port has been removed from zone.
1334
1335 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1336 Emitted when ICMP block for icmp has been added to zone with
1337 timeout.
1338
1339 IcmpBlockInversionAdded(s: zone)
1340 Emitted when ICMP block inversion has been added to zone.
1341
1342 IcmpBlockInversionRemoved(s: zone)
1343 Emitted when ICMP block inversion has been removed from zone.
1344
1345 IcmpBlockRemoved(s: zone, s: icmp)
1346 Emitted when ICMP block for icmp has been removed from zone.
1347
1348 InterfaceAdded(s: zone, s: interface)
1349 Emitted when interface has been added to zone.
1350
1351 InterfaceRemoved(s: zone, s: interface)
1352 Emitted when interface has been removed from zone.
1353
1354 MasqueradeAdded(s: zone, i: timeout)
1355 Emitted when masquerade has been enabled for zone.
1356
1357 MasqueradeRemoved(s: zone)
1358 Emitted when masquerade has been disabled for zone.
1359
1360 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1361 Emitted when port/protocol has been added to zone with timeout.
1362
1363 PortRemoved(s: zone, s: port, s: protocol)
1364 Emitted when port/protocol has been removed from zone.
1365
1366 ProtocolAdded(s: zone, s: protocol, i: timeout)
1367 Emitted when protocol has been added to zone with timeout.
1368
1369 ProtocolRemoved(s: zone, s: protocol)
1370 Emitted when protocol has been removed from zone.
1371
1372 RichRuleAdded(s: zone, s: rule, i: timeout)
1373 Emitted when rich language rule has been added to zone with
1374 timeout.
1375
1376 RichRuleRemoved(s: zone, s: rule)
1377 Emitted when rich language rule has been removed from zone.
1378
1379 ServiceAdded(s: zone, s: service, i: timeout)
1380 Emitted when service has been added to zone with timeout.
1381
1382 ServiceRemoved(s: zone, s: service)
1383 Emitted when service has been removed from zone.
1384
1385 SourceAdded(s: zone, s: source)
1386 Emitted when source has been added to zone.
1387
1388 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1389 Emitted when source-port/protocol has been added to zone with
1390 timeout.
1391
1392 SourcePortRemoved(s: zone, s: port, s: protocol)
1393 Emitted when source-port/protocol has been removed from zone.
1394
1395 SourceRemoved(s: zone, s: source)
1396 Emitted when source has been removed from zone.
1397
1398 ZoneChanged(s: zone, s: interface)
1399 Deprecated
1400
1401 ZoneOfInterfaceChanged(s: zone, s: interface)
1402 Emitted when a zone an interface is part of has been changed to
1403 zone.
1404
1405 ZoneOfSourceChanged(s: zone, s: source)
1406 Emitted when a zone an source is part of has been changed to
1407 zone.
1408
1409 org.fedoraproject.FirewallD1.config
1410 Allows to permanently add, remove and query zones, services and icmp
1411 types.
1412
1413 Methods
1414 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1415 Add ipset with given settings into permanent configuration.
1416 Settings are in format: version, name, description, type,
1417 dictionary of options and array of entries.
1418
1419 version (s): see version attribute of ipset tag in
1420 firewalld.ipset(5).
1421
1422 name (s): see short tag in firewalld.ipset(5).
1423
1424 description (s): see description tag in firewalld.ipset(5).
1425
1426 type (s): see type attribute of ipset tag in
1427 firewalld.ipset(5).
1428
1429 options (a{ss}): dictionary of {option : value} . See options
1430 tag in firewalld.ipset(5).
1431
1432 entries (as): array of entries, see entry tag in
1433 firewalld.ipset(5).
1434
1435 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1436
1437 addIcmpType(s: icmptype, (sssas): settings) → o
1438 Add icmptype with given settings into permanent configuration.
1439 Settings are in format: version, name, description, array of
1440 destinations. Returns object path of the new icmp type.
1441
1442 version (s): see version attribute of icmptype tag in
1443 firewalld.icmptype(5).
1444
1445 name (s): see short tag in firewalld.icmptype(5).
1446
1447 description (s): see description tag in firewalld.icmptype(5).
1448
1449 destinations (as): array, either empty or containing strings
1450 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1451
1452 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1453
1454 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1455 Add service with given settings into permanent configuration.
1456 Settings are in format: version, name, description, array of
1457 ports (port, protocol), array of module names, dictionary of
1458 destinations, array of protocols and array of source-ports
1459 (port, protocol). Returns object path of the new icmp type.
1460
1461 version (s): see version attribute of service tag in
1462 firewalld.service(5).
1463
1464 name (s): see short tag in firewalld.service(5).
1465
1466 description (s): see description tag in firewalld.service(5).
1467
1468 ports (a(ss)): array of port and protocol pairs. See port tag
1469 in firewalld.service(5).
1470
1471 module names (as): array of kernel netfilter helpers, see
1472 module tag in firewalld.service(5).
1473
1474 destinations (a{ss}): dictionary of {IP family : IP address}
1475 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1476 destination tag in firewalld.service(5).
1477
1478 protocols (as): array of protocols. See protocol tag in
1479 firewalld.service(5).
1480
1481 source-ports (a(ss)): array of port and protocol pairs. See
1482 source-port tag in firewalld.service(5).
1483
1484 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1485
1486 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1487 o
1488 Add zone with given settings into permanent configuration.
1489 Settings are in format: version, name, description, UNUSED,
1490 target, array of services, array of ports (port, protocol),
1491 array of icmp-blocks, masquerade, array of forward-ports (port,
1492 protocol, to-port, to-addr), array of interfaces, array of
1493 sources, array of rich rules, array of protocols and array of
1494 source-ports (port, protocol).
1495
1496 version (s): see version attribute of zone tag in
1497 firewalld.zone(5).
1498
1499 name (s): see short tag in firewalld.zone(5).
1500
1501 description (s): see description tag in firewalld.zone(5).
1502
1503 UNUSED (b): this boolean value is no longer used for anything.
1504
1505 target (s): see target attribute of zone tag in
1506 firewalld.zone(5).
1507
1508 services (as): array of service names, see service tag in
1509 firewalld.zone(5).
1510
1511 ports (a(ss)): array of port and protocol pairs. See port tag
1512 in firewalld.zone(5).
1513
1514 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1515 firewalld.zone(5).
1516
1517 masquerade (b): see masquerade tag in firewalld.zone(5).
1518
1519 forward-ports (a(ssss)): array of (port, protocol, to-port,
1520 to-addr). See forward-port tag in firewalld.zone(5).
1521
1522 interfaces (as): array of interfaces. See interface tag in
1523 firewalld.zone(5).
1524
1525 source addresses (as): array of source addresses. See source
1526 tag in firewalld.zone(5).
1527
1528 rich rules (as): array of rich-language rules. See rule tag in
1529 firewalld.zone(5).
1530
1531 protocols (as): array of protocols. See protocol tag in
1532 firewalld.zone(5).
1533
1534 source-ports (a(ss)): array of port and protocol pairs. See
1535 source-port tag in firewalld.zone(5).
1536
1537 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1538
1539 getHelperByName(s: helper) → o
1540 Return object path (permanent configuration) of helper with
1541 given name.
1542
1543 Possible errors: INVALID_HELPER
1544
1545 getHelperNames() → as
1546 Return list of helper names (permanent configuration).
1547
1548 getIPSetByName(s: ipset) → o
1549 Return object path (permanent configuration) of ipset with
1550 given name.
1551
1552 Possible errors: INVALID_IPSET
1553
1554 getIPSetNames() → as
1555 Return list of ipset names (permanent configuration).
1556
1557 getIcmpTypeByName(s: icmptype) → o
1558 Return object path (permanent configuration) of icmptype with
1559 given name.
1560
1561 Possible errors: INVALID_ICMPTYPE
1562
1563 getIcmpTypeNames() → as
1564 Return list of icmptype names (permanent configuration).
1565
1566 getServiceByName(s: service) → o
1567 Return object path (permanent configuration) of service with
1568 given name.
1569
1570 Possible errors: INVALID_SERVICE
1571
1572 getServiceNames() → as
1573 Return list of service names (permanent configuration).
1574
1575 getZoneByName(s: zone) → o
1576 Return object path (permanent configuration) of zone with given
1577 name.
1578
1579 Possible errors: INVALID_ZONE
1580
1581 getZoneNames() → as
1582 Return list of zone names (permanent configuration) of.
1583
1584 getZoneOfInterface(s: iface) → s
1585 Return name of zone the iface is bound to or empty string.
1586
1587 getZoneOfSource(s: source) → s
1588 Return name of zone the source is bound to or empty string.
1589
1590 listHelpers() → ao
1591 Return array of object paths (o) of helper in permanent
1592 configuration. For runtime configuration see
1593 org.fedoraproject.FirewallD1.Methods.getHelpers.
1594
1595 listIPSets() → ao
1596 Return array of object paths (o) of ipset in permanent
1597 configuration. For runtime configuration see
1598 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1599
1600 listIcmpTypes() → ao
1601 Return array of object paths (o) of icmp types in permanent
1602 configuration. For runtime configuration see
1603 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1604
1605 listServices() → ao
1606 Return array of objects paths (o) of services in permanent
1607 configuration. For runtime configuration see
1608 org.fedoraproject.FirewallD1.Methods.listServices.
1609
1610 listZones() → ao
1611 List object paths of zones known to permanent environment. For
1612 list of zones known to runtime environment see
1613 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1614 (of zones known to runtime and permanent environment) will
1615 contain same zones in most cases, but might differ for example
1616 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1617 called recently, but firewalld has not been reloaded since
1618 then.
1619
1620 Signals
1621 HelperAdded(s: helper)
1622 Emitted when helper has been added.
1623
1624 IPSetAdded(s: ipset)
1625 Emitted when ipset has been added.
1626
1627 IcmpTypeAdded(s: icmptype)
1628 Emitted when icmptype has been added.
1629
1630 ServiceAdded(s: service)
1631 Emitted when service has been added.
1632
1633 ZoneAdded(s: zone)
1634 Emitted when zone has been added.
1635
1636 Properties
1637 AutomaticHelpers - s - (rw)
1638 Indicates whether automatic helper assignment in kernel should
1639 be used or not. With the system setting this is left to the
1640 kernel or system default.
1641
1642 CleanupOnExit - s - (rw)
1643 If firewalld stops, it cleans up all firewall rules. Setting
1644 this option to no or false leaves the current firewall rules
1645 untouched.
1646
1647 DefaultZone - s - (ro)
1648 Default zone for connections or interfaces if the zone is not
1649 selected or specified by NetworkManager, initscripts or command
1650 line tool.
1651
1652 FirewallBackend - s - (rw)
1653 Selects the firewalld backend for all rules except the direct
1654 interface. Valid options are; nftables, iptables. Default in
1655 nftables.
1656
1657 FirewallBackend - s - (rw)
1658 Flush all runtime rules on a reload. Valid options are; yes,
1659 no.
1660
1661 IPv6_rpfilter - s - (rw)
1662 Indicates whether the reverse path filter test on a packet for
1663 IPv6 is enabled. If a reply to the packet would be sent via the
1664 same interface that the packet arrived on, the packet will
1665 match and be accepted, otherwise dropped.
1666
1667 IndividualCalls - s - (ro)
1668 Indicates whether individual calls combined -restore calls are
1669 used. If enabled, this increases the time that is needed to
1670 apply changes and to start the daemon, but is good for
1671 debugging.
1672
1673 Lockdown - s - (rw)
1674 If this property is enabled, firewall changes with the D-Bus
1675 interface will be limited to applications that are listed in
1676 the lockdown whitelist.
1677
1678 LogDenied - s - (rw)
1679 If LogDenied is enabled, then logging rules are added right
1680 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1681 chains for the default rules and also final reject and drop
1682 rules in zones. Possible values are: all, unicast, broadcast,
1683 multicast and off.
1684
1685 MinimalMark - i - (rw)
1686 For some firewall settings several rules are needed in
1687 different tables to be able to handle packets in the correct
1688 way. To achieve that these packets are marked using the MARK
1689 target. With the MinimalMark property a block of marks can be
1690 reserved for private use; only marks over this value are used.
1691
1692 FirewallBackend - s - (rw)
1693 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1694 addresses that correspond to IPv4 addresses that should not be
1695 routed over the public internet. Valid options are; yes, no.
1696
1697 org.fedoraproject.FirewallD1.config.direct
1698 Interface for permanent direct configuration, see also
1699 firewalld.direct(5). For runtime direct configuration see
1700 org.fedoraproject.FirewallD1.direct interface.
1701
1702 Methods
1703 addChain(s: ipv, s: table, s: chain) → Nothing
1704 Add a new chain to table for ipv being either ipv4 (iptables)
1705 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1706 other chain with this name already. There already exist basic
1707 chains to use with direct methods, for example INPUT_direct
1708 chain. These chains are jumped into before chains for zones,
1709 i.e. every rule put into INPUT_direct will be checked before
1710 rules in zones. For runtime operation see
1711 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1712
1713 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1714
1715 addPassthrough(s: ipv, as: args) → Nothing
1716 Add a passthrough rule with the arguments args for ipv being
1717 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1718 For runtime operation see
1719 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1720
1721 Possible errors: INVALID_IPV, ALREADY_ENABLED
1722
1723 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1724 Nothing
1725 Add a rule with the arguments args to chain in table with
1726 priority for ipv being either ipv4 (iptables) or ipv6
1727 (ip6tables) or eb (ebtables). The priority is used to order
1728 rules. Priority 0 means add rule on top of the chain, with a
1729 higher priority the rule will be added further down. Rules with
1730 the same priority are on the same level and the order of these
1731 rules is not fixed and may change. If you want to make sure
1732 that a rule will be added after another one, use a low priority
1733 for the first and a higher for the following. For runtime
1734 operation see
1735 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1736
1737 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1738
1739 getAllChains() → a(sss)
1740 Get all chains added to all tables in format: ipv, table,
1741 chain. This concerns only chains previously added with
1742 addChain. Return value is a array of (ipv, table, chain). For
1743 runtime operation see
1744 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1745
1746 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1747 (ebtables).
1748
1749 table (s): one of filter, mangle, nat, raw, security
1750
1751 chain (s): name of a chain.
1752
1753
1754 getAllPassthroughs() → a(sas)
1755 Get all passthrough rules added in all ipv types in format:
1756 ipv, rule. This concerns only rules previously added with
1757 addPassthrough. Return value is a array of (ipv, array of
1758 arguments). For runtime operation see
1759 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1760
1761 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1762 (ebtables).
1763
1764 arguments (as): array of commands, parameters and other
1765 iptables/ip6tables/ebtables command line options.
1766
1767
1768 getAllRules() → a(sssias)
1769 Get all rules added to all chains in all tables in format: ipv,
1770 table, chain, priority, rule. This concerns only rules
1771 previously added with addRule. Return value is a array of (ipv,
1772 table, chain, priority, array of arguments). For runtime
1773 operation see
1774 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1775
1776 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1777 (ebtables).
1778
1779 table (s): one of filter, mangle, nat, raw, security
1780
1781 chain (s): name of a chain.
1782
1783 priority (i): used to order rules.
1784
1785 arguments (as): array of commands, parameters and other
1786 iptables/ip6tables/ebtables command line options.
1787
1788
1789 getChains(s: ipv, s: table) → as
1790 Return an array of chains (s) added to table for ipv being
1791 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1792 This concerns only chains previously added with addChain. For
1793 runtime operation see
1794 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1795
1796 Possible errors: INVALID_IPV, INVALID_TABLE
1797
1798 getPassthroughs(s: ipv) → aas
1799 Get tracked passthrough rules added in either ipv4 (iptables)
1800 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1801 previously added with addPassthrough. Return value is a array
1802 of (array of arguments). For runtime operation see
1803 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1804
1805 arguments (as): array of commands, parameters and other
1806 iptables/ip6tables/ebtables command line options.
1807
1808
1809 getRules(s: ipv, s: table, s: chain) → a(ias)
1810 Get all rules added to chain in table for ipv being either ipv4
1811 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1812 only rules previously added with addRule. Return value is a
1813 array of (priority, array of arguments). For runtime operation
1814 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1815
1816 priority (i): used to order rules.
1817
1818 arguments (as): array of commands, parameters and other
1819 iptables/ip6tables/ebtables command line options.
1820
1821 Possible errors: INVALID_IPV, INVALID_TABLE
1822
1823 getSettings() → (a(sss)a(sssias)a(sas))
1824 Get settings of permanent direct configuration in format: array
1825 of chains, array of rules, array of passthroughs.
1826
1827 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1828 firewalld.direct(5).
1829 .
1830 .PP rules (a(sssias)): array of (ipv, table,
1831 chain, priority, array of arguments), see 'rule' in
1832 firewalld.direct(5).
1833 .
1834 .PP passthroughs (a(sas)): array of (ipv,
1835 array of arguments), see passthrough in firewalld.direct(5).
1836 .
1837 .sp
1838
1839 queryChain(s: ipv, s: table, s: chain) → b
1840 Return whether a chain exists in table for ipv being either
1841 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1842 concerns only chains previously added with addChain. For
1843 runtime operation see
1844 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1845
1846 Possible errors: INVALID_IPV, INVALID_TABLE
1847
1848 queryPassthrough(s: ipv, as: args) → b
1849 Return whether a tracked passthrough rule with the arguments
1850 args exists for ipv being either ipv4 (iptables) or ipv6
1851 (ip6tables) or eb (ebtables). This concerns only rules
1852 previously added with addPassthrough. For runtime operation see
1853 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1854
1855 Possible errors: INVALID_IPV
1856
1857 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1858 Return whether a rule with priority and the arguments args
1859 exists in chain in table for ipv being either ipv4 (iptables)
1860 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1861 previously added with addRule. For runtime operation see
1862 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1863
1864 Possible errors: INVALID_IPV, INVALID_TABLE
1865
1866 removeChain(s: ipv, s: table, s: chain) → Nothing
1867 Remove a chain from table for ipv being either ipv4 (iptables)
1868 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1869 added with addChain can be removed this way. For runtime
1870 operation see
1871 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1872
1873 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1874
1875 removePassthrough(s: ipv, as: args) → Nothing
1876 Remove a passthrough rule with arguments args for ipv being
1877 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1878 Only rules previously added with addPassthrough can be removed
1879 this way. For runtime operation see
1880 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1881
1882 Possible errors: INVALID_IPV, NOT_ENABLED
1883
1884 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1885 Nothing
1886 Remove a rule with priority and arguments args from chain in
1887 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1888 or eb (ebtables). Only rules previously added with addRule can
1889 be removed this way. For runtime operation see
1890 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1891
1892 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1893
1894 removeRules(s: ipv, s: table, s: chain) → Nothing
1895 Remove all rules from chain in table for ipv being either ipv4
1896 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1897 only rules previously added with addRule. For runtime operation
1898 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1899
1900 Possible errors: INVALID_IPV, INVALID_TABLE
1901
1902 update((a(sss)a(sssias)a(sas)): settings) → Nothing
1903 Update permanent direct configuration with given settings.
1904 Settings are in format: array of chains, array of rules, array
1905 of passthroughs.
1906
1907 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1908 firewalld.direct(5).
1909 .
1910 .PP rules (a(sssias)): array of (ipv, table,
1911 chain, priority, array of arguments), see 'rule' in
1912 firewalld.direct(5).
1913 .
1914 .PP passthroughs (a(sas)): array of (ipv,
1915 array of arguments), see passthrough in firewalld.direct(5).
1916 .
1917 .sp Possible errors: INVALID_TYPE
1918
1919 Signals
1920 Updated()
1921 Emitted when configuration has been updated.
1922
1923 org.fedoraproject.FirewallD1.config.policies
1924 Interface for permanent lockdown-whitelist configuration, see also
1925 firewalld.lockdown-whitelist(5). For runtime configuration see
1926 org.fedoraproject.FirewallD1.policies interface.
1927
1928 Methods
1929 addLockdownWhitelistCommand(s: command) → Nothing
1930 Add command to whitelist. See command option in
1931 firewalld.lockdown-whitelist(5). For runtime operation see
1932 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1933
1934 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1935
1936 addLockdownWhitelistContext(s: context) → Nothing
1937 Add context to whitelist. See selinux option in
1938 firewalld.lockdown-whitelist(5). For runtime operation see
1939 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1940
1941 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1942
1943 addLockdownWhitelistUid(i: uid) → Nothing
1944 Add user id uid to whitelist. See user option in
1945 firewalld.lockdown-whitelist(5). For runtime operation see
1946 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1947
1948 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1949
1950 addLockdownWhitelistUser(s: user) → Nothing
1951 Add user name to whitelist. See user option in
1952 firewalld.lockdown-whitelist(5). For runtime operation see
1953 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1954
1955 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1956
1957 getLockdownWhitelist() → (asasasai)
1958 Get settings of permanent lockdown-whitelist configuration in
1959 format: commands, selinux contexts, users, uids
1960
1961 commands (as): see command option in firewalld.lockdown-
1962 whitelist(5).
1963
1964 selinux contexts (as): see selinux option in
1965 firewalld.lockdown-whitelist(5).
1966
1967 users (as): see name attribute of user option in
1968 firewalld.lockdown-whitelist(5).
1969
1970 uids (ai): see id attribute of user option in
1971 firewalld.lockdown-whitelist(5).
1972
1973
1974 getLockdownWhitelistCommands() → as
1975 List all command lines (s) that are on whitelist. For runtime
1976 operation see
1977 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1978
1979 getLockdownWhitelistContexts() → as
1980 List all contexts (s) that are on whitelist. For runtime
1981 operation see
1982 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
1983
1984 getLockdownWhitelistUids() → ai
1985 List all user ids (i) that are on whitelist. For runtime
1986 operation see
1987 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
1988
1989 getLockdownWhitelistUsers() → as
1990 List all users (s) that are on whitelist. For runtime operation
1991 see
1992 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
1993
1994 queryLockdownWhitelistCommand(s: command) → b
1995 Query whether command is on whitelist. For runtime operation
1996 see
1997 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
1998
1999 queryLockdownWhitelistContext(s: context) → b
2000 Query whether context is on whitelist. For runtime operation
2001 see
2002 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2003
2004 queryLockdownWhitelistUid(i: uid) → b
2005 Query whether user id uid is on whitelist. For runtime
2006 operation see
2007 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2008
2009 queryLockdownWhitelistUser(s: user) → b
2010 Query whether user is on whitelist. For runtime operation see
2011 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2012
2013 removeLockdownWhitelistCommand(s: command) → Nothing
2014 Remove command from whitelist. For runtime operation see
2015 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2016
2017 Possible errors: NOT_ENABLED
2018
2019 removeLockdownWhitelistContext(s: context) → Nothing
2020 Remove context from whitelist. For runtime operation see
2021 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2022
2023 Possible errors: NOT_ENABLED
2024
2025 removeLockdownWhitelistUid(i: uid) → Nothing
2026 Remove user id uid from whitelist. For runtime operation see
2027 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2028
2029 Possible errors: NOT_ENABLED
2030
2031 removeLockdownWhitelistUser(s: user) → Nothing
2032 Remove user from whitelist. For runtime operation see
2033 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2034
2035 Possible errors: NOT_ENABLED
2036
2037 setLockdownWhitelist((asasasai): settings) → Nothing
2038 Set permanent lockdown-whitelist configuration to settings.
2039 Settings are in format: commands, selinux contexts, users, uids
2040
2041 commands (as): see command option in firewalld.lockdown-
2042 whitelist(5).
2043
2044 selinux contexts (as): see selinux option in
2045 firewalld.lockdown-whitelist(5).
2046
2047 users (as): see name attribute of user option in
2048 firewalld.lockdown-whitelist(5).
2049
2050 uids (ai): see id attribute of user option in
2051 firewalld.lockdown-whitelist(5).
2052
2053 Possible errors: INVALID_TYPE
2054
2055 Signals
2056 LockdownWhitelistUpdated()
2057 Emitted when permanent lockdown-whitelist configuration has
2058 been updated.
2059
2060 org.fedoraproject.FirewallD1.config.ipset
2061 Interface for permanent ipset configuration, see also
2062 firewalld.ipset(5).
2063
2064 Methods
2065 addEntry(s: entry) → Nothing
2066 Permanently add entry to list of entries of ipset. See entry
2067 tag in firewalld.ipset(5). For runtime operation see
2068 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2069
2070 Possible errors: ALREADY_ENABLED
2071
2072 addOption(s: key, s: value) → Nothing
2073 Permanently add (key, value) to the ipset. See option tag in
2074 firewalld.ipset(5).
2075
2076 Possible errors: ALREADY_ENABLED
2077
2078 getDescription() → s
2079 Get description of ipset. See description tag in
2080 firewalld.ipset(5).
2081
2082 getEntries() → as
2083 Get list of entries added to ipset. See entry tag in
2084 firewalld.ipset(5). For runtime operation see
2085 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2086
2087 Possible errors: IPSET_WITH_TIMEOUT
2088
2089 getOptions() → a{ss}
2090 Get dictionary of options set for ipset. See option tag in
2091 firewalld.ipset(5).
2092
2093 getSettings() → (ssssa{ss}as)
2094 Return permament settings of the ipset. For getting runtime
2095 settings see
2096 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2097 Settings are in format: version, name, description, type,
2098 dictionary of options and array of entries.
2099
2100 version (s): see version attribute of ipset tag in
2101 firewalld.ipset(5).
2102
2103 name (s): see short tag in firewalld.ipset(5).
2104
2105 description (s): see description tag in firewalld.ipset(5).
2106
2107 type (s): see type attribute of ipset tag in
2108 firewalld.ipset(5).
2109
2110 options (a{ss}): dictionary of {option : value} . See options
2111 tag in firewalld.ipset(5).
2112
2113 entries (as): array of entries, see entry tag in
2114 firewalld.ipset(5).
2115
2116
2117 getShort() → s
2118 Get name of ipset. See short tag in firewalld.ipset(5).
2119
2120 getType() → s
2121 Get type of ipset. See type attribute of ipset tag in
2122 firewalld.ipset(5).
2123
2124 getVersion() → s
2125 Get version of ipset. See version attribute of ipset tag in
2126 firewalld.ipset(5).
2127
2128 loadDefaults() → Nothing
2129 Load default settings for built-in ipset.
2130
2131 Possible errors: NO_DEFAULTS
2132
2133 queryEntry(s: entry) → b
2134 Return whether entry has been added to ipset. For runtime
2135 operation see
2136 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2137
2138 queryOption(s: key, s: value) → b
2139 Return whether (key, value) has been added to options of the
2140 ipset.
2141
2142 remove() → Nothing
2143 Remove not built-in ipset.
2144
2145 Possible errors: BUILTIN_IPSET
2146
2147 removeEntry(s: entry) → Nothing
2148 Permanently remove entry from ipset. See entry tag in
2149 firewalld.ipset(5). For runtime operation see
2150 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2151
2152 Possible errors: NOT_ENABLED
2153
2154 removeOption(s: key) → Nothing
2155 Permanently remove key from the ipset. See option tag in
2156 firewalld.ipset(5).
2157
2158 Possible errors: NOT_ENABLED
2159
2160 rename(s: name) → Nothing
2161 Rename not built-in ipset to name.
2162
2163 Possible errors: BUILTIN_IPSET
2164
2165 setDescription(s: description) → Nothing
2166 Permanently set description of ipset to description. See
2167 description tag in firewalld.ipset(5).
2168
2169 setEntries(as: entries) → Nothing
2170 Permanently set list of entries to entries. See entry tag in
2171 firewalld.ipset(5).
2172
2173 setOptions(a{ss}: options) → Nothing
2174 Permanently set dict of options to options. See option tag in
2175 firewalld.ipset(5).
2176
2177 setShort(s: short) → Nothing
2178 Permanently set name of ipset to short. See short tag in
2179 firewalld.ipset(5).
2180
2181 setType(s: ipset_type) → Nothing
2182 Permanently set type of ipset to ipset_type. See type attribute
2183 of ipset tag in firewalld.ipset(5).
2184
2185 setVersion(s: version) → Nothing
2186 Permanently set version of ipset to version. See version
2187 attribute of ipset tag in firewalld.ipset(5).
2188
2189 update((ssssa{ss}as): settings) → Nothing
2190 Update settings of ipset to settings. Settings are in format:
2191 version, name, description, type, dictionary of options and
2192 array of entries.
2193
2194 version (s): see version attribute of ipset tag in
2195 firewalld.ipset(5).
2196
2197 name (s): see short tag in firewalld.ipset(5).
2198
2199 description (s): see description tag in firewalld.ipset(5).
2200
2201 type (s): see type attribute of ipset tag in
2202 firewalld.ipset(5).
2203
2204 options (a{ss}): dictionary of {option : value} . See options
2205 tag in firewalld.ipset(5).
2206
2207 entries (as): array of entries, see entry tag in
2208 firewalld.ipset(5).
2209
2210 Possible errors: INVALID_TYPE
2211
2212 Signals
2213 Removed(s: name)
2214 Emitted when ipset with name has been removed.
2215
2216 Renamed(s: name)
2217 Emitted when ipset has been renamed to name.
2218
2219 Updated(s: name)
2220 Emitted when ipset with name has been updated.
2221
2222 Properties
2223 builtin - b - (ro)
2224 True if ipset is build-in, false else.
2225
2226 default - b - (ro)
2227 True if build-in ipset has default settings. False if it has
2228 been modified. Always False for not build-in ipsets.
2229
2230 filename - s - (ro)
2231 Name (including .xml extension) of file where the configuration
2232 is stored.
2233
2234 name - s - (ro)
2235 Name of ipset.
2236
2237 path - s - (ro)
2238 Path to directory where the ipset configuration is stored.
2239 Should be either /usr/lib/firewalld/ipsets or
2240 /etc/firewalld/ipsets.
2241
2242 org.fedoraproject.FirewallD1.config.zone
2243 Interface for permanent zone configuration, see also firewalld.zone(5).
2244
2245 Methods
2246 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2247 Nothing
2248 Permanently add (port, protocol, toport, toaddr) to list of
2249 forward ports of zone. See forward-port tag in
2250 firewalld.zone(5). For runtime operation see
2251 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2252
2253 Possible errors: ALREADY_ENABLED
2254
2255 addIcmpBlock(s: icmptype) → Nothing
2256 Permanently add icmptype to list of icmp types blocked in zone.
2257 See icmp-block tag in firewalld.zone(5). For runtime operation
2258 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2259
2260 Possible errors: ALREADY_ENABLED
2261
2262 addIcmpBlock(s: icmptype) → Nothing
2263 Permanently add icmp block inversion to zone. See
2264 icmp-block-inversion tag in firewalld.zone(5). For runtime
2265 operation see
2266 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2267
2268 Possible errors: ALREADY_ENABLED
2269
2270 addInterface(s: interface) → Nothing
2271 Permanently add interface to list of interfaces bound to zone.
2272 See interface tag in firewalld.zone(5). For runtime operation
2273 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2274
2275 Possible errors: ALREADY_ENABLED
2276
2277 addMasquerade() → Nothing
2278 Permanently enable masquerading in zone. See masquerade tag in
2279 firewalld.zone(5). For runtime operation see
2280 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2281
2282 Possible errors: ALREADY_ENABLED
2283
2284 addPort(s: port, s: protocol) → Nothing
2285 Permanently add (port, protocol) to list of ports of zone. See
2286 port tag in firewalld.zone(5). For runtime operation see
2287 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2288
2289 Possible errors: ALREADY_ENABLED
2290
2291 addProtocol(s: protocol) → Nothing
2292 Permanently add protocol into zone. The protocol can be any
2293 protocol supported by the system. Please have a look at
2294 /etc/protocols for supported protocols. For runtime operation
2295 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2296
2297 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2298
2299 addRichRule(s: rule) → Nothing
2300 Permanently add rule to list of rich-language rules in zone.
2301 See rule tag in firewalld.zone(5). For runtime operation see
2302 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2303
2304 Possible errors: ALREADY_ENABLED
2305
2306 addService(s: service) → Nothing
2307 Permanently add service to list of services used in zone. See
2308 service tag in firewalld.zone(5). For runtime operation see
2309 org.fedoraproject.FirewallD1.zone.Methods.addService.
2310
2311 Possible errors: ALREADY_ENABLED
2312
2313 addSource(s: source) → Nothing
2314 Permanently add source to list of source addresses bound to
2315 zone. See source tag in firewalld.zone(5). For runtime
2316 operation see
2317 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2318
2319 Possible errors: ALREADY_ENABLED
2320
2321 addSourcePort(s: port, s: protocol) → Nothing
2322 Permanently add (port, protocol) to list of source ports of
2323 zone. See source-port tag in firewalld.zone(5). For runtime
2324 operation see
2325 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2326
2327 Possible errors: ALREADY_ENABLED
2328
2329 getDescription() → s
2330 Get description of zone. See description tag in
2331 firewalld.zone(5).
2332
2333 getForwardPorts() → a(ssss)
2334 Get list of (port, protocol, toport, toaddr) defined in zone.
2335 See forward-port tag in firewalld.zone(5). For runtime
2336 operation see
2337 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2338
2339 getIcmpBlockInversion() → b
2340 Get icmp block inversion flag of zone. See icmp-block-inversion
2341 tag in firewalld.zone(5).
2342
2343 getIcmpBlocks() → as
2344 Get list of icmp type names blocked in zone. See icmp-block tag
2345 in firewalld.zone(5). For runtime operation see
2346 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2347
2348 getInterfaces() → as
2349 Get list of interfaces bound to zone. See interface tag in
2350 firewalld.zone(5). For runtime operation see
2351 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2352
2353 getMasquerade() → b
2354 Return whether masquerade is enabled in zone. This is the same
2355 as queryMasquerade() method. See masquerade tag in
2356 firewalld.zone(5).
2357
2358 getPorts() → a(ss)
2359 Get list of (port, protocol) defined in zone. See port tag in
2360 firewalld.zone(5). For runtime operation see
2361 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2362
2363 getProtocols() → as
2364 Return array of protocols (s) previously enabled in zone. For
2365 getting runtime settings see
2366 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2367
2368 getRichRules() → as
2369 Get list of rich-language rules in zone. See rule tag in
2370 firewalld.zone(5). For runtime operation see
2371 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2372
2373 getServices() → as
2374 Get list of service names used in zone. See service tag in
2375 firewalld.zone(5). For runtime operation see
2376 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2377
2378 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2379 Return permanent settings of given zone. For getting runtime
2380 settings see
2381 org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2382 are in format: version, name, description, UNUSED, target,
2383 array of services, array of ports (port, protocol), array of
2384 icmp-blocks, masquerade, array of forward-ports (port,
2385 protocol, to-port, to-addr), array of interfaces, array of
2386 sources, array of rich rules, array of protocols and array of
2387 source-ports (port, protocol).
2388
2389 version (s): see version attribute of zone tag in
2390 firewalld.zone(5).
2391
2392 name (s): see short tag in firewalld.zone(5).
2393
2394 description (s): see description tag in firewalld.zone(5).
2395
2396 UNUSED (b): this boolean value is no longer used for anything.
2397
2398 target (s): see target attribute of zone tag in
2399 firewalld.zone(5).
2400
2401 services (as): array of service names, see service tag in
2402 firewalld.zone(5).
2403
2404 ports (a(ss)): array of port and protocol pairs. See port tag
2405 in firewalld.zone(5).
2406
2407 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2408 firewalld.zone(5).
2409
2410 masquerade (b): see masquerade tag in firewalld.zone(5).
2411
2412 forward-ports (a(ssss)): array of (port, protocol, to-port,
2413 to-addr). See forward-port tag in firewalld.zone(5).
2414
2415 interfaces (as): array of interfaces. See interface tag in
2416 firewalld.zone(5).
2417
2418 source addresses (as): array of source addresses. See source
2419 tag in firewalld.zone(5).
2420
2421 rich rules (as): array of rich-language rules. See rule tag in
2422 firewalld.zone(5).
2423
2424 protocols (as): array of protocols. See protocol tag in
2425 firewalld.zone(5).
2426
2427 source-ports (a(ss)): array of port and protocol pairs. See
2428 source-port tag in firewalld.zone(5).
2429
2430
2431 getShort() → s
2432 Get name of zone. See short tag in firewalld.zone(5).
2433
2434 getSourcePorts() → a(ss)
2435 Get list of (port, protocol) defined in zone. See source-port
2436 tag in firewalld.zone(5). For runtime operation see
2437 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2438
2439 getSources() → as
2440 Get list of source addresses bound to zone. See source tag in
2441 firewalld.zone(5). For runtime operation see
2442 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2443
2444 getTarget() → s
2445 Get target of zone. See target attribute of zone tag in
2446 firewalld.zone(5).
2447
2448 getVersion() → s
2449 Get version of zone. See version attribute of zone tag in
2450 firewalld.zone(5).
2451
2452 loadDefaults() → Nothing
2453 Load default settings for built-in zone.
2454
2455 Possible errors: NO_DEFAULTS
2456
2457 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2458 Return whether (port, protocol, toport, toaddr) is in list of
2459 forward ports of zone. See forward-port tag in
2460 firewalld.zone(5). For runtime operation see
2461 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2462
2463 queryIcmpBlock(s: icmptype) → b
2464 Return whether icmptype is in list of icmp types blocked in
2465 zone. See icmp-block tag in firewalld.zone(5). For runtime
2466 operation see
2467 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2468
2469 queryIcmpBlockInversion() → b
2470 Return whether icmp block inversion is in enabled in zone. See
2471 icmp-block-inversion tag in firewalld.zone(5). For runtime
2472 operation see
2473 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2474
2475 queryInterface(s: interface) → b
2476 Return whether interface is in list of interfaces bound to
2477 zone. See interface tag in firewalld.zone(5). For runtime
2478 operation see
2479 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2480
2481 queryMasquerade() → b
2482 Return whether masquerade is enabled in zone. This is the same
2483 as getMasquerade() method. See masquerade tag in
2484 firewalld.zone(5). For runtime operation see
2485 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2486
2487 queryPort(s: port, s: protocol) → b
2488 Return whether (port, protocol) is in list of ports of zone.
2489 See port tag in firewalld.zone(5). For runtime operation see
2490 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2491
2492 queryProtocol(s: protocol) → b
2493 Return whether protocol has been added in zone. For runtime
2494 operation see
2495 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2496
2497 Possible errors: INVALID_PROTOCOL
2498
2499 queryRichRule(s: rule) → b
2500 Return whether rule is in list of rich-language rules in zone.
2501 See rule tag in firewalld.zone(5). For runtime operation see
2502 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2503
2504 queryService(s: service) → b
2505 Return whether service is in list of services used in zone. See
2506 service tag in firewalld.zone(5). For runtime operation see
2507 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2508
2509 querySource(s: source) → b
2510 Return whether source is in list of source addresses bound to
2511 zone. See source tag in firewalld.zone(5). For runtime
2512 operation see
2513 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2514
2515 querySourcePort(s: port, s: protocol) → b
2516 Return whether (port, protocol) is in list of source ports of
2517 zone. See source-port tag in firewalld.zone(5). For runtime
2518 operation see
2519 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2520
2521 remove() → Nothing
2522 Remove not built-in zone.
2523
2524 Possible errors: BUILTIN_ZONE
2525
2526 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2527 Nothing
2528 Permanently remove (port, protocol, toport, toaddr) from list
2529 of forward ports of zone. See forward-port tag in
2530 firewalld.zone(5). For runtime operation see
2531 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2532
2533 Possible errors: NOT_ENABLED
2534
2535 removeIcmpBlock(s: icmptype) → Nothing
2536 Permanently remove icmptype from list of icmp types blocked in
2537 zone. See icmp-block tag in firewalld.zone(5). For runtime
2538 operation see
2539 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2540
2541 Possible errors: NOT_ENABLED
2542
2543 removeIcmpBlockInversion() → Nothing
2544 Permanently remove icmp block inversion from the zone. See
2545 icmp-block-inversion tag in firewalld.zone(5). For runtime
2546 operation see
2547 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2548
2549 Possible errors: NOT_ENABLED
2550
2551 removeInterface(s: interface) → Nothing
2552 Permanently remove interface from list of interfaces bound to
2553 zone. See interface tag in firewalld.zone(5). For runtime
2554 operation see
2555 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2556
2557 Possible errors: NOT_ENABLED
2558
2559 removeMasquerade() → Nothing
2560 Permanently disable masquerading in zone. See masquerade tag in
2561 firewalld.zone(5). For runtime operation see
2562 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2563
2564 Possible errors: NOT_ENABLED
2565
2566 removePort(s: port, s: protocol) → Nothing
2567 Permanently remove (port, protocol) from list of ports of zone.
2568 See port tag in firewalld.zone(5). For runtime operation see
2569 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2570
2571 Possible errors: NOT_ENABLED
2572
2573 removeProtocol(s: protocol) → Nothing
2574 Permanently remove protocol from zone. For runtime operation
2575 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2576
2577 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2578
2579 removeRichRule(s: rule) → Nothing
2580 Permanently remove rule from list of rich-language rules in
2581 zone. See rule tag in firewalld.zone(5). For runtime operation
2582 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2583
2584 Possible errors: NOT_ENABLED
2585
2586 removeService(s: service) → Nothing
2587 Permanently remove service from list of services used in zone.
2588 See service tag in firewalld.zone(5). For runtime operation see
2589 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2590
2591 Possible errors: NOT_ENABLED
2592
2593 removeSource(s: source) → Nothing
2594 Permanently remove source from list of source addresses bound
2595 to zone. See source tag in firewalld.zone(5). For runtime
2596 operation see
2597 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2598
2599 Possible errors: NOT_ENABLED
2600
2601 removeSourcePort(s: port, s: protocol) → Nothing
2602 Permanently remove (port, protocol) from list of source ports
2603 of zone. See source-port tag in firewalld.zone(5). For runtime
2604 operation see
2605 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2606
2607 Possible errors: NOT_ENABLED
2608
2609 rename(s: name) → Nothing
2610 Rename not built-in zone to name.
2611
2612 Possible errors: BUILTIN_ZONE
2613
2614 setDescription(s: description) → Nothing
2615 Permanently set description of zone to description. See
2616 description tag in firewalld.zone(5).
2617
2618 setForwardPorts(a(ssss): ports) → Nothing
2619 Permanently set forward ports of zone to list of (port,
2620 protocol, toport, toaddr). See forward-port tag in
2621 firewalld.zone(5).
2622
2623 setIcmpBlockInversion(b: flag) → Nothing
2624 Permanently set icmp block inversion flag of zone to flag. See
2625 icmp-block-inversion tag in firewalld.zone(5).
2626
2627 setIcmpBlocks(as: icmptypes) → Nothing
2628 Permanently set list of icmp types blocked in zone to
2629 icmptypes. See icmp-block tag in firewalld.zone(5).
2630
2631 setInterfaces(as: interfaces) → Nothing
2632 Permanently set list of interfaces bound to zone to interfaces.
2633 See interface tag in firewalld.zone(5).
2634
2635 setMasquerade(b: masquerade) → Nothing
2636 Permanently set masquerading in zone to masquerade. See
2637 masquerade tag in firewalld.zone(5).
2638
2639 setPorts(a(ss): ports) → Nothing
2640 Permanently set ports of zone to list of (port, protocol). See
2641 port tag in firewalld.zone(5).
2642
2643 setProtocols(as: protocols) → Nothing
2644 Permanently set list of protocols used in zone to protocols.
2645 See protocol tag in firewalld.zone(5).
2646
2647 setRichRules(as: rules) → Nothing
2648 Permanently set list of rich-language rules to rules. See rule
2649 tag in firewalld.zone(5).
2650
2651 setServices(as: services) → Nothing
2652 Permanently set list of services used in zone to services. See
2653 service tag in firewalld.zone(5).
2654
2655 setShort(s: short) → Nothing
2656 Permanently set name of zone to short. See short tag in
2657 firewalld.zone(5).
2658
2659 setSourcePorts(a(ss): ports) → Nothing
2660 Permanently set source-ports of zone to list of (port,
2661 protocol). See source-port tag in firewalld.zone(5).
2662
2663 setSources(as: sources) → Nothing
2664 Permanently set list of source addresses bound to zone to
2665 sources. See source tag in firewalld.zone(5).
2666
2667 setTarget(s: target) → Nothing
2668 Permanently set target of zone to target. See target attribute
2669 of zone tag in firewalld.zone(5).
2670
2671 setVersion(s: version) → Nothing
2672 Permanently set version of zone to version. See version
2673 attribute of zone tag in firewalld.zone(5).
2674
2675 update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2676 Update settings of zone to settings. Settings are in format:
2677 version, name, description, UNUSED, target, array of services,
2678 array of ports (port, protocol), array of icmp-blocks,
2679 masquerade, array of forward-ports (port, protocol, to-port,
2680 to-addr), array of interfaces, array of sources, array of rich
2681 rules, array of protocols and array of source-ports (port,
2682 protocol).
2683
2684 version (s): see version attribute of zone tag in
2685 firewalld.zone(5).
2686
2687 name (s): see short tag in firewalld.zone(5).
2688
2689 description (s): see description tag in firewalld.zone(5).
2690
2691 UNUSED (b): this boolean value is no longer used for anything.
2692
2693 target (s): see target attribute of zone tag in
2694 firewalld.zone(5).
2695
2696 services (as): array of service names, see service tag in
2697 firewalld.zone(5).
2698
2699 ports (a(ss)): array of port and protocol pairs. See port tag
2700 in firewalld.zone(5).
2701
2702 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2703 firewalld.zone(5).
2704
2705 masquerade (b): see masquerade tag in firewalld.zone(5).
2706
2707 forward-ports (a(ssss)): array of (port, protocol, to-port,
2708 to-addr). See forward-port tag in firewalld.zone(5).
2709
2710 interfaces (as): array of interfaces. See interface tag in
2711 firewalld.zone(5).
2712
2713 source addresses (as): array of source addresses. See source
2714 tag in firewalld.zone(5).
2715
2716 rich rules (as): array of rich-language rules. See rule tag in
2717 firewalld.zone(5).
2718
2719 protocols (as): array of protocols. See protocol tag in
2720 firewalld.zone(5).
2721
2722 source-ports (a(ss)): array of port and protocol pairs. See
2723 source-port tag in firewalld.zone(5).
2724
2725 Possible errors: INVALID_TYPE
2726
2727 Signals
2728 Removed(s: name)
2729 Emitted when zone with name has been removed.
2730
2731 Renamed(s: name)
2732 Emitted when zone has been renamed to name.
2733
2734 Updated(s: name)
2735 Emitted when zone with name has been updated.
2736
2737 Properties
2738 builtin - b - (ro)
2739 True if zone is build-in, false else.
2740
2741 default - b - (ro)
2742 True if build-in zone has default settings. False if it has
2743 been modified. Always False for not build-in zones.
2744
2745 filename - s - (ro)
2746 Name (including .xml extension) of file where the configuration
2747 is stored.
2748
2749 name - s - (ro)
2750 Name of zone.
2751
2752 path - s - (ro)
2753 Path to directory where the zone configuration is stored.
2754 Should be either /usr/lib/firewalld/zones or
2755 /etc/firewalld/zones.
2756
2757 org.fedoraproject.FirewallD1.config.service
2758 Interface for permanent service configuration, see also
2759 firewalld.service(5).
2760
2761 Methods
2762 addModule(s: module) → Nothing
2763 Permanently add module to list of modules (netfilter kernel
2764 helpers) used in service. See module tag in
2765 firewalld.service(5).
2766
2767 Possible errors: ALREADY_ENABLED
2768
2769 addPort(s: port, s: protocol) → Nothing
2770 Permanently add (port, protocol) to list of ports in service.
2771 See port tag in firewalld.service(5).
2772
2773 Possible errors: ALREADY_ENABLED
2774
2775 addProtocol(s: protocol) → Nothing
2776 Permanently add protocol into zone. The protocol can be any
2777 protocol supported by the system. Please have a look at
2778 /etc/protocols for supported protocols. See protocol tag in
2779 firewalld.service(5).
2780
2781 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2782
2783 addSourcePort(s: port, s: protocol) → Nothing
2784 Permanently add (port, protocol) to list of source ports in
2785 service. See source-port tag in firewalld.service(5).
2786
2787 Possible errors: ALREADY_ENABLED
2788
2789 getDescription() → s
2790 Get description of service. See description tag in
2791 firewalld.service(5).
2792
2793 getDestination(s: family) → s
2794 Get destination for IP family being either 'ipv4' or 'ipv6'.
2795 See destination tag in firewalld.service(5).
2796
2797 Possible errors: ALREADY_ENABLED
2798
2799 getDestinations() → a{ss}
2800 Get list of destinations. Return value is a dictionary of {IP
2801 family : IP address} where 'IP family' key can be either 'ipv4'
2802 or 'ipv6'. See destination tag in firewalld.service(5).
2803
2804 getModules() → as
2805 Get list of modules (netfilter kernel helpers) used in service.
2806 See module tag in firewalld.service(5).
2807
2808 getPorts() → a(ss)
2809 Get list of (port, protocol) defined in service. See port tag
2810 in firewalld.service(5).
2811
2812 getProtocols() → as
2813 Return array of protocols (s) defined in service. See protocol
2814 tag in firewalld.service(5).
2815
2816 getSettings() → (sssa(ss)asa{ss}asa(ss))
2817 Return permanent settings of a service. For getting runtime
2818 settings see
2819 org.fedoraproject.FirewallD1.Methods.getServiceSettings.
2820 Settings are in format: version, name, description, array of
2821 ports (port, protocol), array of module names, dictionary of
2822 destinations, array of protocols and array of source-ports
2823 (port, protocol).
2824
2825 version (s): see version attribute of service tag in
2826 firewalld.service(5).
2827
2828 name (s): see short tag in firewalld.service(5).
2829
2830 description (s): see description tag in firewalld.service(5).
2831
2832 ports (a(ss)): array of port and protocol pairs. See port tag
2833 in firewalld.service(5).
2834
2835 module names (as): array of kernel netfilter helpers, see
2836 module tag in firewalld.service(5).
2837
2838 destinations (a{ss}): dictionary of {IP family : IP address}
2839 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2840 destination tag in firewalld.service(5).
2841
2842 protocols (as): array of protocols. See protocol tag in
2843 firewalld.service(5).
2844
2845 source-ports (a(ss)): array of port and protocol pairs. See
2846 source-port tag in firewalld.service(5).
2847
2848
2849 getShort() → s
2850 Get name of service. See short tag in firewalld.service(5).
2851
2852 getSourcePorts() → a(ss)
2853 Get list of (port, protocol) defined in service. See
2854 source-port tag in firewalld.service(5).
2855
2856 getVersion() → s
2857 Get version of service. See version attribute of service tag in
2858 firewalld.service(5).
2859
2860 loadDefaults() → Nothing
2861 Load default settings for built-in service.
2862
2863 Possible errors: NO_DEFAULTS
2864
2865 queryDestination(s: family, s: address) → b
2866 Return whether a destination is in dictionary of destinations
2867 of this service. destination is in format: (IP family, IP
2868 address) where IP family can be either 'ipv4' or 'ipv6'. See
2869 destination tag in firewalld.service(5).
2870
2871 queryModule(s: module) → b
2872 Return whether module is in list of modules (netfilter kernel
2873 helpers) used in service. See module tag in
2874 firewalld.service(5).
2875
2876 queryPort(s: port, s: protocol) → b
2877 Return whether (port, protocol) is in list of ports in service.
2878 See port tag in firewalld.service(5).
2879
2880 queryProtocol(s: protocol) → b
2881 Return whether protocol is in list of protocols in service. See
2882 protocol tag in firewalld.service(5).
2883
2884 querySourcePort(s: port, s: protocol) → b
2885 Return whether (port, protocol) is in list of source ports in
2886 service. See source-port tag in firewalld.service(5).
2887
2888 remove() → Nothing
2889 Remove not built-in service.
2890
2891 Possible errors: BUILTIN_SERVICE
2892
2893 removeDestination(s: family) → Nothing
2894 Permanently remove a destination with family ('ipv4' or 'ipv6')
2895 from service. See destination tag in firewalld.service(5).
2896
2897 Possible errors: NOT_ENABLED
2898
2899 removeModule(s: module) → Nothing
2900 Permanently remove module from list of modules (netfilter
2901 kernel helpers) used in service. See module tag in
2902 firewalld.service(5).
2903
2904 Possible errors: NOT_ENABLED
2905
2906 removePort(s: port, s: protocol) → Nothing
2907 Permanently remove (port, protocol) from list of ports in
2908 service. See port tag in firewalld.service(5).
2909
2910 Possible errors: NOT_ENABLED
2911
2912 removeProtocol(s: protocol) → Nothing
2913 Permanently remove protocol from list of protocols in service.
2914 See protocol tag in firewalld.service(5).
2915
2916 Possible errors: NOT_ENABLED
2917
2918 removeSourcePort(s: port, s: protocol) → Nothing
2919 Permanently remove (port, protocol) from list of source ports
2920 in service. See source-port tag in firewalld.service(5).
2921
2922 Possible errors: NOT_ENABLED
2923
2924 rename(s: name) → Nothing
2925 Rename not built-in service to name.
2926
2927 Possible errors: BUILTIN_SERVICE
2928
2929 setDescription(s: description) → Nothing
2930 Permanently set description of service to description. See
2931 description tag in firewalld.service(5).
2932
2933 setDestination(s: family, s: address) → Nothing
2934 Permanently set a destination address. destination is in
2935 format: (IP family, IP address) where IP family can be either
2936 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2937
2938 Possible errors: ALREADY_ENABLED
2939
2940 setDestinations(a{ss}: destinations) → Nothing
2941 Permanently set destinations of service to destinations, which
2942 is a dictionary of {IP family : IP address} where 'IP family'
2943 key can be either 'ipv4' or 'ipv6'. See destination tag in
2944 firewalld.service(5).
2945
2946 setModules(as: modules) → Nothing
2947 Permanently set list of modules (netfilter kernel helpers) used
2948 in service to modules. See module tag in firewalld.service(5).
2949
2950 setPorts(a(ss): ports) → Nothing
2951 Permanently set ports of service to list of (port, protocol).
2952 See port tag in firewalld.service(5).
2953
2954 setProtocols(as: protocols) → Nothing
2955 Permanently set protocols of service to list of protocols. See
2956 protocol tag in firewalld.service(5).
2957
2958 setShort(s: short) → Nothing
2959 Permanently set name of service to short. See short tag in
2960 firewalld.service(5).
2961
2962 setSourcePorts(a(ss): ports) → Nothing
2963 Permanently set source-ports of service to list of (port,
2964 protocol). See source-port tag in firewalld.service(5).
2965
2966 setVersion(s: version) → Nothing
2967 Permanently set version of service to version. See version
2968 attribute of service tag in firewalld.service(5).
2969
2970 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2971 Update settings of service to settings. Settings are in format:
2972 version, name, description, array of ports (port, protocol),
2973 array of module names, dictionary of destinations, array of
2974 protocols and array of source-ports (port, protocol).
2975
2976 version (s): see version attribute of service tag in
2977 firewalld.service(5).
2978
2979 name (s): see short tag in firewalld.service(5).
2980
2981 description (s): see description tag in firewalld.service(5).
2982
2983 ports (a(ss)): array of port and protocol pairs. See port tag
2984 in firewalld.service(5).
2985
2986 module names (as): array of kernel netfilter helpers, see
2987 module tag in firewalld.service(5).
2988
2989 destinations (a{ss}): dictionary of {IP family : IP address}
2990 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2991 destination tag in firewalld.service(5).
2992
2993 protocols (as): array of protocols. See protocol tag in
2994 firewalld.service(5).
2995
2996 Possible errors: INVALID_TYPE
2997
2998 Signals
2999 Removed(s: name)
3000 Emitted when service with name has been removed.
3001
3002 Renamed(s: name)
3003 Emitted when service has been renamed to name.
3004
3005 Updated(s: name)
3006 Emitted when service with name has been updated.
3007
3008 Properties
3009 builtin - b - (ro)
3010 True if service is build-in, false else.
3011
3012 default - b - (ro)
3013 True if build-in service has default settings. False if it has
3014 been modified. Always False for not build-in services.
3015
3016 filename - s - (ro)
3017 Name (including .xml extension) of file where the configuration
3018 is stored.
3019
3020 name - s - (ro)
3021 Name of service.
3022
3023 path - s - (ro)
3024 Path to directory where the configuration is stored. Should be
3025 either /usr/lib/firewalld/services or /etc/firewalld/services.
3026
3027 org.fedoraproject.FirewallD1.config.helper
3028 Interface for permanent helper configuration, see also
3029 firewalld.helper(5).
3030
3031 Methods
3032 addPort(s: port, s: protocol) → Nothing
3033 Permanently add (port, protocol) to list of ports in helper.
3034 See port tag in firewalld.helper(5).
3035
3036 Possible errors: ALREADY_ENABLED
3037
3038 getDescription() → s
3039 Get description of helper. See description tag in
3040 firewalld.helper(5).
3041
3042 getFamily() → s
3043 Get family being 'ipv4', 'ipv6' or empty for both. See family
3044 tag in firewalld.helper(5).
3045
3046 getModule() → s
3047 Get modules (netfilter kernel helpers) used in helper. See
3048 module tag in firewalld.helper(5).
3049
3050 getPorts() → a(ss)
3051 Get list of (port, protocol) defined in helper. See port tag in
3052 firewalld.helper(5).
3053
3054 getSettings() → (sssssa(ss))
3055 Return permanent settings of a helper. For getting runtime
3056 settings see
3057 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3058 Settings are in format: version, name, description, family,
3059 module, array of ports (port, protocol).
3060
3061 version (s): see version attribute of helper tag in
3062 firewalld.helper(5).
3063
3064 name (s): see short tag in firewalld.helper(5).
3065
3066 description (s): see description tag in firewalld.helper(5).
3067
3068 family (s): see family tag in firewalld.helper(5).
3069
3070 module (s): see module tag in firewalld.helper(5).
3071
3072 ports (a(ss)): array of port and protocol pairs. See port tag
3073 in firewalld.helper(5).
3074
3075
3076 getShort() → s
3077 Get name of helper. See short tag in firewalld.helper(5).
3078
3079 getVersion() → s
3080 Get version of helper. See version attribute of helper tag in
3081 firewalld.helper(5).
3082
3083 loadDefaults() → Nothing
3084 Load default settings for built-in helper.
3085
3086 Possible errors: NO_DEFAULTS
3087
3088 queryFamily(s: module) → b
3089 Return whether family is set for helper. See family tag in
3090 firewalld.helper(5).
3091
3092 queryModule(s: module) → b
3093 Return whether module (netfilter kernel helpers) is used in
3094 helper. See module tag in firewalld.helper(5).
3095
3096 queryPort(s: port, s: protocol) → b
3097 Return whether (port, protocol) is in list of ports in helper.
3098 See port tag in firewalld.helper(5).
3099
3100 remove() → Nothing
3101 Remove not built-in helper.
3102
3103 Possible errors: BUILTIN_HELPER
3104
3105 removePort(s: port, s: protocol) → Nothing
3106 Permanently remove (port, protocol) from list of ports in
3107 helper. See port tag in firewalld.helper(5).
3108
3109 Possible errors: NOT_ENABLED
3110
3111 rename(s: name) → Nothing
3112 Rename not built-in helper to name.
3113
3114 Possible errors: BUILTIN_HELPER
3115
3116 setDescription(s: description) → Nothing
3117 Permanently set description of helper to description. See
3118 description tag in firewalld.helper(5).
3119
3120 setFamily(s: family) → Nothing
3121 Permanently set family of helper to family. See family tag in
3122 firewalld.helper(5).
3123
3124 setModule(s: module) → Nothing
3125 Permanently set module of helper to description. See module tag
3126 in firewalld.helper(5).
3127
3128 setPorts(a(ss): ports) → Nothing
3129 Permanently set ports of helper to list of (port, protocol).
3130 See port tag in firewalld.helper(5).
3131
3132 setShort(s: short) → Nothing
3133 Permanently set name of helper to short. See short tag in
3134 firewalld.helper(5).
3135
3136 setVersion(s: version) → Nothing
3137 Permanently set version of helper to version. See version
3138 attribute of helper tag in firewalld.helper(5).
3139
3140 update((sssssa(ss)): settings) → Nothing
3141 Update settings of helper to settings. Settings are in format:
3142 version, name, description, family, module and array of ports.
3143
3144 version (s): see version attribute of helper tag in
3145 firewalld.helper(5).
3146
3147 name (s): see short tag in firewalld.helper(5).
3148
3149 description (s): see description tag in firewalld.helper(5).
3150
3151 family (s): see family tag in firewalld.helper(5).
3152
3153 module (s): see module tag in firewalld.helper(5).
3154
3155 ports (a(ss)): array of port and protocol pairs. See port tag
3156 in firewalld.helper(5).
3157
3158 Possible errors: INVALID_HELPER
3159
3160 Signals
3161 Removed(s: name)
3162 Emitted when helper with name has been removed.
3163
3164 Renamed(s: name)
3165 Emitted when helper has been renamed to name.
3166
3167 Updated(s: name)
3168 Emitted when helper with name has been updated.
3169
3170 Properties
3171 builtin - b - (ro)
3172 True if helper is build-in, false else.
3173
3174 default - b - (ro)
3175 True if build-in helper has default settings. False if it has
3176 been modified. Always False for not build-in helpers.
3177
3178 filename - s - (ro)
3179 Name (including .xml extension) of file where the configuration
3180 is stored.
3181
3182 name - s - (ro)
3183 Name of helper.
3184
3185 path - s - (ro)
3186 Path to directory where the configuration is stored. Should be
3187 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3188
3189 org.fedoraproject.FirewallD1.config.icmptype
3190 Interface for permanent icmp type configuration, see also
3191 firewalld.icmptype(5).
3192
3193 Methods
3194 addDestination(s: destination) → Nothing
3195 Permanently add a destination ('ipv4' or 'ipv6') to list of
3196 destinations of this icmp type. See destination tag in
3197 firewalld.icmptype(5).
3198
3199 Possible errors: ALREADY_ENABLED
3200
3201 getDescription() → s
3202 Get description of icmp type. See description tag in
3203 firewalld.icmptype(5).
3204
3205 getDestinations() → as
3206 Get list of destinations. See destination tag in
3207 firewalld.icmptype(5).
3208
3209 getSettings() → (sssas)
3210 Return permanent settings of icmp type. For getting runtime
3211 settings see
3212 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3213 Settings are in format: version, name, description, array of
3214 destinations.
3215
3216 version (s): see version attribute of icmptype tag in
3217 firewalld.icmptype(5).
3218
3219 name (s): see short tag in firewalld.icmptype(5).
3220
3221 description (s): see description tag in firewalld.icmptype(5).
3222
3223 destinations (as): array, either empty or containing strings
3224 'ipv4' and/or 'ipv6', see destination tag in
3225 firewalld.icmptype(5).
3226
3227
3228 getShort() → s
3229 Get name of icmp type. See short tag in firewalld.icmptype(5).
3230
3231 getVersion() → s
3232 Get version of icmp type. See version attribute of icmptype tag
3233 in firewalld.icmptype(5).
3234
3235 loadDefaults() → Nothing
3236 Load default settings for built-in icmp type.
3237
3238 Possible errors: NO_DEFAULTS
3239
3240 queryDestination(s: destination) → b
3241 Return whether a destination ('ipv4' or 'ipv6') is in list of
3242 destinations of this icmp type. See destination tag in
3243 firewalld.icmptype(5).
3244
3245 remove() → Nothing
3246 Remove not built-in icmp type.
3247
3248 Possible errors: BUILTIN_ICMPTYPE
3249
3250 removeDestination(s: destination) → Nothing
3251 Permanently remove a destination ('ipv4' or 'ipv6') from list
3252 of destinations of this icmp type. See destination tag in
3253 firewalld.icmptype(5).
3254
3255 Possible errors: NOT_ENABLED
3256
3257 rename(s: name) → Nothing
3258 Rename not built-in icmp type to name.
3259
3260 Possible errors: BUILTIN_ICMPTYPE
3261
3262 setDescription(s: description) → Nothing
3263 Permanently set description of icmp type to description. See
3264 description tag in firewalld.icmptype(5).
3265
3266 setDestinations(as: destinations) → Nothing
3267 Permanently set destinations of icmp type to destinations,
3268 which is array, either empty or containing strings 'ipv4'
3269 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3270
3271 setShort(s: short) → Nothing
3272 Permanently set name of icmp type to short. See short tag in
3273 firewalld.icmptype(5).
3274
3275 setVersion(s: version) → Nothing
3276 Permanently set version of icmp type to version. See version
3277 attribute of icmptype tag in firewalld.icmptype(5).
3278
3279 update((sssas): settings) → Nothing
3280 Update permanent settings of icmp type to settings. Settings
3281 are in format: version, name, description, array of
3282 destinations.
3283
3284 version (s): see version attribute of icmptype tag in
3285 firewalld.icmptype(5).
3286
3287 name (s): see short tag in firewalld.icmptype(5).
3288
3289 description (s): see description tag in firewalld.icmptype(5).
3290
3291 destinations (as): array, either empty or containing strings
3292 'ipv4' and/or 'ipv6', see destination tag in
3293 firewalld.icmptype(5).
3294
3295
3296 Signals
3297 Removed(s: name)
3298 Emitted when icmp type with name has been removed.
3299
3300 Renamed(s: name)
3301 Emitted when icmp type has been renamed to name.
3302
3303 Updated(s: name)
3304 Emitted when icmp type with name has been updated.
3305
3306 Properties
3307 builtin - b - (ro)
3308 True if icmptype is build-in, false else.
3309
3310 default - b - (ro)
3311 True if build-in icmp type has default settings. False if it
3312 has been modified. Always False for not build-in zones.
3313
3314 filename - s - (ro)
3315 Name (including .xml extension) of file where the configuration
3316 is stored.
3317
3318 name - s - (ro)
3319 Name of icmp type.
3320
3321 path - s - (ro)
3322 Path to directory where the icmp type configuration is stored.
3323 Should be either /usr/lib/firewalld/icmptypes or
3324 /etc/firewalld/icmptypes.
3325
3327 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3328 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3329 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3330 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3331 firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3332 firewalld.helper(5)
3333
3335 firewalld home page:
3336 http://firewalld.org
3337
3338 More documentation with examples:
3339 http://fedoraproject.org/wiki/FirewallD
3340
3342 Thomas Woerner <twoerner@redhat.com>
3343 Developer
3344
3345 Jiri Popelka <jpopelka@redhat.com>
3346 Developer
3347
3348
3349
3350firewalld 0.6.3 FIREWALLD.DBUS(5)