1FIREWALLD.DBUS(5)               firewalld.dbus               FIREWALLD.DBUS(5)
2
3
4

NAME

6       firewalld.dbus - firewalld D-Bus interface description
7

OBJECT PATHS

9       This is the basic firewalld object path structure. The used interfaces
10       are explained below in the section called “INTERFACES”.
11
12           /org/fedoraproject/FirewallD1
13             Interfaces
14               org.fedoraproject.FirewallD1
15               org.fedoraproject.FirewallD1.direct
16               org.fedoraproject.FirewallD1.ipset
17               org.fedoraproject.FirewallD1.policies
18               org.fedoraproject.FirewallD1.zone
19               org.freedesktop.DBus.Introspectable
20               org.freedesktop.DBus.Properties
21
22           /org/fedoraproject/FirewallD1/config
23             Interfaces
24               org.fedoraproject.FirewallD1.config
25               org.fedoraproject.FirewallD1.config.direct
26               org.fedoraproject.FirewallD1.config.policies
27               org.freedesktop.DBus.Introspectable
28               org.freedesktop.DBus.Properties
29
30           /org/fedoraproject/FirewallD1/config/zone/i
31             Interfaces
32               org.fedoraproject.FirewallD1.config.zone
33               org.freedesktop.DBus.Introspectable
34               org.freedesktop.DBus.Properties
35
36           /org/fedoraproject/FirewallD1/config/service/i
37             Interfaces:
38               org.fedoraproject.FirewallD1.config.service
39               org.freedesktop.DBus.Introspectable
40               org.freedesktop.DBus.Properties
41
42           /org/fedoraproject/FirewallD1/config/ipset/i
43             Interfaces
44               org.fedoraproject.FirewallD1.config.ipset
45               org.freedesktop.DBus.Introspectable
46               org.freedesktop.DBus.Properties
47
48           /org/fedoraproject/FirewallD1/config/icmptype/i
49             Interfaces
50               org.fedoraproject.FirewallD1.config.icmptype
51               org.freedesktop.DBus.Introspectable
52               org.freedesktop.DBus.Properties
53
54
55

INTERFACES

57   org.fedoraproject.FirewallD1
58       This interface contains general runtime operations, like: reloading,
59       panic mode, default zone handling, getting services and icmp types and
60       their settings.
61
62       Methods
63           authorizeAll() → Nothing
64               Initiate authorization for the complete firewalld D-Bus
65               interface. This method it mostly useful for configuration
66               applications.
67
68           completeReload() → Nothing
69               Reload firewall completely, even netfilter kernel modules. This
70               will most likely terminate active connections, because state
71               information is lost. This option should only be used in case of
72               severe firewall problems. For example if there are state
73               information problems that no connection can be established with
74               correct firewall rules.
75
76           disablePanicMode() → Nothing
77               Disable panic mode. After disabling panic mode established
78               connections might work again, if panic mode was enabled for a
79               short period of time.
80
81               Possible errors: NOT_ENABLED, COMMAND_FAILED
82
83           enablePanicMode() → Nothing
84               Enable panic mode. All incoming and outgoing packets are
85               dropped, active connections will expire. Enable this only if
86               there are serious problems with your network environment.
87
88               Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89
90           getAutomaticHelpers() → s
91               Return the AutomaticHelpers value. For the secure use of
92               iptables and connection tracking helpers it is recommended to
93               turn AutomaticHelpers off. But this might have side effects on
94               other services using the netfilter helpers as the sysctl
95               setting in /proc/sys/net/netfilter/nf_conntrack_helper will be
96               changed. With the system setting, the default value set in the
97               kernel or with sysctl will be used. Possible values are: yes,
98               no and system. The default value is system.
99
100           getDefaultZone() → s
101               Return default zone.
102
103           getHelperSettings(s: helper) → (sssssa(ss))
104               Return runtime settings of given helper. For getting permanent
105               settings see
106               org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
107               Settings are in format: version, name, description, family,
108               module and array of ports.
109
110               version (s): see version attribute of helper tag in
111               firewalld.helper(5).
112
113               name (s): see short tag in firewalld.helper(5).
114
115               description (s): see description tag in firewalld.helper(5).
116
117               family (s): see family tag in firewalld.helper(5).
118
119               module (s): see module tag in firewalld.helper(5).
120
121               ports (a(ss)): array of port and protocol pairs. See port tag
122               in firewalld.helper(5).
123
124               Possible errors: INVALID_HELPER
125
126           getHelpers() → as
127               Return array of helper names (s) in runtime configuration. For
128               permanent configuration see
129               org.fedoraproject.FirewallD1.config.Methods.listHelpers.
130
131           getIcmpTypeSettings(s: icmptype) → (sssas)
132               Return runtime settings of given icmptype. For getting
133               permanent settings see
134               org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
135               Settings are in format: version, name, description, array of
136               destinations.
137
138               version (s): see version attribute of icmptype tag in
139               firewalld.icmptype(5).
140
141               name (s): see short tag in firewalld.icmptype(5).
142
143               description (s): see description tag in firewalld.icmptype(5).
144
145               destinations (as): array, either empty or containing strings
146               'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
147
148               Possible errors: INVALID_ICMPTYPE
149
150           getLogDenied() → s
151               Retruns the LogDenied value. If LogDenied is enabled, then
152               logging rules are added right before reject and drop rules in
153               the INPUT, FORWARD and OUTPUT chains for the default rules and
154               also final reject and drop rules in zones. Possible values are:
155               all, unicast, broadcast, multicast and off. The default value
156               is off
157
158           getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
159               Return runtime settings of given service. For getting permanent
160               settings see
161               org.fedoraproject.FirewallD1.config.service.Methods.getSettings.
162               Settings are in format: version, name, description, array of
163               ports (port, protocol), array of module names, dictionary of
164               destinations, array of protocols and array of source-ports
165               (port, protocol).
166
167               version (s): see version attribute of service tag in
168               firewalld.service(5).
169
170               name (s): see short tag in firewalld.service(5).
171
172               description (s): see description tag in firewalld.service(5).
173
174               ports (a(ss)): array of port and protocol pairs. See port tag
175               in firewalld.service(5).
176
177               module names (as): array of kernel netfilter helpers, see
178               module tag in firewalld.service(5).
179
180               destinations (a{ss}): dictionary of {IP family : IP address}
181               where 'IP family' key can be either 'ipv4' or 'ipv6'. See
182               destination tag in firewalld.service(5).
183
184               protocols (as): array of protocols, see protocol tag in
185               firewalld.service(5).
186
187               source-ports (a(ss)): array of port and protocol pairs. See
188               source-port tag in firewalld.service(5).
189
190               Possible errors: INVALID_SERVICE
191
192           getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
193               Return runtime settings of given zone. For getting permanent
194               settings see
195               org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
196               Settings are in format: version, name, description, UNUSED,
197               target, array of services, array of ports (port, protocol),
198               array of icmp-blocks, masquerade, array of forward-ports (port,
199               protocol, to-port, to-addr), array of interfaces, array of
200               sources, array of rich rules, array of protocols and array of
201               source-ports (port, protocol).
202
203               version (s): see version attribute of zone tag in
204               firewalld.zone(5).
205
206               name (s): see short tag in firewalld.zone(5).
207
208               description (s): see description tag in firewalld.zone(5).
209
210               UNUSED (b): this boolean value is no longer used for anything.
211
212               target (s): see target attribute of zone tag in
213               firewalld.zone(5).
214
215               services (as): array of service names, see service tag in
216               firewalld.zone(5).
217
218               ports (a(ss)): array of port and protocol pairs. See port tag
219               in firewalld.zone(5).
220
221               icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
222               firewalld.zone(5).
223
224               masquerade (b): see masquerade tag in firewalld.zone(5).
225
226               forward-ports (a(ssss)): array of (port, protocol, to-port,
227               to-addr). See forward-port tag in firewalld.zone(5).
228
229               interfaces (as): array of interfaces. See interface tag in
230               firewalld.zone(5).
231
232               source addresses (as): array of source addresses. See source
233               tag in firewalld.zone(5).
234
235               rich rules (as): array of rich-language rules. See rule tag in
236               firewalld.zone(5).
237
238               protocols (as): array of protocols, see protocol tag in
239               firewalld.zone(5).
240
241               source-ports (a(ss)): array of port and protocol pairs. See
242               source-port tag in firewalld.zone(5).
243
244               Possible errors: INVALID_ZONE
245
246           listIcmpTypes() → as
247               Return array of names (s) of icmp types in runtime
248               configuration. For permanent configuration see
249               org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
250
251           listServices() → as
252               Return array of service names (s) in runtime configuration. For
253               permanent configuration see
254               org.fedoraproject.FirewallD1.config.Methods.listServices.
255
256           queryPanicMode() → b
257               Return true if panic mode is enabled, false otherwise. In panic
258               mode all incoming and outgoing packets are dropped.
259
260           reload() → Nothing
261               Reload firewall rules and keep state information. Current
262               permanent configuration will become new runtime configuration,
263               i.e. all runtime only changes done until reload are lost with
264               reload if they have not been also in permanent configuration.
265
266           runtimeToPermanent() → Nothing
267               Make runtime settings permanent. Replaces permanent settings
268               with runtime settings for zones, services, icmptypes, direct
269               and policies (lockdown whitelist).
270
271               Possible errors: RT_TO_PERM_FAILED
272
273           checkPermanentConfig() → Nothing
274               Run checks on the permanent configuration. This is most useful
275               if changes were made manually to configuration files.
276
277               Possible errors: any
278
279           setDefaultZone(s: zone) → Nothing
280               Set default zone for connections and interfaces where no zone
281               has been selected to zone. Setting the default zone changes the
282               zone for the connections or interfaces, that are using the
283               default zone. This is a runtime and permanent change.
284
285               Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
286
287           setLogDenied(s: value) → Nothing
288               Set LogDenied value to value. If LogDenied is enabled, then
289               logging rules are added right before reject and drop rules in
290               the INPUT, FORWARD and OUTPUT chains for the default rules and
291               also final reject and drop rules in zones. Possible values are:
292               all, unicast, broadcast, multicast and off. The default value
293               is off This is a runtime and permanent change.
294
295               Possible errors: ALREADY_SET, INVALID_VALUE
296
297       Signals
298           DefaultZoneChanged(s: zone)
299               Emitted when default zone has been changed to zone.
300
301           LogDeniedChanged(s: value)
302               Emitted when LogDenied value has been changed.
303
304           PanicModeDisabled()
305               Emitted when panic mode has been deactivated.
306
307           PanicModeEnabled()
308               Emitted when panic mode has been activated.
309
310           Reloaded()
311               Emitted when firewalld has been reloaded. Also emitted for a
312               complete reload.
313
314       Properties
315           BRIDGE - b - (ro)
316               Indicates whether the firewall has ethernet bridge support.
317
318           IPSet - b - (ro)
319               Indicates whether the firewall has IPSet support.
320
321           IPSetTypes - as - (ro)
322               The supported IPSet types by ipset and firewalld.
323
324           IPv4 - b - (ro)
325               Indicates whether the firewall has IPv4 support.
326
327           IPv4ICMPTypes - as - (ro)
328               The list of supported IPv4 ICMP types.
329
330           IPv6 - b - (ro)
331               Indicates whether the firewall has IPv6 support.
332
333           IPv6_rpfilter - b - (ro)
334               Indicates whether the reverse path filter test on a packet for
335               IPv6 is enabled. If a reply to the packet would be sent via the
336               same interface that the packet arrived on, the packet will
337               match and be accepted, otherwise dropped.
338
339           IPv6ICMPTypes - as - (ro)
340               The list of supported IPv6 ICMP types.
341
342           nf_conntrach_helper_setting - b - (ro)
343               Kernel nf_conntrack_helper setting.
344
345           nf_conntrack_helpers - a{sas} - (ro)
346               The list of conntrack helpers supported by the kernel.
347
348           nf_nat_helpers - a{sas} - (ro)
349               The list of nat helpers supported by the kernel.
350
351           interface_version - s - (ro)
352               firewalld D-Bus interface version string.
353
354           state - s - (ro)
355               firewalld state. This can be either INIT, FAILED, or RUNNING.
356               In INIT state, firewalld is starting up and initializing. In
357               FAILED state, firewalld completely started but experienced a
358               failure.
359
360           version - s - (ro)
361               firewalld version string.
362
363   org.fedoraproject.FirewallD1.ipset
364       Operations in this interface allows to get, add, remove and query
365       runtime ipset settings. For permanent configuration see
366       org.fedoraproject.FirewallD1.config.ipset interface.
367
368       Methods
369           addEntry(s: ipset, s: entry) → as
370               Add a new entry to ipset. The entry must match the type of the
371               ipset. If the ipset is using the timeout option, it is not
372               possible to see the entries, as they are timing out
373               automatically in the kernel. For permanent operation see
374               org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
375
376               Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
377
378           getEntries(s: ipset) → Nothing
379               Get all entries added to the ipset. If the ipset is using the
380               timeout option, it is not possible to see the entries, as they
381               are timing out automatically in the kernel. Return value is a
382               array of entry. For permanent operation see
383               org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
384
385               Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
386
387           getSettings(s: ipset) → (ssssa{ss}as)
388               Return runtime settings of given ipset. For getting permanent
389               settings see
390               org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
391               Settings are in format: version, name, description, type,
392               dictionary of options and array of entries.
393
394               version (s): see version attribute of ipset tag in
395               firewalld.ipset(5).
396
397               name (s): see short tag in firewalld.ipset(5).
398
399               description (s): see description tag in firewalld.ipset(5).
400
401               type (s): see type attribute of ipset tag in
402               firewalld.ipset(5).
403
404               options (a{ss}): dictionary of {option : value} . See options
405               tag in firewalld.ipset(5).
406
407               entries (as): array of entries, see entry tag in
408               firewalld.ipset(5).
409
410               Possible errors: INVALID_IPSET
411
412           getIPSets() → as
413               Return array of ipset names (s) in runtime configuration. For
414               permanent configuration see
415               org.fedoraproject.FirewallD1.config.Methods.listIPSets.
416
417           queryService(s: ipset, s: entry) → b
418               Return whether entry has been added to ipset. For permanent
419               operation see
420               org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
421
422               Possible errors: INVALID_IPSET
423
424           queryService(s: ipset) → b
425               Return whether ipset is defined in runtime configuration.
426
427           removeEntry(s: ipset, s: entry) → as
428               Removes an entry from ipset. For permanent operation see
429               org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
430
431               Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
432
433           setEntries(as: entries) → Nothing
434               Permanently set list of entries to entries. For permanent
435               operation see
436               org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
437               See entry tag in firewalld.ipset(5).
438
439       Signals
440           EntryAdded(s: ipset, s: entry)
441               Emitted when entry has been added to ipset.
442
443           EntryRemoved(s: ipset, s: entry)
444               Emitted when entry has been removed from ipset.
445
446   org.fedoraproject.FirewallD1.direct
447       This interface enables more direct access to the firewall. It enables
448       runtime manipulation with chains and rules. For permanent configuration
449       see org.fedoraproject.FirewallD1.config.direct interface.
450
451       Methods
452           addChain(s: ipv, s: table, s: chain) → Nothing
453               Add a new chain to table for ipv being either ipv4 (iptables)
454               or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
455               other chain with this name already. There already exist basic
456               chains to use with direct methods, for example INPUT_direct
457               chain. These chains are jumped into before chains for zones,
458               i.e. every rule put into INPUT_direct will be checked before
459               rules in zones. For permanent operation see
460               org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
461
462               Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
463               COMMAND_FAILED
464
465           addPassthrough(s: ipv, as: args) → Nothing
466               Add a tracked passthrough rule with the arguments args for ipv
467               being either ipv4 (iptables) or ipv6 (ip6tables) or eb
468               (ebtables). Valid commands in args are only -A/--append,
469               -I/--insert and -N/--new-chain. This method is (unlike
470               passthrough method) tracked, i.e. firewalld remembers it. It's
471               useful with
472               org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
473               permanent operation see
474               org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
475
476               Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
477
478           addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
479           Nothing
480               Add a rule with the arguments args to chain in table with
481               priority for ipv being either ipv4 (iptables) or ipv6
482               (ip6tables) or eb (ebtables). The priority is used to order
483               rules. Priority 0 means add rule on top of the chain, with a
484               higher priority the rule will be added further down. Rules with
485               the same priority are on the same level and the order of these
486               rules is not fixed and may change. If you want to make sure
487               that a rule will be added after another one, use a low priority
488               for the first and a higher for the following. For permanent
489               operation see
490               org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
491
492               Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
493               COMMAND_FAILED
494
495           getAllChains() → a(sss)
496               Get all chains added to all tables in format: ipv, table,
497               chain. This concerns only chains previously added with
498               addChain. Return value is a array of (ipv, table, chain). For
499               permanent operation see
500               org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
501
502               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
503               (ebtables).
504
505               table (s): one of filter, mangle, nat, raw, security
506
507               chain (s): name of a chain.
508
509
510           getAllPassthroughs() → a(sas)
511               Get all tracked passthrough rules added in all ipv types in
512               format: ipv, rule. This concerns only rules previously added
513               with addPassthrough. Return value is a array of (ipv, array of
514               arguments). For permanent operation see
515               org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
516
517               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
518               (ebtables).
519
520               arguments (as): array of commands, parameters and other
521               iptables/ip6tables/ebtables command line options.
522
523
524           getAllRules() → a(sssias)
525               Get all rules added to all chains in all tables in format: ipv,
526               table, chain, priority, rule. This concerns only rules
527               previously added with addRule. Return value is a array of (ipv,
528               table, chain, priority, array of arguments). For permanent
529               operation see
530               org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
531
532               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
533               (ebtables).
534
535               table (s): one of filter, mangle, nat, raw, security
536
537               chain (s): name of a chain.
538
539               priority (i): used to order rules.
540
541               arguments (as): array of commands, parameters and other
542               iptables/ip6tables/ebtables command line options.
543
544
545           getChains(s: ipv, s: table) → as
546               Return an array of chains (s) added to table for ipv being
547               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
548               This concerns only chains previously added with addChain. For
549               permanent operation see
550               org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
551
552               Possible errors: INVALID_IPV, INVALID_TABLE
553
554           getPassthroughs(s: ipv) → aas
555               Get tracked passthrough rules added in either ipv4 (iptables)
556               or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
557               previously added with addPassthrough. Return value is a array
558               of (array of arguments). For permanent operation see
559               org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
560
561               arguments (as): array of commands, parameters and other
562               iptables/ip6tables/ebtables command line options.
563
564
565           getRules(s: ipv, s: table, s: chain) → a(ias)
566               Get all rules added to chain in table for ipv being either ipv4
567               (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
568               only rules previously added with addRule. Return value is a
569               array of (priority, array of arguments). For permanent
570               operation see
571               org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
572
573               priority (i): used to order rules.
574
575               arguments (as): array of commands, parameters and other
576               iptables/ip6tables/ebtables command line options.
577
578               Possible errors: INVALID_IPV, INVALID_TABLE
579
580           passthrough(s: ipv, as: args) → s
581               Pass a command through to the firewall.  ipv can be either ipv4
582               (iptables) or ipv6 (ip6tables) or eb (ebtables).  args can be
583               all iptables, ip6tables and ebtables command line arguments.
584               args can be all iptables, ip6tables and ebtables command line
585               arguments. This command is untracked, which means that
586               firewalld is not able to provide information about this command
587               later on.
588
589               Possible errors: COMMAND_FAILED
590
591           queryChain(s: ipv, s: table, s: chain) → b
592               Return whether a chain exists in table for ipv being either
593               ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
594               concerns only chains previously added with addChain. For
595               permanent operation see
596               org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
597
598               Possible errors: INVALID_IPV, INVALID_TABLE
599
600           queryPassthrough(s: ipv, as: args) → b
601               Return whether a tracked passthrough rule with the arguments
602               args exists for ipv being either ipv4 (iptables) or ipv6
603               (ip6tables) or eb (ebtables). This concerns only rules
604               previously added with addPassthrough. For permanent operation
605               see
606               org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
607
608               Possible errors: INVALID_IPV
609
610           queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
611               Return whether a rule with priority and the arguments args
612               exists in chain in table for ipv being either ipv4 (iptables)
613               or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
614               previously added with addRule. For permanent operation see
615               org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
616
617               Possible errors: INVALID_IPV, INVALID_TABLE
618
619           removeAllPassthroughs() → Nothing
620               Remove all passthrough rules previously added with
621               addPassthrough.
622
623           removeChain(s: ipv, s: table, s: chain) → Nothing
624               Remove a chain from table for ipv being either ipv4 (iptables)
625               or ipv6 (ip6tables) or eb (ebtables). Only chains previously
626               added with addChain can be removed this way. For permanent
627               operation see
628               org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
629
630               Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
631               COMMAND_FAILED
632
633           removePassthrough(s: ipv, as: args) → Nothing
634               Remove a tracked passthrough rule with arguments args for ipv
635               being either ipv4 (iptables) or ipv6 (ip6tables) or eb
636               (ebtables). Only rules previously added with addPassthrough can
637               be removed this way. For permanent operation see
638               org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
639
640               Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
641
642           removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
643           Nothing
644               Remove a rule with priority and arguments args from chain in
645               table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
646               or eb (ebtables). Only rules previously added with addRule can
647               be removed this way. For permanent operation see
648               org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
649
650               Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
651               COMMAND_FAILED
652
653           removeRules(s: ipv, s: table, s: chain) → Nothing
654               Remove all rules from chain in table for ipv being either ipv4
655               (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
656               only rules previously added with addRule. For permanent
657               operation see
658               org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
659
660               Possible errors: INVALID_IPV, INVALID_TABLE
661
662       Signals
663           ChainAdded(s: ipv, s: table, s: chain)
664               Emitted when chain has been added into table for ipv being
665               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
666
667           ChainRemoved(s: ipv, s: table, s: chain)
668               Emitted when chain has been removed from table for ipv being
669               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
670
671           PassthroughAdded(s: ipv, as: args)
672               Emitted when a tracked passthruogh rule with args has been
673               added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
674               or eb (ebtables).
675
676           PassthroughRemoved(s: ipv, as: args)
677               Emitted when a tracked passthrough rule with args has been
678               removed for ipv being either ipv4 (iptables) or ipv6
679               (ip6tables) or eb (ebtables).
680
681           RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
682               Emitted when a rule with args has been added to chain in table
683               with priority for ipv being either ipv4 (iptables) or ipv6
684               (ip6tables) or eb (ebtables).
685
686           RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
687               Emitted when a rule with args has been removed from chain in
688               table with priority for ipv being either ipv4 (iptables) or
689               ipv6 (ip6tables) or eb (ebtables).
690
691   org.fedoraproject.FirewallD1.policies
692       Enables firewalld to be able to lock down configuration changes from
693       local applications. Local applications or services are able to change
694       the firewall configuration if they are running as root (example:
695       libvirt). With these operations administrator can lock the firewall
696       configuration so that either none or only applications that are in the
697       whitelist are able to request firewall changes. For permanent
698       configuration see org.fedoraproject.FirewallD1.config.policies
699       interface.
700
701       Methods
702           addLockdownWhitelistCommand(s: command) → Nothing
703               Add command to whitelist. See command option in
704               firewalld.lockdown-whitelist(5). For permanent operation see
705               org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
706
707               Possible errors: ALREADY_ENABLED, INVALID_COMMAND
708
709           addLockdownWhitelistContext(s: context) → Nothing
710               Add context to whitelist. See selinux option in
711               firewalld.lockdown-whitelist(5). For permanent operation see
712               org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
713
714               Possible errors: ALREADY_ENABLED, INVALID_COMMAND
715
716           addLockdownWhitelistUid(i: uid) → Nothing
717               Add user id uid to whitelist. See user option in
718               firewalld.lockdown-whitelist(5). For permanent operation see
719               org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
720
721               Possible errors: ALREADY_ENABLED, INVALID_COMMAND
722
723           addLockdownWhitelistUser(s: user) → Nothing
724               Add user name to whitelist. See user option in
725               firewalld.lockdown-whitelist(5). For permanent operation see
726               org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
727
728               Possible errors: ALREADY_ENABLED, INVALID_COMMAND
729
730           disableLockdown() → Nothing
731               Disable lockdown. This is a runtime and permanent change.
732
733               Possible errors: NOT_ENABLED
734
735           enableLockdown() → Nothing
736               Enable lockdown. Be careful - if the calling application/user
737               is not on lockdown whitelist when you enable lockdown you won't
738               be able to disable it again with the application, you would
739               need to edit firewalld.conf. This is a runtime and permanent
740               change.
741
742               Possible errors: ALREADY_ENABLED
743
744           getLockdownWhitelistCommands() → as
745               List all command lines (s) that are on whitelist. For permanent
746               operation see
747               org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
748
749           getLockdownWhitelistContexts() → as
750               List all contexts (s) that are on whitelist. For permanent
751               operation see
752               org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
753
754           getLockdownWhitelistUids() → ai
755               List all user ids (i) that are on whitelist. For permanent
756               operation see
757               org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
758
759           getLockdownWhitelistUsers() → as
760               List all users (s) that are on whitelist. For permanent
761               operation see
762               org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
763
764           queryLockdown() → b
765               Query whether lockdown is enabled.
766
767           queryLockdownWhitelistCommand(s: command) → b
768               Query whether command is on whitelist. For permanent operation
769               see
770               org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
771
772           queryLockdownWhitelistContext(s: context) → b
773               Query whether context is on whitelist. For permanent operation
774               see
775               org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
776
777           queryLockdownWhitelistUid(i: uid) → b
778               Query whether user id uid is on whitelist. For permanent
779               operation see
780               org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
781
782           queryLockdownWhitelistUser(s: user) → b
783               Query whether user is on whitelist. For permanent operation see
784               org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
785
786           removeLockdownWhitelistCommand(s: command) → Nothing
787               Remove command from whitelist. For permanent operation see
788               org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
789
790               Possible errors: NOT_ENABLED
791
792           removeLockdownWhitelistContext(s: context) → Nothing
793               Remove context from whitelist. For permanent operation see
794               org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
795
796               Possible errors: NOT_ENABLED
797
798           removeLockdownWhitelistUid(i: uid) → Nothing
799               Remove user id uid from whitelist. For permanent operation see
800               org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
801
802               Possible errors: NOT_ENABLED
803
804           removeLockdownWhitelistUser(s: user) → Nothing
805               Remove user from whitelist. For permanent operation see
806               org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
807
808               Possible errors: NOT_ENABLED
809
810       Signals
811           LockdownDisabled()
812               Emitted when lockdown has been disabled.
813
814           LockdownEnabled()
815               Emitted when lockdown has been enabled.
816
817           LockdownWhitelistCommandAdded(s: command)
818               Emitted when command has been added to whitelist.
819
820           LockdownWhitelistCommandRemoved(s: command)
821               Emitted when command has been removed from whitelist.
822
823           LockdownWhitelistContextAdded(s: context)
824               Emitted when context has been added to whitelist.
825
826           LockdownWhitelistContextRemoved(s: context)
827               Emitted when context has been removed from whitelist.
828
829           LockdownWhitelistUidAdded(i: uid)
830               Emitted when user id uid has been added to whitelist.
831
832           LockdownWhitelistUidRemoved(i: uid)
833               Emitted when user id uid has been removed from whitelist.
834
835           LockdownWhitelistUserAdded(s: user)
836               Emitted when user has been added to whitelist.
837
838           LockdownWhitelistUserRemoved(s: user)
839               Emitted when user has been removed from whitelist.
840
841   org.fedoraproject.FirewallD1.zone
842       Operations in this interface allows to get, add, remove and query
843       runtime zone's settings. For permanent settings see
844       org.fedoraproject.FirewallD1.config.zone interface.
845
846       Methods
847           addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
848           i: timeout) → s
849               Add the IPv4 forward port into zone. If zone is empty, use
850               default zone. The port can either be a single port number
851               portid or a port range portid-portid. The protocol can either
852               be tcp or udp. The destination address is a simple IP address.
853               If timeout is non-zero, the operation will be active only for
854               the amount of seconds. For permanent settings see
855               org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
856
857               Returns name of zone to which the forward port was added.
858
859               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
860               INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
861               ALREADY_ENABLED, INVALID_COMMAND
862
863           addIcmpBlock(s: zone, s: icmp, i: timeout) → s
864               Add an ICMP block icmp into zone. The icmp is the one of the
865               icmp types firewalld supports. To get a listing of supported
866               icmp types use
867               org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
868               empty, use default zone. If timeout is non-zero, the operation
869               will be active only for the amount of seconds. For permanent
870               settings see
871               org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
872
873               Returns name of zone to which the ICMP block was added.
874
875               Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
876               ALREADY_ENABLED, INVALID_COMMAND
877
878           addIcmpBlockInversion(s: zone) → s
879               Add ICMP block inversion to zone. If zone is empty, use default
880               zone. For permanent settings see
881               org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
882
883               Returns name of zone to which the ICMP block inversion was
884               added.
885
886               Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
887
888           addInterface(s: zone, s: interface) → s
889               Bind interface with zone. From now on all traffic going through
890               the interface will respect the zone's settings. If zone is
891               empty, use default zone. For permanent settings see
892               org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
893
894               Returns name of zone to which the interface was bound.
895
896               Possible errors: INVALID_ZONE, INVALID_INTERFACE,
897               ALREADY_ENABLED, INVALID_COMMAND
898
899           addMasquerade(s: zone, i: timeout) → s
900               Enable masquerade in zone. If zone is empty, use default zone.
901               If timeout is non-zero, masquerading will be active for the
902               amount of seconds. For permanent settings see
903               org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
904
905               Returns name of zone in which the masquerade was enabled.
906
907               Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
908
909           addPort(s: zone, s: port, s: protocol, i: timeout) → s
910               Add port into zone. If zone is empty, use default zone. The
911               port can either be a single port number or a port range
912               portid-portid. The protocol can either be tcp or udp. If
913               timeout is non-zero, the operation will be active only for the
914               amount of seconds. For permanent settings see
915               org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
916
917               Returns name of zone to which the port was added.
918
919               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
920               INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
921
922           addProtocol(s: zone, s: protocol, i: timeout) → s
923               Add protocol into zone. If zone is empty, use default zone. The
924               protocol can be any protocol supported by the system. Please
925               have a look at /etc/protocols for supported protocols. If
926               timeout is non-zero, the operation will be active only for the
927               amount of seconds. For permanent settings see
928               org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
929
930               Returns name of zone to which the protocol was added.
931
932               Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
933               ALREADY_ENABLED, INVALID_COMMAND
934
935           addRichRule(s: zone, s: rule, i: timeout) → s
936               Add rich language rule into zone. For the rich language rule
937               syntax, please have a look at firewalld.direct(5). If zone is
938               empty, use default zone. If timeout is non-zero, the operation
939               will be active only for the amount of seconds. For permanent
940               settings see
941               org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
942
943               Returns name of zone to which the rich language rule was added.
944
945               Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
946               INVALID_COMMAND
947
948           addService(s: zone, s: service, i: timeout) → s
949               Add service into zone. If zone is empty, use default zone. If
950               timeout is non-zero, the operation will be active only for the
951               amount of seconds. To get a list of supported services, use
952               org.fedoraproject.FirewallD1.Methods.listServices. For
953               permanent settings see
954               org.fedoraproject.FirewallD1.config.zone.Methods.addService.
955
956               Returns name of zone to which the service was added.
957
958               Possible errors: INVALID_ZONE, INVALID_SERVICE,
959               ALREADY_ENABLED, INVALID_COMMAND
960
961           addSource(s: zone, s: source) → s
962               Bind source with zone. From now on all traffic going from this
963               source will respect the zone's settings. A source address or
964               address range is either an IP address or a network IP address
965               with a mask for IPv4 or IPv6. For IPv4, the mask can be a
966               network mask or a plain number. For IPv6 the mask is a plain
967               number. Use of host names is not supported. If zone is empty,
968               use default zone. For permanent settings see
969               org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
970
971               Returns name of zone to which the source was bound.
972
973               Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
974               INVALID_COMMAND
975
976           addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
977               Add source port into zone. If zone is empty, use default zone.
978               The port can either be a single port number or a port range
979               portid-portid. The protocol can either be tcp or udp. If
980               timeout is non-zero, the operation will be active only for the
981               amount of seconds. For permanent settings see
982               org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
983
984               Returns name of zone to which the port was added.
985
986               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
987               INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
988
989           changeZone(s: zone, s: interface) → s
990               This function is deprecated, use
991               org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
992               instead.
993
994           changeZoneOfInterface(s: zone, s: interface) → s
995               Change a zone an interface is bound to to zone. It's basically
996               removeInterface(interface) followed by addInterface(zone,
997               interface). If interface has not been bound to a zone before,
998               it behaves like addInterface. If zone is empty, use default
999               zone.
1000
1001               Returns name of zone to which the interface was bound.
1002
1003               Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1004
1005           changeZoneOfSource(s: zone, s: source) → s
1006               Change a zone an source is bound to to zone. It's basically
1007               removeSource(source) followed by addSource(zone, source). If
1008               source has not been bound to a zone before, it behaves like
1009               addSource. If zone is empty, use default zone.
1010
1011               Returns name of zone to which the source was bound.
1012
1013               Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1014
1015           getActiveZones() → a{sa{sas}}
1016               Return dictionary of currently active zones altogether with
1017               interfaces and sources used in these zones. Active zones are
1018               zones, that have a binding to an interface or source.
1019
1020               Return value is a dictionary where keys are zone names (s) and
1021               values are again dictionaries where keys are either
1022               'interfaces' or 'sources' and values are arrays of interface
1023               names (s) or sources (s).
1024
1025           getForwardPorts(s: zone) → aas
1026               Return array of IPv4 forward ports previously added into zone.
1027               If zone is empty, use default zone. For getting permanent
1028               settings see
1029               org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1030
1031               Return value is array of 4-tuples, where each 4-tuple consists
1032               of (port, protocol, to-port, to-addr). to-addr might be empty
1033               in case of local forwarding.
1034
1035               Possible errors: INVALID_ZONE
1036
1037           getIcmpBlocks(s: zone) → as
1038               Return array of ICMP type (s) blocks previously added into
1039               zone. If zone is empty, use default zone. For getting permanent
1040               settings see
1041               org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1042
1043               Possible errors: INVALID_ZONE
1044
1045           getIcmpBlockInversion(s: zone) → b
1046               Return whether ICMP block inversion was previously added to
1047               zone. If zone is empty, use default zone. For getting permanent
1048               settings see
1049               org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1050
1051               Possible errors: INVALID_ZONE
1052
1053           getInterfaces(s: zone) → as
1054               Return array of interfaces (s) previously bound with zone. If
1055               zone is empty, use default zone. For getting permanent settings
1056               see
1057               org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1058
1059               Possible errors: INVALID_ZONE
1060
1061           getPorts(s: zone) → aas
1062               Return array of ports (2-tuple of port and protocol) previously
1063               enabled in zone. If zone is empty, use default zone. For
1064               getting permanent settings see
1065               org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1066
1067               Possible errors: INVALID_ZONE
1068
1069           getProtocols(s: zone) → as
1070               Return array of protocols (s) previously enabled in zone. If
1071               zone is empty, use default zone. For getting permanent settings
1072               see
1073               org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1074
1075               Possible errors: INVALID_ZONE
1076
1077           getRichRules(s: zone) → as
1078               Return array of rich language rules (s) previously added into
1079               zone. If zone is empty, use default zone. For getting permanent
1080               settings see
1081               org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1082
1083               Possible errors: INVALID_ZONE
1084
1085           getServices(s: zone) → as
1086               Return array of services (s) previously enabled in zone. If
1087               zone is empty, use default zone. For getting permanent settings
1088               see
1089               org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1090
1091               Possible errors: INVALID_ZONE
1092
1093           getSourcePorts(s: zone) → aas
1094               Return array of source ports (2-tuple of port and protocol)
1095               previously enabled in zone. If zone is empty, use default zone.
1096               For getting permanent settings see
1097               org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1098
1099               Possible errors: INVALID_ZONE
1100
1101           getSources(s: zone) → as
1102               Return array of sources (s) previously bound with zone. If zone
1103               is empty, use default zone. For getting permanent settings see
1104               org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1105
1106               Possible errors: INVALID_ZONE
1107
1108           getZoneOfInterface(s: interface) → s
1109               Return name (s) of zone the interface is bound to or empty
1110               string.
1111
1112           getZoneOfSource(s: source) → s
1113               Return name (s) of zone the source is bound to or empty string.
1114
1115           getZones() → as
1116               Return array of names (s) of predefined zones known to current
1117               runtime environment. For list of zones known to permanent
1118               environment see
1119               org.fedoraproject.FirewallD1.config.Methods.listZones. The
1120               lists (of zones known to runtime and permanent environment)
1121               will contain same zones in most cases, but might differ for
1122               example if org.fedoraproject.FirewallD1.config.Methods.addZone
1123               has been called recently, but firewalld has not been reloaded
1124               since then.
1125
1126           isImmutable(s: zone) → b
1127               Deprecated.
1128
1129           queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1130           toaddr) → b
1131               Return whether the IPv4 forward port (port, protocol, toport,
1132               toaddr) has been added into zone. If zone is empty, use default
1133               zone. For permanent operation see
1134               org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1135
1136               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1137               INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1138
1139           queryIcmpBlock(s: zone, s: icmp) → b
1140               Return whether an ICMP block for icmp has been added into zone.
1141               If zone is empty, use default zone. For permanent operation see
1142               org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1143
1144               Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1145
1146           queryIcmpBlockInversion(s: zone) → b
1147               Return whether ICMP block inversion has been added to zone. If
1148               zone is empty, use default zone. For permanent operation see
1149               org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1150
1151               Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1152
1153           queryInterface(s: zone, s: interface) → b
1154               Query whether interface has been bound to zone. If zone is
1155               empty, use default zone. For permanent operation see
1156               org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1157
1158               Possible errors: INVALID_ZONE, INVALID_INTERFACE
1159
1160           queryMasquerade(s: zone) → b
1161               Return whether masquerading has been enabled in zone If zone is
1162               empty, use default zone. For permanent operation see
1163               org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1164
1165               Possible errors: INVALID_ZONE
1166
1167           queryPort(s: zone, s: port, s: protocol) → b
1168               Return whether port/protocol has been added in zone. If zone is
1169               empty, use default zone. For permanent operation see
1170               org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1171
1172               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1173               INVALID_PROTOCOL
1174
1175           queryProtocol(s: zone, s: protocol) → b
1176               Return whether protocol has been added in zone. If zone is
1177               empty, use default zone. For permanent operation see
1178               org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1179
1180               Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1181
1182           queryRichRule(s: zone, s: rule) → b
1183               Return whether rich rule rule has been added in zone. If zone
1184               is empty, use default zone. For permanent operation see
1185               org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1186
1187               Possible errors: INVALID_ZONE, INVALID_RULE
1188
1189           queryService(s: zone, s: service) → b
1190               Return whether service has been added for zone. If zone is
1191               empty, use default zone. For permanent operation see
1192               org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1193
1194               Possible errors: INVALID_ZONE, INVALID_SERVICE
1195
1196           querySource(s: zone, s: source) → b
1197               Query whether sourcehas been bound to zone. If zone is empty,
1198               use default zone. For permanent operation see
1199               org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1200
1201               Possible errors: INVALID_ZONE, INVALID_ADDR
1202
1203           querySourcePort(s: zone, s: port, s: protocol) → b
1204               Return whether port/protocol has been added in zone. If zone is
1205               empty, use default zone. For permanent operation see
1206               org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1207
1208               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1209               INVALID_PROTOCOL
1210
1211           removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1212           toaddr) → s
1213               Remove IPv4 forward port ((port, protocol, toport, toaddr))
1214               from zone. If zone is empty, use default zone. For permanent
1215               operation see
1216               org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1217
1218               Returns name of zone from which the forward port was removed.
1219
1220               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1221               INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1222               INVALID_COMMAND
1223
1224           removeIcmpBlock(s: zone, s: icmp) → s
1225               Remove ICMP block icmp from zone. If zone is empty, use default
1226               zone. For permanent operation see
1227               org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1228
1229               Returns name of zone from which the ICMP block was removed.
1230
1231               Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1232               INVALID_COMMAND
1233
1234           removeIcmpBlockInversion(s: zone) → s
1235               Remove ICMP block inversion from zone. If zone is empty, use
1236               default zone. For permanent operation see
1237               org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1238
1239               Returns name of zone from which the ICMP block inversion was
1240               removed.
1241
1242               Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1243
1244           removeInterface(s: zone, s: interface) → s
1245               Remove binding of interface from zone. If zone is empty, the
1246               interface will be removed from zone it belongs to. For
1247               permanent operation see
1248               org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1249
1250               Returns name of zone from which the interface was removed.
1251
1252               Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1253               INVALID_COMMAND
1254
1255           removeMasquerade(s: zone) → s
1256               Disable masquerade for zone. If zone is empty, use default
1257               zone. For permanent operation see
1258               org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1259
1260               Returns name of zone for which the masquerade was disabled.
1261
1262               Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1263
1264           removePort(s: zone, s: port, s: protocol) → s
1265               Remove port/protocol from zone. If zone is empty, use default
1266               zone. For permanent operation see
1267               org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1268
1269               Returns name of zone from which the port was removed.
1270
1271               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1272               INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1273
1274           removeProtocol(s: zone, s: protocol) → s
1275               Remove protocol from zone. If zone is empty, use default zone.
1276               For permanent operation see
1277               org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1278
1279               Returns name of zone from which the protocol was removed.
1280
1281               Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1282               INVALID_COMMAND
1283
1284           removeRichRule(s: zone, s: rule) → s
1285               Remove rich language rule from zone. If zone is empty, use
1286               default zone. For permanent operation see
1287               org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1288
1289               Returns name of zone from which the rich language rule was
1290               removed.
1291
1292               Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1293               INVALID_COMMAND
1294
1295           removeService(s: zone, s: service) → s
1296               Remove service from zone. If zone is empty, use default zone.
1297               For permanent operation see
1298               org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1299
1300               Returns name of zone from which the service was removed.
1301
1302               Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1303               INVALID_COMMAND
1304
1305           removeSource(s: zone, s: source) → s
1306               Remove binding of source from zone. If zone is empty, the
1307               source will be removed from zone it belongs to. For permanent
1308               operation see
1309               org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1310
1311               Returns name of zone from which the source was removed.
1312
1313               Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1314               INVALID_COMMAND
1315
1316           removeSourcePort(s: zone, s: port, s: protocol) → s
1317               Remove port/protocol from zone. If zone is empty, use default
1318               zone. For permanent operation see
1319               org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1320
1321               Returns name of zone from which the source port was removed.
1322
1323               Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1324               INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1325
1326       Signals
1327           ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1328           toaddr, i: timeout)
1329               Emitted when forward port has been added to zone with timeout.
1330
1331           ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1332           toaddr)
1333               Emitted when forward port has been removed from zone.
1334
1335           IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1336               Emitted when ICMP block for icmp has been added to zone with
1337               timeout.
1338
1339           IcmpBlockInversionAdded(s: zone)
1340               Emitted when ICMP block inversion has been added to zone.
1341
1342           IcmpBlockInversionRemoved(s: zone)
1343               Emitted when ICMP block inversion has been removed from zone.
1344
1345           IcmpBlockRemoved(s: zone, s: icmp)
1346               Emitted when ICMP block for icmp has been removed from zone.
1347
1348           InterfaceAdded(s: zone, s: interface)
1349               Emitted when interface has been added to zone.
1350
1351           InterfaceRemoved(s: zone, s: interface)
1352               Emitted when interface has been removed from zone.
1353
1354           MasqueradeAdded(s: zone, i: timeout)
1355               Emitted when masquerade has been enabled for zone.
1356
1357           MasqueradeRemoved(s: zone)
1358               Emitted when masquerade has been disabled for zone.
1359
1360           PortAdded(s: zone, s: port, s: protocol, i: timeout)
1361               Emitted when port/protocol has been added to zone with timeout.
1362
1363           PortRemoved(s: zone, s: port, s: protocol)
1364               Emitted when port/protocol has been removed from zone.
1365
1366           ProtocolAdded(s: zone, s: protocol, i: timeout)
1367               Emitted when protocol has been added to zone with timeout.
1368
1369           ProtocolRemoved(s: zone, s: protocol)
1370               Emitted when protocol has been removed from zone.
1371
1372           RichRuleAdded(s: zone, s: rule, i: timeout)
1373               Emitted when rich language rule has been added to zone with
1374               timeout.
1375
1376           RichRuleRemoved(s: zone, s: rule)
1377               Emitted when rich language rule has been removed from zone.
1378
1379           ServiceAdded(s: zone, s: service, i: timeout)
1380               Emitted when service has been added to zone with timeout.
1381
1382           ServiceRemoved(s: zone, s: service)
1383               Emitted when service has been removed from zone.
1384
1385           SourceAdded(s: zone, s: source)
1386               Emitted when source has been added to zone.
1387
1388           SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1389               Emitted when source-port/protocol has been added to zone with
1390               timeout.
1391
1392           SourcePortRemoved(s: zone, s: port, s: protocol)
1393               Emitted when source-port/protocol has been removed from zone.
1394
1395           SourceRemoved(s: zone, s: source)
1396               Emitted when source has been removed from zone.
1397
1398           ZoneChanged(s: zone, s: interface)
1399               Deprecated
1400
1401           ZoneOfInterfaceChanged(s: zone, s: interface)
1402               Emitted when a zone an interface is part of has been changed to
1403               zone.
1404
1405           ZoneOfSourceChanged(s: zone, s: source)
1406               Emitted when a zone an source is part of has been changed to
1407               zone.
1408
1409   org.fedoraproject.FirewallD1.config
1410       Allows to permanently add, remove and query zones, services and icmp
1411       types.
1412
1413       Methods
1414           addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1415               Add ipset with given settings into permanent configuration.
1416               Settings are in format: version, name, description, type,
1417               dictionary of options and array of entries.
1418
1419               version (s): see version attribute of ipset tag in
1420               firewalld.ipset(5).
1421
1422               name (s): see short tag in firewalld.ipset(5).
1423
1424               description (s): see description tag in firewalld.ipset(5).
1425
1426               type (s): see type attribute of ipset tag in
1427               firewalld.ipset(5).
1428
1429               options (a{ss}): dictionary of {option : value} . See options
1430               tag in firewalld.ipset(5).
1431
1432               entries (as): array of entries, see entry tag in
1433               firewalld.ipset(5).
1434
1435               Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1436
1437           addIcmpType(s: icmptype, (sssas): settings) → o
1438               Add icmptype with given settings into permanent configuration.
1439               Settings are in format: version, name, description, array of
1440               destinations. Returns object path of the new icmp type.
1441
1442               version (s): see version attribute of icmptype tag in
1443               firewalld.icmptype(5).
1444
1445               name (s): see short tag in firewalld.icmptype(5).
1446
1447               description (s): see description tag in firewalld.icmptype(5).
1448
1449               destinations (as): array, either empty or containing strings
1450               'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1451
1452               Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1453
1454           addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1455               Add service with given settings into permanent configuration.
1456               Settings are in format: version, name, description, array of
1457               ports (port, protocol), array of module names, dictionary of
1458               destinations, array of protocols and array of source-ports
1459               (port, protocol). Returns object path of the new icmp type.
1460
1461               version (s): see version attribute of service tag in
1462               firewalld.service(5).
1463
1464               name (s): see short tag in firewalld.service(5).
1465
1466               description (s): see description tag in firewalld.service(5).
1467
1468               ports (a(ss)): array of port and protocol pairs. See port tag
1469               in firewalld.service(5).
1470
1471               module names (as): array of kernel netfilter helpers, see
1472               module tag in firewalld.service(5).
1473
1474               destinations (a{ss}): dictionary of {IP family : IP address}
1475               where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1476               destination tag in firewalld.service(5).
1477
1478               protocols (as): array of protocols. See protocol tag in
1479               firewalld.service(5).
1480
1481               source-ports (a(ss)): array of port and protocol pairs. See
1482               source-port tag in firewalld.service(5).
1483
1484               Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1485
1486           addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1487           o
1488               Add zone with given settings into permanent configuration.
1489               Settings are in format: version, name, description, UNUSED,
1490               target, array of services, array of ports (port, protocol),
1491               array of icmp-blocks, masquerade, array of forward-ports (port,
1492               protocol, to-port, to-addr), array of interfaces, array of
1493               sources, array of rich rules, array of protocols and array of
1494               source-ports (port, protocol).
1495
1496               version (s): see version attribute of zone tag in
1497               firewalld.zone(5).
1498
1499               name (s): see short tag in firewalld.zone(5).
1500
1501               description (s): see description tag in firewalld.zone(5).
1502
1503               UNUSED (b): this boolean value is no longer used for anything.
1504
1505               target (s): see target attribute of zone tag in
1506               firewalld.zone(5).
1507
1508               services (as): array of service names, see service tag in
1509               firewalld.zone(5).
1510
1511               ports (a(ss)): array of port and protocol pairs. See port tag
1512               in firewalld.zone(5).
1513
1514               icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1515               firewalld.zone(5).
1516
1517               masquerade (b): see masquerade tag in firewalld.zone(5).
1518
1519               forward-ports (a(ssss)): array of (port, protocol, to-port,
1520               to-addr). See forward-port tag in firewalld.zone(5).
1521
1522               interfaces (as): array of interfaces. See interface tag in
1523               firewalld.zone(5).
1524
1525               source addresses (as): array of source addresses. See source
1526               tag in firewalld.zone(5).
1527
1528               rich rules (as): array of rich-language rules. See rule tag in
1529               firewalld.zone(5).
1530
1531               protocols (as): array of protocols. See protocol tag in
1532               firewalld.zone(5).
1533
1534               source-ports (a(ss)): array of port and protocol pairs. See
1535               source-port tag in firewalld.zone(5).
1536
1537               Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1538
1539           getHelperByName(s: helper) → o
1540               Return object path (permanent configuration) of helper with
1541               given name.
1542
1543               Possible errors: INVALID_HELPER
1544
1545           getHelperNames() → as
1546               Return list of helper names (permanent configuration).
1547
1548           getIPSetByName(s: ipset) → o
1549               Return object path (permanent configuration) of ipset with
1550               given name.
1551
1552               Possible errors: INVALID_IPSET
1553
1554           getIPSetNames() → as
1555               Return list of ipset names (permanent configuration).
1556
1557           getIcmpTypeByName(s: icmptype) → o
1558               Return object path (permanent configuration) of icmptype with
1559               given name.
1560
1561               Possible errors: INVALID_ICMPTYPE
1562
1563           getIcmpTypeNames() → as
1564               Return list of icmptype names (permanent configuration).
1565
1566           getServiceByName(s: service) → o
1567               Return object path (permanent configuration) of service with
1568               given name.
1569
1570               Possible errors: INVALID_SERVICE
1571
1572           getServiceNames() → as
1573               Return list of service names (permanent configuration).
1574
1575           getZoneByName(s: zone) → o
1576               Return object path (permanent configuration) of zone with given
1577               name.
1578
1579               Possible errors: INVALID_ZONE
1580
1581           getZoneNames() → as
1582               Return list of zone names (permanent configuration) of.
1583
1584           getZoneOfInterface(s: iface) → s
1585               Return name of zone the iface is bound to or empty string.
1586
1587           getZoneOfSource(s: source) → s
1588               Return name of zone the source is bound to or empty string.
1589
1590           listHelpers() → ao
1591               Return array of object paths (o) of helper in permanent
1592               configuration. For runtime configuration see
1593               org.fedoraproject.FirewallD1.Methods.getHelpers.
1594
1595           listIPSets() → ao
1596               Return array of object paths (o) of ipset in permanent
1597               configuration. For runtime configuration see
1598               org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1599
1600           listIcmpTypes() → ao
1601               Return array of object paths (o) of icmp types in permanent
1602               configuration. For runtime configuration see
1603               org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1604
1605           listServices() → ao
1606               Return array of objects paths (o) of services in permanent
1607               configuration. For runtime configuration see
1608               org.fedoraproject.FirewallD1.Methods.listServices.
1609
1610           listZones() → ao
1611               List object paths of zones known to permanent environment. For
1612               list of zones known to runtime environment see
1613               org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1614               (of zones known to runtime and permanent environment) will
1615               contain same zones in most cases, but might differ for example
1616               if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1617               called recently, but firewalld has not been reloaded since
1618               then.
1619
1620       Signals
1621           HelperAdded(s: helper)
1622               Emitted when helper has been added.
1623
1624           IPSetAdded(s: ipset)
1625               Emitted when ipset has been added.
1626
1627           IcmpTypeAdded(s: icmptype)
1628               Emitted when icmptype has been added.
1629
1630           ServiceAdded(s: service)
1631               Emitted when service has been added.
1632
1633           ZoneAdded(s: zone)
1634               Emitted when zone has been added.
1635
1636       Properties
1637           AutomaticHelpers - s - (rw)
1638               Indicates whether automatic helper assignment in kernel should
1639               be used or not. With the system setting this is left to the
1640               kernel or system default.
1641
1642           CleanupOnExit - s - (rw)
1643               If firewalld stops, it cleans up all firewall rules. Setting
1644               this option to no or false leaves the current firewall rules
1645               untouched.
1646
1647           DefaultZone - s - (ro)
1648               Default zone for connections or interfaces if the zone is not
1649               selected or specified by NetworkManager, initscripts or command
1650               line tool.
1651
1652           FirewallBackend - s - (rw)
1653               Selects the firewalld backend for all rules except the direct
1654               interface. Valid options are; nftables, iptables. Default in
1655               nftables.
1656
1657           FirewallBackend - s - (rw)
1658               Flush all runtime rules on a reload. Valid options are; yes,
1659               no.
1660
1661           IPv6_rpfilter - s - (rw)
1662               Indicates whether the reverse path filter test on a packet for
1663               IPv6 is enabled. If a reply to the packet would be sent via the
1664               same interface that the packet arrived on, the packet will
1665               match and be accepted, otherwise dropped.
1666
1667           IndividualCalls - s - (ro)
1668               Indicates whether individual calls combined -restore calls are
1669               used. If enabled, this increases the time that is needed to
1670               apply changes and to start the daemon, but is good for
1671               debugging.
1672
1673           Lockdown - s - (rw)
1674               If this property is enabled, firewall changes with the D-Bus
1675               interface will be limited to applications that are listed in
1676               the lockdown whitelist.
1677
1678           LogDenied - s - (rw)
1679               If LogDenied is enabled, then logging rules are added right
1680               before reject and drop rules in the INPUT, FORWARD and OUTPUT
1681               chains for the default rules and also final reject and drop
1682               rules in zones. Possible values are: all, unicast, broadcast,
1683               multicast and off.
1684
1685           MinimalMark - i - (rw)
1686               For some firewall settings several rules are needed in
1687               different tables to be able to handle packets in the correct
1688               way. To achieve that these packets are marked using the MARK
1689               target. With the MinimalMark property a block of marks can be
1690               reserved for private use; only marks over this value are used.
1691
1692           FirewallBackend - s - (rw)
1693               As per RFC 3964, filter IPv6 traffic with 6to4 destination
1694               addresses that correspond to IPv4 addresses that should not be
1695               routed over the public internet. Valid options are; yes, no.
1696
1697   org.fedoraproject.FirewallD1.config.direct
1698       Interface for permanent direct configuration, see also
1699       firewalld.direct(5). For runtime direct configuration see
1700       org.fedoraproject.FirewallD1.direct interface.
1701
1702       Methods
1703           addChain(s: ipv, s: table, s: chain) → Nothing
1704               Add a new chain to table for ipv being either ipv4 (iptables)
1705               or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1706               other chain with this name already. There already exist basic
1707               chains to use with direct methods, for example INPUT_direct
1708               chain. These chains are jumped into before chains for zones,
1709               i.e. every rule put into INPUT_direct will be checked before
1710               rules in zones. For runtime operation see
1711               org.fedoraproject.FirewallD1.direct.Methods.addChain.
1712
1713               Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1714
1715           addPassthrough(s: ipv, as: args) → Nothing
1716               Add a passthrough rule with the arguments args for ipv being
1717               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1718               For runtime operation see
1719               org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1720
1721               Possible errors: INVALID_IPV, ALREADY_ENABLED
1722
1723           addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1724           Nothing
1725               Add a rule with the arguments args to chain in table with
1726               priority for ipv being either ipv4 (iptables) or ipv6
1727               (ip6tables) or eb (ebtables). The priority is used to order
1728               rules. Priority 0 means add rule on top of the chain, with a
1729               higher priority the rule will be added further down. Rules with
1730               the same priority are on the same level and the order of these
1731               rules is not fixed and may change. If you want to make sure
1732               that a rule will be added after another one, use a low priority
1733               for the first and a higher for the following. For runtime
1734               operation see
1735               org.fedoraproject.FirewallD1.direct.Methods.addRule.
1736
1737               Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1738
1739           getAllChains() → a(sss)
1740               Get all chains added to all tables in format: ipv, table,
1741               chain. This concerns only chains previously added with
1742               addChain. Return value is a array of (ipv, table, chain). For
1743               runtime operation see
1744               org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1745
1746               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1747               (ebtables).
1748
1749               table (s): one of filter, mangle, nat, raw, security
1750
1751               chain (s): name of a chain.
1752
1753
1754           getAllPassthroughs() → a(sas)
1755               Get all passthrough rules added in all ipv types in format:
1756               ipv, rule. This concerns only rules previously added with
1757               addPassthrough. Return value is a array of (ipv, array of
1758               arguments). For runtime operation see
1759               org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1760
1761               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1762               (ebtables).
1763
1764               arguments (as): array of commands, parameters and other
1765               iptables/ip6tables/ebtables command line options.
1766
1767
1768           getAllRules() → a(sssias)
1769               Get all rules added to all chains in all tables in format: ipv,
1770               table, chain, priority, rule. This concerns only rules
1771               previously added with addRule. Return value is a array of (ipv,
1772               table, chain, priority, array of arguments). For runtime
1773               operation see
1774               org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1775
1776               ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1777               (ebtables).
1778
1779               table (s): one of filter, mangle, nat, raw, security
1780
1781               chain (s): name of a chain.
1782
1783               priority (i): used to order rules.
1784
1785               arguments (as): array of commands, parameters and other
1786               iptables/ip6tables/ebtables command line options.
1787
1788
1789           getChains(s: ipv, s: table) → as
1790               Return an array of chains (s) added to table for ipv being
1791               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1792               This concerns only chains previously added with addChain. For
1793               runtime operation see
1794               org.fedoraproject.FirewallD1.direct.Methods.getChains.
1795
1796               Possible errors: INVALID_IPV, INVALID_TABLE
1797
1798           getPassthroughs(s: ipv) → aas
1799               Get tracked passthrough rules added in either ipv4 (iptables)
1800               or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1801               previously added with addPassthrough. Return value is a array
1802               of (array of arguments). For runtime operation see
1803               org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1804
1805               arguments (as): array of commands, parameters and other
1806               iptables/ip6tables/ebtables command line options.
1807
1808
1809           getRules(s: ipv, s: table, s: chain) → a(ias)
1810               Get all rules added to chain in table for ipv being either ipv4
1811               (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1812               only rules previously added with addRule. Return value is a
1813               array of (priority, array of arguments). For runtime operation
1814               see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1815
1816               priority (i): used to order rules.
1817
1818               arguments (as): array of commands, parameters and other
1819               iptables/ip6tables/ebtables command line options.
1820
1821               Possible errors: INVALID_IPV, INVALID_TABLE
1822
1823           getSettings() → (a(sss)a(sssias)a(sas))
1824               Get settings of permanent direct configuration in format: array
1825               of chains, array of rules, array of passthroughs.
1826
1827               chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1828               firewalld.direct(5).
1829               .
1830                                 .PP rules (a(sssias)): array of (ipv, table,
1831               chain, priority, array of arguments), see 'rule' in
1832               firewalld.direct(5).
1833               .
1834                                 .PP passthroughs (a(sas)): array of (ipv,
1835               array of arguments), see passthrough in firewalld.direct(5).
1836               .
1837                               .sp
1838
1839           queryChain(s: ipv, s: table, s: chain) → b
1840               Return whether a chain exists in table for ipv being either
1841               ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1842               concerns only chains previously added with addChain. For
1843               runtime operation see
1844               org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1845
1846               Possible errors: INVALID_IPV, INVALID_TABLE
1847
1848           queryPassthrough(s: ipv, as: args) → b
1849               Return whether a tracked passthrough rule with the arguments
1850               args exists for ipv being either ipv4 (iptables) or ipv6
1851               (ip6tables) or eb (ebtables). This concerns only rules
1852               previously added with addPassthrough. For runtime operation see
1853               org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1854
1855               Possible errors: INVALID_IPV
1856
1857           queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1858               Return whether a rule with priority and the arguments args
1859               exists in chain in table for ipv being either ipv4 (iptables)
1860               or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1861               previously added with addRule. For runtime operation see
1862               org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1863
1864               Possible errors: INVALID_IPV, INVALID_TABLE
1865
1866           removeChain(s: ipv, s: table, s: chain) → Nothing
1867               Remove a chain from table for ipv being either ipv4 (iptables)
1868               or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1869               added with addChain can be removed this way. For runtime
1870               operation see
1871               org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1872
1873               Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1874
1875           removePassthrough(s: ipv, as: args) → Nothing
1876               Remove a passthrough rule with arguments args for ipv being
1877               either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1878               Only rules previously added with addPassthrough can be removed
1879               this way. For runtime operation see
1880               org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1881
1882               Possible errors: INVALID_IPV, NOT_ENABLED
1883
1884           removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1885           Nothing
1886               Remove a rule with priority and arguments args from chain in
1887               table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1888               or eb (ebtables). Only rules previously added with addRule can
1889               be removed this way. For runtime operation see
1890               org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1891
1892               Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1893
1894           removeRules(s: ipv, s: table, s: chain) → Nothing
1895               Remove all rules from chain in table for ipv being either ipv4
1896               (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1897               only rules previously added with addRule. For runtime operation
1898               see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1899
1900               Possible errors: INVALID_IPV, INVALID_TABLE
1901
1902           update((a(sss)a(sssias)a(sas)): settings) → Nothing
1903               Update permanent direct configuration with given settings.
1904               Settings are in format: array of chains, array of rules, array
1905               of passthroughs.
1906
1907               chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1908               firewalld.direct(5).
1909               .
1910                                 .PP rules (a(sssias)): array of (ipv, table,
1911               chain, priority, array of arguments), see 'rule' in
1912               firewalld.direct(5).
1913               .
1914                                 .PP passthroughs (a(sas)): array of (ipv,
1915               array of arguments), see passthrough in firewalld.direct(5).
1916               .
1917                               .sp Possible errors: INVALID_TYPE
1918
1919       Signals
1920           Updated()
1921               Emitted when configuration has been updated.
1922
1923   org.fedoraproject.FirewallD1.config.policies
1924       Interface for permanent lockdown-whitelist configuration, see also
1925       firewalld.lockdown-whitelist(5). For runtime configuration see
1926       org.fedoraproject.FirewallD1.policies interface.
1927
1928       Methods
1929           addLockdownWhitelistCommand(s: command) → Nothing
1930               Add command to whitelist. See command option in
1931               firewalld.lockdown-whitelist(5). For runtime operation see
1932               org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1933
1934               Possible errors: ALREADY_ENABLED, INVALID_TYPE
1935
1936           addLockdownWhitelistContext(s: context) → Nothing
1937               Add context to whitelist. See selinux option in
1938               firewalld.lockdown-whitelist(5). For runtime operation see
1939               org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1940
1941               Possible errors: ALREADY_ENABLED, INVALID_TYPE
1942
1943           addLockdownWhitelistUid(i: uid) → Nothing
1944               Add user id uid to whitelist. See user option in
1945               firewalld.lockdown-whitelist(5). For runtime operation see
1946               org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1947
1948               Possible errors: ALREADY_ENABLED, INVALID_TYPE
1949
1950           addLockdownWhitelistUser(s: user) → Nothing
1951               Add user name to whitelist. See user option in
1952               firewalld.lockdown-whitelist(5). For runtime operation see
1953               org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1954
1955               Possible errors: ALREADY_ENABLED, INVALID_TYPE
1956
1957           getLockdownWhitelist() → (asasasai)
1958               Get settings of permanent lockdown-whitelist configuration in
1959               format: commands, selinux contexts, users, uids
1960
1961               commands (as): see command option in firewalld.lockdown-
1962               whitelist(5).
1963
1964               selinux contexts (as): see selinux option in
1965               firewalld.lockdown-whitelist(5).
1966
1967               users (as): see name attribute of user option in
1968               firewalld.lockdown-whitelist(5).
1969
1970               uids (ai): see id attribute of user option in
1971               firewalld.lockdown-whitelist(5).
1972
1973
1974           getLockdownWhitelistCommands() → as
1975               List all command lines (s) that are on whitelist. For runtime
1976               operation see
1977               org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1978
1979           getLockdownWhitelistContexts() → as
1980               List all contexts (s) that are on whitelist. For runtime
1981               operation see
1982               org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
1983
1984           getLockdownWhitelistUids() → ai
1985               List all user ids (i) that are on whitelist. For runtime
1986               operation see
1987               org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
1988
1989           getLockdownWhitelistUsers() → as
1990               List all users (s) that are on whitelist. For runtime operation
1991               see
1992               org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
1993
1994           queryLockdownWhitelistCommand(s: command) → b
1995               Query whether command is on whitelist. For runtime operation
1996               see
1997               org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
1998
1999           queryLockdownWhitelistContext(s: context) → b
2000               Query whether context is on whitelist. For runtime operation
2001               see
2002               org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2003
2004           queryLockdownWhitelistUid(i: uid) → b
2005               Query whether user id uid is on whitelist. For runtime
2006               operation see
2007               org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2008
2009           queryLockdownWhitelistUser(s: user) → b
2010               Query whether user is on whitelist. For runtime operation see
2011               org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2012
2013           removeLockdownWhitelistCommand(s: command) → Nothing
2014               Remove command from whitelist. For runtime operation see
2015               org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2016
2017               Possible errors: NOT_ENABLED
2018
2019           removeLockdownWhitelistContext(s: context) → Nothing
2020               Remove context from whitelist. For runtime operation see
2021               org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2022
2023               Possible errors: NOT_ENABLED
2024
2025           removeLockdownWhitelistUid(i: uid) → Nothing
2026               Remove user id uid from whitelist. For runtime operation see
2027               org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2028
2029               Possible errors: NOT_ENABLED
2030
2031           removeLockdownWhitelistUser(s: user) → Nothing
2032               Remove user from whitelist. For runtime operation see
2033               org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2034
2035               Possible errors: NOT_ENABLED
2036
2037           setLockdownWhitelist((asasasai): settings) → Nothing
2038               Set permanent lockdown-whitelist configuration to settings.
2039               Settings are in format: commands, selinux contexts, users, uids
2040
2041               commands (as): see command option in firewalld.lockdown-
2042               whitelist(5).
2043
2044               selinux contexts (as): see selinux option in
2045               firewalld.lockdown-whitelist(5).
2046
2047               users (as): see name attribute of user option in
2048               firewalld.lockdown-whitelist(5).
2049
2050               uids (ai): see id attribute of user option in
2051               firewalld.lockdown-whitelist(5).
2052
2053               Possible errors: INVALID_TYPE
2054
2055       Signals
2056           LockdownWhitelistUpdated()
2057               Emitted when permanent lockdown-whitelist configuration has
2058               been updated.
2059
2060   org.fedoraproject.FirewallD1.config.ipset
2061       Interface for permanent ipset configuration, see also
2062       firewalld.ipset(5).
2063
2064       Methods
2065           addEntry(s: entry) → Nothing
2066               Permanently add entry to list of entries of ipset. See entry
2067               tag in firewalld.ipset(5). For runtime operation see
2068               org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2069
2070               Possible errors: ALREADY_ENABLED
2071
2072           addOption(s: key, s: value) → Nothing
2073               Permanently add (key, value) to the ipset. See option tag in
2074               firewalld.ipset(5).
2075
2076               Possible errors: ALREADY_ENABLED
2077
2078           getDescription() → s
2079               Get description of ipset. See description tag in
2080               firewalld.ipset(5).
2081
2082           getEntries() → as
2083               Get list of entries added to ipset. See entry tag in
2084               firewalld.ipset(5). For runtime operation see
2085               org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2086
2087               Possible errors: IPSET_WITH_TIMEOUT
2088
2089           getOptions() → a{ss}
2090               Get dictionary of options set for ipset. See option tag in
2091               firewalld.ipset(5).
2092
2093           getSettings() → (ssssa{ss}as)
2094               Return permament settings of the ipset. For getting runtime
2095               settings see
2096               org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2097               Settings are in format: version, name, description, type,
2098               dictionary of options and array of entries.
2099
2100               version (s): see version attribute of ipset tag in
2101               firewalld.ipset(5).
2102
2103               name (s): see short tag in firewalld.ipset(5).
2104
2105               description (s): see description tag in firewalld.ipset(5).
2106
2107               type (s): see type attribute of ipset tag in
2108               firewalld.ipset(5).
2109
2110               options (a{ss}): dictionary of {option : value} . See options
2111               tag in firewalld.ipset(5).
2112
2113               entries (as): array of entries, see entry tag in
2114               firewalld.ipset(5).
2115
2116
2117           getShort() → s
2118               Get name of ipset. See short tag in firewalld.ipset(5).
2119
2120           getType() → s
2121               Get type of ipset. See type attribute of ipset tag in
2122               firewalld.ipset(5).
2123
2124           getVersion() → s
2125               Get version of ipset. See version attribute of ipset tag in
2126               firewalld.ipset(5).
2127
2128           loadDefaults() → Nothing
2129               Load default settings for built-in ipset.
2130
2131               Possible errors: NO_DEFAULTS
2132
2133           queryEntry(s: entry) → b
2134               Return whether entry has been added to ipset. For runtime
2135               operation see
2136               org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2137
2138           queryOption(s: key, s: value) → b
2139               Return whether (key, value) has been added to options of the
2140               ipset.
2141
2142           remove() → Nothing
2143               Remove not built-in ipset.
2144
2145               Possible errors: BUILTIN_IPSET
2146
2147           removeEntry(s: entry) → Nothing
2148               Permanently remove entry from ipset. See entry tag in
2149               firewalld.ipset(5). For runtime operation see
2150               org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2151
2152               Possible errors: NOT_ENABLED
2153
2154           removeOption(s: key) → Nothing
2155               Permanently remove key from the ipset. See option tag in
2156               firewalld.ipset(5).
2157
2158               Possible errors: NOT_ENABLED
2159
2160           rename(s: name) → Nothing
2161               Rename not built-in ipset to name.
2162
2163               Possible errors: BUILTIN_IPSET
2164
2165           setDescription(s: description) → Nothing
2166               Permanently set description of ipset to description. See
2167               description tag in firewalld.ipset(5).
2168
2169           setEntries(as: entries) → Nothing
2170               Permanently set list of entries to entries. See entry tag in
2171               firewalld.ipset(5).
2172
2173           setOptions(a{ss}: options) → Nothing
2174               Permanently set dict of options to options. See option tag in
2175               firewalld.ipset(5).
2176
2177           setShort(s: short) → Nothing
2178               Permanently set name of ipset to short. See short tag in
2179               firewalld.ipset(5).
2180
2181           setType(s: ipset_type) → Nothing
2182               Permanently set type of ipset to ipset_type. See type attribute
2183               of ipset tag in firewalld.ipset(5).
2184
2185           setVersion(s: version) → Nothing
2186               Permanently set version of ipset to version. See version
2187               attribute of ipset tag in firewalld.ipset(5).
2188
2189           update((ssssa{ss}as): settings) → Nothing
2190               Update settings of ipset to settings. Settings are in format:
2191               version, name, description, type, dictionary of options and
2192               array of entries.
2193
2194               version (s): see version attribute of ipset tag in
2195               firewalld.ipset(5).
2196
2197               name (s): see short tag in firewalld.ipset(5).
2198
2199               description (s): see description tag in firewalld.ipset(5).
2200
2201               type (s): see type attribute of ipset tag in
2202               firewalld.ipset(5).
2203
2204               options (a{ss}): dictionary of {option : value} . See options
2205               tag in firewalld.ipset(5).
2206
2207               entries (as): array of entries, see entry tag in
2208               firewalld.ipset(5).
2209
2210               Possible errors: INVALID_TYPE
2211
2212       Signals
2213           Removed(s: name)
2214               Emitted when ipset with name has been removed.
2215
2216           Renamed(s: name)
2217               Emitted when ipset has been renamed to name.
2218
2219           Updated(s: name)
2220               Emitted when ipset with name has been updated.
2221
2222       Properties
2223           builtin - b - (ro)
2224               True if ipset is build-in, false else.
2225
2226           default - b - (ro)
2227               True if build-in ipset has default settings. False if it has
2228               been modified. Always False for not build-in ipsets.
2229
2230           filename - s - (ro)
2231               Name (including .xml extension) of file where the configuration
2232               is stored.
2233
2234           name - s - (ro)
2235               Name of ipset.
2236
2237           path - s - (ro)
2238               Path to directory where the ipset configuration is stored.
2239               Should be either /usr/lib/firewalld/ipsets or
2240               /etc/firewalld/ipsets.
2241
2242   org.fedoraproject.FirewallD1.config.zone
2243       Interface for permanent zone configuration, see also firewalld.zone(5).
2244
2245       Methods
2246           addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2247           Nothing
2248               Permanently add (port, protocol, toport, toaddr) to list of
2249               forward ports of zone. See forward-port tag in
2250               firewalld.zone(5). For runtime operation see
2251               org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2252
2253               Possible errors: ALREADY_ENABLED
2254
2255           addIcmpBlock(s: icmptype) → Nothing
2256               Permanently add icmptype to list of icmp types blocked in zone.
2257               See icmp-block tag in firewalld.zone(5). For runtime operation
2258               see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2259
2260               Possible errors: ALREADY_ENABLED
2261
2262           addIcmpBlock(s: icmptype) → Nothing
2263               Permanently add icmp block inversion to zone. See
2264               icmp-block-inversion tag in firewalld.zone(5). For runtime
2265               operation see
2266               org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2267
2268               Possible errors: ALREADY_ENABLED
2269
2270           addInterface(s: interface) → Nothing
2271               Permanently add interface to list of interfaces bound to zone.
2272               See interface tag in firewalld.zone(5). For runtime operation
2273               see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2274
2275               Possible errors: ALREADY_ENABLED
2276
2277           addMasquerade() → Nothing
2278               Permanently enable masquerading in zone. See masquerade tag in
2279               firewalld.zone(5). For runtime operation see
2280               org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2281
2282               Possible errors: ALREADY_ENABLED
2283
2284           addPort(s: port, s: protocol) → Nothing
2285               Permanently add (port, protocol) to list of ports of zone. See
2286               port tag in firewalld.zone(5). For runtime operation see
2287               org.fedoraproject.FirewallD1.zone.Methods.addPort.
2288
2289               Possible errors: ALREADY_ENABLED
2290
2291           addProtocol(s: protocol) → Nothing
2292               Permanently add protocol into zone. The protocol can be any
2293               protocol supported by the system. Please have a look at
2294               /etc/protocols for supported protocols. For runtime operation
2295               see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2296
2297               Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2298
2299           addRichRule(s: rule) → Nothing
2300               Permanently add rule to list of rich-language rules in zone.
2301               See rule tag in firewalld.zone(5). For runtime operation see
2302               org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2303
2304               Possible errors: ALREADY_ENABLED
2305
2306           addService(s: service) → Nothing
2307               Permanently add service to list of services used in zone. See
2308               service tag in firewalld.zone(5). For runtime operation see
2309               org.fedoraproject.FirewallD1.zone.Methods.addService.
2310
2311               Possible errors: ALREADY_ENABLED
2312
2313           addSource(s: source) → Nothing
2314               Permanently add source to list of source addresses bound to
2315               zone. See source tag in firewalld.zone(5). For runtime
2316               operation see
2317               org.fedoraproject.FirewallD1.zone.Methods.addSource.
2318
2319               Possible errors: ALREADY_ENABLED
2320
2321           addSourcePort(s: port, s: protocol) → Nothing
2322               Permanently add (port, protocol) to list of source ports of
2323               zone. See source-port tag in firewalld.zone(5). For runtime
2324               operation see
2325               org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2326
2327               Possible errors: ALREADY_ENABLED
2328
2329           getDescription() → s
2330               Get description of zone. See description tag in
2331               firewalld.zone(5).
2332
2333           getForwardPorts() → a(ssss)
2334               Get list of (port, protocol, toport, toaddr) defined in zone.
2335               See forward-port tag in firewalld.zone(5). For runtime
2336               operation see
2337               org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2338
2339           getIcmpBlockInversion() → b
2340               Get icmp block inversion flag of zone. See icmp-block-inversion
2341               tag in firewalld.zone(5).
2342
2343           getIcmpBlocks() → as
2344               Get list of icmp type names blocked in zone. See icmp-block tag
2345               in firewalld.zone(5). For runtime operation see
2346               org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2347
2348           getInterfaces() → as
2349               Get list of interfaces bound to zone. See interface tag in
2350               firewalld.zone(5). For runtime operation see
2351               org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2352
2353           getMasquerade() → b
2354               Return whether masquerade is enabled in zone. This is the same
2355               as queryMasquerade() method. See masquerade tag in
2356               firewalld.zone(5).
2357
2358           getPorts() → a(ss)
2359               Get list of (port, protocol) defined in zone. See port tag in
2360               firewalld.zone(5). For runtime operation see
2361               org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2362
2363           getProtocols() → as
2364               Return array of protocols (s) previously enabled in zone. For
2365               getting runtime settings see
2366               org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2367
2368           getRichRules() → as
2369               Get list of rich-language rules in zone. See rule tag in
2370               firewalld.zone(5). For runtime operation see
2371               org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2372
2373           getServices() → as
2374               Get list of service names used in zone. See service tag in
2375               firewalld.zone(5). For runtime operation see
2376               org.fedoraproject.FirewallD1.zone.Methods.getServices.
2377
2378           getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2379               Return permanent settings of given zone. For getting runtime
2380               settings see
2381               org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2382               are in format: version, name, description, UNUSED, target,
2383               array of services, array of ports (port, protocol), array of
2384               icmp-blocks, masquerade, array of forward-ports (port,
2385               protocol, to-port, to-addr), array of interfaces, array of
2386               sources, array of rich rules, array of protocols and array of
2387               source-ports (port, protocol).
2388
2389               version (s): see version attribute of zone tag in
2390               firewalld.zone(5).
2391
2392               name (s): see short tag in firewalld.zone(5).
2393
2394               description (s): see description tag in firewalld.zone(5).
2395
2396               UNUSED (b): this boolean value is no longer used for anything.
2397
2398               target (s): see target attribute of zone tag in
2399               firewalld.zone(5).
2400
2401               services (as): array of service names, see service tag in
2402               firewalld.zone(5).
2403
2404               ports (a(ss)): array of port and protocol pairs. See port tag
2405               in firewalld.zone(5).
2406
2407               icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2408               firewalld.zone(5).
2409
2410               masquerade (b): see masquerade tag in firewalld.zone(5).
2411
2412               forward-ports (a(ssss)): array of (port, protocol, to-port,
2413               to-addr). See forward-port tag in firewalld.zone(5).
2414
2415               interfaces (as): array of interfaces. See interface tag in
2416               firewalld.zone(5).
2417
2418               source addresses (as): array of source addresses. See source
2419               tag in firewalld.zone(5).
2420
2421               rich rules (as): array of rich-language rules. See rule tag in
2422               firewalld.zone(5).
2423
2424               protocols (as): array of protocols. See protocol tag in
2425               firewalld.zone(5).
2426
2427               source-ports (a(ss)): array of port and protocol pairs. See
2428               source-port tag in firewalld.zone(5).
2429
2430
2431           getShort() → s
2432               Get name of zone. See short tag in firewalld.zone(5).
2433
2434           getSourcePorts() → a(ss)
2435               Get list of (port, protocol) defined in zone. See source-port
2436               tag in firewalld.zone(5). For runtime operation see
2437               org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2438
2439           getSources() → as
2440               Get list of source addresses bound to zone. See source tag in
2441               firewalld.zone(5). For runtime operation see
2442               org.fedoraproject.FirewallD1.zone.Methods.getSources.
2443
2444           getTarget() → s
2445               Get target of zone. See target attribute of zone tag in
2446               firewalld.zone(5).
2447
2448           getVersion() → s
2449               Get version of zone. See version attribute of zone tag in
2450               firewalld.zone(5).
2451
2452           loadDefaults() → Nothing
2453               Load default settings for built-in zone.
2454
2455               Possible errors: NO_DEFAULTS
2456
2457           queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2458               Return whether (port, protocol, toport, toaddr) is in list of
2459               forward ports of zone. See forward-port tag in
2460               firewalld.zone(5). For runtime operation see
2461               org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2462
2463           queryIcmpBlock(s: icmptype) → b
2464               Return whether icmptype is in list of icmp types blocked in
2465               zone. See icmp-block tag in firewalld.zone(5). For runtime
2466               operation see
2467               org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2468
2469           queryIcmpBlockInversion() → b
2470               Return whether icmp block inversion is in enabled in zone. See
2471               icmp-block-inversion tag in firewalld.zone(5). For runtime
2472               operation see
2473               org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2474
2475           queryInterface(s: interface) → b
2476               Return whether interface is in list of interfaces bound to
2477               zone. See interface tag in firewalld.zone(5). For runtime
2478               operation see
2479               org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2480
2481           queryMasquerade() → b
2482               Return whether masquerade is enabled in zone. This is the same
2483               as getMasquerade() method. See masquerade tag in
2484               firewalld.zone(5). For runtime operation see
2485               org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2486
2487           queryPort(s: port, s: protocol) → b
2488               Return whether (port, protocol) is in list of ports of zone.
2489               See port tag in firewalld.zone(5). For runtime operation see
2490               org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2491
2492           queryProtocol(s: protocol) → b
2493               Return whether protocol has been added in zone. For runtime
2494               operation see
2495               org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2496
2497               Possible errors: INVALID_PROTOCOL
2498
2499           queryRichRule(s: rule) → b
2500               Return whether rule is in list of rich-language rules in zone.
2501               See rule tag in firewalld.zone(5). For runtime operation see
2502               org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2503
2504           queryService(s: service) → b
2505               Return whether service is in list of services used in zone. See
2506               service tag in firewalld.zone(5). For runtime operation see
2507               org.fedoraproject.FirewallD1.zone.Methods.queryService.
2508
2509           querySource(s: source) → b
2510               Return whether source is in list of source addresses bound to
2511               zone. See source tag in firewalld.zone(5). For runtime
2512               operation see
2513               org.fedoraproject.FirewallD1.zone.Methods.querySource.
2514
2515           querySourcePort(s: port, s: protocol) → b
2516               Return whether (port, protocol) is in list of source ports of
2517               zone. See source-port tag in firewalld.zone(5). For runtime
2518               operation see
2519               org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2520
2521           remove() → Nothing
2522               Remove not built-in zone.
2523
2524               Possible errors: BUILTIN_ZONE
2525
2526           removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2527           Nothing
2528               Permanently remove (port, protocol, toport, toaddr) from list
2529               of forward ports of zone. See forward-port tag in
2530               firewalld.zone(5). For runtime operation see
2531               org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2532
2533               Possible errors: NOT_ENABLED
2534
2535           removeIcmpBlock(s: icmptype) → Nothing
2536               Permanently remove icmptype from list of icmp types blocked in
2537               zone. See icmp-block tag in firewalld.zone(5). For runtime
2538               operation see
2539               org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2540
2541               Possible errors: NOT_ENABLED
2542
2543           removeIcmpBlockInversion() → Nothing
2544               Permanently remove icmp block inversion from the zone. See
2545               icmp-block-inversion tag in firewalld.zone(5). For runtime
2546               operation see
2547               org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2548
2549               Possible errors: NOT_ENABLED
2550
2551           removeInterface(s: interface) → Nothing
2552               Permanently remove interface from list of interfaces bound to
2553               zone. See interface tag in firewalld.zone(5). For runtime
2554               operation see
2555               org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2556
2557               Possible errors: NOT_ENABLED
2558
2559           removeMasquerade() → Nothing
2560               Permanently disable masquerading in zone. See masquerade tag in
2561               firewalld.zone(5). For runtime operation see
2562               org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2563
2564               Possible errors: NOT_ENABLED
2565
2566           removePort(s: port, s: protocol) → Nothing
2567               Permanently remove (port, protocol) from list of ports of zone.
2568               See port tag in firewalld.zone(5). For runtime operation see
2569               org.fedoraproject.FirewallD1.zone.Methods.removePort.
2570
2571               Possible errors: NOT_ENABLED
2572
2573           removeProtocol(s: protocol) → Nothing
2574               Permanently remove protocol from zone. For runtime operation
2575               see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2576
2577               Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2578
2579           removeRichRule(s: rule) → Nothing
2580               Permanently remove rule from list of rich-language rules in
2581               zone. See rule tag in firewalld.zone(5). For runtime operation
2582               see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2583
2584               Possible errors: NOT_ENABLED
2585
2586           removeService(s: service) → Nothing
2587               Permanently remove service from list of services used in zone.
2588               See service tag in firewalld.zone(5). For runtime operation see
2589               org.fedoraproject.FirewallD1.zone.Methods.removeService.
2590
2591               Possible errors: NOT_ENABLED
2592
2593           removeSource(s: source) → Nothing
2594               Permanently remove source from list of source addresses bound
2595               to zone. See source tag in firewalld.zone(5). For runtime
2596               operation see
2597               org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2598
2599               Possible errors: NOT_ENABLED
2600
2601           removeSourcePort(s: port, s: protocol) → Nothing
2602               Permanently remove (port, protocol) from list of source ports
2603               of zone. See source-port tag in firewalld.zone(5). For runtime
2604               operation see
2605               org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2606
2607               Possible errors: NOT_ENABLED
2608
2609           rename(s: name) → Nothing
2610               Rename not built-in zone to name.
2611
2612               Possible errors: BUILTIN_ZONE
2613
2614           setDescription(s: description) → Nothing
2615               Permanently set description of zone to description. See
2616               description tag in firewalld.zone(5).
2617
2618           setForwardPorts(a(ssss): ports) → Nothing
2619               Permanently set forward ports of zone to list of (port,
2620               protocol, toport, toaddr). See forward-port tag in
2621               firewalld.zone(5).
2622
2623           setIcmpBlockInversion(b: flag) → Nothing
2624               Permanently set icmp block inversion flag of zone to flag. See
2625               icmp-block-inversion tag in firewalld.zone(5).
2626
2627           setIcmpBlocks(as: icmptypes) → Nothing
2628               Permanently set list of icmp types blocked in zone to
2629               icmptypes. See icmp-block tag in firewalld.zone(5).
2630
2631           setInterfaces(as: interfaces) → Nothing
2632               Permanently set list of interfaces bound to zone to interfaces.
2633               See interface tag in firewalld.zone(5).
2634
2635           setMasquerade(b: masquerade) → Nothing
2636               Permanently set masquerading in zone to masquerade. See
2637               masquerade tag in firewalld.zone(5).
2638
2639           setPorts(a(ss): ports) → Nothing
2640               Permanently set ports of zone to list of (port, protocol). See
2641               port tag in firewalld.zone(5).
2642
2643           setProtocols(as: protocols) → Nothing
2644               Permanently set list of protocols used in zone to protocols.
2645               See protocol tag in firewalld.zone(5).
2646
2647           setRichRules(as: rules) → Nothing
2648               Permanently set list of rich-language rules to rules. See rule
2649               tag in firewalld.zone(5).
2650
2651           setServices(as: services) → Nothing
2652               Permanently set list of services used in zone to services. See
2653               service tag in firewalld.zone(5).
2654
2655           setShort(s: short) → Nothing
2656               Permanently set name of zone to short. See short tag in
2657               firewalld.zone(5).
2658
2659           setSourcePorts(a(ss): ports) → Nothing
2660               Permanently set source-ports of zone to list of (port,
2661               protocol). See source-port tag in firewalld.zone(5).
2662
2663           setSources(as: sources) → Nothing
2664               Permanently set list of source addresses bound to zone to
2665               sources. See source tag in firewalld.zone(5).
2666
2667           setTarget(s: target) → Nothing
2668               Permanently set target of zone to target. See target attribute
2669               of zone tag in firewalld.zone(5).
2670
2671           setVersion(s: version) → Nothing
2672               Permanently set version of zone to version. See version
2673               attribute of zone tag in firewalld.zone(5).
2674
2675           update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2676               Update settings of zone to settings. Settings are in format:
2677               version, name, description, UNUSED, target, array of services,
2678               array of ports (port, protocol), array of icmp-blocks,
2679               masquerade, array of forward-ports (port, protocol, to-port,
2680               to-addr), array of interfaces, array of sources, array of rich
2681               rules, array of protocols and array of source-ports (port,
2682               protocol).
2683
2684               version (s): see version attribute of zone tag in
2685               firewalld.zone(5).
2686
2687               name (s): see short tag in firewalld.zone(5).
2688
2689               description (s): see description tag in firewalld.zone(5).
2690
2691               UNUSED (b): this boolean value is no longer used for anything.
2692
2693               target (s): see target attribute of zone tag in
2694               firewalld.zone(5).
2695
2696               services (as): array of service names, see service tag in
2697               firewalld.zone(5).
2698
2699               ports (a(ss)): array of port and protocol pairs. See port tag
2700               in firewalld.zone(5).
2701
2702               icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2703               firewalld.zone(5).
2704
2705               masquerade (b): see masquerade tag in firewalld.zone(5).
2706
2707               forward-ports (a(ssss)): array of (port, protocol, to-port,
2708               to-addr). See forward-port tag in firewalld.zone(5).
2709
2710               interfaces (as): array of interfaces. See interface tag in
2711               firewalld.zone(5).
2712
2713               source addresses (as): array of source addresses. See source
2714               tag in firewalld.zone(5).
2715
2716               rich rules (as): array of rich-language rules. See rule tag in
2717               firewalld.zone(5).
2718
2719               protocols (as): array of protocols. See protocol tag in
2720               firewalld.zone(5).
2721
2722               source-ports (a(ss)): array of port and protocol pairs. See
2723               source-port tag in firewalld.zone(5).
2724
2725               Possible errors: INVALID_TYPE
2726
2727       Signals
2728           Removed(s: name)
2729               Emitted when zone with name has been removed.
2730
2731           Renamed(s: name)
2732               Emitted when zone has been renamed to name.
2733
2734           Updated(s: name)
2735               Emitted when zone with name has been updated.
2736
2737       Properties
2738           builtin - b - (ro)
2739               True if zone is build-in, false else.
2740
2741           default - b - (ro)
2742               True if build-in zone has default settings. False if it has
2743               been modified. Always False for not build-in zones.
2744
2745           filename - s - (ro)
2746               Name (including .xml extension) of file where the configuration
2747               is stored.
2748
2749           name - s - (ro)
2750               Name of zone.
2751
2752           path - s - (ro)
2753               Path to directory where the zone configuration is stored.
2754               Should be either /usr/lib/firewalld/zones or
2755               /etc/firewalld/zones.
2756
2757   org.fedoraproject.FirewallD1.config.service
2758       Interface for permanent service configuration, see also
2759       firewalld.service(5).
2760
2761       Methods
2762           addModule(s: module) → Nothing
2763               Permanently add module to list of modules (netfilter kernel
2764               helpers) used in service. See module tag in
2765               firewalld.service(5).
2766
2767               Possible errors: ALREADY_ENABLED
2768
2769           addPort(s: port, s: protocol) → Nothing
2770               Permanently add (port, protocol) to list of ports in service.
2771               See port tag in firewalld.service(5).
2772
2773               Possible errors: ALREADY_ENABLED
2774
2775           addProtocol(s: protocol) → Nothing
2776               Permanently add protocol into zone. The protocol can be any
2777               protocol supported by the system. Please have a look at
2778               /etc/protocols for supported protocols. See protocol tag in
2779               firewalld.service(5).
2780
2781               Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2782
2783           addSourcePort(s: port, s: protocol) → Nothing
2784               Permanently add (port, protocol) to list of source ports in
2785               service. See source-port tag in firewalld.service(5).
2786
2787               Possible errors: ALREADY_ENABLED
2788
2789           getDescription() → s
2790               Get description of service. See description tag in
2791               firewalld.service(5).
2792
2793           getDestination(s: family) → s
2794               Get destination for IP family being either 'ipv4' or 'ipv6'.
2795               See destination tag in firewalld.service(5).
2796
2797               Possible errors: ALREADY_ENABLED
2798
2799           getDestinations() → a{ss}
2800               Get list of destinations. Return value is a dictionary of {IP
2801               family : IP address} where 'IP family' key can be either 'ipv4'
2802               or 'ipv6'. See destination tag in firewalld.service(5).
2803
2804           getModules() → as
2805               Get list of modules (netfilter kernel helpers) used in service.
2806               See module tag in firewalld.service(5).
2807
2808           getPorts() → a(ss)
2809               Get list of (port, protocol) defined in service. See port tag
2810               in firewalld.service(5).
2811
2812           getProtocols() → as
2813               Return array of protocols (s) defined in service. See protocol
2814               tag in firewalld.service(5).
2815
2816           getSettings() → (sssa(ss)asa{ss}asa(ss))
2817               Return permanent settings of a service. For getting runtime
2818               settings see
2819               org.fedoraproject.FirewallD1.Methods.getServiceSettings.
2820               Settings are in format: version, name, description, array of
2821               ports (port, protocol), array of module names, dictionary of
2822               destinations, array of protocols and array of source-ports
2823               (port, protocol).
2824
2825               version (s): see version attribute of service tag in
2826               firewalld.service(5).
2827
2828               name (s): see short tag in firewalld.service(5).
2829
2830               description (s): see description tag in firewalld.service(5).
2831
2832               ports (a(ss)): array of port and protocol pairs. See port tag
2833               in firewalld.service(5).
2834
2835               module names (as): array of kernel netfilter helpers, see
2836               module tag in firewalld.service(5).
2837
2838               destinations (a{ss}): dictionary of {IP family : IP address}
2839               where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2840               destination tag in firewalld.service(5).
2841
2842               protocols (as): array of protocols. See protocol tag in
2843               firewalld.service(5).
2844
2845               source-ports (a(ss)): array of port and protocol pairs. See
2846               source-port tag in firewalld.service(5).
2847
2848
2849           getShort() → s
2850               Get name of service. See short tag in firewalld.service(5).
2851
2852           getSourcePorts() → a(ss)
2853               Get list of (port, protocol) defined in service. See
2854               source-port tag in firewalld.service(5).
2855
2856           getVersion() → s
2857               Get version of service. See version attribute of service tag in
2858               firewalld.service(5).
2859
2860           loadDefaults() → Nothing
2861               Load default settings for built-in service.
2862
2863               Possible errors: NO_DEFAULTS
2864
2865           queryDestination(s: family, s: address) → b
2866               Return whether a destination is in dictionary of destinations
2867               of this service. destination is in format: (IP family, IP
2868               address) where IP family can be either 'ipv4' or 'ipv6'. See
2869               destination tag in firewalld.service(5).
2870
2871           queryModule(s: module) → b
2872               Return whether module is in list of modules (netfilter kernel
2873               helpers) used in service. See module tag in
2874               firewalld.service(5).
2875
2876           queryPort(s: port, s: protocol) → b
2877               Return whether (port, protocol) is in list of ports in service.
2878               See port tag in firewalld.service(5).
2879
2880           queryProtocol(s: protocol) → b
2881               Return whether protocol is in list of protocols in service. See
2882               protocol tag in firewalld.service(5).
2883
2884           querySourcePort(s: port, s: protocol) → b
2885               Return whether (port, protocol) is in list of source ports in
2886               service. See source-port tag in firewalld.service(5).
2887
2888           remove() → Nothing
2889               Remove not built-in service.
2890
2891               Possible errors: BUILTIN_SERVICE
2892
2893           removeDestination(s: family) → Nothing
2894               Permanently remove a destination with family ('ipv4' or 'ipv6')
2895               from service. See destination tag in firewalld.service(5).
2896
2897               Possible errors: NOT_ENABLED
2898
2899           removeModule(s: module) → Nothing
2900               Permanently remove module from list of modules (netfilter
2901               kernel helpers) used in service. See module tag in
2902               firewalld.service(5).
2903
2904               Possible errors: NOT_ENABLED
2905
2906           removePort(s: port, s: protocol) → Nothing
2907               Permanently remove (port, protocol) from list of ports in
2908               service. See port tag in firewalld.service(5).
2909
2910               Possible errors: NOT_ENABLED
2911
2912           removeProtocol(s: protocol) → Nothing
2913               Permanently remove protocol from list of protocols in service.
2914               See protocol tag in firewalld.service(5).
2915
2916               Possible errors: NOT_ENABLED
2917
2918           removeSourcePort(s: port, s: protocol) → Nothing
2919               Permanently remove (port, protocol) from list of source ports
2920               in service. See source-port tag in firewalld.service(5).
2921
2922               Possible errors: NOT_ENABLED
2923
2924           rename(s: name) → Nothing
2925               Rename not built-in service to name.
2926
2927               Possible errors: BUILTIN_SERVICE
2928
2929           setDescription(s: description) → Nothing
2930               Permanently set description of service to description. See
2931               description tag in firewalld.service(5).
2932
2933           setDestination(s: family, s: address) → Nothing
2934               Permanently set a destination address. destination is in
2935               format: (IP family, IP address) where IP family can be either
2936               'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2937
2938               Possible errors: ALREADY_ENABLED
2939
2940           setDestinations(a{ss}: destinations) → Nothing
2941               Permanently set destinations of service to destinations, which
2942               is a dictionary of {IP family : IP address} where 'IP family'
2943               key can be either 'ipv4' or 'ipv6'. See destination tag in
2944               firewalld.service(5).
2945
2946           setModules(as: modules) → Nothing
2947               Permanently set list of modules (netfilter kernel helpers) used
2948               in service to modules. See module tag in firewalld.service(5).
2949
2950           setPorts(a(ss): ports) → Nothing
2951               Permanently set ports of service to list of (port, protocol).
2952               See port tag in firewalld.service(5).
2953
2954           setProtocols(as: protocols) → Nothing
2955               Permanently set protocols of service to list of protocols. See
2956               protocol tag in firewalld.service(5).
2957
2958           setShort(s: short) → Nothing
2959               Permanently set name of service to short. See short tag in
2960               firewalld.service(5).
2961
2962           setSourcePorts(a(ss): ports) → Nothing
2963               Permanently set source-ports of service to list of (port,
2964               protocol). See source-port tag in firewalld.service(5).
2965
2966           setVersion(s: version) → Nothing
2967               Permanently set version of service to version. See version
2968               attribute of service tag in firewalld.service(5).
2969
2970           update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2971               Update settings of service to settings. Settings are in format:
2972               version, name, description, array of ports (port, protocol),
2973               array of module names, dictionary of destinations, array of
2974               protocols and array of source-ports (port, protocol).
2975
2976               version (s): see version attribute of service tag in
2977               firewalld.service(5).
2978
2979               name (s): see short tag in firewalld.service(5).
2980
2981               description (s): see description tag in firewalld.service(5).
2982
2983               ports (a(ss)): array of port and protocol pairs. See port tag
2984               in firewalld.service(5).
2985
2986               module names (as): array of kernel netfilter helpers, see
2987               module tag in firewalld.service(5).
2988
2989               destinations (a{ss}): dictionary of {IP family : IP address}
2990               where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2991               destination tag in firewalld.service(5).
2992
2993               protocols (as): array of protocols. See protocol tag in
2994               firewalld.service(5).
2995
2996               Possible errors: INVALID_TYPE
2997
2998       Signals
2999           Removed(s: name)
3000               Emitted when service with name has been removed.
3001
3002           Renamed(s: name)
3003               Emitted when service has been renamed to name.
3004
3005           Updated(s: name)
3006               Emitted when service with name has been updated.
3007
3008       Properties
3009           builtin - b - (ro)
3010               True if service is build-in, false else.
3011
3012           default - b - (ro)
3013               True if build-in service has default settings. False if it has
3014               been modified. Always False for not build-in services.
3015
3016           filename - s - (ro)
3017               Name (including .xml extension) of file where the configuration
3018               is stored.
3019
3020           name - s - (ro)
3021               Name of service.
3022
3023           path - s - (ro)
3024               Path to directory where the configuration is stored. Should be
3025               either /usr/lib/firewalld/services or /etc/firewalld/services.
3026
3027   org.fedoraproject.FirewallD1.config.helper
3028       Interface for permanent helper configuration, see also
3029       firewalld.helper(5).
3030
3031       Methods
3032           addPort(s: port, s: protocol) → Nothing
3033               Permanently add (port, protocol) to list of ports in helper.
3034               See port tag in firewalld.helper(5).
3035
3036               Possible errors: ALREADY_ENABLED
3037
3038           getDescription() → s
3039               Get description of helper. See description tag in
3040               firewalld.helper(5).
3041
3042           getFamily() → s
3043               Get family being 'ipv4', 'ipv6' or empty for both. See family
3044               tag in firewalld.helper(5).
3045
3046           getModule() → s
3047               Get modules (netfilter kernel helpers) used in helper. See
3048               module tag in firewalld.helper(5).
3049
3050           getPorts() → a(ss)
3051               Get list of (port, protocol) defined in helper. See port tag in
3052               firewalld.helper(5).
3053
3054           getSettings() → (sssssa(ss))
3055               Return permanent settings of a helper. For getting runtime
3056               settings see
3057               org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3058               Settings are in format: version, name, description, family,
3059               module, array of ports (port, protocol).
3060
3061               version (s): see version attribute of helper tag in
3062               firewalld.helper(5).
3063
3064               name (s): see short tag in firewalld.helper(5).
3065
3066               description (s): see description tag in firewalld.helper(5).
3067
3068               family (s): see family tag in firewalld.helper(5).
3069
3070               module (s): see module tag in firewalld.helper(5).
3071
3072               ports (a(ss)): array of port and protocol pairs. See port tag
3073               in firewalld.helper(5).
3074
3075
3076           getShort() → s
3077               Get name of helper. See short tag in firewalld.helper(5).
3078
3079           getVersion() → s
3080               Get version of helper. See version attribute of helper tag in
3081               firewalld.helper(5).
3082
3083           loadDefaults() → Nothing
3084               Load default settings for built-in helper.
3085
3086               Possible errors: NO_DEFAULTS
3087
3088           queryFamily(s: module) → b
3089               Return whether family is set for helper. See family tag in
3090               firewalld.helper(5).
3091
3092           queryModule(s: module) → b
3093               Return whether module (netfilter kernel helpers) is used in
3094               helper. See module tag in firewalld.helper(5).
3095
3096           queryPort(s: port, s: protocol) → b
3097               Return whether (port, protocol) is in list of ports in helper.
3098               See port tag in firewalld.helper(5).
3099
3100           remove() → Nothing
3101               Remove not built-in helper.
3102
3103               Possible errors: BUILTIN_HELPER
3104
3105           removePort(s: port, s: protocol) → Nothing
3106               Permanently remove (port, protocol) from list of ports in
3107               helper. See port tag in firewalld.helper(5).
3108
3109               Possible errors: NOT_ENABLED
3110
3111           rename(s: name) → Nothing
3112               Rename not built-in helper to name.
3113
3114               Possible errors: BUILTIN_HELPER
3115
3116           setDescription(s: description) → Nothing
3117               Permanently set description of helper to description. See
3118               description tag in firewalld.helper(5).
3119
3120           setFamily(s: family) → Nothing
3121               Permanently set family of helper to family. See family tag in
3122               firewalld.helper(5).
3123
3124           setModule(s: module) → Nothing
3125               Permanently set module of helper to description. See module tag
3126               in firewalld.helper(5).
3127
3128           setPorts(a(ss): ports) → Nothing
3129               Permanently set ports of helper to list of (port, protocol).
3130               See port tag in firewalld.helper(5).
3131
3132           setShort(s: short) → Nothing
3133               Permanently set name of helper to short. See short tag in
3134               firewalld.helper(5).
3135
3136           setVersion(s: version) → Nothing
3137               Permanently set version of helper to version. See version
3138               attribute of helper tag in firewalld.helper(5).
3139
3140           update((sssssa(ss)): settings) → Nothing
3141               Update settings of helper to settings. Settings are in format:
3142               version, name, description, family, module and array of ports.
3143
3144               version (s): see version attribute of helper tag in
3145               firewalld.helper(5).
3146
3147               name (s): see short tag in firewalld.helper(5).
3148
3149               description (s): see description tag in firewalld.helper(5).
3150
3151               family (s): see family tag in firewalld.helper(5).
3152
3153               module (s): see module tag in firewalld.helper(5).
3154
3155               ports (a(ss)): array of port and protocol pairs. See port tag
3156               in firewalld.helper(5).
3157
3158               Possible errors: INVALID_HELPER
3159
3160       Signals
3161           Removed(s: name)
3162               Emitted when helper with name has been removed.
3163
3164           Renamed(s: name)
3165               Emitted when helper has been renamed to name.
3166
3167           Updated(s: name)
3168               Emitted when helper with name has been updated.
3169
3170       Properties
3171           builtin - b - (ro)
3172               True if helper is build-in, false else.
3173
3174           default - b - (ro)
3175               True if build-in helper has default settings. False if it has
3176               been modified. Always False for not build-in helpers.
3177
3178           filename - s - (ro)
3179               Name (including .xml extension) of file where the configuration
3180               is stored.
3181
3182           name - s - (ro)
3183               Name of helper.
3184
3185           path - s - (ro)
3186               Path to directory where the configuration is stored. Should be
3187               either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3188
3189   org.fedoraproject.FirewallD1.config.icmptype
3190       Interface for permanent icmp type configuration, see also
3191       firewalld.icmptype(5).
3192
3193       Methods
3194           addDestination(s: destination) → Nothing
3195               Permanently add a destination ('ipv4' or 'ipv6') to list of
3196               destinations of this icmp type. See destination tag in
3197               firewalld.icmptype(5).
3198
3199               Possible errors: ALREADY_ENABLED
3200
3201           getDescription() → s
3202               Get description of icmp type. See description tag in
3203               firewalld.icmptype(5).
3204
3205           getDestinations() → as
3206               Get list of destinations. See destination tag in
3207               firewalld.icmptype(5).
3208
3209           getSettings() → (sssas)
3210               Return permanent settings of icmp type. For getting runtime
3211               settings see
3212               org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3213               Settings are in format: version, name, description, array of
3214               destinations.
3215
3216               version (s): see version attribute of icmptype tag in
3217               firewalld.icmptype(5).
3218
3219               name (s): see short tag in firewalld.icmptype(5).
3220
3221               description (s): see description tag in firewalld.icmptype(5).
3222
3223               destinations (as): array, either empty or containing strings
3224               'ipv4' and/or 'ipv6', see destination tag in
3225               firewalld.icmptype(5).
3226
3227
3228           getShort() → s
3229               Get name of icmp type. See short tag in firewalld.icmptype(5).
3230
3231           getVersion() → s
3232               Get version of icmp type. See version attribute of icmptype tag
3233               in firewalld.icmptype(5).
3234
3235           loadDefaults() → Nothing
3236               Load default settings for built-in icmp type.
3237
3238               Possible errors: NO_DEFAULTS
3239
3240           queryDestination(s: destination) → b
3241               Return whether a destination ('ipv4' or 'ipv6') is in list of
3242               destinations of this icmp type. See destination tag in
3243               firewalld.icmptype(5).
3244
3245           remove() → Nothing
3246               Remove not built-in icmp type.
3247
3248               Possible errors: BUILTIN_ICMPTYPE
3249
3250           removeDestination(s: destination) → Nothing
3251               Permanently remove a destination ('ipv4' or 'ipv6') from list
3252               of destinations of this icmp type. See destination tag in
3253               firewalld.icmptype(5).
3254
3255               Possible errors: NOT_ENABLED
3256
3257           rename(s: name) → Nothing
3258               Rename not built-in icmp type to name.
3259
3260               Possible errors: BUILTIN_ICMPTYPE
3261
3262           setDescription(s: description) → Nothing
3263               Permanently set description of icmp type to description. See
3264               description tag in firewalld.icmptype(5).
3265
3266           setDestinations(as: destinations) → Nothing
3267               Permanently set destinations of icmp type to destinations,
3268               which is array, either empty or containing strings 'ipv4'
3269               and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3270
3271           setShort(s: short) → Nothing
3272               Permanently set name of icmp type to short. See short tag in
3273               firewalld.icmptype(5).
3274
3275           setVersion(s: version) → Nothing
3276               Permanently set version of icmp type to version. See version
3277               attribute of icmptype tag in firewalld.icmptype(5).
3278
3279           update((sssas): settings) → Nothing
3280               Update permanent settings of icmp type to settings. Settings
3281               are in format: version, name, description, array of
3282               destinations.
3283
3284               version (s): see version attribute of icmptype tag in
3285               firewalld.icmptype(5).
3286
3287               name (s): see short tag in firewalld.icmptype(5).
3288
3289               description (s): see description tag in firewalld.icmptype(5).
3290
3291               destinations (as): array, either empty or containing strings
3292               'ipv4' and/or 'ipv6', see destination tag in
3293               firewalld.icmptype(5).
3294
3295
3296       Signals
3297           Removed(s: name)
3298               Emitted when icmp type with name has been removed.
3299
3300           Renamed(s: name)
3301               Emitted when icmp type has been renamed to name.
3302
3303           Updated(s: name)
3304               Emitted when icmp type with name has been updated.
3305
3306       Properties
3307           builtin - b - (ro)
3308               True if icmptype is build-in, false else.
3309
3310           default - b - (ro)
3311               True if build-in icmp type has default settings. False if it
3312               has been modified. Always False for not build-in zones.
3313
3314           filename - s - (ro)
3315               Name (including .xml extension) of file where the configuration
3316               is stored.
3317
3318           name - s - (ro)
3319               Name of icmp type.
3320
3321           path - s - (ro)
3322               Path to directory where the icmp type configuration is stored.
3323               Should be either /usr/lib/firewalld/icmptypes or
3324               /etc/firewalld/icmptypes.
3325

SEE ALSO

3327       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3328       firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3329       firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3330       offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3331       firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3332       firewalld.helper(5)
3333

NOTES

3335       firewalld home page:
3336           http://firewalld.org
3337
3338       More documentation with examples:
3339           http://fedoraproject.org/wiki/FirewallD
3340

AUTHORS

3342       Thomas Woerner <twoerner@redhat.com>
3343           Developer
3344
3345       Jiri Popelka <jpopelka@redhat.com>
3346           Developer
3347
3348
3349
3350firewalld 0.6.3                                              FIREWALLD.DBUS(5)
Impressum