1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
3
4
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11
12 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21
22 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29
30 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35
36 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41
42 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47
48 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
54
55
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61
62 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67
68 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75
76 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80
81 Possible errors: NOT_ENABLED, COMMAND_FAILED
82
83 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87
88 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89
90 getAutomaticHelpers() → s
91 Return the AutomaticHelpers value. For the secure use of
92 iptables and connection tracking helpers it is recommended to
93 turn AutomaticHelpers off. But this might have side effects on
94 other services using the netfilter helpers as the sysctl
95 setting in /proc/sys/net/netfilter/nf_conntrack_helper will be
96 changed. With the system setting, the default value set in the
97 kernel or with sysctl will be used. Possible values are: yes,
98 no and system. The default value is system.
99
100 getDefaultZone() → s
101 Return default zone.
102
103 getHelperSettings(s: helper) → (sssssa(ss))
104 Return runtime settings of given helper. For getting permanent
105 settings see
106 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
107 Settings are in format: version, name, description, family,
108 module and array of ports.
109
110 version (s): see version attribute of helper tag in
111 firewalld.helper(5).
112
113 name (s): see short tag in firewalld.helper(5).
114
115 description (s): see description tag in firewalld.helper(5).
116
117 family (s): see family tag in firewalld.helper(5).
118
119 module (s): see module tag in firewalld.helper(5).
120
121 ports (a(ss)): array of port and protocol pairs. See port tag
122 in firewalld.helper(5).
123
124 Possible errors: INVALID_HELPER
125
126 getHelpers() → as
127 Return array of helper names (s) in runtime configuration. For
128 permanent configuration see
129 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
130
131 getIcmpTypeSettings(s: icmptype) → (sssas)
132 Return runtime settings of given icmptype. For getting
133 permanent settings see
134 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
135 Settings are in format: version, name, description, array of
136 destinations.
137
138 version (s): see version attribute of icmptype tag in
139 firewalld.icmptype(5).
140
141 name (s): see short tag in firewalld.icmptype(5).
142
143 description (s): see description tag in firewalld.icmptype(5).
144
145 destinations (as): array, either empty or containing strings
146 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
147
148 Possible errors: INVALID_ICMPTYPE
149
150 getLogDenied() → s
151 Retruns the LogDenied value. If LogDenied is enabled, then
152 logging rules are added right before reject and drop rules in
153 the INPUT, FORWARD and OUTPUT chains for the default rules and
154 also final reject and drop rules in zones. Possible values are:
155 all, unicast, broadcast, multicast and off. The default value
156 is off
157
158 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
159 Return runtime settings of given service. For getting permanent
160 settings see
161 org.fedoraproject.FirewallD1.config.service.Methods.getSettings.
162 Settings are in format: version, name, description, array of
163 ports (port, protocol), array of module names, dictionary of
164 destinations, array of protocols and array of source-ports
165 (port, protocol).
166
167 version (s): see version attribute of service tag in
168 firewalld.service(5).
169
170 name (s): see short tag in firewalld.service(5).
171
172 description (s): see description tag in firewalld.service(5).
173
174 ports (a(ss)): array of port and protocol pairs. See port tag
175 in firewalld.service(5).
176
177 module names (as): array of kernel netfilter helpers, see
178 module tag in firewalld.service(5).
179
180 destinations (a{ss}): dictionary of {IP family : IP address}
181 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
182 destination tag in firewalld.service(5).
183
184 protocols (as): array of protocols, see protocol tag in
185 firewalld.service(5).
186
187 source-ports (a(ss)): array of port and protocol pairs. See
188 source-port tag in firewalld.service(5).
189
190 Possible errors: INVALID_SERVICE
191
192 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
193 Return runtime settings of given zone. For getting permanent
194 settings see
195 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
196 Settings are in format: version, name, description, UNUSED,
197 target, array of services, array of ports (port, protocol),
198 array of icmp-blocks, masquerade, array of forward-ports (port,
199 protocol, to-port, to-addr), array of interfaces, array of
200 sources, array of rich rules, array of protocols and array of
201 source-ports (port, protocol).
202
203 version (s): see version attribute of zone tag in
204 firewalld.zone(5).
205
206 name (s): see short tag in firewalld.zone(5).
207
208 description (s): see description tag in firewalld.zone(5).
209
210 UNUSED (b): this boolean value is no longer used for anything.
211
212 target (s): see target attribute of zone tag in
213 firewalld.zone(5).
214
215 services (as): array of service names, see service tag in
216 firewalld.zone(5).
217
218 ports (a(ss)): array of port and protocol pairs. See port tag
219 in firewalld.zone(5).
220
221 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
222 firewalld.zone(5).
223
224 masquerade (b): see masquerade tag in firewalld.zone(5).
225
226 forward-ports (a(ssss)): array of (port, protocol, to-port,
227 to-addr). See forward-port tag in firewalld.zone(5).
228
229 interfaces (as): array of interfaces. See interface tag in
230 firewalld.zone(5).
231
232 source addresses (as): array of source addresses. See source
233 tag in firewalld.zone(5).
234
235 rich rules (as): array of rich-language rules. See rule tag in
236 firewalld.zone(5).
237
238 protocols (as): array of protocols, see protocol tag in
239 firewalld.zone(5).
240
241 source-ports (a(ss)): array of port and protocol pairs. See
242 source-port tag in firewalld.zone(5).
243
244 Possible errors: INVALID_ZONE
245
246 listIcmpTypes() → as
247 Return array of names (s) of icmp types in runtime
248 configuration. For permanent configuration see
249 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
250
251 listServices() → as
252 Return array of service names (s) in runtime configuration. For
253 permanent configuration see
254 org.fedoraproject.FirewallD1.config.Methods.listServices.
255
256 queryPanicMode() → b
257 Return true if panic mode is enabled, false otherwise. In panic
258 mode all incoming and outgoing packets are dropped.
259
260 reload() → Nothing
261 Reload firewall rules and keep state information. Current
262 permanent configuration will become new runtime configuration,
263 i.e. all runtime only changes done until reload are lost with
264 reload if they have not been also in permanent configuration.
265
266 runtimeToPermanent() → Nothing
267 Make runtime settings permanent. Replaces permanent settings
268 with runtime settings for zones, services, icmptypes, direct
269 and policies (lockdown whitelist).
270
271 Possible errors: RT_TO_PERM_FAILED
272
273 checkPermanentConfig() → Nothing
274 Run checks on the permanent configuration. This is most useful
275 if changes were made manually to configuration files.
276
277 Possible errors: any
278
279 setDefaultZone(s: zone) → Nothing
280 Set default zone for connections and interfaces where no zone
281 has been selected to zone. Setting the default zone changes the
282 zone for the connections or interfaces, that are using the
283 default zone. This is a runtime and permanent change.
284
285 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
286
287 setLogDenied(s: value) → Nothing
288 Set LogDenied value to value. If LogDenied is enabled, then
289 logging rules are added right before reject and drop rules in
290 the INPUT, FORWARD and OUTPUT chains for the default rules and
291 also final reject and drop rules in zones. Possible values are:
292 all, unicast, broadcast, multicast and off. The default value
293 is off This is a runtime and permanent change.
294
295 Possible errors: ALREADY_SET, INVALID_VALUE
296
297 Signals
298 DefaultZoneChanged(s: zone)
299 Emitted when default zone has been changed to zone.
300
301 LogDeniedChanged(s: value)
302 Emitted when LogDenied value has been changed.
303
304 PanicModeDisabled()
305 Emitted when panic mode has been deactivated.
306
307 PanicModeEnabled()
308 Emitted when panic mode has been activated.
309
310 Reloaded()
311 Emitted when firewalld has been reloaded. Also emitted for a
312 complete reload.
313
314 Properties
315 BRIDGE - b - (ro)
316 Indicates whether the firewall has ethernet bridge support.
317
318 IPSet - b - (ro)
319 Indicates whether the firewall has IPSet support.
320
321 IPSetTypes - as - (ro)
322 The supported IPSet types by ipset and firewalld.
323
324 IPv4 - b - (ro)
325 Indicates whether the firewall has IPv4 support.
326
327 IPv4ICMPTypes - as - (ro)
328 The list of supported IPv4 ICMP types.
329
330 IPv6 - b - (ro)
331 Indicates whether the firewall has IPv6 support.
332
333 IPv6_rpfilter - b - (ro)
334 Indicates whether the reverse path filter test on a packet for
335 IPv6 is enabled. If a reply to the packet would be sent via the
336 same interface that the packet arrived on, the packet will
337 match and be accepted, otherwise dropped.
338
339 IPv6ICMPTypes - as - (ro)
340 The list of supported IPv6 ICMP types.
341
342 nf_conntrach_helper_setting - b - (ro)
343 Kernel nf_conntrack_helper setting.
344
345 nf_conntrack_helpers - a{sas} - (ro)
346 The list of conntrack helpers supported by the kernel.
347
348 nf_nat_helpers - a{sas} - (ro)
349 The list of nat helpers supported by the kernel.
350
351 interface_version - s - (ro)
352 firewalld D-Bus interface version string.
353
354 state - s - (ro)
355 firewalld state. This can be either INIT, FAILED, or RUNNING.
356 In INIT state, firewalld is starting up and initializing. In
357 FAILED state, firewalld completely started but experienced a
358 failure.
359
360 version - s - (ro)
361 firewalld version string.
362
363 org.fedoraproject.FirewallD1.ipset
364 Operations in this interface allows to get, add, remove and query
365 runtime ipset settings. For permanent configuration see
366 org.fedoraproject.FirewallD1.config.ipset interface.
367
368 Methods
369 addEntry(s: ipset, s: entry) → as
370 Add a new entry to ipset. The entry must match the type of the
371 ipset. If the ipset is using the timeout option, it is not
372 possible to see the entries, as they are timing out
373 automatically in the kernel. For permanent operation see
374 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
375
376 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
377
378 getEntries(s: ipset) → Nothing
379 Get all entries added to the ipset. If the ipset is using the
380 timeout option, it is not possible to see the entries, as they
381 are timing out automatically in the kernel. Return value is a
382 array of entry. For permanent operation see
383 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
384
385 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
386
387 getSettings(s: ipset) → (ssssa{ss}as)
388 Return runtime settings of given ipset. For getting permanent
389 settings see
390 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
391 Settings are in format: version, name, description, type,
392 dictionary of options and array of entries.
393
394 version (s): see version attribute of ipset tag in
395 firewalld.ipset(5).
396
397 name (s): see short tag in firewalld.ipset(5).
398
399 description (s): see description tag in firewalld.ipset(5).
400
401 type (s): see type attribute of ipset tag in
402 firewalld.ipset(5).
403
404 options (a{ss}): dictionary of {option : value} . See options
405 tag in firewalld.ipset(5).
406
407 entries (as): array of entries, see entry tag in
408 firewalld.ipset(5).
409
410 Possible errors: INVALID_IPSET
411
412 getIPSets() → as
413 Return array of ipset names (s) in runtime configuration. For
414 permanent configuration see
415 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
416
417 queryService(s: ipset, s: entry) → b
418 Return whether entry has been added to ipset. For permanent
419 operation see
420 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
421
422 Possible errors: INVALID_IPSET
423
424 queryService(s: ipset) → b
425 Return whether ipset is defined in runtime configuration.
426
427 removeEntry(s: ipset, s: entry) → as
428 Removes an entry from ipset. For permanent operation see
429 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
430
431 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
432
433 setEntries(as: entries) → Nothing
434 Permanently set list of entries to entries. For permanent
435 operation see
436 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
437 See entry tag in firewalld.ipset(5).
438
439 Signals
440 EntryAdded(s: ipset, s: entry)
441 Emitted when entry has been added to ipset.
442
443 EntryRemoved(s: ipset, s: entry)
444 Emitted when entry has been removed from ipset.
445
446 org.fedoraproject.FirewallD1.direct
447 This interface enables more direct access to the firewall. It enables
448 runtime manipulation with chains and rules. For permanent configuration
449 see org.fedoraproject.FirewallD1.config.direct interface.
450
451 Methods
452 addChain(s: ipv, s: table, s: chain) → Nothing
453 Add a new chain to table for ipv being either ipv4 (iptables)
454 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
455 other chain with this name already. There already exist basic
456 chains to use with direct methods, for example INPUT_direct
457 chain. These chains are jumped into before chains for zones,
458 i.e. every rule put into INPUT_direct will be checked before
459 rules in zones. For permanent operation see
460 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
461
462 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
463 COMMAND_FAILED
464
465 addPassthrough(s: ipv, as: args) → Nothing
466 Add a tracked passthrough rule with the arguments args for ipv
467 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
468 (ebtables). Valid commands in args are only -A/--append,
469 -I/--insert and -N/--new-chain. This method is (unlike
470 passthrough method) tracked, i.e. firewalld remembers it. It's
471 useful with
472 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
473 permanent operation see
474 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
475
476 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
477
478 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
479 Nothing
480 Add a rule with the arguments args to chain in table with
481 priority for ipv being either ipv4 (iptables) or ipv6
482 (ip6tables) or eb (ebtables). The priority is used to order
483 rules. Priority 0 means add rule on top of the chain, with a
484 higher priority the rule will be added further down. Rules with
485 the same priority are on the same level and the order of these
486 rules is not fixed and may change. If you want to make sure
487 that a rule will be added after another one, use a low priority
488 for the first and a higher for the following. For permanent
489 operation see
490 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
491
492 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
493 COMMAND_FAILED
494
495 getAllChains() → a(sss)
496 Get all chains added to all tables in format: ipv, table,
497 chain. This concerns only chains previously added with
498 addChain. Return value is a array of (ipv, table, chain). For
499 permanent operation see
500 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
501
502 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
503 (ebtables).
504
505 table (s): one of filter, mangle, nat, raw, security
506
507 chain (s): name of a chain.
508
509
510 getAllPassthroughs() → a(sas)
511 Get all tracked passthrough rules added in all ipv types in
512 format: ipv, rule. This concerns only rules previously added
513 with addPassthrough. Return value is a array of (ipv, array of
514 arguments). For permanent operation see
515 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
516
517 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
518 (ebtables).
519
520 arguments (as): array of commands, parameters and other
521 iptables/ip6tables/ebtables command line options.
522
523
524 getAllRules() → a(sssias)
525 Get all rules added to all chains in all tables in format: ipv,
526 table, chain, priority, rule. This concerns only rules
527 previously added with addRule. Return value is a array of (ipv,
528 table, chain, priority, array of arguments). For permanent
529 operation see
530 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
531
532 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
533 (ebtables).
534
535 table (s): one of filter, mangle, nat, raw, security
536
537 chain (s): name of a chain.
538
539 priority (i): used to order rules.
540
541 arguments (as): array of commands, parameters and other
542 iptables/ip6tables/ebtables command line options.
543
544
545 getChains(s: ipv, s: table) → as
546 Return an array of chains (s) added to table for ipv being
547 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
548 This concerns only chains previously added with addChain. For
549 permanent operation see
550 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
551
552 Possible errors: INVALID_IPV, INVALID_TABLE
553
554 getPassthroughs(s: ipv) → aas
555 Get tracked passthrough rules added in either ipv4 (iptables)
556 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
557 previously added with addPassthrough. Return value is a array
558 of (array of arguments). For permanent operation see
559 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
560
561 arguments (as): array of commands, parameters and other
562 iptables/ip6tables/ebtables command line options.
563
564
565 getRules(s: ipv, s: table, s: chain) → a(ias)
566 Get all rules added to chain in table for ipv being either ipv4
567 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
568 only rules previously added with addRule. Return value is a
569 array of (priority, array of arguments). For permanent
570 operation see
571 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
572
573 priority (i): used to order rules.
574
575 arguments (as): array of commands, parameters and other
576 iptables/ip6tables/ebtables command line options.
577
578 Possible errors: INVALID_IPV, INVALID_TABLE
579
580 passthrough(s: ipv, as: args) → s
581 Pass a command through to the firewall. ipv can be either ipv4
582 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
583 all iptables, ip6tables and ebtables command line arguments.
584 args can be all iptables, ip6tables and ebtables command line
585 arguments. This command is untracked, which means that
586 firewalld is not able to provide information about this command
587 later on.
588
589 Possible errors: COMMAND_FAILED
590
591 queryChain(s: ipv, s: table, s: chain) → b
592 Return whether a chain exists in table for ipv being either
593 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
594 concerns only chains previously added with addChain. For
595 permanent operation see
596 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
597
598 Possible errors: INVALID_IPV, INVALID_TABLE
599
600 queryPassthrough(s: ipv, as: args) → b
601 Return whether a tracked passthrough rule with the arguments
602 args exists for ipv being either ipv4 (iptables) or ipv6
603 (ip6tables) or eb (ebtables). This concerns only rules
604 previously added with addPassthrough. For permanent operation
605 see
606 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
607
608 Possible errors: INVALID_IPV
609
610 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
611 Return whether a rule with priority and the arguments args
612 exists in chain in table for ipv being either ipv4 (iptables)
613 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
614 previously added with addRule. For permanent operation see
615 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
616
617 Possible errors: INVALID_IPV, INVALID_TABLE
618
619 removeAllPassthroughs() → Nothing
620 Remove all passthrough rules previously added with
621 addPassthrough.
622
623 removeChain(s: ipv, s: table, s: chain) → Nothing
624 Remove a chain from table for ipv being either ipv4 (iptables)
625 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
626 added with addChain can be removed this way. For permanent
627 operation see
628 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
629
630 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
631 COMMAND_FAILED
632
633 removePassthrough(s: ipv, as: args) → Nothing
634 Remove a tracked passthrough rule with arguments args for ipv
635 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
636 (ebtables). Only rules previously added with addPassthrough can
637 be removed this way. For permanent operation see
638 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
639
640 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
641
642 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
643 Nothing
644 Remove a rule with priority and arguments args from chain in
645 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
646 or eb (ebtables). Only rules previously added with addRule can
647 be removed this way. For permanent operation see
648 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
649
650 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
651 COMMAND_FAILED
652
653 removeRules(s: ipv, s: table, s: chain) → Nothing
654 Remove all rules from chain in table for ipv being either ipv4
655 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
656 only rules previously added with addRule. For permanent
657 operation see
658 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
659
660 Possible errors: INVALID_IPV, INVALID_TABLE
661
662 Signals
663 ChainAdded(s: ipv, s: table, s: chain)
664 Emitted when chain has been added into table for ipv being
665 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
666
667 ChainRemoved(s: ipv, s: table, s: chain)
668 Emitted when chain has been removed from table for ipv being
669 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
670
671 PassthroughAdded(s: ipv, as: args)
672 Emitted when a tracked passthruogh rule with args has been
673 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
674 or eb (ebtables).
675
676 PassthroughRemoved(s: ipv, as: args)
677 Emitted when a tracked passthrough rule with args has been
678 removed for ipv being either ipv4 (iptables) or ipv6
679 (ip6tables) or eb (ebtables).
680
681 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
682 Emitted when a rule with args has been added to chain in table
683 with priority for ipv being either ipv4 (iptables) or ipv6
684 (ip6tables) or eb (ebtables).
685
686 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
687 Emitted when a rule with args has been removed from chain in
688 table with priority for ipv being either ipv4 (iptables) or
689 ipv6 (ip6tables) or eb (ebtables).
690
691 org.fedoraproject.FirewallD1.policies
692 Enables firewalld to be able to lock down configuration changes from
693 local applications. Local applications or services are able to change
694 the firewall configuration if they are running as root (example:
695 libvirt). With these operations administrator can lock the firewall
696 configuration so that either none or only applications that are in the
697 whitelist are able to request firewall changes. For permanent
698 configuration see org.fedoraproject.FirewallD1.config.policies
699 interface.
700
701 Methods
702 addLockdownWhitelistCommand(s: command) → Nothing
703 Add command to whitelist. See command option in
704 firewalld.lockdown-whitelist(5). For permanent operation see
705 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
706
707 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
708
709 addLockdownWhitelistContext(s: context) → Nothing
710 Add context to whitelist. See selinux option in
711 firewalld.lockdown-whitelist(5). For permanent operation see
712 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
713
714 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
715
716 addLockdownWhitelistUid(i: uid) → Nothing
717 Add user id uid to whitelist. See user option in
718 firewalld.lockdown-whitelist(5). For permanent operation see
719 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
720
721 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
722
723 addLockdownWhitelistUser(s: user) → Nothing
724 Add user name to whitelist. See user option in
725 firewalld.lockdown-whitelist(5). For permanent operation see
726 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
727
728 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
729
730 disableLockdown() → Nothing
731 Disable lockdown. This is a runtime and permanent change.
732
733 Possible errors: NOT_ENABLED
734
735 enableLockdown() → Nothing
736 Enable lockdown. Be careful - if the calling application/user
737 is not on lockdown whitelist when you enable lockdown you won't
738 be able to disable it again with the application, you would
739 need to edit firewalld.conf. This is a runtime and permanent
740 change.
741
742 Possible errors: ALREADY_ENABLED
743
744 getLockdownWhitelistCommands() → as
745 List all command lines (s) that are on whitelist. For permanent
746 operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
748
749 getLockdownWhitelistContexts() → as
750 List all contexts (s) that are on whitelist. For permanent
751 operation see
752 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
753
754 getLockdownWhitelistUids() → ai
755 List all user ids (i) that are on whitelist. For permanent
756 operation see
757 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
758
759 getLockdownWhitelistUsers() → as
760 List all users (s) that are on whitelist. For permanent
761 operation see
762 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
763
764 queryLockdown() → b
765 Query whether lockdown is enabled.
766
767 queryLockdownWhitelistCommand(s: command) → b
768 Query whether command is on whitelist. For permanent operation
769 see
770 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
771
772 queryLockdownWhitelistContext(s: context) → b
773 Query whether context is on whitelist. For permanent operation
774 see
775 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
776
777 queryLockdownWhitelistUid(i: uid) → b
778 Query whether user id uid is on whitelist. For permanent
779 operation see
780 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
781
782 queryLockdownWhitelistUser(s: user) → b
783 Query whether user is on whitelist. For permanent operation see
784 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
785
786 removeLockdownWhitelistCommand(s: command) → Nothing
787 Remove command from whitelist. For permanent operation see
788 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
789
790 Possible errors: NOT_ENABLED
791
792 removeLockdownWhitelistContext(s: context) → Nothing
793 Remove context from whitelist. For permanent operation see
794 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
795
796 Possible errors: NOT_ENABLED
797
798 removeLockdownWhitelistUid(i: uid) → Nothing
799 Remove user id uid from whitelist. For permanent operation see
800 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
801
802 Possible errors: NOT_ENABLED
803
804 removeLockdownWhitelistUser(s: user) → Nothing
805 Remove user from whitelist. For permanent operation see
806 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
807
808 Possible errors: NOT_ENABLED
809
810 Signals
811 LockdownDisabled()
812 Emitted when lockdown has been disabled.
813
814 LockdownEnabled()
815 Emitted when lockdown has been enabled.
816
817 LockdownWhitelistCommandAdded(s: command)
818 Emitted when command has been added to whitelist.
819
820 LockdownWhitelistCommandRemoved(s: command)
821 Emitted when command has been removed from whitelist.
822
823 LockdownWhitelistContextAdded(s: context)
824 Emitted when context has been added to whitelist.
825
826 LockdownWhitelistContextRemoved(s: context)
827 Emitted when context has been removed from whitelist.
828
829 LockdownWhitelistUidAdded(i: uid)
830 Emitted when user id uid has been added to whitelist.
831
832 LockdownWhitelistUidRemoved(i: uid)
833 Emitted when user id uid has been removed from whitelist.
834
835 LockdownWhitelistUserAdded(s: user)
836 Emitted when user has been added to whitelist.
837
838 LockdownWhitelistUserRemoved(s: user)
839 Emitted when user has been removed from whitelist.
840
841 org.fedoraproject.FirewallD1.zone
842 Operations in this interface allows to get, add, remove and query
843 runtime zone's settings. For permanent settings see
844 org.fedoraproject.FirewallD1.config.zone interface.
845
846 Methods
847 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
848 i: timeout) → s
849 Add the IPv4 forward port into zone. If zone is empty, use
850 default zone. The port can either be a single port number
851 portid or a port range portid-portid. The protocol can either
852 be tcp or udp. The destination address is a simple IP address.
853 If timeout is non-zero, the operation will be active only for
854 the amount of seconds. For permanent settings see
855 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
856
857 Returns name of zone to which the forward port was added.
858
859 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
860 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
861 ALREADY_ENABLED, INVALID_COMMAND
862
863 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
864 Add an ICMP block icmp into zone. The icmp is the one of the
865 icmp types firewalld supports. To get a listing of supported
866 icmp types use
867 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
868 empty, use default zone. If timeout is non-zero, the operation
869 will be active only for the amount of seconds. For permanent
870 settings see
871 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
872
873 Returns name of zone to which the ICMP block was added.
874
875 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
876 ALREADY_ENABLED, INVALID_COMMAND
877
878 addIcmpBlockInversion(s: zone) → s
879 Add ICMP block inversion to zone. If zone is empty, use default
880 zone. For permanent settings see
881 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
882
883 Returns name of zone to which the ICMP block inversion was
884 added.
885
886 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
887
888 addInterface(s: zone, s: interface) → s
889 Bind interface with zone. From now on all traffic going through
890 the interface will respect the zone's settings. If zone is
891 empty, use default zone. For permanent settings see
892 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
893
894 Returns name of zone to which the interface was bound.
895
896 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
897 ALREADY_ENABLED, INVALID_COMMAND
898
899 addMasquerade(s: zone, i: timeout) → s
900 Enable masquerade in zone. If zone is empty, use default zone.
901 If timeout is non-zero, masquerading will be active for the
902 amount of seconds. For permanent settings see
903 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
904
905 Returns name of zone in which the masquerade was enabled.
906
907 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
908
909 addPort(s: zone, s: port, s: protocol, i: timeout) → s
910 Add port into zone. If zone is empty, use default zone. The
911 port can either be a single port number or a port range
912 portid-portid. The protocol can either be tcp or udp. If
913 timeout is non-zero, the operation will be active only for the
914 amount of seconds. For permanent settings see
915 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
916
917 Returns name of zone to which the port was added.
918
919 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
920 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
921
922 addProtocol(s: zone, s: protocol, i: timeout) → s
923 Add protocol into zone. If zone is empty, use default zone. The
924 protocol can be any protocol supported by the system. Please
925 have a look at /etc/protocols for supported protocols. If
926 timeout is non-zero, the operation will be active only for the
927 amount of seconds. For permanent settings see
928 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
929
930 Returns name of zone to which the protocol was added.
931
932 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
933 ALREADY_ENABLED, INVALID_COMMAND
934
935 addRichRule(s: zone, s: rule, i: timeout) → s
936 Add rich language rule into zone. For the rich language rule
937 syntax, please have a look at firewalld.direct(5). If zone is
938 empty, use default zone. If timeout is non-zero, the operation
939 will be active only for the amount of seconds. For permanent
940 settings see
941 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
942
943 Returns name of zone to which the rich language rule was added.
944
945 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
946 INVALID_COMMAND
947
948 addService(s: zone, s: service, i: timeout) → s
949 Add service into zone. If zone is empty, use default zone. If
950 timeout is non-zero, the operation will be active only for the
951 amount of seconds. To get a list of supported services, use
952 org.fedoraproject.FirewallD1.Methods.listServices. For
953 permanent settings see
954 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
955
956 Returns name of zone to which the service was added.
957
958 Possible errors: INVALID_ZONE, INVALID_SERVICE,
959 ALREADY_ENABLED, INVALID_COMMAND
960
961 addSource(s: zone, s: source) → s
962 Bind source with zone. From now on all traffic going from this
963 source will respect the zone's settings. A source address or
964 address range is either an IP address or a network IP address
965 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
966 network mask or a plain number. For IPv6 the mask is a plain
967 number. Use of host names is not supported. If zone is empty,
968 use default zone. For permanent settings see
969 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
970
971 Returns name of zone to which the source was bound.
972
973 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
974 INVALID_COMMAND
975
976 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
977 Add source port into zone. If zone is empty, use default zone.
978 The port can either be a single port number or a port range
979 portid-portid. The protocol can either be tcp or udp. If
980 timeout is non-zero, the operation will be active only for the
981 amount of seconds. For permanent settings see
982 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
983
984 Returns name of zone to which the port was added.
985
986 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
987 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
988
989 changeZone(s: zone, s: interface) → s
990 This function is deprecated, use
991 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
992 instead.
993
994 changeZoneOfInterface(s: zone, s: interface) → s
995 Change a zone an interface is bound to to zone. It's basically
996 removeInterface(interface) followed by addInterface(zone,
997 interface). If interface has not been bound to a zone before,
998 it behaves like addInterface. If zone is empty, use default
999 zone.
1000
1001 Returns name of zone to which the interface was bound.
1002
1003 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1004
1005 changeZoneOfSource(s: zone, s: source) → s
1006 Change a zone an source is bound to to zone. It's basically
1007 removeSource(source) followed by addSource(zone, source). If
1008 source has not been bound to a zone before, it behaves like
1009 addSource. If zone is empty, use default zone.
1010
1011 Returns name of zone to which the source was bound.
1012
1013 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1014
1015 getActiveZones() → a{sa{sas}}
1016 Return dictionary of currently active zones altogether with
1017 interfaces and sources used in these zones. Active zones are
1018 zones, that have a binding to an interface or source.
1019
1020 Return value is a dictionary where keys are zone names (s) and
1021 values are again dictionaries where keys are either
1022 'interfaces' or 'sources' and values are arrays of interface
1023 names (s) or sources (s).
1024
1025 getForwardPorts(s: zone) → aas
1026 Return array of IPv4 forward ports previously added into zone.
1027 If zone is empty, use default zone. For getting permanent
1028 settings see
1029 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1030
1031 Return value is array of 4-tuples, where each 4-tuple consists
1032 of (port, protocol, to-port, to-addr). to-addr might be empty
1033 in case of local forwarding.
1034
1035 Possible errors: INVALID_ZONE
1036
1037 getIcmpBlocks(s: zone) → as
1038 Return array of ICMP type (s) blocks previously added into
1039 zone. If zone is empty, use default zone. For getting permanent
1040 settings see
1041 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1042
1043 Possible errors: INVALID_ZONE
1044
1045 getIcmpBlockInversion(s: zone) → b
1046 Return whether ICMP block inversion was previously added to
1047 zone. If zone is empty, use default zone. For getting permanent
1048 settings see
1049 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1050
1051 Possible errors: INVALID_ZONE
1052
1053 getInterfaces(s: zone) → as
1054 Return array of interfaces (s) previously bound with zone. If
1055 zone is empty, use default zone. For getting permanent settings
1056 see
1057 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1058
1059 Possible errors: INVALID_ZONE
1060
1061 getPorts(s: zone) → aas
1062 Return array of ports (2-tuple of port and protocol) previously
1063 enabled in zone. If zone is empty, use default zone. For
1064 getting permanent settings see
1065 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1066
1067 Possible errors: INVALID_ZONE
1068
1069 getProtocols(s: zone) → as
1070 Return array of protocols (s) previously enabled in zone. If
1071 zone is empty, use default zone. For getting permanent settings
1072 see
1073 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1074
1075 Possible errors: INVALID_ZONE
1076
1077 getRichRules(s: zone) → as
1078 Return array of rich language rules (s) previously added into
1079 zone. If zone is empty, use default zone. For getting permanent
1080 settings see
1081 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1082
1083 Possible errors: INVALID_ZONE
1084
1085 getServices(s: zone) → as
1086 Return array of services (s) previously enabled in zone. If
1087 zone is empty, use default zone. For getting permanent settings
1088 see
1089 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1090
1091 Possible errors: INVALID_ZONE
1092
1093 getSourcePorts(s: zone) → aas
1094 Return array of source ports (2-tuple of port and protocol)
1095 previously enabled in zone. If zone is empty, use default zone.
1096 For getting permanent settings see
1097 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1098
1099 Possible errors: INVALID_ZONE
1100
1101 getSources(s: zone) → as
1102 Return array of sources (s) previously bound with zone. If zone
1103 is empty, use default zone. For getting permanent settings see
1104 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1105
1106 Possible errors: INVALID_ZONE
1107
1108 getZoneOfInterface(s: interface) → s
1109 Return name (s) of zone the interface is bound to or empty
1110 string.
1111
1112 getZoneOfSource(s: source) → s
1113 Return name (s) of zone the source is bound to or empty string.
1114
1115 getZones() → as
1116 Return array of names (s) of predefined zones known to current
1117 runtime environment. For list of zones known to permanent
1118 environment see
1119 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1120 lists (of zones known to runtime and permanent environment)
1121 will contain same zones in most cases, but might differ for
1122 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1123 has been called recently, but firewalld has not been reloaded
1124 since then.
1125
1126 isImmutable(s: zone) → b
1127 Deprecated.
1128
1129 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1130 toaddr) → b
1131 Return whether the IPv4 forward port (port, protocol, toport,
1132 toaddr) has been added into zone. If zone is empty, use default
1133 zone. For permanent operation see
1134 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1135
1136 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1137 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1138
1139 queryIcmpBlock(s: zone, s: icmp) → b
1140 Return whether an ICMP block for icmp has been added into zone.
1141 If zone is empty, use default zone. For permanent operation see
1142 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1143
1144 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1145
1146 queryIcmpBlockInversion(s: zone) → b
1147 Return whether ICMP block inversion has been added to zone. If
1148 zone is empty, use default zone. For permanent operation see
1149 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1150
1151 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1152
1153 queryInterface(s: zone, s: interface) → b
1154 Query whether interface has been bound to zone. If zone is
1155 empty, use default zone. For permanent operation see
1156 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1157
1158 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1159
1160 queryMasquerade(s: zone) → b
1161 Return whether masquerading has been enabled in zone If zone is
1162 empty, use default zone. For permanent operation see
1163 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1164
1165 Possible errors: INVALID_ZONE
1166
1167 queryPort(s: zone, s: port, s: protocol) → b
1168 Return whether port/protocol has been added in zone. If zone is
1169 empty, use default zone. For permanent operation see
1170 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1171
1172 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1173 INVALID_PROTOCOL
1174
1175 queryProtocol(s: zone, s: protocol) → b
1176 Return whether protocol has been added in zone. If zone is
1177 empty, use default zone. For permanent operation see
1178 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1179
1180 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1181
1182 queryRichRule(s: zone, s: rule) → b
1183 Return whether rich rule rule has been added in zone. If zone
1184 is empty, use default zone. For permanent operation see
1185 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1186
1187 Possible errors: INVALID_ZONE, INVALID_RULE
1188
1189 queryService(s: zone, s: service) → b
1190 Return whether service has been added for zone. If zone is
1191 empty, use default zone. For permanent operation see
1192 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1193
1194 Possible errors: INVALID_ZONE, INVALID_SERVICE
1195
1196 querySource(s: zone, s: source) → b
1197 Query whether sourcehas been bound to zone. If zone is empty,
1198 use default zone. For permanent operation see
1199 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1200
1201 Possible errors: INVALID_ZONE, INVALID_ADDR
1202
1203 querySourcePort(s: zone, s: port, s: protocol) → b
1204 Return whether port/protocol has been added in zone. If zone is
1205 empty, use default zone. For permanent operation see
1206 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1207
1208 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1209 INVALID_PROTOCOL
1210
1211 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1212 toaddr) → s
1213 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1214 from zone. If zone is empty, use default zone. For permanent
1215 operation see
1216 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1217
1218 Returns name of zone from which the forward port was removed.
1219
1220 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1221 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1222 INVALID_COMMAND
1223
1224 removeIcmpBlock(s: zone, s: icmp) → s
1225 Remove ICMP block icmp from zone. If zone is empty, use default
1226 zone. For permanent operation see
1227 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1228
1229 Returns name of zone from which the ICMP block was removed.
1230
1231 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1232 INVALID_COMMAND
1233
1234 removeIcmpBlockInversion(s: zone) → s
1235 Remove ICMP block inversion from zone. If zone is empty, use
1236 default zone. For permanent operation see
1237 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1238
1239 Returns name of zone from which the ICMP block inversion was
1240 removed.
1241
1242 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1243
1244 removeInterface(s: zone, s: interface) → s
1245 Remove binding of interface from zone. If zone is empty, the
1246 interface will be removed from zone it belongs to. For
1247 permanent operation see
1248 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1249
1250 Returns name of zone from which the interface was removed.
1251
1252 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1253 INVALID_COMMAND
1254
1255 removeMasquerade(s: zone) → s
1256 Disable masquerade for zone. If zone is empty, use default
1257 zone. For permanent operation see
1258 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1259
1260 Returns name of zone for which the masquerade was disabled.
1261
1262 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1263
1264 removePort(s: zone, s: port, s: protocol) → s
1265 Remove port/protocol from zone. If zone is empty, use default
1266 zone. For permanent operation see
1267 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1268
1269 Returns name of zone from which the port was removed.
1270
1271 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1272 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1273
1274 removeProtocol(s: zone, s: protocol) → s
1275 Remove protocol from zone. If zone is empty, use default zone.
1276 For permanent operation see
1277 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1278
1279 Returns name of zone from which the protocol was removed.
1280
1281 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1282 INVALID_COMMAND
1283
1284 removeRichRule(s: zone, s: rule) → s
1285 Remove rich language rule from zone. If zone is empty, use
1286 default zone. For permanent operation see
1287 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1288
1289 Returns name of zone from which the rich language rule was
1290 removed.
1291
1292 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1293 INVALID_COMMAND
1294
1295 removeService(s: zone, s: service) → s
1296 Remove service from zone. If zone is empty, use default zone.
1297 For permanent operation see
1298 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1299
1300 Returns name of zone from which the service was removed.
1301
1302 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1303 INVALID_COMMAND
1304
1305 removeSource(s: zone, s: source) → s
1306 Remove binding of source from zone. If zone is empty, the
1307 source will be removed from zone it belongs to. For permanent
1308 operation see
1309 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1310
1311 Returns name of zone from which the source was removed.
1312
1313 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1314 INVALID_COMMAND
1315
1316 removeSourcePort(s: zone, s: port, s: protocol) → s
1317 Remove port/protocol from zone. If zone is empty, use default
1318 zone. For permanent operation see
1319 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1320
1321 Returns name of zone from which the source port was removed.
1322
1323 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1324 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1325
1326 Signals
1327 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1328 toaddr, i: timeout)
1329 Emitted when forward port has been added to zone with timeout.
1330
1331 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1332 toaddr)
1333 Emitted when forward port has been removed from zone.
1334
1335 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1336 Emitted when ICMP block for icmp has been added to zone with
1337 timeout.
1338
1339 IcmpBlockInversionAdded(s: zone)
1340 Emitted when ICMP block inversion has been added to zone.
1341
1342 IcmpBlockInversionRemoved(s: zone)
1343 Emitted when ICMP block inversion has been removed from zone.
1344
1345 IcmpBlockRemoved(s: zone, s: icmp)
1346 Emitted when ICMP block for icmp has been removed from zone.
1347
1348 InterfaceAdded(s: zone, s: interface)
1349 Emitted when interface has been added to zone.
1350
1351 InterfaceRemoved(s: zone, s: interface)
1352 Emitted when interface has been removed from zone.
1353
1354 MasqueradeAdded(s: zone, i: timeout)
1355 Emitted when masquerade has been enabled for zone.
1356
1357 MasqueradeRemoved(s: zone)
1358 Emitted when masquerade has been disabled for zone.
1359
1360 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1361 Emitted when port/protocol has been added to zone with timeout.
1362
1363 PortRemoved(s: zone, s: port, s: protocol)
1364 Emitted when port/protocol has been removed from zone.
1365
1366 ProtocolAdded(s: zone, s: protocol, i: timeout)
1367 Emitted when protocol has been added to zone with timeout.
1368
1369 ProtocolRemoved(s: zone, s: protocol)
1370 Emitted when protocol has been removed from zone.
1371
1372 RichRuleAdded(s: zone, s: rule, i: timeout)
1373 Emitted when rich language rule has been added to zone with
1374 timeout.
1375
1376 RichRuleRemoved(s: zone, s: rule)
1377 Emitted when rich language rule has been removed from zone.
1378
1379 ServiceAdded(s: zone, s: service, i: timeout)
1380 Emitted when service has been added to zone with timeout.
1381
1382 ServiceRemoved(s: zone, s: service)
1383 Emitted when service has been removed from zone.
1384
1385 SourceAdded(s: zone, s: source)
1386 Emitted when source has been added to zone.
1387
1388 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1389 Emitted when source-port/protocol has been added to zone with
1390 timeout.
1391
1392 SourcePortRemoved(s: zone, s: port, s: protocol)
1393 Emitted when source-port/protocol has been removed from zone.
1394
1395 SourceRemoved(s: zone, s: source)
1396 Emitted when source has been removed from zone.
1397
1398 ZoneChanged(s: zone, s: interface)
1399 Deprecated
1400
1401 ZoneOfInterfaceChanged(s: zone, s: interface)
1402 Emitted when a zone an interface is part of has been changed to
1403 zone.
1404
1405 ZoneOfSourceChanged(s: zone, s: source)
1406 Emitted when a zone an source is part of has been changed to
1407 zone.
1408
1409 org.fedoraproject.FirewallD1.config
1410 Allows to permanently add, remove and query zones, services and icmp
1411 types.
1412
1413 Methods
1414 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1415 Add ipset with given settings into permanent configuration.
1416 Settings are in format: version, name, description, type,
1417 dictionary of options and array of entries.
1418
1419 version (s): see version attribute of ipset tag in
1420 firewalld.ipset(5).
1421
1422 name (s): see short tag in firewalld.ipset(5).
1423
1424 description (s): see description tag in firewalld.ipset(5).
1425
1426 type (s): see type attribute of ipset tag in
1427 firewalld.ipset(5).
1428
1429 options (a{ss}): dictionary of {option : value} . See options
1430 tag in firewalld.ipset(5).
1431
1432 entries (as): array of entries, see entry tag in
1433 firewalld.ipset(5).
1434
1435 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1436
1437 addIcmpType(s: icmptype, (sssas): settings) → o
1438 Add icmptype with given settings into permanent configuration.
1439 Settings are in format: version, name, description, array of
1440 destinations. Returns object path of the new icmp type.
1441
1442 version (s): see version attribute of icmptype tag in
1443 firewalld.icmptype(5).
1444
1445 name (s): see short tag in firewalld.icmptype(5).
1446
1447 description (s): see description tag in firewalld.icmptype(5).
1448
1449 destinations (as): array, either empty or containing strings
1450 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1451
1452 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1453
1454 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1455 Add service with given settings into permanent configuration.
1456 Settings are in format: version, name, description, array of
1457 ports (port, protocol), array of module names, dictionary of
1458 destinations, array of protocols and array of source-ports
1459 (port, protocol). Returns object path of the new icmp type.
1460
1461 version (s): see version attribute of service tag in
1462 firewalld.service(5).
1463
1464 name (s): see short tag in firewalld.service(5).
1465
1466 description (s): see description tag in firewalld.service(5).
1467
1468 ports (a(ss)): array of port and protocol pairs. See port tag
1469 in firewalld.service(5).
1470
1471 module names (as): array of kernel netfilter helpers, see
1472 module tag in firewalld.service(5).
1473
1474 destinations (a{ss}): dictionary of {IP family : IP address}
1475 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1476 destination tag in firewalld.service(5).
1477
1478 protocols (as): array of protocols. See protocol tag in
1479 firewalld.service(5).
1480
1481 source-ports (a(ss)): array of port and protocol pairs. See
1482 source-port tag in firewalld.service(5).
1483
1484 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1485
1486 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1487 o
1488 Add zone with given settings into permanent configuration.
1489 Settings are in format: version, name, description, UNUSED,
1490 target, array of services, array of ports (port, protocol),
1491 array of icmp-blocks, masquerade, array of forward-ports (port,
1492 protocol, to-port, to-addr), array of interfaces, array of
1493 sources, array of rich rules, array of protocols and array of
1494 source-ports (port, protocol).
1495
1496 version (s): see version attribute of zone tag in
1497 firewalld.zone(5).
1498
1499 name (s): see short tag in firewalld.zone(5).
1500
1501 description (s): see description tag in firewalld.zone(5).
1502
1503 UNUSED (b): this boolean value is no longer used for anything.
1504
1505 target (s): see target attribute of zone tag in
1506 firewalld.zone(5).
1507
1508 services (as): array of service names, see service tag in
1509 firewalld.zone(5).
1510
1511 ports (a(ss)): array of port and protocol pairs. See port tag
1512 in firewalld.zone(5).
1513
1514 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1515 firewalld.zone(5).
1516
1517 masquerade (b): see masquerade tag in firewalld.zone(5).
1518
1519 forward-ports (a(ssss)): array of (port, protocol, to-port,
1520 to-addr). See forward-port tag in firewalld.zone(5).
1521
1522 interfaces (as): array of interfaces. See interface tag in
1523 firewalld.zone(5).
1524
1525 source addresses (as): array of source addresses. See source
1526 tag in firewalld.zone(5).
1527
1528 rich rules (as): array of rich-language rules. See rule tag in
1529 firewalld.zone(5).
1530
1531 protocols (as): array of protocols. See protocol tag in
1532 firewalld.zone(5).
1533
1534 source-ports (a(ss)): array of port and protocol pairs. See
1535 source-port tag in firewalld.zone(5).
1536
1537 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1538
1539 getHelperByName(s: helper) → o
1540 Return object path (permanent configuration) of helper with
1541 given name.
1542
1543 Possible errors: INVALID_HELPER
1544
1545 getHelperNames() → as
1546 Return list of helper names (permanent configuration).
1547
1548 getIPSetByName(s: ipset) → o
1549 Return object path (permanent configuration) of ipset with
1550 given name.
1551
1552 Possible errors: INVALID_IPSET
1553
1554 getIPSetNames() → as
1555 Return list of ipset names (permanent configuration).
1556
1557 getIcmpTypeByName(s: icmptype) → o
1558 Return object path (permanent configuration) of icmptype with
1559 given name.
1560
1561 Possible errors: INVALID_ICMPTYPE
1562
1563 getIcmpTypeNames() → as
1564 Return list of icmptype names (permanent configuration).
1565
1566 getServiceByName(s: service) → o
1567 Return object path (permanent configuration) of service with
1568 given name.
1569
1570 Possible errors: INVALID_SERVICE
1571
1572 getServiceNames() → as
1573 Return list of service names (permanent configuration).
1574
1575 getZoneByName(s: zone) → o
1576 Return object path (permanent configuration) of zone with given
1577 name.
1578
1579 Possible errors: INVALID_ZONE
1580
1581 getZoneNames() → as
1582 Return list of zone names (permanent configuration) of.
1583
1584 getZoneOfInterface(s: iface) → s
1585 Return name of zone the iface is bound to or empty string.
1586
1587 getZoneOfSource(s: source) → s
1588 Return name of zone the source is bound to or empty string.
1589
1590 listHelpers() → ao
1591 Return array of object paths (o) of helper in permanent
1592 configuration. For runtime configuration see
1593 org.fedoraproject.FirewallD1.Methods.getHelpers.
1594
1595 listIPSets() → ao
1596 Return array of object paths (o) of ipset in permanent
1597 configuration. For runtime configuration see
1598 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1599
1600 listIcmpTypes() → ao
1601 Return array of object paths (o) of icmp types in permanent
1602 configuration. For runtime configuration see
1603 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1604
1605 listServices() → ao
1606 Return array of objects paths (o) of services in permanent
1607 configuration. For runtime configuration see
1608 org.fedoraproject.FirewallD1.Methods.listServices.
1609
1610 listZones() → ao
1611 List object paths of zones known to permanent environment. For
1612 list of zones known to runtime environment see
1613 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1614 (of zones known to runtime and permanent environment) will
1615 contain same zones in most cases, but might differ for example
1616 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1617 called recently, but firewalld has not been reloaded since
1618 then.
1619
1620 Signals
1621 HelperAdded(s: helper)
1622 Emitted when helper has been added.
1623
1624 IPSetAdded(s: ipset)
1625 Emitted when ipset has been added.
1626
1627 IcmpTypeAdded(s: icmptype)
1628 Emitted when icmptype has been added.
1629
1630 ServiceAdded(s: service)
1631 Emitted when service has been added.
1632
1633 ZoneAdded(s: zone)
1634 Emitted when zone has been added.
1635
1636 Properties
1637 AutomaticHelpers - s - (rw)
1638 Indicates whether automatic helper assignment in kernel should
1639 be used or not. With the system setting this is left to the
1640 kernel or system default.
1641
1642 CleanupOnExit - s - (rw)
1643 If firewalld stops, it cleans up all firewall rules. Setting
1644 this option to no or false leaves the current firewall rules
1645 untouched.
1646
1647 DefaultZone - s - (ro)
1648 Default zone for connections or interfaces if the zone is not
1649 selected or specified by NetworkManager, initscripts or command
1650 line tool.
1651
1652 FirewallBackend - s - (rw)
1653 Selects the firewalld backend for all rules except the direct
1654 interface. Valid options are; nftables, iptables. Default in
1655 nftables.
1656
1657 IPv6_rpfilter - s - (rw)
1658 Indicates whether the reverse path filter test on a packet for
1659 IPv6 is enabled. If a reply to the packet would be sent via the
1660 same interface that the packet arrived on, the packet will
1661 match and be accepted, otherwise dropped.
1662
1663 IndividualCalls - s - (ro)
1664 Indicates whether individual calls combined -restore calls are
1665 used. If enabled, this increases the time that is needed to
1666 apply changes and to start the daemon, but is good for
1667 debugging.
1668
1669 Lockdown - s - (rw)
1670 If this property is enabled, firewall changes with the D-Bus
1671 interface will be limited to applications that are listed in
1672 the lockdown whitelist.
1673
1674 LogDenied - s - (rw)
1675 If LogDenied is enabled, then logging rules are added right
1676 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1677 chains for the default rules and also final reject and drop
1678 rules in zones. Possible values are: all, unicast, broadcast,
1679 multicast and off.
1680
1681 MinimalMark - i - (rw)
1682 For some firewall settings several rules are needed in
1683 different tables to be able to handle packets in the correct
1684 way. To achieve that these packets are marked using the MARK
1685 target. With the MinimalMark property a block of marks can be
1686 reserved for private use; only marks over this value are used.
1687
1688 org.fedoraproject.FirewallD1.config.direct
1689 Interface for permanent direct configuration, see also
1690 firewalld.direct(5). For runtime direct configuration see
1691 org.fedoraproject.FirewallD1.direct interface.
1692
1693 Methods
1694 addChain(s: ipv, s: table, s: chain) → Nothing
1695 Add a new chain to table for ipv being either ipv4 (iptables)
1696 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1697 other chain with this name already. There already exist basic
1698 chains to use with direct methods, for example INPUT_direct
1699 chain. These chains are jumped into before chains for zones,
1700 i.e. every rule put into INPUT_direct will be checked before
1701 rules in zones. For runtime operation see
1702 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1703
1704 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1705
1706 addPassthrough(s: ipv, as: args) → Nothing
1707 Add a passthrough rule with the arguments args for ipv being
1708 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1709 For runtime operation see
1710 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1711
1712 Possible errors: INVALID_IPV, ALREADY_ENABLED
1713
1714 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1715 Nothing
1716 Add a rule with the arguments args to chain in table with
1717 priority for ipv being either ipv4 (iptables) or ipv6
1718 (ip6tables) or eb (ebtables). The priority is used to order
1719 rules. Priority 0 means add rule on top of the chain, with a
1720 higher priority the rule will be added further down. Rules with
1721 the same priority are on the same level and the order of these
1722 rules is not fixed and may change. If you want to make sure
1723 that a rule will be added after another one, use a low priority
1724 for the first and a higher for the following. For runtime
1725 operation see
1726 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1727
1728 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1729
1730 getAllChains() → a(sss)
1731 Get all chains added to all tables in format: ipv, table,
1732 chain. This concerns only chains previously added with
1733 addChain. Return value is a array of (ipv, table, chain). For
1734 runtime operation see
1735 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1736
1737 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1738 (ebtables).
1739
1740 table (s): one of filter, mangle, nat, raw, security
1741
1742 chain (s): name of a chain.
1743
1744
1745 getAllPassthroughs() → a(sas)
1746 Get all passthrough rules added in all ipv types in format:
1747 ipv, rule. This concerns only rules previously added with
1748 addPassthrough. Return value is a array of (ipv, array of
1749 arguments). For runtime operation see
1750 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1751
1752 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1753 (ebtables).
1754
1755 arguments (as): array of commands, parameters and other
1756 iptables/ip6tables/ebtables command line options.
1757
1758
1759 getAllRules() → a(sssias)
1760 Get all rules added to all chains in all tables in format: ipv,
1761 table, chain, priority, rule. This concerns only rules
1762 previously added with addRule. Return value is a array of (ipv,
1763 table, chain, priority, array of arguments). For runtime
1764 operation see
1765 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1766
1767 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1768 (ebtables).
1769
1770 table (s): one of filter, mangle, nat, raw, security
1771
1772 chain (s): name of a chain.
1773
1774 priority (i): used to order rules.
1775
1776 arguments (as): array of commands, parameters and other
1777 iptables/ip6tables/ebtables command line options.
1778
1779
1780 getChains(s: ipv, s: table) → as
1781 Return an array of chains (s) added to table for ipv being
1782 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1783 This concerns only chains previously added with addChain. For
1784 runtime operation see
1785 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1786
1787 Possible errors: INVALID_IPV, INVALID_TABLE
1788
1789 getPassthroughs(s: ipv) → aas
1790 Get tracked passthrough rules added in either ipv4 (iptables)
1791 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1792 previously added with addPassthrough. Return value is a array
1793 of (array of arguments). For runtime operation see
1794 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1795
1796 arguments (as): array of commands, parameters and other
1797 iptables/ip6tables/ebtables command line options.
1798
1799
1800 getRules(s: ipv, s: table, s: chain) → a(ias)
1801 Get all rules added to chain in table for ipv being either ipv4
1802 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1803 only rules previously added with addRule. Return value is a
1804 array of (priority, array of arguments). For runtime operation
1805 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1806
1807 priority (i): used to order rules.
1808
1809 arguments (as): array of commands, parameters and other
1810 iptables/ip6tables/ebtables command line options.
1811
1812 Possible errors: INVALID_IPV, INVALID_TABLE
1813
1814 getSettings() → (a(sss)a(sssias)a(sas))
1815 Get settings of permanent direct configuration in format: array
1816 of chains, array of rules, array of passthroughs.
1817
1818 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1819 firewalld.direct(5).
1820 .
1821 .PP rules (a(sssias)): array of (ipv, table,
1822 chain, priority, array of arguments), see 'rule' in
1823 firewalld.direct(5).
1824 .
1825 .PP passthroughs (a(sas)): array of (ipv,
1826 array of arguments), see passthrough in firewalld.direct(5).
1827 .
1828 .sp
1829
1830 queryChain(s: ipv, s: table, s: chain) → b
1831 Return whether a chain exists in table for ipv being either
1832 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1833 concerns only chains previously added with addChain. For
1834 runtime operation see
1835 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1836
1837 Possible errors: INVALID_IPV, INVALID_TABLE
1838
1839 queryPassthrough(s: ipv, as: args) → b
1840 Return whether a tracked passthrough rule with the arguments
1841 args exists for ipv being either ipv4 (iptables) or ipv6
1842 (ip6tables) or eb (ebtables). This concerns only rules
1843 previously added with addPassthrough. For runtime operation see
1844 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1845
1846 Possible errors: INVALID_IPV
1847
1848 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1849 Return whether a rule with priority and the arguments args
1850 exists in chain in table for ipv being either ipv4 (iptables)
1851 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1852 previously added with addRule. For runtime operation see
1853 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1854
1855 Possible errors: INVALID_IPV, INVALID_TABLE
1856
1857 removeChain(s: ipv, s: table, s: chain) → Nothing
1858 Remove a chain from table for ipv being either ipv4 (iptables)
1859 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1860 added with addChain can be removed this way. For runtime
1861 operation see
1862 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1863
1864 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1865
1866 removePassthrough(s: ipv, as: args) → Nothing
1867 Remove a passthrough rule with arguments args for ipv being
1868 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1869 Only rules previously added with addPassthrough can be removed
1870 this way. For runtime operation see
1871 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1872
1873 Possible errors: INVALID_IPV, NOT_ENABLED
1874
1875 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1876 Nothing
1877 Remove a rule with priority and arguments args from chain in
1878 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1879 or eb (ebtables). Only rules previously added with addRule can
1880 be removed this way. For runtime operation see
1881 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1882
1883 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1884
1885 removeRules(s: ipv, s: table, s: chain) → Nothing
1886 Remove all rules from chain in table for ipv being either ipv4
1887 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1888 only rules previously added with addRule. For runtime operation
1889 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1890
1891 Possible errors: INVALID_IPV, INVALID_TABLE
1892
1893 update((a(sss)a(sssias)a(sas)): settings) → Nothing
1894 Update permanent direct configuration with given settings.
1895 Settings are in format: array of chains, array of rules, array
1896 of passthroughs.
1897
1898 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1899 firewalld.direct(5).
1900 .
1901 .PP rules (a(sssias)): array of (ipv, table,
1902 chain, priority, array of arguments), see 'rule' in
1903 firewalld.direct(5).
1904 .
1905 .PP passthroughs (a(sas)): array of (ipv,
1906 array of arguments), see passthrough in firewalld.direct(5).
1907 .
1908 .sp Possible errors: INVALID_TYPE
1909
1910 Signals
1911 Updated()
1912 Emitted when configuration has been updated.
1913
1914 org.fedoraproject.FirewallD1.config.policies
1915 Interface for permanent lockdown-whitelist configuration, see also
1916 firewalld.lockdown-whitelist(5). For runtime configuration see
1917 org.fedoraproject.FirewallD1.policies interface.
1918
1919 Methods
1920 addLockdownWhitelistCommand(s: command) → Nothing
1921 Add command to whitelist. See command option in
1922 firewalld.lockdown-whitelist(5). For runtime operation see
1923 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1924
1925 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1926
1927 addLockdownWhitelistContext(s: context) → Nothing
1928 Add context to whitelist. See selinux option in
1929 firewalld.lockdown-whitelist(5). For runtime operation see
1930 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1931
1932 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1933
1934 addLockdownWhitelistUid(i: uid) → Nothing
1935 Add user id uid to whitelist. See user option in
1936 firewalld.lockdown-whitelist(5). For runtime operation see
1937 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1938
1939 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1940
1941 addLockdownWhitelistUser(s: user) → Nothing
1942 Add user name to whitelist. See user option in
1943 firewalld.lockdown-whitelist(5). For runtime operation see
1944 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1945
1946 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1947
1948 getLockdownWhitelist() → (asasasai)
1949 Get settings of permanent lockdown-whitelist configuration in
1950 format: commands, selinux contexts, users, uids
1951
1952 commands (as): see command option in firewalld.lockdown-
1953 whitelist(5).
1954
1955 selinux contexts (as): see selinux option in
1956 firewalld.lockdown-whitelist(5).
1957
1958 users (as): see name attribute of user option in
1959 firewalld.lockdown-whitelist(5).
1960
1961 uids (ai): see id attribute of user option in
1962 firewalld.lockdown-whitelist(5).
1963
1964
1965 getLockdownWhitelistCommands() → as
1966 List all command lines (s) that are on whitelist. For runtime
1967 operation see
1968 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1969
1970 getLockdownWhitelistContexts() → as
1971 List all contexts (s) that are on whitelist. For runtime
1972 operation see
1973 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
1974
1975 getLockdownWhitelistUids() → ai
1976 List all user ids (i) that are on whitelist. For runtime
1977 operation see
1978 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
1979
1980 getLockdownWhitelistUsers() → as
1981 List all users (s) that are on whitelist. For runtime operation
1982 see
1983 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
1984
1985 queryLockdownWhitelistCommand(s: command) → b
1986 Query whether command is on whitelist. For runtime operation
1987 see
1988 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
1989
1990 queryLockdownWhitelistContext(s: context) → b
1991 Query whether context is on whitelist. For runtime operation
1992 see
1993 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
1994
1995 queryLockdownWhitelistUid(i: uid) → b
1996 Query whether user id uid is on whitelist. For runtime
1997 operation see
1998 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
1999
2000 queryLockdownWhitelistUser(s: user) → b
2001 Query whether user is on whitelist. For runtime operation see
2002 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2003
2004 removeLockdownWhitelistCommand(s: command) → Nothing
2005 Remove command from whitelist. For runtime operation see
2006 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2007
2008 Possible errors: NOT_ENABLED
2009
2010 removeLockdownWhitelistContext(s: context) → Nothing
2011 Remove context from whitelist. For runtime operation see
2012 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2013
2014 Possible errors: NOT_ENABLED
2015
2016 removeLockdownWhitelistUid(i: uid) → Nothing
2017 Remove user id uid from whitelist. For runtime operation see
2018 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2019
2020 Possible errors: NOT_ENABLED
2021
2022 removeLockdownWhitelistUser(s: user) → Nothing
2023 Remove user from whitelist. For runtime operation see
2024 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2025
2026 Possible errors: NOT_ENABLED
2027
2028 setLockdownWhitelist((asasasai): settings) → Nothing
2029 Set permanent lockdown-whitelist configuration to settings.
2030 Settings are in format: commands, selinux contexts, users, uids
2031
2032 commands (as): see command option in firewalld.lockdown-
2033 whitelist(5).
2034
2035 selinux contexts (as): see selinux option in
2036 firewalld.lockdown-whitelist(5).
2037
2038 users (as): see name attribute of user option in
2039 firewalld.lockdown-whitelist(5).
2040
2041 uids (ai): see id attribute of user option in
2042 firewalld.lockdown-whitelist(5).
2043
2044 Possible errors: INVALID_TYPE
2045
2046 Signals
2047 LockdownWhitelistUpdated()
2048 Emitted when permanent lockdown-whitelist configuration has
2049 been updated.
2050
2051 org.fedoraproject.FirewallD1.config.ipset
2052 Interface for permanent ipset configuration, see also
2053 firewalld.ipset(5).
2054
2055 Methods
2056 addEntry(s: entry) → Nothing
2057 Permanently add entry to list of entries of ipset. See entry
2058 tag in firewalld.ipset(5). For runtime operation see
2059 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2060
2061 Possible errors: ALREADY_ENABLED
2062
2063 addOption(s: key, s: value) → Nothing
2064 Permanently add (key, value) to the ipset. See option tag in
2065 firewalld.ipset(5).
2066
2067 Possible errors: ALREADY_ENABLED
2068
2069 getDescription() → s
2070 Get description of ipset. See description tag in
2071 firewalld.ipset(5).
2072
2073 getEntries() → as
2074 Get list of entries added to ipset. See entry tag in
2075 firewalld.ipset(5). For runtime operation see
2076 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2077
2078 Possible errors: IPSET_WITH_TIMEOUT
2079
2080 getOptions() → a{ss}
2081 Get dictionary of options set for ipset. See option tag in
2082 firewalld.ipset(5).
2083
2084 getSettings() → (ssssa{ss}as)
2085 Return permament settings of the ipset. For getting runtime
2086 settings see
2087 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2088 Settings are in format: version, name, description, type,
2089 dictionary of options and array of entries.
2090
2091 version (s): see version attribute of ipset tag in
2092 firewalld.ipset(5).
2093
2094 name (s): see short tag in firewalld.ipset(5).
2095
2096 description (s): see description tag in firewalld.ipset(5).
2097
2098 type (s): see type attribute of ipset tag in
2099 firewalld.ipset(5).
2100
2101 options (a{ss}): dictionary of {option : value} . See options
2102 tag in firewalld.ipset(5).
2103
2104 entries (as): array of entries, see entry tag in
2105 firewalld.ipset(5).
2106
2107
2108 getShort() → s
2109 Get name of ipset. See short tag in firewalld.ipset(5).
2110
2111 getType() → s
2112 Get type of ipset. See type attribute of ipset tag in
2113 firewalld.ipset(5).
2114
2115 getVersion() → s
2116 Get version of ipset. See version attribute of ipset tag in
2117 firewalld.ipset(5).
2118
2119 loadDefaults() → Nothing
2120 Load default settings for built-in ipset.
2121
2122 Possible errors: NO_DEFAULTS
2123
2124 queryEntry(s: entry) → b
2125 Return whether entry has been added to ipset. For runtime
2126 operation see
2127 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2128
2129 queryOption(s: key, s: value) → b
2130 Return whether (key, value) has been added to options of the
2131 ipset.
2132
2133 remove() → Nothing
2134 Remove not built-in ipset.
2135
2136 Possible errors: BUILTIN_IPSET
2137
2138 removeEntry(s: entry) → Nothing
2139 Permanently remove entry from ipset. See entry tag in
2140 firewalld.ipset(5). For runtime operation see
2141 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2142
2143 Possible errors: NOT_ENABLED
2144
2145 removeOption(s: key) → Nothing
2146 Permanently remove key from the ipset. See option tag in
2147 firewalld.ipset(5).
2148
2149 Possible errors: NOT_ENABLED
2150
2151 rename(s: name) → Nothing
2152 Rename not built-in ipset to name.
2153
2154 Possible errors: BUILTIN_IPSET
2155
2156 setDescription(s: description) → Nothing
2157 Permanently set description of ipset to description. See
2158 description tag in firewalld.ipset(5).
2159
2160 setEntries(as: entries) → Nothing
2161 Permanently set list of entries to entries. See entry tag in
2162 firewalld.ipset(5).
2163
2164 setOptions(a{ss}: options) → Nothing
2165 Permanently set dict of options to options. See option tag in
2166 firewalld.ipset(5).
2167
2168 setShort(s: short) → Nothing
2169 Permanently set name of ipset to short. See short tag in
2170 firewalld.ipset(5).
2171
2172 setType(s: ipset_type) → Nothing
2173 Permanently set type of ipset to ipset_type. See type attribute
2174 of ipset tag in firewalld.ipset(5).
2175
2176 setVersion(s: version) → Nothing
2177 Permanently set version of ipset to version. See version
2178 attribute of ipset tag in firewalld.ipset(5).
2179
2180 update((ssssa{ss}as): settings) → Nothing
2181 Update settings of ipset to settings. Settings are in format:
2182 version, name, description, type, dictionary of options and
2183 array of entries.
2184
2185 version (s): see version attribute of ipset tag in
2186 firewalld.ipset(5).
2187
2188 name (s): see short tag in firewalld.ipset(5).
2189
2190 description (s): see description tag in firewalld.ipset(5).
2191
2192 type (s): see type attribute of ipset tag in
2193 firewalld.ipset(5).
2194
2195 options (a{ss}): dictionary of {option : value} . See options
2196 tag in firewalld.ipset(5).
2197
2198 entries (as): array of entries, see entry tag in
2199 firewalld.ipset(5).
2200
2201 Possible errors: INVALID_TYPE
2202
2203 Signals
2204 Removed(s: name)
2205 Emitted when ipset with name has been removed.
2206
2207 Renamed(s: name)
2208 Emitted when ipset has been renamed to name.
2209
2210 Updated(s: name)
2211 Emitted when ipset with name has been updated.
2212
2213 Properties
2214 builtin - b - (ro)
2215 True if ipset is build-in, false else.
2216
2217 default - b - (ro)
2218 True if build-in ipset has default settings. False if it has
2219 been modified. Always False for not build-in ipsets.
2220
2221 filename - s - (ro)
2222 Name (including .xml extension) of file where the configuration
2223 is stored.
2224
2225 name - s - (ro)
2226 Name of ipset.
2227
2228 path - s - (ro)
2229 Path to directory where the ipset configuration is stored.
2230 Should be either /usr/lib/firewalld/ipsets or
2231 /etc/firewalld/ipsets.
2232
2233 org.fedoraproject.FirewallD1.config.zone
2234 Interface for permanent zone configuration, see also firewalld.zone(5).
2235
2236 Methods
2237 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2238 Nothing
2239 Permanently add (port, protocol, toport, toaddr) to list of
2240 forward ports of zone. See forward-port tag in
2241 firewalld.zone(5). For runtime operation see
2242 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2243
2244 Possible errors: ALREADY_ENABLED
2245
2246 addIcmpBlock(s: icmptype) → Nothing
2247 Permanently add icmptype to list of icmp types blocked in zone.
2248 See icmp-block tag in firewalld.zone(5). For runtime operation
2249 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2250
2251 Possible errors: ALREADY_ENABLED
2252
2253 addIcmpBlock(s: icmptype) → Nothing
2254 Permanently add icmp block inversion to zone. See
2255 icmp-block-inversion tag in firewalld.zone(5). For runtime
2256 operation see
2257 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2258
2259 Possible errors: ALREADY_ENABLED
2260
2261 addInterface(s: interface) → Nothing
2262 Permanently add interface to list of interfaces bound to zone.
2263 See interface tag in firewalld.zone(5). For runtime operation
2264 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2265
2266 Possible errors: ALREADY_ENABLED
2267
2268 addMasquerade() → Nothing
2269 Permanently enable masquerading in zone. See masquerade tag in
2270 firewalld.zone(5). For runtime operation see
2271 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2272
2273 Possible errors: ALREADY_ENABLED
2274
2275 addPort(s: port, s: protocol) → Nothing
2276 Permanently add (port, protocol) to list of ports of zone. See
2277 port tag in firewalld.zone(5). For runtime operation see
2278 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2279
2280 Possible errors: ALREADY_ENABLED
2281
2282 addProtocol(s: protocol) → Nothing
2283 Permanently add protocol into zone. The protocol can be any
2284 protocol supported by the system. Please have a look at
2285 /etc/protocols for supported protocols. For runtime operation
2286 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2287
2288 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2289
2290 addRichRule(s: rule) → Nothing
2291 Permanently add rule to list of rich-language rules in zone.
2292 See rule tag in firewalld.zone(5). For runtime operation see
2293 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2294
2295 Possible errors: ALREADY_ENABLED
2296
2297 addService(s: service) → Nothing
2298 Permanently add service to list of services used in zone. See
2299 service tag in firewalld.zone(5). For runtime operation see
2300 org.fedoraproject.FirewallD1.zone.Methods.addService.
2301
2302 Possible errors: ALREADY_ENABLED
2303
2304 addSource(s: source) → Nothing
2305 Permanently add source to list of source addresses bound to
2306 zone. See source tag in firewalld.zone(5). For runtime
2307 operation see
2308 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2309
2310 Possible errors: ALREADY_ENABLED
2311
2312 addSourcePort(s: port, s: protocol) → Nothing
2313 Permanently add (port, protocol) to list of source ports of
2314 zone. See source-port tag in firewalld.zone(5). For runtime
2315 operation see
2316 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2317
2318 Possible errors: ALREADY_ENABLED
2319
2320 getDescription() → s
2321 Get description of zone. See description tag in
2322 firewalld.zone(5).
2323
2324 getForwardPorts() → a(ssss)
2325 Get list of (port, protocol, toport, toaddr) defined in zone.
2326 See forward-port tag in firewalld.zone(5). For runtime
2327 operation see
2328 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2329
2330 getIcmpBlockInversion() → b
2331 Get icmp block inversion flag of zone. See icmp-block-inversion
2332 tag in firewalld.zone(5).
2333
2334 getIcmpBlocks() → as
2335 Get list of icmp type names blocked in zone. See icmp-block tag
2336 in firewalld.zone(5). For runtime operation see
2337 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2338
2339 getInterfaces() → as
2340 Get list of interfaces bound to zone. See interface tag in
2341 firewalld.zone(5). For runtime operation see
2342 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2343
2344 getMasquerade() → b
2345 Return whether masquerade is enabled in zone. This is the same
2346 as queryMasquerade() method. See masquerade tag in
2347 firewalld.zone(5).
2348
2349 getPorts() → a(ss)
2350 Get list of (port, protocol) defined in zone. See port tag in
2351 firewalld.zone(5). For runtime operation see
2352 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2353
2354 getProtocols() → as
2355 Return array of protocols (s) previously enabled in zone. For
2356 getting runtime settings see
2357 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2358
2359 getRichRules() → as
2360 Get list of rich-language rules in zone. See rule tag in
2361 firewalld.zone(5). For runtime operation see
2362 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2363
2364 getServices() → as
2365 Get list of service names used in zone. See service tag in
2366 firewalld.zone(5). For runtime operation see
2367 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2368
2369 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2370 Return permanent settings of given zone. For getting runtime
2371 settings see
2372 org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2373 are in format: version, name, description, UNUSED, target,
2374 array of services, array of ports (port, protocol), array of
2375 icmp-blocks, masquerade, array of forward-ports (port,
2376 protocol, to-port, to-addr), array of interfaces, array of
2377 sources, array of rich rules, array of protocols and array of
2378 source-ports (port, protocol).
2379
2380 version (s): see version attribute of zone tag in
2381 firewalld.zone(5).
2382
2383 name (s): see short tag in firewalld.zone(5).
2384
2385 description (s): see description tag in firewalld.zone(5).
2386
2387 UNUSED (b): this boolean value is no longer used for anything.
2388
2389 target (s): see target attribute of zone tag in
2390 firewalld.zone(5).
2391
2392 services (as): array of service names, see service tag in
2393 firewalld.zone(5).
2394
2395 ports (a(ss)): array of port and protocol pairs. See port tag
2396 in firewalld.zone(5).
2397
2398 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2399 firewalld.zone(5).
2400
2401 masquerade (b): see masquerade tag in firewalld.zone(5).
2402
2403 forward-ports (a(ssss)): array of (port, protocol, to-port,
2404 to-addr). See forward-port tag in firewalld.zone(5).
2405
2406 interfaces (as): array of interfaces. See interface tag in
2407 firewalld.zone(5).
2408
2409 source addresses (as): array of source addresses. See source
2410 tag in firewalld.zone(5).
2411
2412 rich rules (as): array of rich-language rules. See rule tag in
2413 firewalld.zone(5).
2414
2415 protocols (as): array of protocols. See protocol tag in
2416 firewalld.zone(5).
2417
2418 source-ports (a(ss)): array of port and protocol pairs. See
2419 source-port tag in firewalld.zone(5).
2420
2421
2422 getShort() → s
2423 Get name of zone. See short tag in firewalld.zone(5).
2424
2425 getSourcePorts() → a(ss)
2426 Get list of (port, protocol) defined in zone. See source-port
2427 tag in firewalld.zone(5). For runtime operation see
2428 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2429
2430 getSources() → as
2431 Get list of source addresses bound to zone. See source tag in
2432 firewalld.zone(5). For runtime operation see
2433 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2434
2435 getTarget() → s
2436 Get target of zone. See target attribute of zone tag in
2437 firewalld.zone(5).
2438
2439 getVersion() → s
2440 Get version of zone. See version attribute of zone tag in
2441 firewalld.zone(5).
2442
2443 loadDefaults() → Nothing
2444 Load default settings for built-in zone.
2445
2446 Possible errors: NO_DEFAULTS
2447
2448 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2449 Return whether (port, protocol, toport, toaddr) is in list of
2450 forward ports of zone. See forward-port tag in
2451 firewalld.zone(5). For runtime operation see
2452 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2453
2454 queryIcmpBlock(s: icmptype) → b
2455 Return whether icmptype is in list of icmp types blocked in
2456 zone. See icmp-block tag in firewalld.zone(5). For runtime
2457 operation see
2458 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2459
2460 queryIcmpBlockInversion() → b
2461 Return whether icmp block inversion is in enabled in zone. See
2462 icmp-block-inversion tag in firewalld.zone(5). For runtime
2463 operation see
2464 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2465
2466 queryInterface(s: interface) → b
2467 Return whether interface is in list of interfaces bound to
2468 zone. See interface tag in firewalld.zone(5). For runtime
2469 operation see
2470 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2471
2472 queryMasquerade() → b
2473 Return whether masquerade is enabled in zone. This is the same
2474 as getMasquerade() method. See masquerade tag in
2475 firewalld.zone(5). For runtime operation see
2476 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2477
2478 queryPort(s: port, s: protocol) → b
2479 Return whether (port, protocol) is in list of ports of zone.
2480 See port tag in firewalld.zone(5). For runtime operation see
2481 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2482
2483 queryProtocol(s: protocol) → b
2484 Return whether protocol has been added in zone. For runtime
2485 operation see
2486 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2487
2488 Possible errors: INVALID_PROTOCOL
2489
2490 queryRichRule(s: rule) → b
2491 Return whether rule is in list of rich-language rules in zone.
2492 See rule tag in firewalld.zone(5). For runtime operation see
2493 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2494
2495 queryService(s: service) → b
2496 Return whether service is in list of services used in zone. See
2497 service tag in firewalld.zone(5). For runtime operation see
2498 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2499
2500 querySource(s: source) → b
2501 Return whether source is in list of source addresses bound to
2502 zone. See source tag in firewalld.zone(5). For runtime
2503 operation see
2504 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2505
2506 querySourcePort(s: port, s: protocol) → b
2507 Return whether (port, protocol) is in list of source ports of
2508 zone. See source-port tag in firewalld.zone(5). For runtime
2509 operation see
2510 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2511
2512 remove() → Nothing
2513 Remove not built-in zone.
2514
2515 Possible errors: BUILTIN_ZONE
2516
2517 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2518 Nothing
2519 Permanently remove (port, protocol, toport, toaddr) from list
2520 of forward ports of zone. See forward-port tag in
2521 firewalld.zone(5). For runtime operation see
2522 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2523
2524 Possible errors: NOT_ENABLED
2525
2526 removeIcmpBlock(s: icmptype) → Nothing
2527 Permanently remove icmptype from list of icmp types blocked in
2528 zone. See icmp-block tag in firewalld.zone(5). For runtime
2529 operation see
2530 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2531
2532 Possible errors: NOT_ENABLED
2533
2534 removeIcmpBlockInversion() → Nothing
2535 Permanently remove icmp block inversion from the zone. See
2536 icmp-block-inversion tag in firewalld.zone(5). For runtime
2537 operation see
2538 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2539
2540 Possible errors: NOT_ENABLED
2541
2542 removeInterface(s: interface) → Nothing
2543 Permanently remove interface from list of interfaces bound to
2544 zone. See interface tag in firewalld.zone(5). For runtime
2545 operation see
2546 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2547
2548 Possible errors: NOT_ENABLED
2549
2550 removeMasquerade() → Nothing
2551 Permanently disable masquerading in zone. See masquerade tag in
2552 firewalld.zone(5). For runtime operation see
2553 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2554
2555 Possible errors: NOT_ENABLED
2556
2557 removePort(s: port, s: protocol) → Nothing
2558 Permanently remove (port, protocol) from list of ports of zone.
2559 See port tag in firewalld.zone(5). For runtime operation see
2560 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2561
2562 Possible errors: NOT_ENABLED
2563
2564 removeProtocol(s: protocol) → Nothing
2565 Permanently remove protocol from zone. For runtime operation
2566 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2567
2568 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2569
2570 removeRichRule(s: rule) → Nothing
2571 Permanently remove rule from list of rich-language rules in
2572 zone. See rule tag in firewalld.zone(5). For runtime operation
2573 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2574
2575 Possible errors: NOT_ENABLED
2576
2577 removeService(s: service) → Nothing
2578 Permanently remove service from list of services used in zone.
2579 See service tag in firewalld.zone(5). For runtime operation see
2580 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2581
2582 Possible errors: NOT_ENABLED
2583
2584 removeSource(s: source) → Nothing
2585 Permanently remove source from list of source addresses bound
2586 to zone. See source tag in firewalld.zone(5). For runtime
2587 operation see
2588 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2589
2590 Possible errors: NOT_ENABLED
2591
2592 removeSourcePort(s: port, s: protocol) → Nothing
2593 Permanently remove (port, protocol) from list of source ports
2594 of zone. See source-port tag in firewalld.zone(5). For runtime
2595 operation see
2596 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2597
2598 Possible errors: NOT_ENABLED
2599
2600 rename(s: name) → Nothing
2601 Rename not built-in zone to name.
2602
2603 Possible errors: BUILTIN_ZONE
2604
2605 setDescription(s: description) → Nothing
2606 Permanently set description of zone to description. See
2607 description tag in firewalld.zone(5).
2608
2609 setForwardPorts(a(ssss): ports) → Nothing
2610 Permanently set forward ports of zone to list of (port,
2611 protocol, toport, toaddr). See forward-port tag in
2612 firewalld.zone(5).
2613
2614 setIcmpBlockInversion(b: flag) → Nothing
2615 Permanently set icmp block inversion flag of zone to flag. See
2616 icmp-block-inversion tag in firewalld.zone(5).
2617
2618 setIcmpBlocks(as: icmptypes) → Nothing
2619 Permanently set list of icmp types blocked in zone to
2620 icmptypes. See icmp-block tag in firewalld.zone(5).
2621
2622 setInterfaces(as: interfaces) → Nothing
2623 Permanently set list of interfaces bound to zone to interfaces.
2624 See interface tag in firewalld.zone(5).
2625
2626 setMasquerade(b: masquerade) → Nothing
2627 Permanently set masquerading in zone to masquerade. See
2628 masquerade tag in firewalld.zone(5).
2629
2630 setPorts(a(ss): ports) → Nothing
2631 Permanently set ports of zone to list of (port, protocol). See
2632 port tag in firewalld.zone(5).
2633
2634 setProtocols(as: protocols) → Nothing
2635 Permanently set list of protocols used in zone to protocols.
2636 See protocol tag in firewalld.zone(5).
2637
2638 setRichRules(as: rules) → Nothing
2639 Permanently set list of rich-language rules to rules. See rule
2640 tag in firewalld.zone(5).
2641
2642 setServices(as: services) → Nothing
2643 Permanently set list of services used in zone to services. See
2644 service tag in firewalld.zone(5).
2645
2646 setShort(s: short) → Nothing
2647 Permanently set name of zone to short. See short tag in
2648 firewalld.zone(5).
2649
2650 setSourcePorts(a(ss): ports) → Nothing
2651 Permanently set source-ports of zone to list of (port,
2652 protocol). See source-port tag in firewalld.zone(5).
2653
2654 setSources(as: sources) → Nothing
2655 Permanently set list of source addresses bound to zone to
2656 sources. See source tag in firewalld.zone(5).
2657
2658 setTarget(s: target) → Nothing
2659 Permanently set target of zone to target. See target attribute
2660 of zone tag in firewalld.zone(5).
2661
2662 setVersion(s: version) → Nothing
2663 Permanently set version of zone to version. See version
2664 attribute of zone tag in firewalld.zone(5).
2665
2666 update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2667 Update settings of zone to settings. Settings are in format:
2668 version, name, description, UNUSED, target, array of services,
2669 array of ports (port, protocol), array of icmp-blocks,
2670 masquerade, array of forward-ports (port, protocol, to-port,
2671 to-addr), array of interfaces, array of sources, array of rich
2672 rules, array of protocols and array of source-ports (port,
2673 protocol).
2674
2675 version (s): see version attribute of zone tag in
2676 firewalld.zone(5).
2677
2678 name (s): see short tag in firewalld.zone(5).
2679
2680 description (s): see description tag in firewalld.zone(5).
2681
2682 UNUSED (b): this boolean value is no longer used for anything.
2683
2684 target (s): see target attribute of zone tag in
2685 firewalld.zone(5).
2686
2687 services (as): array of service names, see service tag in
2688 firewalld.zone(5).
2689
2690 ports (a(ss)): array of port and protocol pairs. See port tag
2691 in firewalld.zone(5).
2692
2693 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2694 firewalld.zone(5).
2695
2696 masquerade (b): see masquerade tag in firewalld.zone(5).
2697
2698 forward-ports (a(ssss)): array of (port, protocol, to-port,
2699 to-addr). See forward-port tag in firewalld.zone(5).
2700
2701 interfaces (as): array of interfaces. See interface tag in
2702 firewalld.zone(5).
2703
2704 source addresses (as): array of source addresses. See source
2705 tag in firewalld.zone(5).
2706
2707 rich rules (as): array of rich-language rules. See rule tag in
2708 firewalld.zone(5).
2709
2710 protocols (as): array of protocols. See protocol tag in
2711 firewalld.zone(5).
2712
2713 source-ports (a(ss)): array of port and protocol pairs. See
2714 source-port tag in firewalld.zone(5).
2715
2716 Possible errors: INVALID_TYPE
2717
2718 Signals
2719 Removed(s: name)
2720 Emitted when zone with name has been removed.
2721
2722 Renamed(s: name)
2723 Emitted when zone has been renamed to name.
2724
2725 Updated(s: name)
2726 Emitted when zone with name has been updated.
2727
2728 Properties
2729 builtin - b - (ro)
2730 True if zone is build-in, false else.
2731
2732 default - b - (ro)
2733 True if build-in zone has default settings. False if it has
2734 been modified. Always False for not build-in zones.
2735
2736 filename - s - (ro)
2737 Name (including .xml extension) of file where the configuration
2738 is stored.
2739
2740 name - s - (ro)
2741 Name of zone.
2742
2743 path - s - (ro)
2744 Path to directory where the zone configuration is stored.
2745 Should be either /usr/lib/firewalld/zones or
2746 /etc/firewalld/zones.
2747
2748 org.fedoraproject.FirewallD1.config.service
2749 Interface for permanent service configuration, see also
2750 firewalld.service(5).
2751
2752 Methods
2753 addModule(s: module) → Nothing
2754 Permanently add module to list of modules (netfilter kernel
2755 helpers) used in service. See module tag in
2756 firewalld.service(5).
2757
2758 Possible errors: ALREADY_ENABLED
2759
2760 addPort(s: port, s: protocol) → Nothing
2761 Permanently add (port, protocol) to list of ports in service.
2762 See port tag in firewalld.service(5).
2763
2764 Possible errors: ALREADY_ENABLED
2765
2766 addProtocol(s: protocol) → Nothing
2767 Permanently add protocol into zone. The protocol can be any
2768 protocol supported by the system. Please have a look at
2769 /etc/protocols for supported protocols. See protocol tag in
2770 firewalld.service(5).
2771
2772 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2773
2774 addSourcePort(s: port, s: protocol) → Nothing
2775 Permanently add (port, protocol) to list of source ports in
2776 service. See source-port tag in firewalld.service(5).
2777
2778 Possible errors: ALREADY_ENABLED
2779
2780 getDescription() → s
2781 Get description of service. See description tag in
2782 firewalld.service(5).
2783
2784 getDestination(s: family) → s
2785 Get destination for IP family being either 'ipv4' or 'ipv6'.
2786 See destination tag in firewalld.service(5).
2787
2788 Possible errors: ALREADY_ENABLED
2789
2790 getDestinations() → a{ss}
2791 Get list of destinations. Return value is a dictionary of {IP
2792 family : IP address} where 'IP family' key can be either 'ipv4'
2793 or 'ipv6'. See destination tag in firewalld.service(5).
2794
2795 getModules() → as
2796 Get list of modules (netfilter kernel helpers) used in service.
2797 See module tag in firewalld.service(5).
2798
2799 getPorts() → a(ss)
2800 Get list of (port, protocol) defined in service. See port tag
2801 in firewalld.service(5).
2802
2803 getProtocols() → as
2804 Return array of protocols (s) defined in service. See protocol
2805 tag in firewalld.service(5).
2806
2807 getSettings() → (sssa(ss)asa{ss}asa(ss))
2808 Return permanent settings of a service. For getting runtime
2809 settings see
2810 org.fedoraproject.FirewallD1.Methods.getServiceSettings.
2811 Settings are in format: version, name, description, array of
2812 ports (port, protocol), array of module names, dictionary of
2813 destinations, array of protocols and array of source-ports
2814 (port, protocol).
2815
2816 version (s): see version attribute of service tag in
2817 firewalld.service(5).
2818
2819 name (s): see short tag in firewalld.service(5).
2820
2821 description (s): see description tag in firewalld.service(5).
2822
2823 ports (a(ss)): array of port and protocol pairs. See port tag
2824 in firewalld.service(5).
2825
2826 module names (as): array of kernel netfilter helpers, see
2827 module tag in firewalld.service(5).
2828
2829 destinations (a{ss}): dictionary of {IP family : IP address}
2830 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2831 destination tag in firewalld.service(5).
2832
2833 protocols (as): array of protocols. See protocol tag in
2834 firewalld.service(5).
2835
2836 source-ports (a(ss)): array of port and protocol pairs. See
2837 source-port tag in firewalld.service(5).
2838
2839
2840 getShort() → s
2841 Get name of service. See short tag in firewalld.service(5).
2842
2843 getSourcePorts() → a(ss)
2844 Get list of (port, protocol) defined in service. See
2845 source-port tag in firewalld.service(5).
2846
2847 getVersion() → s
2848 Get version of service. See version attribute of service tag in
2849 firewalld.service(5).
2850
2851 loadDefaults() → Nothing
2852 Load default settings for built-in service.
2853
2854 Possible errors: NO_DEFAULTS
2855
2856 queryDestination(s: family, s: address) → b
2857 Return whether a destination is in dictionary of destinations
2858 of this service. destination is in format: (IP family, IP
2859 address) where IP family can be either 'ipv4' or 'ipv6'. See
2860 destination tag in firewalld.service(5).
2861
2862 queryModule(s: module) → b
2863 Return whether module is in list of modules (netfilter kernel
2864 helpers) used in service. See module tag in
2865 firewalld.service(5).
2866
2867 queryPort(s: port, s: protocol) → b
2868 Return whether (port, protocol) is in list of ports in service.
2869 See port tag in firewalld.service(5).
2870
2871 queryProtocol(s: protocol) → b
2872 Return whether protocol is in list of protocols in service. See
2873 protocol tag in firewalld.service(5).
2874
2875 querySourcePort(s: port, s: protocol) → b
2876 Return whether (port, protocol) is in list of source ports in
2877 service. See source-port tag in firewalld.service(5).
2878
2879 remove() → Nothing
2880 Remove not built-in service.
2881
2882 Possible errors: BUILTIN_SERVICE
2883
2884 removeDestination(s: family) → Nothing
2885 Permanently remove a destination with family ('ipv4' or 'ipv6')
2886 from service. See destination tag in firewalld.service(5).
2887
2888 Possible errors: NOT_ENABLED
2889
2890 removeModule(s: module) → Nothing
2891 Permanently remove module from list of modules (netfilter
2892 kernel helpers) used in service. See module tag in
2893 firewalld.service(5).
2894
2895 Possible errors: NOT_ENABLED
2896
2897 removePort(s: port, s: protocol) → Nothing
2898 Permanently remove (port, protocol) from list of ports in
2899 service. See port tag in firewalld.service(5).
2900
2901 Possible errors: NOT_ENABLED
2902
2903 removeProtocol(s: protocol) → Nothing
2904 Permanently remove protocol from list of protocols in service.
2905 See protocol tag in firewalld.service(5).
2906
2907 Possible errors: NOT_ENABLED
2908
2909 removeSourcePort(s: port, s: protocol) → Nothing
2910 Permanently remove (port, protocol) from list of source ports
2911 in service. See source-port tag in firewalld.service(5).
2912
2913 Possible errors: NOT_ENABLED
2914
2915 rename(s: name) → Nothing
2916 Rename not built-in service to name.
2917
2918 Possible errors: BUILTIN_SERVICE
2919
2920 setDescription(s: description) → Nothing
2921 Permanently set description of service to description. See
2922 description tag in firewalld.service(5).
2923
2924 setDestination(s: family, s: address) → Nothing
2925 Permanently set a destination address. destination is in
2926 format: (IP family, IP address) where IP family can be either
2927 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2928
2929 Possible errors: ALREADY_ENABLED
2930
2931 setDestinations(a{ss}: destinations) → Nothing
2932 Permanently set destinations of service to destinations, which
2933 is a dictionary of {IP family : IP address} where 'IP family'
2934 key can be either 'ipv4' or 'ipv6'. See destination tag in
2935 firewalld.service(5).
2936
2937 setModules(as: modules) → Nothing
2938 Permanently set list of modules (netfilter kernel helpers) used
2939 in service to modules. See module tag in firewalld.service(5).
2940
2941 setPorts(a(ss): ports) → Nothing
2942 Permanently set ports of service to list of (port, protocol).
2943 See port tag in firewalld.service(5).
2944
2945 setProtocols(as: protocols) → Nothing
2946 Permanently set protocols of service to list of protocols. See
2947 protocol tag in firewalld.service(5).
2948
2949 setShort(s: short) → Nothing
2950 Permanently set name of service to short. See short tag in
2951 firewalld.service(5).
2952
2953 setSourcePorts(a(ss): ports) → Nothing
2954 Permanently set source-ports of service to list of (port,
2955 protocol). See source-port tag in firewalld.service(5).
2956
2957 setVersion(s: version) → Nothing
2958 Permanently set version of service to version. See version
2959 attribute of service tag in firewalld.service(5).
2960
2961 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2962 Update settings of service to settings. Settings are in format:
2963 version, name, description, array of ports (port, protocol),
2964 array of module names, dictionary of destinations, array of
2965 protocols and array of source-ports (port, protocol).
2966
2967 version (s): see version attribute of service tag in
2968 firewalld.service(5).
2969
2970 name (s): see short tag in firewalld.service(5).
2971
2972 description (s): see description tag in firewalld.service(5).
2973
2974 ports (a(ss)): array of port and protocol pairs. See port tag
2975 in firewalld.service(5).
2976
2977 module names (as): array of kernel netfilter helpers, see
2978 module tag in firewalld.service(5).
2979
2980 destinations (a{ss}): dictionary of {IP family : IP address}
2981 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2982 destination tag in firewalld.service(5).
2983
2984 protocols (as): array of protocols. See protocol tag in
2985 firewalld.service(5).
2986
2987 Possible errors: INVALID_TYPE
2988
2989 Signals
2990 Removed(s: name)
2991 Emitted when service with name has been removed.
2992
2993 Renamed(s: name)
2994 Emitted when service has been renamed to name.
2995
2996 Updated(s: name)
2997 Emitted when service with name has been updated.
2998
2999 Properties
3000 builtin - b - (ro)
3001 True if service is build-in, false else.
3002
3003 default - b - (ro)
3004 True if build-in service has default settings. False if it has
3005 been modified. Always False for not build-in services.
3006
3007 filename - s - (ro)
3008 Name (including .xml extension) of file where the configuration
3009 is stored.
3010
3011 name - s - (ro)
3012 Name of service.
3013
3014 path - s - (ro)
3015 Path to directory where the configuration is stored. Should be
3016 either /usr/lib/firewalld/services or /etc/firewalld/services.
3017
3018 org.fedoraproject.FirewallD1.config.helper
3019 Interface for permanent helper configuration, see also
3020 firewalld.helper(5).
3021
3022 Methods
3023 addPort(s: port, s: protocol) → Nothing
3024 Permanently add (port, protocol) to list of ports in helper.
3025 See port tag in firewalld.helper(5).
3026
3027 Possible errors: ALREADY_ENABLED
3028
3029 getDescription() → s
3030 Get description of helper. See description tag in
3031 firewalld.helper(5).
3032
3033 getFamily() → s
3034 Get family being 'ipv4', 'ipv6' or empty for both. See family
3035 tag in firewalld.helper(5).
3036
3037 getModule() → s
3038 Get modules (netfilter kernel helpers) used in helper. See
3039 module tag in firewalld.helper(5).
3040
3041 getPorts() → a(ss)
3042 Get list of (port, protocol) defined in helper. See port tag in
3043 firewalld.helper(5).
3044
3045 getSettings() → (sssssa(ss))
3046 Return permanent settings of a helper. For getting runtime
3047 settings see
3048 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3049 Settings are in format: version, name, description, family,
3050 module, array of ports (port, protocol).
3051
3052 version (s): see version attribute of helper tag in
3053 firewalld.helper(5).
3054
3055 name (s): see short tag in firewalld.helper(5).
3056
3057 description (s): see description tag in firewalld.helper(5).
3058
3059 family (s): see family tag in firewalld.helper(5).
3060
3061 module (s): see module tag in firewalld.helper(5).
3062
3063 ports (a(ss)): array of port and protocol pairs. See port tag
3064 in firewalld.helper(5).
3065
3066
3067 getShort() → s
3068 Get name of helper. See short tag in firewalld.helper(5).
3069
3070 getVersion() → s
3071 Get version of helper. See version attribute of helper tag in
3072 firewalld.helper(5).
3073
3074 loadDefaults() → Nothing
3075 Load default settings for built-in helper.
3076
3077 Possible errors: NO_DEFAULTS
3078
3079 queryFamily(s: module) → b
3080 Return whether family is set for helper. See family tag in
3081 firewalld.helper(5).
3082
3083 queryModule(s: module) → b
3084 Return whether module (netfilter kernel helpers) is used in
3085 helper. See module tag in firewalld.helper(5).
3086
3087 queryPort(s: port, s: protocol) → b
3088 Return whether (port, protocol) is in list of ports in helper.
3089 See port tag in firewalld.helper(5).
3090
3091 remove() → Nothing
3092 Remove not built-in helper.
3093
3094 Possible errors: BUILTIN_HELPER
3095
3096 removePort(s: port, s: protocol) → Nothing
3097 Permanently remove (port, protocol) from list of ports in
3098 helper. See port tag in firewalld.helper(5).
3099
3100 Possible errors: NOT_ENABLED
3101
3102 rename(s: name) → Nothing
3103 Rename not built-in helper to name.
3104
3105 Possible errors: BUILTIN_HELPER
3106
3107 setDescription(s: description) → Nothing
3108 Permanently set description of helper to description. See
3109 description tag in firewalld.helper(5).
3110
3111 setFamily(s: family) → Nothing
3112 Permanently set family of helper to family. See family tag in
3113 firewalld.helper(5).
3114
3115 setModule(s: module) → Nothing
3116 Permanently set module of helper to description. See module tag
3117 in firewalld.helper(5).
3118
3119 setPorts(a(ss): ports) → Nothing
3120 Permanently set ports of helper to list of (port, protocol).
3121 See port tag in firewalld.helper(5).
3122
3123 setShort(s: short) → Nothing
3124 Permanently set name of helper to short. See short tag in
3125 firewalld.helper(5).
3126
3127 setVersion(s: version) → Nothing
3128 Permanently set version of helper to version. See version
3129 attribute of helper tag in firewalld.helper(5).
3130
3131 update((sssssa(ss)): settings) → Nothing
3132 Update settings of helper to settings. Settings are in format:
3133 version, name, description, family, module and array of ports.
3134
3135 version (s): see version attribute of helper tag in
3136 firewalld.helper(5).
3137
3138 name (s): see short tag in firewalld.helper(5).
3139
3140 description (s): see description tag in firewalld.helper(5).
3141
3142 family (s): see family tag in firewalld.helper(5).
3143
3144 module (s): see module tag in firewalld.helper(5).
3145
3146 ports (a(ss)): array of port and protocol pairs. See port tag
3147 in firewalld.helper(5).
3148
3149 Possible errors: INVALID_HELPER
3150
3151 Signals
3152 Removed(s: name)
3153 Emitted when helper with name has been removed.
3154
3155 Renamed(s: name)
3156 Emitted when helper has been renamed to name.
3157
3158 Updated(s: name)
3159 Emitted when helper with name has been updated.
3160
3161 Properties
3162 builtin - b - (ro)
3163 True if helper is build-in, false else.
3164
3165 default - b - (ro)
3166 True if build-in helper has default settings. False if it has
3167 been modified. Always False for not build-in helpers.
3168
3169 filename - s - (ro)
3170 Name (including .xml extension) of file where the configuration
3171 is stored.
3172
3173 name - s - (ro)
3174 Name of helper.
3175
3176 path - s - (ro)
3177 Path to directory where the configuration is stored. Should be
3178 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3179
3180 org.fedoraproject.FirewallD1.config.icmptype
3181 Interface for permanent icmp type configuration, see also
3182 firewalld.icmptype(5).
3183
3184 Methods
3185 addDestination(s: destination) → Nothing
3186 Permanently add a destination ('ipv4' or 'ipv6') to list of
3187 destinations of this icmp type. See destination tag in
3188 firewalld.icmptype(5).
3189
3190 Possible errors: ALREADY_ENABLED
3191
3192 getDescription() → s
3193 Get description of icmp type. See description tag in
3194 firewalld.icmptype(5).
3195
3196 getDestinations() → as
3197 Get list of destinations. See destination tag in
3198 firewalld.icmptype(5).
3199
3200 getSettings() → (sssas)
3201 Return permanent settings of icmp type. For getting runtime
3202 settings see
3203 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3204 Settings are in format: version, name, description, array of
3205 destinations.
3206
3207 version (s): see version attribute of icmptype tag in
3208 firewalld.icmptype(5).
3209
3210 name (s): see short tag in firewalld.icmptype(5).
3211
3212 description (s): see description tag in firewalld.icmptype(5).
3213
3214 destinations (as): array, either empty or containing strings
3215 'ipv4' and/or 'ipv6', see destination tag in
3216 firewalld.icmptype(5).
3217
3218
3219 getShort() → s
3220 Get name of icmp type. See short tag in firewalld.icmptype(5).
3221
3222 getVersion() → s
3223 Get version of icmp type. See version attribute of icmptype tag
3224 in firewalld.icmptype(5).
3225
3226 loadDefaults() → Nothing
3227 Load default settings for built-in icmp type.
3228
3229 Possible errors: NO_DEFAULTS
3230
3231 queryDestination(s: destination) → b
3232 Return whether a destination ('ipv4' or 'ipv6') is in list of
3233 destinations of this icmp type. See destination tag in
3234 firewalld.icmptype(5).
3235
3236 remove() → Nothing
3237 Remove not built-in icmp type.
3238
3239 Possible errors: BUILTIN_ICMPTYPE
3240
3241 removeDestination(s: destination) → Nothing
3242 Permanently remove a destination ('ipv4' or 'ipv6') from list
3243 of destinations of this icmp type. See destination tag in
3244 firewalld.icmptype(5).
3245
3246 Possible errors: NOT_ENABLED
3247
3248 rename(s: name) → Nothing
3249 Rename not built-in icmp type to name.
3250
3251 Possible errors: BUILTIN_ICMPTYPE
3252
3253 setDescription(s: description) → Nothing
3254 Permanently set description of icmp type to description. See
3255 description tag in firewalld.icmptype(5).
3256
3257 setDestinations(as: destinations) → Nothing
3258 Permanently set destinations of icmp type to destinations,
3259 which is array, either empty or containing strings 'ipv4'
3260 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3261
3262 setShort(s: short) → Nothing
3263 Permanently set name of icmp type to short. See short tag in
3264 firewalld.icmptype(5).
3265
3266 setVersion(s: version) → Nothing
3267 Permanently set version of icmp type to version. See version
3268 attribute of icmptype tag in firewalld.icmptype(5).
3269
3270 update((sssas): settings) → Nothing
3271 Update permanent settings of icmp type to settings. Settings
3272 are in format: version, name, description, array of
3273 destinations.
3274
3275 version (s): see version attribute of icmptype tag in
3276 firewalld.icmptype(5).
3277
3278 name (s): see short tag in firewalld.icmptype(5).
3279
3280 description (s): see description tag in firewalld.icmptype(5).
3281
3282 destinations (as): array, either empty or containing strings
3283 'ipv4' and/or 'ipv6', see destination tag in
3284 firewalld.icmptype(5).
3285
3286
3287 Signals
3288 Removed(s: name)
3289 Emitted when icmp type with name has been removed.
3290
3291 Renamed(s: name)
3292 Emitted when icmp type has been renamed to name.
3293
3294 Updated(s: name)
3295 Emitted when icmp type with name has been updated.
3296
3297 Properties
3298 builtin - b - (ro)
3299 True if icmptype is build-in, false else.
3300
3301 default - b - (ro)
3302 True if build-in icmp type has default settings. False if it
3303 has been modified. Always False for not build-in zones.
3304
3305 filename - s - (ro)
3306 Name (including .xml extension) of file where the configuration
3307 is stored.
3308
3309 name - s - (ro)
3310 Name of icmp type.
3311
3312 path - s - (ro)
3313 Path to directory where the icmp type configuration is stored.
3314 Should be either /usr/lib/firewalld/icmptypes or
3315 /etc/firewalld/icmptypes.
3316
3318 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3319 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3320 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3321 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3322 firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3323 firewalld.helper(5)
3324
3326 firewalld home page:
3327 http://firewalld.org
3328
3329 More documentation with examples:
3330 http://fedoraproject.org/wiki/FirewallD
3331
3333 Thomas Woerner <twoerner@redhat.com>
3334 Developer
3335
3336 Jiri Popelka <jpopelka@redhat.com>
3337 Developer
3338
3339
3340
3341firewalld 0.6.3 FIREWALLD.DBUS(5)