1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80 Possible errors: NOT_ENABLED, COMMAND_FAILED
82 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89 getAutomaticHelpers() → s
91 Return the AutomaticHelpers value. For the secure use of
92 iptables and connection tracking helpers it is recommended to
93 turn AutomaticHelpers off. But this might have side effects on
94 other services using the netfilter helpers as the sysctl
95 setting in /proc/sys/net/netfilter/nf_conntrack_helper will be
96 changed. With the system setting, the default value set in the
97 kernel or with sysctl will be used. Possible values are: yes,
98 no and system. The default value is system.
99 getDefaultZone() → s
101 Return default zone.
102 getHelperSettings(s: helper) → (sssssa(ss))
104 Return runtime settings of given helper. For getting permanent
105 settings see
106 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
107 Settings are in format: version, name, description, family,
108 module and array of ports.
109 version (s): see version attribute of helper tag in
111 firewalld.helper(5).
112 name (s): see short tag in firewalld.helper(5).
114 description (s): see description tag in firewalld.helper(5).
116 family (s): see family tag in firewalld.helper(5).
118 module (s): see module tag in firewalld.helper(5).
120 ports (a(ss)): array of port and protocol pairs. See port tag
122 in firewalld.helper(5).
123 Possible errors: INVALID_HELPER
125 getHelpers() → as
127 Return array of helper names (s) in runtime configuration. For
128 permanent configuration see
129 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
130 getIcmpTypeSettings(s: icmptype) → (sssas)
132 Return runtime settings of given icmptype. For getting
133 permanent settings see
134 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
135 Settings are in format: version, name, description, array of
136 destinations.
137 version (s): see version attribute of icmptype tag in
139 firewalld.icmptype(5).
140 name (s): see short tag in firewalld.icmptype(5).
142 description (s): see description tag in firewalld.icmptype(5).
144 destinations (as): array, either empty or containing strings
146 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
147 Possible errors: INVALID_ICMPTYPE
149 getLogDenied() → s
151 Retruns the LogDenied value. If LogDenied is enabled, then
152 logging rules are added right before reject and drop rules in
153 the INPUT, FORWARD and OUTPUT chains for the default rules and
154 also final reject and drop rules in zones. Possible values are:
155 all, unicast, broadcast, multicast and off. The default value
156 is off
157 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
159 Return runtime settings of given service. For getting permanent
160 settings see
161 org.fedoraproject.FirewallD1.config.service.Methods.getSettings.
162 Settings are in format: version, name, description, array of
163 ports (port, protocol), array of module names, dictionary of
164 destinations, array of protocols and array of source-ports
165 (port, protocol).
166 version (s): see version attribute of service tag in
168 firewalld.service(5).
169 name (s): see short tag in firewalld.service(5).
171 description (s): see description tag in firewalld.service(5).
173 ports (a(ss)): array of port and protocol pairs. See port tag
175 in firewalld.service(5).
176 module names (as): array of kernel netfilter helpers, see
178 module tag in firewalld.service(5).
179 destinations (a{ss}): dictionary of {IP family : IP address}
181 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
182 destination tag in firewalld.service(5).
183 protocols (as): array of protocols, see protocol tag in
185 firewalld.service(5).
186 source-ports (a(ss)): array of port and protocol pairs. See
188 source-port tag in firewalld.service(5).
189 Possible errors: INVALID_SERVICE
191 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
193 Return runtime settings of given zone. For getting permanent
194 settings see
195 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
196 Settings are in format: version, name, description, UNUSED,
197 target, array of services, array of ports (port, protocol),
198 array of icmp-blocks, masquerade, array of forward-ports (port,
199 protocol, to-port, to-addr), array of interfaces, array of
200 sources, array of rich rules, array of protocols and array of
201 source-ports (port, protocol).
202 version (s): see version attribute of zone tag in
204 firewalld.zone(5).
205 name (s): see short tag in firewalld.zone(5).
207 description (s): see description tag in firewalld.zone(5).
209 UNUSED (b): this boolean value is no longer used for anything.
211 target (s): see target attribute of zone tag in
213 firewalld.zone(5).
214 services (as): array of service names, see service tag in
216 firewalld.zone(5).
217 ports (a(ss)): array of port and protocol pairs. See port tag
219 in firewalld.zone(5).
220 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
222 firewalld.zone(5).
223 masquerade (b): see masquerade tag in firewalld.zone(5).
225 forward-ports (a(ssss)): array of (port, protocol, to-port,
227 to-addr). See forward-port tag in firewalld.zone(5).
228 interfaces (as): array of interfaces. See interface tag in
230 firewalld.zone(5).
231 source addresses (as): array of source addresses. See source
233 tag in firewalld.zone(5).
234 rich rules (as): array of rich-language rules. See rule tag in
236 firewalld.zone(5).
237 protocols (as): array of protocols, see protocol tag in
239 firewalld.zone(5).
240 source-ports (a(ss)): array of port and protocol pairs. See
242 source-port tag in firewalld.zone(5).
243 Possible errors: INVALID_ZONE
245 listIcmpTypes() → as
247 Return array of names (s) of icmp types in runtime
248 configuration. For permanent configuration see
249 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
250 listServices() → as
252 Return array of service names (s) in runtime configuration. For
253 permanent configuration see
254 org.fedoraproject.FirewallD1.config.Methods.listServices.
255 queryPanicMode() → b
257 Return true if panic mode is enabled, false otherwise. In panic
258 mode all incoming and outgoing packets are dropped.
259 reload() → Nothing
261 Reload firewall rules and keep state information. Current
262 permanent configuration will become new runtime configuration,
263 i.e. all runtime only changes done until reload are lost with
264 reload if they have not been also in permanent configuration.
265 runtimeToPermanent() → Nothing
267 Make runtime settings permanent. Replaces permanent settings
268 with runtime settings for zones, services, icmptypes, direct
269 and policies (lockdown whitelist).
270 Possible errors: RT_TO_PERM_FAILED
272 checkPermanentConfig() → Nothing
274 Run checks on the permanent configuration. This is most useful
275 if changes were made manually to configuration files.
276 Possible errors: any
278 setDefaultZone(s: zone) → Nothing
280 Set default zone for connections and interfaces where no zone
281 has been selected to zone. Setting the default zone changes the
282 zone for the connections or interfaces, that are using the
283 default zone. This is a runtime and permanent change.
284 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
286 setLogDenied(s: value) → Nothing
288 Set LogDenied value to value. If LogDenied is enabled, then
289 logging rules are added right before reject and drop rules in
290 the INPUT, FORWARD and OUTPUT chains for the default rules and
291 also final reject and drop rules in zones. Possible values are:
292 all, unicast, broadcast, multicast and off. The default value
293 is off This is a runtime and permanent change.
294 Possible errors: ALREADY_SET, INVALID_VALUE
296 Signals
298 DefaultZoneChanged(s: zone)
299 Emitted when default zone has been changed to zone.
300 LogDeniedChanged(s: value)
302 Emitted when LogDenied value has been changed.
303 PanicModeDisabled()
305 Emitted when panic mode has been deactivated.
306 PanicModeEnabled()
308 Emitted when panic mode has been activated.
309 Reloaded()
311 Emitted when firewalld has been reloaded. Also emitted for a
312 complete reload.
313 Properties
315 BRIDGE - b - (ro)
316 Indicates whether the firewall has ethernet bridge support.
317 IPSet - b - (ro)
319 Indicates whether the firewall has IPSet support.
320 IPSetTypes - as - (ro)
322 The supported IPSet types by ipset and firewalld.
323 IPv4 - b - (ro)
325 Indicates whether the firewall has IPv4 support.
326 IPv4ICMPTypes - as - (ro)
328 The list of supported IPv4 ICMP types.
329 IPv6 - b - (ro)
331 Indicates whether the firewall has IPv6 support.
332 IPv6_rpfilter - b - (ro)
334 Indicates whether the reverse path filter test on a packet for
335 IPv6 is enabled. If a reply to the packet would be sent via the
336 same interface that the packet arrived on, the packet will
337 match and be accepted, otherwise dropped.
338 IPv6ICMPTypes - as - (ro)
340 The list of supported IPv6 ICMP types.
341 nf_conntrach_helper_setting - b - (ro)
343 Kernel nf_conntrack_helper setting.
344 nf_conntrack_helpers - a{sas} - (ro)
346 The list of conntrack helpers supported by the kernel.
347 nf_nat_helpers - a{sas} - (ro)
349 The list of nat helpers supported by the kernel.
350 interface_version - s - (ro)
352 firewalld D-Bus interface version string.
353 state - s - (ro)
355 firewalld state. This can be either INIT, FAILED, or RUNNING.
356 In INIT state, firewalld is starting up and initializing. In
357 FAILED state, firewalld completely started but experienced a
358 failure.
359 version - s - (ro)
361 firewalld version string.
362 org.fedoraproject.FirewallD1.ipset
364 Operations in this interface allows to get, add, remove and query
365 runtime ipset settings. For permanent configuration see
366 org.fedoraproject.FirewallD1.config.ipset interface.
367 Methods
369 addEntry(s: ipset, s: entry) → as
370 Add a new entry to ipset. The entry must match the type of the
371 ipset. If the ipset is using the timeout option, it is not
372 possible to see the entries, as they are timing out
373 automatically in the kernel. For permanent operation see
374 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
375 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
377 getEntries(s: ipset) → Nothing
379 Get all entries added to the ipset. If the ipset is using the
380 timeout option, it is not possible to see the entries, as they
381 are timing out automatically in the kernel. Return value is a
382 array of entry. For permanent operation see
383 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
384 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
386 getSettings(s: ipset) → (ssssa{ss}as)
388 Return runtime settings of given ipset. For getting permanent
389 settings see
390 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
391 Settings are in format: version, name, description, type,
392 dictionary of options and array of entries.
393 version (s): see version attribute of ipset tag in
395 firewalld.ipset(5).
396 name (s): see short tag in firewalld.ipset(5).
398 description (s): see description tag in firewalld.ipset(5).
400 type (s): see type attribute of ipset tag in
402 firewalld.ipset(5).
403 options (a{ss}): dictionary of {option : value} . See options
405 tag in firewalld.ipset(5).
406 entries (as): array of entries, see entry tag in
408 firewalld.ipset(5).
409 Possible errors: INVALID_IPSET
411 getIPSets() → as
413 Return array of ipset names (s) in runtime configuration. For
414 permanent configuration see
415 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
416 queryService(s: ipset, s: entry) → b
418 Return whether entry has been added to ipset. For permanent
419 operation see
420 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
421 Possible errors: INVALID_IPSET
423 queryService(s: ipset) → b
425 Return whether ipset is defined in runtime configuration.
426 removeEntry(s: ipset, s: entry) → as
428 Removes an entry from ipset. For permanent operation see
429 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
430 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
432 setEntries(as: entries) → Nothing
434 Permanently set list of entries to entries. For permanent
435 operation see
436 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
437 See entry tag in firewalld.ipset(5).
438 Signals
440 EntryAdded(s: ipset, s: entry)
441 Emitted when entry has been added to ipset.
442 EntryRemoved(s: ipset, s: entry)
444 Emitted when entry has been removed from ipset.
445 org.fedoraproject.FirewallD1.direct
447 This interface enables more direct access to the firewall. It enables
448 runtime manipulation with chains and rules. For permanent configuration
449 see org.fedoraproject.FirewallD1.config.direct interface.
450 Methods
452 addChain(s: ipv, s: table, s: chain) → Nothing
453 Add a new chain to table for ipv being either ipv4 (iptables)
454 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
455 other chain with this name already. There already exist basic
456 chains to use with direct methods, for example INPUT_direct
457 chain. These chains are jumped into before chains for zones,
458 i.e. every rule put into INPUT_direct will be checked before
459 rules in zones. For permanent operation see
460 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
461 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
463 COMMAND_FAILED
464 addPassthrough(s: ipv, as: args) → Nothing
466 Add a tracked passthrough rule with the arguments args for ipv
467 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
468 (ebtables). Valid commands in args are only -A/--append,
469 -I/--insert and -N/--new-chain. This method is (unlike
470 passthrough method) tracked, i.e. firewalld remembers it. It's
471 useful with
472 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
473 permanent operation see
474 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
475 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
477 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
479 Nothing
480 Add a rule with the arguments args to chain in table with
481 priority for ipv being either ipv4 (iptables) or ipv6
482 (ip6tables) or eb (ebtables). The priority is used to order
483 rules. Priority 0 means add rule on top of the chain, with a
484 higher priority the rule will be added further down. Rules with
485 the same priority are on the same level and the order of these
486 rules is not fixed and may change. If you want to make sure
487 that a rule will be added after another one, use a low priority
488 for the first and a higher for the following. For permanent
489 operation see
490 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
491 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
493 COMMAND_FAILED
494 getAllChains() → a(sss)
496 Get all chains added to all tables in format: ipv, table,
497 chain. This concerns only chains previously added with
498 addChain. Return value is a array of (ipv, table, chain). For
499 permanent operation see
500 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
501 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
503 (ebtables).
504 table (s): one of filter, mangle, nat, raw, security
506 chain (s): name of a chain.
508 getAllPassthroughs() → a(sas)
511 Get all tracked passthrough rules added in all ipv types in
512 format: ipv, rule. This concerns only rules previously added
513 with addPassthrough. Return value is a array of (ipv, array of
514 arguments). For permanent operation see
515 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
516 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
518 (ebtables).
519 arguments (as): array of commands, parameters and other
521 iptables/ip6tables/ebtables command line options.
522 getAllRules() → a(sssias)
525 Get all rules added to all chains in all tables in format: ipv,
526 table, chain, priority, rule. This concerns only rules
527 previously added with addRule. Return value is a array of (ipv,
528 table, chain, priority, array of arguments). For permanent
529 operation see
530 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
531 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
533 (ebtables).
534 table (s): one of filter, mangle, nat, raw, security
536 chain (s): name of a chain.
538 priority (i): used to order rules.
540 arguments (as): array of commands, parameters and other
542 iptables/ip6tables/ebtables command line options.
543 getChains(s: ipv, s: table) → as
546 Return an array of chains (s) added to table for ipv being
547 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
548 This concerns only chains previously added with addChain. For
549 permanent operation see
550 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
551 Possible errors: INVALID_IPV, INVALID_TABLE
553 getPassthroughs(s: ipv) → aas
555 Get tracked passthrough rules added in either ipv4 (iptables)
556 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
557 previously added with addPassthrough. Return value is a array
558 of (array of arguments). For permanent operation see
559 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
560 arguments (as): array of commands, parameters and other
562 iptables/ip6tables/ebtables command line options.
563 getRules(s: ipv, s: table, s: chain) → a(ias)
566 Get all rules added to chain in table for ipv being either ipv4
567 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
568 only rules previously added with addRule. Return value is a
569 array of (priority, array of arguments). For permanent
570 operation see
571 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
572 priority (i): used to order rules.
574 arguments (as): array of commands, parameters and other
576 iptables/ip6tables/ebtables command line options.
577 Possible errors: INVALID_IPV, INVALID_TABLE
579 passthrough(s: ipv, as: args) → s
581 Pass a command through to the firewall. ipv can be either ipv4
582 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
583 all iptables, ip6tables and ebtables command line arguments.
584 args can be all iptables, ip6tables and ebtables command line
585 arguments. This command is untracked, which means that
586 firewalld is not able to provide information about this command
587 later on.
588 Possible errors: COMMAND_FAILED
590 queryChain(s: ipv, s: table, s: chain) → b
592 Return whether a chain exists in table for ipv being either
593 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
594 concerns only chains previously added with addChain. For
595 permanent operation see
596 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
597 Possible errors: INVALID_IPV, INVALID_TABLE
599 queryPassthrough(s: ipv, as: args) → b
601 Return whether a tracked passthrough rule with the arguments
602 args exists for ipv being either ipv4 (iptables) or ipv6
603 (ip6tables) or eb (ebtables). This concerns only rules
604 previously added with addPassthrough. For permanent operation
605 see
606 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
607 Possible errors: INVALID_IPV
609 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
611 Return whether a rule with priority and the arguments args
612 exists in chain in table for ipv being either ipv4 (iptables)
613 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
614 previously added with addRule. For permanent operation see
615 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
616 Possible errors: INVALID_IPV, INVALID_TABLE
618 removeAllPassthroughs() → Nothing
620 Remove all passthrough rules previously added with
621 addPassthrough.
622 removeChain(s: ipv, s: table, s: chain) → Nothing
624 Remove a chain from table for ipv being either ipv4 (iptables)
625 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
626 added with addChain can be removed this way. For permanent
627 operation see
628 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
629 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
631 COMMAND_FAILED
632 removePassthrough(s: ipv, as: args) → Nothing
634 Remove a tracked passthrough rule with arguments args for ipv
635 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
636 (ebtables). Only rules previously added with addPassthrough can
637 be removed this way. For permanent operation see
638 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
639 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
641 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
643 Nothing
644 Remove a rule with priority and arguments args from chain in
645 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
646 or eb (ebtables). Only rules previously added with addRule can
647 be removed this way. For permanent operation see
648 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
649 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
651 COMMAND_FAILED
652 removeRules(s: ipv, s: table, s: chain) → Nothing
654 Remove all rules from chain in table for ipv being either ipv4
655 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
656 only rules previously added with addRule. For permanent
657 operation see
658 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
659 Possible errors: INVALID_IPV, INVALID_TABLE
661 Signals
663 ChainAdded(s: ipv, s: table, s: chain)
664 Emitted when chain has been added into table for ipv being
665 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
666 ChainRemoved(s: ipv, s: table, s: chain)
668 Emitted when chain has been removed from table for ipv being
669 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
670 PassthroughAdded(s: ipv, as: args)
672 Emitted when a tracked passthruogh rule with args has been
673 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
674 or eb (ebtables).
675 PassthroughRemoved(s: ipv, as: args)
677 Emitted when a tracked passthrough rule with args has been
678 removed for ipv being either ipv4 (iptables) or ipv6
679 (ip6tables) or eb (ebtables).
680 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
682 Emitted when a rule with args has been added to chain in table
683 with priority for ipv being either ipv4 (iptables) or ipv6
684 (ip6tables) or eb (ebtables).
685 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
687 Emitted when a rule with args has been removed from chain in
688 table with priority for ipv being either ipv4 (iptables) or
689 ipv6 (ip6tables) or eb (ebtables).
690 org.fedoraproject.FirewallD1.policies
692 Enables firewalld to be able to lock down configuration changes from
693 local applications. Local applications or services are able to change
694 the firewall configuration if they are running as root (example:
695 libvirt). With these operations administrator can lock the firewall
696 configuration so that either none or only applications that are in the
697 whitelist are able to request firewall changes. For permanent
698 configuration see org.fedoraproject.FirewallD1.config.policies
699 interface.
700 Methods
702 addLockdownWhitelistCommand(s: command) → Nothing
703 Add command to whitelist. See command option in
704 firewalld.lockdown-whitelist(5). For permanent operation see
705 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
706 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
708 addLockdownWhitelistContext(s: context) → Nothing
710 Add context to whitelist. See selinux option in
711 firewalld.lockdown-whitelist(5). For permanent operation see
712 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
713 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
715 addLockdownWhitelistUid(i: uid) → Nothing
717 Add user id uid to whitelist. See user option in
718 firewalld.lockdown-whitelist(5). For permanent operation see
719 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
720 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
722 addLockdownWhitelistUser(s: user) → Nothing
724 Add user name to whitelist. See user option in
725 firewalld.lockdown-whitelist(5). For permanent operation see
726 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
727 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
729 disableLockdown() → Nothing
731 Disable lockdown. This is a runtime and permanent change.
732 Possible errors: NOT_ENABLED
734 enableLockdown() → Nothing
736 Enable lockdown. Be careful - if the calling application/user
737 is not on lockdown whitelist when you enable lockdown you won't
738 be able to disable it again with the application, you would
739 need to edit firewalld.conf. This is a runtime and permanent
740 change.
741 Possible errors: ALREADY_ENABLED
743 getLockdownWhitelistCommands() → as
745 List all command lines (s) that are on whitelist. For permanent
746 operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
748 getLockdownWhitelistContexts() → as
750 List all contexts (s) that are on whitelist. For permanent
751 operation see
752 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
753 getLockdownWhitelistUids() → ai
755 List all user ids (i) that are on whitelist. For permanent
756 operation see
757 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
758 getLockdownWhitelistUsers() → as
760 List all users (s) that are on whitelist. For permanent
761 operation see
762 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
763 queryLockdown() → b
765 Query whether lockdown is enabled.
766 queryLockdownWhitelistCommand(s: command) → b
768 Query whether command is on whitelist. For permanent operation
769 see
770 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
771 queryLockdownWhitelistContext(s: context) → b
773 Query whether context is on whitelist. For permanent operation
774 see
775 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
776 queryLockdownWhitelistUid(i: uid) → b
778 Query whether user id uid is on whitelist. For permanent
779 operation see
780 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
781 queryLockdownWhitelistUser(s: user) → b
783 Query whether user is on whitelist. For permanent operation see
784 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
785 removeLockdownWhitelistCommand(s: command) → Nothing
787 Remove command from whitelist. For permanent operation see
788 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
789 Possible errors: NOT_ENABLED
791 removeLockdownWhitelistContext(s: context) → Nothing
793 Remove context from whitelist. For permanent operation see
794 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
795 Possible errors: NOT_ENABLED
797 removeLockdownWhitelistUid(i: uid) → Nothing
799 Remove user id uid from whitelist. For permanent operation see
800 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
801 Possible errors: NOT_ENABLED
803 removeLockdownWhitelistUser(s: user) → Nothing
805 Remove user from whitelist. For permanent operation see
806 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
807 Possible errors: NOT_ENABLED
809 Signals
811 LockdownDisabled()
812 Emitted when lockdown has been disabled.
813 LockdownEnabled()
815 Emitted when lockdown has been enabled.
816 LockdownWhitelistCommandAdded(s: command)
818 Emitted when command has been added to whitelist.
819 LockdownWhitelistCommandRemoved(s: command)
821 Emitted when command has been removed from whitelist.
822 LockdownWhitelistContextAdded(s: context)
824 Emitted when context has been added to whitelist.
825 LockdownWhitelistContextRemoved(s: context)
827 Emitted when context has been removed from whitelist.
828 LockdownWhitelistUidAdded(i: uid)
830 Emitted when user id uid has been added to whitelist.
831 LockdownWhitelistUidRemoved(i: uid)
833 Emitted when user id uid has been removed from whitelist.
834 LockdownWhitelistUserAdded(s: user)
836 Emitted when user has been added to whitelist.
837 LockdownWhitelistUserRemoved(s: user)
839 Emitted when user has been removed from whitelist.
840 org.fedoraproject.FirewallD1.zone
842 Operations in this interface allows to get, add, remove and query
843 runtime zone's settings. For permanent settings see
844 org.fedoraproject.FirewallD1.config.zone interface.
845 Methods
847 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
848 i: timeout) → s
849 Add the IPv4 forward port into zone. If zone is empty, use
850 default zone. The port can either be a single port number
851 portid or a port range portid-portid. The protocol can either
852 be tcp or udp. The destination address is a simple IP address.
853 If timeout is non-zero, the operation will be active only for
854 the amount of seconds. For permanent settings see
855 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
856 Returns name of zone to which the forward port was added.
858 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
860 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
861 ALREADY_ENABLED, INVALID_COMMAND
862 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
864 Add an ICMP block icmp into zone. The icmp is the one of the
865 icmp types firewalld supports. To get a listing of supported
866 icmp types use
867 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
868 empty, use default zone. If timeout is non-zero, the operation
869 will be active only for the amount of seconds. For permanent
870 settings see
871 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
872 Returns name of zone to which the ICMP block was added.
874 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
876 ALREADY_ENABLED, INVALID_COMMAND
877 addIcmpBlockInversion(s: zone) → s
879 Add ICMP block inversion to zone. If zone is empty, use default
880 zone. For permanent settings see
881 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
882 Returns name of zone to which the ICMP block inversion was
884 added.
885 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
887 addInterface(s: zone, s: interface) → s
889 Bind interface with zone. From now on all traffic going through
890 the interface will respect the zone's settings. If zone is
891 empty, use default zone. For permanent settings see
892 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
893 Returns name of zone to which the interface was bound.
895 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
897 ALREADY_ENABLED, INVALID_COMMAND
898 addMasquerade(s: zone, i: timeout) → s
900 Enable masquerade in zone. If zone is empty, use default zone.
901 If timeout is non-zero, masquerading will be active for the
902 amount of seconds. For permanent settings see
903 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
904 Returns name of zone in which the masquerade was enabled.
906 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
908 addPort(s: zone, s: port, s: protocol, i: timeout) → s
910 Add port into zone. If zone is empty, use default zone. The
911 port can either be a single port number or a port range
912 portid-portid. The protocol can either be tcp or udp. If
913 timeout is non-zero, the operation will be active only for the
914 amount of seconds. For permanent settings see
915 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
916 Returns name of zone to which the port was added.
918 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
920 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
921 addProtocol(s: zone, s: protocol, i: timeout) → s
923 Add protocol into zone. If zone is empty, use default zone. The
924 protocol can be any protocol supported by the system. Please
925 have a look at /etc/protocols for supported protocols. If
926 timeout is non-zero, the operation will be active only for the
927 amount of seconds. For permanent settings see
928 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
929 Returns name of zone to which the protocol was added.
931 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
933 ALREADY_ENABLED, INVALID_COMMAND
934 addRichRule(s: zone, s: rule, i: timeout) → s
936 Add rich language rule into zone. For the rich language rule
937 syntax, please have a look at firewalld.direct(5). If zone is
938 empty, use default zone. If timeout is non-zero, the operation
939 will be active only for the amount of seconds. For permanent
940 settings see
941 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
942 Returns name of zone to which the rich language rule was added.
944 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
946 INVALID_COMMAND
947 addService(s: zone, s: service, i: timeout) → s
949 Add service into zone. If zone is empty, use default zone. If
950 timeout is non-zero, the operation will be active only for the
951 amount of seconds. To get a list of supported services, use
952 org.fedoraproject.FirewallD1.Methods.listServices. For
953 permanent settings see
954 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
955 Returns name of zone to which the service was added.
957 Possible errors: INVALID_ZONE, INVALID_SERVICE,
959 ALREADY_ENABLED, INVALID_COMMAND
960 addSource(s: zone, s: source) → s
962 Bind source with zone. From now on all traffic going from this
963 source will respect the zone's settings. A source address or
964 address range is either an IP address or a network IP address
965 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
966 network mask or a plain number. For IPv6 the mask is a plain
967 number. Use of host names is not supported. If zone is empty,
968 use default zone. For permanent settings see
969 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
970 Returns name of zone to which the source was bound.
972 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
974 INVALID_COMMAND
975 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
977 Add source port into zone. If zone is empty, use default zone.
978 The port can either be a single port number or a port range
979 portid-portid. The protocol can either be tcp or udp. If
980 timeout is non-zero, the operation will be active only for the
981 amount of seconds. For permanent settings see
982 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
983 Returns name of zone to which the port was added.
985 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
987 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
988 changeZone(s: zone, s: interface) → s
990 This function is deprecated, use
991 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
992 instead.
993 changeZoneOfInterface(s: zone, s: interface) → s
995 Change a zone an interface is bound to to zone. It's basically
996 removeInterface(interface) followed by addInterface(zone,
997 interface). If interface has not been bound to a zone before,
998 it behaves like addInterface. If zone is empty, use default
999 zone.
1000 Returns name of zone to which the interface was bound.
1002 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1004 changeZoneOfSource(s: zone, s: source) → s
1006 Change a zone an source is bound to to zone. It's basically
1007 removeSource(source) followed by addSource(zone, source). If
1008 source has not been bound to a zone before, it behaves like
1009 addSource. If zone is empty, use default zone.
1010 Returns name of zone to which the source was bound.
1012 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1014 getActiveZones() → a{sa{sas}}
1016 Return dictionary of currently active zones altogether with
1017 interfaces and sources used in these zones. Active zones are
1018 zones, that have a binding to an interface or source.
1019 Return value is a dictionary where keys are zone names (s) and
1021 values are again dictionaries where keys are either
1022 'interfaces' or 'sources' and values are arrays of interface
1023 names (s) or sources (s).
1024 getForwardPorts(s: zone) → aas
1026 Return array of IPv4 forward ports previously added into zone.
1027 If zone is empty, use default zone. For getting permanent
1028 settings see
1029 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1030 Return value is array of 4-tuples, where each 4-tuple consists
1032 of (port, protocol, to-port, to-addr). to-addr might be empty
1033 in case of local forwarding.
1034 Possible errors: INVALID_ZONE
1036 getIcmpBlocks(s: zone) → as
1038 Return array of ICMP type (s) blocks previously added into
1039 zone. If zone is empty, use default zone. For getting permanent
1040 settings see
1041 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1042 Possible errors: INVALID_ZONE
1044 getIcmpBlockInversion(s: zone) → b
1046 Return whether ICMP block inversion was previously added to
1047 zone. If zone is empty, use default zone. For getting permanent
1048 settings see
1049 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1050 Possible errors: INVALID_ZONE
1052 getInterfaces(s: zone) → as
1054 Return array of interfaces (s) previously bound with zone. If
1055 zone is empty, use default zone. For getting permanent settings
1056 see
1057 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1058 Possible errors: INVALID_ZONE
1060 getPorts(s: zone) → aas
1062 Return array of ports (2-tuple of port and protocol) previously
1063 enabled in zone. If zone is empty, use default zone. For
1064 getting permanent settings see
1065 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1066 Possible errors: INVALID_ZONE
1068 getProtocols(s: zone) → as
1070 Return array of protocols (s) previously enabled in zone. If
1071 zone is empty, use default zone. For getting permanent settings
1072 see
1073 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1074 Possible errors: INVALID_ZONE
1076 getRichRules(s: zone) → as
1078 Return array of rich language rules (s) previously added into
1079 zone. If zone is empty, use default zone. For getting permanent
1080 settings see
1081 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1082 Possible errors: INVALID_ZONE
1084 getServices(s: zone) → as
1086 Return array of services (s) previously enabled in zone. If
1087 zone is empty, use default zone. For getting permanent settings
1088 see
1089 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1090 Possible errors: INVALID_ZONE
1092 getSourcePorts(s: zone) → aas
1094 Return array of source ports (2-tuple of port and protocol)
1095 previously enabled in zone. If zone is empty, use default zone.
1096 For getting permanent settings see
1097 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1098 Possible errors: INVALID_ZONE
1100 getSources(s: zone) → as
1102 Return array of sources (s) previously bound with zone. If zone
1103 is empty, use default zone. For getting permanent settings see
1104 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1105 Possible errors: INVALID_ZONE
1107 getZoneOfInterface(s: interface) → s
1109 Return name (s) of zone the interface is bound to or empty
1110 string.
1111 getZoneOfSource(s: source) → s
1113 Return name (s) of zone the source is bound to or empty string.
1114 getZones() → as
1116 Return array of names (s) of predefined zones known to current
1117 runtime environment. For list of zones known to permanent
1118 environment see
1119 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1120 lists (of zones known to runtime and permanent environment)
1121 will contain same zones in most cases, but might differ for
1122 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1123 has been called recently, but firewalld has not been reloaded
1124 since then.
1125 isImmutable(s: zone) → b
1127 Deprecated.
1128 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1130 toaddr) → b
1131 Return whether the IPv4 forward port (port, protocol, toport,
1132 toaddr) has been added into zone. If zone is empty, use default
1133 zone. For permanent operation see
1134 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1135 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1137 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1138 queryIcmpBlock(s: zone, s: icmp) → b
1140 Return whether an ICMP block for icmp has been added into zone.
1141 If zone is empty, use default zone. For permanent operation see
1142 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1143 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1145 queryIcmpBlockInversion(s: zone) → b
1147 Return whether ICMP block inversion has been added to zone. If
1148 zone is empty, use default zone. For permanent operation see
1149 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1150 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1152 queryInterface(s: zone, s: interface) → b
1154 Query whether interface has been bound to zone. If zone is
1155 empty, use default zone. For permanent operation see
1156 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1157 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1159 queryMasquerade(s: zone) → b
1161 Return whether masquerading has been enabled in zone If zone is
1162 empty, use default zone. For permanent operation see
1163 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1164 Possible errors: INVALID_ZONE
1166 queryPort(s: zone, s: port, s: protocol) → b
1168 Return whether port/protocol has been added in zone. If zone is
1169 empty, use default zone. For permanent operation see
1170 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1171 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1173 INVALID_PROTOCOL
1174 queryProtocol(s: zone, s: protocol) → b
1176 Return whether protocol has been added in zone. If zone is
1177 empty, use default zone. For permanent operation see
1178 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1179 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1181 queryRichRule(s: zone, s: rule) → b
1183 Return whether rich rule rule has been added in zone. If zone
1184 is empty, use default zone. For permanent operation see
1185 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1186 Possible errors: INVALID_ZONE, INVALID_RULE
1188 queryService(s: zone, s: service) → b
1190 Return whether service has been added for zone. If zone is
1191 empty, use default zone. For permanent operation see
1192 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1193 Possible errors: INVALID_ZONE, INVALID_SERVICE
1195 querySource(s: zone, s: source) → b
1197 Query whether sourcehas been bound to zone. If zone is empty,
1198 use default zone. For permanent operation see
1199 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1200 Possible errors: INVALID_ZONE, INVALID_ADDR
1202 querySourcePort(s: zone, s: port, s: protocol) → b
1204 Return whether port/protocol has been added in zone. If zone is
1205 empty, use default zone. For permanent operation see
1206 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1207 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1209 INVALID_PROTOCOL
1210 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1212 toaddr) → s
1213 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1214 from zone. If zone is empty, use default zone. For permanent
1215 operation see
1216 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1217 Returns name of zone from which the forward port was removed.
1219 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1221 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1222 INVALID_COMMAND
1223 removeIcmpBlock(s: zone, s: icmp) → s
1225 Remove ICMP block icmp from zone. If zone is empty, use default
1226 zone. For permanent operation see
1227 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1228 Returns name of zone from which the ICMP block was removed.
1230 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1232 INVALID_COMMAND
1233 removeIcmpBlockInversion(s: zone) → s
1235 Remove ICMP block inversion from zone. If zone is empty, use
1236 default zone. For permanent operation see
1237 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1238 Returns name of zone from which the ICMP block inversion was
1240 removed.
1241 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1243 removeInterface(s: zone, s: interface) → s
1245 Remove binding of interface from zone. If zone is empty, the
1246 interface will be removed from zone it belongs to. For
1247 permanent operation see
1248 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1249 Returns name of zone from which the interface was removed.
1251 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1253 INVALID_COMMAND
1254 removeMasquerade(s: zone) → s
1256 Disable masquerade for zone. If zone is empty, use default
1257 zone. For permanent operation see
1258 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1259 Returns name of zone for which the masquerade was disabled.
1261 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1263 removePort(s: zone, s: port, s: protocol) → s
1265 Remove port/protocol from zone. If zone is empty, use default
1266 zone. For permanent operation see
1267 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1268 Returns name of zone from which the port was removed.
1270 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1272 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1273 removeProtocol(s: zone, s: protocol) → s
1275 Remove protocol from zone. If zone is empty, use default zone.
1276 For permanent operation see
1277 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1278 Returns name of zone from which the protocol was removed.
1280 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1282 INVALID_COMMAND
1283 removeRichRule(s: zone, s: rule) → s
1285 Remove rich language rule from zone. If zone is empty, use
1286 default zone. For permanent operation see
1287 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1288 Returns name of zone from which the rich language rule was
1290 removed.
1291 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1293 INVALID_COMMAND
1294 removeService(s: zone, s: service) → s
1296 Remove service from zone. If zone is empty, use default zone.
1297 For permanent operation see
1298 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1299 Returns name of zone from which the service was removed.
1301 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1303 INVALID_COMMAND
1304 removeSource(s: zone, s: source) → s
1306 Remove binding of source from zone. If zone is empty, the
1307 source will be removed from zone it belongs to. For permanent
1308 operation see
1309 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1310 Returns name of zone from which the source was removed.
1312 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1314 INVALID_COMMAND
1315 removeSourcePort(s: zone, s: port, s: protocol) → s
1317 Remove port/protocol from zone. If zone is empty, use default
1318 zone. For permanent operation see
1319 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1320 Returns name of zone from which the source port was removed.
1322 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1324 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1325 Signals
1327 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1328 toaddr, i: timeout)
1329 Emitted when forward port has been added to zone with timeout.
1330 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1332 toaddr)
1333 Emitted when forward port has been removed from zone.
1334 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1336 Emitted when ICMP block for icmp has been added to zone with
1337 timeout.
1338 IcmpBlockInversionAdded(s: zone)
1340 Emitted when ICMP block inversion has been added to zone.
1341 IcmpBlockInversionRemoved(s: zone)
1343 Emitted when ICMP block inversion has been removed from zone.
1344 IcmpBlockRemoved(s: zone, s: icmp)
1346 Emitted when ICMP block for icmp has been removed from zone.
1347 InterfaceAdded(s: zone, s: interface)
1349 Emitted when interface has been added to zone.
1350 InterfaceRemoved(s: zone, s: interface)
1352 Emitted when interface has been removed from zone.
1353 MasqueradeAdded(s: zone, i: timeout)
1355 Emitted when masquerade has been enabled for zone.
1356 MasqueradeRemoved(s: zone)
1358 Emitted when masquerade has been disabled for zone.
1359 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1361 Emitted when port/protocol has been added to zone with timeout.
1362 PortRemoved(s: zone, s: port, s: protocol)
1364 Emitted when port/protocol has been removed from zone.
1365 ProtocolAdded(s: zone, s: protocol, i: timeout)
1367 Emitted when protocol has been added to zone with timeout.
1368 ProtocolRemoved(s: zone, s: protocol)
1370 Emitted when protocol has been removed from zone.
1371 RichRuleAdded(s: zone, s: rule, i: timeout)
1373 Emitted when rich language rule has been added to zone with
1374 timeout.
1375 RichRuleRemoved(s: zone, s: rule)
1377 Emitted when rich language rule has been removed from zone.
1378 ServiceAdded(s: zone, s: service, i: timeout)
1380 Emitted when service has been added to zone with timeout.
1381 ServiceRemoved(s: zone, s: service)
1383 Emitted when service has been removed from zone.
1384 SourceAdded(s: zone, s: source)
1386 Emitted when source has been added to zone.
1387 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1389 Emitted when source-port/protocol has been added to zone with
1390 timeout.
1391 SourcePortRemoved(s: zone, s: port, s: protocol)
1393 Emitted when source-port/protocol has been removed from zone.
1394 SourceRemoved(s: zone, s: source)
1396 Emitted when source has been removed from zone.
1397 ZoneChanged(s: zone, s: interface)
1399 Deprecated
1400 ZoneOfInterfaceChanged(s: zone, s: interface)
1402 Emitted when a zone an interface is part of has been changed to
1403 zone.
1404 ZoneOfSourceChanged(s: zone, s: source)
1406 Emitted when a zone an source is part of has been changed to
1407 zone.
1408 org.fedoraproject.FirewallD1.config
1410 Allows to permanently add, remove and query zones, services and icmp
1411 types.
1412 Methods
1414 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1415 Add ipset with given settings into permanent configuration.
1416 Settings are in format: version, name, description, type,
1417 dictionary of options and array of entries.
1418 version (s): see version attribute of ipset tag in
1420 firewalld.ipset(5).
1421 name (s): see short tag in firewalld.ipset(5).
1423 description (s): see description tag in firewalld.ipset(5).
1425 type (s): see type attribute of ipset tag in
1427 firewalld.ipset(5).
1428 options (a{ss}): dictionary of {option : value} . See options
1430 tag in firewalld.ipset(5).
1431 entries (as): array of entries, see entry tag in
1433 firewalld.ipset(5).
1434 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1436 addIcmpType(s: icmptype, (sssas): settings) → o
1438 Add icmptype with given settings into permanent configuration.
1439 Settings are in format: version, name, description, array of
1440 destinations. Returns object path of the new icmp type.
1441 version (s): see version attribute of icmptype tag in
1443 firewalld.icmptype(5).
1444 name (s): see short tag in firewalld.icmptype(5).
1446 description (s): see description tag in firewalld.icmptype(5).
1448 destinations (as): array, either empty or containing strings
1450 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1451 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1453 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1455 Add service with given settings into permanent configuration.
1456 Settings are in format: version, name, description, array of
1457 ports (port, protocol), array of module names, dictionary of
1458 destinations, array of protocols and array of source-ports
1459 (port, protocol). Returns object path of the new icmp type.
1460 version (s): see version attribute of service tag in
1462 firewalld.service(5).
1463 name (s): see short tag in firewalld.service(5).
1465 description (s): see description tag in firewalld.service(5).
1467 ports (a(ss)): array of port and protocol pairs. See port tag
1469 in firewalld.service(5).
1470 module names (as): array of kernel netfilter helpers, see
1472 module tag in firewalld.service(5).
1473 destinations (a{ss}): dictionary of {IP family : IP address}
1475 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1476 destination tag in firewalld.service(5).
1477 protocols (as): array of protocols. See protocol tag in
1479 firewalld.service(5).
1480 source-ports (a(ss)): array of port and protocol pairs. See
1482 source-port tag in firewalld.service(5).
1483 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1485 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1487 o
1488 Add zone with given settings into permanent configuration.
1489 Settings are in format: version, name, description, UNUSED,
1490 target, array of services, array of ports (port, protocol),
1491 array of icmp-blocks, masquerade, array of forward-ports (port,
1492 protocol, to-port, to-addr), array of interfaces, array of
1493 sources, array of rich rules, array of protocols and array of
1494 source-ports (port, protocol).
1495 version (s): see version attribute of zone tag in
1497 firewalld.zone(5).
1498 name (s): see short tag in firewalld.zone(5).
1500 description (s): see description tag in firewalld.zone(5).
1502 UNUSED (b): this boolean value is no longer used for anything.
1504 target (s): see target attribute of zone tag in
1506 firewalld.zone(5).
1507 services (as): array of service names, see service tag in
1509 firewalld.zone(5).
1510 ports (a(ss)): array of port and protocol pairs. See port tag
1512 in firewalld.zone(5).
1513 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1515 firewalld.zone(5).
1516 masquerade (b): see masquerade tag in firewalld.zone(5).
1518 forward-ports (a(ssss)): array of (port, protocol, to-port,
1520 to-addr). See forward-port tag in firewalld.zone(5).
1521 interfaces (as): array of interfaces. See interface tag in
1523 firewalld.zone(5).
1524 source addresses (as): array of source addresses. See source
1526 tag in firewalld.zone(5).
1527 rich rules (as): array of rich-language rules. See rule tag in
1529 firewalld.zone(5).
1530 protocols (as): array of protocols. See protocol tag in
1532 firewalld.zone(5).
1533 source-ports (a(ss)): array of port and protocol pairs. See
1535 source-port tag in firewalld.zone(5).
1536 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1538 getHelperByName(s: helper) → o
1540 Return object path (permanent configuration) of helper with
1541 given name.
1542 Possible errors: INVALID_HELPER
1544 getHelperNames() → as
1546 Return list of helper names (permanent configuration).
1547 getIPSetByName(s: ipset) → o
1549 Return object path (permanent configuration) of ipset with
1550 given name.
1551 Possible errors: INVALID_IPSET
1553 getIPSetNames() → as
1555 Return list of ipset names (permanent configuration).
1556 getIcmpTypeByName(s: icmptype) → o
1558 Return object path (permanent configuration) of icmptype with
1559 given name.
1560 Possible errors: INVALID_ICMPTYPE
1562 getIcmpTypeNames() → as
1564 Return list of icmptype names (permanent configuration).
1565 getServiceByName(s: service) → o
1567 Return object path (permanent configuration) of service with
1568 given name.
1569 Possible errors: INVALID_SERVICE
1571 getServiceNames() → as
1573 Return list of service names (permanent configuration).
1574 getZoneByName(s: zone) → o
1576 Return object path (permanent configuration) of zone with given
1577 name.
1578 Possible errors: INVALID_ZONE
1580 getZoneNames() → as
1582 Return list of zone names (permanent configuration) of.
1583 getZoneOfInterface(s: iface) → s
1585 Return name of zone the iface is bound to or empty string.
1586 getZoneOfSource(s: source) → s
1588 Return name of zone the source is bound to or empty string.
1589 listHelpers() → ao
1591 Return array of object paths (o) of helper in permanent
1592 configuration. For runtime configuration see
1593 org.fedoraproject.FirewallD1.Methods.getHelpers.
1594 listIPSets() → ao
1596 Return array of object paths (o) of ipset in permanent
1597 configuration. For runtime configuration see
1598 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1599 listIcmpTypes() → ao
1601 Return array of object paths (o) of icmp types in permanent
1602 configuration. For runtime configuration see
1603 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1604 listServices() → ao
1606 Return array of objects paths (o) of services in permanent
1607 configuration. For runtime configuration see
1608 org.fedoraproject.FirewallD1.Methods.listServices.
1609 listZones() → ao
1611 List object paths of zones known to permanent environment. For
1612 list of zones known to runtime environment see
1613 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1614 (of zones known to runtime and permanent environment) will
1615 contain same zones in most cases, but might differ for example
1616 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1617 called recently, but firewalld has not been reloaded since
1618 then.
1619 Signals
1621 HelperAdded(s: helper)
1622 Emitted when helper has been added.
1623 IPSetAdded(s: ipset)
1625 Emitted when ipset has been added.
1626 IcmpTypeAdded(s: icmptype)
1628 Emitted when icmptype has been added.
1629 ServiceAdded(s: service)
1631 Emitted when service has been added.
1632 ZoneAdded(s: zone)
1634 Emitted when zone has been added.
1635 Properties
1637 AutomaticHelpers - s - (rw)
1638 Indicates whether automatic helper assignment in kernel should
1639 be used or not. With the system setting this is left to the
1640 kernel or system default.
1641 CleanupOnExit - s - (rw)
1643 If firewalld stops, it cleans up all firewall rules. Setting
1644 this option to no or false leaves the current firewall rules
1645 untouched.
1646 DefaultZone - s - (ro)
1648 Default zone for connections or interfaces if the zone is not
1649 selected or specified by NetworkManager, initscripts or command
1650 line tool.
1651 FirewallBackend - s - (rw)
1653 Selects the firewalld backend for all rules except the direct
1654 interface. Valid options are; nftables, iptables. Default in
1655 nftables.
1656 IPv6_rpfilter - s - (rw)
1658 Indicates whether the reverse path filter test on a packet for
1659 IPv6 is enabled. If a reply to the packet would be sent via the
1660 same interface that the packet arrived on, the packet will
1661 match and be accepted, otherwise dropped.
1662 IndividualCalls - s - (ro)
1664 Indicates whether individual calls combined -restore calls are
1665 used. If enabled, this increases the time that is needed to
1666 apply changes and to start the daemon, but is good for
1667 debugging.
1668 Lockdown - s - (rw)
1670 If this property is enabled, firewall changes with the D-Bus
1671 interface will be limited to applications that are listed in
1672 the lockdown whitelist.
1673 LogDenied - s - (rw)
1675 If LogDenied is enabled, then logging rules are added right
1676 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1677 chains for the default rules and also final reject and drop
1678 rules in zones. Possible values are: all, unicast, broadcast,
1679 multicast and off.
1680 MinimalMark - i - (rw)
1682 For some firewall settings several rules are needed in
1683 different tables to be able to handle packets in the correct
1684 way. To achieve that these packets are marked using the MARK
1685 target. With the MinimalMark property a block of marks can be
1686 reserved for private use; only marks over this value are used.
1687 org.fedoraproject.FirewallD1.config.direct
1689 Interface for permanent direct configuration, see also
1690 firewalld.direct(5). For runtime direct configuration see
1691 org.fedoraproject.FirewallD1.direct interface.
1692 Methods
1694 addChain(s: ipv, s: table, s: chain) → Nothing
1695 Add a new chain to table for ipv being either ipv4 (iptables)
1696 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1697 other chain with this name already. There already exist basic
1698 chains to use with direct methods, for example INPUT_direct
1699 chain. These chains are jumped into before chains for zones,
1700 i.e. every rule put into INPUT_direct will be checked before
1701 rules in zones. For runtime operation see
1702 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1703 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1705 addPassthrough(s: ipv, as: args) → Nothing
1707 Add a passthrough rule with the arguments args for ipv being
1708 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1709 For runtime operation see
1710 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1711 Possible errors: INVALID_IPV, ALREADY_ENABLED
1713 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1715 Nothing
1716 Add a rule with the arguments args to chain in table with
1717 priority for ipv being either ipv4 (iptables) or ipv6
1718 (ip6tables) or eb (ebtables). The priority is used to order
1719 rules. Priority 0 means add rule on top of the chain, with a
1720 higher priority the rule will be added further down. Rules with
1721 the same priority are on the same level and the order of these
1722 rules is not fixed and may change. If you want to make sure
1723 that a rule will be added after another one, use a low priority
1724 for the first and a higher for the following. For runtime
1725 operation see
1726 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1727 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1729 getAllChains() → a(sss)
1731 Get all chains added to all tables in format: ipv, table,
1732 chain. This concerns only chains previously added with
1733 addChain. Return value is a array of (ipv, table, chain). For
1734 runtime operation see
1735 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1736 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1738 (ebtables).
1739 table (s): one of filter, mangle, nat, raw, security
1741 chain (s): name of a chain.
1743 getAllPassthroughs() → a(sas)
1746 Get all passthrough rules added in all ipv types in format:
1747 ipv, rule. This concerns only rules previously added with
1748 addPassthrough. Return value is a array of (ipv, array of
1749 arguments). For runtime operation see
1750 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1751 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1753 (ebtables).
1754 arguments (as): array of commands, parameters and other
1756 iptables/ip6tables/ebtables command line options.
1757 getAllRules() → a(sssias)
1760 Get all rules added to all chains in all tables in format: ipv,
1761 table, chain, priority, rule. This concerns only rules
1762 previously added with addRule. Return value is a array of (ipv,
1763 table, chain, priority, array of arguments). For runtime
1764 operation see
1765 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1766 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1768 (ebtables).
1769 table (s): one of filter, mangle, nat, raw, security
1771 chain (s): name of a chain.
1773 priority (i): used to order rules.
1775 arguments (as): array of commands, parameters and other
1777 iptables/ip6tables/ebtables command line options.
1778 getChains(s: ipv, s: table) → as
1781 Return an array of chains (s) added to table for ipv being
1782 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1783 This concerns only chains previously added with addChain. For
1784 runtime operation see
1785 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1786 Possible errors: INVALID_IPV, INVALID_TABLE
1788 getPassthroughs(s: ipv) → aas
1790 Get tracked passthrough rules added in either ipv4 (iptables)
1791 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1792 previously added with addPassthrough. Return value is a array
1793 of (array of arguments). For runtime operation see
1794 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1795 arguments (as): array of commands, parameters and other
1797 iptables/ip6tables/ebtables command line options.
1798 getRules(s: ipv, s: table, s: chain) → a(ias)
1801 Get all rules added to chain in table for ipv being either ipv4
1802 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1803 only rules previously added with addRule. Return value is a
1804 array of (priority, array of arguments). For runtime operation
1805 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1806 priority (i): used to order rules.
1808 arguments (as): array of commands, parameters and other
1810 iptables/ip6tables/ebtables command line options.
1811 Possible errors: INVALID_IPV, INVALID_TABLE
1813 getSettings() → (a(sss)a(sssias)a(sas))
1815 Get settings of permanent direct configuration in format: array
1816 of chains, array of rules, array of passthroughs.
1817 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1819 firewalld.direct(5).
1820 .
1821 .PP rules (a(sssias)): array of (ipv, table,
1822 chain, priority, array of arguments), see 'rule' in
1823 firewalld.direct(5).
1824 .
1825 .PP passthroughs (a(sas)): array of (ipv,
1826 array of arguments), see passthrough in firewalld.direct(5).
1827 .
1828 .sp
1829 queryChain(s: ipv, s: table, s: chain) → b
1831 Return whether a chain exists in table for ipv being either
1832 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1833 concerns only chains previously added with addChain. For
1834 runtime operation see
1835 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1836 Possible errors: INVALID_IPV, INVALID_TABLE
1838 queryPassthrough(s: ipv, as: args) → b
1840 Return whether a tracked passthrough rule with the arguments
1841 args exists for ipv being either ipv4 (iptables) or ipv6
1842 (ip6tables) or eb (ebtables). This concerns only rules
1843 previously added with addPassthrough. For runtime operation see
1844 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1845 Possible errors: INVALID_IPV
1847 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1849 Return whether a rule with priority and the arguments args
1850 exists in chain in table for ipv being either ipv4 (iptables)
1851 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1852 previously added with addRule. For runtime operation see
1853 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1854 Possible errors: INVALID_IPV, INVALID_TABLE
1856 removeChain(s: ipv, s: table, s: chain) → Nothing
1858 Remove a chain from table for ipv being either ipv4 (iptables)
1859 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1860 added with addChain can be removed this way. For runtime
1861 operation see
1862 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1863 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1865 removePassthrough(s: ipv, as: args) → Nothing
1867 Remove a passthrough rule with arguments args for ipv being
1868 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1869 Only rules previously added with addPassthrough can be removed
1870 this way. For runtime operation see
1871 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1872 Possible errors: INVALID_IPV, NOT_ENABLED
1874 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1876 Nothing
1877 Remove a rule with priority and arguments args from chain in
1878 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1879 or eb (ebtables). Only rules previously added with addRule can
1880 be removed this way. For runtime operation see
1881 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1882 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1884 removeRules(s: ipv, s: table, s: chain) → Nothing
1886 Remove all rules from chain in table for ipv being either ipv4
1887 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1888 only rules previously added with addRule. For runtime operation
1889 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1890 Possible errors: INVALID_IPV, INVALID_TABLE
1892 update((a(sss)a(sssias)a(sas)): settings) → Nothing
1894 Update permanent direct configuration with given settings.
1895 Settings are in format: array of chains, array of rules, array
1896 of passthroughs.
1897 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1899 firewalld.direct(5).
1900 .
1901 .PP rules (a(sssias)): array of (ipv, table,
1902 chain, priority, array of arguments), see 'rule' in
1903 firewalld.direct(5).
1904 .
1905 .PP passthroughs (a(sas)): array of (ipv,
1906 array of arguments), see passthrough in firewalld.direct(5).
1907 .
1908 .sp Possible errors: INVALID_TYPE
1909 Signals
1911 Updated()
1912 Emitted when configuration has been updated.
1913 org.fedoraproject.FirewallD1.config.policies
1915 Interface for permanent lockdown-whitelist configuration, see also
1916 firewalld.lockdown-whitelist(5). For runtime configuration see
1917 org.fedoraproject.FirewallD1.policies interface.
1918 Methods
1920 addLockdownWhitelistCommand(s: command) → Nothing
1921 Add command to whitelist. See command option in
1922 firewalld.lockdown-whitelist(5). For runtime operation see
1923 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1924 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1926 addLockdownWhitelistContext(s: context) → Nothing
1928 Add context to whitelist. See selinux option in
1929 firewalld.lockdown-whitelist(5). For runtime operation see
1930 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1931 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1933 addLockdownWhitelistUid(i: uid) → Nothing
1935 Add user id uid to whitelist. See user option in
1936 firewalld.lockdown-whitelist(5). For runtime operation see
1937 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1938 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1940 addLockdownWhitelistUser(s: user) → Nothing
1942 Add user name to whitelist. See user option in
1943 firewalld.lockdown-whitelist(5). For runtime operation see
1944 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1945 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1947 getLockdownWhitelist() → (asasasai)
1949 Get settings of permanent lockdown-whitelist configuration in
1950 format: commands, selinux contexts, users, uids
1951 commands (as): see command option in firewalld.lockdown-
1953 whitelist(5).
1954 selinux contexts (as): see selinux option in
1956 firewalld.lockdown-whitelist(5).
1957 users (as): see name attribute of user option in
1959 firewalld.lockdown-whitelist(5).
1960 uids (ai): see id attribute of user option in
1962 firewalld.lockdown-whitelist(5).
1963 getLockdownWhitelistCommands() → as
1966 List all command lines (s) that are on whitelist. For runtime
1967 operation see
1968 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1969 getLockdownWhitelistContexts() → as
1971 List all contexts (s) that are on whitelist. For runtime
1972 operation see
1973 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
1974 getLockdownWhitelistUids() → ai
1976 List all user ids (i) that are on whitelist. For runtime
1977 operation see
1978 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
1979 getLockdownWhitelistUsers() → as
1981 List all users (s) that are on whitelist. For runtime operation
1982 see
1983 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
1984 queryLockdownWhitelistCommand(s: command) → b
1986 Query whether command is on whitelist. For runtime operation
1987 see
1988 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
1989 queryLockdownWhitelistContext(s: context) → b
1991 Query whether context is on whitelist. For runtime operation
1992 see
1993 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
1994 queryLockdownWhitelistUid(i: uid) → b
1996 Query whether user id uid is on whitelist. For runtime
1997 operation see
1998 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
1999 queryLockdownWhitelistUser(s: user) → b
2001 Query whether user is on whitelist. For runtime operation see
2002 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2003 removeLockdownWhitelistCommand(s: command) → Nothing
2005 Remove command from whitelist. For runtime operation see
2006 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2007 Possible errors: NOT_ENABLED
2009 removeLockdownWhitelistContext(s: context) → Nothing
2011 Remove context from whitelist. For runtime operation see
2012 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2013 Possible errors: NOT_ENABLED
2015 removeLockdownWhitelistUid(i: uid) → Nothing
2017 Remove user id uid from whitelist. For runtime operation see
2018 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2019 Possible errors: NOT_ENABLED
2021 removeLockdownWhitelistUser(s: user) → Nothing
2023 Remove user from whitelist. For runtime operation see
2024 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2025 Possible errors: NOT_ENABLED
2027 setLockdownWhitelist((asasasai): settings) → Nothing
2029 Set permanent lockdown-whitelist configuration to settings.
2030 Settings are in format: commands, selinux contexts, users, uids
2031 commands (as): see command option in firewalld.lockdown-
2033 whitelist(5).
2034 selinux contexts (as): see selinux option in
2036 firewalld.lockdown-whitelist(5).
2037 users (as): see name attribute of user option in
2039 firewalld.lockdown-whitelist(5).
2040 uids (ai): see id attribute of user option in
2042 firewalld.lockdown-whitelist(5).
2043 Possible errors: INVALID_TYPE
2045 Signals
2047 LockdownWhitelistUpdated()
2048 Emitted when permanent lockdown-whitelist configuration has
2049 been updated.
2050 org.fedoraproject.FirewallD1.config.ipset
2052 Interface for permanent ipset configuration, see also
2053 firewalld.ipset(5).
2054 Methods
2056 addEntry(s: entry) → Nothing
2057 Permanently add entry to list of entries of ipset. See entry
2058 tag in firewalld.ipset(5). For runtime operation see
2059 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2060 Possible errors: ALREADY_ENABLED
2062 addOption(s: key, s: value) → Nothing
2064 Permanently add (key, value) to the ipset. See option tag in
2065 firewalld.ipset(5).
2066 Possible errors: ALREADY_ENABLED
2068 getDescription() → s
2070 Get description of ipset. See description tag in
2071 firewalld.ipset(5).
2072 getEntries() → as
2074 Get list of entries added to ipset. See entry tag in
2075 firewalld.ipset(5). For runtime operation see
2076 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2077 Possible errors: IPSET_WITH_TIMEOUT
2079 getOptions() → a{ss}
2081 Get dictionary of options set for ipset. See option tag in
2082 firewalld.ipset(5).
2083 getSettings() → (ssssa{ss}as)
2085 Return permament settings of the ipset. For getting runtime
2086 settings see
2087 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2088 Settings are in format: version, name, description, type,
2089 dictionary of options and array of entries.
2090 version (s): see version attribute of ipset tag in
2092 firewalld.ipset(5).
2093 name (s): see short tag in firewalld.ipset(5).
2095 description (s): see description tag in firewalld.ipset(5).
2097 type (s): see type attribute of ipset tag in
2099 firewalld.ipset(5).
2100 options (a{ss}): dictionary of {option : value} . See options
2102 tag in firewalld.ipset(5).
2103 entries (as): array of entries, see entry tag in
2105 firewalld.ipset(5).
2106 getShort() → s
2109 Get name of ipset. See short tag in firewalld.ipset(5).
2110 getType() → s
2112 Get type of ipset. See type attribute of ipset tag in
2113 firewalld.ipset(5).
2114 getVersion() → s
2116 Get version of ipset. See version attribute of ipset tag in
2117 firewalld.ipset(5).
2118 loadDefaults() → Nothing
2120 Load default settings for built-in ipset.
2121 Possible errors: NO_DEFAULTS
2123 queryEntry(s: entry) → b
2125 Return whether entry has been added to ipset. For runtime
2126 operation see
2127 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2128 queryOption(s: key, s: value) → b
2130 Return whether (key, value) has been added to options of the
2131 ipset.
2132 remove() → Nothing
2134 Remove not built-in ipset.
2135 Possible errors: BUILTIN_IPSET
2137 removeEntry(s: entry) → Nothing
2139 Permanently remove entry from ipset. See entry tag in
2140 firewalld.ipset(5). For runtime operation see
2141 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2142 Possible errors: NOT_ENABLED
2144 removeOption(s: key) → Nothing
2146 Permanently remove key from the ipset. See option tag in
2147 firewalld.ipset(5).
2148 Possible errors: NOT_ENABLED
2150 rename(s: name) → Nothing
2152 Rename not built-in ipset to name.
2153 Possible errors: BUILTIN_IPSET
2155 setDescription(s: description) → Nothing
2157 Permanently set description of ipset to description. See
2158 description tag in firewalld.ipset(5).
2159 setEntries(as: entries) → Nothing
2161 Permanently set list of entries to entries. See entry tag in
2162 firewalld.ipset(5).
2163 setOptions(a{ss}: options) → Nothing
2165 Permanently set dict of options to options. See option tag in
2166 firewalld.ipset(5).
2167 setShort(s: short) → Nothing
2169 Permanently set name of ipset to short. See short tag in
2170 firewalld.ipset(5).
2171 setType(s: ipset_type) → Nothing
2173 Permanently set type of ipset to ipset_type. See type attribute
2174 of ipset tag in firewalld.ipset(5).
2175 setVersion(s: version) → Nothing
2177 Permanently set version of ipset to version. See version
2178 attribute of ipset tag in firewalld.ipset(5).
2179 update((ssssa{ss}as): settings) → Nothing
2181 Update settings of ipset to settings. Settings are in format:
2182 version, name, description, type, dictionary of options and
2183 array of entries.
2184 version (s): see version attribute of ipset tag in
2186 firewalld.ipset(5).
2187 name (s): see short tag in firewalld.ipset(5).
2189 description (s): see description tag in firewalld.ipset(5).
2191 type (s): see type attribute of ipset tag in
2193 firewalld.ipset(5).
2194 options (a{ss}): dictionary of {option : value} . See options
2196 tag in firewalld.ipset(5).
2197 entries (as): array of entries, see entry tag in
2199 firewalld.ipset(5).
2200 Possible errors: INVALID_TYPE
2202 Signals
2204 Removed(s: name)
2205 Emitted when ipset with name has been removed.
2206 Renamed(s: name)
2208 Emitted when ipset has been renamed to name.
2209 Updated(s: name)
2211 Emitted when ipset with name has been updated.
2212 Properties
2214 builtin - b - (ro)
2215 True if ipset is build-in, false else.
2216 default - b - (ro)
2218 True if build-in ipset has default settings. False if it has
2219 been modified. Always False for not build-in ipsets.
2220 filename - s - (ro)
2222 Name (including .xml extension) of file where the configuration
2223 is stored.
2224 name - s - (ro)
2226 Name of ipset.
2227 path - s - (ro)
2229 Path to directory where the ipset configuration is stored.
2230 Should be either /usr/lib/firewalld/ipsets or
2231 /etc/firewalld/ipsets.
2232 org.fedoraproject.FirewallD1.config.zone
2234 Interface for permanent zone configuration, see also firewalld.zone(5).
2235 Methods
2237 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2238 Nothing
2239 Permanently add (port, protocol, toport, toaddr) to list of
2240 forward ports of zone. See forward-port tag in
2241 firewalld.zone(5). For runtime operation see
2242 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2243 Possible errors: ALREADY_ENABLED
2245 addIcmpBlock(s: icmptype) → Nothing
2247 Permanently add icmptype to list of icmp types blocked in zone.
2248 See icmp-block tag in firewalld.zone(5). For runtime operation
2249 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2250 Possible errors: ALREADY_ENABLED
2252 addIcmpBlock(s: icmptype) → Nothing
2254 Permanently add icmp block inversion to zone. See
2255 icmp-block-inversion tag in firewalld.zone(5). For runtime
2256 operation see
2257 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2258 Possible errors: ALREADY_ENABLED
2260 addInterface(s: interface) → Nothing
2262 Permanently add interface to list of interfaces bound to zone.
2263 See interface tag in firewalld.zone(5). For runtime operation
2264 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2265 Possible errors: ALREADY_ENABLED
2267 addMasquerade() → Nothing
2269 Permanently enable masquerading in zone. See masquerade tag in
2270 firewalld.zone(5). For runtime operation see
2271 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2272 Possible errors: ALREADY_ENABLED
2274 addPort(s: port, s: protocol) → Nothing
2276 Permanently add (port, protocol) to list of ports of zone. See
2277 port tag in firewalld.zone(5). For runtime operation see
2278 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2279 Possible errors: ALREADY_ENABLED
2281 addProtocol(s: protocol) → Nothing
2283 Permanently add protocol into zone. The protocol can be any
2284 protocol supported by the system. Please have a look at
2285 /etc/protocols for supported protocols. For runtime operation
2286 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2287 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2289 addRichRule(s: rule) → Nothing
2291 Permanently add rule to list of rich-language rules in zone.
2292 See rule tag in firewalld.zone(5). For runtime operation see
2293 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2294 Possible errors: ALREADY_ENABLED
2296 addService(s: service) → Nothing
2298 Permanently add service to list of services used in zone. See
2299 service tag in firewalld.zone(5). For runtime operation see
2300 org.fedoraproject.FirewallD1.zone.Methods.addService.
2301 Possible errors: ALREADY_ENABLED
2303 addSource(s: source) → Nothing
2305 Permanently add source to list of source addresses bound to
2306 zone. See source tag in firewalld.zone(5). For runtime
2307 operation see
2308 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2309 Possible errors: ALREADY_ENABLED
2311 addSourcePort(s: port, s: protocol) → Nothing
2313 Permanently add (port, protocol) to list of source ports of
2314 zone. See source-port tag in firewalld.zone(5). For runtime
2315 operation see
2316 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2317 Possible errors: ALREADY_ENABLED
2319 getDescription() → s
2321 Get description of zone. See description tag in
2322 firewalld.zone(5).
2323 getForwardPorts() → a(ssss)
2325 Get list of (port, protocol, toport, toaddr) defined in zone.
2326 See forward-port tag in firewalld.zone(5). For runtime
2327 operation see
2328 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2329 getIcmpBlockInversion() → b
2331 Get icmp block inversion flag of zone. See icmp-block-inversion
2332 tag in firewalld.zone(5).
2333 getIcmpBlocks() → as
2335 Get list of icmp type names blocked in zone. See icmp-block tag
2336 in firewalld.zone(5). For runtime operation see
2337 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2338 getInterfaces() → as
2340 Get list of interfaces bound to zone. See interface tag in
2341 firewalld.zone(5). For runtime operation see
2342 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2343 getMasquerade() → b
2345 Return whether masquerade is enabled in zone. This is the same
2346 as queryMasquerade() method. See masquerade tag in
2347 firewalld.zone(5).
2348 getPorts() → a(ss)
2350 Get list of (port, protocol) defined in zone. See port tag in
2351 firewalld.zone(5). For runtime operation see
2352 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2353 getProtocols() → as
2355 Return array of protocols (s) previously enabled in zone. For
2356 getting runtime settings see
2357 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2358 getRichRules() → as
2360 Get list of rich-language rules in zone. See rule tag in
2361 firewalld.zone(5). For runtime operation see
2362 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2363 getServices() → as
2365 Get list of service names used in zone. See service tag in
2366 firewalld.zone(5). For runtime operation see
2367 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2368 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2370 Return permanent settings of given zone. For getting runtime
2371 settings see
2372 org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2373 are in format: version, name, description, UNUSED, target,
2374 array of services, array of ports (port, protocol), array of
2375 icmp-blocks, masquerade, array of forward-ports (port,
2376 protocol, to-port, to-addr), array of interfaces, array of
2377 sources, array of rich rules, array of protocols and array of
2378 source-ports (port, protocol).
2379 version (s): see version attribute of zone tag in
2381 firewalld.zone(5).
2382 name (s): see short tag in firewalld.zone(5).
2384 description (s): see description tag in firewalld.zone(5).
2386 UNUSED (b): this boolean value is no longer used for anything.
2388 target (s): see target attribute of zone tag in
2390 firewalld.zone(5).
2391 services (as): array of service names, see service tag in
2393 firewalld.zone(5).
2394 ports (a(ss)): array of port and protocol pairs. See port tag
2396 in firewalld.zone(5).
2397 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2399 firewalld.zone(5).
2400 masquerade (b): see masquerade tag in firewalld.zone(5).
2402 forward-ports (a(ssss)): array of (port, protocol, to-port,
2404 to-addr). See forward-port tag in firewalld.zone(5).
2405 interfaces (as): array of interfaces. See interface tag in
2407 firewalld.zone(5).
2408 source addresses (as): array of source addresses. See source
2410 tag in firewalld.zone(5).
2411 rich rules (as): array of rich-language rules. See rule tag in
2413 firewalld.zone(5).
2414 protocols (as): array of protocols. See protocol tag in
2416 firewalld.zone(5).
2417 source-ports (a(ss)): array of port and protocol pairs. See
2419 source-port tag in firewalld.zone(5).
2420 getShort() → s
2423 Get name of zone. See short tag in firewalld.zone(5).
2424 getSourcePorts() → a(ss)
2426 Get list of (port, protocol) defined in zone. See source-port
2427 tag in firewalld.zone(5). For runtime operation see
2428 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2429 getSources() → as
2431 Get list of source addresses bound to zone. See source tag in
2432 firewalld.zone(5). For runtime operation see
2433 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2434 getTarget() → s
2436 Get target of zone. See target attribute of zone tag in
2437 firewalld.zone(5).
2438 getVersion() → s
2440 Get version of zone. See version attribute of zone tag in
2441 firewalld.zone(5).
2442 loadDefaults() → Nothing
2444 Load default settings for built-in zone.
2445 Possible errors: NO_DEFAULTS
2447 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2449 Return whether (port, protocol, toport, toaddr) is in list of
2450 forward ports of zone. See forward-port tag in
2451 firewalld.zone(5). For runtime operation see
2452 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2453 queryIcmpBlock(s: icmptype) → b
2455 Return whether icmptype is in list of icmp types blocked in
2456 zone. See icmp-block tag in firewalld.zone(5). For runtime
2457 operation see
2458 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2459 queryIcmpBlockInversion() → b
2461 Return whether icmp block inversion is in enabled in zone. See
2462 icmp-block-inversion tag in firewalld.zone(5). For runtime
2463 operation see
2464 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2465 queryInterface(s: interface) → b
2467 Return whether interface is in list of interfaces bound to
2468 zone. See interface tag in firewalld.zone(5). For runtime
2469 operation see
2470 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2471 queryMasquerade() → b
2473 Return whether masquerade is enabled in zone. This is the same
2474 as getMasquerade() method. See masquerade tag in
2475 firewalld.zone(5). For runtime operation see
2476 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2477 queryPort(s: port, s: protocol) → b
2479 Return whether (port, protocol) is in list of ports of zone.
2480 See port tag in firewalld.zone(5). For runtime operation see
2481 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2482 queryProtocol(s: protocol) → b
2484 Return whether protocol has been added in zone. For runtime
2485 operation see
2486 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2487 Possible errors: INVALID_PROTOCOL
2489 queryRichRule(s: rule) → b
2491 Return whether rule is in list of rich-language rules in zone.
2492 See rule tag in firewalld.zone(5). For runtime operation see
2493 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2494 queryService(s: service) → b
2496 Return whether service is in list of services used in zone. See
2497 service tag in firewalld.zone(5). For runtime operation see
2498 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2499 querySource(s: source) → b
2501 Return whether source is in list of source addresses bound to
2502 zone. See source tag in firewalld.zone(5). For runtime
2503 operation see
2504 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2505 querySourcePort(s: port, s: protocol) → b
2507 Return whether (port, protocol) is in list of source ports of
2508 zone. See source-port tag in firewalld.zone(5). For runtime
2509 operation see
2510 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2511 remove() → Nothing
2513 Remove not built-in zone.
2514 Possible errors: BUILTIN_ZONE
2516 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2518 Nothing
2519 Permanently remove (port, protocol, toport, toaddr) from list
2520 of forward ports of zone. See forward-port tag in
2521 firewalld.zone(5). For runtime operation see
2522 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2523 Possible errors: NOT_ENABLED
2525 removeIcmpBlock(s: icmptype) → Nothing
2527 Permanently remove icmptype from list of icmp types blocked in
2528 zone. See icmp-block tag in firewalld.zone(5). For runtime
2529 operation see
2530 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2531 Possible errors: NOT_ENABLED
2533 removeIcmpBlockInversion() → Nothing
2535 Permanently remove icmp block inversion from the zone. See
2536 icmp-block-inversion tag in firewalld.zone(5). For runtime
2537 operation see
2538 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2539 Possible errors: NOT_ENABLED
2541 removeInterface(s: interface) → Nothing
2543 Permanently remove interface from list of interfaces bound to
2544 zone. See interface tag in firewalld.zone(5). For runtime
2545 operation see
2546 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2547 Possible errors: NOT_ENABLED
2549 removeMasquerade() → Nothing
2551 Permanently disable masquerading in zone. See masquerade tag in
2552 firewalld.zone(5). For runtime operation see
2553 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2554 Possible errors: NOT_ENABLED
2556 removePort(s: port, s: protocol) → Nothing
2558 Permanently remove (port, protocol) from list of ports of zone.
2559 See port tag in firewalld.zone(5). For runtime operation see
2560 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2561 Possible errors: NOT_ENABLED
2563 removeProtocol(s: protocol) → Nothing
2565 Permanently remove protocol from zone. For runtime operation
2566 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2567 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2569 removeRichRule(s: rule) → Nothing
2571 Permanently remove rule from list of rich-language rules in
2572 zone. See rule tag in firewalld.zone(5). For runtime operation
2573 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2574 Possible errors: NOT_ENABLED
2576 removeService(s: service) → Nothing
2578 Permanently remove service from list of services used in zone.
2579 See service tag in firewalld.zone(5). For runtime operation see
2580 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2581 Possible errors: NOT_ENABLED
2583 removeSource(s: source) → Nothing
2585 Permanently remove source from list of source addresses bound
2586 to zone. See source tag in firewalld.zone(5). For runtime
2587 operation see
2588 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2589 Possible errors: NOT_ENABLED
2591 removeSourcePort(s: port, s: protocol) → Nothing
2593 Permanently remove (port, protocol) from list of source ports
2594 of zone. See source-port tag in firewalld.zone(5). For runtime
2595 operation see
2596 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2597 Possible errors: NOT_ENABLED
2599 rename(s: name) → Nothing
2601 Rename not built-in zone to name.
2602 Possible errors: BUILTIN_ZONE
2604 setDescription(s: description) → Nothing
2606 Permanently set description of zone to description. See
2607 description tag in firewalld.zone(5).
2608 setForwardPorts(a(ssss): ports) → Nothing
2610 Permanently set forward ports of zone to list of (port,
2611 protocol, toport, toaddr). See forward-port tag in
2612 firewalld.zone(5).
2613 setIcmpBlockInversion(b: flag) → Nothing
2615 Permanently set icmp block inversion flag of zone to flag. See
2616 icmp-block-inversion tag in firewalld.zone(5).
2617 setIcmpBlocks(as: icmptypes) → Nothing
2619 Permanently set list of icmp types blocked in zone to
2620 icmptypes. See icmp-block tag in firewalld.zone(5).
2621 setInterfaces(as: interfaces) → Nothing
2623 Permanently set list of interfaces bound to zone to interfaces.
2624 See interface tag in firewalld.zone(5).
2625 setMasquerade(b: masquerade) → Nothing
2627 Permanently set masquerading in zone to masquerade. See
2628 masquerade tag in firewalld.zone(5).
2629 setPorts(a(ss): ports) → Nothing
2631 Permanently set ports of zone to list of (port, protocol). See
2632 port tag in firewalld.zone(5).
2633 setProtocols(as: protocols) → Nothing
2635 Permanently set list of protocols used in zone to protocols.
2636 See protocol tag in firewalld.zone(5).
2637 setRichRules(as: rules) → Nothing
2639 Permanently set list of rich-language rules to rules. See rule
2640 tag in firewalld.zone(5).
2641 setServices(as: services) → Nothing
2643 Permanently set list of services used in zone to services. See
2644 service tag in firewalld.zone(5).
2645 setShort(s: short) → Nothing
2647 Permanently set name of zone to short. See short tag in
2648 firewalld.zone(5).
2649 setSourcePorts(a(ss): ports) → Nothing
2651 Permanently set source-ports of zone to list of (port,
2652 protocol). See source-port tag in firewalld.zone(5).
2653 setSources(as: sources) → Nothing
2655 Permanently set list of source addresses bound to zone to
2656 sources. See source tag in firewalld.zone(5).
2657 setTarget(s: target) → Nothing
2659 Permanently set target of zone to target. See target attribute
2660 of zone tag in firewalld.zone(5).
2661 setVersion(s: version) → Nothing
2663 Permanently set version of zone to version. See version
2664 attribute of zone tag in firewalld.zone(5).
2665 update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2667 Update settings of zone to settings. Settings are in format:
2668 version, name, description, UNUSED, target, array of services,
2669 array of ports (port, protocol), array of icmp-blocks,
2670 masquerade, array of forward-ports (port, protocol, to-port,
2671 to-addr), array of interfaces, array of sources, array of rich
2672 rules, array of protocols and array of source-ports (port,
2673 protocol).
2674 version (s): see version attribute of zone tag in
2676 firewalld.zone(5).
2677 name (s): see short tag in firewalld.zone(5).
2679 description (s): see description tag in firewalld.zone(5).
2681 UNUSED (b): this boolean value is no longer used for anything.
2683 target (s): see target attribute of zone tag in
2685 firewalld.zone(5).
2686 services (as): array of service names, see service tag in
2688 firewalld.zone(5).
2689 ports (a(ss)): array of port and protocol pairs. See port tag
2691 in firewalld.zone(5).
2692 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2694 firewalld.zone(5).
2695 masquerade (b): see masquerade tag in firewalld.zone(5).
2697 forward-ports (a(ssss)): array of (port, protocol, to-port,
2699 to-addr). See forward-port tag in firewalld.zone(5).
2700 interfaces (as): array of interfaces. See interface tag in
2702 firewalld.zone(5).
2703 source addresses (as): array of source addresses. See source
2705 tag in firewalld.zone(5).
2706 rich rules (as): array of rich-language rules. See rule tag in
2708 firewalld.zone(5).
2709 protocols (as): array of protocols. See protocol tag in
2711 firewalld.zone(5).
2712 source-ports (a(ss)): array of port and protocol pairs. See
2714 source-port tag in firewalld.zone(5).
2715 Possible errors: INVALID_TYPE
2717 Signals
2719 Removed(s: name)
2720 Emitted when zone with name has been removed.
2721 Renamed(s: name)
2723 Emitted when zone has been renamed to name.
2724 Updated(s: name)
2726 Emitted when zone with name has been updated.
2727 Properties
2729 builtin - b - (ro)
2730 True if zone is build-in, false else.
2731 default - b - (ro)
2733 True if build-in zone has default settings. False if it has
2734 been modified. Always False for not build-in zones.
2735 filename - s - (ro)
2737 Name (including .xml extension) of file where the configuration
2738 is stored.
2739 name - s - (ro)
2741 Name of zone.
2742 path - s - (ro)
2744 Path to directory where the zone configuration is stored.
2745 Should be either /usr/lib/firewalld/zones or
2746 /etc/firewalld/zones.
2747 org.fedoraproject.FirewallD1.config.service
2749 Interface for permanent service configuration, see also
2750 firewalld.service(5).
2751 Methods
2753 addModule(s: module) → Nothing
2754 Permanently add module to list of modules (netfilter kernel
2755 helpers) used in service. See module tag in
2756 firewalld.service(5).
2757 Possible errors: ALREADY_ENABLED
2759 addPort(s: port, s: protocol) → Nothing
2761 Permanently add (port, protocol) to list of ports in service.
2762 See port tag in firewalld.service(5).
2763 Possible errors: ALREADY_ENABLED
2765 addProtocol(s: protocol) → Nothing
2767 Permanently add protocol into zone. The protocol can be any
2768 protocol supported by the system. Please have a look at
2769 /etc/protocols for supported protocols. See protocol tag in
2770 firewalld.service(5).
2771 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2773 addSourcePort(s: port, s: protocol) → Nothing
2775 Permanently add (port, protocol) to list of source ports in
2776 service. See source-port tag in firewalld.service(5).
2777 Possible errors: ALREADY_ENABLED
2779 getDescription() → s
2781 Get description of service. See description tag in
2782 firewalld.service(5).
2783 getDestination(s: family) → s
2785 Get destination for IP family being either 'ipv4' or 'ipv6'.
2786 See destination tag in firewalld.service(5).
2787 Possible errors: ALREADY_ENABLED
2789 getDestinations() → a{ss}
2791 Get list of destinations. Return value is a dictionary of {IP
2792 family : IP address} where 'IP family' key can be either 'ipv4'
2793 or 'ipv6'. See destination tag in firewalld.service(5).
2794 getModules() → as
2796 Get list of modules (netfilter kernel helpers) used in service.
2797 See module tag in firewalld.service(5).
2798 getPorts() → a(ss)
2800 Get list of (port, protocol) defined in service. See port tag
2801 in firewalld.service(5).
2802 getProtocols() → as
2804 Return array of protocols (s) defined in service. See protocol
2805 tag in firewalld.service(5).
2806 getSettings() → (sssa(ss)asa{ss}asa(ss))
2808 Return permanent settings of a service. For getting runtime
2809 settings see
2810 org.fedoraproject.FirewallD1.Methods.getServiceSettings.
2811 Settings are in format: version, name, description, array of
2812 ports (port, protocol), array of module names, dictionary of
2813 destinations, array of protocols and array of source-ports
2814 (port, protocol).
2815 version (s): see version attribute of service tag in
2817 firewalld.service(5).
2818 name (s): see short tag in firewalld.service(5).
2820 description (s): see description tag in firewalld.service(5).
2822 ports (a(ss)): array of port and protocol pairs. See port tag
2824 in firewalld.service(5).
2825 module names (as): array of kernel netfilter helpers, see
2827 module tag in firewalld.service(5).
2828 destinations (a{ss}): dictionary of {IP family : IP address}
2830 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2831 destination tag in firewalld.service(5).
2832 protocols (as): array of protocols. See protocol tag in
2834 firewalld.service(5).
2835 source-ports (a(ss)): array of port and protocol pairs. See
2837 source-port tag in firewalld.service(5).
2838 getShort() → s
2841 Get name of service. See short tag in firewalld.service(5).
2842 getSourcePorts() → a(ss)
2844 Get list of (port, protocol) defined in service. See
2845 source-port tag in firewalld.service(5).
2846 getVersion() → s
2848 Get version of service. See version attribute of service tag in
2849 firewalld.service(5).
2850 loadDefaults() → Nothing
2852 Load default settings for built-in service.
2853 Possible errors: NO_DEFAULTS
2855 queryDestination(s: family, s: address) → b
2857 Return whether a destination is in dictionary of destinations
2858 of this service. destination is in format: (IP family, IP
2859 address) where IP family can be either 'ipv4' or 'ipv6'. See
2860 destination tag in firewalld.service(5).
2861 queryModule(s: module) → b
2863 Return whether module is in list of modules (netfilter kernel
2864 helpers) used in service. See module tag in
2865 firewalld.service(5).
2866 queryPort(s: port, s: protocol) → b
2868 Return whether (port, protocol) is in list of ports in service.
2869 See port tag in firewalld.service(5).
2870 queryProtocol(s: protocol) → b
2872 Return whether protocol is in list of protocols in service. See
2873 protocol tag in firewalld.service(5).
2874 querySourcePort(s: port, s: protocol) → b
2876 Return whether (port, protocol) is in list of source ports in
2877 service. See source-port tag in firewalld.service(5).
2878 remove() → Nothing
2880 Remove not built-in service.
2881 Possible errors: BUILTIN_SERVICE
2883 removeDestination(s: family) → Nothing
2885 Permanently remove a destination with family ('ipv4' or 'ipv6')
2886 from service. See destination tag in firewalld.service(5).
2887 Possible errors: NOT_ENABLED
2889 removeModule(s: module) → Nothing
2891 Permanently remove module from list of modules (netfilter
2892 kernel helpers) used in service. See module tag in
2893 firewalld.service(5).
2894 Possible errors: NOT_ENABLED
2896 removePort(s: port, s: protocol) → Nothing
2898 Permanently remove (port, protocol) from list of ports in
2899 service. See port tag in firewalld.service(5).
2900 Possible errors: NOT_ENABLED
2902 removeProtocol(s: protocol) → Nothing
2904 Permanently remove protocol from list of protocols in service.
2905 See protocol tag in firewalld.service(5).
2906 Possible errors: NOT_ENABLED
2908 removeSourcePort(s: port, s: protocol) → Nothing
2910 Permanently remove (port, protocol) from list of source ports
2911 in service. See source-port tag in firewalld.service(5).
2912 Possible errors: NOT_ENABLED
2914 rename(s: name) → Nothing
2916 Rename not built-in service to name.
2917 Possible errors: BUILTIN_SERVICE
2919 setDescription(s: description) → Nothing
2921 Permanently set description of service to description. See
2922 description tag in firewalld.service(5).
2923 setDestination(s: family, s: address) → Nothing
2925 Permanently set a destination address. destination is in
2926 format: (IP family, IP address) where IP family can be either
2927 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2928 Possible errors: ALREADY_ENABLED
2930 setDestinations(a{ss}: destinations) → Nothing
2932 Permanently set destinations of service to destinations, which
2933 is a dictionary of {IP family : IP address} where 'IP family'
2934 key can be either 'ipv4' or 'ipv6'. See destination tag in
2935 firewalld.service(5).
2936 setModules(as: modules) → Nothing
2938 Permanently set list of modules (netfilter kernel helpers) used
2939 in service to modules. See module tag in firewalld.service(5).
2940 setPorts(a(ss): ports) → Nothing
2942 Permanently set ports of service to list of (port, protocol).
2943 See port tag in firewalld.service(5).
2944 setProtocols(as: protocols) → Nothing
2946 Permanently set protocols of service to list of protocols. See
2947 protocol tag in firewalld.service(5).
2948 setShort(s: short) → Nothing
2950 Permanently set name of service to short. See short tag in
2951 firewalld.service(5).
2952 setSourcePorts(a(ss): ports) → Nothing
2954 Permanently set source-ports of service to list of (port,
2955 protocol). See source-port tag in firewalld.service(5).
2956 setVersion(s: version) → Nothing
2958 Permanently set version of service to version. See version
2959 attribute of service tag in firewalld.service(5).
2960 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2962 Update settings of service to settings. Settings are in format:
2963 version, name, description, array of ports (port, protocol),
2964 array of module names, dictionary of destinations, array of
2965 protocols and array of source-ports (port, protocol).
2966 version (s): see version attribute of service tag in
2968 firewalld.service(5).
2969 name (s): see short tag in firewalld.service(5).
2971 description (s): see description tag in firewalld.service(5).
2973 ports (a(ss)): array of port and protocol pairs. See port tag
2975 in firewalld.service(5).
2976 module names (as): array of kernel netfilter helpers, see
2978 module tag in firewalld.service(5).
2979 destinations (a{ss}): dictionary of {IP family : IP address}
2981 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2982 destination tag in firewalld.service(5).
2983 protocols (as): array of protocols. See protocol tag in
2985 firewalld.service(5).
2986 Possible errors: INVALID_TYPE
2988 Signals
2990 Removed(s: name)
2991 Emitted when service with name has been removed.
2992 Renamed(s: name)
2994 Emitted when service has been renamed to name.
2995 Updated(s: name)
2997 Emitted when service with name has been updated.
2998 Properties
3000 builtin - b - (ro)
3001 True if service is build-in, false else.
3002 default - b - (ro)
3004 True if build-in service has default settings. False if it has
3005 been modified. Always False for not build-in services.
3006 filename - s - (ro)
3008 Name (including .xml extension) of file where the configuration
3009 is stored.
3010 name - s - (ro)
3012 Name of service.
3013 path - s - (ro)
3015 Path to directory where the configuration is stored. Should be
3016 either /usr/lib/firewalld/services or /etc/firewalld/services.
3017 org.fedoraproject.FirewallD1.config.helper
3019 Interface for permanent helper configuration, see also
3020 firewalld.helper(5).
3021 Methods
3023 addPort(s: port, s: protocol) → Nothing
3024 Permanently add (port, protocol) to list of ports in helper.
3025 See port tag in firewalld.helper(5).
3026 Possible errors: ALREADY_ENABLED
3028 getDescription() → s
3030 Get description of helper. See description tag in
3031 firewalld.helper(5).
3032 getFamily() → s
3034 Get family being 'ipv4', 'ipv6' or empty for both. See family
3035 tag in firewalld.helper(5).
3036 getModule() → s
3038 Get modules (netfilter kernel helpers) used in helper. See
3039 module tag in firewalld.helper(5).
3040 getPorts() → a(ss)
3042 Get list of (port, protocol) defined in helper. See port tag in
3043 firewalld.helper(5).
3044 getSettings() → (sssssa(ss))
3046 Return permanent settings of a helper. For getting runtime
3047 settings see
3048 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3049 Settings are in format: version, name, description, family,
3050 module, array of ports (port, protocol).
3051 version (s): see version attribute of helper tag in
3053 firewalld.helper(5).
3054 name (s): see short tag in firewalld.helper(5).
3056 description (s): see description tag in firewalld.helper(5).
3058 family (s): see family tag in firewalld.helper(5).
3060 module (s): see module tag in firewalld.helper(5).
3062 ports (a(ss)): array of port and protocol pairs. See port tag
3064 in firewalld.helper(5).
3065 getShort() → s
3068 Get name of helper. See short tag in firewalld.helper(5).
3069 getVersion() → s
3071 Get version of helper. See version attribute of helper tag in
3072 firewalld.helper(5).
3073 loadDefaults() → Nothing
3075 Load default settings for built-in helper.
3076 Possible errors: NO_DEFAULTS
3078 queryFamily(s: module) → b
3080 Return whether family is set for helper. See family tag in
3081 firewalld.helper(5).
3082 queryModule(s: module) → b
3084 Return whether module (netfilter kernel helpers) is used in
3085 helper. See module tag in firewalld.helper(5).
3086 queryPort(s: port, s: protocol) → b
3088 Return whether (port, protocol) is in list of ports in helper.
3089 See port tag in firewalld.helper(5).
3090 remove() → Nothing
3092 Remove not built-in helper.
3093 Possible errors: BUILTIN_HELPER
3095 removePort(s: port, s: protocol) → Nothing
3097 Permanently remove (port, protocol) from list of ports in
3098 helper. See port tag in firewalld.helper(5).
3099 Possible errors: NOT_ENABLED
3101 rename(s: name) → Nothing
3103 Rename not built-in helper to name.
3104 Possible errors: BUILTIN_HELPER
3106 setDescription(s: description) → Nothing
3108 Permanently set description of helper to description. See
3109 description tag in firewalld.helper(5).
3110 setFamily(s: family) → Nothing
3112 Permanently set family of helper to family. See family tag in
3113 firewalld.helper(5).
3114 setModule(s: module) → Nothing
3116 Permanently set module of helper to description. See module tag
3117 in firewalld.helper(5).
3118 setPorts(a(ss): ports) → Nothing
3120 Permanently set ports of helper to list of (port, protocol).
3121 See port tag in firewalld.helper(5).
3122 setShort(s: short) → Nothing
3124 Permanently set name of helper to short. See short tag in
3125 firewalld.helper(5).
3126 setVersion(s: version) → Nothing
3128 Permanently set version of helper to version. See version
3129 attribute of helper tag in firewalld.helper(5).
3130 update((sssssa(ss)): settings) → Nothing
3132 Update settings of helper to settings. Settings are in format:
3133 version, name, description, family, module and array of ports.
3134 version (s): see version attribute of helper tag in
3136 firewalld.helper(5).
3137 name (s): see short tag in firewalld.helper(5).
3139 description (s): see description tag in firewalld.helper(5).
3141 family (s): see family tag in firewalld.helper(5).
3143 module (s): see module tag in firewalld.helper(5).
3145 ports (a(ss)): array of port and protocol pairs. See port tag
3147 in firewalld.helper(5).
3148 Possible errors: INVALID_HELPER
3150 Signals
3152 Removed(s: name)
3153 Emitted when helper with name has been removed.
3154 Renamed(s: name)
3156 Emitted when helper has been renamed to name.
3157 Updated(s: name)
3159 Emitted when helper with name has been updated.
3160 Properties
3162 builtin - b - (ro)
3163 True if helper is build-in, false else.
3164 default - b - (ro)
3166 True if build-in helper has default settings. False if it has
3167 been modified. Always False for not build-in helpers.
3168 filename - s - (ro)
3170 Name (including .xml extension) of file where the configuration
3171 is stored.
3172 name - s - (ro)
3174 Name of helper.
3175 path - s - (ro)
3177 Path to directory where the configuration is stored. Should be
3178 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3179 org.fedoraproject.FirewallD1.config.icmptype
3181 Interface for permanent icmp type configuration, see also
3182 firewalld.icmptype(5).
3183 Methods
3185 addDestination(s: destination) → Nothing
3186 Permanently add a destination ('ipv4' or 'ipv6') to list of
3187 destinations of this icmp type. See destination tag in
3188 firewalld.icmptype(5).
3189 Possible errors: ALREADY_ENABLED
3191 getDescription() → s
3193 Get description of icmp type. See description tag in
3194 firewalld.icmptype(5).
3195 getDestinations() → as
3197 Get list of destinations. See destination tag in
3198 firewalld.icmptype(5).
3199 getSettings() → (sssas)
3201 Return permanent settings of icmp type. For getting runtime
3202 settings see
3203 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3204 Settings are in format: version, name, description, array of
3205 destinations.
3206 version (s): see version attribute of icmptype tag in
3208 firewalld.icmptype(5).
3209 name (s): see short tag in firewalld.icmptype(5).
3211 description (s): see description tag in firewalld.icmptype(5).
3213 destinations (as): array, either empty or containing strings
3215 'ipv4' and/or 'ipv6', see destination tag in
3216 firewalld.icmptype(5).
3217 getShort() → s
3220 Get name of icmp type. See short tag in firewalld.icmptype(5).
3221 getVersion() → s
3223 Get version of icmp type. See version attribute of icmptype tag
3224 in firewalld.icmptype(5).
3225 loadDefaults() → Nothing
3227 Load default settings for built-in icmp type.
3228 Possible errors: NO_DEFAULTS
3230 queryDestination(s: destination) → b
3232 Return whether a destination ('ipv4' or 'ipv6') is in list of
3233 destinations of this icmp type. See destination tag in
3234 firewalld.icmptype(5).
3235 remove() → Nothing
3237 Remove not built-in icmp type.
3238 Possible errors: BUILTIN_ICMPTYPE
3240 removeDestination(s: destination) → Nothing
3242 Permanently remove a destination ('ipv4' or 'ipv6') from list
3243 of destinations of this icmp type. See destination tag in
3244 firewalld.icmptype(5).
3245 Possible errors: NOT_ENABLED
3247 rename(s: name) → Nothing
3249 Rename not built-in icmp type to name.
3250 Possible errors: BUILTIN_ICMPTYPE
3252 setDescription(s: description) → Nothing
3254 Permanently set description of icmp type to description. See
3255 description tag in firewalld.icmptype(5).
3256 setDestinations(as: destinations) → Nothing
3258 Permanently set destinations of icmp type to destinations,
3259 which is array, either empty or containing strings 'ipv4'
3260 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3261 setShort(s: short) → Nothing
3263 Permanently set name of icmp type to short. See short tag in
3264 firewalld.icmptype(5).
3265 setVersion(s: version) → Nothing
3267 Permanently set version of icmp type to version. See version
3268 attribute of icmptype tag in firewalld.icmptype(5).
3269 update((sssas): settings) → Nothing
3271 Update permanent settings of icmp type to settings. Settings
3272 are in format: version, name, description, array of
3273 destinations.
3274 version (s): see version attribute of icmptype tag in
3276 firewalld.icmptype(5).
3277 name (s): see short tag in firewalld.icmptype(5).
3279 description (s): see description tag in firewalld.icmptype(5).
3281 destinations (as): array, either empty or containing strings
3283 'ipv4' and/or 'ipv6', see destination tag in
3284 firewalld.icmptype(5).
3285 Signals
3288 Removed(s: name)
3289 Emitted when icmp type with name has been removed.
3290 Renamed(s: name)
3292 Emitted when icmp type has been renamed to name.
3293 Updated(s: name)
3295 Emitted when icmp type with name has been updated.
3296 Properties
3298 builtin - b - (ro)
3299 True if icmptype is build-in, false else.
3300 default - b - (ro)
3302 True if build-in icmp type has default settings. False if it
3303 has been modified. Always False for not build-in zones.
3304 filename - s - (ro)
3306 Name (including .xml extension) of file where the configuration
3307 is stored.
3308 name - s - (ro)
3310 Name of icmp type.
3311 path - s - (ro)
3313 Path to directory where the icmp type configuration is stored.
3314 Should be either /usr/lib/firewalld/icmptypes or
3315 /etc/firewalld/icmptypes.
3316
3318 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3319 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3320 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3321 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3322 firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3323 firewalld.helper(5)
3324
3326 firewalld home page:
3327 http://firewalld.org
3328 More documentation with examples:
3330 http://fedoraproject.org/wiki/FirewallD
3331
3333 Thomas Woerner <twoerner@redhat.com>
3334 Developer
3335 Jiri Popelka <jpopelka@redhat.com>
3337 Developer
3338firewalld 0.6.4 FIREWALLD.DBUS(5)