1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
3
4
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11
12 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21
22 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29
30 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35
36 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41
42 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47
48 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
54
55
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61
62 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67
68 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75
76 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80
81 Possible errors: NOT_ENABLED, COMMAND_FAILED
82
83 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87
88 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89
90 getAutomaticHelpers() → s
91 Deprecated. This always returns "no".
92
93 getDefaultZone() → s
94 Return default zone.
95
96 getHelperSettings(s: helper) → (sssssa(ss))
97 Return runtime settings of given helper. For getting permanent
98 settings see
99 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
100 Settings are in format: version, name, description, family,
101 module and array of ports.
102
103 version (s): see version attribute of helper tag in
104 firewalld.helper(5).
105
106 name (s): see short tag in firewalld.helper(5).
107
108 description (s): see description tag in firewalld.helper(5).
109
110 family (s): see family tag in firewalld.helper(5).
111
112 module (s): see module tag in firewalld.helper(5).
113
114 ports (a(ss)): array of port and protocol pairs. See port tag
115 in firewalld.helper(5).
116
117 Possible errors: INVALID_HELPER
118
119 getHelpers() → as
120 Return array of helper names (s) in runtime configuration. For
121 permanent configuration see
122 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
123
124 getIcmpTypeSettings(s: icmptype) → (sssas)
125 Return runtime settings of given icmptype. For getting
126 permanent settings see
127 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
128 Settings are in format: version, name, description, array of
129 destinations.
130
131 version (s): see version attribute of icmptype tag in
132 firewalld.icmptype(5).
133
134 name (s): see short tag in firewalld.icmptype(5).
135
136 description (s): see description tag in firewalld.icmptype(5).
137
138 destinations (as): array, either empty or containing strings
139 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
140
141 Possible errors: INVALID_ICMPTYPE
142
143 getLogDenied() → s
144 Retruns the LogDenied value. If LogDenied is enabled, then
145 logging rules are added right before reject and drop rules in
146 the INPUT, FORWARD and OUTPUT chains for the default rules and
147 also final reject and drop rules in zones. Possible values are:
148 all, unicast, broadcast, multicast and off. The default value
149 is off
150
151 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
152 This function is deprecated, use
153 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
154 instead.
155
156 getServiceSettings2(s: service) → s{sv}
157 Return runtime settings of given service. For getting permanent
158 settings see
159 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
160 Settings are a dictionary indexed by keywords. For the type of
161 each value see below. If the value is empty it may be ommitted.
162
163 version (s): see version attribute of service tag in
164 firewalld.service(5).
165
166 name (s): see short tag in firewalld.service(5).
167
168 description (s): see description tag in firewalld.service(5).
169
170 ports (a(ss)): array of port and protocol pairs. See port tag
171 in firewalld.service(5).
172
173 module names (as): array of kernel netfilter helpers, see
174 module tag in firewalld.service(5).
175
176 destinations (a{ss}): dictionary of {IP family : IP address}
177 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
178 destination tag in firewalld.service(5).
179
180 protocols (as): array of protocols, see protocol tag in
181 firewalld.service(5).
182
183 source_ports (a(ss)): array of port and protocol pairs. See
184 source-port tag in firewalld.service(5).
185
186 includes (as): array of service includes, see include tag in
187 firewalld.service(5).
188
189 helpers (as): array of service helpers, see helper tag in
190 firewalld.service(5).
191
192 Possible errors: INVALID_SERVICE
193
194 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss))
195 Return runtime settings of given zone. For getting permanent
196 settings see
197 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings.
198 Settings are in format: version, name, description, UNUSED,
199 target, array of services, array of ports (port, protocol),
200 array of icmp-blocks, masquerade, array of forward-ports (port,
201 protocol, to-port, to-addr), array of interfaces, array of
202 sources, array of rich rules, array of protocols and array of
203 source-ports (port, protocol).
204
205 version (s): see version attribute of zone tag in
206 firewalld.zone(5).
207
208 name (s): see short tag in firewalld.zone(5).
209
210 description (s): see description tag in firewalld.zone(5).
211
212 UNUSED (b): this boolean value is no longer used for anything.
213
214 target (s): see target attribute of zone tag in
215 firewalld.zone(5).
216
217 services (as): array of service names, see service tag in
218 firewalld.zone(5).
219
220 ports (a(ss)): array of port and protocol pairs. See port tag
221 in firewalld.zone(5).
222
223 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
224 firewalld.zone(5).
225
226 masquerade (b): see masquerade tag in firewalld.zone(5).
227
228 forward-ports (a(ssss)): array of (port, protocol, to-port,
229 to-addr). See forward-port tag in firewalld.zone(5).
230
231 interfaces (as): array of interfaces. See interface tag in
232 firewalld.zone(5).
233
234 source addresses (as): array of source addresses. See source
235 tag in firewalld.zone(5).
236
237 rich rules (as): array of rich-language rules. See rule tag in
238 firewalld.zone(5).
239
240 protocols (as): array of protocols, see protocol tag in
241 firewalld.zone(5).
242
243 source-ports (a(ss)): array of port and protocol pairs. See
244 source-port tag in firewalld.zone(5).
245
246 Possible errors: INVALID_ZONE
247
248 listIcmpTypes() → as
249 Return array of names (s) of icmp types in runtime
250 configuration. For permanent configuration see
251 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
252
253 listServices() → as
254 Return array of service names (s) in runtime configuration. For
255 permanent configuration see
256 org.fedoraproject.FirewallD1.config.Methods.listServices.
257
258 queryPanicMode() → b
259 Return true if panic mode is enabled, false otherwise. In panic
260 mode all incoming and outgoing packets are dropped.
261
262 reload() → Nothing
263 Reload firewall rules and keep state information. Current
264 permanent configuration will become new runtime configuration,
265 i.e. all runtime only changes done until reload are lost with
266 reload if they have not been also in permanent configuration.
267
268 runtimeToPermanent() → Nothing
269 Make runtime settings permanent. Replaces permanent settings
270 with runtime settings for zones, services, icmptypes, direct
271 and policies (lockdown whitelist).
272
273 Possible errors: RT_TO_PERM_FAILED
274
275 checkPermanentConfig() → Nothing
276 Run checks on the permanent configuration. This is most useful
277 if changes were made manually to configuration files.
278
279 Possible errors: any
280
281 setDefaultZone(s: zone) → Nothing
282 Set default zone for connections and interfaces where no zone
283 has been selected to zone. Setting the default zone changes the
284 zone for the connections or interfaces, that are using the
285 default zone. This is a runtime and permanent change.
286
287 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
288
289 setLogDenied(s: value) → Nothing
290 Set LogDenied value to value. If LogDenied is enabled, then
291 logging rules are added right before reject and drop rules in
292 the INPUT, FORWARD and OUTPUT chains for the default rules and
293 also final reject and drop rules in zones. Possible values are:
294 all, unicast, broadcast, multicast and off. The default value
295 is off This is a runtime and permanent change.
296
297 Possible errors: ALREADY_SET, INVALID_VALUE
298
299 Signals
300 DefaultZoneChanged(s: zone)
301 Emitted when default zone has been changed to zone.
302
303 LogDeniedChanged(s: value)
304 Emitted when LogDenied value has been changed.
305
306 PanicModeDisabled()
307 Emitted when panic mode has been deactivated.
308
309 PanicModeEnabled()
310 Emitted when panic mode has been activated.
311
312 Reloaded()
313 Emitted when firewalld has been reloaded. Also emitted for a
314 complete reload.
315
316 Properties
317 BRIDGE - b - (ro)
318 Indicates whether the firewall has ethernet bridge support.
319
320 IPSet - b - (ro)
321 Indicates whether the firewall has IPSet support.
322
323 IPSetTypes - as - (ro)
324 The supported IPSet types by ipset and firewalld.
325
326 IPv4 - b - (ro)
327 Indicates whether the firewall has IPv4 support.
328
329 IPv4ICMPTypes - as - (ro)
330 The list of supported IPv4 ICMP types.
331
332 IPv6 - b - (ro)
333 Indicates whether the firewall has IPv6 support.
334
335 IPv6_rpfilter - b - (ro)
336 Indicates whether the reverse path filter test on a packet for
337 IPv6 is enabled. If a reply to the packet would be sent via the
338 same interface that the packet arrived on, the packet will
339 match and be accepted, otherwise dropped.
340
341 IPv6ICMPTypes - as - (ro)
342 The list of supported IPv6 ICMP types.
343
344 nf_conntrach_helper_setting - b - (ro)
345 Deprecated. Always False.
346
347 nf_conntrack_helpers - a{sas} - (ro)
348 Deprecated. Always returns an empty dictionary.
349
350 nf_nat_helpers - a{sas} - (ro)
351 Deprecated. Always returns an empty dictionary.
352
353 interface_version - s - (ro)
354 firewalld D-Bus interface version string.
355
356 state - s - (ro)
357 firewalld state. This can be either INIT, FAILED, or RUNNING.
358 In INIT state, firewalld is starting up and initializing. In
359 FAILED state, firewalld completely started but experienced a
360 failure.
361
362 version - s - (ro)
363 firewalld version string.
364
365 org.fedoraproject.FirewallD1.ipset
366 Operations in this interface allows to get, add, remove and query
367 runtime ipset settings. For permanent configuration see
368 org.fedoraproject.FirewallD1.config.ipset interface.
369
370 Methods
371 addEntry(s: ipset, s: entry) → as
372 Add a new entry to ipset. The entry must match the type of the
373 ipset. If the ipset is using the timeout option, it is not
374 possible to see the entries, as they are timing out
375 automatically in the kernel. For permanent operation see
376 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
377
378 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
379
380 getEntries(s: ipset) → Nothing
381 Get all entries added to the ipset. If the ipset is using the
382 timeout option, it is not possible to see the entries, as they
383 are timing out automatically in the kernel. Return value is a
384 array of entry. For permanent operation see
385 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
386
387 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
388
389 getSettings(s: ipset) → (ssssa{ss}as)
390 Return runtime settings of given ipset. For getting permanent
391 settings see
392 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
393 Settings are in format: version, name, description, type,
394 dictionary of options and array of entries.
395
396 version (s): see version attribute of ipset tag in
397 firewalld.ipset(5).
398
399 name (s): see short tag in firewalld.ipset(5).
400
401 description (s): see description tag in firewalld.ipset(5).
402
403 type (s): see type attribute of ipset tag in
404 firewalld.ipset(5).
405
406 options (a{ss}): dictionary of {option : value} . See options
407 tag in firewalld.ipset(5).
408
409 entries (as): array of entries, see entry tag in
410 firewalld.ipset(5).
411
412 Possible errors: INVALID_IPSET
413
414 getIPSets() → as
415 Return array of ipset names (s) in runtime configuration. For
416 permanent configuration see
417 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
418
419 queryService(s: ipset, s: entry) → b
420 Return whether entry has been added to ipset. For permanent
421 operation see
422 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
423
424 Possible errors: INVALID_IPSET
425
426 queryService(s: ipset) → b
427 Return whether ipset is defined in runtime configuration.
428
429 removeEntry(s: ipset, s: entry) → as
430 Removes an entry from ipset. For permanent operation see
431 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
432
433 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
434
435 setEntries(as: entries) → Nothing
436 Permanently set list of entries to entries. For permanent
437 operation see
438 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
439 See entry tag in firewalld.ipset(5).
440
441 Signals
442 EntryAdded(s: ipset, s: entry)
443 Emitted when entry has been added to ipset.
444
445 EntryRemoved(s: ipset, s: entry)
446 Emitted when entry has been removed from ipset.
447
448 org.fedoraproject.FirewallD1.direct
449 This interface enables more direct access to the firewall. It enables
450 runtime manipulation with chains and rules. For permanent configuration
451 see org.fedoraproject.FirewallD1.config.direct interface.
452
453 Methods
454 addChain(s: ipv, s: table, s: chain) → Nothing
455 Add a new chain to table for ipv being either ipv4 (iptables)
456 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
457 other chain with this name already. There already exist basic
458 chains to use with direct methods, for example INPUT_direct
459 chain. These chains are jumped into before chains for zones,
460 i.e. every rule put into INPUT_direct will be checked before
461 rules in zones. For permanent operation see
462 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
463
464 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
465 COMMAND_FAILED
466
467 addPassthrough(s: ipv, as: args) → Nothing
468 Add a tracked passthrough rule with the arguments args for ipv
469 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
470 (ebtables). Valid commands in args are only -A/--append,
471 -I/--insert and -N/--new-chain. This method is (unlike
472 passthrough method) tracked, i.e. firewalld remembers it. It's
473 useful with
474 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
475 permanent operation see
476 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
477
478 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
479
480 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
481 Nothing
482 Add a rule with the arguments args to chain in table with
483 priority for ipv being either ipv4 (iptables) or ipv6
484 (ip6tables) or eb (ebtables). The priority is used to order
485 rules. Priority 0 means add rule on top of the chain, with a
486 higher priority the rule will be added further down. Rules with
487 the same priority are on the same level and the order of these
488 rules is not fixed and may change. If you want to make sure
489 that a rule will be added after another one, use a low priority
490 for the first and a higher for the following. For permanent
491 operation see
492 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
493
494 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
495 COMMAND_FAILED
496
497 getAllChains() → a(sss)
498 Get all chains added to all tables in format: ipv, table,
499 chain. This concerns only chains previously added with
500 addChain. Return value is a array of (ipv, table, chain). For
501 permanent operation see
502 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
503
504 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
505 (ebtables).
506
507 table (s): one of filter, mangle, nat, raw, security
508
509 chain (s): name of a chain.
510
511
512 getAllPassthroughs() → a(sas)
513 Get all tracked passthrough rules added in all ipv types in
514 format: ipv, rule. This concerns only rules previously added
515 with addPassthrough. Return value is a array of (ipv, array of
516 arguments). For permanent operation see
517 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
518
519 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
520 (ebtables).
521
522 arguments (as): array of commands, parameters and other
523 iptables/ip6tables/ebtables command line options.
524
525
526 getAllRules() → a(sssias)
527 Get all rules added to all chains in all tables in format: ipv,
528 table, chain, priority, rule. This concerns only rules
529 previously added with addRule. Return value is a array of (ipv,
530 table, chain, priority, array of arguments). For permanent
531 operation see
532 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
533
534 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
535 (ebtables).
536
537 table (s): one of filter, mangle, nat, raw, security
538
539 chain (s): name of a chain.
540
541 priority (i): used to order rules.
542
543 arguments (as): array of commands, parameters and other
544 iptables/ip6tables/ebtables command line options.
545
546
547 getChains(s: ipv, s: table) → as
548 Return an array of chains (s) added to table for ipv being
549 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
550 This concerns only chains previously added with addChain. For
551 permanent operation see
552 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
553
554 Possible errors: INVALID_IPV, INVALID_TABLE
555
556 getPassthroughs(s: ipv) → aas
557 Get tracked passthrough rules added in either ipv4 (iptables)
558 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
559 previously added with addPassthrough. Return value is a array
560 of (array of arguments). For permanent operation see
561 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
562
563 arguments (as): array of commands, parameters and other
564 iptables/ip6tables/ebtables command line options.
565
566
567 getRules(s: ipv, s: table, s: chain) → a(ias)
568 Get all rules added to chain in table for ipv being either ipv4
569 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
570 only rules previously added with addRule. Return value is a
571 array of (priority, array of arguments). For permanent
572 operation see
573 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
574
575 priority (i): used to order rules.
576
577 arguments (as): array of commands, parameters and other
578 iptables/ip6tables/ebtables command line options.
579
580 Possible errors: INVALID_IPV, INVALID_TABLE
581
582 passthrough(s: ipv, as: args) → s
583 Pass a command through to the firewall. ipv can be either ipv4
584 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
585 all iptables, ip6tables and ebtables command line arguments.
586 args can be all iptables, ip6tables and ebtables command line
587 arguments. This command is untracked, which means that
588 firewalld is not able to provide information about this command
589 later on.
590
591 Possible errors: COMMAND_FAILED
592
593 queryChain(s: ipv, s: table, s: chain) → b
594 Return whether a chain exists in table for ipv being either
595 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
596 concerns only chains previously added with addChain. For
597 permanent operation see
598 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
599
600 Possible errors: INVALID_IPV, INVALID_TABLE
601
602 queryPassthrough(s: ipv, as: args) → b
603 Return whether a tracked passthrough rule with the arguments
604 args exists for ipv being either ipv4 (iptables) or ipv6
605 (ip6tables) or eb (ebtables). This concerns only rules
606 previously added with addPassthrough. For permanent operation
607 see
608 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
609
610 Possible errors: INVALID_IPV
611
612 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
613 Return whether a rule with priority and the arguments args
614 exists in chain in table for ipv being either ipv4 (iptables)
615 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
616 previously added with addRule. For permanent operation see
617 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
618
619 Possible errors: INVALID_IPV, INVALID_TABLE
620
621 removeAllPassthroughs() → Nothing
622 Remove all passthrough rules previously added with
623 addPassthrough.
624
625 removeChain(s: ipv, s: table, s: chain) → Nothing
626 Remove a chain from table for ipv being either ipv4 (iptables)
627 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
628 added with addChain can be removed this way. For permanent
629 operation see
630 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
631
632 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
633 COMMAND_FAILED
634
635 removePassthrough(s: ipv, as: args) → Nothing
636 Remove a tracked passthrough rule with arguments args for ipv
637 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
638 (ebtables). Only rules previously added with addPassthrough can
639 be removed this way. For permanent operation see
640 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
641
642 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
643
644 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
645 Nothing
646 Remove a rule with priority and arguments args from chain in
647 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
648 or eb (ebtables). Only rules previously added with addRule can
649 be removed this way. For permanent operation see
650 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
651
652 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
653 COMMAND_FAILED
654
655 removeRules(s: ipv, s: table, s: chain) → Nothing
656 Remove all rules from chain in table for ipv being either ipv4
657 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
658 only rules previously added with addRule. For permanent
659 operation see
660 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
661
662 Possible errors: INVALID_IPV, INVALID_TABLE
663
664 Signals
665 ChainAdded(s: ipv, s: table, s: chain)
666 Emitted when chain has been added into table for ipv being
667 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
668
669 ChainRemoved(s: ipv, s: table, s: chain)
670 Emitted when chain has been removed from table for ipv being
671 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
672
673 PassthroughAdded(s: ipv, as: args)
674 Emitted when a tracked passthruogh rule with args has been
675 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
676 or eb (ebtables).
677
678 PassthroughRemoved(s: ipv, as: args)
679 Emitted when a tracked passthrough rule with args has been
680 removed for ipv being either ipv4 (iptables) or ipv6
681 (ip6tables) or eb (ebtables).
682
683 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
684 Emitted when a rule with args has been added to chain in table
685 with priority for ipv being either ipv4 (iptables) or ipv6
686 (ip6tables) or eb (ebtables).
687
688 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
689 Emitted when a rule with args has been removed from chain in
690 table with priority for ipv being either ipv4 (iptables) or
691 ipv6 (ip6tables) or eb (ebtables).
692
693 org.fedoraproject.FirewallD1.policies
694 Enables firewalld to be able to lock down configuration changes from
695 local applications. Local applications or services are able to change
696 the firewall configuration if they are running as root (example:
697 libvirt). With these operations administrator can lock the firewall
698 configuration so that either none or only applications that are in the
699 whitelist are able to request firewall changes. For permanent
700 configuration see org.fedoraproject.FirewallD1.config.policies
701 interface.
702
703 Methods
704 addLockdownWhitelistCommand(s: command) → Nothing
705 Add command to whitelist. See command option in
706 firewalld.lockdown-whitelist(5). For permanent operation see
707 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
708
709 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
710
711 addLockdownWhitelistContext(s: context) → Nothing
712 Add context to whitelist. See selinux option in
713 firewalld.lockdown-whitelist(5). For permanent operation see
714 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
715
716 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
717
718 addLockdownWhitelistUid(i: uid) → Nothing
719 Add user id uid to whitelist. See user option in
720 firewalld.lockdown-whitelist(5). For permanent operation see
721 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
722
723 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
724
725 addLockdownWhitelistUser(s: user) → Nothing
726 Add user name to whitelist. See user option in
727 firewalld.lockdown-whitelist(5). For permanent operation see
728 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
729
730 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
731
732 disableLockdown() → Nothing
733 Disable lockdown. This is a runtime and permanent change.
734
735 Possible errors: NOT_ENABLED
736
737 enableLockdown() → Nothing
738 Enable lockdown. Be careful - if the calling application/user
739 is not on lockdown whitelist when you enable lockdown you won't
740 be able to disable it again with the application, you would
741 need to edit firewalld.conf. This is a runtime and permanent
742 change.
743
744 Possible errors: ALREADY_ENABLED
745
746 getLockdownWhitelistCommands() → as
747 List all command lines (s) that are on whitelist. For permanent
748 operation see
749 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
750
751 getLockdownWhitelistContexts() → as
752 List all contexts (s) that are on whitelist. For permanent
753 operation see
754 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
755
756 getLockdownWhitelistUids() → ai
757 List all user ids (i) that are on whitelist. For permanent
758 operation see
759 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
760
761 getLockdownWhitelistUsers() → as
762 List all users (s) that are on whitelist. For permanent
763 operation see
764 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
765
766 queryLockdown() → b
767 Query whether lockdown is enabled.
768
769 queryLockdownWhitelistCommand(s: command) → b
770 Query whether command is on whitelist. For permanent operation
771 see
772 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
773
774 queryLockdownWhitelistContext(s: context) → b
775 Query whether context is on whitelist. For permanent operation
776 see
777 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
778
779 queryLockdownWhitelistUid(i: uid) → b
780 Query whether user id uid is on whitelist. For permanent
781 operation see
782 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
783
784 queryLockdownWhitelistUser(s: user) → b
785 Query whether user is on whitelist. For permanent operation see
786 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
787
788 removeLockdownWhitelistCommand(s: command) → Nothing
789 Remove command from whitelist. For permanent operation see
790 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
791
792 Possible errors: NOT_ENABLED
793
794 removeLockdownWhitelistContext(s: context) → Nothing
795 Remove context from whitelist. For permanent operation see
796 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
797
798 Possible errors: NOT_ENABLED
799
800 removeLockdownWhitelistUid(i: uid) → Nothing
801 Remove user id uid from whitelist. For permanent operation see
802 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
803
804 Possible errors: NOT_ENABLED
805
806 removeLockdownWhitelistUser(s: user) → Nothing
807 Remove user from whitelist. For permanent operation see
808 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
809
810 Possible errors: NOT_ENABLED
811
812 Signals
813 LockdownDisabled()
814 Emitted when lockdown has been disabled.
815
816 LockdownEnabled()
817 Emitted when lockdown has been enabled.
818
819 LockdownWhitelistCommandAdded(s: command)
820 Emitted when command has been added to whitelist.
821
822 LockdownWhitelistCommandRemoved(s: command)
823 Emitted when command has been removed from whitelist.
824
825 LockdownWhitelistContextAdded(s: context)
826 Emitted when context has been added to whitelist.
827
828 LockdownWhitelistContextRemoved(s: context)
829 Emitted when context has been removed from whitelist.
830
831 LockdownWhitelistUidAdded(i: uid)
832 Emitted when user id uid has been added to whitelist.
833
834 LockdownWhitelistUidRemoved(i: uid)
835 Emitted when user id uid has been removed from whitelist.
836
837 LockdownWhitelistUserAdded(s: user)
838 Emitted when user has been added to whitelist.
839
840 LockdownWhitelistUserRemoved(s: user)
841 Emitted when user has been removed from whitelist.
842
843 org.fedoraproject.FirewallD1.zone
844 Operations in this interface allows to get, add, remove and query
845 runtime zone's settings. For permanent settings see
846 org.fedoraproject.FirewallD1.config.zone interface.
847
848 Methods
849 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
850 i: timeout) → s
851 Add the IPv4 forward port into zone. If zone is empty, use
852 default zone. The port can either be a single port number
853 portid or a port range portid-portid. The protocol can either
854 be tcp or udp. The destination address is a simple IP address.
855 If timeout is non-zero, the operation will be active only for
856 the amount of seconds. For permanent settings see
857 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
858
859 Returns name of zone to which the forward port was added.
860
861 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
862 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
863 ALREADY_ENABLED, INVALID_COMMAND
864
865 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
866 Add an ICMP block icmp into zone. The icmp is the one of the
867 icmp types firewalld supports. To get a listing of supported
868 icmp types use
869 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
870 empty, use default zone. If timeout is non-zero, the operation
871 will be active only for the amount of seconds. For permanent
872 settings see
873 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
874
875 Returns name of zone to which the ICMP block was added.
876
877 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
878 ALREADY_ENABLED, INVALID_COMMAND
879
880 addIcmpBlockInversion(s: zone) → s
881 Add ICMP block inversion to zone. If zone is empty, use default
882 zone. For permanent settings see
883 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
884
885 Returns name of zone to which the ICMP block inversion was
886 added.
887
888 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
889
890 addInterface(s: zone, s: interface) → s
891 Bind interface with zone. From now on all traffic going through
892 the interface will respect the zone's settings. If zone is
893 empty, use default zone. For permanent settings see
894 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
895
896 Returns name of zone to which the interface was bound.
897
898 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
899 ALREADY_ENABLED, INVALID_COMMAND
900
901 addMasquerade(s: zone, i: timeout) → s
902 Enable masquerade in zone. If zone is empty, use default zone.
903 If timeout is non-zero, masquerading will be active for the
904 amount of seconds. For permanent settings see
905 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
906
907 Returns name of zone in which the masquerade was enabled.
908
909 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
910
911 addPort(s: zone, s: port, s: protocol, i: timeout) → s
912 Add port into zone. If zone is empty, use default zone. The
913 port can either be a single port number or a port range
914 portid-portid. The protocol can either be tcp or udp. If
915 timeout is non-zero, the operation will be active only for the
916 amount of seconds. For permanent settings see
917 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
918
919 Returns name of zone to which the port was added.
920
921 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
922 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
923
924 addProtocol(s: zone, s: protocol, i: timeout) → s
925 Add protocol into zone. If zone is empty, use default zone. The
926 protocol can be any protocol supported by the system. Please
927 have a look at /etc/protocols for supported protocols. If
928 timeout is non-zero, the operation will be active only for the
929 amount of seconds. For permanent settings see
930 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
931
932 Returns name of zone to which the protocol was added.
933
934 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
935 ALREADY_ENABLED, INVALID_COMMAND
936
937 addRichRule(s: zone, s: rule, i: timeout) → s
938 Add rich language rule into zone. For the rich language rule
939 syntax, please have a look at firewalld.direct(5). If zone is
940 empty, use default zone. If timeout is non-zero, the operation
941 will be active only for the amount of seconds. For permanent
942 settings see
943 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
944
945 Returns name of zone to which the rich language rule was added.
946
947 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
948 INVALID_COMMAND
949
950 addService(s: zone, s: service, i: timeout) → s
951 Add service into zone. If zone is empty, use default zone. If
952 timeout is non-zero, the operation will be active only for the
953 amount of seconds. To get a list of supported services, use
954 org.fedoraproject.FirewallD1.Methods.listServices. For
955 permanent settings see
956 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
957
958 Returns name of zone to which the service was added.
959
960 Possible errors: INVALID_ZONE, INVALID_SERVICE,
961 ALREADY_ENABLED, INVALID_COMMAND
962
963 addSource(s: zone, s: source) → s
964 Bind source with zone. From now on all traffic going from this
965 source will respect the zone's settings. A source address or
966 address range is either an IP address or a network IP address
967 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
968 network mask or a plain number. For IPv6 the mask is a plain
969 number. Use of host names is not supported. If zone is empty,
970 use default zone. For permanent settings see
971 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
972
973 Returns name of zone to which the source was bound.
974
975 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
976 INVALID_COMMAND
977
978 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
979 Add source port into zone. If zone is empty, use default zone.
980 The port can either be a single port number or a port range
981 portid-portid. The protocol can either be tcp or udp. If
982 timeout is non-zero, the operation will be active only for the
983 amount of seconds. For permanent settings see
984 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
985
986 Returns name of zone to which the port was added.
987
988 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
989 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
990
991 changeZone(s: zone, s: interface) → s
992 This function is deprecated, use
993 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
994 instead.
995
996 changeZoneOfInterface(s: zone, s: interface) → s
997 Change a zone an interface is bound to to zone. It's basically
998 removeInterface(interface) followed by addInterface(zone,
999 interface). If interface has not been bound to a zone before,
1000 it behaves like addInterface. If zone is empty, use default
1001 zone.
1002
1003 Returns name of zone to which the interface was bound.
1004
1005 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1006
1007 changeZoneOfSource(s: zone, s: source) → s
1008 Change a zone an source is bound to to zone. It's basically
1009 removeSource(source) followed by addSource(zone, source). If
1010 source has not been bound to a zone before, it behaves like
1011 addSource. If zone is empty, use default zone.
1012
1013 Returns name of zone to which the source was bound.
1014
1015 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1016
1017 getActiveZones() → a{sa{sas}}
1018 Return dictionary of currently active zones altogether with
1019 interfaces and sources used in these zones. Active zones are
1020 zones, that have a binding to an interface or source.
1021
1022 Return value is a dictionary where keys are zone names (s) and
1023 values are again dictionaries where keys are either
1024 'interfaces' or 'sources' and values are arrays of interface
1025 names (s) or sources (s).
1026
1027 getForwardPorts(s: zone) → aas
1028 Return array of IPv4 forward ports previously added into zone.
1029 If zone is empty, use default zone. For getting permanent
1030 settings see
1031 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1032
1033 Return value is array of 4-tuples, where each 4-tuple consists
1034 of (port, protocol, to-port, to-addr). to-addr might be empty
1035 in case of local forwarding.
1036
1037 Possible errors: INVALID_ZONE
1038
1039 getIcmpBlocks(s: zone) → as
1040 Return array of ICMP type (s) blocks previously added into
1041 zone. If zone is empty, use default zone. For getting permanent
1042 settings see
1043 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1044
1045 Possible errors: INVALID_ZONE
1046
1047 getIcmpBlockInversion(s: zone) → b
1048 Return whether ICMP block inversion was previously added to
1049 zone. If zone is empty, use default zone. For getting permanent
1050 settings see
1051 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1052
1053 Possible errors: INVALID_ZONE
1054
1055 getInterfaces(s: zone) → as
1056 Return array of interfaces (s) previously bound with zone. If
1057 zone is empty, use default zone. For getting permanent settings
1058 see
1059 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1060
1061 Possible errors: INVALID_ZONE
1062
1063 getPorts(s: zone) → aas
1064 Return array of ports (2-tuple of port and protocol) previously
1065 enabled in zone. If zone is empty, use default zone. For
1066 getting permanent settings see
1067 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1068
1069 Possible errors: INVALID_ZONE
1070
1071 getProtocols(s: zone) → as
1072 Return array of protocols (s) previously enabled in zone. If
1073 zone is empty, use default zone. For getting permanent settings
1074 see
1075 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1076
1077 Possible errors: INVALID_ZONE
1078
1079 getRichRules(s: zone) → as
1080 Return array of rich language rules (s) previously added into
1081 zone. If zone is empty, use default zone. For getting permanent
1082 settings see
1083 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1084
1085 Possible errors: INVALID_ZONE
1086
1087 getServices(s: zone) → as
1088 Return array of services (s) previously enabled in zone. If
1089 zone is empty, use default zone. For getting permanent settings
1090 see
1091 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1092
1093 Possible errors: INVALID_ZONE
1094
1095 getSourcePorts(s: zone) → aas
1096 Return array of source ports (2-tuple of port and protocol)
1097 previously enabled in zone. If zone is empty, use default zone.
1098 For getting permanent settings see
1099 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1100
1101 Possible errors: INVALID_ZONE
1102
1103 getSources(s: zone) → as
1104 Return array of sources (s) previously bound with zone. If zone
1105 is empty, use default zone. For getting permanent settings see
1106 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1107
1108 Possible errors: INVALID_ZONE
1109
1110 getZoneOfInterface(s: interface) → s
1111 Return name (s) of zone the interface is bound to or empty
1112 string.
1113
1114 getZoneOfSource(s: source) → s
1115 Return name (s) of zone the source is bound to or empty string.
1116
1117 getZones() → as
1118 Return array of names (s) of predefined zones known to current
1119 runtime environment. For list of zones known to permanent
1120 environment see
1121 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1122 lists (of zones known to runtime and permanent environment)
1123 will contain same zones in most cases, but might differ for
1124 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1125 has been called recently, but firewalld has not been reloaded
1126 since then.
1127
1128 isImmutable(s: zone) → b
1129 Deprecated.
1130
1131 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1132 toaddr) → b
1133 Return whether the IPv4 forward port (port, protocol, toport,
1134 toaddr) has been added into zone. If zone is empty, use default
1135 zone. For permanent operation see
1136 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1137
1138 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1139 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1140
1141 queryIcmpBlock(s: zone, s: icmp) → b
1142 Return whether an ICMP block for icmp has been added into zone.
1143 If zone is empty, use default zone. For permanent operation see
1144 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1145
1146 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1147
1148 queryIcmpBlockInversion(s: zone) → b
1149 Return whether ICMP block inversion has been added to zone. If
1150 zone is empty, use default zone. For permanent operation see
1151 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1152
1153 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1154
1155 queryInterface(s: zone, s: interface) → b
1156 Query whether interface has been bound to zone. If zone is
1157 empty, use default zone. For permanent operation see
1158 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1159
1160 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1161
1162 queryMasquerade(s: zone) → b
1163 Return whether masquerading has been enabled in zone If zone is
1164 empty, use default zone. For permanent operation see
1165 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1166
1167 Possible errors: INVALID_ZONE
1168
1169 queryPort(s: zone, s: port, s: protocol) → b
1170 Return whether port/protocol has been added in zone. If zone is
1171 empty, use default zone. For permanent operation see
1172 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1173
1174 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1175 INVALID_PROTOCOL
1176
1177 queryProtocol(s: zone, s: protocol) → b
1178 Return whether protocol has been added in zone. If zone is
1179 empty, use default zone. For permanent operation see
1180 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1181
1182 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1183
1184 queryRichRule(s: zone, s: rule) → b
1185 Return whether rich rule rule has been added in zone. If zone
1186 is empty, use default zone. For permanent operation see
1187 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1188
1189 Possible errors: INVALID_ZONE, INVALID_RULE
1190
1191 queryService(s: zone, s: service) → b
1192 Return whether service has been added for zone. If zone is
1193 empty, use default zone. For permanent operation see
1194 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1195
1196 Possible errors: INVALID_ZONE, INVALID_SERVICE
1197
1198 querySource(s: zone, s: source) → b
1199 Query whether sourcehas been bound to zone. If zone is empty,
1200 use default zone. For permanent operation see
1201 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1202
1203 Possible errors: INVALID_ZONE, INVALID_ADDR
1204
1205 querySourcePort(s: zone, s: port, s: protocol) → b
1206 Return whether port/protocol has been added in zone. If zone is
1207 empty, use default zone. For permanent operation see
1208 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1209
1210 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1211 INVALID_PROTOCOL
1212
1213 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1214 toaddr) → s
1215 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1216 from zone. If zone is empty, use default zone. For permanent
1217 operation see
1218 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1219
1220 Returns name of zone from which the forward port was removed.
1221
1222 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1223 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1224 INVALID_COMMAND
1225
1226 removeIcmpBlock(s: zone, s: icmp) → s
1227 Remove ICMP block icmp from zone. If zone is empty, use default
1228 zone. For permanent operation see
1229 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1230
1231 Returns name of zone from which the ICMP block was removed.
1232
1233 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1234 INVALID_COMMAND
1235
1236 removeIcmpBlockInversion(s: zone) → s
1237 Remove ICMP block inversion from zone. If zone is empty, use
1238 default zone. For permanent operation see
1239 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1240
1241 Returns name of zone from which the ICMP block inversion was
1242 removed.
1243
1244 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1245
1246 removeInterface(s: zone, s: interface) → s
1247 Remove binding of interface from zone. If zone is empty, the
1248 interface will be removed from zone it belongs to. For
1249 permanent operation see
1250 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1251
1252 Returns name of zone from which the interface was removed.
1253
1254 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1255 INVALID_COMMAND
1256
1257 removeMasquerade(s: zone) → s
1258 Disable masquerade for zone. If zone is empty, use default
1259 zone. For permanent operation see
1260 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1261
1262 Returns name of zone for which the masquerade was disabled.
1263
1264 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1265
1266 removePort(s: zone, s: port, s: protocol) → s
1267 Remove port/protocol from zone. If zone is empty, use default
1268 zone. For permanent operation see
1269 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1270
1271 Returns name of zone from which the port was removed.
1272
1273 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1274 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1275
1276 removeProtocol(s: zone, s: protocol) → s
1277 Remove protocol from zone. If zone is empty, use default zone.
1278 For permanent operation see
1279 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1280
1281 Returns name of zone from which the protocol was removed.
1282
1283 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1284 INVALID_COMMAND
1285
1286 removeRichRule(s: zone, s: rule) → s
1287 Remove rich language rule from zone. If zone is empty, use
1288 default zone. For permanent operation see
1289 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1290
1291 Returns name of zone from which the rich language rule was
1292 removed.
1293
1294 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1295 INVALID_COMMAND
1296
1297 removeService(s: zone, s: service) → s
1298 Remove service from zone. If zone is empty, use default zone.
1299 For permanent operation see
1300 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1301
1302 Returns name of zone from which the service was removed.
1303
1304 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1305 INVALID_COMMAND
1306
1307 removeSource(s: zone, s: source) → s
1308 Remove binding of source from zone. If zone is empty, the
1309 source will be removed from zone it belongs to. For permanent
1310 operation see
1311 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1312
1313 Returns name of zone from which the source was removed.
1314
1315 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1316 INVALID_COMMAND
1317
1318 removeSourcePort(s: zone, s: port, s: protocol) → s
1319 Remove port/protocol from zone. If zone is empty, use default
1320 zone. For permanent operation see
1321 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1322
1323 Returns name of zone from which the source port was removed.
1324
1325 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1326 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1327
1328 Signals
1329 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1330 toaddr, i: timeout)
1331 Emitted when forward port has been added to zone with timeout.
1332
1333 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1334 toaddr)
1335 Emitted when forward port has been removed from zone.
1336
1337 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1338 Emitted when ICMP block for icmp has been added to zone with
1339 timeout.
1340
1341 IcmpBlockInversionAdded(s: zone)
1342 Emitted when ICMP block inversion has been added to zone.
1343
1344 IcmpBlockInversionRemoved(s: zone)
1345 Emitted when ICMP block inversion has been removed from zone.
1346
1347 IcmpBlockRemoved(s: zone, s: icmp)
1348 Emitted when ICMP block for icmp has been removed from zone.
1349
1350 InterfaceAdded(s: zone, s: interface)
1351 Emitted when interface has been added to zone.
1352
1353 InterfaceRemoved(s: zone, s: interface)
1354 Emitted when interface has been removed from zone.
1355
1356 MasqueradeAdded(s: zone, i: timeout)
1357 Emitted when masquerade has been enabled for zone.
1358
1359 MasqueradeRemoved(s: zone)
1360 Emitted when masquerade has been disabled for zone.
1361
1362 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1363 Emitted when port/protocol has been added to zone with timeout.
1364
1365 PortRemoved(s: zone, s: port, s: protocol)
1366 Emitted when port/protocol has been removed from zone.
1367
1368 ProtocolAdded(s: zone, s: protocol, i: timeout)
1369 Emitted when protocol has been added to zone with timeout.
1370
1371 ProtocolRemoved(s: zone, s: protocol)
1372 Emitted when protocol has been removed from zone.
1373
1374 RichRuleAdded(s: zone, s: rule, i: timeout)
1375 Emitted when rich language rule has been added to zone with
1376 timeout.
1377
1378 RichRuleRemoved(s: zone, s: rule)
1379 Emitted when rich language rule has been removed from zone.
1380
1381 ServiceAdded(s: zone, s: service, i: timeout)
1382 Emitted when service has been added to zone with timeout.
1383
1384 ServiceRemoved(s: zone, s: service)
1385 Emitted when service has been removed from zone.
1386
1387 SourceAdded(s: zone, s: source)
1388 Emitted when source has been added to zone.
1389
1390 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1391 Emitted when source-port/protocol has been added to zone with
1392 timeout.
1393
1394 SourcePortRemoved(s: zone, s: port, s: protocol)
1395 Emitted when source-port/protocol has been removed from zone.
1396
1397 SourceRemoved(s: zone, s: source)
1398 Emitted when source has been removed from zone.
1399
1400 ZoneChanged(s: zone, s: interface)
1401 Deprecated
1402
1403 ZoneOfInterfaceChanged(s: zone, s: interface)
1404 Emitted when a zone an interface is part of has been changed to
1405 zone.
1406
1407 ZoneOfSourceChanged(s: zone, s: source)
1408 Emitted when a zone an source is part of has been changed to
1409 zone.
1410
1411 org.fedoraproject.FirewallD1.config
1412 Allows to permanently add, remove and query zones, services and icmp
1413 types.
1414
1415 Methods
1416 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1417 Add ipset with given settings into permanent configuration.
1418 Settings are in format: version, name, description, type,
1419 dictionary of options and array of entries.
1420
1421 version (s): see version attribute of ipset tag in
1422 firewalld.ipset(5).
1423
1424 name (s): see short tag in firewalld.ipset(5).
1425
1426 description (s): see description tag in firewalld.ipset(5).
1427
1428 type (s): see type attribute of ipset tag in
1429 firewalld.ipset(5).
1430
1431 options (a{ss}): dictionary of {option : value} . See options
1432 tag in firewalld.ipset(5).
1433
1434 entries (as): array of entries, see entry tag in
1435 firewalld.ipset(5).
1436
1437 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1438
1439 addIcmpType(s: icmptype, (sssas): settings) → o
1440 Add icmptype with given settings into permanent configuration.
1441 Settings are in format: version, name, description, array of
1442 destinations. Returns object path of the new icmp type.
1443
1444 version (s): see version attribute of icmptype tag in
1445 firewalld.icmptype(5).
1446
1447 name (s): see short tag in firewalld.icmptype(5).
1448
1449 description (s): see description tag in firewalld.icmptype(5).
1450
1451 destinations (as): array, either empty or containing strings
1452 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1453
1454 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1455
1456 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1457 This function is deprecated, use
1458 org.fedoraproject.FirewallD1.config.Methods.addService2
1459 instead.
1460
1461 addService2s: service, a{sv}: settings) → o
1462 Add service with given settings into permanent configuration.
1463 Settings are a dictionary indexed by keywords. For the type of
1464 each value see below. To zero a value pass an empty string or
1465 list.
1466
1467 version (s): see version attribute of service tag in
1468 firewalld.service(5).
1469
1470 name (s): see short tag in firewalld.service(5).
1471
1472 description (s): see description tag in firewalld.service(5).
1473
1474 ports (a(ss)): array of port and protocol pairs. See port tag
1475 in firewalld.service(5).
1476
1477 module names (as): array of kernel netfilter helpers, see
1478 module tag in firewalld.service(5).
1479
1480 destinations (a{ss}): dictionary of {IP family : IP address}
1481 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1482 destination tag in firewalld.service(5).
1483
1484 protocols (as): array of protocols, see protocol tag in
1485 firewalld.service(5).
1486
1487 source_ports (a(ss)): array of port and protocol pairs. See
1488 source-port tag in firewalld.service(5).
1489
1490 includes (as): array of service includes, see include tag in
1491 firewalld.service(5).
1492
1493 helpers (as): array of service helpers, see helper tag in
1494 firewalld.service(5).
1495
1496 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1497
1498 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) →
1499 o
1500 Add zone with given settings into permanent configuration.
1501 Settings are in format: version, name, description, UNUSED,
1502 target, array of services, array of ports (port, protocol),
1503 array of icmp-blocks, masquerade, array of forward-ports (port,
1504 protocol, to-port, to-addr), array of interfaces, array of
1505 sources, array of rich rules, array of protocols and array of
1506 source-ports (port, protocol).
1507
1508 version (s): see version attribute of zone tag in
1509 firewalld.zone(5).
1510
1511 name (s): see short tag in firewalld.zone(5).
1512
1513 description (s): see description tag in firewalld.zone(5).
1514
1515 UNUSED (b): this boolean value is no longer used for anything.
1516
1517 target (s): see target attribute of zone tag in
1518 firewalld.zone(5).
1519
1520 services (as): array of service names, see service tag in
1521 firewalld.zone(5).
1522
1523 ports (a(ss)): array of port and protocol pairs. See port tag
1524 in firewalld.zone(5).
1525
1526 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
1527 firewalld.zone(5).
1528
1529 masquerade (b): see masquerade tag in firewalld.zone(5).
1530
1531 forward-ports (a(ssss)): array of (port, protocol, to-port,
1532 to-addr). See forward-port tag in firewalld.zone(5).
1533
1534 interfaces (as): array of interfaces. See interface tag in
1535 firewalld.zone(5).
1536
1537 source addresses (as): array of source addresses. See source
1538 tag in firewalld.zone(5).
1539
1540 rich rules (as): array of rich-language rules. See rule tag in
1541 firewalld.zone(5).
1542
1543 protocols (as): array of protocols. See protocol tag in
1544 firewalld.zone(5).
1545
1546 source-ports (a(ss)): array of port and protocol pairs. See
1547 source-port tag in firewalld.zone(5).
1548
1549 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1550
1551 getHelperByName(s: helper) → o
1552 Return object path (permanent configuration) of helper with
1553 given name.
1554
1555 Possible errors: INVALID_HELPER
1556
1557 getHelperNames() → as
1558 Return list of helper names (permanent configuration).
1559
1560 getIPSetByName(s: ipset) → o
1561 Return object path (permanent configuration) of ipset with
1562 given name.
1563
1564 Possible errors: INVALID_IPSET
1565
1566 getIPSetNames() → as
1567 Return list of ipset names (permanent configuration).
1568
1569 getIcmpTypeByName(s: icmptype) → o
1570 Return object path (permanent configuration) of icmptype with
1571 given name.
1572
1573 Possible errors: INVALID_ICMPTYPE
1574
1575 getIcmpTypeNames() → as
1576 Return list of icmptype names (permanent configuration).
1577
1578 getServiceByName(s: service) → o
1579 Return object path (permanent configuration) of service with
1580 given name.
1581
1582 Possible errors: INVALID_SERVICE
1583
1584 getServiceNames() → as
1585 Return list of service names (permanent configuration).
1586
1587 getZoneByName(s: zone) → o
1588 Return object path (permanent configuration) of zone with given
1589 name.
1590
1591 Possible errors: INVALID_ZONE
1592
1593 getZoneNames() → as
1594 Return list of zone names (permanent configuration) of.
1595
1596 getZoneOfInterface(s: iface) → s
1597 Return name of zone the iface is bound to or empty string.
1598
1599 getZoneOfSource(s: source) → s
1600 Return name of zone the source is bound to or empty string.
1601
1602 listHelpers() → ao
1603 Return array of object paths (o) of helper in permanent
1604 configuration. For runtime configuration see
1605 org.fedoraproject.FirewallD1.Methods.getHelpers.
1606
1607 listIPSets() → ao
1608 Return array of object paths (o) of ipset in permanent
1609 configuration. For runtime configuration see
1610 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1611
1612 listIcmpTypes() → ao
1613 Return array of object paths (o) of icmp types in permanent
1614 configuration. For runtime configuration see
1615 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1616
1617 listServices() → ao
1618 Return array of objects paths (o) of services in permanent
1619 configuration. For runtime configuration see
1620 org.fedoraproject.FirewallD1.Methods.listServices.
1621
1622 listZones() → ao
1623 List object paths of zones known to permanent environment. For
1624 list of zones known to runtime environment see
1625 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1626 (of zones known to runtime and permanent environment) will
1627 contain same zones in most cases, but might differ for example
1628 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1629 called recently, but firewalld has not been reloaded since
1630 then.
1631
1632 Signals
1633 HelperAdded(s: helper)
1634 Emitted when helper has been added.
1635
1636 IPSetAdded(s: ipset)
1637 Emitted when ipset has been added.
1638
1639 IcmpTypeAdded(s: icmptype)
1640 Emitted when icmptype has been added.
1641
1642 ServiceAdded(s: service)
1643 Emitted when service has been added.
1644
1645 ZoneAdded(s: zone)
1646 Emitted when zone has been added.
1647
1648 Properties
1649 AllowZoneDrifting - s - (rw)
1650 Older versions of firewalld had undocumented behavior known as
1651 "zone drifting". This allowed packets to ingress multiple zones
1652 - this is a violation of zone based firewalls. However, some
1653 users rely on this behavior to have a "catch-all" zone, e.g.
1654 the default zone. You can enable this if you desire such
1655 behavior. It's disabled by default for security reasons. Note:
1656 If "yes" packets will only drift from source based zones to
1657 interface based zones (including the default zone). Packets
1658 never drift from interface based zones to other interfaces
1659 based zones (including the default zone). Valid values; "yes",
1660 "no". Defaults to "no".
1661
1662 AutomaticHelpers - s - (rw)
1663 Deprecated. Getting this value always returns "no". Setting
1664 this value is ignored.
1665
1666 CleanupOnExit - s - (rw)
1667 If firewalld stops, it cleans up all firewall rules. Setting
1668 this option to no or false leaves the current firewall rules
1669 untouched.
1670
1671 DefaultZone - s - (ro)
1672 Default zone for connections or interfaces if the zone is not
1673 selected or specified by NetworkManager, initscripts or command
1674 line tool.
1675
1676 FirewallBackend - s - (rw)
1677 Selects the firewalld backend for all rules except the direct
1678 interface. Valid options are; nftables, iptables. Default in
1679 nftables.
1680
1681 FirewallBackend - s - (rw)
1682 Flush all runtime rules on a reload. Valid options are; yes,
1683 no.
1684
1685 IPv6_rpfilter - s - (rw)
1686 Indicates whether the reverse path filter test on a packet for
1687 IPv6 is enabled. If a reply to the packet would be sent via the
1688 same interface that the packet arrived on, the packet will
1689 match and be accepted, otherwise dropped.
1690
1691 IndividualCalls - s - (ro)
1692 Indicates whether individual calls combined -restore calls are
1693 used. If enabled, this increases the time that is needed to
1694 apply changes and to start the daemon, but is good for
1695 debugging.
1696
1697 Lockdown - s - (rw)
1698 If this property is enabled, firewall changes with the D-Bus
1699 interface will be limited to applications that are listed in
1700 the lockdown whitelist.
1701
1702 LogDenied - s - (rw)
1703 If LogDenied is enabled, then logging rules are added right
1704 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1705 chains for the default rules and also final reject and drop
1706 rules in zones. Possible values are: all, unicast, broadcast,
1707 multicast and off.
1708
1709 MinimalMark - i - (rw)
1710 Deprecated. This option is ignored and no longer used. Marks
1711 are no longer used internally.
1712
1713 FirewallBackend - s - (rw)
1714 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1715 addresses that correspond to IPv4 addresses that should not be
1716 routed over the public internet. Valid options are; yes, no.
1717
1718 org.fedoraproject.FirewallD1.config.direct
1719 Interface for permanent direct configuration, see also
1720 firewalld.direct(5). For runtime direct configuration see
1721 org.fedoraproject.FirewallD1.direct interface.
1722
1723 Methods
1724 addChain(s: ipv, s: table, s: chain) → Nothing
1725 Add a new chain to table for ipv being either ipv4 (iptables)
1726 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1727 other chain with this name already. There already exist basic
1728 chains to use with direct methods, for example INPUT_direct
1729 chain. These chains are jumped into before chains for zones,
1730 i.e. every rule put into INPUT_direct will be checked before
1731 rules in zones. For runtime operation see
1732 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1733
1734 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1735
1736 addPassthrough(s: ipv, as: args) → Nothing
1737 Add a passthrough rule with the arguments args for ipv being
1738 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1739 For runtime operation see
1740 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1741
1742 Possible errors: INVALID_IPV, ALREADY_ENABLED
1743
1744 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1745 Nothing
1746 Add a rule with the arguments args to chain in table with
1747 priority for ipv being either ipv4 (iptables) or ipv6
1748 (ip6tables) or eb (ebtables). The priority is used to order
1749 rules. Priority 0 means add rule on top of the chain, with a
1750 higher priority the rule will be added further down. Rules with
1751 the same priority are on the same level and the order of these
1752 rules is not fixed and may change. If you want to make sure
1753 that a rule will be added after another one, use a low priority
1754 for the first and a higher for the following. For runtime
1755 operation see
1756 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1757
1758 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1759
1760 getAllChains() → a(sss)
1761 Get all chains added to all tables in format: ipv, table,
1762 chain. This concerns only chains previously added with
1763 addChain. Return value is a array of (ipv, table, chain). For
1764 runtime operation see
1765 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1766
1767 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1768 (ebtables).
1769
1770 table (s): one of filter, mangle, nat, raw, security
1771
1772 chain (s): name of a chain.
1773
1774
1775 getAllPassthroughs() → a(sas)
1776 Get all passthrough rules added in all ipv types in format:
1777 ipv, rule. This concerns only rules previously added with
1778 addPassthrough. Return value is a array of (ipv, array of
1779 arguments). For runtime operation see
1780 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1781
1782 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1783 (ebtables).
1784
1785 arguments (as): array of commands, parameters and other
1786 iptables/ip6tables/ebtables command line options.
1787
1788
1789 getAllRules() → a(sssias)
1790 Get all rules added to all chains in all tables in format: ipv,
1791 table, chain, priority, rule. This concerns only rules
1792 previously added with addRule. Return value is a array of (ipv,
1793 table, chain, priority, array of arguments). For runtime
1794 operation see
1795 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1796
1797 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1798 (ebtables).
1799
1800 table (s): one of filter, mangle, nat, raw, security
1801
1802 chain (s): name of a chain.
1803
1804 priority (i): used to order rules.
1805
1806 arguments (as): array of commands, parameters and other
1807 iptables/ip6tables/ebtables command line options.
1808
1809
1810 getChains(s: ipv, s: table) → as
1811 Return an array of chains (s) added to table for ipv being
1812 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1813 This concerns only chains previously added with addChain. For
1814 runtime operation see
1815 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1816
1817 Possible errors: INVALID_IPV, INVALID_TABLE
1818
1819 getPassthroughs(s: ipv) → aas
1820 Get tracked passthrough rules added in either ipv4 (iptables)
1821 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1822 previously added with addPassthrough. Return value is a array
1823 of (array of arguments). For runtime operation see
1824 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
1825
1826 arguments (as): array of commands, parameters and other
1827 iptables/ip6tables/ebtables command line options.
1828
1829
1830 getRules(s: ipv, s: table, s: chain) → a(ias)
1831 Get all rules added to chain in table for ipv being either ipv4
1832 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1833 only rules previously added with addRule. Return value is a
1834 array of (priority, array of arguments). For runtime operation
1835 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
1836
1837 priority (i): used to order rules.
1838
1839 arguments (as): array of commands, parameters and other
1840 iptables/ip6tables/ebtables command line options.
1841
1842 Possible errors: INVALID_IPV, INVALID_TABLE
1843
1844 getSettings() → (a(sss)a(sssias)a(sas))
1845 Get settings of permanent direct configuration in format: array
1846 of chains, array of rules, array of passthroughs.
1847
1848 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1849 firewalld.direct(5).
1850 .
1851 .PP rules (a(sssias)): array of (ipv, table,
1852 chain, priority, array of arguments), see 'rule' in
1853 firewalld.direct(5).
1854 .
1855 .PP passthroughs (a(sas)): array of (ipv,
1856 array of arguments), see passthrough in firewalld.direct(5).
1857 .
1858 .sp
1859
1860 queryChain(s: ipv, s: table, s: chain) → b
1861 Return whether a chain exists in table for ipv being either
1862 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
1863 concerns only chains previously added with addChain. For
1864 runtime operation see
1865 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
1866
1867 Possible errors: INVALID_IPV, INVALID_TABLE
1868
1869 queryPassthrough(s: ipv, as: args) → b
1870 Return whether a tracked passthrough rule with the arguments
1871 args exists for ipv being either ipv4 (iptables) or ipv6
1872 (ip6tables) or eb (ebtables). This concerns only rules
1873 previously added with addPassthrough. For runtime operation see
1874 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
1875
1876 Possible errors: INVALID_IPV
1877
1878 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
1879 Return whether a rule with priority and the arguments args
1880 exists in chain in table for ipv being either ipv4 (iptables)
1881 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
1882 previously added with addRule. For runtime operation see
1883 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
1884
1885 Possible errors: INVALID_IPV, INVALID_TABLE
1886
1887 removeChain(s: ipv, s: table, s: chain) → Nothing
1888 Remove a chain from table for ipv being either ipv4 (iptables)
1889 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
1890 added with addChain can be removed this way. For runtime
1891 operation see
1892 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
1893
1894 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1895
1896 removePassthrough(s: ipv, as: args) → Nothing
1897 Remove a passthrough rule with arguments args for ipv being
1898 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1899 Only rules previously added with addPassthrough can be removed
1900 this way. For runtime operation see
1901 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
1902
1903 Possible errors: INVALID_IPV, NOT_ENABLED
1904
1905 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1906 Nothing
1907 Remove a rule with priority and arguments args from chain in
1908 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
1909 or eb (ebtables). Only rules previously added with addRule can
1910 be removed this way. For runtime operation see
1911 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
1912
1913 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
1914
1915 removeRules(s: ipv, s: table, s: chain) → Nothing
1916 Remove all rules from chain in table for ipv being either ipv4
1917 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
1918 only rules previously added with addRule. For runtime operation
1919 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
1920
1921 Possible errors: INVALID_IPV, INVALID_TABLE
1922
1923 update((a(sss)a(sssias)a(sas)): settings) → Nothing
1924 Update permanent direct configuration with given settings.
1925 Settings are in format: array of chains, array of rules, array
1926 of passthroughs.
1927
1928 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
1929 firewalld.direct(5).
1930 .
1931 .PP rules (a(sssias)): array of (ipv, table,
1932 chain, priority, array of arguments), see 'rule' in
1933 firewalld.direct(5).
1934 .
1935 .PP passthroughs (a(sas)): array of (ipv,
1936 array of arguments), see passthrough in firewalld.direct(5).
1937 .
1938 .sp Possible errors: INVALID_TYPE
1939
1940 Signals
1941 Updated()
1942 Emitted when configuration has been updated.
1943
1944 org.fedoraproject.FirewallD1.config.policies
1945 Interface for permanent lockdown-whitelist configuration, see also
1946 firewalld.lockdown-whitelist(5). For runtime configuration see
1947 org.fedoraproject.FirewallD1.policies interface.
1948
1949 Methods
1950 addLockdownWhitelistCommand(s: command) → Nothing
1951 Add command to whitelist. See command option in
1952 firewalld.lockdown-whitelist(5). For runtime operation see
1953 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
1954
1955 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1956
1957 addLockdownWhitelistContext(s: context) → Nothing
1958 Add context to whitelist. See selinux option in
1959 firewalld.lockdown-whitelist(5). For runtime operation see
1960 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
1961
1962 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1963
1964 addLockdownWhitelistUid(i: uid) → Nothing
1965 Add user id uid to whitelist. See user option in
1966 firewalld.lockdown-whitelist(5). For runtime operation see
1967 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
1968
1969 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1970
1971 addLockdownWhitelistUser(s: user) → Nothing
1972 Add user name to whitelist. See user option in
1973 firewalld.lockdown-whitelist(5). For runtime operation see
1974 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
1975
1976 Possible errors: ALREADY_ENABLED, INVALID_TYPE
1977
1978 getLockdownWhitelist() → (asasasai)
1979 Get settings of permanent lockdown-whitelist configuration in
1980 format: commands, selinux contexts, users, uids
1981
1982 commands (as): see command option in firewalld.lockdown-
1983 whitelist(5).
1984
1985 selinux contexts (as): see selinux option in
1986 firewalld.lockdown-whitelist(5).
1987
1988 users (as): see name attribute of user option in
1989 firewalld.lockdown-whitelist(5).
1990
1991 uids (ai): see id attribute of user option in
1992 firewalld.lockdown-whitelist(5).
1993
1994
1995 getLockdownWhitelistCommands() → as
1996 List all command lines (s) that are on whitelist. For runtime
1997 operation see
1998 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
1999
2000 getLockdownWhitelistContexts() → as
2001 List all contexts (s) that are on whitelist. For runtime
2002 operation see
2003 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2004
2005 getLockdownWhitelistUids() → ai
2006 List all user ids (i) that are on whitelist. For runtime
2007 operation see
2008 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2009
2010 getLockdownWhitelistUsers() → as
2011 List all users (s) that are on whitelist. For runtime operation
2012 see
2013 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2014
2015 queryLockdownWhitelistCommand(s: command) → b
2016 Query whether command is on whitelist. For runtime operation
2017 see
2018 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2019
2020 queryLockdownWhitelistContext(s: context) → b
2021 Query whether context is on whitelist. For runtime operation
2022 see
2023 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2024
2025 queryLockdownWhitelistUid(i: uid) → b
2026 Query whether user id uid is on whitelist. For runtime
2027 operation see
2028 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2029
2030 queryLockdownWhitelistUser(s: user) → b
2031 Query whether user is on whitelist. For runtime operation see
2032 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2033
2034 removeLockdownWhitelistCommand(s: command) → Nothing
2035 Remove command from whitelist. For runtime operation see
2036 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2037
2038 Possible errors: NOT_ENABLED
2039
2040 removeLockdownWhitelistContext(s: context) → Nothing
2041 Remove context from whitelist. For runtime operation see
2042 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2043
2044 Possible errors: NOT_ENABLED
2045
2046 removeLockdownWhitelistUid(i: uid) → Nothing
2047 Remove user id uid from whitelist. For runtime operation see
2048 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2049
2050 Possible errors: NOT_ENABLED
2051
2052 removeLockdownWhitelistUser(s: user) → Nothing
2053 Remove user from whitelist. For runtime operation see
2054 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2055
2056 Possible errors: NOT_ENABLED
2057
2058 setLockdownWhitelist((asasasai): settings) → Nothing
2059 Set permanent lockdown-whitelist configuration to settings.
2060 Settings are in format: commands, selinux contexts, users, uids
2061
2062 commands (as): see command option in firewalld.lockdown-
2063 whitelist(5).
2064
2065 selinux contexts (as): see selinux option in
2066 firewalld.lockdown-whitelist(5).
2067
2068 users (as): see name attribute of user option in
2069 firewalld.lockdown-whitelist(5).
2070
2071 uids (ai): see id attribute of user option in
2072 firewalld.lockdown-whitelist(5).
2073
2074 Possible errors: INVALID_TYPE
2075
2076 Signals
2077 LockdownWhitelistUpdated()
2078 Emitted when permanent lockdown-whitelist configuration has
2079 been updated.
2080
2081 org.fedoraproject.FirewallD1.config.ipset
2082 Interface for permanent ipset configuration, see also
2083 firewalld.ipset(5).
2084
2085 Methods
2086 addEntry(s: entry) → Nothing
2087 Permanently add entry to list of entries of ipset. See entry
2088 tag in firewalld.ipset(5). For runtime operation see
2089 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2090
2091 Possible errors: ALREADY_ENABLED
2092
2093 addOption(s: key, s: value) → Nothing
2094 Permanently add (key, value) to the ipset. See option tag in
2095 firewalld.ipset(5).
2096
2097 Possible errors: ALREADY_ENABLED
2098
2099 getDescription() → s
2100 Get description of ipset. See description tag in
2101 firewalld.ipset(5).
2102
2103 getEntries() → as
2104 Get list of entries added to ipset. See entry tag in
2105 firewalld.ipset(5). For runtime operation see
2106 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2107
2108 Possible errors: IPSET_WITH_TIMEOUT
2109
2110 getOptions() → a{ss}
2111 Get dictionary of options set for ipset. See option tag in
2112 firewalld.ipset(5).
2113
2114 getSettings() → (ssssa{ss}as)
2115 Return permament settings of the ipset. For getting runtime
2116 settings see
2117 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2118 Settings are in format: version, name, description, type,
2119 dictionary of options and array of entries.
2120
2121 version (s): see version attribute of ipset tag in
2122 firewalld.ipset(5).
2123
2124 name (s): see short tag in firewalld.ipset(5).
2125
2126 description (s): see description tag in firewalld.ipset(5).
2127
2128 type (s): see type attribute of ipset tag in
2129 firewalld.ipset(5).
2130
2131 options (a{ss}): dictionary of {option : value} . See options
2132 tag in firewalld.ipset(5).
2133
2134 entries (as): array of entries, see entry tag in
2135 firewalld.ipset(5).
2136
2137
2138 getShort() → s
2139 Get name of ipset. See short tag in firewalld.ipset(5).
2140
2141 getType() → s
2142 Get type of ipset. See type attribute of ipset tag in
2143 firewalld.ipset(5).
2144
2145 getVersion() → s
2146 Get version of ipset. See version attribute of ipset tag in
2147 firewalld.ipset(5).
2148
2149 loadDefaults() → Nothing
2150 Load default settings for built-in ipset.
2151
2152 Possible errors: NO_DEFAULTS
2153
2154 queryEntry(s: entry) → b
2155 Return whether entry has been added to ipset. For runtime
2156 operation see
2157 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2158
2159 queryOption(s: key, s: value) → b
2160 Return whether (key, value) has been added to options of the
2161 ipset.
2162
2163 remove() → Nothing
2164 Remove not built-in ipset.
2165
2166 Possible errors: BUILTIN_IPSET
2167
2168 removeEntry(s: entry) → Nothing
2169 Permanently remove entry from ipset. See entry tag in
2170 firewalld.ipset(5). For runtime operation see
2171 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2172
2173 Possible errors: NOT_ENABLED
2174
2175 removeOption(s: key) → Nothing
2176 Permanently remove key from the ipset. See option tag in
2177 firewalld.ipset(5).
2178
2179 Possible errors: NOT_ENABLED
2180
2181 rename(s: name) → Nothing
2182 Rename not built-in ipset to name.
2183
2184 Possible errors: BUILTIN_IPSET
2185
2186 setDescription(s: description) → Nothing
2187 Permanently set description of ipset to description. See
2188 description tag in firewalld.ipset(5).
2189
2190 setEntries(as: entries) → Nothing
2191 Permanently set list of entries to entries. See entry tag in
2192 firewalld.ipset(5).
2193
2194 setOptions(a{ss}: options) → Nothing
2195 Permanently set dict of options to options. See option tag in
2196 firewalld.ipset(5).
2197
2198 setShort(s: short) → Nothing
2199 Permanently set name of ipset to short. See short tag in
2200 firewalld.ipset(5).
2201
2202 setType(s: ipset_type) → Nothing
2203 Permanently set type of ipset to ipset_type. See type attribute
2204 of ipset tag in firewalld.ipset(5).
2205
2206 setVersion(s: version) → Nothing
2207 Permanently set version of ipset to version. See version
2208 attribute of ipset tag in firewalld.ipset(5).
2209
2210 update((ssssa{ss}as): settings) → Nothing
2211 Update settings of ipset to settings. Settings are in format:
2212 version, name, description, type, dictionary of options and
2213 array of entries.
2214
2215 version (s): see version attribute of ipset tag in
2216 firewalld.ipset(5).
2217
2218 name (s): see short tag in firewalld.ipset(5).
2219
2220 description (s): see description tag in firewalld.ipset(5).
2221
2222 type (s): see type attribute of ipset tag in
2223 firewalld.ipset(5).
2224
2225 options (a{ss}): dictionary of {option : value} . See options
2226 tag in firewalld.ipset(5).
2227
2228 entries (as): array of entries, see entry tag in
2229 firewalld.ipset(5).
2230
2231 Possible errors: INVALID_TYPE
2232
2233 Signals
2234 Removed(s: name)
2235 Emitted when ipset with name has been removed.
2236
2237 Renamed(s: name)
2238 Emitted when ipset has been renamed to name.
2239
2240 Updated(s: name)
2241 Emitted when ipset with name has been updated.
2242
2243 Properties
2244 builtin - b - (ro)
2245 True if ipset is build-in, false else.
2246
2247 default - b - (ro)
2248 True if build-in ipset has default settings. False if it has
2249 been modified. Always False for not build-in ipsets.
2250
2251 filename - s - (ro)
2252 Name (including .xml extension) of file where the configuration
2253 is stored.
2254
2255 name - s - (ro)
2256 Name of ipset.
2257
2258 path - s - (ro)
2259 Path to directory where the ipset configuration is stored.
2260 Should be either /usr/lib/firewalld/ipsets or
2261 /etc/firewalld/ipsets.
2262
2263 org.fedoraproject.FirewallD1.config.zone
2264 Interface for permanent zone configuration, see also firewalld.zone(5).
2265
2266 Methods
2267 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2268 Nothing
2269 Permanently add (port, protocol, toport, toaddr) to list of
2270 forward ports of zone. See forward-port tag in
2271 firewalld.zone(5). For runtime operation see
2272 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2273
2274 Possible errors: ALREADY_ENABLED
2275
2276 addIcmpBlock(s: icmptype) → Nothing
2277 Permanently add icmptype to list of icmp types blocked in zone.
2278 See icmp-block tag in firewalld.zone(5). For runtime operation
2279 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2280
2281 Possible errors: ALREADY_ENABLED
2282
2283 addIcmpBlock(s: icmptype) → Nothing
2284 Permanently add icmp block inversion to zone. See
2285 icmp-block-inversion tag in firewalld.zone(5). For runtime
2286 operation see
2287 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2288
2289 Possible errors: ALREADY_ENABLED
2290
2291 addInterface(s: interface) → Nothing
2292 Permanently add interface to list of interfaces bound to zone.
2293 See interface tag in firewalld.zone(5). For runtime operation
2294 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2295
2296 Possible errors: ALREADY_ENABLED
2297
2298 addMasquerade() → Nothing
2299 Permanently enable masquerading in zone. See masquerade tag in
2300 firewalld.zone(5). For runtime operation see
2301 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2302
2303 Possible errors: ALREADY_ENABLED
2304
2305 addPort(s: port, s: protocol) → Nothing
2306 Permanently add (port, protocol) to list of ports of zone. See
2307 port tag in firewalld.zone(5). For runtime operation see
2308 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2309
2310 Possible errors: ALREADY_ENABLED
2311
2312 addProtocol(s: protocol) → Nothing
2313 Permanently add protocol into zone. The protocol can be any
2314 protocol supported by the system. Please have a look at
2315 /etc/protocols for supported protocols. For runtime operation
2316 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2317
2318 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2319
2320 addRichRule(s: rule) → Nothing
2321 Permanently add rule to list of rich-language rules in zone.
2322 See rule tag in firewalld.zone(5). For runtime operation see
2323 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2324
2325 Possible errors: ALREADY_ENABLED
2326
2327 addService(s: service) → Nothing
2328 Permanently add service to list of services used in zone. See
2329 service tag in firewalld.zone(5). For runtime operation see
2330 org.fedoraproject.FirewallD1.zone.Methods.addService.
2331
2332 Possible errors: ALREADY_ENABLED
2333
2334 addSource(s: source) → Nothing
2335 Permanently add source to list of source addresses bound to
2336 zone. See source tag in firewalld.zone(5). For runtime
2337 operation see
2338 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2339
2340 Possible errors: ALREADY_ENABLED
2341
2342 addSourcePort(s: port, s: protocol) → Nothing
2343 Permanently add (port, protocol) to list of source ports of
2344 zone. See source-port tag in firewalld.zone(5). For runtime
2345 operation see
2346 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2347
2348 Possible errors: ALREADY_ENABLED
2349
2350 getDescription() → s
2351 Get description of zone. See description tag in
2352 firewalld.zone(5).
2353
2354 getForwardPorts() → a(ssss)
2355 Get list of (port, protocol, toport, toaddr) defined in zone.
2356 See forward-port tag in firewalld.zone(5). For runtime
2357 operation see
2358 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2359
2360 getIcmpBlockInversion() → b
2361 Get icmp block inversion flag of zone. See icmp-block-inversion
2362 tag in firewalld.zone(5).
2363
2364 getIcmpBlocks() → as
2365 Get list of icmp type names blocked in zone. See icmp-block tag
2366 in firewalld.zone(5). For runtime operation see
2367 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2368
2369 getInterfaces() → as
2370 Get list of interfaces bound to zone. See interface tag in
2371 firewalld.zone(5). For runtime operation see
2372 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2373
2374 getMasquerade() → b
2375 Return whether masquerade is enabled in zone. This is the same
2376 as queryMasquerade() method. See masquerade tag in
2377 firewalld.zone(5).
2378
2379 getPorts() → a(ss)
2380 Get list of (port, protocol) defined in zone. See port tag in
2381 firewalld.zone(5). For runtime operation see
2382 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2383
2384 getProtocols() → as
2385 Return array of protocols (s) previously enabled in zone. For
2386 getting runtime settings see
2387 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2388
2389 getRichRules() → as
2390 Get list of rich-language rules in zone. See rule tag in
2391 firewalld.zone(5). For runtime operation see
2392 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2393
2394 getServices() → as
2395 Get list of service names used in zone. See service tag in
2396 firewalld.zone(5). For runtime operation see
2397 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2398
2399 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss))
2400 Return permanent settings of given zone. For getting runtime
2401 settings see
2402 org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings
2403 are in format: version, name, description, UNUSED, target,
2404 array of services, array of ports (port, protocol), array of
2405 icmp-blocks, masquerade, array of forward-ports (port,
2406 protocol, to-port, to-addr), array of interfaces, array of
2407 sources, array of rich rules, array of protocols and array of
2408 source-ports (port, protocol).
2409
2410 version (s): see version attribute of zone tag in
2411 firewalld.zone(5).
2412
2413 name (s): see short tag in firewalld.zone(5).
2414
2415 description (s): see description tag in firewalld.zone(5).
2416
2417 UNUSED (b): this boolean value is no longer used for anything.
2418
2419 target (s): see target attribute of zone tag in
2420 firewalld.zone(5).
2421
2422 services (as): array of service names, see service tag in
2423 firewalld.zone(5).
2424
2425 ports (a(ss)): array of port and protocol pairs. See port tag
2426 in firewalld.zone(5).
2427
2428 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2429 firewalld.zone(5).
2430
2431 masquerade (b): see masquerade tag in firewalld.zone(5).
2432
2433 forward-ports (a(ssss)): array of (port, protocol, to-port,
2434 to-addr). See forward-port tag in firewalld.zone(5).
2435
2436 interfaces (as): array of interfaces. See interface tag in
2437 firewalld.zone(5).
2438
2439 source addresses (as): array of source addresses. See source
2440 tag in firewalld.zone(5).
2441
2442 rich rules (as): array of rich-language rules. See rule tag in
2443 firewalld.zone(5).
2444
2445 protocols (as): array of protocols. See protocol tag in
2446 firewalld.zone(5).
2447
2448 source-ports (a(ss)): array of port and protocol pairs. See
2449 source-port tag in firewalld.zone(5).
2450
2451
2452 getShort() → s
2453 Get name of zone. See short tag in firewalld.zone(5).
2454
2455 getSourcePorts() → a(ss)
2456 Get list of (port, protocol) defined in zone. See source-port
2457 tag in firewalld.zone(5). For runtime operation see
2458 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2459
2460 getSources() → as
2461 Get list of source addresses bound to zone. See source tag in
2462 firewalld.zone(5). For runtime operation see
2463 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2464
2465 getTarget() → s
2466 Get target of zone. See target attribute of zone tag in
2467 firewalld.zone(5).
2468
2469 getVersion() → s
2470 Get version of zone. See version attribute of zone tag in
2471 firewalld.zone(5).
2472
2473 loadDefaults() → Nothing
2474 Load default settings for built-in zone.
2475
2476 Possible errors: NO_DEFAULTS
2477
2478 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2479 Return whether (port, protocol, toport, toaddr) is in list of
2480 forward ports of zone. See forward-port tag in
2481 firewalld.zone(5). For runtime operation see
2482 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2483
2484 queryIcmpBlock(s: icmptype) → b
2485 Return whether icmptype is in list of icmp types blocked in
2486 zone. See icmp-block tag in firewalld.zone(5). For runtime
2487 operation see
2488 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2489
2490 queryIcmpBlockInversion() → b
2491 Return whether icmp block inversion is in enabled in zone. See
2492 icmp-block-inversion tag in firewalld.zone(5). For runtime
2493 operation see
2494 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2495
2496 queryInterface(s: interface) → b
2497 Return whether interface is in list of interfaces bound to
2498 zone. See interface tag in firewalld.zone(5). For runtime
2499 operation see
2500 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2501
2502 queryMasquerade() → b
2503 Return whether masquerade is enabled in zone. This is the same
2504 as getMasquerade() method. See masquerade tag in
2505 firewalld.zone(5). For runtime operation see
2506 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2507
2508 queryPort(s: port, s: protocol) → b
2509 Return whether (port, protocol) is in list of ports of zone.
2510 See port tag in firewalld.zone(5). For runtime operation see
2511 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2512
2513 queryProtocol(s: protocol) → b
2514 Return whether protocol has been added in zone. For runtime
2515 operation see
2516 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2517
2518 Possible errors: INVALID_PROTOCOL
2519
2520 queryRichRule(s: rule) → b
2521 Return whether rule is in list of rich-language rules in zone.
2522 See rule tag in firewalld.zone(5). For runtime operation see
2523 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2524
2525 queryService(s: service) → b
2526 Return whether service is in list of services used in zone. See
2527 service tag in firewalld.zone(5). For runtime operation see
2528 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2529
2530 querySource(s: source) → b
2531 Return whether source is in list of source addresses bound to
2532 zone. See source tag in firewalld.zone(5). For runtime
2533 operation see
2534 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2535
2536 querySourcePort(s: port, s: protocol) → b
2537 Return whether (port, protocol) is in list of source ports of
2538 zone. See source-port tag in firewalld.zone(5). For runtime
2539 operation see
2540 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2541
2542 remove() → Nothing
2543 Remove not built-in zone.
2544
2545 Possible errors: BUILTIN_ZONE
2546
2547 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2548 Nothing
2549 Permanently remove (port, protocol, toport, toaddr) from list
2550 of forward ports of zone. See forward-port tag in
2551 firewalld.zone(5). For runtime operation see
2552 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2553
2554 Possible errors: NOT_ENABLED
2555
2556 removeIcmpBlock(s: icmptype) → Nothing
2557 Permanently remove icmptype from list of icmp types blocked in
2558 zone. See icmp-block tag in firewalld.zone(5). For runtime
2559 operation see
2560 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2561
2562 Possible errors: NOT_ENABLED
2563
2564 removeIcmpBlockInversion() → Nothing
2565 Permanently remove icmp block inversion from the zone. See
2566 icmp-block-inversion tag in firewalld.zone(5). For runtime
2567 operation see
2568 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2569
2570 Possible errors: NOT_ENABLED
2571
2572 removeInterface(s: interface) → Nothing
2573 Permanently remove interface from list of interfaces bound to
2574 zone. See interface tag in firewalld.zone(5). For runtime
2575 operation see
2576 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2577
2578 Possible errors: NOT_ENABLED
2579
2580 removeMasquerade() → Nothing
2581 Permanently disable masquerading in zone. See masquerade tag in
2582 firewalld.zone(5). For runtime operation see
2583 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2584
2585 Possible errors: NOT_ENABLED
2586
2587 removePort(s: port, s: protocol) → Nothing
2588 Permanently remove (port, protocol) from list of ports of zone.
2589 See port tag in firewalld.zone(5). For runtime operation see
2590 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2591
2592 Possible errors: NOT_ENABLED
2593
2594 removeProtocol(s: protocol) → Nothing
2595 Permanently remove protocol from zone. For runtime operation
2596 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2597
2598 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2599
2600 removeRichRule(s: rule) → Nothing
2601 Permanently remove rule from list of rich-language rules in
2602 zone. See rule tag in firewalld.zone(5). For runtime operation
2603 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2604
2605 Possible errors: NOT_ENABLED
2606
2607 removeService(s: service) → Nothing
2608 Permanently remove service from list of services used in zone.
2609 See service tag in firewalld.zone(5). For runtime operation see
2610 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2611
2612 Possible errors: NOT_ENABLED
2613
2614 removeSource(s: source) → Nothing
2615 Permanently remove source from list of source addresses bound
2616 to zone. See source tag in firewalld.zone(5). For runtime
2617 operation see
2618 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2619
2620 Possible errors: NOT_ENABLED
2621
2622 removeSourcePort(s: port, s: protocol) → Nothing
2623 Permanently remove (port, protocol) from list of source ports
2624 of zone. See source-port tag in firewalld.zone(5). For runtime
2625 operation see
2626 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2627
2628 Possible errors: NOT_ENABLED
2629
2630 rename(s: name) → Nothing
2631 Rename not built-in zone to name.
2632
2633 Possible errors: BUILTIN_ZONE
2634
2635 setDescription(s: description) → Nothing
2636 Permanently set description of zone to description. See
2637 description tag in firewalld.zone(5).
2638
2639 setForwardPorts(a(ssss): ports) → Nothing
2640 Permanently set forward ports of zone to list of (port,
2641 protocol, toport, toaddr). See forward-port tag in
2642 firewalld.zone(5).
2643
2644 setIcmpBlockInversion(b: flag) → Nothing
2645 Permanently set icmp block inversion flag of zone to flag. See
2646 icmp-block-inversion tag in firewalld.zone(5).
2647
2648 setIcmpBlocks(as: icmptypes) → Nothing
2649 Permanently set list of icmp types blocked in zone to
2650 icmptypes. See icmp-block tag in firewalld.zone(5).
2651
2652 setInterfaces(as: interfaces) → Nothing
2653 Permanently set list of interfaces bound to zone to interfaces.
2654 See interface tag in firewalld.zone(5).
2655
2656 setMasquerade(b: masquerade) → Nothing
2657 Permanently set masquerading in zone to masquerade. See
2658 masquerade tag in firewalld.zone(5).
2659
2660 setPorts(a(ss): ports) → Nothing
2661 Permanently set ports of zone to list of (port, protocol). See
2662 port tag in firewalld.zone(5).
2663
2664 setProtocols(as: protocols) → Nothing
2665 Permanently set list of protocols used in zone to protocols.
2666 See protocol tag in firewalld.zone(5).
2667
2668 setRichRules(as: rules) → Nothing
2669 Permanently set list of rich-language rules to rules. See rule
2670 tag in firewalld.zone(5).
2671
2672 setServices(as: services) → Nothing
2673 Permanently set list of services used in zone to services. See
2674 service tag in firewalld.zone(5).
2675
2676 setShort(s: short) → Nothing
2677 Permanently set name of zone to short. See short tag in
2678 firewalld.zone(5).
2679
2680 setSourcePorts(a(ss): ports) → Nothing
2681 Permanently set source-ports of zone to list of (port,
2682 protocol). See source-port tag in firewalld.zone(5).
2683
2684 setSources(as: sources) → Nothing
2685 Permanently set list of source addresses bound to zone to
2686 sources. See source tag in firewalld.zone(5).
2687
2688 setTarget(s: target) → Nothing
2689 Permanently set target of zone to target. See target attribute
2690 of zone tag in firewalld.zone(5).
2691
2692 setVersion(s: version) → Nothing
2693 Permanently set version of zone to version. See version
2694 attribute of zone tag in firewalld.zone(5).
2695
2696 update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing
2697 Update settings of zone to settings. Settings are in format:
2698 version, name, description, UNUSED, target, array of services,
2699 array of ports (port, protocol), array of icmp-blocks,
2700 masquerade, array of forward-ports (port, protocol, to-port,
2701 to-addr), array of interfaces, array of sources, array of rich
2702 rules, array of protocols and array of source-ports (port,
2703 protocol).
2704
2705 version (s): see version attribute of zone tag in
2706 firewalld.zone(5).
2707
2708 name (s): see short tag in firewalld.zone(5).
2709
2710 description (s): see description tag in firewalld.zone(5).
2711
2712 UNUSED (b): this boolean value is no longer used for anything.
2713
2714 target (s): see target attribute of zone tag in
2715 firewalld.zone(5).
2716
2717 services (as): array of service names, see service tag in
2718 firewalld.zone(5).
2719
2720 ports (a(ss)): array of port and protocol pairs. See port tag
2721 in firewalld.zone(5).
2722
2723 icmp-blocks (as): array of icmp-blocks. See icmp-block tag in
2724 firewalld.zone(5).
2725
2726 masquerade (b): see masquerade tag in firewalld.zone(5).
2727
2728 forward-ports (a(ssss)): array of (port, protocol, to-port,
2729 to-addr). See forward-port tag in firewalld.zone(5).
2730
2731 interfaces (as): array of interfaces. See interface tag in
2732 firewalld.zone(5).
2733
2734 source addresses (as): array of source addresses. See source
2735 tag in firewalld.zone(5).
2736
2737 rich rules (as): array of rich-language rules. See rule tag in
2738 firewalld.zone(5).
2739
2740 protocols (as): array of protocols. See protocol tag in
2741 firewalld.zone(5).
2742
2743 source-ports (a(ss)): array of port and protocol pairs. See
2744 source-port tag in firewalld.zone(5).
2745
2746 Possible errors: INVALID_TYPE
2747
2748 Signals
2749 Removed(s: name)
2750 Emitted when zone with name has been removed.
2751
2752 Renamed(s: name)
2753 Emitted when zone has been renamed to name.
2754
2755 Updated(s: name)
2756 Emitted when zone with name has been updated.
2757
2758 Properties
2759 builtin - b - (ro)
2760 True if zone is build-in, false else.
2761
2762 default - b - (ro)
2763 True if build-in zone has default settings. False if it has
2764 been modified. Always False for not build-in zones.
2765
2766 filename - s - (ro)
2767 Name (including .xml extension) of file where the configuration
2768 is stored.
2769
2770 name - s - (ro)
2771 Name of zone.
2772
2773 path - s - (ro)
2774 Path to directory where the zone configuration is stored.
2775 Should be either /usr/lib/firewalld/zones or
2776 /etc/firewalld/zones.
2777
2778 org.fedoraproject.FirewallD1.config.service
2779 Interface for permanent service configuration, see also
2780 firewalld.service(5).
2781
2782 Methods
2783 addModule(s: module) → Nothing
2784 This method is deprecated. Please use "helpers" in the
2785 update2() method.
2786
2787 addPort(s: port, s: protocol) → Nothing
2788 Permanently add (port, protocol) to list of ports in service.
2789 See port tag in firewalld.service(5).
2790
2791 Possible errors: ALREADY_ENABLED
2792
2793 addProtocol(s: protocol) → Nothing
2794 Permanently add protocol into zone. The protocol can be any
2795 protocol supported by the system. Please have a look at
2796 /etc/protocols for supported protocols. See protocol tag in
2797 firewalld.service(5).
2798
2799 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2800
2801 addSourcePort(s: port, s: protocol) → Nothing
2802 Permanently add (port, protocol) to list of source ports in
2803 service. See source-port tag in firewalld.service(5).
2804
2805 Possible errors: ALREADY_ENABLED
2806
2807 getDescription() → s
2808 Get description of service. See description tag in
2809 firewalld.service(5).
2810
2811 getDestination(s: family) → s
2812 Get destination for IP family being either 'ipv4' or 'ipv6'.
2813 See destination tag in firewalld.service(5).
2814
2815 Possible errors: ALREADY_ENABLED
2816
2817 getDestinations() → a{ss}
2818 Get list of destinations. Return value is a dictionary of {IP
2819 family : IP address} where 'IP family' key can be either 'ipv4'
2820 or 'ipv6'. See destination tag in firewalld.service(5).
2821
2822 getModules() → as
2823 This method is deprecated. Please use "helpers" in the
2824 getSettings2() method.
2825
2826 getPorts() → a(ss)
2827 Get list of (port, protocol) defined in service. See port tag
2828 in firewalld.service(5).
2829
2830 getProtocols() → as
2831 Return array of protocols (s) defined in service. See protocol
2832 tag in firewalld.service(5).
2833
2834 getSettings() → (sssa(ss)asa{ss}asa(ss))
2835 This function is deprecated, use
2836 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
2837 instead.
2838
2839 getSettings2(s: service) → s{sv}
2840 Return runtime settings of given service. For getting runtime
2841 settings see
2842 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
2843 Settings are a dictionary indexed by keywords. For the type of
2844 each value see below. If the value is empty it may be ommitted.
2845
2846 version (s): see version attribute of service tag in
2847 firewalld.service(5).
2848
2849 name (s): see short tag in firewalld.service(5).
2850
2851 description (s): see description tag in firewalld.service(5).
2852
2853 ports (a(ss)): array of port and protocol pairs. See port tag
2854 in firewalld.service(5).
2855
2856 module names (as): array of kernel netfilter helpers, see
2857 module tag in firewalld.service(5).
2858
2859 destinations (a{ss}): dictionary of {IP family : IP address}
2860 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
2861 destination tag in firewalld.service(5).
2862
2863 protocols (as): array of protocols, see protocol tag in
2864 firewalld.service(5).
2865
2866 source_ports (a(ss)): array of port and protocol pairs. See
2867 source-port tag in firewalld.service(5).
2868
2869 includes (as): array of service includes, see include tag in
2870 firewalld.service(5).
2871
2872 helpers (as): array of service helpers, see helper tag in
2873 firewalld.service(5).
2874
2875
2876 getShort() → s
2877 Get name of service. See short tag in firewalld.service(5).
2878
2879 getSourcePorts() → a(ss)
2880 Get list of (port, protocol) defined in service. See
2881 source-port tag in firewalld.service(5).
2882
2883 getVersion() → s
2884 Get version of service. See version attribute of service tag in
2885 firewalld.service(5).
2886
2887 loadDefaults() → Nothing
2888 Load default settings for built-in service.
2889
2890 Possible errors: NO_DEFAULTS
2891
2892 queryDestination(s: family, s: address) → b
2893 Return whether a destination is in dictionary of destinations
2894 of this service. destination is in format: (IP family, IP
2895 address) where IP family can be either 'ipv4' or 'ipv6'. See
2896 destination tag in firewalld.service(5).
2897
2898 queryModule(s: module) → b
2899 This method is deprecated. Please use "helpers" in the
2900 getSettings2() method.
2901
2902 queryPort(s: port, s: protocol) → b
2903 Return whether (port, protocol) is in list of ports in service.
2904 See port tag in firewalld.service(5).
2905
2906 queryProtocol(s: protocol) → b
2907 Return whether protocol is in list of protocols in service. See
2908 protocol tag in firewalld.service(5).
2909
2910 querySourcePort(s: port, s: protocol) → b
2911 Return whether (port, protocol) is in list of source ports in
2912 service. See source-port tag in firewalld.service(5).
2913
2914 remove() → Nothing
2915 Remove not built-in service.
2916
2917 Possible errors: BUILTIN_SERVICE
2918
2919 removeDestination(s: family) → Nothing
2920 Permanently remove a destination with family ('ipv4' or 'ipv6')
2921 from service. See destination tag in firewalld.service(5).
2922
2923 Possible errors: NOT_ENABLED
2924
2925 removeModule(s: module) → Nothing
2926 This method is deprecated. Please use "helpers" in the
2927 update2() method.
2928
2929 removePort(s: port, s: protocol) → Nothing
2930 Permanently remove (port, protocol) from list of ports in
2931 service. See port tag in firewalld.service(5).
2932
2933 Possible errors: NOT_ENABLED
2934
2935 removeProtocol(s: protocol) → Nothing
2936 Permanently remove protocol from list of protocols in service.
2937 See protocol tag in firewalld.service(5).
2938
2939 Possible errors: NOT_ENABLED
2940
2941 removeSourcePort(s: port, s: protocol) → Nothing
2942 Permanently remove (port, protocol) from list of source ports
2943 in service. See source-port tag in firewalld.service(5).
2944
2945 Possible errors: NOT_ENABLED
2946
2947 rename(s: name) → Nothing
2948 Rename not built-in service to name.
2949
2950 Possible errors: BUILTIN_SERVICE
2951
2952 setDescription(s: description) → Nothing
2953 Permanently set description of service to description. See
2954 description tag in firewalld.service(5).
2955
2956 setDestination(s: family, s: address) → Nothing
2957 Permanently set a destination address. destination is in
2958 format: (IP family, IP address) where IP family can be either
2959 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
2960
2961 Possible errors: ALREADY_ENABLED
2962
2963 setDestinations(a{ss}: destinations) → Nothing
2964 Permanently set destinations of service to destinations, which
2965 is a dictionary of {IP family : IP address} where 'IP family'
2966 key can be either 'ipv4' or 'ipv6'. See destination tag in
2967 firewalld.service(5).
2968
2969 setModules(as: modules) → Nothing
2970 This method is deprecated. Please use "helpers" in the
2971 update2() method.
2972
2973 setPorts(a(ss): ports) → Nothing
2974 Permanently set ports of service to list of (port, protocol).
2975 See port tag in firewalld.service(5).
2976
2977 setProtocols(as: protocols) → Nothing
2978 Permanently set protocols of service to list of protocols. See
2979 protocol tag in firewalld.service(5).
2980
2981 setShort(s: short) → Nothing
2982 Permanently set name of service to short. See short tag in
2983 firewalld.service(5).
2984
2985 setSourcePorts(a(ss): ports) → Nothing
2986 Permanently set source-ports of service to list of (port,
2987 protocol). See source-port tag in firewalld.service(5).
2988
2989 setVersion(s: version) → Nothing
2990 Permanently set version of service to version. See version
2991 attribute of service tag in firewalld.service(5).
2992
2993 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
2994 This function is deprecated, use
2995 org.fedoraproject.FirewallD1.config.service.Methods.update2
2996 instead.
2997
2998 update2a{sv}: settings) → Nothing
2999 Update settings of service to settings. Settings are a
3000 dictionary indexed by keywords. For the type of each value see
3001 below. To zero a value pass an empty string or list.
3002
3003 version (s): see version attribute of service tag in
3004 firewalld.service(5).
3005
3006 name (s): see short tag in firewalld.service(5).
3007
3008 description (s): see description tag in firewalld.service(5).
3009
3010 ports (a(ss)): array of port and protocol pairs. See port tag
3011 in firewalld.service(5).
3012
3013 module names (as): array of kernel netfilter helpers, see
3014 module tag in firewalld.service(5).
3015
3016 destinations (a{ss}): dictionary of {IP family : IP address}
3017 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3018 destination tag in firewalld.service(5).
3019
3020 protocols (as): array of protocols, see protocol tag in
3021 firewalld.service(5).
3022
3023 source_ports (a(ss)): array of port and protocol pairs. See
3024 source-port tag in firewalld.service(5).
3025
3026 includes (as): array of service includes, see include tag in
3027 firewalld.service(5).
3028
3029 helpers (as): array of service helpers, see helper tag in
3030 firewalld.service(5).
3031
3032 Possible errors: INVALID_TYPE
3033
3034 Signals
3035 Removed(s: name)
3036 Emitted when service with name has been removed.
3037
3038 Renamed(s: name)
3039 Emitted when service has been renamed to name.
3040
3041 Updated(s: name)
3042 Emitted when service with name has been updated.
3043
3044 Properties
3045 builtin - b - (ro)
3046 True if service is build-in, false else.
3047
3048 default - b - (ro)
3049 True if build-in service has default settings. False if it has
3050 been modified. Always False for not build-in services.
3051
3052 filename - s - (ro)
3053 Name (including .xml extension) of file where the configuration
3054 is stored.
3055
3056 name - s - (ro)
3057 Name of service.
3058
3059 path - s - (ro)
3060 Path to directory where the configuration is stored. Should be
3061 either /usr/lib/firewalld/services or /etc/firewalld/services.
3062
3063 org.fedoraproject.FirewallD1.config.helper
3064 Interface for permanent helper configuration, see also
3065 firewalld.helper(5).
3066
3067 Methods
3068 addPort(s: port, s: protocol) → Nothing
3069 Permanently add (port, protocol) to list of ports in helper.
3070 See port tag in firewalld.helper(5).
3071
3072 Possible errors: ALREADY_ENABLED
3073
3074 getDescription() → s
3075 Get description of helper. See description tag in
3076 firewalld.helper(5).
3077
3078 getFamily() → s
3079 Get family being 'ipv4', 'ipv6' or empty for both. See family
3080 tag in firewalld.helper(5).
3081
3082 getModule() → s
3083 Get modules (netfilter kernel helpers) used in helper. See
3084 module tag in firewalld.helper(5).
3085
3086 getPorts() → a(ss)
3087 Get list of (port, protocol) defined in helper. See port tag in
3088 firewalld.helper(5).
3089
3090 getSettings() → (sssssa(ss))
3091 Return permanent settings of a helper. For getting runtime
3092 settings see
3093 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3094 Settings are in format: version, name, description, family,
3095 module, array of ports (port, protocol).
3096
3097 version (s): see version attribute of helper tag in
3098 firewalld.helper(5).
3099
3100 name (s): see short tag in firewalld.helper(5).
3101
3102 description (s): see description tag in firewalld.helper(5).
3103
3104 family (s): see family tag in firewalld.helper(5).
3105
3106 module (s): see module tag in firewalld.helper(5).
3107
3108 ports (a(ss)): array of port and protocol pairs. See port tag
3109 in firewalld.helper(5).
3110
3111
3112 getShort() → s
3113 Get name of helper. See short tag in firewalld.helper(5).
3114
3115 getVersion() → s
3116 Get version of helper. See version attribute of helper tag in
3117 firewalld.helper(5).
3118
3119 loadDefaults() → Nothing
3120 Load default settings for built-in helper.
3121
3122 Possible errors: NO_DEFAULTS
3123
3124 queryFamily(s: module) → b
3125 Return whether family is set for helper. See family tag in
3126 firewalld.helper(5).
3127
3128 queryModule(s: module) → b
3129 Return whether module (netfilter kernel helpers) is used in
3130 helper. See module tag in firewalld.helper(5).
3131
3132 queryPort(s: port, s: protocol) → b
3133 Return whether (port, protocol) is in list of ports in helper.
3134 See port tag in firewalld.helper(5).
3135
3136 remove() → Nothing
3137 Remove not built-in helper.
3138
3139 Possible errors: BUILTIN_HELPER
3140
3141 removePort(s: port, s: protocol) → Nothing
3142 Permanently remove (port, protocol) from list of ports in
3143 helper. See port tag in firewalld.helper(5).
3144
3145 Possible errors: NOT_ENABLED
3146
3147 rename(s: name) → Nothing
3148 Rename not built-in helper to name.
3149
3150 Possible errors: BUILTIN_HELPER
3151
3152 setDescription(s: description) → Nothing
3153 Permanently set description of helper to description. See
3154 description tag in firewalld.helper(5).
3155
3156 setFamily(s: family) → Nothing
3157 Permanently set family of helper to family. See family tag in
3158 firewalld.helper(5).
3159
3160 setModule(s: module) → Nothing
3161 Permanently set module of helper to description. See module tag
3162 in firewalld.helper(5).
3163
3164 setPorts(a(ss): ports) → Nothing
3165 Permanently set ports of helper to list of (port, protocol).
3166 See port tag in firewalld.helper(5).
3167
3168 setShort(s: short) → Nothing
3169 Permanently set name of helper to short. See short tag in
3170 firewalld.helper(5).
3171
3172 setVersion(s: version) → Nothing
3173 Permanently set version of helper to version. See version
3174 attribute of helper tag in firewalld.helper(5).
3175
3176 update((sssssa(ss)): settings) → Nothing
3177 Update settings of helper to settings. Settings are in format:
3178 version, name, description, family, module and array of ports.
3179
3180 version (s): see version attribute of helper tag in
3181 firewalld.helper(5).
3182
3183 name (s): see short tag in firewalld.helper(5).
3184
3185 description (s): see description tag in firewalld.helper(5).
3186
3187 family (s): see family tag in firewalld.helper(5).
3188
3189 module (s): see module tag in firewalld.helper(5).
3190
3191 ports (a(ss)): array of port and protocol pairs. See port tag
3192 in firewalld.helper(5).
3193
3194 Possible errors: INVALID_HELPER
3195
3196 Signals
3197 Removed(s: name)
3198 Emitted when helper with name has been removed.
3199
3200 Renamed(s: name)
3201 Emitted when helper has been renamed to name.
3202
3203 Updated(s: name)
3204 Emitted when helper with name has been updated.
3205
3206 Properties
3207 builtin - b - (ro)
3208 True if helper is build-in, false else.
3209
3210 default - b - (ro)
3211 True if build-in helper has default settings. False if it has
3212 been modified. Always False for not build-in helpers.
3213
3214 filename - s - (ro)
3215 Name (including .xml extension) of file where the configuration
3216 is stored.
3217
3218 name - s - (ro)
3219 Name of helper.
3220
3221 path - s - (ro)
3222 Path to directory where the configuration is stored. Should be
3223 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3224
3225 org.fedoraproject.FirewallD1.config.icmptype
3226 Interface for permanent icmp type configuration, see also
3227 firewalld.icmptype(5).
3228
3229 Methods
3230 addDestination(s: destination) → Nothing
3231 Permanently add a destination ('ipv4' or 'ipv6') to list of
3232 destinations of this icmp type. See destination tag in
3233 firewalld.icmptype(5).
3234
3235 Possible errors: ALREADY_ENABLED
3236
3237 getDescription() → s
3238 Get description of icmp type. See description tag in
3239 firewalld.icmptype(5).
3240
3241 getDestinations() → as
3242 Get list of destinations. See destination tag in
3243 firewalld.icmptype(5).
3244
3245 getSettings() → (sssas)
3246 Return permanent settings of icmp type. For getting runtime
3247 settings see
3248 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3249 Settings are in format: version, name, description, array of
3250 destinations.
3251
3252 version (s): see version attribute of icmptype tag in
3253 firewalld.icmptype(5).
3254
3255 name (s): see short tag in firewalld.icmptype(5).
3256
3257 description (s): see description tag in firewalld.icmptype(5).
3258
3259 destinations (as): array, either empty or containing strings
3260 'ipv4' and/or 'ipv6', see destination tag in
3261 firewalld.icmptype(5).
3262
3263
3264 getShort() → s
3265 Get name of icmp type. See short tag in firewalld.icmptype(5).
3266
3267 getVersion() → s
3268 Get version of icmp type. See version attribute of icmptype tag
3269 in firewalld.icmptype(5).
3270
3271 loadDefaults() → Nothing
3272 Load default settings for built-in icmp type.
3273
3274 Possible errors: NO_DEFAULTS
3275
3276 queryDestination(s: destination) → b
3277 Return whether a destination ('ipv4' or 'ipv6') is in list of
3278 destinations of this icmp type. See destination tag in
3279 firewalld.icmptype(5).
3280
3281 remove() → Nothing
3282 Remove not built-in icmp type.
3283
3284 Possible errors: BUILTIN_ICMPTYPE
3285
3286 removeDestination(s: destination) → Nothing
3287 Permanently remove a destination ('ipv4' or 'ipv6') from list
3288 of destinations of this icmp type. See destination tag in
3289 firewalld.icmptype(5).
3290
3291 Possible errors: NOT_ENABLED
3292
3293 rename(s: name) → Nothing
3294 Rename not built-in icmp type to name.
3295
3296 Possible errors: BUILTIN_ICMPTYPE
3297
3298 setDescription(s: description) → Nothing
3299 Permanently set description of icmp type to description. See
3300 description tag in firewalld.icmptype(5).
3301
3302 setDestinations(as: destinations) → Nothing
3303 Permanently set destinations of icmp type to destinations,
3304 which is array, either empty or containing strings 'ipv4'
3305 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3306
3307 setShort(s: short) → Nothing
3308 Permanently set name of icmp type to short. See short tag in
3309 firewalld.icmptype(5).
3310
3311 setVersion(s: version) → Nothing
3312 Permanently set version of icmp type to version. See version
3313 attribute of icmptype tag in firewalld.icmptype(5).
3314
3315 update((sssas): settings) → Nothing
3316 Update permanent settings of icmp type to settings. Settings
3317 are in format: version, name, description, array of
3318 destinations.
3319
3320 version (s): see version attribute of icmptype tag in
3321 firewalld.icmptype(5).
3322
3323 name (s): see short tag in firewalld.icmptype(5).
3324
3325 description (s): see description tag in firewalld.icmptype(5).
3326
3327 destinations (as): array, either empty or containing strings
3328 'ipv4' and/or 'ipv6', see destination tag in
3329 firewalld.icmptype(5).
3330
3331
3332 Signals
3333 Removed(s: name)
3334 Emitted when icmp type with name has been removed.
3335
3336 Renamed(s: name)
3337 Emitted when icmp type has been renamed to name.
3338
3339 Updated(s: name)
3340 Emitted when icmp type with name has been updated.
3341
3342 Properties
3343 builtin - b - (ro)
3344 True if icmptype is build-in, false else.
3345
3346 default - b - (ro)
3347 True if build-in icmp type has default settings. False if it
3348 has been modified. Always False for not build-in zones.
3349
3350 filename - s - (ro)
3351 Name (including .xml extension) of file where the configuration
3352 is stored.
3353
3354 name - s - (ro)
3355 Name of icmp type.
3356
3357 path - s - (ro)
3358 Path to directory where the icmp type configuration is stored.
3359 Should be either /usr/lib/firewalld/icmptypes or
3360 /etc/firewalld/icmptypes.
3361
3363 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3364 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3365 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3366 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3367 firewalld.zone(5), firewalld.zones(5), firewalld.ipset(5),
3368 firewalld.helper(5)
3369
3371 firewalld home page:
3372 http://firewalld.org
3373
3374 More documentation with examples:
3375 http://fedoraproject.org/wiki/FirewallD
3376
3378 Thomas Woerner <twoerner@redhat.com>
3379 Developer
3380
3381 Jiri Popelka <jpopelka@redhat.com>
3382 Developer
3383
3384 Eric Garver <eric@garver.life>
3385 Developer
3386
3387
3388
3389firewalld 0.8.2 FIREWALLD.DBUS(5)