1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
3
4
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11
12 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21
22 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29
30 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35
36 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41
42 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47
48 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
54
55
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61
62 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67
68 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75
76 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80
81 Possible errors: NOT_ENABLED, COMMAND_FAILED
82
83 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87
88 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89
90 getAutomaticHelpers() → s
91 Deprecated. This always returns "no".
92
93 getDefaultZone() → s
94 Return default zone.
95
96 getHelperSettings(s: helper) → (sssssa(ss))
97 Return runtime settings of given helper. For getting permanent
98 settings see
99 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
100 Settings are in format: version, name, description, family,
101 module and array of ports.
102
103 version (s): see version attribute of helper tag in
104 firewalld.helper(5).
105
106 name (s): see short tag in firewalld.helper(5).
107
108 description (s): see description tag in firewalld.helper(5).
109
110 family (s): see family tag in firewalld.helper(5).
111
112 module (s): see module tag in firewalld.helper(5).
113
114 ports (a(ss)): array of port and protocol pairs. See port tag
115 in firewalld.helper(5).
116
117 Possible errors: INVALID_HELPER
118
119 getHelpers() → as
120 Return array of helper names (s) in runtime configuration. For
121 permanent configuration see
122 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
123
124 getIcmpTypeSettings(s: icmptype) → (sssas)
125 Return runtime settings of given icmptype. For getting
126 permanent settings see
127 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
128 Settings are in format: version, name, description, array of
129 destinations.
130
131 version (s): see version attribute of icmptype tag in
132 firewalld.icmptype(5).
133
134 name (s): see short tag in firewalld.icmptype(5).
135
136 description (s): see description tag in firewalld.icmptype(5).
137
138 destinations (as): array, either empty or containing strings
139 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
140
141 Possible errors: INVALID_ICMPTYPE
142
143 getLogDenied() → s
144 Retruns the LogDenied value. If LogDenied is enabled, then
145 logging rules are added right before reject and drop rules in
146 the INPUT, FORWARD and OUTPUT chains for the default rules and
147 also final reject and drop rules in zones. Possible values are:
148 all, unicast, broadcast, multicast and off. The default value
149 is off
150
151 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
152 This function is deprecated, use
153 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
154 instead.
155
156 getServiceSettings2(s: service) → s{sv}
157 Return runtime settings of given service. For getting permanent
158 settings see
159 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
160 Settings are a dictionary indexed by keywords. For the type of
161 each value see below. If the value is empty it may be ommitted.
162
163 version (s): see version attribute of service tag in
164 firewalld.service(5).
165
166 name (s): see short tag in firewalld.service(5).
167
168 description (s): see description tag in firewalld.service(5).
169
170 ports (a(ss)): array of port and protocol pairs. See port tag
171 in firewalld.service(5).
172
173 module names (as): array of kernel netfilter helpers, see
174 module tag in firewalld.service(5).
175
176 destinations (a{ss}): dictionary of {IP family : IP address}
177 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
178 destination tag in firewalld.service(5).
179
180 protocols (as): array of protocols, see protocol tag in
181 firewalld.service(5).
182
183 source_ports (a(ss)): array of port and protocol pairs. See
184 source-port tag in firewalld.service(5).
185
186 includes (as): array of service includes, see include tag in
187 firewalld.service(5).
188
189 helpers (as): array of service helpers, see helper tag in
190 firewalld.service(5).
191
192 Possible errors: INVALID_SERVICE
193
194 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
195 This function is deprecated, use
196 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2
197 instead.
198
199 listIcmpTypes() → as
200 Return array of names (s) of icmp types in runtime
201 configuration. For permanent configuration see
202 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
203
204 listServices() → as
205 Return array of service names (s) in runtime configuration. For
206 permanent configuration see
207 org.fedoraproject.FirewallD1.config.Methods.listServices.
208
209 queryPanicMode() → b
210 Return true if panic mode is enabled, false otherwise. In panic
211 mode all incoming and outgoing packets are dropped.
212
213 reload() → Nothing
214 Reload firewall rules and keep state information. Current
215 permanent configuration will become new runtime configuration,
216 i.e. all runtime only changes done until reload are lost with
217 reload if they have not been also in permanent configuration.
218
219 runtimeToPermanent() → Nothing
220 Make runtime settings permanent. Replaces permanent settings
221 with runtime settings for zones, services, icmptypes, direct
222 and policies (lockdown whitelist).
223
224 Possible errors: RT_TO_PERM_FAILED
225
226 checkPermanentConfig() → Nothing
227 Run checks on the permanent configuration. This is most useful
228 if changes were made manually to configuration files.
229
230 Possible errors: any
231
232 setDefaultZone(s: zone) → Nothing
233 Set default zone for connections and interfaces where no zone
234 has been selected to zone. Setting the default zone changes the
235 zone for the connections or interfaces, that are using the
236 default zone. This is a runtime and permanent change.
237
238 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
239
240 setLogDenied(s: value) → Nothing
241 Set LogDenied value to value. If LogDenied is enabled, then
242 logging rules are added right before reject and drop rules in
243 the INPUT, FORWARD and OUTPUT chains for the default rules and
244 also final reject and drop rules in zones. Possible values are:
245 all, unicast, broadcast, multicast and off. The default value
246 is off This is a runtime and permanent change.
247
248 Possible errors: ALREADY_SET, INVALID_VALUE
249
250 Signals
251 DefaultZoneChanged(s: zone)
252 Emitted when default zone has been changed to zone.
253
254 LogDeniedChanged(s: value)
255 Emitted when LogDenied value has been changed.
256
257 PanicModeDisabled()
258 Emitted when panic mode has been deactivated.
259
260 PanicModeEnabled()
261 Emitted when panic mode has been activated.
262
263 Reloaded()
264 Emitted when firewalld has been reloaded. Also emitted for a
265 complete reload.
266
267 Properties
268 BRIDGE - b - (ro)
269 Indicates whether the firewall has ethernet bridge support.
270
271 IPSet - b - (ro)
272 Indicates whether the firewall has IPSet support.
273
274 IPSetTypes - as - (ro)
275 The supported IPSet types by ipset and firewalld.
276
277 IPv4 - b - (ro)
278 Indicates whether the firewall has IPv4 support.
279
280 IPv4ICMPTypes - as - (ro)
281 The list of supported IPv4 ICMP types.
282
283 IPv6 - b - (ro)
284 Indicates whether the firewall has IPv6 support.
285
286 IPv6_rpfilter - b - (ro)
287 Indicates whether the reverse path filter test on a packet for
288 IPv6 is enabled. If a reply to the packet would be sent via the
289 same interface that the packet arrived on, the packet will
290 match and be accepted, otherwise dropped.
291
292 IPv6ICMPTypes - as - (ro)
293 The list of supported IPv6 ICMP types.
294
295 nf_conntrach_helper_setting - b - (ro)
296 Deprecated. Always False.
297
298 nf_conntrack_helpers - a{sas} - (ro)
299 Deprecated. Always returns an empty dictionary.
300
301 nf_nat_helpers - a{sas} - (ro)
302 Deprecated. Always returns an empty dictionary.
303
304 interface_version - s - (ro)
305 firewalld D-Bus interface version string.
306
307 state - s - (ro)
308 firewalld state. This can be either INIT, FAILED, or RUNNING.
309 In INIT state, firewalld is starting up and initializing. In
310 FAILED state, firewalld completely started but experienced a
311 failure.
312
313 version - s - (ro)
314 firewalld version string.
315
316 org.fedoraproject.FirewallD1.ipset
317 Operations in this interface allows to get, add, remove and query
318 runtime ipset settings. For permanent configuration see
319 org.fedoraproject.FirewallD1.config.ipset interface.
320
321 Methods
322 addEntry(s: ipset, s: entry) → as
323 Add a new entry to ipset. The entry must match the type of the
324 ipset. If the ipset is using the timeout option, it is not
325 possible to see the entries, as they are timing out
326 automatically in the kernel. For permanent operation see
327 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
328
329 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
330
331 getEntries(s: ipset) → Nothing
332 Get all entries added to the ipset. If the ipset is using the
333 timeout option, it is not possible to see the entries, as they
334 are timing out automatically in the kernel. Return value is a
335 array of entry. For permanent operation see
336 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
337
338 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
339
340 getSettings(s: ipset) → (ssssa{ss}as)
341 Return runtime settings of given ipset. For getting permanent
342 settings see
343 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
344 Settings are in format: version, name, description, type,
345 dictionary of options and array of entries.
346
347 version (s): see version attribute of ipset tag in
348 firewalld.ipset(5).
349
350 name (s): see short tag in firewalld.ipset(5).
351
352 description (s): see description tag in firewalld.ipset(5).
353
354 type (s): see type attribute of ipset tag in
355 firewalld.ipset(5).
356
357 options (a{ss}): dictionary of {option : value} . See options
358 tag in firewalld.ipset(5).
359
360 entries (as): array of entries, see entry tag in
361 firewalld.ipset(5).
362
363 Possible errors: INVALID_IPSET
364
365 getIPSets() → as
366 Return array of ipset names (s) in runtime configuration. For
367 permanent configuration see
368 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
369
370 queryEntry(s: ipset, s: entry) → b
371 Return whether entry has been added to ipset. For permanent
372 operation see
373 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
374
375 Possible errors: INVALID_IPSET
376
377 queryIPSet(s: ipset) → b
378 Return whether ipset is defined in runtime configuration.
379
380 removeEntry(s: ipset, s: entry) → as
381 Removes an entry from ipset. For permanent operation see
382 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
383
384 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
385
386 setEntries(as: entries) → Nothing
387 Permanently set list of entries to entries. For permanent
388 operation see
389 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
390 See entry tag in firewalld.ipset(5).
391
392 Signals
393 EntryAdded(s: ipset, s: entry)
394 Emitted when entry has been added to ipset.
395
396 EntryRemoved(s: ipset, s: entry)
397 Emitted when entry has been removed from ipset.
398
399 org.fedoraproject.FirewallD1.direct
400 This interface enables more direct access to the firewall. It enables
401 runtime manipulation with chains and rules. For permanent configuration
402 see org.fedoraproject.FirewallD1.config.direct interface.
403
404 Methods
405 addChain(s: ipv, s: table, s: chain) → Nothing
406 Add a new chain to table for ipv being either ipv4 (iptables)
407 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
408 other chain with this name already. There already exist basic
409 chains to use with direct methods, for example INPUT_direct
410 chain. These chains are jumped into before chains for zones,
411 i.e. every rule put into INPUT_direct will be checked before
412 rules in zones. For permanent operation see
413 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
414
415 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
416 COMMAND_FAILED
417
418 addPassthrough(s: ipv, as: args) → Nothing
419 Add a tracked passthrough rule with the arguments args for ipv
420 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
421 (ebtables). Valid commands in args are only -A/--append,
422 -I/--insert and -N/--new-chain. This method is (unlike
423 passthrough method) tracked, i.e. firewalld remembers it. It's
424 useful with
425 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
426 permanent operation see
427 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
428
429 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
430
431 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
432 Nothing
433 Add a rule with the arguments args to chain in table with
434 priority for ipv being either ipv4 (iptables) or ipv6
435 (ip6tables) or eb (ebtables). The priority is used to order
436 rules. Priority 0 means add rule on top of the chain, with a
437 higher priority the rule will be added further down. Rules with
438 the same priority are on the same level and the order of these
439 rules is not fixed and may change. If you want to make sure
440 that a rule will be added after another one, use a low priority
441 for the first and a higher for the following. For permanent
442 operation see
443 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
444
445 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
446 COMMAND_FAILED
447
448 getAllChains() → a(sss)
449 Get all chains added to all tables in format: ipv, table,
450 chain. This concerns only chains previously added with
451 addChain. Return value is a array of (ipv, table, chain). For
452 permanent operation see
453 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
454
455 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
456 (ebtables).
457
458 table (s): one of filter, mangle, nat, raw, security
459
460 chain (s): name of a chain.
461
462
463 getAllPassthroughs() → a(sas)
464 Get all tracked passthrough rules added in all ipv types in
465 format: ipv, rule. This concerns only rules previously added
466 with addPassthrough. Return value is a array of (ipv, array of
467 arguments). For permanent operation see
468 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
469
470 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
471 (ebtables).
472
473 arguments (as): array of commands, parameters and other
474 iptables/ip6tables/ebtables command line options.
475
476
477 getAllRules() → a(sssias)
478 Get all rules added to all chains in all tables in format: ipv,
479 table, chain, priority, rule. This concerns only rules
480 previously added with addRule. Return value is a array of (ipv,
481 table, chain, priority, array of arguments). For permanent
482 operation see
483 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
484
485 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
486 (ebtables).
487
488 table (s): one of filter, mangle, nat, raw, security
489
490 chain (s): name of a chain.
491
492 priority (i): used to order rules.
493
494 arguments (as): array of commands, parameters and other
495 iptables/ip6tables/ebtables command line options.
496
497
498 getChains(s: ipv, s: table) → as
499 Return an array of chains (s) added to table for ipv being
500 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
501 This concerns only chains previously added with addChain. For
502 permanent operation see
503 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
504
505 Possible errors: INVALID_IPV, INVALID_TABLE
506
507 getPassthroughs(s: ipv) → aas
508 Get tracked passthrough rules added in either ipv4 (iptables)
509 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
510 previously added with addPassthrough. Return value is a array
511 of (array of arguments). For permanent operation see
512 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
513
514 arguments (as): array of commands, parameters and other
515 iptables/ip6tables/ebtables command line options.
516
517
518 getRules(s: ipv, s: table, s: chain) → a(ias)
519 Get all rules added to chain in table for ipv being either ipv4
520 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
521 only rules previously added with addRule. Return value is a
522 array of (priority, array of arguments). For permanent
523 operation see
524 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
525
526 priority (i): used to order rules.
527
528 arguments (as): array of commands, parameters and other
529 iptables/ip6tables/ebtables command line options.
530
531 Possible errors: INVALID_IPV, INVALID_TABLE
532
533 passthrough(s: ipv, as: args) → s
534 Pass a command through to the firewall. ipv can be either ipv4
535 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
536 all iptables, ip6tables and ebtables command line arguments.
537 args can be all iptables, ip6tables and ebtables command line
538 arguments. This command is untracked, which means that
539 firewalld is not able to provide information about this command
540 later on.
541
542 Possible errors: COMMAND_FAILED
543
544 queryChain(s: ipv, s: table, s: chain) → b
545 Return whether a chain exists in table for ipv being either
546 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
547 concerns only chains previously added with addChain. For
548 permanent operation see
549 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
550
551 Possible errors: INVALID_IPV, INVALID_TABLE
552
553 queryPassthrough(s: ipv, as: args) → b
554 Return whether a tracked passthrough rule with the arguments
555 args exists for ipv being either ipv4 (iptables) or ipv6
556 (ip6tables) or eb (ebtables). This concerns only rules
557 previously added with addPassthrough. For permanent operation
558 see
559 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
560
561 Possible errors: INVALID_IPV
562
563 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
564 Return whether a rule with priority and the arguments args
565 exists in chain in table for ipv being either ipv4 (iptables)
566 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
567 previously added with addRule. For permanent operation see
568 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
569
570 Possible errors: INVALID_IPV, INVALID_TABLE
571
572 removeAllPassthroughs() → Nothing
573 Remove all passthrough rules previously added with
574 addPassthrough.
575
576 removeChain(s: ipv, s: table, s: chain) → Nothing
577 Remove a chain from table for ipv being either ipv4 (iptables)
578 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
579 added with addChain can be removed this way. For permanent
580 operation see
581 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
582
583 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
584 COMMAND_FAILED
585
586 removePassthrough(s: ipv, as: args) → Nothing
587 Remove a tracked passthrough rule with arguments args for ipv
588 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
589 (ebtables). Only rules previously added with addPassthrough can
590 be removed this way. For permanent operation see
591 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
592
593 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
594
595 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
596 Nothing
597 Remove a rule with priority and arguments args from chain in
598 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
599 or eb (ebtables). Only rules previously added with addRule can
600 be removed this way. For permanent operation see
601 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
602
603 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
604 COMMAND_FAILED
605
606 removeRules(s: ipv, s: table, s: chain) → Nothing
607 Remove all rules from chain in table for ipv being either ipv4
608 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
609 only rules previously added with addRule. For permanent
610 operation see
611 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
612
613 Possible errors: INVALID_IPV, INVALID_TABLE
614
615 Signals
616 ChainAdded(s: ipv, s: table, s: chain)
617 Emitted when chain has been added into table for ipv being
618 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
619
620 ChainRemoved(s: ipv, s: table, s: chain)
621 Emitted when chain has been removed from table for ipv being
622 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
623
624 PassthroughAdded(s: ipv, as: args)
625 Emitted when a tracked passthruogh rule with args has been
626 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
627 or eb (ebtables).
628
629 PassthroughRemoved(s: ipv, as: args)
630 Emitted when a tracked passthrough rule with args has been
631 removed for ipv being either ipv4 (iptables) or ipv6
632 (ip6tables) or eb (ebtables).
633
634 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
635 Emitted when a rule with args has been added to chain in table
636 with priority for ipv being either ipv4 (iptables) or ipv6
637 (ip6tables) or eb (ebtables).
638
639 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
640 Emitted when a rule with args has been removed from chain in
641 table with priority for ipv being either ipv4 (iptables) or
642 ipv6 (ip6tables) or eb (ebtables).
643
644 org.fedoraproject.FirewallD1.policies
645 Enables firewalld to be able to lock down configuration changes from
646 local applications. Local applications or services are able to change
647 the firewall configuration if they are running as root (example:
648 libvirt). With these operations administrator can lock the firewall
649 configuration so that either none or only applications that are in the
650 whitelist are able to request firewall changes. For permanent
651 configuration see org.fedoraproject.FirewallD1.config.policies
652 interface.
653
654 Methods
655 addLockdownWhitelistCommand(s: command) → Nothing
656 Add command to whitelist. See command option in
657 firewalld.lockdown-whitelist(5). For permanent operation see
658 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
659
660 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
661
662 addLockdownWhitelistContext(s: context) → Nothing
663 Add context to whitelist. See selinux option in
664 firewalld.lockdown-whitelist(5). For permanent operation see
665 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
666
667 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
668
669 addLockdownWhitelistUid(i: uid) → Nothing
670 Add user id uid to whitelist. See user option in
671 firewalld.lockdown-whitelist(5). For permanent operation see
672 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
673
674 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
675
676 addLockdownWhitelistUser(s: user) → Nothing
677 Add user name to whitelist. See user option in
678 firewalld.lockdown-whitelist(5). For permanent operation see
679 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
680
681 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
682
683 disableLockdown() → Nothing
684 Disable lockdown. This is a runtime and permanent change.
685
686 Possible errors: NOT_ENABLED
687
688 enableLockdown() → Nothing
689 Enable lockdown. Be careful - if the calling application/user
690 is not on lockdown whitelist when you enable lockdown you won't
691 be able to disable it again with the application, you would
692 need to edit firewalld.conf. This is a runtime and permanent
693 change.
694
695 Possible errors: ALREADY_ENABLED
696
697 getLockdownWhitelistCommands() → as
698 List all command lines (s) that are on whitelist. For permanent
699 operation see
700 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
701
702 getLockdownWhitelistContexts() → as
703 List all contexts (s) that are on whitelist. For permanent
704 operation see
705 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
706
707 getLockdownWhitelistUids() → ai
708 List all user ids (i) that are on whitelist. For permanent
709 operation see
710 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
711
712 getLockdownWhitelistUsers() → as
713 List all users (s) that are on whitelist. For permanent
714 operation see
715 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
716
717 queryLockdown() → b
718 Query whether lockdown is enabled.
719
720 queryLockdownWhitelistCommand(s: command) → b
721 Query whether command is on whitelist. For permanent operation
722 see
723 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
724
725 queryLockdownWhitelistContext(s: context) → b
726 Query whether context is on whitelist. For permanent operation
727 see
728 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
729
730 queryLockdownWhitelistUid(i: uid) → b
731 Query whether user id uid is on whitelist. For permanent
732 operation see
733 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
734
735 queryLockdownWhitelistUser(s: user) → b
736 Query whether user is on whitelist. For permanent operation see
737 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
738
739 removeLockdownWhitelistCommand(s: command) → Nothing
740 Remove command from whitelist. For permanent operation see
741 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
742
743 Possible errors: NOT_ENABLED
744
745 removeLockdownWhitelistContext(s: context) → Nothing
746 Remove context from whitelist. For permanent operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
748
749 Possible errors: NOT_ENABLED
750
751 removeLockdownWhitelistUid(i: uid) → Nothing
752 Remove user id uid from whitelist. For permanent operation see
753 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
754
755 Possible errors: NOT_ENABLED
756
757 removeLockdownWhitelistUser(s: user) → Nothing
758 Remove user from whitelist. For permanent operation see
759 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
760
761 Possible errors: NOT_ENABLED
762
763 Signals
764 LockdownDisabled()
765 Emitted when lockdown has been disabled.
766
767 LockdownEnabled()
768 Emitted when lockdown has been enabled.
769
770 LockdownWhitelistCommandAdded(s: command)
771 Emitted when command has been added to whitelist.
772
773 LockdownWhitelistCommandRemoved(s: command)
774 Emitted when command has been removed from whitelist.
775
776 LockdownWhitelistContextAdded(s: context)
777 Emitted when context has been added to whitelist.
778
779 LockdownWhitelistContextRemoved(s: context)
780 Emitted when context has been removed from whitelist.
781
782 LockdownWhitelistUidAdded(i: uid)
783 Emitted when user id uid has been added to whitelist.
784
785 LockdownWhitelistUidRemoved(i: uid)
786 Emitted when user id uid has been removed from whitelist.
787
788 LockdownWhitelistUserAdded(s: user)
789 Emitted when user has been added to whitelist.
790
791 LockdownWhitelistUserRemoved(s: user)
792 Emitted when user has been removed from whitelist.
793
794 org.fedoraproject.FirewallD1.zone
795 Operations in this interface allows to get, add, remove and query
796 runtime zone's settings. For permanent settings see
797 org.fedoraproject.FirewallD1.config.zone interface.
798
799 Methods
800 getZoneSettings2(s: zone) → a{sv}
801 Return runtime settings of given zone. For getting permanent
802 settings see
803 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2.
804 Settings are a dictionary indexed by keywords. For the type of
805 each value see below. If the value is empty it may be omitted.
806
807 version (s): see version attribute of zone tag in
808 firewalld.zone(5).
809
810 name (s): see short tag in firewalld.zone(5).
811
812 description (s): see description tag in firewalld.zone(5).
813
814 target (s): see target attribute of zone tag in
815 firewalld.zone(5).
816
817 services (as): array of service names, see service tag in
818 firewalld.zone(5).
819
820 ports (a(ss)): array of port and protocol pairs. See port tag
821 in firewalld.zone(5).
822
823 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
824 firewalld.zone(5).
825
826 masquerade (b): see masquerade tag in firewalld.zone(5).
827
828 forward_ports (a(ssss)): array of (port, protocol, to-port,
829 to-addr). See forward-port tag in firewalld.zone(5).
830
831 interfaces (as): array of interfaces. See interface tag in
832 firewalld.zone(5).
833
834 sources (as): array of source addresses. See source tag in
835 firewalld.zone(5).
836
837 rules_str (as): array of rich-language rules. See rule tag in
838 firewalld.zone(5).
839
840 protocols (as): array of protocols, see protocol tag in
841 firewalld.zone(5).
842
843 source_ports (a(ss)): array of port and protocol pairs. See
844 source-port tag in firewalld.zone(5).
845
846 icmp_block_inversion (b): see icmp-block-inversion tag in
847 firewalld.zone(5).
848
849 forward (b): see forward tag in firewalld.zone(5).
850
851 Possible errors: INVALID_ZONE
852
853 setZoneSettings2(s: zone, a{sv}: settings, i: timeout)
854 Set runtime settings of given zone. For setting permanent
855 settings see
856 org.fedoraproject.FirewallD1.config.zone.Methods.update2.
857 Settings are a dictionary indexed by keywords. For the type of
858 each value see below. To zero a value pass an empty string or
859 list.
860
861 services (as): array of service names, see service tag in
862 firewalld.zone(5).
863
864 ports (a(ss)): array of port and protocol pairs. See port tag
865 in firewalld.zone(5).
866
867 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
868 firewalld.zone(5).
869
870 masquerade (b): see masquerade tag in firewalld.zone(5).
871
872 forward_ports (a(ssss)): array of (port, protocol, to-port,
873 to-addr). See forward-port tag in firewalld.zone(5).
874
875 interfaces (as): array of interfaces. See interface tag in
876 firewalld.zone(5).
877
878 sources (as): array of source addresses. See source tag in
879 firewalld.zone(5).
880
881 rules_str (as): array of rich-language rules. See rule tag in
882 firewalld.zone(5).
883
884 protocols (as): array of protocols, see protocol tag in
885 firewalld.zone(5).
886
887 source_ports (a(ss)): array of port and protocol pairs. See
888 source-port tag in firewalld.zone(5).
889
890 icmp_block_inversion (b): see icmp-block-inversion tag in
891 firewalld.zone(5).
892
893 forward (b): see forward tag in firewalld.zone(5).
894
895 Possible errors: INVALID_ZONE
896
897 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
898 i: timeout) → s
899 Add the IPv4 forward port into zone. If zone is empty, use
900 default zone. The port can either be a single port number
901 portid or a port range portid-portid. The protocol can either
902 be tcp or udp. The destination address is a simple IP address.
903 If timeout is non-zero, the operation will be active only for
904 the amount of seconds. For permanent settings see
905 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
906
907 Returns name of zone to which the forward port was added.
908
909 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
910 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
911 ALREADY_ENABLED, INVALID_COMMAND
912
913 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
914 Add an ICMP block icmp into zone. The icmp is the one of the
915 icmp types firewalld supports. To get a listing of supported
916 icmp types use
917 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
918 empty, use default zone. If timeout is non-zero, the operation
919 will be active only for the amount of seconds. For permanent
920 settings see
921 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
922
923 Returns name of zone to which the ICMP block was added.
924
925 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
926 ALREADY_ENABLED, INVALID_COMMAND
927
928 addIcmpBlockInversion(s: zone) → s
929 Add ICMP block inversion to zone. If zone is empty, use default
930 zone. For permanent settings see
931 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
932
933 Returns name of zone to which the ICMP block inversion was
934 added.
935
936 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
937
938 addInterface(s: zone, s: interface) → s
939 Bind interface with zone. From now on all traffic going through
940 the interface will respect the zone's settings. If zone is
941 empty, use default zone. For permanent settings see
942 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
943
944 Returns name of zone to which the interface was bound.
945
946 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
947 ALREADY_ENABLED, INVALID_COMMAND
948
949 addMasquerade(s: zone, i: timeout) → s
950 Enable masquerade in zone. If zone is empty, use default zone.
951 If timeout is non-zero, masquerading will be active for the
952 amount of seconds. For permanent settings see
953 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
954
955 Returns name of zone in which the masquerade was enabled.
956
957 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
958
959 addPort(s: zone, s: port, s: protocol, i: timeout) → s
960 Add port into zone. If zone is empty, use default zone. The
961 port can either be a single port number or a port range
962 portid-portid. The protocol can either be tcp or udp. If
963 timeout is non-zero, the operation will be active only for the
964 amount of seconds. For permanent settings see
965 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
966
967 Returns name of zone to which the port was added.
968
969 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
970 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
971
972 addProtocol(s: zone, s: protocol, i: timeout) → s
973 Add protocol into zone. If zone is empty, use default zone. The
974 protocol can be any protocol supported by the system. Please
975 have a look at /etc/protocols for supported protocols. If
976 timeout is non-zero, the operation will be active only for the
977 amount of seconds. For permanent settings see
978 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
979
980 Returns name of zone to which the protocol was added.
981
982 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
983 ALREADY_ENABLED, INVALID_COMMAND
984
985 addRichRule(s: zone, s: rule, i: timeout) → s
986 Add rich language rule into zone. For the rich language rule
987 syntax, please have a look at firewalld.direct(5). If zone is
988 empty, use default zone. If timeout is non-zero, the operation
989 will be active only for the amount of seconds. For permanent
990 settings see
991 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
992
993 Returns name of zone to which the rich language rule was added.
994
995 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
996 INVALID_COMMAND
997
998 addService(s: zone, s: service, i: timeout) → s
999 Add service into zone. If zone is empty, use default zone. If
1000 timeout is non-zero, the operation will be active only for the
1001 amount of seconds. To get a list of supported services, use
1002 org.fedoraproject.FirewallD1.Methods.listServices. For
1003 permanent settings see
1004 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
1005
1006 Returns name of zone to which the service was added.
1007
1008 Possible errors: INVALID_ZONE, INVALID_SERVICE,
1009 ALREADY_ENABLED, INVALID_COMMAND
1010
1011 addSource(s: zone, s: source) → s
1012 Bind source with zone. From now on all traffic going from this
1013 source will respect the zone's settings. A source address or
1014 address range is either an IP address or a network IP address
1015 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
1016 network mask or a plain number. For IPv6 the mask is a plain
1017 number. Use of host names is not supported. If zone is empty,
1018 use default zone. For permanent settings see
1019 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
1020
1021 Returns name of zone to which the source was bound.
1022
1023 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
1024 INVALID_COMMAND
1025
1026 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
1027 Add source port into zone. If zone is empty, use default zone.
1028 The port can either be a single port number or a port range
1029 portid-portid. The protocol can either be tcp or udp. If
1030 timeout is non-zero, the operation will be active only for the
1031 amount of seconds. For permanent settings see
1032 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
1033
1034 Returns name of zone to which the port was added.
1035
1036 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1037 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
1038
1039 changeZone(s: zone, s: interface) → s
1040 This function is deprecated, use
1041 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
1042 instead.
1043
1044 changeZoneOfInterface(s: zone, s: interface) → s
1045 Change a zone an interface is bound to to zone. It's basically
1046 removeInterface(interface) followed by addInterface(zone,
1047 interface). If interface has not been bound to a zone before,
1048 it behaves like addInterface. If zone is empty, use default
1049 zone.
1050
1051 Returns name of zone to which the interface was bound.
1052
1053 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1054
1055 changeZoneOfSource(s: zone, s: source) → s
1056 Change a zone an source is bound to to zone. It's basically
1057 removeSource(source) followed by addSource(zone, source). If
1058 source has not been bound to a zone before, it behaves like
1059 addSource. If zone is empty, use default zone.
1060
1061 Returns name of zone to which the source was bound.
1062
1063 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1064
1065 getActiveZones() → a{sa{sas}}
1066 Return dictionary of currently active zones altogether with
1067 interfaces and sources used in these zones. Active zones are
1068 zones, that have a binding to an interface or source.
1069
1070 Return value is a dictionary where keys are zone names (s) and
1071 values are again dictionaries where keys are either
1072 'interfaces' or 'sources' and values are arrays of interface
1073 names (s) or sources (s).
1074
1075 getForwardPorts(s: zone) → aas
1076 Return array of IPv4 forward ports previously added into zone.
1077 If zone is empty, use default zone. For getting permanent
1078 settings see
1079 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1080
1081 Return value is array of 4-tuples, where each 4-tuple consists
1082 of (port, protocol, to-port, to-addr). to-addr might be empty
1083 in case of local forwarding.
1084
1085 Possible errors: INVALID_ZONE
1086
1087 getIcmpBlocks(s: zone) → as
1088 Return array of ICMP type (s) blocks previously added into
1089 zone. If zone is empty, use default zone. For getting permanent
1090 settings see
1091 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1092
1093 Possible errors: INVALID_ZONE
1094
1095 getIcmpBlockInversion(s: zone) → b
1096 Return whether ICMP block inversion was previously added to
1097 zone. If zone is empty, use default zone. For getting permanent
1098 settings see
1099 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1100
1101 Possible errors: INVALID_ZONE
1102
1103 getInterfaces(s: zone) → as
1104 Return array of interfaces (s) previously bound with zone. If
1105 zone is empty, use default zone. For getting permanent settings
1106 see
1107 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1108
1109 Possible errors: INVALID_ZONE
1110
1111 getPorts(s: zone) → aas
1112 Return array of ports (2-tuple of port and protocol) previously
1113 enabled in zone. If zone is empty, use default zone. For
1114 getting permanent settings see
1115 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1116
1117 Possible errors: INVALID_ZONE
1118
1119 getProtocols(s: zone) → as
1120 Return array of protocols (s) previously enabled in zone. If
1121 zone is empty, use default zone. For getting permanent settings
1122 see
1123 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1124
1125 Possible errors: INVALID_ZONE
1126
1127 getRichRules(s: zone) → as
1128 Return array of rich language rules (s) previously added into
1129 zone. If zone is empty, use default zone. For getting permanent
1130 settings see
1131 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1132
1133 Possible errors: INVALID_ZONE
1134
1135 getServices(s: zone) → as
1136 Return array of services (s) previously enabled in zone. If
1137 zone is empty, use default zone. For getting permanent settings
1138 see
1139 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1140
1141 Possible errors: INVALID_ZONE
1142
1143 getSourcePorts(s: zone) → aas
1144 Return array of source ports (2-tuple of port and protocol)
1145 previously enabled in zone. If zone is empty, use default zone.
1146 For getting permanent settings see
1147 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1148
1149 Possible errors: INVALID_ZONE
1150
1151 getSources(s: zone) → as
1152 Return array of sources (s) previously bound with zone. If zone
1153 is empty, use default zone. For getting permanent settings see
1154 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1155
1156 Possible errors: INVALID_ZONE
1157
1158 getZoneOfInterface(s: interface) → s
1159 Return name (s) of zone the interface is bound to or empty
1160 string.
1161
1162 getZoneOfSource(s: source) → s
1163 Return name (s) of zone the source is bound to or empty string.
1164
1165 getZones() → as
1166 Return array of names (s) of predefined zones known to current
1167 runtime environment. For list of zones known to permanent
1168 environment see
1169 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1170 lists (of zones known to runtime and permanent environment)
1171 will contain same zones in most cases, but might differ for
1172 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1173 has been called recently, but firewalld has not been reloaded
1174 since then.
1175
1176 isImmutable(s: zone) → b
1177 Deprecated.
1178
1179 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1180 toaddr) → b
1181 Return whether the IPv4 forward port (port, protocol, toport,
1182 toaddr) has been added into zone. If zone is empty, use default
1183 zone. For permanent operation see
1184 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1185
1186 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1187 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1188
1189 queryIcmpBlock(s: zone, s: icmp) → b
1190 Return whether an ICMP block for icmp has been added into zone.
1191 If zone is empty, use default zone. For permanent operation see
1192 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1193
1194 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1195
1196 queryIcmpBlockInversion(s: zone) → b
1197 Return whether ICMP block inversion has been added to zone. If
1198 zone is empty, use default zone. For permanent operation see
1199 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1200
1201 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1202
1203 queryInterface(s: zone, s: interface) → b
1204 Query whether interface has been bound to zone. If zone is
1205 empty, use default zone. For permanent operation see
1206 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1207
1208 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1209
1210 queryMasquerade(s: zone) → b
1211 Return whether masquerading has been enabled in zone If zone is
1212 empty, use default zone. For permanent operation see
1213 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1214
1215 Possible errors: INVALID_ZONE
1216
1217 queryPort(s: zone, s: port, s: protocol) → b
1218 Return whether port/protocol has been added in zone. If zone is
1219 empty, use default zone. For permanent operation see
1220 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1221
1222 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1223 INVALID_PROTOCOL
1224
1225 queryProtocol(s: zone, s: protocol) → b
1226 Return whether protocol has been added in zone. If zone is
1227 empty, use default zone. For permanent operation see
1228 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1229
1230 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1231
1232 queryRichRule(s: zone, s: rule) → b
1233 Return whether rich rule rule has been added in zone. If zone
1234 is empty, use default zone. For permanent operation see
1235 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1236
1237 Possible errors: INVALID_ZONE, INVALID_RULE
1238
1239 queryService(s: zone, s: service) → b
1240 Return whether service has been added for zone. If zone is
1241 empty, use default zone. For permanent operation see
1242 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1243
1244 Possible errors: INVALID_ZONE, INVALID_SERVICE
1245
1246 querySource(s: zone, s: source) → b
1247 Query whether sourcehas been bound to zone. If zone is empty,
1248 use default zone. For permanent operation see
1249 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1250
1251 Possible errors: INVALID_ZONE, INVALID_ADDR
1252
1253 querySourcePort(s: zone, s: port, s: protocol) → b
1254 Return whether port/protocol has been added in zone. If zone is
1255 empty, use default zone. For permanent operation see
1256 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1257
1258 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1259 INVALID_PROTOCOL
1260
1261 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1262 toaddr) → s
1263 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1264 from zone. If zone is empty, use default zone. For permanent
1265 operation see
1266 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1267
1268 Returns name of zone from which the forward port was removed.
1269
1270 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1271 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1272 INVALID_COMMAND
1273
1274 removeIcmpBlock(s: zone, s: icmp) → s
1275 Remove ICMP block icmp from zone. If zone is empty, use default
1276 zone. For permanent operation see
1277 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1278
1279 Returns name of zone from which the ICMP block was removed.
1280
1281 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1282 INVALID_COMMAND
1283
1284 removeIcmpBlockInversion(s: zone) → s
1285 Remove ICMP block inversion from zone. If zone is empty, use
1286 default zone. For permanent operation see
1287 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1288
1289 Returns name of zone from which the ICMP block inversion was
1290 removed.
1291
1292 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1293
1294 removeInterface(s: zone, s: interface) → s
1295 Remove binding of interface from zone. If zone is empty, the
1296 interface will be removed from zone it belongs to. For
1297 permanent operation see
1298 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1299
1300 Returns name of zone from which the interface was removed.
1301
1302 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1303 INVALID_COMMAND
1304
1305 removeMasquerade(s: zone) → s
1306 Disable masquerade for zone. If zone is empty, use default
1307 zone. For permanent operation see
1308 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1309
1310 Returns name of zone for which the masquerade was disabled.
1311
1312 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1313
1314 removePort(s: zone, s: port, s: protocol) → s
1315 Remove port/protocol from zone. If zone is empty, use default
1316 zone. For permanent operation see
1317 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1318
1319 Returns name of zone from which the port was removed.
1320
1321 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1322 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1323
1324 removeProtocol(s: zone, s: protocol) → s
1325 Remove protocol from zone. If zone is empty, use default zone.
1326 For permanent operation see
1327 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1328
1329 Returns name of zone from which the protocol was removed.
1330
1331 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1332 INVALID_COMMAND
1333
1334 removeRichRule(s: zone, s: rule) → s
1335 Remove rich language rule from zone. If zone is empty, use
1336 default zone. For permanent operation see
1337 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1338
1339 Returns name of zone from which the rich language rule was
1340 removed.
1341
1342 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1343 INVALID_COMMAND
1344
1345 removeService(s: zone, s: service) → s
1346 Remove service from zone. If zone is empty, use default zone.
1347 For permanent operation see
1348 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1349
1350 Returns name of zone from which the service was removed.
1351
1352 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1353 INVALID_COMMAND
1354
1355 removeSource(s: zone, s: source) → s
1356 Remove binding of source from zone. If zone is empty, the
1357 source will be removed from zone it belongs to. For permanent
1358 operation see
1359 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1360
1361 Returns name of zone from which the source was removed.
1362
1363 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1364 INVALID_COMMAND
1365
1366 removeSourcePort(s: zone, s: port, s: protocol) → s
1367 Remove port/protocol from zone. If zone is empty, use default
1368 zone. For permanent operation see
1369 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1370
1371 Returns name of zone from which the source port was removed.
1372
1373 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1374 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1375
1376 Signals
1377 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1378 toaddr, i: timeout)
1379 Emitted when forward port has been added to zone with timeout.
1380
1381 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1382 toaddr)
1383 Emitted when forward port has been removed from zone.
1384
1385 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1386 Emitted when ICMP block for icmp has been added to zone with
1387 timeout.
1388
1389 IcmpBlockInversionAdded(s: zone)
1390 Emitted when ICMP block inversion has been added to zone.
1391
1392 IcmpBlockInversionRemoved(s: zone)
1393 Emitted when ICMP block inversion has been removed from zone.
1394
1395 IcmpBlockRemoved(s: zone, s: icmp)
1396 Emitted when ICMP block for icmp has been removed from zone.
1397
1398 InterfaceAdded(s: zone, s: interface)
1399 Emitted when interface has been added to zone.
1400
1401 InterfaceRemoved(s: zone, s: interface)
1402 Emitted when interface has been removed from zone.
1403
1404 MasqueradeAdded(s: zone, i: timeout)
1405 Emitted when masquerade has been enabled for zone.
1406
1407 MasqueradeRemoved(s: zone)
1408 Emitted when masquerade has been disabled for zone.
1409
1410 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1411 Emitted when port/protocol has been added to zone with timeout.
1412
1413 PortRemoved(s: zone, s: port, s: protocol)
1414 Emitted when port/protocol has been removed from zone.
1415
1416 ProtocolAdded(s: zone, s: protocol, i: timeout)
1417 Emitted when protocol has been added to zone with timeout.
1418
1419 ProtocolRemoved(s: zone, s: protocol)
1420 Emitted when protocol has been removed from zone.
1421
1422 RichRuleAdded(s: zone, s: rule, i: timeout)
1423 Emitted when rich language rule has been added to zone with
1424 timeout.
1425
1426 RichRuleRemoved(s: zone, s: rule)
1427 Emitted when rich language rule has been removed from zone.
1428
1429 ServiceAdded(s: zone, s: service, i: timeout)
1430 Emitted when service has been added to zone with timeout.
1431
1432 ServiceRemoved(s: zone, s: service)
1433 Emitted when service has been removed from zone.
1434
1435 SourceAdded(s: zone, s: source)
1436 Emitted when source has been added to zone.
1437
1438 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1439 Emitted when source-port/protocol has been added to zone with
1440 timeout.
1441
1442 SourcePortRemoved(s: zone, s: port, s: protocol)
1443 Emitted when source-port/protocol has been removed from zone.
1444
1445 SourceRemoved(s: zone, s: source)
1446 Emitted when source has been removed from zone.
1447
1448 ZoneChanged(s: zone, s: interface)
1449 Deprecated
1450
1451 ZoneOfInterfaceChanged(s: zone, s: interface)
1452 Emitted when a zone an interface is part of has been changed to
1453 zone.
1454
1455 ZoneOfSourceChanged(s: zone, s: source)
1456 Emitted when a zone an source is part of has been changed to
1457 zone.
1458
1459 ZoneUpdated2(s: zone, a{sv}: settings)
1460 Emitted when a zone's settings are updated via
1461 org.fedoraproject.FirewallD1.zone.Methods.setZoneSettings2
1462
1463 org.fedoraproject.FirewallD1.policy
1464 Operations in this interface allows to get, add, remove and query
1465 runtime policy settings. For permanent settings see
1466 org.fedoraproject.FirewallD1.config.policy interface.
1467
1468 Methods
1469 getActivePolicies() → a{sa{sas}}
1470 Return dictionary of currently active policies altogether with
1471 ingress zones and egress zones used in these policies. Active
1472 policies are policies, that have a binding to an active ingress
1473 zone and an active egress zone.
1474
1475 Return value is a dictionary where keys are policy names (s)
1476 and values are again dictionaries where keys are either
1477 'ingress_zones' or 'egress_zones' and values are arrays of zone
1478 names (s).
1479
1480 getPolicies() → as
1481 Return array of names (s) of predefined policies known to
1482 current runtime environment. For list of policies known to
1483 permanent environment see
1484 org.fedoraproject.FirewallD1.config.Methods.listPolicies. The
1485 lists (of policies known to runtime and permanent environment)
1486 will contain same policies in most cases, but might differ for
1487 example if
1488 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1489 called recently, but firewalld has not been reloaded since
1490 then.
1491
1492 getPolicySettings(s: policy) → a{sv}
1493 Return runtime settings of given policy. For getting permanent
1494 settings see
1495 org.fedoraproject.FirewallD1.config.policy.Methods.getSettings.
1496 Settings are a dictionary indexed by keywords. For possible
1497 keywords see
1498 org.fedoraproject.FirewallD1.config.Methods.addPolicy. If the
1499 value is empty it may be omitted.
1500
1501 Possible errors: INVALID_POLICY
1502
1503 setPolicySettings(s: policy, a{sv}: settings, i: timeout)
1504 Set runtime settings of given policy. For setting permanent
1505 settings see
1506 org.fedoraproject.FirewallD1.config.policy.Methods.update.
1507 Settings are a dictionary indexed by keywords. For possible
1508 keywords see
1509 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
1510 a value pass an empty string or list. Some keywords are not
1511 available to modify in the runtime: description, name,
1512 priority, target, version.
1513
1514 Possible errors: INVALID_POLICY
1515
1516 Signals
1517 ForwardPortAdded(s: policy, a{sv}: settings)
1518 Emitted when a policy's settings are updated via
1519 org.fedoraproject.FirewallD1.policy.Methods.setPolicySettings
1520
1521 org.fedoraproject.FirewallD1.config
1522 Allows to permanently add, remove and query zones, services and icmp
1523 types.
1524
1525 Methods
1526 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1527 Add ipset with given settings into permanent configuration.
1528 Settings are in format: version, name, description, type,
1529 dictionary of options and array of entries.
1530
1531 version (s): see version attribute of ipset tag in
1532 firewalld.ipset(5).
1533
1534 name (s): see short tag in firewalld.ipset(5).
1535
1536 description (s): see description tag in firewalld.ipset(5).
1537
1538 type (s): see type attribute of ipset tag in
1539 firewalld.ipset(5).
1540
1541 options (a{ss}): dictionary of {option : value} . See options
1542 tag in firewalld.ipset(5).
1543
1544 entries (as): array of entries, see entry tag in
1545 firewalld.ipset(5).
1546
1547 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1548
1549 addIcmpType(s: icmptype, (sssas): settings) → o
1550 Add icmptype with given settings into permanent configuration.
1551 Settings are in format: version, name, description, array of
1552 destinations. Returns object path of the new icmp type.
1553
1554 version (s): see version attribute of icmptype tag in
1555 firewalld.icmptype(5).
1556
1557 name (s): see short tag in firewalld.icmptype(5).
1558
1559 description (s): see description tag in firewalld.icmptype(5).
1560
1561 destinations (as): array, either empty or containing strings
1562 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1563
1564 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1565
1566 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1567 This function is deprecated, use
1568 org.fedoraproject.FirewallD1.config.Methods.addService2
1569 instead.
1570
1571 addService2s: service, a{sv}: settings) → o
1572 Add service with given settings into permanent configuration.
1573 Settings are a dictionary indexed by keywords. For the type of
1574 each value see below. To zero a value pass an empty string or
1575 list.
1576
1577 version (s): see version attribute of service tag in
1578 firewalld.service(5).
1579
1580 name (s): see short tag in firewalld.service(5).
1581
1582 description (s): see description tag in firewalld.service(5).
1583
1584 ports (a(ss)): array of port and protocol pairs. See port tag
1585 in firewalld.service(5).
1586
1587 module names (as): array of kernel netfilter helpers, see
1588 module tag in firewalld.service(5).
1589
1590 destinations (a{ss}): dictionary of {IP family : IP address}
1591 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1592 destination tag in firewalld.service(5).
1593
1594 protocols (as): array of protocols, see protocol tag in
1595 firewalld.service(5).
1596
1597 source_ports (a(ss)): array of port and protocol pairs. See
1598 source-port tag in firewalld.service(5).
1599
1600 includes (as): array of service includes, see include tag in
1601 firewalld.service(5).
1602
1603 helpers (as): array of service helpers, see helper tag in
1604 firewalld.service(5).
1605
1606 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1607
1608 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings)
1609 → o
1610 This function is deprecated, use
1611 org.fedoraproject.FirewallD1.config.Methods.addZone2 instead.
1612
1613 addZone2(s: zone, a{sv}: settings) → o
1614 Add zone with given settings into permanent configuration.
1615 Settings are a dictionary indexed by keywords. For the type of
1616 each value see below. To zero a value pass an empty string or
1617 list.
1618
1619 version (s): see version attribute of zone tag in
1620 firewalld.zone(5).
1621
1622 name (s): see short tag in firewalld.zone(5).
1623
1624 description (s): see description tag in firewalld.zone(5).
1625
1626 target (s): see target attribute of zone tag in
1627 firewalld.zone(5).
1628
1629 services (as): array of service names, see service tag in
1630 firewalld.zone(5).
1631
1632 ports (a(ss)): array of port and protocol pairs. See port tag
1633 in firewalld.zone(5).
1634
1635 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1636 firewalld.zone(5).
1637
1638 masquerade (b): see masquerade tag in firewalld.zone(5).
1639
1640 forward_ports (a(ssss)): array of (port, protocol, to-port,
1641 to-addr). See forward-port tag in firewalld.zone(5).
1642
1643 interfaces (as): array of interfaces. See interface tag in
1644 firewalld.zone(5).
1645
1646 sources (as): array of source addresses. See source tag in
1647 firewalld.zone(5).
1648
1649 rules_str (as): array of rich-language rules. See rule tag in
1650 firewalld.zone(5).
1651
1652 protocols (as): array of protocols, see protocol tag in
1653 firewalld.zone(5).
1654
1655 source_ports (a(ss)): array of port and protocol pairs. See
1656 source-port tag in firewalld.zone(5).
1657
1658 icmp_block_inversion (b): see icmp-block-inversion tag in
1659 firewalld.zone(5).
1660
1661 forward (b): see forward tag in firewalld.zone(5).
1662
1663 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1664
1665 addPolicy(s: policy, a{sv}: settings) → o
1666 Add policy with given settings into permanent configuration.
1667 Settings are a dictionary indexed by keywords. For the type of
1668 each value see below. If a keyword is omitted the default value
1669 will be used.
1670
1671 description (s): see description tag in firewalld.policy(5).
1672
1673 egress_zones as: array of zone names. See egress-zone tag in
1674 firewalld.policy(5).
1675
1676 forward_ports (a(ssss)): array of (port, protocol, to-port,
1677 to-addr). See forward-port tag in firewalld.policy(5).
1678
1679 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1680 firewalld.policy(5).
1681
1682 ingress_zones as: array of zone names. See ingress-zone tag in
1683 firewalld.policy(5).
1684
1685 masquerade (b): see masquerade tag in firewalld.policy(5).
1686
1687 ports (a(ss)): array of port and protocol pairs. See port tag
1688 in firewalld.policy(5).
1689
1690 priority (i): see priority tag in firewalld.policy(5).
1691
1692 protocols (as): array of protocols, see protocol tag in
1693 firewalld.policy(5).
1694
1695 rich_rules (as): array of rich-language rules. See rule tag in
1696 firewalld.policy(5).
1697
1698 services (as): array of service names, see service tag in
1699 firewalld.policy(5).
1700
1701 short (s): see short tag in firewalld.policy(5).
1702
1703 source_ports (a(ss)): array of port and protocol pairs. See
1704 source-port tag in firewalld.policy(5).
1705
1706 target (s): see target attribute of policy tag in
1707 firewalld.policy(5).
1708
1709 version (s): see version attribute of policy tag in
1710 firewalld.policy(5).
1711
1712 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1713
1714 getHelperByName(s: helper) → o
1715 Return object path (permanent configuration) of helper with
1716 given name.
1717
1718 Possible errors: INVALID_HELPER
1719
1720 getHelperNames() → as
1721 Return list of helper names (permanent configuration).
1722
1723 getIPSetByName(s: ipset) → o
1724 Return object path (permanent configuration) of ipset with
1725 given name.
1726
1727 Possible errors: INVALID_IPSET
1728
1729 getIPSetNames() → as
1730 Return list of ipset names (permanent configuration).
1731
1732 getIcmpTypeByName(s: icmptype) → o
1733 Return object path (permanent configuration) of icmptype with
1734 given name.
1735
1736 Possible errors: INVALID_ICMPTYPE
1737
1738 getIcmpTypeNames() → as
1739 Return list of icmptype names (permanent configuration).
1740
1741 getServiceByName(s: service) → o
1742 Return object path (permanent configuration) of service with
1743 given name.
1744
1745 Possible errors: INVALID_SERVICE
1746
1747 getServiceNames() → as
1748 Return list of service names (permanent configuration).
1749
1750 getZoneByName(s: zone) → o
1751 Return object path (permanent configuration) of zone with given
1752 name.
1753
1754 Possible errors: INVALID_ZONE
1755
1756 getZoneNames() → as
1757 Return list of zone names (permanent configuration) of.
1758
1759 getZoneOfInterface(s: iface) → s
1760 Return name of zone the iface is bound to or empty string.
1761
1762 getZoneOfSource(s: source) → s
1763 Return name of zone the source is bound to or empty string.
1764
1765 getPolicyByName(s: policy) → o
1766 Return object path (permanent configuration) of policy with
1767 given name.
1768
1769 Possible errors: INVALID_POLICY
1770
1771 getPolicyNames() → as
1772 Return list of policy names (permanent configuration).
1773
1774 listHelpers() → ao
1775 Return array of object paths (o) of helper in permanent
1776 configuration. For runtime configuration see
1777 org.fedoraproject.FirewallD1.Methods.getHelpers.
1778
1779 listIPSets() → ao
1780 Return array of object paths (o) of ipset in permanent
1781 configuration. For runtime configuration see
1782 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1783
1784 listIcmpTypes() → ao
1785 Return array of object paths (o) of icmp types in permanent
1786 configuration. For runtime configuration see
1787 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1788
1789 listServices() → ao
1790 Return array of objects paths (o) of services in permanent
1791 configuration. For runtime configuration see
1792 org.fedoraproject.FirewallD1.Methods.listServices.
1793
1794 listZones() → ao
1795 List object paths of zones known to permanent environment. For
1796 list of zones known to runtime environment see
1797 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1798 (of zones known to runtime and permanent environment) will
1799 contain same zones in most cases, but might differ for example
1800 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1801 called recently, but firewalld has not been reloaded since
1802 then.
1803
1804 listPolicies() → ao
1805 List object paths of policies known to permanent environment.
1806 For list of policies known to runtime environment see
1807 org.fedoraproject.FirewallD1.policy.Methods.getPolicies. The
1808 lists (of policies known to runtime and permanent environment)
1809 will contain same policies in most cases, but might differ for
1810 example if
1811 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1812 called recently, but firewalld has not been reloaded since
1813 then.
1814
1815 Signals
1816 HelperAdded(s: helper)
1817 Emitted when helper has been added.
1818
1819 IPSetAdded(s: ipset)
1820 Emitted when ipset has been added.
1821
1822 IcmpTypeAdded(s: icmptype)
1823 Emitted when icmptype has been added.
1824
1825 ServiceAdded(s: service)
1826 Emitted when service has been added.
1827
1828 ZoneAdded(s: zone)
1829 Emitted when zone has been added.
1830
1831 Properties
1832 AllowZoneDrifting - s - (rw)
1833 Older versions of firewalld had undocumented behavior known as
1834 "zone drifting". This allowed packets to ingress multiple zones
1835 - this is a violation of zone based firewalls. However, some
1836 users rely on this behavior to have a "catch-all" zone, e.g.
1837 the default zone. You can enable this if you desire such
1838 behavior. It's disabled by default for security reasons. Note:
1839 If "yes" packets will only drift from source based zones to
1840 interface based zones (including the default zone). Packets
1841 never drift from interface based zones to other interfaces
1842 based zones (including the default zone). Valid values; "yes",
1843 "no". Defaults to "no".
1844
1845 AutomaticHelpers - s - (rw)
1846 Deprecated. Getting this value always returns "no". Setting
1847 this value is ignored.
1848
1849 CleanupOnExit - s - (rw)
1850 If firewalld stops, it cleans up all firewall rules. Setting
1851 this option to no or false leaves the current firewall rules
1852 untouched.
1853
1854 DefaultZone - s - (ro)
1855 Default zone for connections or interfaces if the zone is not
1856 selected or specified by NetworkManager, initscripts or command
1857 line tool.
1858
1859 FirewallBackend - s - (rw)
1860 Selects the firewalld backend for all rules except the direct
1861 interface. Valid options are; nftables, iptables. Default in
1862 nftables.
1863
1864 FirewallBackend - s - (rw)
1865 Flush all runtime rules on a reload. Valid options are; yes,
1866 no.
1867
1868 IPv6_rpfilter - s - (rw)
1869 Indicates whether the reverse path filter test on a packet for
1870 IPv6 is enabled. If a reply to the packet would be sent via the
1871 same interface that the packet arrived on, the packet will
1872 match and be accepted, otherwise dropped.
1873
1874 IndividualCalls - s - (ro)
1875 Indicates whether individual calls combined -restore calls are
1876 used. If enabled, this increases the time that is needed to
1877 apply changes and to start the daemon, but is good for
1878 debugging.
1879
1880 Lockdown - s - (rw)
1881 If this property is enabled, firewall changes with the D-Bus
1882 interface will be limited to applications that are listed in
1883 the lockdown whitelist.
1884
1885 LogDenied - s - (rw)
1886 If LogDenied is enabled, then logging rules are added right
1887 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1888 chains for the default rules and also final reject and drop
1889 rules in zones. Possible values are: all, unicast, broadcast,
1890 multicast and off.
1891
1892 MinimalMark - i - (rw)
1893 Deprecated. This option is ignored and no longer used. Marks
1894 are no longer used internally.
1895
1896 FirewallBackend - s - (rw)
1897 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1898 addresses that correspond to IPv4 addresses that should not be
1899 routed over the public internet. Valid options are; yes, no.
1900
1901 org.fedoraproject.FirewallD1.config.direct
1902 Interface for permanent direct configuration, see also
1903 firewalld.direct(5). For runtime direct configuration see
1904 org.fedoraproject.FirewallD1.direct interface.
1905
1906 Methods
1907 addChain(s: ipv, s: table, s: chain) → Nothing
1908 Add a new chain to table for ipv being either ipv4 (iptables)
1909 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1910 other chain with this name already. There already exist basic
1911 chains to use with direct methods, for example INPUT_direct
1912 chain. These chains are jumped into before chains for zones,
1913 i.e. every rule put into INPUT_direct will be checked before
1914 rules in zones. For runtime operation see
1915 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1916
1917 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1918
1919 addPassthrough(s: ipv, as: args) → Nothing
1920 Add a passthrough rule with the arguments args for ipv being
1921 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1922 For runtime operation see
1923 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1924
1925 Possible errors: INVALID_IPV, ALREADY_ENABLED
1926
1927 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1928 Nothing
1929 Add a rule with the arguments args to chain in table with
1930 priority for ipv being either ipv4 (iptables) or ipv6
1931 (ip6tables) or eb (ebtables). The priority is used to order
1932 rules. Priority 0 means add rule on top of the chain, with a
1933 higher priority the rule will be added further down. Rules with
1934 the same priority are on the same level and the order of these
1935 rules is not fixed and may change. If you want to make sure
1936 that a rule will be added after another one, use a low priority
1937 for the first and a higher for the following. For runtime
1938 operation see
1939 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1940
1941 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1942
1943 getAllChains() → a(sss)
1944 Get all chains added to all tables in format: ipv, table,
1945 chain. This concerns only chains previously added with
1946 addChain. Return value is a array of (ipv, table, chain). For
1947 runtime operation see
1948 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1949
1950 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1951 (ebtables).
1952
1953 table (s): one of filter, mangle, nat, raw, security
1954
1955 chain (s): name of a chain.
1956
1957
1958 getAllPassthroughs() → a(sas)
1959 Get all passthrough rules added in all ipv types in format:
1960 ipv, rule. This concerns only rules previously added with
1961 addPassthrough. Return value is a array of (ipv, array of
1962 arguments). For runtime operation see
1963 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1964
1965 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1966 (ebtables).
1967
1968 arguments (as): array of commands, parameters and other
1969 iptables/ip6tables/ebtables command line options.
1970
1971
1972 getAllRules() → a(sssias)
1973 Get all rules added to all chains in all tables in format: ipv,
1974 table, chain, priority, rule. This concerns only rules
1975 previously added with addRule. Return value is a array of (ipv,
1976 table, chain, priority, array of arguments). For runtime
1977 operation see
1978 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1979
1980 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1981 (ebtables).
1982
1983 table (s): one of filter, mangle, nat, raw, security
1984
1985 chain (s): name of a chain.
1986
1987 priority (i): used to order rules.
1988
1989 arguments (as): array of commands, parameters and other
1990 iptables/ip6tables/ebtables command line options.
1991
1992
1993 getChains(s: ipv, s: table) → as
1994 Return an array of chains (s) added to table for ipv being
1995 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1996 This concerns only chains previously added with addChain. For
1997 runtime operation see
1998 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1999
2000 Possible errors: INVALID_IPV, INVALID_TABLE
2001
2002 getPassthroughs(s: ipv) → aas
2003 Get tracked passthrough rules added in either ipv4 (iptables)
2004 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2005 previously added with addPassthrough. Return value is a array
2006 of (array of arguments). For runtime operation see
2007 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
2008
2009 arguments (as): array of commands, parameters and other
2010 iptables/ip6tables/ebtables command line options.
2011
2012
2013 getRules(s: ipv, s: table, s: chain) → a(ias)
2014 Get all rules added to chain in table for ipv being either ipv4
2015 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2016 only rules previously added with addRule. Return value is a
2017 array of (priority, array of arguments). For runtime operation
2018 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
2019
2020 priority (i): used to order rules.
2021
2022 arguments (as): array of commands, parameters and other
2023 iptables/ip6tables/ebtables command line options.
2024
2025 Possible errors: INVALID_IPV, INVALID_TABLE
2026
2027 getSettings() → (a(sss)a(sssias)a(sas))
2028 Get settings of permanent direct configuration in format: array
2029 of chains, array of rules, array of passthroughs.
2030
2031 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2032 firewalld.direct(5).
2033 .
2034 .PP rules (a(sssias)): array of (ipv, table,
2035 chain, priority, array of arguments), see 'rule' in
2036 firewalld.direct(5).
2037 .
2038 .PP passthroughs (a(sas)): array of (ipv,
2039 array of arguments), see passthrough in firewalld.direct(5).
2040 .
2041 .sp
2042
2043 queryChain(s: ipv, s: table, s: chain) → b
2044 Return whether a chain exists in table for ipv being either
2045 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
2046 concerns only chains previously added with addChain. For
2047 runtime operation see
2048 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
2049
2050 Possible errors: INVALID_IPV, INVALID_TABLE
2051
2052 queryPassthrough(s: ipv, as: args) → b
2053 Return whether a tracked passthrough rule with the arguments
2054 args exists for ipv being either ipv4 (iptables) or ipv6
2055 (ip6tables) or eb (ebtables). This concerns only rules
2056 previously added with addPassthrough. For runtime operation see
2057 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
2058
2059 Possible errors: INVALID_IPV
2060
2061 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
2062 Return whether a rule with priority and the arguments args
2063 exists in chain in table for ipv being either ipv4 (iptables)
2064 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2065 previously added with addRule. For runtime operation see
2066 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
2067
2068 Possible errors: INVALID_IPV, INVALID_TABLE
2069
2070 removeChain(s: ipv, s: table, s: chain) → Nothing
2071 Remove a chain from table for ipv being either ipv4 (iptables)
2072 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
2073 added with addChain can be removed this way. For runtime
2074 operation see
2075 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
2076
2077 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2078
2079 removePassthrough(s: ipv, as: args) → Nothing
2080 Remove a passthrough rule with arguments args for ipv being
2081 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2082 Only rules previously added with addPassthrough can be removed
2083 this way. For runtime operation see
2084 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
2085
2086 Possible errors: INVALID_IPV, NOT_ENABLED
2087
2088 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
2089 Nothing
2090 Remove a rule with priority and arguments args from chain in
2091 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
2092 or eb (ebtables). Only rules previously added with addRule can
2093 be removed this way. For runtime operation see
2094 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
2095
2096 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2097
2098 removeRules(s: ipv, s: table, s: chain) → Nothing
2099 Remove all rules from chain in table for ipv being either ipv4
2100 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2101 only rules previously added with addRule. For runtime operation
2102 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
2103
2104 Possible errors: INVALID_IPV, INVALID_TABLE
2105
2106 update((a(sss)a(sssias)a(sas)): settings) → Nothing
2107 Update permanent direct configuration with given settings.
2108 Settings are in format: array of chains, array of rules, array
2109 of passthroughs.
2110
2111 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2112 firewalld.direct(5).
2113 .
2114 .PP rules (a(sssias)): array of (ipv, table,
2115 chain, priority, array of arguments), see 'rule' in
2116 firewalld.direct(5).
2117 .
2118 .PP passthroughs (a(sas)): array of (ipv,
2119 array of arguments), see passthrough in firewalld.direct(5).
2120 .
2121 .sp Possible errors: INVALID_TYPE
2122
2123 Signals
2124 Updated()
2125 Emitted when configuration has been updated.
2126
2127 org.fedoraproject.FirewallD1.config.policies
2128 Interface for permanent lockdown-whitelist configuration, see also
2129 firewalld.lockdown-whitelist(5). For runtime configuration see
2130 org.fedoraproject.FirewallD1.policies interface.
2131
2132 Methods
2133 addLockdownWhitelistCommand(s: command) → Nothing
2134 Add command to whitelist. See command option in
2135 firewalld.lockdown-whitelist(5). For runtime operation see
2136 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
2137
2138 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2139
2140 addLockdownWhitelistContext(s: context) → Nothing
2141 Add context to whitelist. See selinux option in
2142 firewalld.lockdown-whitelist(5). For runtime operation see
2143 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
2144
2145 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2146
2147 addLockdownWhitelistUid(i: uid) → Nothing
2148 Add user id uid to whitelist. See user option in
2149 firewalld.lockdown-whitelist(5). For runtime operation see
2150 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
2151
2152 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2153
2154 addLockdownWhitelistUser(s: user) → Nothing
2155 Add user name to whitelist. See user option in
2156 firewalld.lockdown-whitelist(5). For runtime operation see
2157 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
2158
2159 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2160
2161 getLockdownWhitelist() → (asasasai)
2162 Get settings of permanent lockdown-whitelist configuration in
2163 format: commands, selinux contexts, users, uids
2164
2165 commands (as): see command option in firewalld.lockdown-
2166 whitelist(5).
2167
2168 selinux contexts (as): see selinux option in
2169 firewalld.lockdown-whitelist(5).
2170
2171 users (as): see name attribute of user option in
2172 firewalld.lockdown-whitelist(5).
2173
2174 uids (ai): see id attribute of user option in
2175 firewalld.lockdown-whitelist(5).
2176
2177
2178 getLockdownWhitelistCommands() → as
2179 List all command lines (s) that are on whitelist. For runtime
2180 operation see
2181 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
2182
2183 getLockdownWhitelistContexts() → as
2184 List all contexts (s) that are on whitelist. For runtime
2185 operation see
2186 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2187
2188 getLockdownWhitelistUids() → ai
2189 List all user ids (i) that are on whitelist. For runtime
2190 operation see
2191 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2192
2193 getLockdownWhitelistUsers() → as
2194 List all users (s) that are on whitelist. For runtime operation
2195 see
2196 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2197
2198 queryLockdownWhitelistCommand(s: command) → b
2199 Query whether command is on whitelist. For runtime operation
2200 see
2201 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2202
2203 queryLockdownWhitelistContext(s: context) → b
2204 Query whether context is on whitelist. For runtime operation
2205 see
2206 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2207
2208 queryLockdownWhitelistUid(i: uid) → b
2209 Query whether user id uid is on whitelist. For runtime
2210 operation see
2211 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2212
2213 queryLockdownWhitelistUser(s: user) → b
2214 Query whether user is on whitelist. For runtime operation see
2215 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2216
2217 removeLockdownWhitelistCommand(s: command) → Nothing
2218 Remove command from whitelist. For runtime operation see
2219 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2220
2221 Possible errors: NOT_ENABLED
2222
2223 removeLockdownWhitelistContext(s: context) → Nothing
2224 Remove context from whitelist. For runtime operation see
2225 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2226
2227 Possible errors: NOT_ENABLED
2228
2229 removeLockdownWhitelistUid(i: uid) → Nothing
2230 Remove user id uid from whitelist. For runtime operation see
2231 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2232
2233 Possible errors: NOT_ENABLED
2234
2235 removeLockdownWhitelistUser(s: user) → Nothing
2236 Remove user from whitelist. For runtime operation see
2237 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2238
2239 Possible errors: NOT_ENABLED
2240
2241 setLockdownWhitelist((asasasai): settings) → Nothing
2242 Set permanent lockdown-whitelist configuration to settings.
2243 Settings are in format: commands, selinux contexts, users, uids
2244
2245 commands (as): see command option in firewalld.lockdown-
2246 whitelist(5).
2247
2248 selinux contexts (as): see selinux option in
2249 firewalld.lockdown-whitelist(5).
2250
2251 users (as): see name attribute of user option in
2252 firewalld.lockdown-whitelist(5).
2253
2254 uids (ai): see id attribute of user option in
2255 firewalld.lockdown-whitelist(5).
2256
2257 Possible errors: INVALID_TYPE
2258
2259 Signals
2260 LockdownWhitelistUpdated()
2261 Emitted when permanent lockdown-whitelist configuration has
2262 been updated.
2263
2264 org.fedoraproject.FirewallD1.config.ipset
2265 Interface for permanent ipset configuration, see also
2266 firewalld.ipset(5).
2267
2268 Methods
2269 addEntry(s: entry) → Nothing
2270 Permanently add entry to list of entries of ipset. See entry
2271 tag in firewalld.ipset(5). For runtime operation see
2272 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2273
2274 Possible errors: ALREADY_ENABLED
2275
2276 addOption(s: key, s: value) → Nothing
2277 Permanently add (key, value) to the ipset. See option tag in
2278 firewalld.ipset(5).
2279
2280 Possible errors: ALREADY_ENABLED
2281
2282 getDescription() → s
2283 Get description of ipset. See description tag in
2284 firewalld.ipset(5).
2285
2286 getEntries() → as
2287 Get list of entries added to ipset. See entry tag in
2288 firewalld.ipset(5). For runtime operation see
2289 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2290
2291 Possible errors: IPSET_WITH_TIMEOUT
2292
2293 getOptions() → a{ss}
2294 Get dictionary of options set for ipset. See option tag in
2295 firewalld.ipset(5).
2296
2297 getSettings() → (ssssa{ss}as)
2298 Return permament settings of the ipset. For getting runtime
2299 settings see
2300 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2301 Settings are in format: version, name, description, type,
2302 dictionary of options and array of entries.
2303
2304 version (s): see version attribute of ipset tag in
2305 firewalld.ipset(5).
2306
2307 name (s): see short tag in firewalld.ipset(5).
2308
2309 description (s): see description tag in firewalld.ipset(5).
2310
2311 type (s): see type attribute of ipset tag in
2312 firewalld.ipset(5).
2313
2314 options (a{ss}): dictionary of {option : value} . See options
2315 tag in firewalld.ipset(5).
2316
2317 entries (as): array of entries, see entry tag in
2318 firewalld.ipset(5).
2319
2320
2321 getShort() → s
2322 Get name of ipset. See short tag in firewalld.ipset(5).
2323
2324 getType() → s
2325 Get type of ipset. See type attribute of ipset tag in
2326 firewalld.ipset(5).
2327
2328 getVersion() → s
2329 Get version of ipset. See version attribute of ipset tag in
2330 firewalld.ipset(5).
2331
2332 loadDefaults() → Nothing
2333 Load default settings for built-in ipset.
2334
2335 Possible errors: NO_DEFAULTS
2336
2337 queryEntry(s: entry) → b
2338 Return whether entry has been added to ipset. For runtime
2339 operation see
2340 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2341
2342 queryOption(s: key, s: value) → b
2343 Return whether (key, value) has been added to options of the
2344 ipset.
2345
2346 remove() → Nothing
2347 Remove not built-in ipset.
2348
2349 Possible errors: BUILTIN_IPSET
2350
2351 removeEntry(s: entry) → Nothing
2352 Permanently remove entry from ipset. See entry tag in
2353 firewalld.ipset(5). For runtime operation see
2354 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2355
2356 Possible errors: NOT_ENABLED
2357
2358 removeOption(s: key) → Nothing
2359 Permanently remove key from the ipset. See option tag in
2360 firewalld.ipset(5).
2361
2362 Possible errors: NOT_ENABLED
2363
2364 rename(s: name) → Nothing
2365 Rename not built-in ipset to name.
2366
2367 Possible errors: BUILTIN_IPSET
2368
2369 setDescription(s: description) → Nothing
2370 Permanently set description of ipset to description. See
2371 description tag in firewalld.ipset(5).
2372
2373 setEntries(as: entries) → Nothing
2374 Permanently set list of entries to entries. See entry tag in
2375 firewalld.ipset(5).
2376
2377 setOptions(a{ss}: options) → Nothing
2378 Permanently set dict of options to options. See option tag in
2379 firewalld.ipset(5).
2380
2381 setShort(s: short) → Nothing
2382 Permanently set name of ipset to short. See short tag in
2383 firewalld.ipset(5).
2384
2385 setType(s: ipset_type) → Nothing
2386 Permanently set type of ipset to ipset_type. See type attribute
2387 of ipset tag in firewalld.ipset(5).
2388
2389 setVersion(s: version) → Nothing
2390 Permanently set version of ipset to version. See version
2391 attribute of ipset tag in firewalld.ipset(5).
2392
2393 update((ssssa{ss}as): settings) → Nothing
2394 Update settings of ipset to settings. Settings are in format:
2395 version, name, description, type, dictionary of options and
2396 array of entries.
2397
2398 version (s): see version attribute of ipset tag in
2399 firewalld.ipset(5).
2400
2401 name (s): see short tag in firewalld.ipset(5).
2402
2403 description (s): see description tag in firewalld.ipset(5).
2404
2405 type (s): see type attribute of ipset tag in
2406 firewalld.ipset(5).
2407
2408 options (a{ss}): dictionary of {option : value} . See options
2409 tag in firewalld.ipset(5).
2410
2411 entries (as): array of entries, see entry tag in
2412 firewalld.ipset(5).
2413
2414 Possible errors: INVALID_TYPE
2415
2416 Signals
2417 Removed(s: name)
2418 Emitted when ipset with name has been removed.
2419
2420 Renamed(s: name)
2421 Emitted when ipset has been renamed to name.
2422
2423 Updated(s: name)
2424 Emitted when ipset with name has been updated.
2425
2426 Properties
2427 builtin - b - (ro)
2428 True if ipset is build-in, false else.
2429
2430 default - b - (ro)
2431 True if build-in ipset has default settings. False if it has
2432 been modified. Always False for not build-in ipsets.
2433
2434 filename - s - (ro)
2435 Name (including .xml extension) of file where the configuration
2436 is stored.
2437
2438 name - s - (ro)
2439 Name of ipset.
2440
2441 path - s - (ro)
2442 Path to directory where the ipset configuration is stored.
2443 Should be either /usr/lib/firewalld/ipsets or
2444 /etc/firewalld/ipsets.
2445
2446 org.fedoraproject.FirewallD1.config.zone
2447 Interface for permanent zone configuration, see also firewalld.zone(5).
2448
2449 Methods
2450 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2451 Nothing
2452 Permanently add (port, protocol, toport, toaddr) to list of
2453 forward ports of zone. See forward-port tag in
2454 firewalld.zone(5). For runtime operation see
2455 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2456
2457 Possible errors: ALREADY_ENABLED
2458
2459 addIcmpBlock(s: icmptype) → Nothing
2460 Permanently add icmptype to list of icmp types blocked in zone.
2461 See icmp-block tag in firewalld.zone(5). For runtime operation
2462 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2463
2464 Possible errors: ALREADY_ENABLED
2465
2466 addIcmpBlock(s: icmptype) → Nothing
2467 Permanently add icmp block inversion to zone. See
2468 icmp-block-inversion tag in firewalld.zone(5). For runtime
2469 operation see
2470 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2471
2472 Possible errors: ALREADY_ENABLED
2473
2474 addInterface(s: interface) → Nothing
2475 Permanently add interface to list of interfaces bound to zone.
2476 See interface tag in firewalld.zone(5). For runtime operation
2477 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2478
2479 Possible errors: ALREADY_ENABLED
2480
2481 addMasquerade() → Nothing
2482 Permanently enable masquerading in zone. See masquerade tag in
2483 firewalld.zone(5). For runtime operation see
2484 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2485
2486 Possible errors: ALREADY_ENABLED
2487
2488 addPort(s: port, s: protocol) → Nothing
2489 Permanently add (port, protocol) to list of ports of zone. See
2490 port tag in firewalld.zone(5). For runtime operation see
2491 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2492
2493 Possible errors: ALREADY_ENABLED
2494
2495 addProtocol(s: protocol) → Nothing
2496 Permanently add protocol into zone. The protocol can be any
2497 protocol supported by the system. Please have a look at
2498 /etc/protocols for supported protocols. For runtime operation
2499 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2500
2501 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2502
2503 addRichRule(s: rule) → Nothing
2504 Permanently add rule to list of rich-language rules in zone.
2505 See rule tag in firewalld.zone(5). For runtime operation see
2506 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2507
2508 Possible errors: ALREADY_ENABLED
2509
2510 addService(s: service) → Nothing
2511 Permanently add service to list of services used in zone. See
2512 service tag in firewalld.zone(5). For runtime operation see
2513 org.fedoraproject.FirewallD1.zone.Methods.addService.
2514
2515 Possible errors: ALREADY_ENABLED
2516
2517 addSource(s: source) → Nothing
2518 Permanently add source to list of source addresses bound to
2519 zone. See source tag in firewalld.zone(5). For runtime
2520 operation see
2521 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2522
2523 Possible errors: ALREADY_ENABLED
2524
2525 addSourcePort(s: port, s: protocol) → Nothing
2526 Permanently add (port, protocol) to list of source ports of
2527 zone. See source-port tag in firewalld.zone(5). For runtime
2528 operation see
2529 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2530
2531 Possible errors: ALREADY_ENABLED
2532
2533 getDescription() → s
2534 Get description of zone. See description tag in
2535 firewalld.zone(5).
2536
2537 getForwardPorts() → a(ssss)
2538 Get list of (port, protocol, toport, toaddr) defined in zone.
2539 See forward-port tag in firewalld.zone(5). For runtime
2540 operation see
2541 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2542
2543 getIcmpBlockInversion() → b
2544 Get icmp block inversion flag of zone. See icmp-block-inversion
2545 tag in firewalld.zone(5).
2546
2547 getIcmpBlocks() → as
2548 Get list of icmp type names blocked in zone. See icmp-block tag
2549 in firewalld.zone(5). For runtime operation see
2550 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2551
2552 getInterfaces() → as
2553 Get list of interfaces bound to zone. See interface tag in
2554 firewalld.zone(5). For runtime operation see
2555 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2556
2557 getMasquerade() → b
2558 Return whether masquerade is enabled in zone. This is the same
2559 as queryMasquerade() method. See masquerade tag in
2560 firewalld.zone(5).
2561
2562 getPorts() → a(ss)
2563 Get list of (port, protocol) defined in zone. See port tag in
2564 firewalld.zone(5). For runtime operation see
2565 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2566
2567 getProtocols() → as
2568 Return array of protocols (s) previously enabled in zone. For
2569 getting runtime settings see
2570 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2571
2572 getRichRules() → as
2573 Get list of rich-language rules in zone. See rule tag in
2574 firewalld.zone(5). For runtime operation see
2575 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2576
2577 getServices() → as
2578 Get list of service names used in zone. See service tag in
2579 firewalld.zone(5). For runtime operation see
2580 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2581
2582 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
2583 This function is deprecated, use
2584 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2
2585 instead.
2586
2587 getSettings2() → a{sv}
2588 Return permanent settings of given zone. For getting runtime
2589 settings see
2590 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2.
2591 Settings are a dictionary indexed by keywords. For the type of
2592 each value see below. If the value is empty it may be omitted.
2593
2594 version (s): see version attribute of zone tag in
2595 firewalld.zone(5).
2596
2597 name (s): see short tag in firewalld.zone(5).
2598
2599 description (s): see description tag in firewalld.zone(5).
2600
2601 target (s): see target attribute of zone tag in
2602 firewalld.zone(5).
2603
2604 services (as): array of service names, see service tag in
2605 firewalld.zone(5).
2606
2607 ports (a(ss)): array of port and protocol pairs. See port tag
2608 in firewalld.zone(5).
2609
2610 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2611 firewalld.zone(5).
2612
2613 masquerade (b): see masquerade tag in firewalld.zone(5).
2614
2615 forward_ports (a(ssss)): array of (port, protocol, to-port,
2616 to-addr). See forward-port tag in firewalld.zone(5).
2617
2618 interfaces (as): array of interfaces. See interface tag in
2619 firewalld.zone(5).
2620
2621 sources (as): array of source addresses. See source tag in
2622 firewalld.zone(5).
2623
2624 rules_str (as): array of rich-language rules. See rule tag in
2625 firewalld.zone(5).
2626
2627 protocols (as): array of protocols, see protocol tag in
2628 firewalld.zone(5).
2629
2630 source_ports (a(ss)): array of port and protocol pairs. See
2631 source-port tag in firewalld.zone(5).
2632
2633 icmp_block_inversion (b): see icmp-block-inversion tag in
2634 firewalld.zone(5).
2635
2636 forward (b): see forward tag in firewalld.zone(5).
2637
2638
2639 getShort() → s
2640 Get name of zone. See short tag in firewalld.zone(5).
2641
2642 getSourcePorts() → a(ss)
2643 Get list of (port, protocol) defined in zone. See source-port
2644 tag in firewalld.zone(5). For runtime operation see
2645 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2646
2647 getSources() → as
2648 Get list of source addresses bound to zone. See source tag in
2649 firewalld.zone(5). For runtime operation see
2650 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2651
2652 getTarget() → s
2653 Get target of zone. See target attribute of zone tag in
2654 firewalld.zone(5).
2655
2656 getVersion() → s
2657 Get version of zone. See version attribute of zone tag in
2658 firewalld.zone(5).
2659
2660 loadDefaults() → Nothing
2661 Load default settings for built-in zone.
2662
2663 Possible errors: NO_DEFAULTS
2664
2665 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2666 Return whether (port, protocol, toport, toaddr) is in list of
2667 forward ports of zone. See forward-port tag in
2668 firewalld.zone(5). For runtime operation see
2669 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2670
2671 queryIcmpBlock(s: icmptype) → b
2672 Return whether icmptype is in list of icmp types blocked in
2673 zone. See icmp-block tag in firewalld.zone(5). For runtime
2674 operation see
2675 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2676
2677 queryIcmpBlockInversion() → b
2678 Return whether icmp block inversion is in enabled in zone. See
2679 icmp-block-inversion tag in firewalld.zone(5). For runtime
2680 operation see
2681 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2682
2683 queryInterface(s: interface) → b
2684 Return whether interface is in list of interfaces bound to
2685 zone. See interface tag in firewalld.zone(5). For runtime
2686 operation see
2687 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2688
2689 queryMasquerade() → b
2690 Return whether masquerade is enabled in zone. This is the same
2691 as getMasquerade() method. See masquerade tag in
2692 firewalld.zone(5). For runtime operation see
2693 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2694
2695 queryPort(s: port, s: protocol) → b
2696 Return whether (port, protocol) is in list of ports of zone.
2697 See port tag in firewalld.zone(5). For runtime operation see
2698 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2699
2700 queryProtocol(s: protocol) → b
2701 Return whether protocol has been added in zone. For runtime
2702 operation see
2703 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2704
2705 Possible errors: INVALID_PROTOCOL
2706
2707 queryRichRule(s: rule) → b
2708 Return whether rule is in list of rich-language rules in zone.
2709 See rule tag in firewalld.zone(5). For runtime operation see
2710 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2711
2712 queryService(s: service) → b
2713 Return whether service is in list of services used in zone. See
2714 service tag in firewalld.zone(5). For runtime operation see
2715 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2716
2717 querySource(s: source) → b
2718 Return whether source is in list of source addresses bound to
2719 zone. See source tag in firewalld.zone(5). For runtime
2720 operation see
2721 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2722
2723 querySourcePort(s: port, s: protocol) → b
2724 Return whether (port, protocol) is in list of source ports of
2725 zone. See source-port tag in firewalld.zone(5). For runtime
2726 operation see
2727 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2728
2729 remove() → Nothing
2730 Remove not built-in zone.
2731
2732 Possible errors: BUILTIN_ZONE
2733
2734 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2735 Nothing
2736 Permanently remove (port, protocol, toport, toaddr) from list
2737 of forward ports of zone. See forward-port tag in
2738 firewalld.zone(5). For runtime operation see
2739 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2740
2741 Possible errors: NOT_ENABLED
2742
2743 removeIcmpBlock(s: icmptype) → Nothing
2744 Permanently remove icmptype from list of icmp types blocked in
2745 zone. See icmp-block tag in firewalld.zone(5). For runtime
2746 operation see
2747 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2748
2749 Possible errors: NOT_ENABLED
2750
2751 removeIcmpBlockInversion() → Nothing
2752 Permanently remove icmp block inversion from the zone. See
2753 icmp-block-inversion tag in firewalld.zone(5). For runtime
2754 operation see
2755 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2756
2757 Possible errors: NOT_ENABLED
2758
2759 removeInterface(s: interface) → Nothing
2760 Permanently remove interface from list of interfaces bound to
2761 zone. See interface tag in firewalld.zone(5). For runtime
2762 operation see
2763 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2764
2765 Possible errors: NOT_ENABLED
2766
2767 removeMasquerade() → Nothing
2768 Permanently disable masquerading in zone. See masquerade tag in
2769 firewalld.zone(5). For runtime operation see
2770 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2771
2772 Possible errors: NOT_ENABLED
2773
2774 removePort(s: port, s: protocol) → Nothing
2775 Permanently remove (port, protocol) from list of ports of zone.
2776 See port tag in firewalld.zone(5). For runtime operation see
2777 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2778
2779 Possible errors: NOT_ENABLED
2780
2781 removeProtocol(s: protocol) → Nothing
2782 Permanently remove protocol from zone. For runtime operation
2783 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2784
2785 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2786
2787 removeRichRule(s: rule) → Nothing
2788 Permanently remove rule from list of rich-language rules in
2789 zone. See rule tag in firewalld.zone(5). For runtime operation
2790 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2791
2792 Possible errors: NOT_ENABLED
2793
2794 removeService(s: service) → Nothing
2795 Permanently remove service from list of services used in zone.
2796 See service tag in firewalld.zone(5). For runtime operation see
2797 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2798
2799 Possible errors: NOT_ENABLED
2800
2801 removeSource(s: source) → Nothing
2802 Permanently remove source from list of source addresses bound
2803 to zone. See source tag in firewalld.zone(5). For runtime
2804 operation see
2805 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2806
2807 Possible errors: NOT_ENABLED
2808
2809 removeSourcePort(s: port, s: protocol) → Nothing
2810 Permanently remove (port, protocol) from list of source ports
2811 of zone. See source-port tag in firewalld.zone(5). For runtime
2812 operation see
2813 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2814
2815 Possible errors: NOT_ENABLED
2816
2817 rename(s: name) → Nothing
2818 Rename not built-in zone to name.
2819
2820 Possible errors: BUILTIN_ZONE
2821
2822 setDescription(s: description) → Nothing
2823 Permanently set description of zone to description. See
2824 description tag in firewalld.zone(5).
2825
2826 setForwardPorts(a(ssss): ports) → Nothing
2827 Permanently set forward ports of zone to list of (port,
2828 protocol, toport, toaddr). See forward-port tag in
2829 firewalld.zone(5).
2830
2831 setIcmpBlockInversion(b: flag) → Nothing
2832 Permanently set icmp block inversion flag of zone to flag. See
2833 icmp-block-inversion tag in firewalld.zone(5).
2834
2835 setIcmpBlocks(as: icmptypes) → Nothing
2836 Permanently set list of icmp types blocked in zone to
2837 icmptypes. See icmp-block tag in firewalld.zone(5).
2838
2839 setInterfaces(as: interfaces) → Nothing
2840 Permanently set list of interfaces bound to zone to interfaces.
2841 See interface tag in firewalld.zone(5).
2842
2843 setMasquerade(b: masquerade) → Nothing
2844 Permanently set masquerading in zone to masquerade. See
2845 masquerade tag in firewalld.zone(5).
2846
2847 setPorts(a(ss): ports) → Nothing
2848 Permanently set ports of zone to list of (port, protocol). See
2849 port tag in firewalld.zone(5).
2850
2851 setProtocols(as: protocols) → Nothing
2852 Permanently set list of protocols used in zone to protocols.
2853 See protocol tag in firewalld.zone(5).
2854
2855 setRichRules(as: rules) → Nothing
2856 Permanently set list of rich-language rules to rules. See rule
2857 tag in firewalld.zone(5).
2858
2859 setServices(as: services) → Nothing
2860 Permanently set list of services used in zone to services. See
2861 service tag in firewalld.zone(5).
2862
2863 setShort(s: short) → Nothing
2864 Permanently set name of zone to short. See short tag in
2865 firewalld.zone(5).
2866
2867 setSourcePorts(a(ss): ports) → Nothing
2868 Permanently set source-ports of zone to list of (port,
2869 protocol). See source-port tag in firewalld.zone(5).
2870
2871 setSources(as: sources) → Nothing
2872 Permanently set list of source addresses bound to zone to
2873 sources. See source tag in firewalld.zone(5).
2874
2875 setTarget(s: target) → Nothing
2876 Permanently set target of zone to target. See target attribute
2877 of zone tag in firewalld.zone(5).
2878
2879 setVersion(s: version) → Nothing
2880 Permanently set version of zone to version. See version
2881 attribute of zone tag in firewalld.zone(5).
2882
2883 update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing
2884 This function is deprecated, use
2885 org.fedoraproject.FirewallD1.config.zone.Methods.update2
2886 instead.
2887
2888 update2(a{sv}: settings) → Nothing
2889 Update settings of zone to settings. Settings are a dictionary
2890 indexed by keywords. For the type of each value see below. To
2891 zero a value pass an empty string or list.
2892
2893 version (s): see version attribute of zone tag in
2894 firewalld.zone(5).
2895
2896 name (s): see short tag in firewalld.zone(5).
2897
2898 description (s): see description tag in firewalld.zone(5).
2899
2900 target (s): see target attribute of zone tag in
2901 firewalld.zone(5).
2902
2903 services (as): array of service names, see service tag in
2904 firewalld.zone(5).
2905
2906 ports (a(ss)): array of port and protocol pairs. See port tag
2907 in firewalld.zone(5).
2908
2909 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2910 firewalld.zone(5).
2911
2912 masquerade (b): see masquerade tag in firewalld.zone(5).
2913
2914 forward_ports (a(ssss)): array of (port, protocol, to-port,
2915 to-addr). See forward-port tag in firewalld.zone(5).
2916
2917 interfaces (as): array of interfaces. See interface tag in
2918 firewalld.zone(5).
2919
2920 sources (as): array of source addresses. See source tag in
2921 firewalld.zone(5).
2922
2923 rules_str (as): array of rich-language rules. See rule tag in
2924 firewalld.zone(5).
2925
2926 protocols (as): array of protocols, see protocol tag in
2927 firewalld.zone(5).
2928
2929 source_ports (a(ss)): array of port and protocol pairs. See
2930 source-port tag in firewalld.zone(5).
2931
2932 icmp_block_inversion (b): see icmp-block-inversion tag in
2933 firewalld.zone(5).
2934
2935 forward (b): see forward tag in firewalld.zone(5).
2936
2937 Possible errors: INVALID_TYPE
2938
2939 Signals
2940 Removed(s: name)
2941 Emitted when zone with name has been removed.
2942
2943 Renamed(s: name)
2944 Emitted when zone has been renamed to name.
2945
2946 Updated(s: name)
2947 Emitted when zone with name has been updated.
2948
2949 Properties
2950 builtin - b - (ro)
2951 True if zone is build-in, false else.
2952
2953 default - b - (ro)
2954 True if build-in zone has default settings. False if it has
2955 been modified. Always False for not build-in zones.
2956
2957 filename - s - (ro)
2958 Name (including .xml extension) of file where the configuration
2959 is stored.
2960
2961 name - s - (ro)
2962 Name of zone.
2963
2964 path - s - (ro)
2965 Path to directory where the zone configuration is stored.
2966 Should be either /usr/lib/firewalld/zones or
2967 /etc/firewalld/zones.
2968
2969 org.fedoraproject.FirewallD1.config.policy
2970 Interface for permanent policy configuration, see also
2971 firewalld.policy(5).
2972
2973 Methods
2974 getSettings() → a{sv}
2975 Return permanent settings of given policy. For getting runtime
2976 settings see
2977 org.fedoraproject.FirewallD1.policy.Methods.getPolicySettings.
2978 Settings are a dictionary indexed by keywords. For possible
2979 keywords see
2980 org.fedoraproject.FirewallD1.config.Methods.addPolicy.
2981
2982 loadDefaults() → Nothing
2983 Load default settings for built-in policy.
2984
2985 Possible errors: NO_DEFAULTS
2986
2987 remove() → Nothing
2988 Remove not built-in policy.
2989
2990 Possible errors: BUILTIN_POLICY
2991
2992 rename(s: name) → Nothing
2993 Rename not built-in policy to name.
2994
2995 Possible errors: BUILTIN_POLICY
2996
2997 update(a{sv}: settings) → Nothing
2998 Update settings of policy to settings. Settings are a
2999 dictionary indexed by keywords. For possible keywords see
3000 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
3001 a value pass an empty string or list.
3002
3003 Possible errors: INVALID_TYPE
3004
3005 Signals
3006 Removed(s: name)
3007 Emitted when policy with name has been removed.
3008
3009 Renamed(s: name)
3010 Emitted when policy has been renamed to name.
3011
3012 Updated(s: name)
3013 Emitted when policy with name has been updated.
3014
3015 Properties
3016 builtin - b - (ro)
3017 True if policy is build-in, false else.
3018
3019 default - b - (ro)
3020 True if build-in policy has default settings. False if it has
3021 been modified. Always False for not build-in policies.
3022
3023 filename - s - (ro)
3024 Name (including .xml extension) of file where the configuration
3025 is stored.
3026
3027 name - s - (ro)
3028 Name of policy.
3029
3030 path - s - (ro)
3031 Path to directory where the policy configuration is stored.
3032 Should be either /usr/lib/firewalld/policies or
3033 /etc/firewalld/policies.
3034
3035 org.fedoraproject.FirewallD1.config.service
3036 Interface for permanent service configuration, see also
3037 firewalld.service(5).
3038
3039 Methods
3040 addModule(s: module) → Nothing
3041 This method is deprecated. Please use "helpers" in the
3042 update2() method.
3043
3044 addPort(s: port, s: protocol) → Nothing
3045 Permanently add (port, protocol) to list of ports in service.
3046 See port tag in firewalld.service(5).
3047
3048 Possible errors: ALREADY_ENABLED
3049
3050 addProtocol(s: protocol) → Nothing
3051 Permanently add protocol into zone. The protocol can be any
3052 protocol supported by the system. Please have a look at
3053 /etc/protocols for supported protocols. See protocol tag in
3054 firewalld.service(5).
3055
3056 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
3057
3058 addSourcePort(s: port, s: protocol) → Nothing
3059 Permanently add (port, protocol) to list of source ports in
3060 service. See source-port tag in firewalld.service(5).
3061
3062 Possible errors: ALREADY_ENABLED
3063
3064 getDescription() → s
3065 Get description of service. See description tag in
3066 firewalld.service(5).
3067
3068 getDestination(s: family) → s
3069 Get destination for IP family being either 'ipv4' or 'ipv6'.
3070 See destination tag in firewalld.service(5).
3071
3072 Possible errors: ALREADY_ENABLED
3073
3074 getDestinations() → a{ss}
3075 Get list of destinations. Return value is a dictionary of {IP
3076 family : IP address} where 'IP family' key can be either 'ipv4'
3077 or 'ipv6'. See destination tag in firewalld.service(5).
3078
3079 getModules() → as
3080 This method is deprecated. Please use "helpers" in the
3081 getSettings2() method.
3082
3083 getPorts() → a(ss)
3084 Get list of (port, protocol) defined in service. See port tag
3085 in firewalld.service(5).
3086
3087 getProtocols() → as
3088 Return array of protocols (s) defined in service. See protocol
3089 tag in firewalld.service(5).
3090
3091 getSettings() → (sssa(ss)asa{ss}asa(ss))
3092 This function is deprecated, use
3093 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
3094 instead.
3095
3096 getSettings2(s: service) → s{sv}
3097 Return runtime settings of given service. For getting runtime
3098 settings see
3099 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
3100 Settings are a dictionary indexed by keywords. For the type of
3101 each value see below. If the value is empty it may be ommitted.
3102
3103 version (s): see version attribute of service tag in
3104 firewalld.service(5).
3105
3106 name (s): see short tag in firewalld.service(5).
3107
3108 description (s): see description tag in firewalld.service(5).
3109
3110 ports (a(ss)): array of port and protocol pairs. See port tag
3111 in firewalld.service(5).
3112
3113 module names (as): array of kernel netfilter helpers, see
3114 module tag in firewalld.service(5).
3115
3116 destinations (a{ss}): dictionary of {IP family : IP address}
3117 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3118 destination tag in firewalld.service(5).
3119
3120 protocols (as): array of protocols, see protocol tag in
3121 firewalld.service(5).
3122
3123 source_ports (a(ss)): array of port and protocol pairs. See
3124 source-port tag in firewalld.service(5).
3125
3126 includes (as): array of service includes, see include tag in
3127 firewalld.service(5).
3128
3129 helpers (as): array of service helpers, see helper tag in
3130 firewalld.service(5).
3131
3132
3133 getShort() → s
3134 Get name of service. See short tag in firewalld.service(5).
3135
3136 getSourcePorts() → a(ss)
3137 Get list of (port, protocol) defined in service. See
3138 source-port tag in firewalld.service(5).
3139
3140 getVersion() → s
3141 Get version of service. See version attribute of service tag in
3142 firewalld.service(5).
3143
3144 loadDefaults() → Nothing
3145 Load default settings for built-in service.
3146
3147 Possible errors: NO_DEFAULTS
3148
3149 queryDestination(s: family, s: address) → b
3150 Return whether a destination is in dictionary of destinations
3151 of this service. destination is in format: (IP family, IP
3152 address) where IP family can be either 'ipv4' or 'ipv6'. See
3153 destination tag in firewalld.service(5).
3154
3155 queryModule(s: module) → b
3156 This method is deprecated. Please use "helpers" in the
3157 getSettings2() method.
3158
3159 queryPort(s: port, s: protocol) → b
3160 Return whether (port, protocol) is in list of ports in service.
3161 See port tag in firewalld.service(5).
3162
3163 queryProtocol(s: protocol) → b
3164 Return whether protocol is in list of protocols in service. See
3165 protocol tag in firewalld.service(5).
3166
3167 querySourcePort(s: port, s: protocol) → b
3168 Return whether (port, protocol) is in list of source ports in
3169 service. See source-port tag in firewalld.service(5).
3170
3171 remove() → Nothing
3172 Remove not built-in service.
3173
3174 Possible errors: BUILTIN_SERVICE
3175
3176 removeDestination(s: family) → Nothing
3177 Permanently remove a destination with family ('ipv4' or 'ipv6')
3178 from service. See destination tag in firewalld.service(5).
3179
3180 Possible errors: NOT_ENABLED
3181
3182 removeModule(s: module) → Nothing
3183 This method is deprecated. Please use "helpers" in the
3184 update2() method.
3185
3186 removePort(s: port, s: protocol) → Nothing
3187 Permanently remove (port, protocol) from list of ports in
3188 service. See port tag in firewalld.service(5).
3189
3190 Possible errors: NOT_ENABLED
3191
3192 removeProtocol(s: protocol) → Nothing
3193 Permanently remove protocol from list of protocols in service.
3194 See protocol tag in firewalld.service(5).
3195
3196 Possible errors: NOT_ENABLED
3197
3198 removeSourcePort(s: port, s: protocol) → Nothing
3199 Permanently remove (port, protocol) from list of source ports
3200 in service. See source-port tag in firewalld.service(5).
3201
3202 Possible errors: NOT_ENABLED
3203
3204 rename(s: name) → Nothing
3205 Rename not built-in service to name.
3206
3207 Possible errors: BUILTIN_SERVICE
3208
3209 setDescription(s: description) → Nothing
3210 Permanently set description of service to description. See
3211 description tag in firewalld.service(5).
3212
3213 setDestination(s: family, s: address) → Nothing
3214 Permanently set a destination address. destination is in
3215 format: (IP family, IP address) where IP family can be either
3216 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
3217
3218 Possible errors: ALREADY_ENABLED
3219
3220 setDestinations(a{ss}: destinations) → Nothing
3221 Permanently set destinations of service to destinations, which
3222 is a dictionary of {IP family : IP address} where 'IP family'
3223 key can be either 'ipv4' or 'ipv6'. See destination tag in
3224 firewalld.service(5).
3225
3226 setModules(as: modules) → Nothing
3227 This method is deprecated. Please use "helpers" in the
3228 update2() method.
3229
3230 setPorts(a(ss): ports) → Nothing
3231 Permanently set ports of service to list of (port, protocol).
3232 See port tag in firewalld.service(5).
3233
3234 setProtocols(as: protocols) → Nothing
3235 Permanently set protocols of service to list of protocols. See
3236 protocol tag in firewalld.service(5).
3237
3238 setShort(s: short) → Nothing
3239 Permanently set name of service to short. See short tag in
3240 firewalld.service(5).
3241
3242 setSourcePorts(a(ss): ports) → Nothing
3243 Permanently set source-ports of service to list of (port,
3244 protocol). See source-port tag in firewalld.service(5).
3245
3246 setVersion(s: version) → Nothing
3247 Permanently set version of service to version. See version
3248 attribute of service tag in firewalld.service(5).
3249
3250 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
3251 This function is deprecated, use
3252 org.fedoraproject.FirewallD1.config.service.Methods.update2
3253 instead.
3254
3255 update2a{sv}: settings) → Nothing
3256 Update settings of service to settings. Settings are a
3257 dictionary indexed by keywords. For the type of each value see
3258 below. To zero a value pass an empty string or list.
3259
3260 version (s): see version attribute of service tag in
3261 firewalld.service(5).
3262
3263 name (s): see short tag in firewalld.service(5).
3264
3265 description (s): see description tag in firewalld.service(5).
3266
3267 ports (a(ss)): array of port and protocol pairs. See port tag
3268 in firewalld.service(5).
3269
3270 module names (as): array of kernel netfilter helpers, see
3271 module tag in firewalld.service(5).
3272
3273 destinations (a{ss}): dictionary of {IP family : IP address}
3274 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3275 destination tag in firewalld.service(5).
3276
3277 protocols (as): array of protocols, see protocol tag in
3278 firewalld.service(5).
3279
3280 source_ports (a(ss)): array of port and protocol pairs. See
3281 source-port tag in firewalld.service(5).
3282
3283 includes (as): array of service includes, see include tag in
3284 firewalld.service(5).
3285
3286 helpers (as): array of service helpers, see helper tag in
3287 firewalld.service(5).
3288
3289 Possible errors: INVALID_TYPE
3290
3291 Signals
3292 Removed(s: name)
3293 Emitted when service with name has been removed.
3294
3295 Renamed(s: name)
3296 Emitted when service has been renamed to name.
3297
3298 Updated(s: name)
3299 Emitted when service with name has been updated.
3300
3301 Properties
3302 builtin - b - (ro)
3303 True if service is build-in, false else.
3304
3305 default - b - (ro)
3306 True if build-in service has default settings. False if it has
3307 been modified. Always False for not build-in services.
3308
3309 filename - s - (ro)
3310 Name (including .xml extension) of file where the configuration
3311 is stored.
3312
3313 name - s - (ro)
3314 Name of service.
3315
3316 path - s - (ro)
3317 Path to directory where the configuration is stored. Should be
3318 either /usr/lib/firewalld/services or /etc/firewalld/services.
3319
3320 org.fedoraproject.FirewallD1.config.helper
3321 Interface for permanent helper configuration, see also
3322 firewalld.helper(5).
3323
3324 Methods
3325 addPort(s: port, s: protocol) → Nothing
3326 Permanently add (port, protocol) to list of ports in helper.
3327 See port tag in firewalld.helper(5).
3328
3329 Possible errors: ALREADY_ENABLED
3330
3331 getDescription() → s
3332 Get description of helper. See description tag in
3333 firewalld.helper(5).
3334
3335 getFamily() → s
3336 Get family being 'ipv4', 'ipv6' or empty for both. See family
3337 tag in firewalld.helper(5).
3338
3339 getModule() → s
3340 Get modules (netfilter kernel helpers) used in helper. See
3341 module tag in firewalld.helper(5).
3342
3343 getPorts() → a(ss)
3344 Get list of (port, protocol) defined in helper. See port tag in
3345 firewalld.helper(5).
3346
3347 getSettings() → (sssssa(ss))
3348 Return permanent settings of a helper. For getting runtime
3349 settings see
3350 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3351 Settings are in format: version, name, description, family,
3352 module, array of ports (port, protocol).
3353
3354 version (s): see version attribute of helper tag in
3355 firewalld.helper(5).
3356
3357 name (s): see short tag in firewalld.helper(5).
3358
3359 description (s): see description tag in firewalld.helper(5).
3360
3361 family (s): see family tag in firewalld.helper(5).
3362
3363 module (s): see module tag in firewalld.helper(5).
3364
3365 ports (a(ss)): array of port and protocol pairs. See port tag
3366 in firewalld.helper(5).
3367
3368
3369 getShort() → s
3370 Get name of helper. See short tag in firewalld.helper(5).
3371
3372 getVersion() → s
3373 Get version of helper. See version attribute of helper tag in
3374 firewalld.helper(5).
3375
3376 loadDefaults() → Nothing
3377 Load default settings for built-in helper.
3378
3379 Possible errors: NO_DEFAULTS
3380
3381 queryFamily(s: module) → b
3382 Return whether family is set for helper. See family tag in
3383 firewalld.helper(5).
3384
3385 queryModule(s: module) → b
3386 Return whether module (netfilter kernel helpers) is used in
3387 helper. See module tag in firewalld.helper(5).
3388
3389 queryPort(s: port, s: protocol) → b
3390 Return whether (port, protocol) is in list of ports in helper.
3391 See port tag in firewalld.helper(5).
3392
3393 remove() → Nothing
3394 Remove not built-in helper.
3395
3396 Possible errors: BUILTIN_HELPER
3397
3398 removePort(s: port, s: protocol) → Nothing
3399 Permanently remove (port, protocol) from list of ports in
3400 helper. See port tag in firewalld.helper(5).
3401
3402 Possible errors: NOT_ENABLED
3403
3404 rename(s: name) → Nothing
3405 Rename not built-in helper to name.
3406
3407 Possible errors: BUILTIN_HELPER
3408
3409 setDescription(s: description) → Nothing
3410 Permanently set description of helper to description. See
3411 description tag in firewalld.helper(5).
3412
3413 setFamily(s: family) → Nothing
3414 Permanently set family of helper to family. See family tag in
3415 firewalld.helper(5).
3416
3417 setModule(s: module) → Nothing
3418 Permanently set module of helper to description. See module tag
3419 in firewalld.helper(5).
3420
3421 setPorts(a(ss): ports) → Nothing
3422 Permanently set ports of helper to list of (port, protocol).
3423 See port tag in firewalld.helper(5).
3424
3425 setShort(s: short) → Nothing
3426 Permanently set name of helper to short. See short tag in
3427 firewalld.helper(5).
3428
3429 setVersion(s: version) → Nothing
3430 Permanently set version of helper to version. See version
3431 attribute of helper tag in firewalld.helper(5).
3432
3433 update((sssssa(ss)): settings) → Nothing
3434 Update settings of helper to settings. Settings are in format:
3435 version, name, description, family, module and array of ports.
3436
3437 version (s): see version attribute of helper tag in
3438 firewalld.helper(5).
3439
3440 name (s): see short tag in firewalld.helper(5).
3441
3442 description (s): see description tag in firewalld.helper(5).
3443
3444 family (s): see family tag in firewalld.helper(5).
3445
3446 module (s): see module tag in firewalld.helper(5).
3447
3448 ports (a(ss)): array of port and protocol pairs. See port tag
3449 in firewalld.helper(5).
3450
3451 Possible errors: INVALID_HELPER
3452
3453 Signals
3454 Removed(s: name)
3455 Emitted when helper with name has been removed.
3456
3457 Renamed(s: name)
3458 Emitted when helper has been renamed to name.
3459
3460 Updated(s: name)
3461 Emitted when helper with name has been updated.
3462
3463 Properties
3464 builtin - b - (ro)
3465 True if helper is build-in, false else.
3466
3467 default - b - (ro)
3468 True if build-in helper has default settings. False if it has
3469 been modified. Always False for not build-in helpers.
3470
3471 filename - s - (ro)
3472 Name (including .xml extension) of file where the configuration
3473 is stored.
3474
3475 name - s - (ro)
3476 Name of helper.
3477
3478 path - s - (ro)
3479 Path to directory where the configuration is stored. Should be
3480 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3481
3482 org.fedoraproject.FirewallD1.config.icmptype
3483 Interface for permanent icmp type configuration, see also
3484 firewalld.icmptype(5).
3485
3486 Methods
3487 addDestination(s: destination) → Nothing
3488 Permanently add a destination ('ipv4' or 'ipv6') to list of
3489 destinations of this icmp type. See destination tag in
3490 firewalld.icmptype(5).
3491
3492 Possible errors: ALREADY_ENABLED
3493
3494 getDescription() → s
3495 Get description of icmp type. See description tag in
3496 firewalld.icmptype(5).
3497
3498 getDestinations() → as
3499 Get list of destinations. See destination tag in
3500 firewalld.icmptype(5).
3501
3502 getSettings() → (sssas)
3503 Return permanent settings of icmp type. For getting runtime
3504 settings see
3505 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3506 Settings are in format: version, name, description, array of
3507 destinations.
3508
3509 version (s): see version attribute of icmptype tag in
3510 firewalld.icmptype(5).
3511
3512 name (s): see short tag in firewalld.icmptype(5).
3513
3514 description (s): see description tag in firewalld.icmptype(5).
3515
3516 destinations (as): array, either empty or containing strings
3517 'ipv4' and/or 'ipv6', see destination tag in
3518 firewalld.icmptype(5).
3519
3520
3521 getShort() → s
3522 Get name of icmp type. See short tag in firewalld.icmptype(5).
3523
3524 getVersion() → s
3525 Get version of icmp type. See version attribute of icmptype tag
3526 in firewalld.icmptype(5).
3527
3528 loadDefaults() → Nothing
3529 Load default settings for built-in icmp type.
3530
3531 Possible errors: NO_DEFAULTS
3532
3533 queryDestination(s: destination) → b
3534 Return whether a destination ('ipv4' or 'ipv6') is in list of
3535 destinations of this icmp type. See destination tag in
3536 firewalld.icmptype(5).
3537
3538 remove() → Nothing
3539 Remove not built-in icmp type.
3540
3541 Possible errors: BUILTIN_ICMPTYPE
3542
3543 removeDestination(s: destination) → Nothing
3544 Permanently remove a destination ('ipv4' or 'ipv6') from list
3545 of destinations of this icmp type. See destination tag in
3546 firewalld.icmptype(5).
3547
3548 Possible errors: NOT_ENABLED
3549
3550 rename(s: name) → Nothing
3551 Rename not built-in icmp type to name.
3552
3553 Possible errors: BUILTIN_ICMPTYPE
3554
3555 setDescription(s: description) → Nothing
3556 Permanently set description of icmp type to description. See
3557 description tag in firewalld.icmptype(5).
3558
3559 setDestinations(as: destinations) → Nothing
3560 Permanently set destinations of icmp type to destinations,
3561 which is array, either empty or containing strings 'ipv4'
3562 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3563
3564 setShort(s: short) → Nothing
3565 Permanently set name of icmp type to short. See short tag in
3566 firewalld.icmptype(5).
3567
3568 setVersion(s: version) → Nothing
3569 Permanently set version of icmp type to version. See version
3570 attribute of icmptype tag in firewalld.icmptype(5).
3571
3572 update((sssas): settings) → Nothing
3573 Update permanent settings of icmp type to settings. Settings
3574 are in format: version, name, description, array of
3575 destinations.
3576
3577 version (s): see version attribute of icmptype tag in
3578 firewalld.icmptype(5).
3579
3580 name (s): see short tag in firewalld.icmptype(5).
3581
3582 description (s): see description tag in firewalld.icmptype(5).
3583
3584 destinations (as): array, either empty or containing strings
3585 'ipv4' and/or 'ipv6', see destination tag in
3586 firewalld.icmptype(5).
3587
3588
3589 Signals
3590 Removed(s: name)
3591 Emitted when icmp type with name has been removed.
3592
3593 Renamed(s: name)
3594 Emitted when icmp type has been renamed to name.
3595
3596 Updated(s: name)
3597 Emitted when icmp type with name has been updated.
3598
3599 Properties
3600 builtin - b - (ro)
3601 True if icmptype is build-in, false else.
3602
3603 default - b - (ro)
3604 True if build-in icmp type has default settings. False if it
3605 has been modified. Always False for not build-in zones.
3606
3607 filename - s - (ro)
3608 Name (including .xml extension) of file where the configuration
3609 is stored.
3610
3611 name - s - (ro)
3612 Name of icmp type.
3613
3614 path - s - (ro)
3615 Path to directory where the icmp type configuration is stored.
3616 Should be either /usr/lib/firewalld/icmptypes or
3617 /etc/firewalld/icmptypes.
3618
3620 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3621 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3622 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3623 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3624 firewalld.zone(5), firewalld.zones(5), firewalld.policy(5),
3625 firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
3626
3628 firewalld home page:
3629 http://firewalld.org
3630
3631 More documentation with examples:
3632 http://fedoraproject.org/wiki/FirewallD
3633
3635 Thomas Woerner <twoerner@redhat.com>
3636 Developer
3637
3638 Jiri Popelka <jpopelka@redhat.com>
3639 Developer
3640
3641 Eric Garver <eric@garver.life>
3642 Developer
3643
3644
3645
3646firewalld 0.9.3 FIREWALLD.DBUS(5)