1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80 Possible errors: NOT_ENABLED, COMMAND_FAILED
82 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89 getAutomaticHelpers() → s
91 Deprecated. This always returns "no".
92 getDefaultZone() → s
94 Return default zone.
95 getHelperSettings(s: helper) → (sssssa(ss))
97 Return runtime settings of given helper. For getting permanent
98 settings see
99 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
100 Settings are in format: version, name, description, family,
101 module and array of ports.
102 version (s): see version attribute of helper tag in
104 firewalld.helper(5).
105 name (s): see short tag in firewalld.helper(5).
107 description (s): see description tag in firewalld.helper(5).
109 family (s): see family tag in firewalld.helper(5).
111 module (s): see module tag in firewalld.helper(5).
113 ports (a(ss)): array of port and protocol pairs. See port tag
115 in firewalld.helper(5).
116 Possible errors: INVALID_HELPER
118 getHelpers() → as
120 Return array of helper names (s) in runtime configuration. For
121 permanent configuration see
122 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
123 getIcmpTypeSettings(s: icmptype) → (sssas)
125 Return runtime settings of given icmptype. For getting
126 permanent settings see
127 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
128 Settings are in format: version, name, description, array of
129 destinations.
130 version (s): see version attribute of icmptype tag in
132 firewalld.icmptype(5).
133 name (s): see short tag in firewalld.icmptype(5).
135 description (s): see description tag in firewalld.icmptype(5).
137 destinations (as): array, either empty or containing strings
139 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
140 Possible errors: INVALID_ICMPTYPE
142 getLogDenied() → s
144 Retruns the LogDenied value. If LogDenied is enabled, then
145 logging rules are added right before reject and drop rules in
146 the INPUT, FORWARD and OUTPUT chains for the default rules and
147 also final reject and drop rules in zones. Possible values are:
148 all, unicast, broadcast, multicast and off. The default value
149 is off
150 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
152 This function is deprecated, use
153 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
154 instead.
155 getServiceSettings2(s: service) → s{sv}
157 Return runtime settings of given service. For getting permanent
158 settings see
159 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
160 Settings are a dictionary indexed by keywords. For the type of
161 each value see below. If the value is empty it may be ommitted.
162 version (s): see version attribute of service tag in
164 firewalld.service(5).
165 name (s): see short tag in firewalld.service(5).
167 description (s): see description tag in firewalld.service(5).
169 ports (a(ss)): array of port and protocol pairs. See port tag
171 in firewalld.service(5).
172 module names (as): array of kernel netfilter helpers, see
174 module tag in firewalld.service(5).
175 destinations (a{ss}): dictionary of {IP family : IP address}
177 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
178 destination tag in firewalld.service(5).
179 protocols (as): array of protocols, see protocol tag in
181 firewalld.service(5).
182 source_ports (a(ss)): array of port and protocol pairs. See
184 source-port tag in firewalld.service(5).
185 includes (as): array of service includes, see include tag in
187 firewalld.service(5).
188 helpers (as): array of service helpers, see helper tag in
190 firewalld.service(5).
191 Possible errors: INVALID_SERVICE
193 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
195 This function is deprecated, use
196 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2
197 instead.
198 listIcmpTypes() → as
200 Return array of names (s) of icmp types in runtime
201 configuration. For permanent configuration see
202 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
203 listServices() → as
205 Return array of service names (s) in runtime configuration. For
206 permanent configuration see
207 org.fedoraproject.FirewallD1.config.Methods.listServices.
208 queryPanicMode() → b
210 Return true if panic mode is enabled, false otherwise. In panic
211 mode all incoming and outgoing packets are dropped.
212 reload() → Nothing
214 Reload firewall rules and keep state information. Current
215 permanent configuration will become new runtime configuration,
216 i.e. all runtime only changes done until reload are lost with
217 reload if they have not been also in permanent configuration.
218 runtimeToPermanent() → Nothing
220 Make runtime settings permanent. Replaces permanent settings
221 with runtime settings for zones, services, icmptypes, direct
222 and policies (lockdown whitelist).
223 Possible errors: RT_TO_PERM_FAILED
225 checkPermanentConfig() → Nothing
227 Run checks on the permanent configuration. This is most useful
228 if changes were made manually to configuration files.
229 Possible errors: any
231 setDefaultZone(s: zone) → Nothing
233 Set default zone for connections and interfaces where no zone
234 has been selected to zone. Setting the default zone changes the
235 zone for the connections or interfaces, that are using the
236 default zone. This is a runtime and permanent change.
237 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
239 setLogDenied(s: value) → Nothing
241 Set LogDenied value to value. If LogDenied is enabled, then
242 logging rules are added right before reject and drop rules in
243 the INPUT, FORWARD and OUTPUT chains for the default rules and
244 also final reject and drop rules in zones. Possible values are:
245 all, unicast, broadcast, multicast and off. The default value
246 is off This is a runtime and permanent change.
247 Possible errors: ALREADY_SET, INVALID_VALUE
249 Signals
251 DefaultZoneChanged(s: zone)
252 Emitted when default zone has been changed to zone.
253 LogDeniedChanged(s: value)
255 Emitted when LogDenied value has been changed.
256 PanicModeDisabled()
258 Emitted when panic mode has been deactivated.
259 PanicModeEnabled()
261 Emitted when panic mode has been activated.
262 Reloaded()
264 Emitted when firewalld has been reloaded. Also emitted for a
265 complete reload.
266 Properties
268 BRIDGE - b - (ro)
269 Indicates whether the firewall has ethernet bridge support.
270 IPSet - b - (ro)
272 Indicates whether the firewall has IPSet support.
273 IPSetTypes - as - (ro)
275 The supported IPSet types by ipset and firewalld.
276 IPv4 - b - (ro)
278 Indicates whether the firewall has IPv4 support.
279 IPv4ICMPTypes - as - (ro)
281 The list of supported IPv4 ICMP types.
282 IPv6 - b - (ro)
284 Indicates whether the firewall has IPv6 support.
285 IPv6_rpfilter - b - (ro)
287 Indicates whether the reverse path filter test on a packet for
288 IPv6 is enabled. If a reply to the packet would be sent via the
289 same interface that the packet arrived on, the packet will
290 match and be accepted, otherwise dropped.
291 IPv6ICMPTypes - as - (ro)
293 The list of supported IPv6 ICMP types.
294 nf_conntrach_helper_setting - b - (ro)
296 Deprecated. Always False.
297 nf_conntrack_helpers - a{sas} - (ro)
299 Deprecated. Always returns an empty dictionary.
300 nf_nat_helpers - a{sas} - (ro)
302 Deprecated. Always returns an empty dictionary.
303 interface_version - s - (ro)
305 firewalld D-Bus interface version string.
306 state - s - (ro)
308 firewalld state. This can be either INIT, FAILED, or RUNNING.
309 In INIT state, firewalld is starting up and initializing. In
310 FAILED state, firewalld completely started but experienced a
311 failure.
312 version - s - (ro)
314 firewalld version string.
315 org.fedoraproject.FirewallD1.ipset
317 Operations in this interface allows to get, add, remove and query
318 runtime ipset settings. For permanent configuration see
319 org.fedoraproject.FirewallD1.config.ipset interface.
320 Methods
322 addEntry(s: ipset, s: entry) → as
323 Add a new entry to ipset. The entry must match the type of the
324 ipset. If the ipset is using the timeout option, it is not
325 possible to see the entries, as they are timing out
326 automatically in the kernel. For permanent operation see
327 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
328 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
330 getEntries(s: ipset) → Nothing
332 Get all entries added to the ipset. If the ipset is using the
333 timeout option, it is not possible to see the entries, as they
334 are timing out automatically in the kernel. Return value is a
335 array of entry. For permanent operation see
336 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
337 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
339 getSettings(s: ipset) → (ssssa{ss}as)
341 Return runtime settings of given ipset. For getting permanent
342 settings see
343 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
344 Settings are in format: version, name, description, type,
345 dictionary of options and array of entries.
346 version (s): see version attribute of ipset tag in
348 firewalld.ipset(5).
349 name (s): see short tag in firewalld.ipset(5).
351 description (s): see description tag in firewalld.ipset(5).
353 type (s): see type attribute of ipset tag in
355 firewalld.ipset(5).
356 options (a{ss}): dictionary of {option : value} . See options
358 tag in firewalld.ipset(5).
359 entries (as): array of entries, see entry tag in
361 firewalld.ipset(5).
362 Possible errors: INVALID_IPSET
364 getIPSets() → as
366 Return array of ipset names (s) in runtime configuration. For
367 permanent configuration see
368 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
369 queryEntry(s: ipset, s: entry) → b
371 Return whether entry has been added to ipset. For permanent
372 operation see
373 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
374 Possible errors: INVALID_IPSET
376 queryIPSet(s: ipset) → b
378 Return whether ipset is defined in runtime configuration.
379 removeEntry(s: ipset, s: entry) → as
381 Removes an entry from ipset. For permanent operation see
382 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
383 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
385 setEntries(as: entries) → Nothing
387 Permanently set list of entries to entries. For permanent
388 operation see
389 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
390 See entry tag in firewalld.ipset(5).
391 Signals
393 EntryAdded(s: ipset, s: entry)
394 Emitted when entry has been added to ipset.
395 EntryRemoved(s: ipset, s: entry)
397 Emitted when entry has been removed from ipset.
398 org.fedoraproject.FirewallD1.direct
400 This interface enables more direct access to the firewall. It enables
401 runtime manipulation with chains and rules. For permanent configuration
402 see org.fedoraproject.FirewallD1.config.direct interface.
403 Methods
405 addChain(s: ipv, s: table, s: chain) → Nothing
406 Add a new chain to table for ipv being either ipv4 (iptables)
407 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
408 other chain with this name already. There already exist basic
409 chains to use with direct methods, for example INPUT_direct
410 chain. These chains are jumped into before chains for zones,
411 i.e. every rule put into INPUT_direct will be checked before
412 rules in zones. For permanent operation see
413 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
414 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
416 COMMAND_FAILED
417 addPassthrough(s: ipv, as: args) → Nothing
419 Add a tracked passthrough rule with the arguments args for ipv
420 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
421 (ebtables). Valid commands in args are only -A/--append,
422 -I/--insert and -N/--new-chain. This method is (unlike
423 passthrough method) tracked, i.e. firewalld remembers it. It's
424 useful with
425 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
426 permanent operation see
427 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
428 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
430 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
432 Nothing
433 Add a rule with the arguments args to chain in table with
434 priority for ipv being either ipv4 (iptables) or ipv6
435 (ip6tables) or eb (ebtables). The priority is used to order
436 rules. Priority 0 means add rule on top of the chain, with a
437 higher priority the rule will be added further down. Rules with
438 the same priority are on the same level and the order of these
439 rules is not fixed and may change. If you want to make sure
440 that a rule will be added after another one, use a low priority
441 for the first and a higher for the following. For permanent
442 operation see
443 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
444 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
446 COMMAND_FAILED
447 getAllChains() → a(sss)
449 Get all chains added to all tables in format: ipv, table,
450 chain. This concerns only chains previously added with
451 addChain. Return value is a array of (ipv, table, chain). For
452 permanent operation see
453 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
454 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
456 (ebtables).
457 table (s): one of filter, mangle, nat, raw, security
459 chain (s): name of a chain.
461 getAllPassthroughs() → a(sas)
464 Get all tracked passthrough rules added in all ipv types in
465 format: ipv, rule. This concerns only rules previously added
466 with addPassthrough. Return value is a array of (ipv, array of
467 arguments). For permanent operation see
468 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
469 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
471 (ebtables).
472 arguments (as): array of commands, parameters and other
474 iptables/ip6tables/ebtables command line options.
475 getAllRules() → a(sssias)
478 Get all rules added to all chains in all tables in format: ipv,
479 table, chain, priority, rule. This concerns only rules
480 previously added with addRule. Return value is a array of (ipv,
481 table, chain, priority, array of arguments). For permanent
482 operation see
483 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
484 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
486 (ebtables).
487 table (s): one of filter, mangle, nat, raw, security
489 chain (s): name of a chain.
491 priority (i): used to order rules.
493 arguments (as): array of commands, parameters and other
495 iptables/ip6tables/ebtables command line options.
496 getChains(s: ipv, s: table) → as
499 Return an array of chains (s) added to table for ipv being
500 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
501 This concerns only chains previously added with addChain. For
502 permanent operation see
503 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
504 Possible errors: INVALID_IPV, INVALID_TABLE
506 getPassthroughs(s: ipv) → aas
508 Get tracked passthrough rules added in either ipv4 (iptables)
509 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
510 previously added with addPassthrough. Return value is a array
511 of (array of arguments). For permanent operation see
512 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
513 arguments (as): array of commands, parameters and other
515 iptables/ip6tables/ebtables command line options.
516 getRules(s: ipv, s: table, s: chain) → a(ias)
519 Get all rules added to chain in table for ipv being either ipv4
520 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
521 only rules previously added with addRule. Return value is a
522 array of (priority, array of arguments). For permanent
523 operation see
524 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
525 priority (i): used to order rules.
527 arguments (as): array of commands, parameters and other
529 iptables/ip6tables/ebtables command line options.
530 Possible errors: INVALID_IPV, INVALID_TABLE
532 passthrough(s: ipv, as: args) → s
534 Pass a command through to the firewall. ipv can be either ipv4
535 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
536 all iptables, ip6tables and ebtables command line arguments.
537 args can be all iptables, ip6tables and ebtables command line
538 arguments. This command is untracked, which means that
539 firewalld is not able to provide information about this command
540 later on.
541 Possible errors: COMMAND_FAILED
543 queryChain(s: ipv, s: table, s: chain) → b
545 Return whether a chain exists in table for ipv being either
546 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
547 concerns only chains previously added with addChain. For
548 permanent operation see
549 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
550 Possible errors: INVALID_IPV, INVALID_TABLE
552 queryPassthrough(s: ipv, as: args) → b
554 Return whether a tracked passthrough rule with the arguments
555 args exists for ipv being either ipv4 (iptables) or ipv6
556 (ip6tables) or eb (ebtables). This concerns only rules
557 previously added with addPassthrough. For permanent operation
558 see
559 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
560 Possible errors: INVALID_IPV
562 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
564 Return whether a rule with priority and the arguments args
565 exists in chain in table for ipv being either ipv4 (iptables)
566 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
567 previously added with addRule. For permanent operation see
568 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
569 Possible errors: INVALID_IPV, INVALID_TABLE
571 removeAllPassthroughs() → Nothing
573 Remove all passthrough rules previously added with
574 addPassthrough.
575 removeChain(s: ipv, s: table, s: chain) → Nothing
577 Remove a chain from table for ipv being either ipv4 (iptables)
578 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
579 added with addChain can be removed this way. For permanent
580 operation see
581 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
582 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
584 COMMAND_FAILED
585 removePassthrough(s: ipv, as: args) → Nothing
587 Remove a tracked passthrough rule with arguments args for ipv
588 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
589 (ebtables). Only rules previously added with addPassthrough can
590 be removed this way. For permanent operation see
591 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
592 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
594 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
596 Nothing
597 Remove a rule with priority and arguments args from chain in
598 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
599 or eb (ebtables). Only rules previously added with addRule can
600 be removed this way. For permanent operation see
601 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
602 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
604 COMMAND_FAILED
605 removeRules(s: ipv, s: table, s: chain) → Nothing
607 Remove all rules from chain in table for ipv being either ipv4
608 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
609 only rules previously added with addRule. For permanent
610 operation see
611 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
612 Possible errors: INVALID_IPV, INVALID_TABLE
614 Signals
616 ChainAdded(s: ipv, s: table, s: chain)
617 Emitted when chain has been added into table for ipv being
618 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
619 ChainRemoved(s: ipv, s: table, s: chain)
621 Emitted when chain has been removed from table for ipv being
622 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
623 PassthroughAdded(s: ipv, as: args)
625 Emitted when a tracked passthruogh rule with args has been
626 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
627 or eb (ebtables).
628 PassthroughRemoved(s: ipv, as: args)
630 Emitted when a tracked passthrough rule with args has been
631 removed for ipv being either ipv4 (iptables) or ipv6
632 (ip6tables) or eb (ebtables).
633 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
635 Emitted when a rule with args has been added to chain in table
636 with priority for ipv being either ipv4 (iptables) or ipv6
637 (ip6tables) or eb (ebtables).
638 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
640 Emitted when a rule with args has been removed from chain in
641 table with priority for ipv being either ipv4 (iptables) or
642 ipv6 (ip6tables) or eb (ebtables).
643 org.fedoraproject.FirewallD1.policies
645 Enables firewalld to be able to lock down configuration changes from
646 local applications. Local applications or services are able to change
647 the firewall configuration if they are running as root (example:
648 libvirt). With these operations administrator can lock the firewall
649 configuration so that either none or only applications that are in the
650 whitelist are able to request firewall changes. For permanent
651 configuration see org.fedoraproject.FirewallD1.config.policies
652 interface.
653 Methods
655 addLockdownWhitelistCommand(s: command) → Nothing
656 Add command to whitelist. See command option in
657 firewalld.lockdown-whitelist(5). For permanent operation see
658 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
659 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
661 addLockdownWhitelistContext(s: context) → Nothing
663 Add context to whitelist. See selinux option in
664 firewalld.lockdown-whitelist(5). For permanent operation see
665 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
666 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
668 addLockdownWhitelistUid(i: uid) → Nothing
670 Add user id uid to whitelist. See user option in
671 firewalld.lockdown-whitelist(5). For permanent operation see
672 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
673 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
675 addLockdownWhitelistUser(s: user) → Nothing
677 Add user name to whitelist. See user option in
678 firewalld.lockdown-whitelist(5). For permanent operation see
679 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
680 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
682 disableLockdown() → Nothing
684 Disable lockdown. This is a runtime and permanent change.
685 Possible errors: NOT_ENABLED
687 enableLockdown() → Nothing
689 Enable lockdown. Be careful - if the calling application/user
690 is not on lockdown whitelist when you enable lockdown you won't
691 be able to disable it again with the application, you would
692 need to edit firewalld.conf. This is a runtime and permanent
693 change.
694 Possible errors: ALREADY_ENABLED
696 getLockdownWhitelistCommands() → as
698 List all command lines (s) that are on whitelist. For permanent
699 operation see
700 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
701 getLockdownWhitelistContexts() → as
703 List all contexts (s) that are on whitelist. For permanent
704 operation see
705 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
706 getLockdownWhitelistUids() → ai
708 List all user ids (i) that are on whitelist. For permanent
709 operation see
710 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
711 getLockdownWhitelistUsers() → as
713 List all users (s) that are on whitelist. For permanent
714 operation see
715 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
716 queryLockdown() → b
718 Query whether lockdown is enabled.
719 queryLockdownWhitelistCommand(s: command) → b
721 Query whether command is on whitelist. For permanent operation
722 see
723 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
724 queryLockdownWhitelistContext(s: context) → b
726 Query whether context is on whitelist. For permanent operation
727 see
728 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
729 queryLockdownWhitelistUid(i: uid) → b
731 Query whether user id uid is on whitelist. For permanent
732 operation see
733 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
734 queryLockdownWhitelistUser(s: user) → b
736 Query whether user is on whitelist. For permanent operation see
737 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
738 removeLockdownWhitelistCommand(s: command) → Nothing
740 Remove command from whitelist. For permanent operation see
741 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
742 Possible errors: NOT_ENABLED
744 removeLockdownWhitelistContext(s: context) → Nothing
746 Remove context from whitelist. For permanent operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
748 Possible errors: NOT_ENABLED
750 removeLockdownWhitelistUid(i: uid) → Nothing
752 Remove user id uid from whitelist. For permanent operation see
753 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
754 Possible errors: NOT_ENABLED
756 removeLockdownWhitelistUser(s: user) → Nothing
758 Remove user from whitelist. For permanent operation see
759 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
760 Possible errors: NOT_ENABLED
762 Signals
764 LockdownDisabled()
765 Emitted when lockdown has been disabled.
766 LockdownEnabled()
768 Emitted when lockdown has been enabled.
769 LockdownWhitelistCommandAdded(s: command)
771 Emitted when command has been added to whitelist.
772 LockdownWhitelistCommandRemoved(s: command)
774 Emitted when command has been removed from whitelist.
775 LockdownWhitelistContextAdded(s: context)
777 Emitted when context has been added to whitelist.
778 LockdownWhitelistContextRemoved(s: context)
780 Emitted when context has been removed from whitelist.
781 LockdownWhitelistUidAdded(i: uid)
783 Emitted when user id uid has been added to whitelist.
784 LockdownWhitelistUidRemoved(i: uid)
786 Emitted when user id uid has been removed from whitelist.
787 LockdownWhitelistUserAdded(s: user)
789 Emitted when user has been added to whitelist.
790 LockdownWhitelistUserRemoved(s: user)
792 Emitted when user has been removed from whitelist.
793 org.fedoraproject.FirewallD1.zone
795 Operations in this interface allows to get, add, remove and query
796 runtime zone's settings. For permanent settings see
797 org.fedoraproject.FirewallD1.config.zone interface.
798 Methods
800 getZoneSettings2(s: zone) → a{sv}
801 Return runtime settings of given zone. For getting permanent
802 settings see
803 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2.
804 Settings are a dictionary indexed by keywords. For the type of
805 each value see below. If the value is empty it may be omitted.
806 version (s): see version attribute of zone tag in
808 firewalld.zone(5).
809 name (s): see short tag in firewalld.zone(5).
811 description (s): see description tag in firewalld.zone(5).
813 target (s): see target attribute of zone tag in
815 firewalld.zone(5).
816 services (as): array of service names, see service tag in
818 firewalld.zone(5).
819 ports (a(ss)): array of port and protocol pairs. See port tag
821 in firewalld.zone(5).
822 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
824 firewalld.zone(5).
825 masquerade (b): see masquerade tag in firewalld.zone(5).
827 forward_ports (a(ssss)): array of (port, protocol, to-port,
829 to-addr). See forward-port tag in firewalld.zone(5).
830 interfaces (as): array of interfaces. See interface tag in
832 firewalld.zone(5).
833 sources (as): array of source addresses. See source tag in
835 firewalld.zone(5).
836 rules_str (as): array of rich-language rules. See rule tag in
838 firewalld.zone(5).
839 protocols (as): array of protocols, see protocol tag in
841 firewalld.zone(5).
842 source_ports (a(ss)): array of port and protocol pairs. See
844 source-port tag in firewalld.zone(5).
845 icmp_block_inversion (b): see icmp-block-inversion tag in
847 firewalld.zone(5).
848 forward (b): see forward tag in firewalld.zone(5).
850 Possible errors: INVALID_ZONE
852 setZoneSettings2(s: zone, a{sv}: settings, i: timeout)
854 Set runtime settings of given zone. For setting permanent
855 settings see
856 org.fedoraproject.FirewallD1.config.zone.Methods.update2.
857 Settings are a dictionary indexed by keywords. For the type of
858 each value see below. To zero a value pass an empty string or
859 list.
860 services (as): array of service names, see service tag in
862 firewalld.zone(5).
863 ports (a(ss)): array of port and protocol pairs. See port tag
865 in firewalld.zone(5).
866 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
868 firewalld.zone(5).
869 masquerade (b): see masquerade tag in firewalld.zone(5).
871 forward_ports (a(ssss)): array of (port, protocol, to-port,
873 to-addr). See forward-port tag in firewalld.zone(5).
874 interfaces (as): array of interfaces. See interface tag in
876 firewalld.zone(5).
877 sources (as): array of source addresses. See source tag in
879 firewalld.zone(5).
880 rules_str (as): array of rich-language rules. See rule tag in
882 firewalld.zone(5).
883 protocols (as): array of protocols, see protocol tag in
885 firewalld.zone(5).
886 source_ports (a(ss)): array of port and protocol pairs. See
888 source-port tag in firewalld.zone(5).
889 icmp_block_inversion (b): see icmp-block-inversion tag in
891 firewalld.zone(5).
892 forward (b): see forward tag in firewalld.zone(5).
894 Possible errors: INVALID_ZONE
896 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
898 i: timeout) → s
899 Add the IPv4 forward port into zone. If zone is empty, use
900 default zone. The port can either be a single port number
901 portid or a port range portid-portid. The protocol can either
902 be tcp or udp. The destination address is a simple IP address.
903 If timeout is non-zero, the operation will be active only for
904 the amount of seconds. For permanent settings see
905 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
906 Returns name of zone to which the forward port was added.
908 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
910 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
911 ALREADY_ENABLED, INVALID_COMMAND
912 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
914 Add an ICMP block icmp into zone. The icmp is the one of the
915 icmp types firewalld supports. To get a listing of supported
916 icmp types use
917 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
918 empty, use default zone. If timeout is non-zero, the operation
919 will be active only for the amount of seconds. For permanent
920 settings see
921 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
922 Returns name of zone to which the ICMP block was added.
924 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
926 ALREADY_ENABLED, INVALID_COMMAND
927 addIcmpBlockInversion(s: zone) → s
929 Add ICMP block inversion to zone. If zone is empty, use default
930 zone. For permanent settings see
931 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
932 Returns name of zone to which the ICMP block inversion was
934 added.
935 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
937 addInterface(s: zone, s: interface) → s
939 Bind interface with zone. From now on all traffic going through
940 the interface will respect the zone's settings. If zone is
941 empty, use default zone. For permanent settings see
942 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
943 Returns name of zone to which the interface was bound.
945 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
947 ALREADY_ENABLED, INVALID_COMMAND
948 addMasquerade(s: zone, i: timeout) → s
950 Enable masquerade in zone. If zone is empty, use default zone.
951 If timeout is non-zero, masquerading will be active for the
952 amount of seconds. For permanent settings see
953 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
954 Returns name of zone in which the masquerade was enabled.
956 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
958 addPort(s: zone, s: port, s: protocol, i: timeout) → s
960 Add port into zone. If zone is empty, use default zone. The
961 port can either be a single port number or a port range
962 portid-portid. The protocol can either be tcp or udp. If
963 timeout is non-zero, the operation will be active only for the
964 amount of seconds. For permanent settings see
965 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
966 Returns name of zone to which the port was added.
968 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
970 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
971 addProtocol(s: zone, s: protocol, i: timeout) → s
973 Add protocol into zone. If zone is empty, use default zone. The
974 protocol can be any protocol supported by the system. Please
975 have a look at /etc/protocols for supported protocols. If
976 timeout is non-zero, the operation will be active only for the
977 amount of seconds. For permanent settings see
978 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
979 Returns name of zone to which the protocol was added.
981 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
983 ALREADY_ENABLED, INVALID_COMMAND
984 addRichRule(s: zone, s: rule, i: timeout) → s
986 Add rich language rule into zone. For the rich language rule
987 syntax, please have a look at firewalld.direct(5). If zone is
988 empty, use default zone. If timeout is non-zero, the operation
989 will be active only for the amount of seconds. For permanent
990 settings see
991 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
992 Returns name of zone to which the rich language rule was added.
994 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
996 INVALID_COMMAND
997 addService(s: zone, s: service, i: timeout) → s
999 Add service into zone. If zone is empty, use default zone. If
1000 timeout is non-zero, the operation will be active only for the
1001 amount of seconds. To get a list of supported services, use
1002 org.fedoraproject.FirewallD1.Methods.listServices. For
1003 permanent settings see
1004 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
1005 Returns name of zone to which the service was added.
1007 Possible errors: INVALID_ZONE, INVALID_SERVICE,
1009 ALREADY_ENABLED, INVALID_COMMAND
1010 addSource(s: zone, s: source) → s
1012 Bind source with zone. From now on all traffic going from this
1013 source will respect the zone's settings. A source address or
1014 address range is either an IP address or a network IP address
1015 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
1016 network mask or a plain number. For IPv6 the mask is a plain
1017 number. Use of host names is not supported. If zone is empty,
1018 use default zone. For permanent settings see
1019 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
1020 Returns name of zone to which the source was bound.
1022 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
1024 INVALID_COMMAND
1025 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
1027 Add source port into zone. If zone is empty, use default zone.
1028 The port can either be a single port number or a port range
1029 portid-portid. The protocol can either be tcp or udp. If
1030 timeout is non-zero, the operation will be active only for the
1031 amount of seconds. For permanent settings see
1032 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
1033 Returns name of zone to which the port was added.
1035 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1037 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
1038 changeZone(s: zone, s: interface) → s
1040 This function is deprecated, use
1041 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
1042 instead.
1043 changeZoneOfInterface(s: zone, s: interface) → s
1045 Change a zone an interface is bound to to zone. It's basically
1046 removeInterface(interface) followed by addInterface(zone,
1047 interface). If interface has not been bound to a zone before,
1048 it behaves like addInterface. If zone is empty, use default
1049 zone.
1050 Returns name of zone to which the interface was bound.
1052 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1054 changeZoneOfSource(s: zone, s: source) → s
1056 Change a zone an source is bound to to zone. It's basically
1057 removeSource(source) followed by addSource(zone, source). If
1058 source has not been bound to a zone before, it behaves like
1059 addSource. If zone is empty, use default zone.
1060 Returns name of zone to which the source was bound.
1062 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1064 getActiveZones() → a{sa{sas}}
1066 Return dictionary of currently active zones altogether with
1067 interfaces and sources used in these zones. Active zones are
1068 zones, that have a binding to an interface or source.
1069 Return value is a dictionary where keys are zone names (s) and
1071 values are again dictionaries where keys are either
1072 'interfaces' or 'sources' and values are arrays of interface
1073 names (s) or sources (s).
1074 getForwardPorts(s: zone) → aas
1076 Return array of IPv4 forward ports previously added into zone.
1077 If zone is empty, use default zone. For getting permanent
1078 settings see
1079 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1080 Return value is array of 4-tuples, where each 4-tuple consists
1082 of (port, protocol, to-port, to-addr). to-addr might be empty
1083 in case of local forwarding.
1084 Possible errors: INVALID_ZONE
1086 getIcmpBlocks(s: zone) → as
1088 Return array of ICMP type (s) blocks previously added into
1089 zone. If zone is empty, use default zone. For getting permanent
1090 settings see
1091 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1092 Possible errors: INVALID_ZONE
1094 getIcmpBlockInversion(s: zone) → b
1096 Return whether ICMP block inversion was previously added to
1097 zone. If zone is empty, use default zone. For getting permanent
1098 settings see
1099 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1100 Possible errors: INVALID_ZONE
1102 getInterfaces(s: zone) → as
1104 Return array of interfaces (s) previously bound with zone. If
1105 zone is empty, use default zone. For getting permanent settings
1106 see
1107 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1108 Possible errors: INVALID_ZONE
1110 getPorts(s: zone) → aas
1112 Return array of ports (2-tuple of port and protocol) previously
1113 enabled in zone. If zone is empty, use default zone. For
1114 getting permanent settings see
1115 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1116 Possible errors: INVALID_ZONE
1118 getProtocols(s: zone) → as
1120 Return array of protocols (s) previously enabled in zone. If
1121 zone is empty, use default zone. For getting permanent settings
1122 see
1123 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1124 Possible errors: INVALID_ZONE
1126 getRichRules(s: zone) → as
1128 Return array of rich language rules (s) previously added into
1129 zone. If zone is empty, use default zone. For getting permanent
1130 settings see
1131 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1132 Possible errors: INVALID_ZONE
1134 getServices(s: zone) → as
1136 Return array of services (s) previously enabled in zone. If
1137 zone is empty, use default zone. For getting permanent settings
1138 see
1139 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1140 Possible errors: INVALID_ZONE
1142 getSourcePorts(s: zone) → aas
1144 Return array of source ports (2-tuple of port and protocol)
1145 previously enabled in zone. If zone is empty, use default zone.
1146 For getting permanent settings see
1147 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1148 Possible errors: INVALID_ZONE
1150 getSources(s: zone) → as
1152 Return array of sources (s) previously bound with zone. If zone
1153 is empty, use default zone. For getting permanent settings see
1154 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1155 Possible errors: INVALID_ZONE
1157 getZoneOfInterface(s: interface) → s
1159 Return name (s) of zone the interface is bound to or empty
1160 string.
1161 getZoneOfSource(s: source) → s
1163 Return name (s) of zone the source is bound to or empty string.
1164 getZones() → as
1166 Return array of names (s) of predefined zones known to current
1167 runtime environment. For list of zones known to permanent
1168 environment see
1169 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1170 lists (of zones known to runtime and permanent environment)
1171 will contain same zones in most cases, but might differ for
1172 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1173 has been called recently, but firewalld has not been reloaded
1174 since then.
1175 isImmutable(s: zone) → b
1177 Deprecated.
1178 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1180 toaddr) → b
1181 Return whether the IPv4 forward port (port, protocol, toport,
1182 toaddr) has been added into zone. If zone is empty, use default
1183 zone. For permanent operation see
1184 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1185 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1187 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1188 queryIcmpBlock(s: zone, s: icmp) → b
1190 Return whether an ICMP block for icmp has been added into zone.
1191 If zone is empty, use default zone. For permanent operation see
1192 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1193 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1195 queryIcmpBlockInversion(s: zone) → b
1197 Return whether ICMP block inversion has been added to zone. If
1198 zone is empty, use default zone. For permanent operation see
1199 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1200 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1202 queryInterface(s: zone, s: interface) → b
1204 Query whether interface has been bound to zone. If zone is
1205 empty, use default zone. For permanent operation see
1206 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1207 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1209 queryMasquerade(s: zone) → b
1211 Return whether masquerading has been enabled in zone If zone is
1212 empty, use default zone. For permanent operation see
1213 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1214 Possible errors: INVALID_ZONE
1216 queryPort(s: zone, s: port, s: protocol) → b
1218 Return whether port/protocol has been added in zone. If zone is
1219 empty, use default zone. For permanent operation see
1220 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1221 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1223 INVALID_PROTOCOL
1224 queryProtocol(s: zone, s: protocol) → b
1226 Return whether protocol has been added in zone. If zone is
1227 empty, use default zone. For permanent operation see
1228 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1229 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1231 queryRichRule(s: zone, s: rule) → b
1233 Return whether rich rule rule has been added in zone. If zone
1234 is empty, use default zone. For permanent operation see
1235 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1236 Possible errors: INVALID_ZONE, INVALID_RULE
1238 queryService(s: zone, s: service) → b
1240 Return whether service has been added for zone. If zone is
1241 empty, use default zone. For permanent operation see
1242 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1243 Possible errors: INVALID_ZONE, INVALID_SERVICE
1245 querySource(s: zone, s: source) → b
1247 Query whether sourcehas been bound to zone. If zone is empty,
1248 use default zone. For permanent operation see
1249 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1250 Possible errors: INVALID_ZONE, INVALID_ADDR
1252 querySourcePort(s: zone, s: port, s: protocol) → b
1254 Return whether port/protocol has been added in zone. If zone is
1255 empty, use default zone. For permanent operation see
1256 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1257 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1259 INVALID_PROTOCOL
1260 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1262 toaddr) → s
1263 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1264 from zone. If zone is empty, use default zone. For permanent
1265 operation see
1266 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1267 Returns name of zone from which the forward port was removed.
1269 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1271 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1272 INVALID_COMMAND
1273 removeIcmpBlock(s: zone, s: icmp) → s
1275 Remove ICMP block icmp from zone. If zone is empty, use default
1276 zone. For permanent operation see
1277 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1278 Returns name of zone from which the ICMP block was removed.
1280 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1282 INVALID_COMMAND
1283 removeIcmpBlockInversion(s: zone) → s
1285 Remove ICMP block inversion from zone. If zone is empty, use
1286 default zone. For permanent operation see
1287 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1288 Returns name of zone from which the ICMP block inversion was
1290 removed.
1291 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1293 removeInterface(s: zone, s: interface) → s
1295 Remove binding of interface from zone. If zone is empty, the
1296 interface will be removed from zone it belongs to. For
1297 permanent operation see
1298 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1299 Returns name of zone from which the interface was removed.
1301 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1303 INVALID_COMMAND
1304 removeMasquerade(s: zone) → s
1306 Disable masquerade for zone. If zone is empty, use default
1307 zone. For permanent operation see
1308 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1309 Returns name of zone for which the masquerade was disabled.
1311 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1313 removePort(s: zone, s: port, s: protocol) → s
1315 Remove port/protocol from zone. If zone is empty, use default
1316 zone. For permanent operation see
1317 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1318 Returns name of zone from which the port was removed.
1320 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1322 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1323 removeProtocol(s: zone, s: protocol) → s
1325 Remove protocol from zone. If zone is empty, use default zone.
1326 For permanent operation see
1327 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1328 Returns name of zone from which the protocol was removed.
1330 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1332 INVALID_COMMAND
1333 removeRichRule(s: zone, s: rule) → s
1335 Remove rich language rule from zone. If zone is empty, use
1336 default zone. For permanent operation see
1337 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1338 Returns name of zone from which the rich language rule was
1340 removed.
1341 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1343 INVALID_COMMAND
1344 removeService(s: zone, s: service) → s
1346 Remove service from zone. If zone is empty, use default zone.
1347 For permanent operation see
1348 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1349 Returns name of zone from which the service was removed.
1351 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1353 INVALID_COMMAND
1354 removeSource(s: zone, s: source) → s
1356 Remove binding of source from zone. If zone is empty, the
1357 source will be removed from zone it belongs to. For permanent
1358 operation see
1359 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1360 Returns name of zone from which the source was removed.
1362 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1364 INVALID_COMMAND
1365 removeSourcePort(s: zone, s: port, s: protocol) → s
1367 Remove port/protocol from zone. If zone is empty, use default
1368 zone. For permanent operation see
1369 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1370 Returns name of zone from which the source port was removed.
1372 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1374 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1375 Signals
1377 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1378 toaddr, i: timeout)
1379 Emitted when forward port has been added to zone with timeout.
1380 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1382 toaddr)
1383 Emitted when forward port has been removed from zone.
1384 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1386 Emitted when ICMP block for icmp has been added to zone with
1387 timeout.
1388 IcmpBlockInversionAdded(s: zone)
1390 Emitted when ICMP block inversion has been added to zone.
1391 IcmpBlockInversionRemoved(s: zone)
1393 Emitted when ICMP block inversion has been removed from zone.
1394 IcmpBlockRemoved(s: zone, s: icmp)
1396 Emitted when ICMP block for icmp has been removed from zone.
1397 InterfaceAdded(s: zone, s: interface)
1399 Emitted when interface has been added to zone.
1400 InterfaceRemoved(s: zone, s: interface)
1402 Emitted when interface has been removed from zone.
1403 MasqueradeAdded(s: zone, i: timeout)
1405 Emitted when masquerade has been enabled for zone.
1406 MasqueradeRemoved(s: zone)
1408 Emitted when masquerade has been disabled for zone.
1409 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1411 Emitted when port/protocol has been added to zone with timeout.
1412 PortRemoved(s: zone, s: port, s: protocol)
1414 Emitted when port/protocol has been removed from zone.
1415 ProtocolAdded(s: zone, s: protocol, i: timeout)
1417 Emitted when protocol has been added to zone with timeout.
1418 ProtocolRemoved(s: zone, s: protocol)
1420 Emitted when protocol has been removed from zone.
1421 RichRuleAdded(s: zone, s: rule, i: timeout)
1423 Emitted when rich language rule has been added to zone with
1424 timeout.
1425 RichRuleRemoved(s: zone, s: rule)
1427 Emitted when rich language rule has been removed from zone.
1428 ServiceAdded(s: zone, s: service, i: timeout)
1430 Emitted when service has been added to zone with timeout.
1431 ServiceRemoved(s: zone, s: service)
1433 Emitted when service has been removed from zone.
1434 SourceAdded(s: zone, s: source)
1436 Emitted when source has been added to zone.
1437 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1439 Emitted when source-port/protocol has been added to zone with
1440 timeout.
1441 SourcePortRemoved(s: zone, s: port, s: protocol)
1443 Emitted when source-port/protocol has been removed from zone.
1444 SourceRemoved(s: zone, s: source)
1446 Emitted when source has been removed from zone.
1447 ZoneChanged(s: zone, s: interface)
1449 Deprecated
1450 ZoneOfInterfaceChanged(s: zone, s: interface)
1452 Emitted when a zone an interface is part of has been changed to
1453 zone.
1454 ZoneOfSourceChanged(s: zone, s: source)
1456 Emitted when a zone an source is part of has been changed to
1457 zone.
1458 ZoneUpdated2(s: zone, a{sv}: settings)
1460 Emitted when a zone's settings are updated via
1461 org.fedoraproject.FirewallD1.zone.Methods.setZoneSettings2
1462 org.fedoraproject.FirewallD1.policy
1464 Operations in this interface allows to get, add, remove and query
1465 runtime policy settings. For permanent settings see
1466 org.fedoraproject.FirewallD1.config.policy interface.
1467 Methods
1469 getActivePolicies() → a{sa{sas}}
1470 Return dictionary of currently active policies altogether with
1471 ingress zones and egress zones used in these policies. Active
1472 policies are policies, that have a binding to an active ingress
1473 zone and an active egress zone.
1474 Return value is a dictionary where keys are policy names (s)
1476 and values are again dictionaries where keys are either
1477 'ingress_zones' or 'egress_zones' and values are arrays of zone
1478 names (s).
1479 getPolicies() → as
1481 Return array of names (s) of predefined policies known to
1482 current runtime environment. For list of policies known to
1483 permanent environment see
1484 org.fedoraproject.FirewallD1.config.Methods.listPolicies. The
1485 lists (of policies known to runtime and permanent environment)
1486 will contain same policies in most cases, but might differ for
1487 example if
1488 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1489 called recently, but firewalld has not been reloaded since
1490 then.
1491 getPolicySettings(s: policy) → a{sv}
1493 Return runtime settings of given policy. For getting permanent
1494 settings see
1495 org.fedoraproject.FirewallD1.config.policy.Methods.getSettings.
1496 Settings are a dictionary indexed by keywords. For possible
1497 keywords see
1498 org.fedoraproject.FirewallD1.config.Methods.addPolicy. If the
1499 value is empty it may be omitted.
1500 Possible errors: INVALID_POLICY
1502 setPolicySettings(s: policy, a{sv}: settings, i: timeout)
1504 Set runtime settings of given policy. For setting permanent
1505 settings see
1506 org.fedoraproject.FirewallD1.config.policy.Methods.update.
1507 Settings are a dictionary indexed by keywords. For possible
1508 keywords see
1509 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
1510 a value pass an empty string or list. Some keywords are not
1511 available to modify in the runtime: description, name,
1512 priority, target, version.
1513 Possible errors: INVALID_POLICY
1515 Signals
1517 ForwardPortAdded(s: policy, a{sv}: settings)
1518 Emitted when a policy's settings are updated via
1519 org.fedoraproject.FirewallD1.policy.Methods.setPolicySettings
1520 org.fedoraproject.FirewallD1.config
1522 Allows to permanently add, remove and query zones, services and icmp
1523 types.
1524 Methods
1526 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1527 Add ipset with given settings into permanent configuration.
1528 Settings are in format: version, name, description, type,
1529 dictionary of options and array of entries.
1530 version (s): see version attribute of ipset tag in
1532 firewalld.ipset(5).
1533 name (s): see short tag in firewalld.ipset(5).
1535 description (s): see description tag in firewalld.ipset(5).
1537 type (s): see type attribute of ipset tag in
1539 firewalld.ipset(5).
1540 options (a{ss}): dictionary of {option : value} . See options
1542 tag in firewalld.ipset(5).
1543 entries (as): array of entries, see entry tag in
1545 firewalld.ipset(5).
1546 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1548 addIcmpType(s: icmptype, (sssas): settings) → o
1550 Add icmptype with given settings into permanent configuration.
1551 Settings are in format: version, name, description, array of
1552 destinations. Returns object path of the new icmp type.
1553 version (s): see version attribute of icmptype tag in
1555 firewalld.icmptype(5).
1556 name (s): see short tag in firewalld.icmptype(5).
1558 description (s): see description tag in firewalld.icmptype(5).
1560 destinations (as): array, either empty or containing strings
1562 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1563 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1565 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1567 This function is deprecated, use
1568 org.fedoraproject.FirewallD1.config.Methods.addService2
1569 instead.
1570 addService2s: service, a{sv}: settings) → o
1572 Add service with given settings into permanent configuration.
1573 Settings are a dictionary indexed by keywords. For the type of
1574 each value see below. To zero a value pass an empty string or
1575 list.
1576 version (s): see version attribute of service tag in
1578 firewalld.service(5).
1579 name (s): see short tag in firewalld.service(5).
1581 description (s): see description tag in firewalld.service(5).
1583 ports (a(ss)): array of port and protocol pairs. See port tag
1585 in firewalld.service(5).
1586 module names (as): array of kernel netfilter helpers, see
1588 module tag in firewalld.service(5).
1589 destinations (a{ss}): dictionary of {IP family : IP address}
1591 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1592 destination tag in firewalld.service(5).
1593 protocols (as): array of protocols, see protocol tag in
1595 firewalld.service(5).
1596 source_ports (a(ss)): array of port and protocol pairs. See
1598 source-port tag in firewalld.service(5).
1599 includes (as): array of service includes, see include tag in
1601 firewalld.service(5).
1602 helpers (as): array of service helpers, see helper tag in
1604 firewalld.service(5).
1605 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1607 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings)
1609 → o
1610 This function is deprecated, use
1611 org.fedoraproject.FirewallD1.config.Methods.addZone2 instead.
1612 addZone2(s: zone, a{sv}: settings) → o
1614 Add zone with given settings into permanent configuration.
1615 Settings are a dictionary indexed by keywords. For the type of
1616 each value see below. To zero a value pass an empty string or
1617 list.
1618 version (s): see version attribute of zone tag in
1620 firewalld.zone(5).
1621 name (s): see short tag in firewalld.zone(5).
1623 description (s): see description tag in firewalld.zone(5).
1625 target (s): see target attribute of zone tag in
1627 firewalld.zone(5).
1628 services (as): array of service names, see service tag in
1630 firewalld.zone(5).
1631 ports (a(ss)): array of port and protocol pairs. See port tag
1633 in firewalld.zone(5).
1634 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1636 firewalld.zone(5).
1637 masquerade (b): see masquerade tag in firewalld.zone(5).
1639 forward_ports (a(ssss)): array of (port, protocol, to-port,
1641 to-addr). See forward-port tag in firewalld.zone(5).
1642 interfaces (as): array of interfaces. See interface tag in
1644 firewalld.zone(5).
1645 sources (as): array of source addresses. See source tag in
1647 firewalld.zone(5).
1648 rules_str (as): array of rich-language rules. See rule tag in
1650 firewalld.zone(5).
1651 protocols (as): array of protocols, see protocol tag in
1653 firewalld.zone(5).
1654 source_ports (a(ss)): array of port and protocol pairs. See
1656 source-port tag in firewalld.zone(5).
1657 icmp_block_inversion (b): see icmp-block-inversion tag in
1659 firewalld.zone(5).
1660 forward (b): see forward tag in firewalld.zone(5).
1662 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1664 addPolicy(s: policy, a{sv}: settings) → o
1666 Add policy with given settings into permanent configuration.
1667 Settings are a dictionary indexed by keywords. For the type of
1668 each value see below. If a keyword is omitted the default value
1669 will be used.
1670 description (s): see description tag in firewalld.policy(5).
1672 egress_zones as: array of zone names. See egress-zone tag in
1674 firewalld.policy(5).
1675 forward_ports (a(ssss)): array of (port, protocol, to-port,
1677 to-addr). See forward-port tag in firewalld.policy(5).
1678 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1680 firewalld.policy(5).
1681 ingress_zones as: array of zone names. See ingress-zone tag in
1683 firewalld.policy(5).
1684 masquerade (b): see masquerade tag in firewalld.policy(5).
1686 ports (a(ss)): array of port and protocol pairs. See port tag
1688 in firewalld.policy(5).
1689 priority (i): see priority tag in firewalld.policy(5).
1691 protocols (as): array of protocols, see protocol tag in
1693 firewalld.policy(5).
1694 rich_rules (as): array of rich-language rules. See rule tag in
1696 firewalld.policy(5).
1697 services (as): array of service names, see service tag in
1699 firewalld.policy(5).
1700 short (s): see short tag in firewalld.policy(5).
1702 source_ports (a(ss)): array of port and protocol pairs. See
1704 source-port tag in firewalld.policy(5).
1705 target (s): see target attribute of policy tag in
1707 firewalld.policy(5).
1708 version (s): see version attribute of policy tag in
1710 firewalld.policy(5).
1711 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1713 getHelperByName(s: helper) → o
1715 Return object path (permanent configuration) of helper with
1716 given name.
1717 Possible errors: INVALID_HELPER
1719 getHelperNames() → as
1721 Return list of helper names (permanent configuration).
1722 getIPSetByName(s: ipset) → o
1724 Return object path (permanent configuration) of ipset with
1725 given name.
1726 Possible errors: INVALID_IPSET
1728 getIPSetNames() → as
1730 Return list of ipset names (permanent configuration).
1731 getIcmpTypeByName(s: icmptype) → o
1733 Return object path (permanent configuration) of icmptype with
1734 given name.
1735 Possible errors: INVALID_ICMPTYPE
1737 getIcmpTypeNames() → as
1739 Return list of icmptype names (permanent configuration).
1740 getServiceByName(s: service) → o
1742 Return object path (permanent configuration) of service with
1743 given name.
1744 Possible errors: INVALID_SERVICE
1746 getServiceNames() → as
1748 Return list of service names (permanent configuration).
1749 getZoneByName(s: zone) → o
1751 Return object path (permanent configuration) of zone with given
1752 name.
1753 Possible errors: INVALID_ZONE
1755 getZoneNames() → as
1757 Return list of zone names (permanent configuration) of.
1758 getZoneOfInterface(s: iface) → s
1760 Return name of zone the iface is bound to or empty string.
1761 getZoneOfSource(s: source) → s
1763 Return name of zone the source is bound to or empty string.
1764 getPolicyByName(s: policy) → o
1766 Return object path (permanent configuration) of policy with
1767 given name.
1768 Possible errors: INVALID_POLICY
1770 getPolicyNames() → as
1772 Return list of policy names (permanent configuration).
1773 listHelpers() → ao
1775 Return array of object paths (o) of helper in permanent
1776 configuration. For runtime configuration see
1777 org.fedoraproject.FirewallD1.Methods.getHelpers.
1778 listIPSets() → ao
1780 Return array of object paths (o) of ipset in permanent
1781 configuration. For runtime configuration see
1782 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1783 listIcmpTypes() → ao
1785 Return array of object paths (o) of icmp types in permanent
1786 configuration. For runtime configuration see
1787 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1788 listServices() → ao
1790 Return array of objects paths (o) of services in permanent
1791 configuration. For runtime configuration see
1792 org.fedoraproject.FirewallD1.Methods.listServices.
1793 listZones() → ao
1795 List object paths of zones known to permanent environment. For
1796 list of zones known to runtime environment see
1797 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1798 (of zones known to runtime and permanent environment) will
1799 contain same zones in most cases, but might differ for example
1800 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1801 called recently, but firewalld has not been reloaded since
1802 then.
1803 listPolicies() → ao
1805 List object paths of policies known to permanent environment.
1806 For list of policies known to runtime environment see
1807 org.fedoraproject.FirewallD1.policy.Methods.getPolicies. The
1808 lists (of policies known to runtime and permanent environment)
1809 will contain same policies in most cases, but might differ for
1810 example if
1811 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1812 called recently, but firewalld has not been reloaded since
1813 then.
1814 Signals
1816 HelperAdded(s: helper)
1817 Emitted when helper has been added.
1818 IPSetAdded(s: ipset)
1820 Emitted when ipset has been added.
1821 IcmpTypeAdded(s: icmptype)
1823 Emitted when icmptype has been added.
1824 ServiceAdded(s: service)
1826 Emitted when service has been added.
1827 ZoneAdded(s: zone)
1829 Emitted when zone has been added.
1830 Properties
1832 AllowZoneDrifting - s - (rw)
1833 Older versions of firewalld had undocumented behavior known as
1834 "zone drifting". This allowed packets to ingress multiple zones
1835 - this is a violation of zone based firewalls. However, some
1836 users rely on this behavior to have a "catch-all" zone, e.g.
1837 the default zone. You can enable this if you desire such
1838 behavior. It's disabled by default for security reasons. Note:
1839 If "yes" packets will only drift from source based zones to
1840 interface based zones (including the default zone). Packets
1841 never drift from interface based zones to other interfaces
1842 based zones (including the default zone). Valid values; "yes",
1843 "no". Defaults to "no".
1844 AutomaticHelpers - s - (rw)
1846 Deprecated. Getting this value always returns "no". Setting
1847 this value is ignored.
1848 CleanupOnExit - s - (rw)
1850 If firewalld stops, it cleans up all firewall rules. Setting
1851 this option to no or false leaves the current firewall rules
1852 untouched.
1853 DefaultZone - s - (ro)
1855 Default zone for connections or interfaces if the zone is not
1856 selected or specified by NetworkManager, initscripts or command
1857 line tool.
1858 FirewallBackend - s - (rw)
1860 Selects the firewalld backend for all rules except the direct
1861 interface. Valid options are; nftables, iptables. Default in
1862 nftables.
1863 FirewallBackend - s - (rw)
1865 Flush all runtime rules on a reload. Valid options are; yes,
1866 no.
1867 IPv6_rpfilter - s - (rw)
1869 Indicates whether the reverse path filter test on a packet for
1870 IPv6 is enabled. If a reply to the packet would be sent via the
1871 same interface that the packet arrived on, the packet will
1872 match and be accepted, otherwise dropped.
1873 IndividualCalls - s - (ro)
1875 Indicates whether individual calls combined -restore calls are
1876 used. If enabled, this increases the time that is needed to
1877 apply changes and to start the daemon, but is good for
1878 debugging.
1879 Lockdown - s - (rw)
1881 If this property is enabled, firewall changes with the D-Bus
1882 interface will be limited to applications that are listed in
1883 the lockdown whitelist.
1884 LogDenied - s - (rw)
1886 If LogDenied is enabled, then logging rules are added right
1887 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1888 chains for the default rules and also final reject and drop
1889 rules in zones. Possible values are: all, unicast, broadcast,
1890 multicast and off.
1891 MinimalMark - i - (rw)
1893 Deprecated. This option is ignored and no longer used. Marks
1894 are no longer used internally.
1895 FirewallBackend - s - (rw)
1897 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1898 addresses that correspond to IPv4 addresses that should not be
1899 routed over the public internet. Valid options are; yes, no.
1900 org.fedoraproject.FirewallD1.config.direct
1902 Interface for permanent direct configuration, see also
1903 firewalld.direct(5). For runtime direct configuration see
1904 org.fedoraproject.FirewallD1.direct interface.
1905 Methods
1907 addChain(s: ipv, s: table, s: chain) → Nothing
1908 Add a new chain to table for ipv being either ipv4 (iptables)
1909 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1910 other chain with this name already. There already exist basic
1911 chains to use with direct methods, for example INPUT_direct
1912 chain. These chains are jumped into before chains for zones,
1913 i.e. every rule put into INPUT_direct will be checked before
1914 rules in zones. For runtime operation see
1915 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1916 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1918 addPassthrough(s: ipv, as: args) → Nothing
1920 Add a passthrough rule with the arguments args for ipv being
1921 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1922 For runtime operation see
1923 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1924 Possible errors: INVALID_IPV, ALREADY_ENABLED
1926 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1928 Nothing
1929 Add a rule with the arguments args to chain in table with
1930 priority for ipv being either ipv4 (iptables) or ipv6
1931 (ip6tables) or eb (ebtables). The priority is used to order
1932 rules. Priority 0 means add rule on top of the chain, with a
1933 higher priority the rule will be added further down. Rules with
1934 the same priority are on the same level and the order of these
1935 rules is not fixed and may change. If you want to make sure
1936 that a rule will be added after another one, use a low priority
1937 for the first and a higher for the following. For runtime
1938 operation see
1939 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1940 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1942 getAllChains() → a(sss)
1944 Get all chains added to all tables in format: ipv, table,
1945 chain. This concerns only chains previously added with
1946 addChain. Return value is a array of (ipv, table, chain). For
1947 runtime operation see
1948 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1949 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1951 (ebtables).
1952 table (s): one of filter, mangle, nat, raw, security
1954 chain (s): name of a chain.
1956 getAllPassthroughs() → a(sas)
1959 Get all passthrough rules added in all ipv types in format:
1960 ipv, rule. This concerns only rules previously added with
1961 addPassthrough. Return value is a array of (ipv, array of
1962 arguments). For runtime operation see
1963 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1964 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1966 (ebtables).
1967 arguments (as): array of commands, parameters and other
1969 iptables/ip6tables/ebtables command line options.
1970 getAllRules() → a(sssias)
1973 Get all rules added to all chains in all tables in format: ipv,
1974 table, chain, priority, rule. This concerns only rules
1975 previously added with addRule. Return value is a array of (ipv,
1976 table, chain, priority, array of arguments). For runtime
1977 operation see
1978 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1979 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1981 (ebtables).
1982 table (s): one of filter, mangle, nat, raw, security
1984 chain (s): name of a chain.
1986 priority (i): used to order rules.
1988 arguments (as): array of commands, parameters and other
1990 iptables/ip6tables/ebtables command line options.
1991 getChains(s: ipv, s: table) → as
1994 Return an array of chains (s) added to table for ipv being
1995 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1996 This concerns only chains previously added with addChain. For
1997 runtime operation see
1998 org.fedoraproject.FirewallD1.direct.Methods.getChains.
1999 Possible errors: INVALID_IPV, INVALID_TABLE
2001 getPassthroughs(s: ipv) → aas
2003 Get tracked passthrough rules added in either ipv4 (iptables)
2004 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2005 previously added with addPassthrough. Return value is a array
2006 of (array of arguments). For runtime operation see
2007 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
2008 arguments (as): array of commands, parameters and other
2010 iptables/ip6tables/ebtables command line options.
2011 getRules(s: ipv, s: table, s: chain) → a(ias)
2014 Get all rules added to chain in table for ipv being either ipv4
2015 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2016 only rules previously added with addRule. Return value is a
2017 array of (priority, array of arguments). For runtime operation
2018 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
2019 priority (i): used to order rules.
2021 arguments (as): array of commands, parameters and other
2023 iptables/ip6tables/ebtables command line options.
2024 Possible errors: INVALID_IPV, INVALID_TABLE
2026 getSettings() → (a(sss)a(sssias)a(sas))
2028 Get settings of permanent direct configuration in format: array
2029 of chains, array of rules, array of passthroughs.
2030 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2032 firewalld.direct(5).
2033 .
2034 .PP rules (a(sssias)): array of (ipv, table,
2035 chain, priority, array of arguments), see 'rule' in
2036 firewalld.direct(5).
2037 .
2038 .PP passthroughs (a(sas)): array of (ipv,
2039 array of arguments), see passthrough in firewalld.direct(5).
2040 .
2041 .sp
2042 queryChain(s: ipv, s: table, s: chain) → b
2044 Return whether a chain exists in table for ipv being either
2045 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
2046 concerns only chains previously added with addChain. For
2047 runtime operation see
2048 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
2049 Possible errors: INVALID_IPV, INVALID_TABLE
2051 queryPassthrough(s: ipv, as: args) → b
2053 Return whether a tracked passthrough rule with the arguments
2054 args exists for ipv being either ipv4 (iptables) or ipv6
2055 (ip6tables) or eb (ebtables). This concerns only rules
2056 previously added with addPassthrough. For runtime operation see
2057 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
2058 Possible errors: INVALID_IPV
2060 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
2062 Return whether a rule with priority and the arguments args
2063 exists in chain in table for ipv being either ipv4 (iptables)
2064 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2065 previously added with addRule. For runtime operation see
2066 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
2067 Possible errors: INVALID_IPV, INVALID_TABLE
2069 removeChain(s: ipv, s: table, s: chain) → Nothing
2071 Remove a chain from table for ipv being either ipv4 (iptables)
2072 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
2073 added with addChain can be removed this way. For runtime
2074 operation see
2075 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
2076 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2078 removePassthrough(s: ipv, as: args) → Nothing
2080 Remove a passthrough rule with arguments args for ipv being
2081 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2082 Only rules previously added with addPassthrough can be removed
2083 this way. For runtime operation see
2084 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
2085 Possible errors: INVALID_IPV, NOT_ENABLED
2087 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
2089 Nothing
2090 Remove a rule with priority and arguments args from chain in
2091 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
2092 or eb (ebtables). Only rules previously added with addRule can
2093 be removed this way. For runtime operation see
2094 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
2095 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2097 removeRules(s: ipv, s: table, s: chain) → Nothing
2099 Remove all rules from chain in table for ipv being either ipv4
2100 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2101 only rules previously added with addRule. For runtime operation
2102 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
2103 Possible errors: INVALID_IPV, INVALID_TABLE
2105 update((a(sss)a(sssias)a(sas)): settings) → Nothing
2107 Update permanent direct configuration with given settings.
2108 Settings are in format: array of chains, array of rules, array
2109 of passthroughs.
2110 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2112 firewalld.direct(5).
2113 .
2114 .PP rules (a(sssias)): array of (ipv, table,
2115 chain, priority, array of arguments), see 'rule' in
2116 firewalld.direct(5).
2117 .
2118 .PP passthroughs (a(sas)): array of (ipv,
2119 array of arguments), see passthrough in firewalld.direct(5).
2120 .
2121 .sp Possible errors: INVALID_TYPE
2122 Signals
2124 Updated()
2125 Emitted when configuration has been updated.
2126 org.fedoraproject.FirewallD1.config.policies
2128 Interface for permanent lockdown-whitelist configuration, see also
2129 firewalld.lockdown-whitelist(5). For runtime configuration see
2130 org.fedoraproject.FirewallD1.policies interface.
2131 Methods
2133 addLockdownWhitelistCommand(s: command) → Nothing
2134 Add command to whitelist. See command option in
2135 firewalld.lockdown-whitelist(5). For runtime operation see
2136 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
2137 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2139 addLockdownWhitelistContext(s: context) → Nothing
2141 Add context to whitelist. See selinux option in
2142 firewalld.lockdown-whitelist(5). For runtime operation see
2143 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
2144 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2146 addLockdownWhitelistUid(i: uid) → Nothing
2148 Add user id uid to whitelist. See user option in
2149 firewalld.lockdown-whitelist(5). For runtime operation see
2150 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
2151 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2153 addLockdownWhitelistUser(s: user) → Nothing
2155 Add user name to whitelist. See user option in
2156 firewalld.lockdown-whitelist(5). For runtime operation see
2157 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
2158 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2160 getLockdownWhitelist() → (asasasai)
2162 Get settings of permanent lockdown-whitelist configuration in
2163 format: commands, selinux contexts, users, uids
2164 commands (as): see command option in firewalld.lockdown-
2166 whitelist(5).
2167 selinux contexts (as): see selinux option in
2169 firewalld.lockdown-whitelist(5).
2170 users (as): see name attribute of user option in
2172 firewalld.lockdown-whitelist(5).
2173 uids (ai): see id attribute of user option in
2175 firewalld.lockdown-whitelist(5).
2176 getLockdownWhitelistCommands() → as
2179 List all command lines (s) that are on whitelist. For runtime
2180 operation see
2181 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
2182 getLockdownWhitelistContexts() → as
2184 List all contexts (s) that are on whitelist. For runtime
2185 operation see
2186 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2187 getLockdownWhitelistUids() → ai
2189 List all user ids (i) that are on whitelist. For runtime
2190 operation see
2191 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2192 getLockdownWhitelistUsers() → as
2194 List all users (s) that are on whitelist. For runtime operation
2195 see
2196 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2197 queryLockdownWhitelistCommand(s: command) → b
2199 Query whether command is on whitelist. For runtime operation
2200 see
2201 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2202 queryLockdownWhitelistContext(s: context) → b
2204 Query whether context is on whitelist. For runtime operation
2205 see
2206 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2207 queryLockdownWhitelistUid(i: uid) → b
2209 Query whether user id uid is on whitelist. For runtime
2210 operation see
2211 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2212 queryLockdownWhitelistUser(s: user) → b
2214 Query whether user is on whitelist. For runtime operation see
2215 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2216 removeLockdownWhitelistCommand(s: command) → Nothing
2218 Remove command from whitelist. For runtime operation see
2219 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2220 Possible errors: NOT_ENABLED
2222 removeLockdownWhitelistContext(s: context) → Nothing
2224 Remove context from whitelist. For runtime operation see
2225 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2226 Possible errors: NOT_ENABLED
2228 removeLockdownWhitelistUid(i: uid) → Nothing
2230 Remove user id uid from whitelist. For runtime operation see
2231 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2232 Possible errors: NOT_ENABLED
2234 removeLockdownWhitelistUser(s: user) → Nothing
2236 Remove user from whitelist. For runtime operation see
2237 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2238 Possible errors: NOT_ENABLED
2240 setLockdownWhitelist((asasasai): settings) → Nothing
2242 Set permanent lockdown-whitelist configuration to settings.
2243 Settings are in format: commands, selinux contexts, users, uids
2244 commands (as): see command option in firewalld.lockdown-
2246 whitelist(5).
2247 selinux contexts (as): see selinux option in
2249 firewalld.lockdown-whitelist(5).
2250 users (as): see name attribute of user option in
2252 firewalld.lockdown-whitelist(5).
2253 uids (ai): see id attribute of user option in
2255 firewalld.lockdown-whitelist(5).
2256 Possible errors: INVALID_TYPE
2258 Signals
2260 LockdownWhitelistUpdated()
2261 Emitted when permanent lockdown-whitelist configuration has
2262 been updated.
2263 org.fedoraproject.FirewallD1.config.ipset
2265 Interface for permanent ipset configuration, see also
2266 firewalld.ipset(5).
2267 Methods
2269 addEntry(s: entry) → Nothing
2270 Permanently add entry to list of entries of ipset. See entry
2271 tag in firewalld.ipset(5). For runtime operation see
2272 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2273 Possible errors: ALREADY_ENABLED
2275 addOption(s: key, s: value) → Nothing
2277 Permanently add (key, value) to the ipset. See option tag in
2278 firewalld.ipset(5).
2279 Possible errors: ALREADY_ENABLED
2281 getDescription() → s
2283 Get description of ipset. See description tag in
2284 firewalld.ipset(5).
2285 getEntries() → as
2287 Get list of entries added to ipset. See entry tag in
2288 firewalld.ipset(5). For runtime operation see
2289 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2290 Possible errors: IPSET_WITH_TIMEOUT
2292 getOptions() → a{ss}
2294 Get dictionary of options set for ipset. See option tag in
2295 firewalld.ipset(5).
2296 getSettings() → (ssssa{ss}as)
2298 Return permament settings of the ipset. For getting runtime
2299 settings see
2300 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2301 Settings are in format: version, name, description, type,
2302 dictionary of options and array of entries.
2303 version (s): see version attribute of ipset tag in
2305 firewalld.ipset(5).
2306 name (s): see short tag in firewalld.ipset(5).
2308 description (s): see description tag in firewalld.ipset(5).
2310 type (s): see type attribute of ipset tag in
2312 firewalld.ipset(5).
2313 options (a{ss}): dictionary of {option : value} . See options
2315 tag in firewalld.ipset(5).
2316 entries (as): array of entries, see entry tag in
2318 firewalld.ipset(5).
2319 getShort() → s
2322 Get name of ipset. See short tag in firewalld.ipset(5).
2323 getType() → s
2325 Get type of ipset. See type attribute of ipset tag in
2326 firewalld.ipset(5).
2327 getVersion() → s
2329 Get version of ipset. See version attribute of ipset tag in
2330 firewalld.ipset(5).
2331 loadDefaults() → Nothing
2333 Load default settings for built-in ipset.
2334 Possible errors: NO_DEFAULTS
2336 queryEntry(s: entry) → b
2338 Return whether entry has been added to ipset. For runtime
2339 operation see
2340 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2341 queryOption(s: key, s: value) → b
2343 Return whether (key, value) has been added to options of the
2344 ipset.
2345 remove() → Nothing
2347 Remove not built-in ipset.
2348 Possible errors: BUILTIN_IPSET
2350 removeEntry(s: entry) → Nothing
2352 Permanently remove entry from ipset. See entry tag in
2353 firewalld.ipset(5). For runtime operation see
2354 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2355 Possible errors: NOT_ENABLED
2357 removeOption(s: key) → Nothing
2359 Permanently remove key from the ipset. See option tag in
2360 firewalld.ipset(5).
2361 Possible errors: NOT_ENABLED
2363 rename(s: name) → Nothing
2365 Rename not built-in ipset to name.
2366 Possible errors: BUILTIN_IPSET
2368 setDescription(s: description) → Nothing
2370 Permanently set description of ipset to description. See
2371 description tag in firewalld.ipset(5).
2372 setEntries(as: entries) → Nothing
2374 Permanently set list of entries to entries. See entry tag in
2375 firewalld.ipset(5).
2376 setOptions(a{ss}: options) → Nothing
2378 Permanently set dict of options to options. See option tag in
2379 firewalld.ipset(5).
2380 setShort(s: short) → Nothing
2382 Permanently set name of ipset to short. See short tag in
2383 firewalld.ipset(5).
2384 setType(s: ipset_type) → Nothing
2386 Permanently set type of ipset to ipset_type. See type attribute
2387 of ipset tag in firewalld.ipset(5).
2388 setVersion(s: version) → Nothing
2390 Permanently set version of ipset to version. See version
2391 attribute of ipset tag in firewalld.ipset(5).
2392 update((ssssa{ss}as): settings) → Nothing
2394 Update settings of ipset to settings. Settings are in format:
2395 version, name, description, type, dictionary of options and
2396 array of entries.
2397 version (s): see version attribute of ipset tag in
2399 firewalld.ipset(5).
2400 name (s): see short tag in firewalld.ipset(5).
2402 description (s): see description tag in firewalld.ipset(5).
2404 type (s): see type attribute of ipset tag in
2406 firewalld.ipset(5).
2407 options (a{ss}): dictionary of {option : value} . See options
2409 tag in firewalld.ipset(5).
2410 entries (as): array of entries, see entry tag in
2412 firewalld.ipset(5).
2413 Possible errors: INVALID_TYPE
2415 Signals
2417 Removed(s: name)
2418 Emitted when ipset with name has been removed.
2419 Renamed(s: name)
2421 Emitted when ipset has been renamed to name.
2422 Updated(s: name)
2424 Emitted when ipset with name has been updated.
2425 Properties
2427 builtin - b - (ro)
2428 True if ipset is build-in, false else.
2429 default - b - (ro)
2431 True if build-in ipset has default settings. False if it has
2432 been modified. Always False for not build-in ipsets.
2433 filename - s - (ro)
2435 Name (including .xml extension) of file where the configuration
2436 is stored.
2437 name - s - (ro)
2439 Name of ipset.
2440 path - s - (ro)
2442 Path to directory where the ipset configuration is stored.
2443 Should be either /usr/lib/firewalld/ipsets or
2444 /etc/firewalld/ipsets.
2445 org.fedoraproject.FirewallD1.config.zone
2447 Interface for permanent zone configuration, see also firewalld.zone(5).
2448 Methods
2450 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2451 Nothing
2452 Permanently add (port, protocol, toport, toaddr) to list of
2453 forward ports of zone. See forward-port tag in
2454 firewalld.zone(5). For runtime operation see
2455 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2456 Possible errors: ALREADY_ENABLED
2458 addIcmpBlock(s: icmptype) → Nothing
2460 Permanently add icmptype to list of icmp types blocked in zone.
2461 See icmp-block tag in firewalld.zone(5). For runtime operation
2462 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2463 Possible errors: ALREADY_ENABLED
2465 addIcmpBlock(s: icmptype) → Nothing
2467 Permanently add icmp block inversion to zone. See
2468 icmp-block-inversion tag in firewalld.zone(5). For runtime
2469 operation see
2470 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2471 Possible errors: ALREADY_ENABLED
2473 addInterface(s: interface) → Nothing
2475 Permanently add interface to list of interfaces bound to zone.
2476 See interface tag in firewalld.zone(5). For runtime operation
2477 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2478 Possible errors: ALREADY_ENABLED
2480 addMasquerade() → Nothing
2482 Permanently enable masquerading in zone. See masquerade tag in
2483 firewalld.zone(5). For runtime operation see
2484 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2485 Possible errors: ALREADY_ENABLED
2487 addPort(s: port, s: protocol) → Nothing
2489 Permanently add (port, protocol) to list of ports of zone. See
2490 port tag in firewalld.zone(5). For runtime operation see
2491 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2492 Possible errors: ALREADY_ENABLED
2494 addProtocol(s: protocol) → Nothing
2496 Permanently add protocol into zone. The protocol can be any
2497 protocol supported by the system. Please have a look at
2498 /etc/protocols for supported protocols. For runtime operation
2499 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2500 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2502 addRichRule(s: rule) → Nothing
2504 Permanently add rule to list of rich-language rules in zone.
2505 See rule tag in firewalld.zone(5). For runtime operation see
2506 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2507 Possible errors: ALREADY_ENABLED
2509 addService(s: service) → Nothing
2511 Permanently add service to list of services used in zone. See
2512 service tag in firewalld.zone(5). For runtime operation see
2513 org.fedoraproject.FirewallD1.zone.Methods.addService.
2514 Possible errors: ALREADY_ENABLED
2516 addSource(s: source) → Nothing
2518 Permanently add source to list of source addresses bound to
2519 zone. See source tag in firewalld.zone(5). For runtime
2520 operation see
2521 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2522 Possible errors: ALREADY_ENABLED
2524 addSourcePort(s: port, s: protocol) → Nothing
2526 Permanently add (port, protocol) to list of source ports of
2527 zone. See source-port tag in firewalld.zone(5). For runtime
2528 operation see
2529 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2530 Possible errors: ALREADY_ENABLED
2532 getDescription() → s
2534 Get description of zone. See description tag in
2535 firewalld.zone(5).
2536 getForwardPorts() → a(ssss)
2538 Get list of (port, protocol, toport, toaddr) defined in zone.
2539 See forward-port tag in firewalld.zone(5). For runtime
2540 operation see
2541 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2542 getIcmpBlockInversion() → b
2544 Get icmp block inversion flag of zone. See icmp-block-inversion
2545 tag in firewalld.zone(5).
2546 getIcmpBlocks() → as
2548 Get list of icmp type names blocked in zone. See icmp-block tag
2549 in firewalld.zone(5). For runtime operation see
2550 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2551 getInterfaces() → as
2553 Get list of interfaces bound to zone. See interface tag in
2554 firewalld.zone(5). For runtime operation see
2555 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2556 getMasquerade() → b
2558 Return whether masquerade is enabled in zone. This is the same
2559 as queryMasquerade() method. See masquerade tag in
2560 firewalld.zone(5).
2561 getPorts() → a(ss)
2563 Get list of (port, protocol) defined in zone. See port tag in
2564 firewalld.zone(5). For runtime operation see
2565 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2566 getProtocols() → as
2568 Return array of protocols (s) previously enabled in zone. For
2569 getting runtime settings see
2570 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2571 getRichRules() → as
2573 Get list of rich-language rules in zone. See rule tag in
2574 firewalld.zone(5). For runtime operation see
2575 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2576 getServices() → as
2578 Get list of service names used in zone. See service tag in
2579 firewalld.zone(5). For runtime operation see
2580 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2581 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
2583 This function is deprecated, use
2584 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2
2585 instead.
2586 getSettings2() → a{sv}
2588 Return permanent settings of given zone. For getting runtime
2589 settings see
2590 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2.
2591 Settings are a dictionary indexed by keywords. For the type of
2592 each value see below. If the value is empty it may be omitted.
2593 version (s): see version attribute of zone tag in
2595 firewalld.zone(5).
2596 name (s): see short tag in firewalld.zone(5).
2598 description (s): see description tag in firewalld.zone(5).
2600 target (s): see target attribute of zone tag in
2602 firewalld.zone(5).
2603 services (as): array of service names, see service tag in
2605 firewalld.zone(5).
2606 ports (a(ss)): array of port and protocol pairs. See port tag
2608 in firewalld.zone(5).
2609 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2611 firewalld.zone(5).
2612 masquerade (b): see masquerade tag in firewalld.zone(5).
2614 forward_ports (a(ssss)): array of (port, protocol, to-port,
2616 to-addr). See forward-port tag in firewalld.zone(5).
2617 interfaces (as): array of interfaces. See interface tag in
2619 firewalld.zone(5).
2620 sources (as): array of source addresses. See source tag in
2622 firewalld.zone(5).
2623 rules_str (as): array of rich-language rules. See rule tag in
2625 firewalld.zone(5).
2626 protocols (as): array of protocols, see protocol tag in
2628 firewalld.zone(5).
2629 source_ports (a(ss)): array of port and protocol pairs. See
2631 source-port tag in firewalld.zone(5).
2632 icmp_block_inversion (b): see icmp-block-inversion tag in
2634 firewalld.zone(5).
2635 forward (b): see forward tag in firewalld.zone(5).
2637 getShort() → s
2640 Get name of zone. See short tag in firewalld.zone(5).
2641 getSourcePorts() → a(ss)
2643 Get list of (port, protocol) defined in zone. See source-port
2644 tag in firewalld.zone(5). For runtime operation see
2645 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2646 getSources() → as
2648 Get list of source addresses bound to zone. See source tag in
2649 firewalld.zone(5). For runtime operation see
2650 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2651 getTarget() → s
2653 Get target of zone. See target attribute of zone tag in
2654 firewalld.zone(5).
2655 getVersion() → s
2657 Get version of zone. See version attribute of zone tag in
2658 firewalld.zone(5).
2659 loadDefaults() → Nothing
2661 Load default settings for built-in zone.
2662 Possible errors: NO_DEFAULTS
2664 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2666 Return whether (port, protocol, toport, toaddr) is in list of
2667 forward ports of zone. See forward-port tag in
2668 firewalld.zone(5). For runtime operation see
2669 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2670 queryIcmpBlock(s: icmptype) → b
2672 Return whether icmptype is in list of icmp types blocked in
2673 zone. See icmp-block tag in firewalld.zone(5). For runtime
2674 operation see
2675 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2676 queryIcmpBlockInversion() → b
2678 Return whether icmp block inversion is in enabled in zone. See
2679 icmp-block-inversion tag in firewalld.zone(5). For runtime
2680 operation see
2681 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2682 queryInterface(s: interface) → b
2684 Return whether interface is in list of interfaces bound to
2685 zone. See interface tag in firewalld.zone(5). For runtime
2686 operation see
2687 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2688 queryMasquerade() → b
2690 Return whether masquerade is enabled in zone. This is the same
2691 as getMasquerade() method. See masquerade tag in
2692 firewalld.zone(5). For runtime operation see
2693 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2694 queryPort(s: port, s: protocol) → b
2696 Return whether (port, protocol) is in list of ports of zone.
2697 See port tag in firewalld.zone(5). For runtime operation see
2698 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2699 queryProtocol(s: protocol) → b
2701 Return whether protocol has been added in zone. For runtime
2702 operation see
2703 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2704 Possible errors: INVALID_PROTOCOL
2706 queryRichRule(s: rule) → b
2708 Return whether rule is in list of rich-language rules in zone.
2709 See rule tag in firewalld.zone(5). For runtime operation see
2710 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2711 queryService(s: service) → b
2713 Return whether service is in list of services used in zone. See
2714 service tag in firewalld.zone(5). For runtime operation see
2715 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2716 querySource(s: source) → b
2718 Return whether source is in list of source addresses bound to
2719 zone. See source tag in firewalld.zone(5). For runtime
2720 operation see
2721 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2722 querySourcePort(s: port, s: protocol) → b
2724 Return whether (port, protocol) is in list of source ports of
2725 zone. See source-port tag in firewalld.zone(5). For runtime
2726 operation see
2727 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2728 remove() → Nothing
2730 Remove not built-in zone.
2731 Possible errors: BUILTIN_ZONE
2733 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2735 Nothing
2736 Permanently remove (port, protocol, toport, toaddr) from list
2737 of forward ports of zone. See forward-port tag in
2738 firewalld.zone(5). For runtime operation see
2739 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2740 Possible errors: NOT_ENABLED
2742 removeIcmpBlock(s: icmptype) → Nothing
2744 Permanently remove icmptype from list of icmp types blocked in
2745 zone. See icmp-block tag in firewalld.zone(5). For runtime
2746 operation see
2747 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2748 Possible errors: NOT_ENABLED
2750 removeIcmpBlockInversion() → Nothing
2752 Permanently remove icmp block inversion from the zone. See
2753 icmp-block-inversion tag in firewalld.zone(5). For runtime
2754 operation see
2755 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2756 Possible errors: NOT_ENABLED
2758 removeInterface(s: interface) → Nothing
2760 Permanently remove interface from list of interfaces bound to
2761 zone. See interface tag in firewalld.zone(5). For runtime
2762 operation see
2763 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2764 Possible errors: NOT_ENABLED
2766 removeMasquerade() → Nothing
2768 Permanently disable masquerading in zone. See masquerade tag in
2769 firewalld.zone(5). For runtime operation see
2770 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2771 Possible errors: NOT_ENABLED
2773 removePort(s: port, s: protocol) → Nothing
2775 Permanently remove (port, protocol) from list of ports of zone.
2776 See port tag in firewalld.zone(5). For runtime operation see
2777 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2778 Possible errors: NOT_ENABLED
2780 removeProtocol(s: protocol) → Nothing
2782 Permanently remove protocol from zone. For runtime operation
2783 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2784 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2786 removeRichRule(s: rule) → Nothing
2788 Permanently remove rule from list of rich-language rules in
2789 zone. See rule tag in firewalld.zone(5). For runtime operation
2790 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2791 Possible errors: NOT_ENABLED
2793 removeService(s: service) → Nothing
2795 Permanently remove service from list of services used in zone.
2796 See service tag in firewalld.zone(5). For runtime operation see
2797 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2798 Possible errors: NOT_ENABLED
2800 removeSource(s: source) → Nothing
2802 Permanently remove source from list of source addresses bound
2803 to zone. See source tag in firewalld.zone(5). For runtime
2804 operation see
2805 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2806 Possible errors: NOT_ENABLED
2808 removeSourcePort(s: port, s: protocol) → Nothing
2810 Permanently remove (port, protocol) from list of source ports
2811 of zone. See source-port tag in firewalld.zone(5). For runtime
2812 operation see
2813 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2814 Possible errors: NOT_ENABLED
2816 rename(s: name) → Nothing
2818 Rename not built-in zone to name.
2819 Possible errors: BUILTIN_ZONE
2821 setDescription(s: description) → Nothing
2823 Permanently set description of zone to description. See
2824 description tag in firewalld.zone(5).
2825 setForwardPorts(a(ssss): ports) → Nothing
2827 Permanently set forward ports of zone to list of (port,
2828 protocol, toport, toaddr). See forward-port tag in
2829 firewalld.zone(5).
2830 setIcmpBlockInversion(b: flag) → Nothing
2832 Permanently set icmp block inversion flag of zone to flag. See
2833 icmp-block-inversion tag in firewalld.zone(5).
2834 setIcmpBlocks(as: icmptypes) → Nothing
2836 Permanently set list of icmp types blocked in zone to
2837 icmptypes. See icmp-block tag in firewalld.zone(5).
2838 setInterfaces(as: interfaces) → Nothing
2840 Permanently set list of interfaces bound to zone to interfaces.
2841 See interface tag in firewalld.zone(5).
2842 setMasquerade(b: masquerade) → Nothing
2844 Permanently set masquerading in zone to masquerade. See
2845 masquerade tag in firewalld.zone(5).
2846 setPorts(a(ss): ports) → Nothing
2848 Permanently set ports of zone to list of (port, protocol). See
2849 port tag in firewalld.zone(5).
2850 setProtocols(as: protocols) → Nothing
2852 Permanently set list of protocols used in zone to protocols.
2853 See protocol tag in firewalld.zone(5).
2854 setRichRules(as: rules) → Nothing
2856 Permanently set list of rich-language rules to rules. See rule
2857 tag in firewalld.zone(5).
2858 setServices(as: services) → Nothing
2860 Permanently set list of services used in zone to services. See
2861 service tag in firewalld.zone(5).
2862 setShort(s: short) → Nothing
2864 Permanently set name of zone to short. See short tag in
2865 firewalld.zone(5).
2866 setSourcePorts(a(ss): ports) → Nothing
2868 Permanently set source-ports of zone to list of (port,
2869 protocol). See source-port tag in firewalld.zone(5).
2870 setSources(as: sources) → Nothing
2872 Permanently set list of source addresses bound to zone to
2873 sources. See source tag in firewalld.zone(5).
2874 setTarget(s: target) → Nothing
2876 Permanently set target of zone to target. See target attribute
2877 of zone tag in firewalld.zone(5).
2878 setVersion(s: version) → Nothing
2880 Permanently set version of zone to version. See version
2881 attribute of zone tag in firewalld.zone(5).
2882 update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing
2884 This function is deprecated, use
2885 org.fedoraproject.FirewallD1.config.zone.Methods.update2
2886 instead.
2887 update2(a{sv}: settings) → Nothing
2889 Update settings of zone to settings. Settings are a dictionary
2890 indexed by keywords. For the type of each value see below. To
2891 zero a value pass an empty string or list.
2892 version (s): see version attribute of zone tag in
2894 firewalld.zone(5).
2895 name (s): see short tag in firewalld.zone(5).
2897 description (s): see description tag in firewalld.zone(5).
2899 target (s): see target attribute of zone tag in
2901 firewalld.zone(5).
2902 services (as): array of service names, see service tag in
2904 firewalld.zone(5).
2905 ports (a(ss)): array of port and protocol pairs. See port tag
2907 in firewalld.zone(5).
2908 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2910 firewalld.zone(5).
2911 masquerade (b): see masquerade tag in firewalld.zone(5).
2913 forward_ports (a(ssss)): array of (port, protocol, to-port,
2915 to-addr). See forward-port tag in firewalld.zone(5).
2916 interfaces (as): array of interfaces. See interface tag in
2918 firewalld.zone(5).
2919 sources (as): array of source addresses. See source tag in
2921 firewalld.zone(5).
2922 rules_str (as): array of rich-language rules. See rule tag in
2924 firewalld.zone(5).
2925 protocols (as): array of protocols, see protocol tag in
2927 firewalld.zone(5).
2928 source_ports (a(ss)): array of port and protocol pairs. See
2930 source-port tag in firewalld.zone(5).
2931 icmp_block_inversion (b): see icmp-block-inversion tag in
2933 firewalld.zone(5).
2934 forward (b): see forward tag in firewalld.zone(5).
2936 Possible errors: INVALID_TYPE
2938 Signals
2940 Removed(s: name)
2941 Emitted when zone with name has been removed.
2942 Renamed(s: name)
2944 Emitted when zone has been renamed to name.
2945 Updated(s: name)
2947 Emitted when zone with name has been updated.
2948 Properties
2950 builtin - b - (ro)
2951 True if zone is build-in, false else.
2952 default - b - (ro)
2954 True if build-in zone has default settings. False if it has
2955 been modified. Always False for not build-in zones.
2956 filename - s - (ro)
2958 Name (including .xml extension) of file where the configuration
2959 is stored.
2960 name - s - (ro)
2962 Name of zone.
2963 path - s - (ro)
2965 Path to directory where the zone configuration is stored.
2966 Should be either /usr/lib/firewalld/zones or
2967 /etc/firewalld/zones.
2968 org.fedoraproject.FirewallD1.config.policy
2970 Interface for permanent policy configuration, see also
2971 firewalld.policy(5).
2972 Methods
2974 getSettings() → a{sv}
2975 Return permanent settings of given policy. For getting runtime
2976 settings see
2977 org.fedoraproject.FirewallD1.policy.Methods.getPolicySettings.
2978 Settings are a dictionary indexed by keywords. For possible
2979 keywords see
2980 org.fedoraproject.FirewallD1.config.Methods.addPolicy.
2981 loadDefaults() → Nothing
2983 Load default settings for built-in policy.
2984 Possible errors: NO_DEFAULTS
2986 remove() → Nothing
2988 Remove not built-in policy.
2989 Possible errors: BUILTIN_POLICY
2991 rename(s: name) → Nothing
2993 Rename not built-in policy to name.
2994 Possible errors: BUILTIN_POLICY
2996 update(a{sv}: settings) → Nothing
2998 Update settings of policy to settings. Settings are a
2999 dictionary indexed by keywords. For possible keywords see
3000 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
3001 a value pass an empty string or list.
3002 Possible errors: INVALID_TYPE
3004 Signals
3006 Removed(s: name)
3007 Emitted when policy with name has been removed.
3008 Renamed(s: name)
3010 Emitted when policy has been renamed to name.
3011 Updated(s: name)
3013 Emitted when policy with name has been updated.
3014 Properties
3016 builtin - b - (ro)
3017 True if policy is build-in, false else.
3018 default - b - (ro)
3020 True if build-in policy has default settings. False if it has
3021 been modified. Always False for not build-in policies.
3022 filename - s - (ro)
3024 Name (including .xml extension) of file where the configuration
3025 is stored.
3026 name - s - (ro)
3028 Name of policy.
3029 path - s - (ro)
3031 Path to directory where the policy configuration is stored.
3032 Should be either /usr/lib/firewalld/policies or
3033 /etc/firewalld/policies.
3034 org.fedoraproject.FirewallD1.config.service
3036 Interface for permanent service configuration, see also
3037 firewalld.service(5).
3038 Methods
3040 addModule(s: module) → Nothing
3041 This method is deprecated. Please use "helpers" in the
3042 update2() method.
3043 addPort(s: port, s: protocol) → Nothing
3045 Permanently add (port, protocol) to list of ports in service.
3046 See port tag in firewalld.service(5).
3047 Possible errors: ALREADY_ENABLED
3049 addProtocol(s: protocol) → Nothing
3051 Permanently add protocol into zone. The protocol can be any
3052 protocol supported by the system. Please have a look at
3053 /etc/protocols for supported protocols. See protocol tag in
3054 firewalld.service(5).
3055 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
3057 addSourcePort(s: port, s: protocol) → Nothing
3059 Permanently add (port, protocol) to list of source ports in
3060 service. See source-port tag in firewalld.service(5).
3061 Possible errors: ALREADY_ENABLED
3063 getDescription() → s
3065 Get description of service. See description tag in
3066 firewalld.service(5).
3067 getDestination(s: family) → s
3069 Get destination for IP family being either 'ipv4' or 'ipv6'.
3070 See destination tag in firewalld.service(5).
3071 Possible errors: ALREADY_ENABLED
3073 getDestinations() → a{ss}
3075 Get list of destinations. Return value is a dictionary of {IP
3076 family : IP address} where 'IP family' key can be either 'ipv4'
3077 or 'ipv6'. See destination tag in firewalld.service(5).
3078 getModules() → as
3080 This method is deprecated. Please use "helpers" in the
3081 getSettings2() method.
3082 getPorts() → a(ss)
3084 Get list of (port, protocol) defined in service. See port tag
3085 in firewalld.service(5).
3086 getProtocols() → as
3088 Return array of protocols (s) defined in service. See protocol
3089 tag in firewalld.service(5).
3090 getSettings() → (sssa(ss)asa{ss}asa(ss))
3092 This function is deprecated, use
3093 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
3094 instead.
3095 getSettings2(s: service) → s{sv}
3097 Return runtime settings of given service. For getting runtime
3098 settings see
3099 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
3100 Settings are a dictionary indexed by keywords. For the type of
3101 each value see below. If the value is empty it may be ommitted.
3102 version (s): see version attribute of service tag in
3104 firewalld.service(5).
3105 name (s): see short tag in firewalld.service(5).
3107 description (s): see description tag in firewalld.service(5).
3109 ports (a(ss)): array of port and protocol pairs. See port tag
3111 in firewalld.service(5).
3112 module names (as): array of kernel netfilter helpers, see
3114 module tag in firewalld.service(5).
3115 destinations (a{ss}): dictionary of {IP family : IP address}
3117 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3118 destination tag in firewalld.service(5).
3119 protocols (as): array of protocols, see protocol tag in
3121 firewalld.service(5).
3122 source_ports (a(ss)): array of port and protocol pairs. See
3124 source-port tag in firewalld.service(5).
3125 includes (as): array of service includes, see include tag in
3127 firewalld.service(5).
3128 helpers (as): array of service helpers, see helper tag in
3130 firewalld.service(5).
3131 getShort() → s
3134 Get name of service. See short tag in firewalld.service(5).
3135 getSourcePorts() → a(ss)
3137 Get list of (port, protocol) defined in service. See
3138 source-port tag in firewalld.service(5).
3139 getVersion() → s
3141 Get version of service. See version attribute of service tag in
3142 firewalld.service(5).
3143 loadDefaults() → Nothing
3145 Load default settings for built-in service.
3146 Possible errors: NO_DEFAULTS
3148 queryDestination(s: family, s: address) → b
3150 Return whether a destination is in dictionary of destinations
3151 of this service. destination is in format: (IP family, IP
3152 address) where IP family can be either 'ipv4' or 'ipv6'. See
3153 destination tag in firewalld.service(5).
3154 queryModule(s: module) → b
3156 This method is deprecated. Please use "helpers" in the
3157 getSettings2() method.
3158 queryPort(s: port, s: protocol) → b
3160 Return whether (port, protocol) is in list of ports in service.
3161 See port tag in firewalld.service(5).
3162 queryProtocol(s: protocol) → b
3164 Return whether protocol is in list of protocols in service. See
3165 protocol tag in firewalld.service(5).
3166 querySourcePort(s: port, s: protocol) → b
3168 Return whether (port, protocol) is in list of source ports in
3169 service. See source-port tag in firewalld.service(5).
3170 remove() → Nothing
3172 Remove not built-in service.
3173 Possible errors: BUILTIN_SERVICE
3175 removeDestination(s: family) → Nothing
3177 Permanently remove a destination with family ('ipv4' or 'ipv6')
3178 from service. See destination tag in firewalld.service(5).
3179 Possible errors: NOT_ENABLED
3181 removeModule(s: module) → Nothing
3183 This method is deprecated. Please use "helpers" in the
3184 update2() method.
3185 removePort(s: port, s: protocol) → Nothing
3187 Permanently remove (port, protocol) from list of ports in
3188 service. See port tag in firewalld.service(5).
3189 Possible errors: NOT_ENABLED
3191 removeProtocol(s: protocol) → Nothing
3193 Permanently remove protocol from list of protocols in service.
3194 See protocol tag in firewalld.service(5).
3195 Possible errors: NOT_ENABLED
3197 removeSourcePort(s: port, s: protocol) → Nothing
3199 Permanently remove (port, protocol) from list of source ports
3200 in service. See source-port tag in firewalld.service(5).
3201 Possible errors: NOT_ENABLED
3203 rename(s: name) → Nothing
3205 Rename not built-in service to name.
3206 Possible errors: BUILTIN_SERVICE
3208 setDescription(s: description) → Nothing
3210 Permanently set description of service to description. See
3211 description tag in firewalld.service(5).
3212 setDestination(s: family, s: address) → Nothing
3214 Permanently set a destination address. destination is in
3215 format: (IP family, IP address) where IP family can be either
3216 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
3217 Possible errors: ALREADY_ENABLED
3219 setDestinations(a{ss}: destinations) → Nothing
3221 Permanently set destinations of service to destinations, which
3222 is a dictionary of {IP family : IP address} where 'IP family'
3223 key can be either 'ipv4' or 'ipv6'. See destination tag in
3224 firewalld.service(5).
3225 setModules(as: modules) → Nothing
3227 This method is deprecated. Please use "helpers" in the
3228 update2() method.
3229 setPorts(a(ss): ports) → Nothing
3231 Permanently set ports of service to list of (port, protocol).
3232 See port tag in firewalld.service(5).
3233 setProtocols(as: protocols) → Nothing
3235 Permanently set protocols of service to list of protocols. See
3236 protocol tag in firewalld.service(5).
3237 setShort(s: short) → Nothing
3239 Permanently set name of service to short. See short tag in
3240 firewalld.service(5).
3241 setSourcePorts(a(ss): ports) → Nothing
3243 Permanently set source-ports of service to list of (port,
3244 protocol). See source-port tag in firewalld.service(5).
3245 setVersion(s: version) → Nothing
3247 Permanently set version of service to version. See version
3248 attribute of service tag in firewalld.service(5).
3249 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
3251 This function is deprecated, use
3252 org.fedoraproject.FirewallD1.config.service.Methods.update2
3253 instead.
3254 update2a{sv}: settings) → Nothing
3256 Update settings of service to settings. Settings are a
3257 dictionary indexed by keywords. For the type of each value see
3258 below. To zero a value pass an empty string or list.
3259 version (s): see version attribute of service tag in
3261 firewalld.service(5).
3262 name (s): see short tag in firewalld.service(5).
3264 description (s): see description tag in firewalld.service(5).
3266 ports (a(ss)): array of port and protocol pairs. See port tag
3268 in firewalld.service(5).
3269 module names (as): array of kernel netfilter helpers, see
3271 module tag in firewalld.service(5).
3272 destinations (a{ss}): dictionary of {IP family : IP address}
3274 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3275 destination tag in firewalld.service(5).
3276 protocols (as): array of protocols, see protocol tag in
3278 firewalld.service(5).
3279 source_ports (a(ss)): array of port and protocol pairs. See
3281 source-port tag in firewalld.service(5).
3282 includes (as): array of service includes, see include tag in
3284 firewalld.service(5).
3285 helpers (as): array of service helpers, see helper tag in
3287 firewalld.service(5).
3288 Possible errors: INVALID_TYPE
3290 Signals
3292 Removed(s: name)
3293 Emitted when service with name has been removed.
3294 Renamed(s: name)
3296 Emitted when service has been renamed to name.
3297 Updated(s: name)
3299 Emitted when service with name has been updated.
3300 Properties
3302 builtin - b - (ro)
3303 True if service is build-in, false else.
3304 default - b - (ro)
3306 True if build-in service has default settings. False if it has
3307 been modified. Always False for not build-in services.
3308 filename - s - (ro)
3310 Name (including .xml extension) of file where the configuration
3311 is stored.
3312 name - s - (ro)
3314 Name of service.
3315 path - s - (ro)
3317 Path to directory where the configuration is stored. Should be
3318 either /usr/lib/firewalld/services or /etc/firewalld/services.
3319 org.fedoraproject.FirewallD1.config.helper
3321 Interface for permanent helper configuration, see also
3322 firewalld.helper(5).
3323 Methods
3325 addPort(s: port, s: protocol) → Nothing
3326 Permanently add (port, protocol) to list of ports in helper.
3327 See port tag in firewalld.helper(5).
3328 Possible errors: ALREADY_ENABLED
3330 getDescription() → s
3332 Get description of helper. See description tag in
3333 firewalld.helper(5).
3334 getFamily() → s
3336 Get family being 'ipv4', 'ipv6' or empty for both. See family
3337 tag in firewalld.helper(5).
3338 getModule() → s
3340 Get modules (netfilter kernel helpers) used in helper. See
3341 module tag in firewalld.helper(5).
3342 getPorts() → a(ss)
3344 Get list of (port, protocol) defined in helper. See port tag in
3345 firewalld.helper(5).
3346 getSettings() → (sssssa(ss))
3348 Return permanent settings of a helper. For getting runtime
3349 settings see
3350 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3351 Settings are in format: version, name, description, family,
3352 module, array of ports (port, protocol).
3353 version (s): see version attribute of helper tag in
3355 firewalld.helper(5).
3356 name (s): see short tag in firewalld.helper(5).
3358 description (s): see description tag in firewalld.helper(5).
3360 family (s): see family tag in firewalld.helper(5).
3362 module (s): see module tag in firewalld.helper(5).
3364 ports (a(ss)): array of port and protocol pairs. See port tag
3366 in firewalld.helper(5).
3367 getShort() → s
3370 Get name of helper. See short tag in firewalld.helper(5).
3371 getVersion() → s
3373 Get version of helper. See version attribute of helper tag in
3374 firewalld.helper(5).
3375 loadDefaults() → Nothing
3377 Load default settings for built-in helper.
3378 Possible errors: NO_DEFAULTS
3380 queryFamily(s: module) → b
3382 Return whether family is set for helper. See family tag in
3383 firewalld.helper(5).
3384 queryModule(s: module) → b
3386 Return whether module (netfilter kernel helpers) is used in
3387 helper. See module tag in firewalld.helper(5).
3388 queryPort(s: port, s: protocol) → b
3390 Return whether (port, protocol) is in list of ports in helper.
3391 See port tag in firewalld.helper(5).
3392 remove() → Nothing
3394 Remove not built-in helper.
3395 Possible errors: BUILTIN_HELPER
3397 removePort(s: port, s: protocol) → Nothing
3399 Permanently remove (port, protocol) from list of ports in
3400 helper. See port tag in firewalld.helper(5).
3401 Possible errors: NOT_ENABLED
3403 rename(s: name) → Nothing
3405 Rename not built-in helper to name.
3406 Possible errors: BUILTIN_HELPER
3408 setDescription(s: description) → Nothing
3410 Permanently set description of helper to description. See
3411 description tag in firewalld.helper(5).
3412 setFamily(s: family) → Nothing
3414 Permanently set family of helper to family. See family tag in
3415 firewalld.helper(5).
3416 setModule(s: module) → Nothing
3418 Permanently set module of helper to description. See module tag
3419 in firewalld.helper(5).
3420 setPorts(a(ss): ports) → Nothing
3422 Permanently set ports of helper to list of (port, protocol).
3423 See port tag in firewalld.helper(5).
3424 setShort(s: short) → Nothing
3426 Permanently set name of helper to short. See short tag in
3427 firewalld.helper(5).
3428 setVersion(s: version) → Nothing
3430 Permanently set version of helper to version. See version
3431 attribute of helper tag in firewalld.helper(5).
3432 update((sssssa(ss)): settings) → Nothing
3434 Update settings of helper to settings. Settings are in format:
3435 version, name, description, family, module and array of ports.
3436 version (s): see version attribute of helper tag in
3438 firewalld.helper(5).
3439 name (s): see short tag in firewalld.helper(5).
3441 description (s): see description tag in firewalld.helper(5).
3443 family (s): see family tag in firewalld.helper(5).
3445 module (s): see module tag in firewalld.helper(5).
3447 ports (a(ss)): array of port and protocol pairs. See port tag
3449 in firewalld.helper(5).
3450 Possible errors: INVALID_HELPER
3452 Signals
3454 Removed(s: name)
3455 Emitted when helper with name has been removed.
3456 Renamed(s: name)
3458 Emitted when helper has been renamed to name.
3459 Updated(s: name)
3461 Emitted when helper with name has been updated.
3462 Properties
3464 builtin - b - (ro)
3465 True if helper is build-in, false else.
3466 default - b - (ro)
3468 True if build-in helper has default settings. False if it has
3469 been modified. Always False for not build-in helpers.
3470 filename - s - (ro)
3472 Name (including .xml extension) of file where the configuration
3473 is stored.
3474 name - s - (ro)
3476 Name of helper.
3477 path - s - (ro)
3479 Path to directory where the configuration is stored. Should be
3480 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3481 org.fedoraproject.FirewallD1.config.icmptype
3483 Interface for permanent icmp type configuration, see also
3484 firewalld.icmptype(5).
3485 Methods
3487 addDestination(s: destination) → Nothing
3488 Permanently add a destination ('ipv4' or 'ipv6') to list of
3489 destinations of this icmp type. See destination tag in
3490 firewalld.icmptype(5).
3491 Possible errors: ALREADY_ENABLED
3493 getDescription() → s
3495 Get description of icmp type. See description tag in
3496 firewalld.icmptype(5).
3497 getDestinations() → as
3499 Get list of destinations. See destination tag in
3500 firewalld.icmptype(5).
3501 getSettings() → (sssas)
3503 Return permanent settings of icmp type. For getting runtime
3504 settings see
3505 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3506 Settings are in format: version, name, description, array of
3507 destinations.
3508 version (s): see version attribute of icmptype tag in
3510 firewalld.icmptype(5).
3511 name (s): see short tag in firewalld.icmptype(5).
3513 description (s): see description tag in firewalld.icmptype(5).
3515 destinations (as): array, either empty or containing strings
3517 'ipv4' and/or 'ipv6', see destination tag in
3518 firewalld.icmptype(5).
3519 getShort() → s
3522 Get name of icmp type. See short tag in firewalld.icmptype(5).
3523 getVersion() → s
3525 Get version of icmp type. See version attribute of icmptype tag
3526 in firewalld.icmptype(5).
3527 loadDefaults() → Nothing
3529 Load default settings for built-in icmp type.
3530 Possible errors: NO_DEFAULTS
3532 queryDestination(s: destination) → b
3534 Return whether a destination ('ipv4' or 'ipv6') is in list of
3535 destinations of this icmp type. See destination tag in
3536 firewalld.icmptype(5).
3537 remove() → Nothing
3539 Remove not built-in icmp type.
3540 Possible errors: BUILTIN_ICMPTYPE
3542 removeDestination(s: destination) → Nothing
3544 Permanently remove a destination ('ipv4' or 'ipv6') from list
3545 of destinations of this icmp type. See destination tag in
3546 firewalld.icmptype(5).
3547 Possible errors: NOT_ENABLED
3549 rename(s: name) → Nothing
3551 Rename not built-in icmp type to name.
3552 Possible errors: BUILTIN_ICMPTYPE
3554 setDescription(s: description) → Nothing
3556 Permanently set description of icmp type to description. See
3557 description tag in firewalld.icmptype(5).
3558 setDestinations(as: destinations) → Nothing
3560 Permanently set destinations of icmp type to destinations,
3561 which is array, either empty or containing strings 'ipv4'
3562 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3563 setShort(s: short) → Nothing
3565 Permanently set name of icmp type to short. See short tag in
3566 firewalld.icmptype(5).
3567 setVersion(s: version) → Nothing
3569 Permanently set version of icmp type to version. See version
3570 attribute of icmptype tag in firewalld.icmptype(5).
3571 update((sssas): settings) → Nothing
3573 Update permanent settings of icmp type to settings. Settings
3574 are in format: version, name, description, array of
3575 destinations.
3576 version (s): see version attribute of icmptype tag in
3578 firewalld.icmptype(5).
3579 name (s): see short tag in firewalld.icmptype(5).
3581 description (s): see description tag in firewalld.icmptype(5).
3583 destinations (as): array, either empty or containing strings
3585 'ipv4' and/or 'ipv6', see destination tag in
3586 firewalld.icmptype(5).
3587 Signals
3590 Removed(s: name)
3591 Emitted when icmp type with name has been removed.
3592 Renamed(s: name)
3594 Emitted when icmp type has been renamed to name.
3595 Updated(s: name)
3597 Emitted when icmp type with name has been updated.
3598 Properties
3600 builtin - b - (ro)
3601 True if icmptype is build-in, false else.
3602 default - b - (ro)
3604 True if build-in icmp type has default settings. False if it
3605 has been modified. Always False for not build-in zones.
3606 filename - s - (ro)
3608 Name (including .xml extension) of file where the configuration
3609 is stored.
3610 name - s - (ro)
3612 Name of icmp type.
3613 path - s - (ro)
3615 Path to directory where the icmp type configuration is stored.
3616 Should be either /usr/lib/firewalld/icmptypes or
3617 /etc/firewalld/icmptypes.
3618
3620 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3621 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3622 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3623 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3624 firewalld.zone(5), firewalld.zones(5), firewalld.policy(5),
3625 firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
3626
3628 firewalld home page:
3629 http://firewalld.org
3630 More documentation with examples:
3632 http://fedoraproject.org/wiki/FirewallD
3633
3635 Thomas Woerner <twoerner@redhat.com>
3636 Developer
3637 Jiri Popelka <jpopelka@redhat.com>
3639 Developer
3640 Eric Garver <eric@garver.life>
3642 Developer
3643firewalld 0.9.3 FIREWALLD.DBUS(5)