1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct (deprecated)
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct (deprecated)
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80 Possible errors: NOT_ENABLED, COMMAND_FAILED
82 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89 getAutomaticHelpers() → s
91 Deprecated. This always returns "no".
92 getDefaultZone() → s
94 Return default zone.
95 getHelperSettings(s: helper) → (sssssa(ss))
97 Return runtime settings of given helper. For getting permanent
98 settings see
99 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
100 Settings are in format: version, name, description, family,
101 module and array of ports.
102 version (s): see version attribute of helper tag in
104 firewalld.helper(5).
105 name (s): see short tag in firewalld.helper(5).
107 description (s): see description tag in firewalld.helper(5).
109 family (s): see family tag in firewalld.helper(5).
111 module (s): see module tag in firewalld.helper(5).
113 ports (a(ss)): array of port and protocol pairs. See port tag
115 in firewalld.helper(5).
116 Possible errors: INVALID_HELPER
118 getHelpers() → as
120 Return array of helper names (s) in runtime configuration. For
121 permanent configuration see
122 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
123 getIcmpTypeSettings(s: icmptype) → (sssas)
125 Return runtime settings of given icmptype. For getting
126 permanent settings see
127 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
128 Settings are in format: version, name, description, array of
129 destinations.
130 version (s): see version attribute of icmptype tag in
132 firewalld.icmptype(5).
133 name (s): see short tag in firewalld.icmptype(5).
135 description (s): see description tag in firewalld.icmptype(5).
137 destinations (as): array, either empty or containing strings
139 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
140 Possible errors: INVALID_ICMPTYPE
142 getLogDenied() → s
144 Retruns the LogDenied value. If LogDenied is enabled, then
145 logging rules are added right before reject and drop rules in
146 the INPUT, FORWARD and OUTPUT chains for the default rules and
147 also final reject and drop rules in zones. Possible values are:
148 all, unicast, broadcast, multicast and off. The default value
149 is off
150 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
152 This function is deprecated, use
153 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
154 instead.
155 getServiceSettings2(s: service) → s{sv}
157 Return runtime settings of given service. For getting permanent
158 settings see
159 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
160 Settings are a dictionary indexed by keywords. For the type of
161 each value see below. If the value is empty it may be ommitted.
162 version (s): see version attribute of service tag in
164 firewalld.service(5).
165 name (s): see short tag in firewalld.service(5).
167 description (s): see description tag in firewalld.service(5).
169 ports (a(ss)): array of port and protocol pairs. See port tag
171 in firewalld.service(5).
172 module names (as): array of kernel netfilter helpers, see
174 module tag in firewalld.service(5).
175 destinations (a{ss}): dictionary of {IP family : IP address}
177 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
178 destination tag in firewalld.service(5).
179 protocols (as): array of protocols, see protocol tag in
181 firewalld.service(5).
182 source_ports (a(ss)): array of port and protocol pairs. See
184 source-port tag in firewalld.service(5).
185 includes (as): array of service includes, see include tag in
187 firewalld.service(5).
188 helpers (as): array of service helpers, see helper tag in
190 firewalld.service(5).
191 Possible errors: INVALID_SERVICE
193 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
195 This function is deprecated, use
196 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2
197 instead.
198 listIcmpTypes() → as
200 Return array of names (s) of icmp types in runtime
201 configuration. For permanent configuration see
202 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
203 listServices() → as
205 Return array of service names (s) in runtime configuration. For
206 permanent configuration see
207 org.fedoraproject.FirewallD1.config.Methods.listServices.
208 queryPanicMode() → b
210 Return true if panic mode is enabled, false otherwise. In panic
211 mode all incoming and outgoing packets are dropped.
212 reload() → Nothing
214 Reload firewall rules and keep state information. Current
215 permanent configuration will become new runtime configuration,
216 i.e. all runtime only changes done until reload are lost with
217 reload if they have not been also in permanent configuration.
218 runtimeToPermanent() → Nothing
220 Make runtime settings permanent. Replaces permanent settings
221 with runtime settings for zones, services, icmptypes, direct
222 (deprecated) and policies (lockdown whitelist).
223 Possible errors: RT_TO_PERM_FAILED
225 checkPermanentConfig() → Nothing
227 Run checks on the permanent configuration. This is most useful
228 if changes were made manually to configuration files.
229 Possible errors: any
231 setDefaultZone(s: zone) → Nothing
233 Set default zone for connections and interfaces where no zone
234 has been selected to zone. Setting the default zone changes the
235 zone for the connections or interfaces, that are using the
236 default zone. This is a runtime and permanent change.
237 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
239 setLogDenied(s: value) → Nothing
241 Set LogDenied value to value. If LogDenied is enabled, then
242 logging rules are added right before reject and drop rules in
243 the INPUT, FORWARD and OUTPUT chains for the default rules and
244 also final reject and drop rules in zones. Possible values are:
245 all, unicast, broadcast, multicast and off. The default value
246 is off This is a runtime and permanent change.
247 Possible errors: ALREADY_SET, INVALID_VALUE
249 Signals
251 DefaultZoneChanged(s: zone)
252 Emitted when default zone has been changed to zone.
253 LogDeniedChanged(s: value)
255 Emitted when LogDenied value has been changed.
256 PanicModeDisabled()
258 Emitted when panic mode has been deactivated.
259 PanicModeEnabled()
261 Emitted when panic mode has been activated.
262 Reloaded()
264 Emitted when firewalld has been reloaded. Also emitted for a
265 complete reload.
266 Properties
268 BRIDGE - b - (ro)
269 Indicates whether the firewall has ethernet bridge support.
270 IPSet - b - (ro)
272 Indicates whether the firewall has IPSet support.
273 IPSetTypes - as - (ro)
275 The supported IPSet types by ipset and firewalld.
276 IPv4 - b - (ro)
278 Indicates whether the firewall has IPv4 support.
279 IPv4ICMPTypes - as - (ro)
281 The list of supported IPv4 ICMP types.
282 IPv6 - b - (ro)
284 Indicates whether the firewall has IPv6 support.
285 IPv6_rpfilter - b - (ro)
287 Indicates whether the reverse path filter test on a packet for
288 IPv6 is enabled. If a reply to the packet would be sent via the
289 same interface that the packet arrived on, the packet will
290 match and be accepted, otherwise dropped.
291 IPv6ICMPTypes - as - (ro)
293 The list of supported IPv6 ICMP types.
294 nf_conntrach_helper_setting - b - (ro)
296 Deprecated. Always False.
297 nf_conntrack_helpers - a{sas} - (ro)
299 Deprecated. Always returns an empty dictionary.
300 nf_nat_helpers - a{sas} - (ro)
302 Deprecated. Always returns an empty dictionary.
303 interface_version - s - (ro)
305 firewalld D-Bus interface version string.
306 state - s - (ro)
308 firewalld state. This can be either INIT, FAILED, or RUNNING.
309 In INIT state, firewalld is starting up and initializing. In
310 FAILED state, firewalld completely started but experienced a
311 failure.
312 version - s - (ro)
314 firewalld version string.
315 org.fedoraproject.FirewallD1.ipset
317 Operations in this interface allows to get, add, remove and query
318 runtime ipset settings. For permanent configuration see
319 org.fedoraproject.FirewallD1.config.ipset interface.
320 Methods
322 addEntry(s: ipset, s: entry) → as
323 Add a new entry to ipset. The entry must match the type of the
324 ipset. If the ipset is using the timeout option, it is not
325 possible to see the entries, as they are timing out
326 automatically in the kernel. For permanent operation see
327 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
328 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
330 getEntries(s: ipset) → Nothing
332 Get all entries added to the ipset. If the ipset is using the
333 timeout option, it is not possible to see the entries, as they
334 are timing out automatically in the kernel. Return value is a
335 array of entry. For permanent operation see
336 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
337 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
339 getSettings(s: ipset) → (ssssa{ss}as)
341 Return runtime settings of given ipset. For getting permanent
342 settings see
343 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
344 Settings are in format: version, name, description, type,
345 dictionary of options and array of entries.
346 version (s): see version attribute of ipset tag in
348 firewalld.ipset(5).
349 name (s): see short tag in firewalld.ipset(5).
351 description (s): see description tag in firewalld.ipset(5).
353 type (s): see type attribute of ipset tag in
355 firewalld.ipset(5).
356 options (a{ss}): dictionary of {option : value} . See options
358 tag in firewalld.ipset(5).
359 entries (as): array of entries, see entry tag in
361 firewalld.ipset(5).
362 Possible errors: INVALID_IPSET
364 getIPSets() → as
366 Return array of ipset names (s) in runtime configuration. For
367 permanent configuration see
368 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
369 queryEntry(s: ipset, s: entry) → b
371 Return whether entry has been added to ipset. For permanent
372 operation see
373 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
374 Possible errors: INVALID_IPSET
376 queryIPSet(s: ipset) → b
378 Return whether ipset is defined in runtime configuration.
379 removeEntry(s: ipset, s: entry) → as
381 Removes an entry from ipset. For permanent operation see
382 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
383 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
385 setEntries(as: entries) → Nothing
387 Permanently set list of entries to entries. For permanent
388 operation see
389 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
390 See entry tag in firewalld.ipset(5).
391 Signals
393 EntryAdded(s: ipset, s: entry)
394 Emitted when entry has been added to ipset.
395 EntryRemoved(s: ipset, s: entry)
397 Emitted when entry has been removed from ipset.
398 org.fedoraproject.FirewallD1.direct
400 DEPRECATED
401 The direct interface has been deprecated. It will be removed in a
402 future release. It is superseded by policies, see
403 firewalld.policies(5).
404 This interface enables more direct access to the firewall. It enables
406 runtime manipulation with chains and rules. For permanent configuration
407 see org.fedoraproject.FirewallD1.config.direct interface.
408 Methods
410 addChain(s: ipv, s: table, s: chain) → Nothing
411 Add a new chain to table for ipv being either ipv4 (iptables)
412 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
413 other chain with this name already. There already exist basic
414 chains to use with direct methods, for example INPUT_direct
415 chain. These chains are jumped into before chains for zones,
416 i.e. every rule put into INPUT_direct will be checked before
417 rules in zones. For permanent operation see
418 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
419 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
421 COMMAND_FAILED
422 addPassthrough(s: ipv, as: args) → Nothing
424 Add a tracked passthrough rule with the arguments args for ipv
425 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
426 (ebtables). Valid commands in args are only -A/--append,
427 -I/--insert and -N/--new-chain. This method is (unlike
428 passthrough method) tracked, i.e. firewalld remembers it. It's
429 useful with
430 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
431 permanent operation see
432 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
433 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
435 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
437 Nothing
438 Add a rule with the arguments args to chain in table with
439 priority for ipv being either ipv4 (iptables) or ipv6
440 (ip6tables) or eb (ebtables). The priority is used to order
441 rules. Priority 0 means add rule on top of the chain, with a
442 higher priority the rule will be added further down. Rules with
443 the same priority are on the same level and the order of these
444 rules is not fixed and may change. If you want to make sure
445 that a rule will be added after another one, use a low priority
446 for the first and a higher for the following. For permanent
447 operation see
448 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
449 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
451 COMMAND_FAILED
452 getAllChains() → a(sss)
454 Get all chains added to all tables in format: ipv, table,
455 chain. This concerns only chains previously added with
456 addChain. Return value is a array of (ipv, table, chain). For
457 permanent operation see
458 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
459 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
461 (ebtables).
462 table (s): one of filter, mangle, nat, raw, security
464 chain (s): name of a chain.
466 getAllPassthroughs() → a(sas)
469 Get all tracked passthrough rules added in all ipv types in
470 format: ipv, rule. This concerns only rules previously added
471 with addPassthrough. Return value is a array of (ipv, array of
472 arguments). For permanent operation see
473 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
474 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
476 (ebtables).
477 arguments (as): array of commands, parameters and other
479 iptables/ip6tables/ebtables command line options.
480 getAllRules() → a(sssias)
483 Get all rules added to all chains in all tables in format: ipv,
484 table, chain, priority, rule. This concerns only rules
485 previously added with addRule. Return value is a array of (ipv,
486 table, chain, priority, array of arguments). For permanent
487 operation see
488 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
489 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
491 (ebtables).
492 table (s): one of filter, mangle, nat, raw, security
494 chain (s): name of a chain.
496 priority (i): used to order rules.
498 arguments (as): array of commands, parameters and other
500 iptables/ip6tables/ebtables command line options.
501 getChains(s: ipv, s: table) → as
504 Return an array of chains (s) added to table for ipv being
505 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
506 This concerns only chains previously added with addChain. For
507 permanent operation see
508 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
509 Possible errors: INVALID_IPV, INVALID_TABLE
511 getPassthroughs(s: ipv) → aas
513 Get tracked passthrough rules added in either ipv4 (iptables)
514 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
515 previously added with addPassthrough. Return value is a array
516 of (array of arguments). For permanent operation see
517 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
518 arguments (as): array of commands, parameters and other
520 iptables/ip6tables/ebtables command line options.
521 getRules(s: ipv, s: table, s: chain) → a(ias)
524 Get all rules added to chain in table for ipv being either ipv4
525 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
526 only rules previously added with addRule. Return value is a
527 array of (priority, array of arguments). For permanent
528 operation see
529 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
530 priority (i): used to order rules.
532 arguments (as): array of commands, parameters and other
534 iptables/ip6tables/ebtables command line options.
535 Possible errors: INVALID_IPV, INVALID_TABLE
537 passthrough(s: ipv, as: args) → s
539 Pass a command through to the firewall. ipv can be either ipv4
540 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
541 all iptables, ip6tables and ebtables command line arguments.
542 args can be all iptables, ip6tables and ebtables command line
543 arguments. This command is untracked, which means that
544 firewalld is not able to provide information about this command
545 later on.
546 Possible errors: COMMAND_FAILED
548 queryChain(s: ipv, s: table, s: chain) → b
550 Return whether a chain exists in table for ipv being either
551 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
552 concerns only chains previously added with addChain. For
553 permanent operation see
554 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
555 Possible errors: INVALID_IPV, INVALID_TABLE
557 queryPassthrough(s: ipv, as: args) → b
559 Return whether a tracked passthrough rule with the arguments
560 args exists for ipv being either ipv4 (iptables) or ipv6
561 (ip6tables) or eb (ebtables). This concerns only rules
562 previously added with addPassthrough. For permanent operation
563 see
564 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
565 Possible errors: INVALID_IPV
567 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
569 Return whether a rule with priority and the arguments args
570 exists in chain in table for ipv being either ipv4 (iptables)
571 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
572 previously added with addRule. For permanent operation see
573 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
574 Possible errors: INVALID_IPV, INVALID_TABLE
576 removeAllPassthroughs() → Nothing
578 Remove all passthrough rules previously added with
579 addPassthrough.
580 removeChain(s: ipv, s: table, s: chain) → Nothing
582 Remove a chain from table for ipv being either ipv4 (iptables)
583 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
584 added with addChain can be removed this way. For permanent
585 operation see
586 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
587 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
589 COMMAND_FAILED
590 removePassthrough(s: ipv, as: args) → Nothing
592 Remove a tracked passthrough rule with arguments args for ipv
593 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
594 (ebtables). Only rules previously added with addPassthrough can
595 be removed this way. For permanent operation see
596 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
597 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
599 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
601 Nothing
602 Remove a rule with priority and arguments args from chain in
603 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
604 or eb (ebtables). Only rules previously added with addRule can
605 be removed this way. For permanent operation see
606 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
607 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
609 COMMAND_FAILED
610 removeRules(s: ipv, s: table, s: chain) → Nothing
612 Remove all rules from chain in table for ipv being either ipv4
613 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
614 only rules previously added with addRule. For permanent
615 operation see
616 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
617 Possible errors: INVALID_IPV, INVALID_TABLE
619 Signals
621 ChainAdded(s: ipv, s: table, s: chain)
622 Emitted when chain has been added into table for ipv being
623 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
624 ChainRemoved(s: ipv, s: table, s: chain)
626 Emitted when chain has been removed from table for ipv being
627 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
628 PassthroughAdded(s: ipv, as: args)
630 Emitted when a tracked passthruogh rule with args has been
631 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
632 or eb (ebtables).
633 PassthroughRemoved(s: ipv, as: args)
635 Emitted when a tracked passthrough rule with args has been
636 removed for ipv being either ipv4 (iptables) or ipv6
637 (ip6tables) or eb (ebtables).
638 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
640 Emitted when a rule with args has been added to chain in table
641 with priority for ipv being either ipv4 (iptables) or ipv6
642 (ip6tables) or eb (ebtables).
643 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
645 Emitted when a rule with args has been removed from chain in
646 table with priority for ipv being either ipv4 (iptables) or
647 ipv6 (ip6tables) or eb (ebtables).
648 org.fedoraproject.FirewallD1.policies
650 Enables firewalld to be able to lock down configuration changes from
651 local applications. Local applications or services are able to change
652 the firewall configuration if they are running as root (example:
653 libvirt). With these operations administrator can lock the firewall
654 configuration so that either none or only applications that are in the
655 whitelist are able to request firewall changes. For permanent
656 configuration see org.fedoraproject.FirewallD1.config.policies
657 interface.
658 Methods
660 addLockdownWhitelistCommand(s: command) → Nothing
661 Add command to whitelist. See command option in
662 firewalld.lockdown-whitelist(5). For permanent operation see
663 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
664 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
666 addLockdownWhitelistContext(s: context) → Nothing
668 Add context to whitelist. See selinux option in
669 firewalld.lockdown-whitelist(5). For permanent operation see
670 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
671 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
673 addLockdownWhitelistUid(i: uid) → Nothing
675 Add user id uid to whitelist. See user option in
676 firewalld.lockdown-whitelist(5). For permanent operation see
677 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
678 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
680 addLockdownWhitelistUser(s: user) → Nothing
682 Add user name to whitelist. See user option in
683 firewalld.lockdown-whitelist(5). For permanent operation see
684 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
685 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
687 disableLockdown() → Nothing
689 Disable lockdown. This is a runtime and permanent change.
690 Possible errors: NOT_ENABLED
692 enableLockdown() → Nothing
694 Enable lockdown. Be careful - if the calling application/user
695 is not on lockdown whitelist when you enable lockdown you won't
696 be able to disable it again with the application, you would
697 need to edit firewalld.conf. This is a runtime and permanent
698 change.
699 Possible errors: ALREADY_ENABLED
701 getLockdownWhitelistCommands() → as
703 List all command lines (s) that are on whitelist. For permanent
704 operation see
705 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
706 getLockdownWhitelistContexts() → as
708 List all contexts (s) that are on whitelist. For permanent
709 operation see
710 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
711 getLockdownWhitelistUids() → ai
713 List all user ids (i) that are on whitelist. For permanent
714 operation see
715 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
716 getLockdownWhitelistUsers() → as
718 List all users (s) that are on whitelist. For permanent
719 operation see
720 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
721 queryLockdown() → b
723 Query whether lockdown is enabled.
724 queryLockdownWhitelistCommand(s: command) → b
726 Query whether command is on whitelist. For permanent operation
727 see
728 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
729 queryLockdownWhitelistContext(s: context) → b
731 Query whether context is on whitelist. For permanent operation
732 see
733 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
734 queryLockdownWhitelistUid(i: uid) → b
736 Query whether user id uid is on whitelist. For permanent
737 operation see
738 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
739 queryLockdownWhitelistUser(s: user) → b
741 Query whether user is on whitelist. For permanent operation see
742 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
743 removeLockdownWhitelistCommand(s: command) → Nothing
745 Remove command from whitelist. For permanent operation see
746 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
747 Possible errors: NOT_ENABLED
749 removeLockdownWhitelistContext(s: context) → Nothing
751 Remove context from whitelist. For permanent operation see
752 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
753 Possible errors: NOT_ENABLED
755 removeLockdownWhitelistUid(i: uid) → Nothing
757 Remove user id uid from whitelist. For permanent operation see
758 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
759 Possible errors: NOT_ENABLED
761 removeLockdownWhitelistUser(s: user) → Nothing
763 Remove user from whitelist. For permanent operation see
764 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
765 Possible errors: NOT_ENABLED
767 Signals
769 LockdownDisabled()
770 Emitted when lockdown has been disabled.
771 LockdownEnabled()
773 Emitted when lockdown has been enabled.
774 LockdownWhitelistCommandAdded(s: command)
776 Emitted when command has been added to whitelist.
777 LockdownWhitelistCommandRemoved(s: command)
779 Emitted when command has been removed from whitelist.
780 LockdownWhitelistContextAdded(s: context)
782 Emitted when context has been added to whitelist.
783 LockdownWhitelistContextRemoved(s: context)
785 Emitted when context has been removed from whitelist.
786 LockdownWhitelistUidAdded(i: uid)
788 Emitted when user id uid has been added to whitelist.
789 LockdownWhitelistUidRemoved(i: uid)
791 Emitted when user id uid has been removed from whitelist.
792 LockdownWhitelistUserAdded(s: user)
794 Emitted when user has been added to whitelist.
795 LockdownWhitelistUserRemoved(s: user)
797 Emitted when user has been removed from whitelist.
798 org.fedoraproject.FirewallD1.zone
800 Operations in this interface allows to get, add, remove and query
801 runtime zone's settings. For permanent settings see
802 org.fedoraproject.FirewallD1.config.zone interface.
803 Methods
805 getZoneSettings2(s: zone) → a{sv}
806 Return runtime settings of given zone. For getting permanent
807 settings see
808 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2.
809 Settings are a dictionary indexed by keywords. For the type of
810 each value see below. If the value is empty it may be omitted.
811 version (s): see version attribute of zone tag in
813 firewalld.zone(5).
814 name (s): see short tag in firewalld.zone(5).
816 description (s): see description tag in firewalld.zone(5).
818 target (s): see target attribute of zone tag in
820 firewalld.zone(5).
821 services (as): array of service names, see service tag in
823 firewalld.zone(5).
824 ports (a(ss)): array of port and protocol pairs. See port tag
826 in firewalld.zone(5).
827 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
829 firewalld.zone(5).
830 masquerade (b): see masquerade tag in firewalld.zone(5).
832 forward_ports (a(ssss)): array of (port, protocol, to-port,
834 to-addr). See forward-port tag in firewalld.zone(5).
835 interfaces (as): array of interfaces. See interface tag in
837 firewalld.zone(5).
838 sources (as): array of source addresses. See source tag in
840 firewalld.zone(5).
841 rules_str (as): array of rich-language rules. See rule tag in
843 firewalld.zone(5).
844 protocols (as): array of protocols, see protocol tag in
846 firewalld.zone(5).
847 source_ports (a(ss)): array of port and protocol pairs. See
849 source-port tag in firewalld.zone(5).
850 icmp_block_inversion (b): see icmp-block-inversion tag in
852 firewalld.zone(5).
853 forward (b): see forward tag in firewalld.zone(5).
855 Possible errors: INVALID_ZONE
857 setZoneSettings2(s: zone, a{sv}: settings, i: timeout)
859 Set runtime settings of given zone. For setting permanent
860 settings see
861 org.fedoraproject.FirewallD1.config.zone.Methods.update2.
862 Settings are a dictionary indexed by keywords. For the type of
863 each value see below. To zero a value pass an empty string or
864 list.
865 services (as): array of service names, see service tag in
867 firewalld.zone(5).
868 ports (a(ss)): array of port and protocol pairs. See port tag
870 in firewalld.zone(5).
871 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
873 firewalld.zone(5).
874 masquerade (b): see masquerade tag in firewalld.zone(5).
876 forward_ports (a(ssss)): array of (port, protocol, to-port,
878 to-addr). See forward-port tag in firewalld.zone(5).
879 interfaces (as): array of interfaces. See interface tag in
881 firewalld.zone(5).
882 sources (as): array of source addresses. See source tag in
884 firewalld.zone(5).
885 rules_str (as): array of rich-language rules. See rule tag in
887 firewalld.zone(5).
888 protocols (as): array of protocols, see protocol tag in
890 firewalld.zone(5).
891 source_ports (a(ss)): array of port and protocol pairs. See
893 source-port tag in firewalld.zone(5).
894 icmp_block_inversion (b): see icmp-block-inversion tag in
896 firewalld.zone(5).
897 forward (b): see forward tag in firewalld.zone(5).
899 Possible errors: INVALID_ZONE
901 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
903 i: timeout) → s
904 Add the IPv4 forward port into zone. If zone is empty, use
905 default zone. The port can either be a single port number
906 portid or a port range portid-portid. The protocol can either
907 be tcp or udp. The destination address is a simple IP address.
908 If timeout is non-zero, the operation will be active only for
909 the amount of seconds. For permanent settings see
910 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
911 Returns name of zone to which the forward port was added.
913 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
915 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
916 ALREADY_ENABLED, INVALID_COMMAND
917 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
919 Add an ICMP block icmp into zone. The icmp is the one of the
920 icmp types firewalld supports. To get a listing of supported
921 icmp types use
922 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
923 empty, use default zone. If timeout is non-zero, the operation
924 will be active only for the amount of seconds. For permanent
925 settings see
926 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
927 Returns name of zone to which the ICMP block was added.
929 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
931 ALREADY_ENABLED, INVALID_COMMAND
932 addIcmpBlockInversion(s: zone) → s
934 Add ICMP block inversion to zone. If zone is empty, use default
935 zone. For permanent settings see
936 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
937 Returns name of zone to which the ICMP block inversion was
939 added.
940 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
942 addInterface(s: zone, s: interface) → s
944 Bind interface with zone. From now on all traffic going through
945 the interface will respect the zone's settings. If zone is
946 empty, use default zone. For permanent settings see
947 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
948 Returns name of zone to which the interface was bound.
950 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
952 ALREADY_ENABLED, INVALID_COMMAND
953 addMasquerade(s: zone, i: timeout) → s
955 Enable masquerade in zone. If zone is empty, use default zone.
956 If timeout is non-zero, masquerading will be active for the
957 amount of seconds. For permanent settings see
958 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
959 Returns name of zone in which the masquerade was enabled.
961 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
963 addPort(s: zone, s: port, s: protocol, i: timeout) → s
965 Add port into zone. If zone is empty, use default zone. The
966 port can either be a single port number or a port range
967 portid-portid. The protocol can either be tcp or udp. If
968 timeout is non-zero, the operation will be active only for the
969 amount of seconds. For permanent settings see
970 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
971 Returns name of zone to which the port was added.
973 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
975 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
976 addProtocol(s: zone, s: protocol, i: timeout) → s
978 Add protocol into zone. If zone is empty, use default zone. The
979 protocol can be any protocol supported by the system. Please
980 have a look at /etc/protocols for supported protocols. If
981 timeout is non-zero, the operation will be active only for the
982 amount of seconds. For permanent settings see
983 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
984 Returns name of zone to which the protocol was added.
986 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
988 ALREADY_ENABLED, INVALID_COMMAND
989 addRichRule(s: zone, s: rule, i: timeout) → s
991 Add rich language rule into zone. For the rich language rule
992 syntax, please have a look at firewalld.direct(5). If zone is
993 empty, use default zone. If timeout is non-zero, the operation
994 will be active only for the amount of seconds. For permanent
995 settings see
996 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
997 Returns name of zone to which the rich language rule was added.
999 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
1001 INVALID_COMMAND
1002 addService(s: zone, s: service, i: timeout) → s
1004 Add service into zone. If zone is empty, use default zone. If
1005 timeout is non-zero, the operation will be active only for the
1006 amount of seconds. To get a list of supported services, use
1007 org.fedoraproject.FirewallD1.Methods.listServices. For
1008 permanent settings see
1009 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
1010 Returns name of zone to which the service was added.
1012 Possible errors: INVALID_ZONE, INVALID_SERVICE,
1014 ALREADY_ENABLED, INVALID_COMMAND
1015 addSource(s: zone, s: source) → s
1017 Bind source with zone. From now on all traffic going from this
1018 source will respect the zone's settings. A source address or
1019 address range is either an IP address or a network IP address
1020 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
1021 network mask or a plain number. For IPv6 the mask is a plain
1022 number. Use of host names is not supported. If zone is empty,
1023 use default zone. For permanent settings see
1024 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
1025 Returns name of zone to which the source was bound.
1027 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
1029 INVALID_COMMAND
1030 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
1032 Add source port into zone. If zone is empty, use default zone.
1033 The port can either be a single port number or a port range
1034 portid-portid. The protocol can either be tcp or udp. If
1035 timeout is non-zero, the operation will be active only for the
1036 amount of seconds. For permanent settings see
1037 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
1038 Returns name of zone to which the port was added.
1040 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1042 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
1043 changeZone(s: zone, s: interface) → s
1045 This function is deprecated, use
1046 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
1047 instead.
1048 changeZoneOfInterface(s: zone, s: interface) → s
1050 Change a zone an interface is bound to to zone. It's basically
1051 removeInterface(interface) followed by addInterface(zone,
1052 interface). If interface has not been bound to a zone before,
1053 it behaves like addInterface. If zone is empty, use default
1054 zone.
1055 Returns name of zone to which the interface was bound.
1057 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1059 changeZoneOfSource(s: zone, s: source) → s
1061 Change a zone an source is bound to to zone. It's basically
1062 removeSource(source) followed by addSource(zone, source). If
1063 source has not been bound to a zone before, it behaves like
1064 addSource. If zone is empty, use default zone.
1065 Returns name of zone to which the source was bound.
1067 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1069 getActiveZones() → a{sa{sas}}
1071 Return dictionary of currently active zones altogether with
1072 interfaces and sources used in these zones. Active zones are
1073 zones, that have a binding to an interface or source.
1074 Return value is a dictionary where keys are zone names (s) and
1076 values are again dictionaries where keys are either
1077 'interfaces' or 'sources' and values are arrays of interface
1078 names (s) or sources (s).
1079 getForwardPorts(s: zone) → aas
1081 Return array of IPv4 forward ports previously added into zone.
1082 If zone is empty, use default zone. For getting permanent
1083 settings see
1084 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1085 Return value is array of 4-tuples, where each 4-tuple consists
1087 of (port, protocol, to-port, to-addr). to-addr might be empty
1088 in case of local forwarding.
1089 Possible errors: INVALID_ZONE
1091 getIcmpBlocks(s: zone) → as
1093 Return array of ICMP type (s) blocks previously added into
1094 zone. If zone is empty, use default zone. For getting permanent
1095 settings see
1096 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1097 Possible errors: INVALID_ZONE
1099 getIcmpBlockInversion(s: zone) → b
1101 Return whether ICMP block inversion was previously added to
1102 zone. If zone is empty, use default zone. For getting permanent
1103 settings see
1104 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1105 Possible errors: INVALID_ZONE
1107 getInterfaces(s: zone) → as
1109 Return array of interfaces (s) previously bound with zone. If
1110 zone is empty, use default zone. For getting permanent settings
1111 see
1112 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1113 Possible errors: INVALID_ZONE
1115 getPorts(s: zone) → aas
1117 Return array of ports (2-tuple of port and protocol) previously
1118 enabled in zone. If zone is empty, use default zone. For
1119 getting permanent settings see
1120 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1121 Possible errors: INVALID_ZONE
1123 getProtocols(s: zone) → as
1125 Return array of protocols (s) previously enabled in zone. If
1126 zone is empty, use default zone. For getting permanent settings
1127 see
1128 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1129 Possible errors: INVALID_ZONE
1131 getRichRules(s: zone) → as
1133 Return array of rich language rules (s) previously added into
1134 zone. If zone is empty, use default zone. For getting permanent
1135 settings see
1136 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1137 Possible errors: INVALID_ZONE
1139 getServices(s: zone) → as
1141 Return array of services (s) previously enabled in zone. If
1142 zone is empty, use default zone. For getting permanent settings
1143 see
1144 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1145 Possible errors: INVALID_ZONE
1147 getSourcePorts(s: zone) → aas
1149 Return array of source ports (2-tuple of port and protocol)
1150 previously enabled in zone. If zone is empty, use default zone.
1151 For getting permanent settings see
1152 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1153 Possible errors: INVALID_ZONE
1155 getSources(s: zone) → as
1157 Return array of sources (s) previously bound with zone. If zone
1158 is empty, use default zone. For getting permanent settings see
1159 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1160 Possible errors: INVALID_ZONE
1162 getZoneOfInterface(s: interface) → s
1164 Return name (s) of zone the interface is bound to or empty
1165 string.
1166 getZoneOfSource(s: source) → s
1168 Return name (s) of zone the source is bound to or empty string.
1169 getZones() → as
1171 Return array of names (s) of predefined zones known to current
1172 runtime environment. For list of zones known to permanent
1173 environment see
1174 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1175 lists (of zones known to runtime and permanent environment)
1176 will contain same zones in most cases, but might differ for
1177 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1178 has been called recently, but firewalld has not been reloaded
1179 since then.
1180 isImmutable(s: zone) → b
1182 Deprecated.
1183 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1185 toaddr) → b
1186 Return whether the IPv4 forward port (port, protocol, toport,
1187 toaddr) has been added into zone. If zone is empty, use default
1188 zone. For permanent operation see
1189 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1190 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1192 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1193 queryIcmpBlock(s: zone, s: icmp) → b
1195 Return whether an ICMP block for icmp has been added into zone.
1196 If zone is empty, use default zone. For permanent operation see
1197 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1198 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1200 queryIcmpBlockInversion(s: zone) → b
1202 Return whether ICMP block inversion has been added to zone. If
1203 zone is empty, use default zone. For permanent operation see
1204 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1205 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1207 queryInterface(s: zone, s: interface) → b
1209 Query whether interface has been bound to zone. If zone is
1210 empty, use default zone. For permanent operation see
1211 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1212 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1214 queryMasquerade(s: zone) → b
1216 Return whether masquerading has been enabled in zone If zone is
1217 empty, use default zone. For permanent operation see
1218 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1219 Possible errors: INVALID_ZONE
1221 queryPort(s: zone, s: port, s: protocol) → b
1223 Return whether port/protocol has been added in zone. If zone is
1224 empty, use default zone. For permanent operation see
1225 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1226 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1228 INVALID_PROTOCOL
1229 queryProtocol(s: zone, s: protocol) → b
1231 Return whether protocol has been added in zone. If zone is
1232 empty, use default zone. For permanent operation see
1233 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1234 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1236 queryRichRule(s: zone, s: rule) → b
1238 Return whether rich rule rule has been added in zone. If zone
1239 is empty, use default zone. For permanent operation see
1240 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1241 Possible errors: INVALID_ZONE, INVALID_RULE
1243 queryService(s: zone, s: service) → b
1245 Return whether service has been added for zone. If zone is
1246 empty, use default zone. For permanent operation see
1247 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1248 Possible errors: INVALID_ZONE, INVALID_SERVICE
1250 querySource(s: zone, s: source) → b
1252 Query whether sourcehas been bound to zone. If zone is empty,
1253 use default zone. For permanent operation see
1254 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1255 Possible errors: INVALID_ZONE, INVALID_ADDR
1257 querySourcePort(s: zone, s: port, s: protocol) → b
1259 Return whether port/protocol has been added in zone. If zone is
1260 empty, use default zone. For permanent operation see
1261 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1262 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1264 INVALID_PROTOCOL
1265 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1267 toaddr) → s
1268 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1269 from zone. If zone is empty, use default zone. For permanent
1270 operation see
1271 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1272 Returns name of zone from which the forward port was removed.
1274 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1276 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1277 INVALID_COMMAND
1278 removeIcmpBlock(s: zone, s: icmp) → s
1280 Remove ICMP block icmp from zone. If zone is empty, use default
1281 zone. For permanent operation see
1282 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1283 Returns name of zone from which the ICMP block was removed.
1285 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1287 INVALID_COMMAND
1288 removeIcmpBlockInversion(s: zone) → s
1290 Remove ICMP block inversion from zone. If zone is empty, use
1291 default zone. For permanent operation see
1292 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1293 Returns name of zone from which the ICMP block inversion was
1295 removed.
1296 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1298 removeInterface(s: zone, s: interface) → s
1300 Remove binding of interface from zone. If zone is empty, the
1301 interface will be removed from zone it belongs to. For
1302 permanent operation see
1303 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1304 Returns name of zone from which the interface was removed.
1306 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1308 INVALID_COMMAND
1309 removeMasquerade(s: zone) → s
1311 Disable masquerade for zone. If zone is empty, use default
1312 zone. For permanent operation see
1313 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1314 Returns name of zone for which the masquerade was disabled.
1316 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1318 removePort(s: zone, s: port, s: protocol) → s
1320 Remove port/protocol from zone. If zone is empty, use default
1321 zone. For permanent operation see
1322 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1323 Returns name of zone from which the port was removed.
1325 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1327 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1328 removeProtocol(s: zone, s: protocol) → s
1330 Remove protocol from zone. If zone is empty, use default zone.
1331 For permanent operation see
1332 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1333 Returns name of zone from which the protocol was removed.
1335 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1337 INVALID_COMMAND
1338 removeRichRule(s: zone, s: rule) → s
1340 Remove rich language rule from zone. If zone is empty, use
1341 default zone. For permanent operation see
1342 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1343 Returns name of zone from which the rich language rule was
1345 removed.
1346 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1348 INVALID_COMMAND
1349 removeService(s: zone, s: service) → s
1351 Remove service from zone. If zone is empty, use default zone.
1352 For permanent operation see
1353 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1354 Returns name of zone from which the service was removed.
1356 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1358 INVALID_COMMAND
1359 removeSource(s: zone, s: source) → s
1361 Remove binding of source from zone. If zone is empty, the
1362 source will be removed from zone it belongs to. For permanent
1363 operation see
1364 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1365 Returns name of zone from which the source was removed.
1367 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1369 INVALID_COMMAND
1370 removeSourcePort(s: zone, s: port, s: protocol) → s
1372 Remove port/protocol from zone. If zone is empty, use default
1373 zone. For permanent operation see
1374 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1375 Returns name of zone from which the source port was removed.
1377 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1379 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1380 Signals
1382 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1383 toaddr, i: timeout)
1384 Emitted when forward port has been added to zone with timeout.
1385 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1387 toaddr)
1388 Emitted when forward port has been removed from zone.
1389 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1391 Emitted when ICMP block for icmp has been added to zone with
1392 timeout.
1393 IcmpBlockInversionAdded(s: zone)
1395 Emitted when ICMP block inversion has been added to zone.
1396 IcmpBlockInversionRemoved(s: zone)
1398 Emitted when ICMP block inversion has been removed from zone.
1399 IcmpBlockRemoved(s: zone, s: icmp)
1401 Emitted when ICMP block for icmp has been removed from zone.
1402 InterfaceAdded(s: zone, s: interface)
1404 Emitted when interface has been added to zone.
1405 InterfaceRemoved(s: zone, s: interface)
1407 Emitted when interface has been removed from zone.
1408 MasqueradeAdded(s: zone, i: timeout)
1410 Emitted when masquerade has been enabled for zone.
1411 MasqueradeRemoved(s: zone)
1413 Emitted when masquerade has been disabled for zone.
1414 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1416 Emitted when port/protocol has been added to zone with timeout.
1417 PortRemoved(s: zone, s: port, s: protocol)
1419 Emitted when port/protocol has been removed from zone.
1420 ProtocolAdded(s: zone, s: protocol, i: timeout)
1422 Emitted when protocol has been added to zone with timeout.
1423 ProtocolRemoved(s: zone, s: protocol)
1425 Emitted when protocol has been removed from zone.
1426 RichRuleAdded(s: zone, s: rule, i: timeout)
1428 Emitted when rich language rule has been added to zone with
1429 timeout.
1430 RichRuleRemoved(s: zone, s: rule)
1432 Emitted when rich language rule has been removed from zone.
1433 ServiceAdded(s: zone, s: service, i: timeout)
1435 Emitted when service has been added to zone with timeout.
1436 ServiceRemoved(s: zone, s: service)
1438 Emitted when service has been removed from zone.
1439 SourceAdded(s: zone, s: source)
1441 Emitted when source has been added to zone.
1442 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1444 Emitted when source-port/protocol has been added to zone with
1445 timeout.
1446 SourcePortRemoved(s: zone, s: port, s: protocol)
1448 Emitted when source-port/protocol has been removed from zone.
1449 SourceRemoved(s: zone, s: source)
1451 Emitted when source has been removed from zone.
1452 ZoneChanged(s: zone, s: interface)
1454 Deprecated
1455 ZoneOfInterfaceChanged(s: zone, s: interface)
1457 Emitted when a zone an interface is part of has been changed to
1458 zone.
1459 ZoneOfSourceChanged(s: zone, s: source)
1461 Emitted when a zone an source is part of has been changed to
1462 zone.
1463 ZoneUpdated2(s: zone, a{sv}: settings)
1465 Emitted when a zone's settings are updated via
1466 org.fedoraproject.FirewallD1.zone.Methods.setZoneSettings2
1467 org.fedoraproject.FirewallD1.policy
1469 Operations in this interface allows to get, add, remove and query
1470 runtime policy settings. For permanent settings see
1471 org.fedoraproject.FirewallD1.config.policy interface.
1472 Methods
1474 getActivePolicies() → a{sa{sas}}
1475 Return dictionary of currently active policies altogether with
1476 ingress zones and egress zones used in these policies. Active
1477 policies are policies, that have a binding to an active ingress
1478 zone and an active egress zone.
1479 Return value is a dictionary where keys are policy names (s)
1481 and values are again dictionaries where keys are either
1482 'ingress_zones' or 'egress_zones' and values are arrays of zone
1483 names (s).
1484 getPolicies() → as
1486 Return array of names (s) of predefined policies known to
1487 current runtime environment. For list of policies known to
1488 permanent environment see
1489 org.fedoraproject.FirewallD1.config.Methods.listPolicies. The
1490 lists (of policies known to runtime and permanent environment)
1491 will contain same policies in most cases, but might differ for
1492 example if
1493 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1494 called recently, but firewalld has not been reloaded since
1495 then.
1496 getPolicySettings(s: policy) → a{sv}
1498 Return runtime settings of given policy. For getting permanent
1499 settings see
1500 org.fedoraproject.FirewallD1.config.policy.Methods.getSettings.
1501 Settings are a dictionary indexed by keywords. For possible
1502 keywords see
1503 org.fedoraproject.FirewallD1.config.Methods.addPolicy. If the
1504 value is empty it may be omitted.
1505 Possible errors: INVALID_POLICY
1507 setPolicySettings(s: policy, a{sv}: settings, i: timeout)
1509 Set runtime settings of given policy. For setting permanent
1510 settings see
1511 org.fedoraproject.FirewallD1.config.policy.Methods.update.
1512 Settings are a dictionary indexed by keywords. For possible
1513 keywords see
1514 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
1515 a value pass an empty string or list. Some keywords are not
1516 available to modify in the runtime: description, name,
1517 priority, target, version.
1518 Possible errors: INVALID_POLICY
1520 Signals
1522 ForwardPortAdded(s: policy, a{sv}: settings)
1523 Emitted when a policy's settings are updated via
1524 org.fedoraproject.FirewallD1.policy.Methods.setPolicySettings
1525 org.fedoraproject.FirewallD1.config
1527 Allows to permanently add, remove and query zones, services and icmp
1528 types.
1529 Methods
1531 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1532 Add ipset with given settings into permanent configuration.
1533 Settings are in format: version, name, description, type,
1534 dictionary of options and array of entries.
1535 version (s): see version attribute of ipset tag in
1537 firewalld.ipset(5).
1538 name (s): see short tag in firewalld.ipset(5).
1540 description (s): see description tag in firewalld.ipset(5).
1542 type (s): see type attribute of ipset tag in
1544 firewalld.ipset(5).
1545 options (a{ss}): dictionary of {option : value} . See options
1547 tag in firewalld.ipset(5).
1548 entries (as): array of entries, see entry tag in
1550 firewalld.ipset(5).
1551 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1553 addIcmpType(s: icmptype, (sssas): settings) → o
1555 Add icmptype with given settings into permanent configuration.
1556 Settings are in format: version, name, description, array of
1557 destinations. Returns object path of the new icmp type.
1558 version (s): see version attribute of icmptype tag in
1560 firewalld.icmptype(5).
1561 name (s): see short tag in firewalld.icmptype(5).
1563 description (s): see description tag in firewalld.icmptype(5).
1565 destinations (as): array, either empty or containing strings
1567 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1568 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1570 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1572 This function is deprecated, use
1573 org.fedoraproject.FirewallD1.config.Methods.addService2
1574 instead.
1575 addService2s: service, a{sv}: settings) → o
1577 Add service with given settings into permanent configuration.
1578 Settings are a dictionary indexed by keywords. For the type of
1579 each value see below. To zero a value pass an empty string or
1580 list.
1581 version (s): see version attribute of service tag in
1583 firewalld.service(5).
1584 name (s): see short tag in firewalld.service(5).
1586 description (s): see description tag in firewalld.service(5).
1588 ports (a(ss)): array of port and protocol pairs. See port tag
1590 in firewalld.service(5).
1591 module names (as): array of kernel netfilter helpers, see
1593 module tag in firewalld.service(5).
1594 destinations (a{ss}): dictionary of {IP family : IP address}
1596 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1597 destination tag in firewalld.service(5).
1598 protocols (as): array of protocols, see protocol tag in
1600 firewalld.service(5).
1601 source_ports (a(ss)): array of port and protocol pairs. See
1603 source-port tag in firewalld.service(5).
1604 includes (as): array of service includes, see include tag in
1606 firewalld.service(5).
1607 helpers (as): array of service helpers, see helper tag in
1609 firewalld.service(5).
1610 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1612 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings)
1614 → o
1615 This function is deprecated, use
1616 org.fedoraproject.FirewallD1.config.Methods.addZone2 instead.
1617 addZone2(s: zone, a{sv}: settings) → o
1619 Add zone with given settings into permanent configuration.
1620 Settings are a dictionary indexed by keywords. For the type of
1621 each value see below. To zero a value pass an empty string or
1622 list.
1623 version (s): see version attribute of zone tag in
1625 firewalld.zone(5).
1626 name (s): see short tag in firewalld.zone(5).
1628 description (s): see description tag in firewalld.zone(5).
1630 target (s): see target attribute of zone tag in
1632 firewalld.zone(5).
1633 services (as): array of service names, see service tag in
1635 firewalld.zone(5).
1636 ports (a(ss)): array of port and protocol pairs. See port tag
1638 in firewalld.zone(5).
1639 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1641 firewalld.zone(5).
1642 masquerade (b): see masquerade tag in firewalld.zone(5).
1644 forward_ports (a(ssss)): array of (port, protocol, to-port,
1646 to-addr). See forward-port tag in firewalld.zone(5).
1647 interfaces (as): array of interfaces. See interface tag in
1649 firewalld.zone(5).
1650 sources (as): array of source addresses. See source tag in
1652 firewalld.zone(5).
1653 rules_str (as): array of rich-language rules. See rule tag in
1655 firewalld.zone(5).
1656 protocols (as): array of protocols, see protocol tag in
1658 firewalld.zone(5).
1659 source_ports (a(ss)): array of port and protocol pairs. See
1661 source-port tag in firewalld.zone(5).
1662 icmp_block_inversion (b): see icmp-block-inversion tag in
1664 firewalld.zone(5).
1665 forward (b): see forward tag in firewalld.zone(5).
1667 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1669 addPolicy(s: policy, a{sv}: settings) → o
1671 Add policy with given settings into permanent configuration.
1672 Settings are a dictionary indexed by keywords. For the type of
1673 each value see below. If a keyword is omitted the default value
1674 will be used.
1675 description (s): see description tag in firewalld.policy(5).
1677 egress_zones as: array of zone names. See egress-zone tag in
1679 firewalld.policy(5).
1680 forward_ports (a(ssss)): array of (port, protocol, to-port,
1682 to-addr). See forward-port tag in firewalld.policy(5).
1683 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1685 firewalld.policy(5).
1686 ingress_zones as: array of zone names. See ingress-zone tag in
1688 firewalld.policy(5).
1689 masquerade (b): see masquerade tag in firewalld.policy(5).
1691 ports (a(ss)): array of port and protocol pairs. See port tag
1693 in firewalld.policy(5).
1694 priority (i): see priority tag in firewalld.policy(5).
1696 protocols (as): array of protocols, see protocol tag in
1698 firewalld.policy(5).
1699 rich_rules (as): array of rich-language rules. See rule tag in
1701 firewalld.policy(5).
1702 services (as): array of service names, see service tag in
1704 firewalld.policy(5).
1705 short (s): see short tag in firewalld.policy(5).
1707 source_ports (a(ss)): array of port and protocol pairs. See
1709 source-port tag in firewalld.policy(5).
1710 target (s): see target attribute of policy tag in
1712 firewalld.policy(5).
1713 version (s): see version attribute of policy tag in
1715 firewalld.policy(5).
1716 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1718 getHelperByName(s: helper) → o
1720 Return object path (permanent configuration) of helper with
1721 given name.
1722 Possible errors: INVALID_HELPER
1724 getHelperNames() → as
1726 Return list of helper names (permanent configuration).
1727 getIPSetByName(s: ipset) → o
1729 Return object path (permanent configuration) of ipset with
1730 given name.
1731 Possible errors: INVALID_IPSET
1733 getIPSetNames() → as
1735 Return list of ipset names (permanent configuration).
1736 getIcmpTypeByName(s: icmptype) → o
1738 Return object path (permanent configuration) of icmptype with
1739 given name.
1740 Possible errors: INVALID_ICMPTYPE
1742 getIcmpTypeNames() → as
1744 Return list of icmptype names (permanent configuration).
1745 getServiceByName(s: service) → o
1747 Return object path (permanent configuration) of service with
1748 given name.
1749 Possible errors: INVALID_SERVICE
1751 getServiceNames() → as
1753 Return list of service names (permanent configuration).
1754 getZoneByName(s: zone) → o
1756 Return object path (permanent configuration) of zone with given
1757 name.
1758 Possible errors: INVALID_ZONE
1760 getZoneNames() → as
1762 Return list of zone names (permanent configuration) of.
1763 getZoneOfInterface(s: iface) → s
1765 Return name of zone the iface is bound to or empty string.
1766 getZoneOfSource(s: source) → s
1768 Return name of zone the source is bound to or empty string.
1769 getPolicyByName(s: policy) → o
1771 Return object path (permanent configuration) of policy with
1772 given name.
1773 Possible errors: INVALID_POLICY
1775 getPolicyNames() → as
1777 Return list of policy names (permanent configuration).
1778 listHelpers() → ao
1780 Return array of object paths (o) of helper in permanent
1781 configuration. For runtime configuration see
1782 org.fedoraproject.FirewallD1.Methods.getHelpers.
1783 listIPSets() → ao
1785 Return array of object paths (o) of ipset in permanent
1786 configuration. For runtime configuration see
1787 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1788 listIcmpTypes() → ao
1790 Return array of object paths (o) of icmp types in permanent
1791 configuration. For runtime configuration see
1792 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1793 listServices() → ao
1795 Return array of objects paths (o) of services in permanent
1796 configuration. For runtime configuration see
1797 org.fedoraproject.FirewallD1.Methods.listServices.
1798 listZones() → ao
1800 List object paths of zones known to permanent environment. For
1801 list of zones known to runtime environment see
1802 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1803 (of zones known to runtime and permanent environment) will
1804 contain same zones in most cases, but might differ for example
1805 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1806 called recently, but firewalld has not been reloaded since
1807 then.
1808 listPolicies() → ao
1810 List object paths of policies known to permanent environment.
1811 For list of policies known to runtime environment see
1812 org.fedoraproject.FirewallD1.policy.Methods.getPolicies. The
1813 lists (of policies known to runtime and permanent environment)
1814 will contain same policies in most cases, but might differ for
1815 example if
1816 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1817 called recently, but firewalld has not been reloaded since
1818 then.
1819 Signals
1821 HelperAdded(s: helper)
1822 Emitted when helper has been added.
1823 IPSetAdded(s: ipset)
1825 Emitted when ipset has been added.
1826 IcmpTypeAdded(s: icmptype)
1828 Emitted when icmptype has been added.
1829 ServiceAdded(s: service)
1831 Emitted when service has been added.
1832 ZoneAdded(s: zone)
1834 Emitted when zone has been added.
1835 Properties
1837 AllowZoneDrifting - s - (rw)
1838 Deprecated. Getting this value always returns "no". Setting
1839 this value is ignored.
1840 AutomaticHelpers - s - (rw)
1842 Deprecated. Getting this value always returns "no". Setting
1843 this value is ignored.
1844 CleanupModulesOnExit - s - (rw)
1846 Setting this option to yes or true unloads all firewall-related
1847 kernel modules when firewalld is stopped.
1848 CleanupOnExit - s - (rw)
1850 If firewalld stops, it cleans up all firewall rules. Setting
1851 this option to no or false leaves the current firewall rules
1852 untouched.
1853 DefaultZone - s - (ro)
1855 Default zone for connections or interfaces if the zone is not
1856 selected or specified by NetworkManager, initscripts or command
1857 line tool.
1858 FirewallBackend - s - (rw)
1860 Selects the firewalld backend for all rules except the direct
1861 interface. Valid options are; nftables, iptables. Default in
1862 nftables.
1863 Note: The iptables backend is deprecated. It will be removed in
1865 a future release.
1866 FlushAllOnReload - s - (rw)
1868 Flush all runtime rules on a reload. Valid options are; yes,
1869 no.
1870 IPv6_rpfilter - s - (rw)
1872 Indicates whether the reverse path filter test on a packet for
1873 IPv6 is enabled. If a reply to the packet would be sent via the
1874 same interface that the packet arrived on, the packet will
1875 match and be accepted, otherwise dropped.
1876 IndividualCalls - s - (ro)
1878 Indicates whether individual calls combined -restore calls are
1879 used. If enabled, this increases the time that is needed to
1880 apply changes and to start the daemon, but is good for
1881 debugging.
1882 Lockdown - s - (rw)
1884 If this property is enabled, firewall changes with the D-Bus
1885 interface will be limited to applications that are listed in
1886 the lockdown whitelist.
1887 LogDenied - s - (rw)
1889 If LogDenied is enabled, then logging rules are added right
1890 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1891 chains for the default rules and also final reject and drop
1892 rules in zones. Possible values are: all, unicast, broadcast,
1893 multicast and off.
1894 MinimalMark - i - (rw)
1896 Deprecated. This option is ignored and no longer used. Marks
1897 are no longer used internally.
1898 RFC3964_IPv4 - s - (rw)
1900 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1901 addresses that correspond to IPv4 addresses that should not be
1902 routed over the public internet. Valid options are; yes, no.
1903 org.fedoraproject.FirewallD1.config.direct
1905 DEPRECATED
1906 The direct interface has been deprecated. It will be removed in a
1907 future release. It is superseded by policies, see
1908 firewalld.policies(5).
1909 Interface for permanent direct configuration, see also
1911 firewalld.direct(5). For runtime direct configuration see
1912 org.fedoraproject.FirewallD1.direct interface.
1913 Methods
1915 addChain(s: ipv, s: table, s: chain) → Nothing
1916 Add a new chain to table for ipv being either ipv4 (iptables)
1917 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1918 other chain with this name already. There already exist basic
1919 chains to use with direct methods, for example INPUT_direct
1920 chain. These chains are jumped into before chains for zones,
1921 i.e. every rule put into INPUT_direct will be checked before
1922 rules in zones. For runtime operation see
1923 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1924 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1926 addPassthrough(s: ipv, as: args) → Nothing
1928 Add a passthrough rule with the arguments args for ipv being
1929 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1930 For runtime operation see
1931 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1932 Possible errors: INVALID_IPV, ALREADY_ENABLED
1934 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1936 Nothing
1937 Add a rule with the arguments args to chain in table with
1938 priority for ipv being either ipv4 (iptables) or ipv6
1939 (ip6tables) or eb (ebtables). The priority is used to order
1940 rules. Priority 0 means add rule on top of the chain, with a
1941 higher priority the rule will be added further down. Rules with
1942 the same priority are on the same level and the order of these
1943 rules is not fixed and may change. If you want to make sure
1944 that a rule will be added after another one, use a low priority
1945 for the first and a higher for the following. For runtime
1946 operation see
1947 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1948 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1950 getAllChains() → a(sss)
1952 Get all chains added to all tables in format: ipv, table,
1953 chain. This concerns only chains previously added with
1954 addChain. Return value is a array of (ipv, table, chain). For
1955 runtime operation see
1956 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1957 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1959 (ebtables).
1960 table (s): one of filter, mangle, nat, raw, security
1962 chain (s): name of a chain.
1964 getAllPassthroughs() → a(sas)
1967 Get all passthrough rules added in all ipv types in format:
1968 ipv, rule. This concerns only rules previously added with
1969 addPassthrough. Return value is a array of (ipv, array of
1970 arguments). For runtime operation see
1971 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1972 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1974 (ebtables).
1975 arguments (as): array of commands, parameters and other
1977 iptables/ip6tables/ebtables command line options.
1978 getAllRules() → a(sssias)
1981 Get all rules added to all chains in all tables in format: ipv,
1982 table, chain, priority, rule. This concerns only rules
1983 previously added with addRule. Return value is a array of (ipv,
1984 table, chain, priority, array of arguments). For runtime
1985 operation see
1986 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1987 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1989 (ebtables).
1990 table (s): one of filter, mangle, nat, raw, security
1992 chain (s): name of a chain.
1994 priority (i): used to order rules.
1996 arguments (as): array of commands, parameters and other
1998 iptables/ip6tables/ebtables command line options.
1999 getChains(s: ipv, s: table) → as
2002 Return an array of chains (s) added to table for ipv being
2003 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2004 This concerns only chains previously added with addChain. For
2005 runtime operation see
2006 org.fedoraproject.FirewallD1.direct.Methods.getChains.
2007 Possible errors: INVALID_IPV, INVALID_TABLE
2009 getPassthroughs(s: ipv) → aas
2011 Get tracked passthrough rules added in either ipv4 (iptables)
2012 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2013 previously added with addPassthrough. Return value is a array
2014 of (array of arguments). For runtime operation see
2015 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
2016 arguments (as): array of commands, parameters and other
2018 iptables/ip6tables/ebtables command line options.
2019 getRules(s: ipv, s: table, s: chain) → a(ias)
2022 Get all rules added to chain in table for ipv being either ipv4
2023 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2024 only rules previously added with addRule. Return value is a
2025 array of (priority, array of arguments). For runtime operation
2026 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
2027 priority (i): used to order rules.
2029 arguments (as): array of commands, parameters and other
2031 iptables/ip6tables/ebtables command line options.
2032 Possible errors: INVALID_IPV, INVALID_TABLE
2034 getSettings() → (a(sss)a(sssias)a(sas))
2036 Get settings of permanent direct configuration in format: array
2037 of chains, array of rules, array of passthroughs.
2038 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2040 firewalld.direct(5).
2041 .
2042 .PP rules (a(sssias)): array of (ipv, table,
2043 chain, priority, array of arguments), see 'rule' in
2044 firewalld.direct(5).
2045 .
2046 .PP passthroughs (a(sas)): array of (ipv,
2047 array of arguments), see passthrough in firewalld.direct(5).
2048 .
2049 .sp
2050 queryChain(s: ipv, s: table, s: chain) → b
2052 Return whether a chain exists in table for ipv being either
2053 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
2054 concerns only chains previously added with addChain. For
2055 runtime operation see
2056 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
2057 Possible errors: INVALID_IPV, INVALID_TABLE
2059 queryPassthrough(s: ipv, as: args) → b
2061 Return whether a tracked passthrough rule with the arguments
2062 args exists for ipv being either ipv4 (iptables) or ipv6
2063 (ip6tables) or eb (ebtables). This concerns only rules
2064 previously added with addPassthrough. For runtime operation see
2065 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
2066 Possible errors: INVALID_IPV
2068 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
2070 Return whether a rule with priority and the arguments args
2071 exists in chain in table for ipv being either ipv4 (iptables)
2072 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2073 previously added with addRule. For runtime operation see
2074 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
2075 Possible errors: INVALID_IPV, INVALID_TABLE
2077 removeChain(s: ipv, s: table, s: chain) → Nothing
2079 Remove a chain from table for ipv being either ipv4 (iptables)
2080 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
2081 added with addChain can be removed this way. For runtime
2082 operation see
2083 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
2084 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2086 removePassthrough(s: ipv, as: args) → Nothing
2088 Remove a passthrough rule with arguments args for ipv being
2089 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2090 Only rules previously added with addPassthrough can be removed
2091 this way. For runtime operation see
2092 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
2093 Possible errors: INVALID_IPV, NOT_ENABLED
2095 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
2097 Nothing
2098 Remove a rule with priority and arguments args from chain in
2099 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
2100 or eb (ebtables). Only rules previously added with addRule can
2101 be removed this way. For runtime operation see
2102 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
2103 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2105 removeRules(s: ipv, s: table, s: chain) → Nothing
2107 Remove all rules from chain in table for ipv being either ipv4
2108 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2109 only rules previously added with addRule. For runtime operation
2110 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
2111 Possible errors: INVALID_IPV, INVALID_TABLE
2113 update((a(sss)a(sssias)a(sas)): settings) → Nothing
2115 Update permanent direct configuration with given settings.
2116 Settings are in format: array of chains, array of rules, array
2117 of passthroughs.
2118 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2120 firewalld.direct(5).
2121 .
2122 .PP rules (a(sssias)): array of (ipv, table,
2123 chain, priority, array of arguments), see 'rule' in
2124 firewalld.direct(5).
2125 .
2126 .PP passthroughs (a(sas)): array of (ipv,
2127 array of arguments), see passthrough in firewalld.direct(5).
2128 .
2129 .sp Possible errors: INVALID_TYPE
2130 Signals
2132 Updated()
2133 Emitted when configuration has been updated.
2134 org.fedoraproject.FirewallD1.config.policies
2136 Interface for permanent lockdown-whitelist configuration, see also
2137 firewalld.lockdown-whitelist(5). For runtime configuration see
2138 org.fedoraproject.FirewallD1.policies interface.
2139 Methods
2141 addLockdownWhitelistCommand(s: command) → Nothing
2142 Add command to whitelist. See command option in
2143 firewalld.lockdown-whitelist(5). For runtime operation see
2144 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
2145 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2147 addLockdownWhitelistContext(s: context) → Nothing
2149 Add context to whitelist. See selinux option in
2150 firewalld.lockdown-whitelist(5). For runtime operation see
2151 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
2152 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2154 addLockdownWhitelistUid(i: uid) → Nothing
2156 Add user id uid to whitelist. See user option in
2157 firewalld.lockdown-whitelist(5). For runtime operation see
2158 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
2159 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2161 addLockdownWhitelistUser(s: user) → Nothing
2163 Add user name to whitelist. See user option in
2164 firewalld.lockdown-whitelist(5). For runtime operation see
2165 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
2166 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2168 getLockdownWhitelist() → (asasasai)
2170 Get settings of permanent lockdown-whitelist configuration in
2171 format: commands, selinux contexts, users, uids
2172 commands (as): see command option in firewalld.lockdown-
2174 whitelist(5).
2175 selinux contexts (as): see selinux option in
2177 firewalld.lockdown-whitelist(5).
2178 users (as): see name attribute of user option in
2180 firewalld.lockdown-whitelist(5).
2181 uids (ai): see id attribute of user option in
2183 firewalld.lockdown-whitelist(5).
2184 getLockdownWhitelistCommands() → as
2187 List all command lines (s) that are on whitelist. For runtime
2188 operation see
2189 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
2190 getLockdownWhitelistContexts() → as
2192 List all contexts (s) that are on whitelist. For runtime
2193 operation see
2194 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2195 getLockdownWhitelistUids() → ai
2197 List all user ids (i) that are on whitelist. For runtime
2198 operation see
2199 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2200 getLockdownWhitelistUsers() → as
2202 List all users (s) that are on whitelist. For runtime operation
2203 see
2204 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2205 queryLockdownWhitelistCommand(s: command) → b
2207 Query whether command is on whitelist. For runtime operation
2208 see
2209 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2210 queryLockdownWhitelistContext(s: context) → b
2212 Query whether context is on whitelist. For runtime operation
2213 see
2214 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2215 queryLockdownWhitelistUid(i: uid) → b
2217 Query whether user id uid is on whitelist. For runtime
2218 operation see
2219 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2220 queryLockdownWhitelistUser(s: user) → b
2222 Query whether user is on whitelist. For runtime operation see
2223 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2224 removeLockdownWhitelistCommand(s: command) → Nothing
2226 Remove command from whitelist. For runtime operation see
2227 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2228 Possible errors: NOT_ENABLED
2230 removeLockdownWhitelistContext(s: context) → Nothing
2232 Remove context from whitelist. For runtime operation see
2233 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2234 Possible errors: NOT_ENABLED
2236 removeLockdownWhitelistUid(i: uid) → Nothing
2238 Remove user id uid from whitelist. For runtime operation see
2239 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2240 Possible errors: NOT_ENABLED
2242 removeLockdownWhitelistUser(s: user) → Nothing
2244 Remove user from whitelist. For runtime operation see
2245 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2246 Possible errors: NOT_ENABLED
2248 setLockdownWhitelist((asasasai): settings) → Nothing
2250 Set permanent lockdown-whitelist configuration to settings.
2251 Settings are in format: commands, selinux contexts, users, uids
2252 commands (as): see command option in firewalld.lockdown-
2254 whitelist(5).
2255 selinux contexts (as): see selinux option in
2257 firewalld.lockdown-whitelist(5).
2258 users (as): see name attribute of user option in
2260 firewalld.lockdown-whitelist(5).
2261 uids (ai): see id attribute of user option in
2263 firewalld.lockdown-whitelist(5).
2264 Possible errors: INVALID_TYPE
2266 Signals
2268 LockdownWhitelistUpdated()
2269 Emitted when permanent lockdown-whitelist configuration has
2270 been updated.
2271 org.fedoraproject.FirewallD1.config.ipset
2273 Interface for permanent ipset configuration, see also
2274 firewalld.ipset(5).
2275 Methods
2277 addEntry(s: entry) → Nothing
2278 Permanently add entry to list of entries of ipset. See entry
2279 tag in firewalld.ipset(5). For runtime operation see
2280 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2281 Possible errors: ALREADY_ENABLED
2283 addOption(s: key, s: value) → Nothing
2285 Permanently add (key, value) to the ipset. See option tag in
2286 firewalld.ipset(5).
2287 Possible errors: ALREADY_ENABLED
2289 getDescription() → s
2291 Get description of ipset. See description tag in
2292 firewalld.ipset(5).
2293 getEntries() → as
2295 Get list of entries added to ipset. See entry tag in
2296 firewalld.ipset(5). For runtime operation see
2297 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2298 Possible errors: IPSET_WITH_TIMEOUT
2300 getOptions() → a{ss}
2302 Get dictionary of options set for ipset. See option tag in
2303 firewalld.ipset(5).
2304 getSettings() → (ssssa{ss}as)
2306 Return permament settings of the ipset. For getting runtime
2307 settings see
2308 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2309 Settings are in format: version, name, description, type,
2310 dictionary of options and array of entries.
2311 version (s): see version attribute of ipset tag in
2313 firewalld.ipset(5).
2314 name (s): see short tag in firewalld.ipset(5).
2316 description (s): see description tag in firewalld.ipset(5).
2318 type (s): see type attribute of ipset tag in
2320 firewalld.ipset(5).
2321 options (a{ss}): dictionary of {option : value} . See options
2323 tag in firewalld.ipset(5).
2324 entries (as): array of entries, see entry tag in
2326 firewalld.ipset(5).
2327 getShort() → s
2330 Get name of ipset. See short tag in firewalld.ipset(5).
2331 getType() → s
2333 Get type of ipset. See type attribute of ipset tag in
2334 firewalld.ipset(5).
2335 getVersion() → s
2337 Get version of ipset. See version attribute of ipset tag in
2338 firewalld.ipset(5).
2339 loadDefaults() → Nothing
2341 Load default settings for built-in ipset.
2342 Possible errors: NO_DEFAULTS
2344 queryEntry(s: entry) → b
2346 Return whether entry has been added to ipset. For runtime
2347 operation see
2348 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2349 queryOption(s: key, s: value) → b
2351 Return whether (key, value) has been added to options of the
2352 ipset.
2353 remove() → Nothing
2355 Remove not built-in ipset.
2356 Possible errors: BUILTIN_IPSET
2358 removeEntry(s: entry) → Nothing
2360 Permanently remove entry from ipset. See entry tag in
2361 firewalld.ipset(5). For runtime operation see
2362 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2363 Possible errors: NOT_ENABLED
2365 removeOption(s: key) → Nothing
2367 Permanently remove key from the ipset. See option tag in
2368 firewalld.ipset(5).
2369 Possible errors: NOT_ENABLED
2371 rename(s: name) → Nothing
2373 Rename not built-in ipset to name.
2374 Possible errors: BUILTIN_IPSET
2376 setDescription(s: description) → Nothing
2378 Permanently set description of ipset to description. See
2379 description tag in firewalld.ipset(5).
2380 setEntries(as: entries) → Nothing
2382 Permanently set list of entries to entries. See entry tag in
2383 firewalld.ipset(5).
2384 setOptions(a{ss}: options) → Nothing
2386 Permanently set dict of options to options. See option tag in
2387 firewalld.ipset(5).
2388 setShort(s: short) → Nothing
2390 Permanently set name of ipset to short. See short tag in
2391 firewalld.ipset(5).
2392 setType(s: ipset_type) → Nothing
2394 Permanently set type of ipset to ipset_type. See type attribute
2395 of ipset tag in firewalld.ipset(5).
2396 setVersion(s: version) → Nothing
2398 Permanently set version of ipset to version. See version
2399 attribute of ipset tag in firewalld.ipset(5).
2400 update((ssssa{ss}as): settings) → Nothing
2402 Update settings of ipset to settings. Settings are in format:
2403 version, name, description, type, dictionary of options and
2404 array of entries.
2405 version (s): see version attribute of ipset tag in
2407 firewalld.ipset(5).
2408 name (s): see short tag in firewalld.ipset(5).
2410 description (s): see description tag in firewalld.ipset(5).
2412 type (s): see type attribute of ipset tag in
2414 firewalld.ipset(5).
2415 options (a{ss}): dictionary of {option : value} . See options
2417 tag in firewalld.ipset(5).
2418 entries (as): array of entries, see entry tag in
2420 firewalld.ipset(5).
2421 Possible errors: INVALID_TYPE
2423 Signals
2425 Removed(s: name)
2426 Emitted when ipset with name has been removed.
2427 Renamed(s: name)
2429 Emitted when ipset has been renamed to name.
2430 Updated(s: name)
2432 Emitted when ipset with name has been updated.
2433 Properties
2435 builtin - b - (ro)
2436 True if ipset is build-in, false else.
2437 default - b - (ro)
2439 True if build-in ipset has default settings. False if it has
2440 been modified. Always False for not build-in ipsets.
2441 filename - s - (ro)
2443 Name (including .xml extension) of file where the configuration
2444 is stored.
2445 name - s - (ro)
2447 Name of ipset.
2448 path - s - (ro)
2450 Path to directory where the ipset configuration is stored.
2451 Should be either /usr/lib/firewalld/ipsets or
2452 /etc/firewalld/ipsets.
2453 org.fedoraproject.FirewallD1.config.zone
2455 Interface for permanent zone configuration, see also firewalld.zone(5).
2456 Methods
2458 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2459 Nothing
2460 Permanently add (port, protocol, toport, toaddr) to list of
2461 forward ports of zone. See forward-port tag in
2462 firewalld.zone(5). For runtime operation see
2463 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2464 Possible errors: ALREADY_ENABLED
2466 addIcmpBlock(s: icmptype) → Nothing
2468 Permanently add icmptype to list of icmp types blocked in zone.
2469 See icmp-block tag in firewalld.zone(5). For runtime operation
2470 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2471 Possible errors: ALREADY_ENABLED
2473 addIcmpBlock(s: icmptype) → Nothing
2475 Permanently add icmp block inversion to zone. See
2476 icmp-block-inversion tag in firewalld.zone(5). For runtime
2477 operation see
2478 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2479 Possible errors: ALREADY_ENABLED
2481 addInterface(s: interface) → Nothing
2483 Permanently add interface to list of interfaces bound to zone.
2484 See interface tag in firewalld.zone(5). For runtime operation
2485 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2486 Possible errors: ALREADY_ENABLED
2488 addMasquerade() → Nothing
2490 Permanently enable masquerading in zone. See masquerade tag in
2491 firewalld.zone(5). For runtime operation see
2492 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2493 Possible errors: ALREADY_ENABLED
2495 addPort(s: port, s: protocol) → Nothing
2497 Permanently add (port, protocol) to list of ports of zone. See
2498 port tag in firewalld.zone(5). For runtime operation see
2499 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2500 Possible errors: ALREADY_ENABLED
2502 addProtocol(s: protocol) → Nothing
2504 Permanently add protocol into zone. The protocol can be any
2505 protocol supported by the system. Please have a look at
2506 /etc/protocols for supported protocols. For runtime operation
2507 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2508 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2510 addRichRule(s: rule) → Nothing
2512 Permanently add rule to list of rich-language rules in zone.
2513 See rule tag in firewalld.zone(5). For runtime operation see
2514 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2515 Possible errors: ALREADY_ENABLED
2517 addService(s: service) → Nothing
2519 Permanently add service to list of services used in zone. See
2520 service tag in firewalld.zone(5). For runtime operation see
2521 org.fedoraproject.FirewallD1.zone.Methods.addService.
2522 Possible errors: ALREADY_ENABLED
2524 addSource(s: source) → Nothing
2526 Permanently add source to list of source addresses bound to
2527 zone. See source tag in firewalld.zone(5). For runtime
2528 operation see
2529 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2530 Possible errors: ALREADY_ENABLED
2532 addSourcePort(s: port, s: protocol) → Nothing
2534 Permanently add (port, protocol) to list of source ports of
2535 zone. See source-port tag in firewalld.zone(5). For runtime
2536 operation see
2537 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2538 Possible errors: ALREADY_ENABLED
2540 getDescription() → s
2542 Get description of zone. See description tag in
2543 firewalld.zone(5).
2544 getForwardPorts() → a(ssss)
2546 Get list of (port, protocol, toport, toaddr) defined in zone.
2547 See forward-port tag in firewalld.zone(5). For runtime
2548 operation see
2549 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2550 getIcmpBlockInversion() → b
2552 Get icmp block inversion flag of zone. See icmp-block-inversion
2553 tag in firewalld.zone(5).
2554 getIcmpBlocks() → as
2556 Get list of icmp type names blocked in zone. See icmp-block tag
2557 in firewalld.zone(5). For runtime operation see
2558 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2559 getInterfaces() → as
2561 Get list of interfaces bound to zone. See interface tag in
2562 firewalld.zone(5). For runtime operation see
2563 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2564 getMasquerade() → b
2566 Return whether masquerade is enabled in zone. This is the same
2567 as queryMasquerade() method. See masquerade tag in
2568 firewalld.zone(5).
2569 getPorts() → a(ss)
2571 Get list of (port, protocol) defined in zone. See port tag in
2572 firewalld.zone(5). For runtime operation see
2573 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2574 getProtocols() → as
2576 Return array of protocols (s) previously enabled in zone. For
2577 getting runtime settings see
2578 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2579 getRichRules() → as
2581 Get list of rich-language rules in zone. See rule tag in
2582 firewalld.zone(5). For runtime operation see
2583 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2584 getServices() → as
2586 Get list of service names used in zone. See service tag in
2587 firewalld.zone(5). For runtime operation see
2588 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2589 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
2591 This function is deprecated, use
2592 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2
2593 instead.
2594 getSettings2() → a{sv}
2596 Return permanent settings of given zone. For getting runtime
2597 settings see
2598 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2.
2599 Settings are a dictionary indexed by keywords. For the type of
2600 each value see below. If the value is empty it may be omitted.
2601 version (s): see version attribute of zone tag in
2603 firewalld.zone(5).
2604 name (s): see short tag in firewalld.zone(5).
2606 description (s): see description tag in firewalld.zone(5).
2608 target (s): see target attribute of zone tag in
2610 firewalld.zone(5).
2611 services (as): array of service names, see service tag in
2613 firewalld.zone(5).
2614 ports (a(ss)): array of port and protocol pairs. See port tag
2616 in firewalld.zone(5).
2617 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2619 firewalld.zone(5).
2620 masquerade (b): see masquerade tag in firewalld.zone(5).
2622 forward_ports (a(ssss)): array of (port, protocol, to-port,
2624 to-addr). See forward-port tag in firewalld.zone(5).
2625 interfaces (as): array of interfaces. See interface tag in
2627 firewalld.zone(5).
2628 sources (as): array of source addresses. See source tag in
2630 firewalld.zone(5).
2631 rules_str (as): array of rich-language rules. See rule tag in
2633 firewalld.zone(5).
2634 protocols (as): array of protocols, see protocol tag in
2636 firewalld.zone(5).
2637 source_ports (a(ss)): array of port and protocol pairs. See
2639 source-port tag in firewalld.zone(5).
2640 icmp_block_inversion (b): see icmp-block-inversion tag in
2642 firewalld.zone(5).
2643 forward (b): see forward tag in firewalld.zone(5).
2645 getShort() → s
2648 Get name of zone. See short tag in firewalld.zone(5).
2649 getSourcePorts() → a(ss)
2651 Get list of (port, protocol) defined in zone. See source-port
2652 tag in firewalld.zone(5). For runtime operation see
2653 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2654 getSources() → as
2656 Get list of source addresses bound to zone. See source tag in
2657 firewalld.zone(5). For runtime operation see
2658 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2659 getTarget() → s
2661 Get target of zone. See target attribute of zone tag in
2662 firewalld.zone(5).
2663 getVersion() → s
2665 Get version of zone. See version attribute of zone tag in
2666 firewalld.zone(5).
2667 loadDefaults() → Nothing
2669 Load default settings for built-in zone.
2670 Possible errors: NO_DEFAULTS
2672 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2674 Return whether (port, protocol, toport, toaddr) is in list of
2675 forward ports of zone. See forward-port tag in
2676 firewalld.zone(5). For runtime operation see
2677 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2678 queryIcmpBlock(s: icmptype) → b
2680 Return whether icmptype is in list of icmp types blocked in
2681 zone. See icmp-block tag in firewalld.zone(5). For runtime
2682 operation see
2683 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2684 queryIcmpBlockInversion() → b
2686 Return whether icmp block inversion is in enabled in zone. See
2687 icmp-block-inversion tag in firewalld.zone(5). For runtime
2688 operation see
2689 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2690 queryInterface(s: interface) → b
2692 Return whether interface is in list of interfaces bound to
2693 zone. See interface tag in firewalld.zone(5). For runtime
2694 operation see
2695 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2696 queryMasquerade() → b
2698 Return whether masquerade is enabled in zone. This is the same
2699 as getMasquerade() method. See masquerade tag in
2700 firewalld.zone(5). For runtime operation see
2701 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2702 queryPort(s: port, s: protocol) → b
2704 Return whether (port, protocol) is in list of ports of zone.
2705 See port tag in firewalld.zone(5). For runtime operation see
2706 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2707 queryProtocol(s: protocol) → b
2709 Return whether protocol has been added in zone. For runtime
2710 operation see
2711 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2712 Possible errors: INVALID_PROTOCOL
2714 queryRichRule(s: rule) → b
2716 Return whether rule is in list of rich-language rules in zone.
2717 See rule tag in firewalld.zone(5). For runtime operation see
2718 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2719 queryService(s: service) → b
2721 Return whether service is in list of services used in zone. See
2722 service tag in firewalld.zone(5). For runtime operation see
2723 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2724 querySource(s: source) → b
2726 Return whether source is in list of source addresses bound to
2727 zone. See source tag in firewalld.zone(5). For runtime
2728 operation see
2729 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2730 querySourcePort(s: port, s: protocol) → b
2732 Return whether (port, protocol) is in list of source ports of
2733 zone. See source-port tag in firewalld.zone(5). For runtime
2734 operation see
2735 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2736 remove() → Nothing
2738 Remove not built-in zone.
2739 Possible errors: BUILTIN_ZONE
2741 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2743 Nothing
2744 Permanently remove (port, protocol, toport, toaddr) from list
2745 of forward ports of zone. See forward-port tag in
2746 firewalld.zone(5). For runtime operation see
2747 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2748 Possible errors: NOT_ENABLED
2750 removeIcmpBlock(s: icmptype) → Nothing
2752 Permanently remove icmptype from list of icmp types blocked in
2753 zone. See icmp-block tag in firewalld.zone(5). For runtime
2754 operation see
2755 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2756 Possible errors: NOT_ENABLED
2758 removeIcmpBlockInversion() → Nothing
2760 Permanently remove icmp block inversion from the zone. See
2761 icmp-block-inversion tag in firewalld.zone(5). For runtime
2762 operation see
2763 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2764 Possible errors: NOT_ENABLED
2766 removeInterface(s: interface) → Nothing
2768 Permanently remove interface from list of interfaces bound to
2769 zone. See interface tag in firewalld.zone(5). For runtime
2770 operation see
2771 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2772 Possible errors: NOT_ENABLED
2774 removeMasquerade() → Nothing
2776 Permanently disable masquerading in zone. See masquerade tag in
2777 firewalld.zone(5). For runtime operation see
2778 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2779 Possible errors: NOT_ENABLED
2781 removePort(s: port, s: protocol) → Nothing
2783 Permanently remove (port, protocol) from list of ports of zone.
2784 See port tag in firewalld.zone(5). For runtime operation see
2785 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2786 Possible errors: NOT_ENABLED
2788 removeProtocol(s: protocol) → Nothing
2790 Permanently remove protocol from zone. For runtime operation
2791 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2792 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2794 removeRichRule(s: rule) → Nothing
2796 Permanently remove rule from list of rich-language rules in
2797 zone. See rule tag in firewalld.zone(5). For runtime operation
2798 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2799 Possible errors: NOT_ENABLED
2801 removeService(s: service) → Nothing
2803 Permanently remove service from list of services used in zone.
2804 See service tag in firewalld.zone(5). For runtime operation see
2805 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2806 Possible errors: NOT_ENABLED
2808 removeSource(s: source) → Nothing
2810 Permanently remove source from list of source addresses bound
2811 to zone. See source tag in firewalld.zone(5). For runtime
2812 operation see
2813 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2814 Possible errors: NOT_ENABLED
2816 removeSourcePort(s: port, s: protocol) → Nothing
2818 Permanently remove (port, protocol) from list of source ports
2819 of zone. See source-port tag in firewalld.zone(5). For runtime
2820 operation see
2821 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2822 Possible errors: NOT_ENABLED
2824 rename(s: name) → Nothing
2826 Rename not built-in zone to name.
2827 Possible errors: BUILTIN_ZONE
2829 setDescription(s: description) → Nothing
2831 Permanently set description of zone to description. See
2832 description tag in firewalld.zone(5).
2833 setForwardPorts(a(ssss): ports) → Nothing
2835 Permanently set forward ports of zone to list of (port,
2836 protocol, toport, toaddr). See forward-port tag in
2837 firewalld.zone(5).
2838 setIcmpBlockInversion(b: flag) → Nothing
2840 Permanently set icmp block inversion flag of zone to flag. See
2841 icmp-block-inversion tag in firewalld.zone(5).
2842 setIcmpBlocks(as: icmptypes) → Nothing
2844 Permanently set list of icmp types blocked in zone to
2845 icmptypes. See icmp-block tag in firewalld.zone(5).
2846 setInterfaces(as: interfaces) → Nothing
2848 Permanently set list of interfaces bound to zone to interfaces.
2849 See interface tag in firewalld.zone(5).
2850 setMasquerade(b: masquerade) → Nothing
2852 Permanently set masquerading in zone to masquerade. See
2853 masquerade tag in firewalld.zone(5).
2854 setPorts(a(ss): ports) → Nothing
2856 Permanently set ports of zone to list of (port, protocol). See
2857 port tag in firewalld.zone(5).
2858 setProtocols(as: protocols) → Nothing
2860 Permanently set list of protocols used in zone to protocols.
2861 See protocol tag in firewalld.zone(5).
2862 setRichRules(as: rules) → Nothing
2864 Permanently set list of rich-language rules to rules. See rule
2865 tag in firewalld.zone(5).
2866 setServices(as: services) → Nothing
2868 Permanently set list of services used in zone to services. See
2869 service tag in firewalld.zone(5).
2870 setShort(s: short) → Nothing
2872 Permanently set name of zone to short. See short tag in
2873 firewalld.zone(5).
2874 setSourcePorts(a(ss): ports) → Nothing
2876 Permanently set source-ports of zone to list of (port,
2877 protocol). See source-port tag in firewalld.zone(5).
2878 setSources(as: sources) → Nothing
2880 Permanently set list of source addresses bound to zone to
2881 sources. See source tag in firewalld.zone(5).
2882 setTarget(s: target) → Nothing
2884 Permanently set target of zone to target. See target attribute
2885 of zone tag in firewalld.zone(5).
2886 setVersion(s: version) → Nothing
2888 Permanently set version of zone to version. See version
2889 attribute of zone tag in firewalld.zone(5).
2890 update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing
2892 This function is deprecated, use
2893 org.fedoraproject.FirewallD1.config.zone.Methods.update2
2894 instead.
2895 update2(a{sv}: settings) → Nothing
2897 Update settings of zone to settings. Settings are a dictionary
2898 indexed by keywords. For the type of each value see below. To
2899 zero a value pass an empty string or list.
2900 version (s): see version attribute of zone tag in
2902 firewalld.zone(5).
2903 name (s): see short tag in firewalld.zone(5).
2905 description (s): see description tag in firewalld.zone(5).
2907 target (s): see target attribute of zone tag in
2909 firewalld.zone(5).
2910 services (as): array of service names, see service tag in
2912 firewalld.zone(5).
2913 ports (a(ss)): array of port and protocol pairs. See port tag
2915 in firewalld.zone(5).
2916 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2918 firewalld.zone(5).
2919 masquerade (b): see masquerade tag in firewalld.zone(5).
2921 forward_ports (a(ssss)): array of (port, protocol, to-port,
2923 to-addr). See forward-port tag in firewalld.zone(5).
2924 interfaces (as): array of interfaces. See interface tag in
2926 firewalld.zone(5).
2927 sources (as): array of source addresses. See source tag in
2929 firewalld.zone(5).
2930 rules_str (as): array of rich-language rules. See rule tag in
2932 firewalld.zone(5).
2933 protocols (as): array of protocols, see protocol tag in
2935 firewalld.zone(5).
2936 source_ports (a(ss)): array of port and protocol pairs. See
2938 source-port tag in firewalld.zone(5).
2939 icmp_block_inversion (b): see icmp-block-inversion tag in
2941 firewalld.zone(5).
2942 forward (b): see forward tag in firewalld.zone(5).
2944 Possible errors: INVALID_TYPE
2946 Signals
2948 Removed(s: name)
2949 Emitted when zone with name has been removed.
2950 Renamed(s: name)
2952 Emitted when zone has been renamed to name.
2953 Updated(s: name)
2955 Emitted when zone with name has been updated.
2956 Properties
2958 builtin - b - (ro)
2959 True if zone is build-in, false else.
2960 default - b - (ro)
2962 True if build-in zone has default settings. False if it has
2963 been modified. Always False for not build-in zones.
2964 filename - s - (ro)
2966 Name (including .xml extension) of file where the configuration
2967 is stored.
2968 name - s - (ro)
2970 Name of zone.
2971 path - s - (ro)
2973 Path to directory where the zone configuration is stored.
2974 Should be either /usr/lib/firewalld/zones or
2975 /etc/firewalld/zones.
2976 org.fedoraproject.FirewallD1.config.policy
2978 Interface for permanent policy configuration, see also
2979 firewalld.policy(5).
2980 Methods
2982 getSettings() → a{sv}
2983 Return permanent settings of given policy. For getting runtime
2984 settings see
2985 org.fedoraproject.FirewallD1.policy.Methods.getPolicySettings.
2986 Settings are a dictionary indexed by keywords. For possible
2987 keywords see
2988 org.fedoraproject.FirewallD1.config.Methods.addPolicy.
2989 loadDefaults() → Nothing
2991 Load default settings for built-in policy.
2992 Possible errors: NO_DEFAULTS
2994 remove() → Nothing
2996 Remove not built-in policy.
2997 Possible errors: BUILTIN_POLICY
2999 rename(s: name) → Nothing
3001 Rename not built-in policy to name.
3002 Possible errors: BUILTIN_POLICY
3004 update(a{sv}: settings) → Nothing
3006 Update settings of policy to settings. Settings are a
3007 dictionary indexed by keywords. For possible keywords see
3008 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
3009 a value pass an empty string or list.
3010 Possible errors: INVALID_TYPE
3012 Signals
3014 Removed(s: name)
3015 Emitted when policy with name has been removed.
3016 Renamed(s: name)
3018 Emitted when policy has been renamed to name.
3019 Updated(s: name)
3021 Emitted when policy with name has been updated.
3022 Properties
3024 builtin - b - (ro)
3025 True if policy is build-in, false else.
3026 default - b - (ro)
3028 True if build-in policy has default settings. False if it has
3029 been modified. Always False for not build-in policies.
3030 filename - s - (ro)
3032 Name (including .xml extension) of file where the configuration
3033 is stored.
3034 name - s - (ro)
3036 Name of policy.
3037 path - s - (ro)
3039 Path to directory where the policy configuration is stored.
3040 Should be either /usr/lib/firewalld/policies or
3041 /etc/firewalld/policies.
3042 org.fedoraproject.FirewallD1.config.service
3044 Interface for permanent service configuration, see also
3045 firewalld.service(5).
3046 Methods
3048 addModule(s: module) → Nothing
3049 This method is deprecated. Please use "helpers" in the
3050 update2() method.
3051 addPort(s: port, s: protocol) → Nothing
3053 Permanently add (port, protocol) to list of ports in service.
3054 See port tag in firewalld.service(5).
3055 Possible errors: ALREADY_ENABLED
3057 addProtocol(s: protocol) → Nothing
3059 Permanently add protocol into zone. The protocol can be any
3060 protocol supported by the system. Please have a look at
3061 /etc/protocols for supported protocols. See protocol tag in
3062 firewalld.service(5).
3063 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
3065 addSourcePort(s: port, s: protocol) → Nothing
3067 Permanently add (port, protocol) to list of source ports in
3068 service. See source-port tag in firewalld.service(5).
3069 Possible errors: ALREADY_ENABLED
3071 getDescription() → s
3073 Get description of service. See description tag in
3074 firewalld.service(5).
3075 getDestination(s: family) → s
3077 Get destination for IP family being either 'ipv4' or 'ipv6'.
3078 See destination tag in firewalld.service(5).
3079 Possible errors: ALREADY_ENABLED
3081 getDestinations() → a{ss}
3083 Get list of destinations. Return value is a dictionary of {IP
3084 family : IP address} where 'IP family' key can be either 'ipv4'
3085 or 'ipv6'. See destination tag in firewalld.service(5).
3086 getModules() → as
3088 This method is deprecated. Please use "helpers" in the
3089 getSettings2() method.
3090 getPorts() → a(ss)
3092 Get list of (port, protocol) defined in service. See port tag
3093 in firewalld.service(5).
3094 getProtocols() → as
3096 Return array of protocols (s) defined in service. See protocol
3097 tag in firewalld.service(5).
3098 getSettings() → (sssa(ss)asa{ss}asa(ss))
3100 This function is deprecated, use
3101 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
3102 instead.
3103 getSettings2(s: service) → s{sv}
3105 Return runtime settings of given service. For getting runtime
3106 settings see
3107 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
3108 Settings are a dictionary indexed by keywords. For the type of
3109 each value see below. If the value is empty it may be ommitted.
3110 version (s): see version attribute of service tag in
3112 firewalld.service(5).
3113 name (s): see short tag in firewalld.service(5).
3115 description (s): see description tag in firewalld.service(5).
3117 ports (a(ss)): array of port and protocol pairs. See port tag
3119 in firewalld.service(5).
3120 module names (as): array of kernel netfilter helpers, see
3122 module tag in firewalld.service(5).
3123 destinations (a{ss}): dictionary of {IP family : IP address}
3125 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3126 destination tag in firewalld.service(5).
3127 protocols (as): array of protocols, see protocol tag in
3129 firewalld.service(5).
3130 source_ports (a(ss)): array of port and protocol pairs. See
3132 source-port tag in firewalld.service(5).
3133 includes (as): array of service includes, see include tag in
3135 firewalld.service(5).
3136 helpers (as): array of service helpers, see helper tag in
3138 firewalld.service(5).
3139 getShort() → s
3142 Get name of service. See short tag in firewalld.service(5).
3143 getSourcePorts() → a(ss)
3145 Get list of (port, protocol) defined in service. See
3146 source-port tag in firewalld.service(5).
3147 getVersion() → s
3149 Get version of service. See version attribute of service tag in
3150 firewalld.service(5).
3151 loadDefaults() → Nothing
3153 Load default settings for built-in service.
3154 Possible errors: NO_DEFAULTS
3156 queryDestination(s: family, s: address) → b
3158 Return whether a destination is in dictionary of destinations
3159 of this service. destination is in format: (IP family, IP
3160 address) where IP family can be either 'ipv4' or 'ipv6'. See
3161 destination tag in firewalld.service(5).
3162 queryModule(s: module) → b
3164 This method is deprecated. Please use "helpers" in the
3165 getSettings2() method.
3166 queryPort(s: port, s: protocol) → b
3168 Return whether (port, protocol) is in list of ports in service.
3169 See port tag in firewalld.service(5).
3170 queryProtocol(s: protocol) → b
3172 Return whether protocol is in list of protocols in service. See
3173 protocol tag in firewalld.service(5).
3174 querySourcePort(s: port, s: protocol) → b
3176 Return whether (port, protocol) is in list of source ports in
3177 service. See source-port tag in firewalld.service(5).
3178 remove() → Nothing
3180 Remove not built-in service.
3181 Possible errors: BUILTIN_SERVICE
3183 removeDestination(s: family) → Nothing
3185 Permanently remove a destination with family ('ipv4' or 'ipv6')
3186 from service. See destination tag in firewalld.service(5).
3187 Possible errors: NOT_ENABLED
3189 removeModule(s: module) → Nothing
3191 This method is deprecated. Please use "helpers" in the
3192 update2() method.
3193 removePort(s: port, s: protocol) → Nothing
3195 Permanently remove (port, protocol) from list of ports in
3196 service. See port tag in firewalld.service(5).
3197 Possible errors: NOT_ENABLED
3199 removeProtocol(s: protocol) → Nothing
3201 Permanently remove protocol from list of protocols in service.
3202 See protocol tag in firewalld.service(5).
3203 Possible errors: NOT_ENABLED
3205 removeSourcePort(s: port, s: protocol) → Nothing
3207 Permanently remove (port, protocol) from list of source ports
3208 in service. See source-port tag in firewalld.service(5).
3209 Possible errors: NOT_ENABLED
3211 rename(s: name) → Nothing
3213 Rename not built-in service to name.
3214 Possible errors: BUILTIN_SERVICE
3216 setDescription(s: description) → Nothing
3218 Permanently set description of service to description. See
3219 description tag in firewalld.service(5).
3220 setDestination(s: family, s: address) → Nothing
3222 Permanently set a destination address. destination is in
3223 format: (IP family, IP address) where IP family can be either
3224 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
3225 Possible errors: ALREADY_ENABLED
3227 setDestinations(a{ss}: destinations) → Nothing
3229 Permanently set destinations of service to destinations, which
3230 is a dictionary of {IP family : IP address} where 'IP family'
3231 key can be either 'ipv4' or 'ipv6'. See destination tag in
3232 firewalld.service(5).
3233 setModules(as: modules) → Nothing
3235 This method is deprecated. Please use "helpers" in the
3236 update2() method.
3237 setPorts(a(ss): ports) → Nothing
3239 Permanently set ports of service to list of (port, protocol).
3240 See port tag in firewalld.service(5).
3241 setProtocols(as: protocols) → Nothing
3243 Permanently set protocols of service to list of protocols. See
3244 protocol tag in firewalld.service(5).
3245 setShort(s: short) → Nothing
3247 Permanently set name of service to short. See short tag in
3248 firewalld.service(5).
3249 setSourcePorts(a(ss): ports) → Nothing
3251 Permanently set source-ports of service to list of (port,
3252 protocol). See source-port tag in firewalld.service(5).
3253 setVersion(s: version) → Nothing
3255 Permanently set version of service to version. See version
3256 attribute of service tag in firewalld.service(5).
3257 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
3259 This function is deprecated, use
3260 org.fedoraproject.FirewallD1.config.service.Methods.update2
3261 instead.
3262 update2a{sv}: settings) → Nothing
3264 Update settings of service to settings. Settings are a
3265 dictionary indexed by keywords. For the type of each value see
3266 below. To zero a value pass an empty string or list.
3267 version (s): see version attribute of service tag in
3269 firewalld.service(5).
3270 name (s): see short tag in firewalld.service(5).
3272 description (s): see description tag in firewalld.service(5).
3274 ports (a(ss)): array of port and protocol pairs. See port tag
3276 in firewalld.service(5).
3277 module names (as): array of kernel netfilter helpers, see
3279 module tag in firewalld.service(5).
3280 destinations (a{ss}): dictionary of {IP family : IP address}
3282 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3283 destination tag in firewalld.service(5).
3284 protocols (as): array of protocols, see protocol tag in
3286 firewalld.service(5).
3287 source_ports (a(ss)): array of port and protocol pairs. See
3289 source-port tag in firewalld.service(5).
3290 includes (as): array of service includes, see include tag in
3292 firewalld.service(5).
3293 helpers (as): array of service helpers, see helper tag in
3295 firewalld.service(5).
3296 Possible errors: INVALID_TYPE
3298 Signals
3300 Removed(s: name)
3301 Emitted when service with name has been removed.
3302 Renamed(s: name)
3304 Emitted when service has been renamed to name.
3305 Updated(s: name)
3307 Emitted when service with name has been updated.
3308 Properties
3310 builtin - b - (ro)
3311 True if service is build-in, false else.
3312 default - b - (ro)
3314 True if build-in service has default settings. False if it has
3315 been modified. Always False for not build-in services.
3316 filename - s - (ro)
3318 Name (including .xml extension) of file where the configuration
3319 is stored.
3320 name - s - (ro)
3322 Name of service.
3323 path - s - (ro)
3325 Path to directory where the configuration is stored. Should be
3326 either /usr/lib/firewalld/services or /etc/firewalld/services.
3327 org.fedoraproject.FirewallD1.config.helper
3329 Interface for permanent helper configuration, see also
3330 firewalld.helper(5).
3331 Methods
3333 addPort(s: port, s: protocol) → Nothing
3334 Permanently add (port, protocol) to list of ports in helper.
3335 See port tag in firewalld.helper(5).
3336 Possible errors: ALREADY_ENABLED
3338 getDescription() → s
3340 Get description of helper. See description tag in
3341 firewalld.helper(5).
3342 getFamily() → s
3344 Get family being 'ipv4', 'ipv6' or empty for both. See family
3345 tag in firewalld.helper(5).
3346 getModule() → s
3348 Get modules (netfilter kernel helpers) used in helper. See
3349 module tag in firewalld.helper(5).
3350 getPorts() → a(ss)
3352 Get list of (port, protocol) defined in helper. See port tag in
3353 firewalld.helper(5).
3354 getSettings() → (sssssa(ss))
3356 Return permanent settings of a helper. For getting runtime
3357 settings see
3358 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3359 Settings are in format: version, name, description, family,
3360 module, array of ports (port, protocol).
3361 version (s): see version attribute of helper tag in
3363 firewalld.helper(5).
3364 name (s): see short tag in firewalld.helper(5).
3366 description (s): see description tag in firewalld.helper(5).
3368 family (s): see family tag in firewalld.helper(5).
3370 module (s): see module tag in firewalld.helper(5).
3372 ports (a(ss)): array of port and protocol pairs. See port tag
3374 in firewalld.helper(5).
3375 getShort() → s
3378 Get name of helper. See short tag in firewalld.helper(5).
3379 getVersion() → s
3381 Get version of helper. See version attribute of helper tag in
3382 firewalld.helper(5).
3383 loadDefaults() → Nothing
3385 Load default settings for built-in helper.
3386 Possible errors: NO_DEFAULTS
3388 queryFamily(s: module) → b
3390 Return whether family is set for helper. See family tag in
3391 firewalld.helper(5).
3392 queryModule(s: module) → b
3394 Return whether module (netfilter kernel helpers) is used in
3395 helper. See module tag in firewalld.helper(5).
3396 queryPort(s: port, s: protocol) → b
3398 Return whether (port, protocol) is in list of ports in helper.
3399 See port tag in firewalld.helper(5).
3400 remove() → Nothing
3402 Remove not built-in helper.
3403 Possible errors: BUILTIN_HELPER
3405 removePort(s: port, s: protocol) → Nothing
3407 Permanently remove (port, protocol) from list of ports in
3408 helper. See port tag in firewalld.helper(5).
3409 Possible errors: NOT_ENABLED
3411 rename(s: name) → Nothing
3413 Rename not built-in helper to name.
3414 Possible errors: BUILTIN_HELPER
3416 setDescription(s: description) → Nothing
3418 Permanently set description of helper to description. See
3419 description tag in firewalld.helper(5).
3420 setFamily(s: family) → Nothing
3422 Permanently set family of helper to family. See family tag in
3423 firewalld.helper(5).
3424 setModule(s: module) → Nothing
3426 Permanently set module of helper to description. See module tag
3427 in firewalld.helper(5).
3428 setPorts(a(ss): ports) → Nothing
3430 Permanently set ports of helper to list of (port, protocol).
3431 See port tag in firewalld.helper(5).
3432 setShort(s: short) → Nothing
3434 Permanently set name of helper to short. See short tag in
3435 firewalld.helper(5).
3436 setVersion(s: version) → Nothing
3438 Permanently set version of helper to version. See version
3439 attribute of helper tag in firewalld.helper(5).
3440 update((sssssa(ss)): settings) → Nothing
3442 Update settings of helper to settings. Settings are in format:
3443 version, name, description, family, module and array of ports.
3444 version (s): see version attribute of helper tag in
3446 firewalld.helper(5).
3447 name (s): see short tag in firewalld.helper(5).
3449 description (s): see description tag in firewalld.helper(5).
3451 family (s): see family tag in firewalld.helper(5).
3453 module (s): see module tag in firewalld.helper(5).
3455 ports (a(ss)): array of port and protocol pairs. See port tag
3457 in firewalld.helper(5).
3458 Possible errors: INVALID_HELPER
3460 Signals
3462 Removed(s: name)
3463 Emitted when helper with name has been removed.
3464 Renamed(s: name)
3466 Emitted when helper has been renamed to name.
3467 Updated(s: name)
3469 Emitted when helper with name has been updated.
3470 Properties
3472 builtin - b - (ro)
3473 True if helper is build-in, false else.
3474 default - b - (ro)
3476 True if build-in helper has default settings. False if it has
3477 been modified. Always False for not build-in helpers.
3478 filename - s - (ro)
3480 Name (including .xml extension) of file where the configuration
3481 is stored.
3482 name - s - (ro)
3484 Name of helper.
3485 path - s - (ro)
3487 Path to directory where the configuration is stored. Should be
3488 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3489 org.fedoraproject.FirewallD1.config.icmptype
3491 Interface for permanent icmp type configuration, see also
3492 firewalld.icmptype(5).
3493 Methods
3495 addDestination(s: destination) → Nothing
3496 Permanently add a destination ('ipv4' or 'ipv6') to list of
3497 destinations of this icmp type. See destination tag in
3498 firewalld.icmptype(5).
3499 Possible errors: ALREADY_ENABLED
3501 getDescription() → s
3503 Get description of icmp type. See description tag in
3504 firewalld.icmptype(5).
3505 getDestinations() → as
3507 Get list of destinations. See destination tag in
3508 firewalld.icmptype(5).
3509 getSettings() → (sssas)
3511 Return permanent settings of icmp type. For getting runtime
3512 settings see
3513 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3514 Settings are in format: version, name, description, array of
3515 destinations.
3516 version (s): see version attribute of icmptype tag in
3518 firewalld.icmptype(5).
3519 name (s): see short tag in firewalld.icmptype(5).
3521 description (s): see description tag in firewalld.icmptype(5).
3523 destinations (as): array, either empty or containing strings
3525 'ipv4' and/or 'ipv6', see destination tag in
3526 firewalld.icmptype(5).
3527 getShort() → s
3530 Get name of icmp type. See short tag in firewalld.icmptype(5).
3531 getVersion() → s
3533 Get version of icmp type. See version attribute of icmptype tag
3534 in firewalld.icmptype(5).
3535 loadDefaults() → Nothing
3537 Load default settings for built-in icmp type.
3538 Possible errors: NO_DEFAULTS
3540 queryDestination(s: destination) → b
3542 Return whether a destination ('ipv4' or 'ipv6') is in list of
3543 destinations of this icmp type. See destination tag in
3544 firewalld.icmptype(5).
3545 remove() → Nothing
3547 Remove not built-in icmp type.
3548 Possible errors: BUILTIN_ICMPTYPE
3550 removeDestination(s: destination) → Nothing
3552 Permanently remove a destination ('ipv4' or 'ipv6') from list
3553 of destinations of this icmp type. See destination tag in
3554 firewalld.icmptype(5).
3555 Possible errors: NOT_ENABLED
3557 rename(s: name) → Nothing
3559 Rename not built-in icmp type to name.
3560 Possible errors: BUILTIN_ICMPTYPE
3562 setDescription(s: description) → Nothing
3564 Permanently set description of icmp type to description. See
3565 description tag in firewalld.icmptype(5).
3566 setDestinations(as: destinations) → Nothing
3568 Permanently set destinations of icmp type to destinations,
3569 which is array, either empty or containing strings 'ipv4'
3570 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3571 setShort(s: short) → Nothing
3573 Permanently set name of icmp type to short. See short tag in
3574 firewalld.icmptype(5).
3575 setVersion(s: version) → Nothing
3577 Permanently set version of icmp type to version. See version
3578 attribute of icmptype tag in firewalld.icmptype(5).
3579 update((sssas): settings) → Nothing
3581 Update permanent settings of icmp type to settings. Settings
3582 are in format: version, name, description, array of
3583 destinations.
3584 version (s): see version attribute of icmptype tag in
3586 firewalld.icmptype(5).
3587 name (s): see short tag in firewalld.icmptype(5).
3589 description (s): see description tag in firewalld.icmptype(5).
3591 destinations (as): array, either empty or containing strings
3593 'ipv4' and/or 'ipv6', see destination tag in
3594 firewalld.icmptype(5).
3595 Signals
3598 Removed(s: name)
3599 Emitted when icmp type with name has been removed.
3600 Renamed(s: name)
3602 Emitted when icmp type has been renamed to name.
3603 Updated(s: name)
3605 Emitted when icmp type with name has been updated.
3606 Properties
3608 builtin - b - (ro)
3609 True if icmptype is build-in, false else.
3610 default - b - (ro)
3612 True if build-in icmp type has default settings. False if it
3613 has been modified. Always False for not build-in zones.
3614 filename - s - (ro)
3616 Name (including .xml extension) of file where the configuration
3617 is stored.
3618 name - s - (ro)
3620 Name of icmp type.
3621 path - s - (ro)
3623 Path to directory where the icmp type configuration is stored.
3624 Should be either /usr/lib/firewalld/icmptypes or
3625 /etc/firewalld/icmptypes.
3626
3628 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3629 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3630 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3631 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3632 firewalld.zone(5), firewalld.zones(5), firewalld.policy(5),
3633 firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
3634
3636 firewalld home page:
3637 http://firewalld.org
3638 More documentation with examples:
3640 http://fedoraproject.org/wiki/FirewallD
3641
3643 Thomas Woerner <twoerner@redhat.com>
3644 Developer
3645 Jiri Popelka <jpopelka@redhat.com>
3647 Developer
3648 Eric Garver <eric@garver.life>
3650 Developer
3651firewalld 1.0.1 FIREWALLD.DBUS(5)