1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
3
4
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11
12 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct (deprecated)
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21
22 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct (deprecated)
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29
30 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35
36 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41
42 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47
48 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
54
55
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61
62 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67
68 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75
76 disablePanicMode() → Nothing
77 Disable panic mode. After disabling panic mode established
78 connections might work again, if panic mode was enabled for a
79 short period of time.
80
81 Possible errors: NOT_ENABLED, COMMAND_FAILED
82
83 enablePanicMode() → Nothing
84 Enable panic mode. All incoming and outgoing packets are
85 dropped, active connections will expire. Enable this only if
86 there are serious problems with your network environment.
87
88 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
89
90 getAutomaticHelpers() → s
91 Deprecated. This always returns "no".
92
93 getDefaultZone() → s
94 Return default zone.
95
96 getHelperSettings(s: helper) → (sssssa(ss))
97 Return runtime settings of given helper. For getting permanent
98 settings see
99 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
100 Settings are in format: version, name, description, family,
101 module and array of ports.
102
103 version (s): see version attribute of helper tag in
104 firewalld.helper(5).
105
106 name (s): see short tag in firewalld.helper(5).
107
108 description (s): see description tag in firewalld.helper(5).
109
110 family (s): see family tag in firewalld.helper(5).
111
112 module (s): see module tag in firewalld.helper(5).
113
114 ports (a(ss)): array of port and protocol pairs. See port tag
115 in firewalld.helper(5).
116
117 Possible errors: INVALID_HELPER
118
119 getHelpers() → as
120 Return array of helper names (s) in runtime configuration. For
121 permanent configuration see
122 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
123
124 getIcmpTypeSettings(s: icmptype) → (sssas)
125 Return runtime settings of given icmptype. For getting
126 permanent settings see
127 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
128 Settings are in format: version, name, description, array of
129 destinations.
130
131 version (s): see version attribute of icmptype tag in
132 firewalld.icmptype(5).
133
134 name (s): see short tag in firewalld.icmptype(5).
135
136 description (s): see description tag in firewalld.icmptype(5).
137
138 destinations (as): array, either empty or containing strings
139 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
140
141 Possible errors: INVALID_ICMPTYPE
142
143 getLogDenied() → s
144 Returns the LogDenied value. If LogDenied is enabled, then
145 logging rules are added right before reject and drop rules in
146 the INPUT, FORWARD and OUTPUT chains for the default rules and
147 also final reject and drop rules in zones. Possible values are:
148 all, unicast, broadcast, multicast and off. The default value
149 is off
150
151 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
152 This function is deprecated, use
153 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
154 instead.
155
156 getServiceSettings2(s: service) → s{sv}
157 Return runtime settings of given service. For getting permanent
158 settings see
159 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
160 Settings are a dictionary indexed by keywords. For the type of
161 each value see below. If the value is empty it may be omitted.
162
163 version (s): see version attribute of service tag in
164 firewalld.service(5).
165
166 name (s): see short tag in firewalld.service(5).
167
168 description (s): see description tag in firewalld.service(5).
169
170 ports (a(ss)): array of port and protocol pairs. See port tag
171 in firewalld.service(5).
172
173 module names (as): array of kernel netfilter helpers, see
174 module tag in firewalld.service(5).
175
176 destinations (a{ss}): dictionary of {IP family : IP address}
177 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
178 destination tag in firewalld.service(5).
179
180 protocols (as): array of protocols, see protocol tag in
181 firewalld.service(5).
182
183 source_ports (a(ss)): array of port and protocol pairs. See
184 source-port tag in firewalld.service(5).
185
186 includes (as): array of service includes, see include tag in
187 firewalld.service(5).
188
189 helpers (as): array of service helpers, see helper tag in
190 firewalld.service(5).
191
192 Possible errors: INVALID_SERVICE
193
194 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
195 This function is deprecated, use
196 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2
197 instead.
198
199 listIcmpTypes() → as
200 Return array of names (s) of icmp types in runtime
201 configuration. For permanent configuration see
202 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
203
204 listServices() → as
205 Return array of service names (s) in runtime configuration. For
206 permanent configuration see
207 org.fedoraproject.FirewallD1.config.Methods.listServices.
208
209 queryPanicMode() → b
210 Return true if panic mode is enabled, false otherwise. In panic
211 mode all incoming and outgoing packets are dropped.
212
213 reload() → Nothing
214 Reload firewall rules and keep state information. Current
215 permanent configuration will become new runtime configuration,
216 i.e. all runtime only changes done until reload are lost with
217 reload if they have not been also in permanent configuration.
218
219 runtimeToPermanent() → Nothing
220 Make runtime settings permanent. Replaces permanent settings
221 with runtime settings for zones, services, icmptypes, direct
222 (deprecated) and policies (lockdown whitelist).
223
224 Possible errors: RT_TO_PERM_FAILED
225
226 checkPermanentConfig() → Nothing
227 Run checks on the permanent configuration. This is most useful
228 if changes were made manually to configuration files.
229
230 Possible errors: any
231
232 setDefaultZone(s: zone) → Nothing
233 Set default zone for connections and interfaces where no zone
234 has been selected to zone. Setting the default zone changes the
235 zone for the connections or interfaces, that are using the
236 default zone. This is a runtime and permanent change.
237
238 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
239
240 setLogDenied(s: value) → Nothing
241 Set LogDenied value to value. If LogDenied is enabled, then
242 logging rules are added right before reject and drop rules in
243 the INPUT, FORWARD and OUTPUT chains for the default rules and
244 also final reject and drop rules in zones. Possible values are:
245 all, unicast, broadcast, multicast and off. The default value
246 is off This is a runtime and permanent change.
247
248 Possible errors: ALREADY_SET, INVALID_VALUE
249
250 Signals
251 DefaultZoneChanged(s: zone)
252 Emitted when default zone has been changed to zone.
253
254 LogDeniedChanged(s: value)
255 Emitted when LogDenied value has been changed.
256
257 PanicModeDisabled()
258 Emitted when panic mode has been deactivated.
259
260 PanicModeEnabled()
261 Emitted when panic mode has been activated.
262
263 Reloaded()
264 Emitted when firewalld has been reloaded. Also emitted for a
265 complete reload.
266
267 Properties
268 BRIDGE - b - (ro)
269 Indicates whether the firewall has ethernet bridge support.
270
271 IPSet - b - (ro)
272 Indicates whether the firewall has IPSet support.
273
274 IPSetTypes - as - (ro)
275 The supported IPSet types by ipset and firewalld.
276
277 IPv4 - b - (ro)
278 Indicates whether the firewall has IPv4 support.
279
280 IPv4ICMPTypes - as - (ro)
281 The list of supported IPv4 ICMP types.
282
283 IPv6 - b - (ro)
284 Indicates whether the firewall has IPv6 support.
285
286 IPv6_rpfilter - b - (ro)
287 Indicates whether the reverse path filter test on a packet for
288 IPv6 is enabled. If a reply to the packet would be sent via the
289 same interface that the packet arrived on, the packet will
290 match and be accepted, otherwise dropped.
291
292 IPv6ICMPTypes - as - (ro)
293 The list of supported IPv6 ICMP types.
294
295 nf_conntrach_helper_setting - b - (ro)
296 Deprecated. Always False.
297
298 nf_conntrack_helpers - a{sas} - (ro)
299 Deprecated. Always returns an empty dictionary.
300
301 nf_nat_helpers - a{sas} - (ro)
302 Deprecated. Always returns an empty dictionary.
303
304 interface_version - s - (ro)
305 firewalld D-Bus interface version string.
306
307 state - s - (ro)
308 firewalld state. This can be either INIT, FAILED, or RUNNING.
309 In INIT state, firewalld is starting up and initializing. In
310 FAILED state, firewalld completely started but experienced a
311 failure.
312
313 version - s - (ro)
314 firewalld version string.
315
316 org.fedoraproject.FirewallD1.ipset
317 Operations in this interface allows one to get, add, remove and query
318 runtime ipset settings. For permanent configuration see
319 org.fedoraproject.FirewallD1.config.ipset interface.
320
321 Methods
322 addEntry(s: ipset, s: entry) → as
323 Add a new entry to ipset. The entry must match the type of the
324 ipset. If the ipset is using the timeout option, it is not
325 possible to see the entries, as they are timing out
326 automatically in the kernel. For permanent operation see
327 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
328
329 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
330
331 getEntries(s: ipset) → Nothing
332 Get all entries added to the ipset. If the ipset is using the
333 timeout option, it is not possible to see the entries, as they
334 are timing out automatically in the kernel. Return value is a
335 array of entry. For permanent operation see
336 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
337
338 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
339
340 getIPSetSettings(s: ipset) → (ssssa{ss}as)
341 Return runtime settings of given ipset. For getting permanent
342 settings see
343 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
344 Settings are in format: version, name, description, type,
345 dictionary of options and array of entries.
346
347 version (s): see version attribute of ipset tag in
348 firewalld.ipset(5).
349
350 name (s): see short tag in firewalld.ipset(5).
351
352 description (s): see description tag in firewalld.ipset(5).
353
354 type (s): see type attribute of ipset tag in
355 firewalld.ipset(5).
356
357 options (a{ss}): dictionary of {option : value} . See options
358 tag in firewalld.ipset(5).
359
360 entries (as): array of entries, see entry tag in
361 firewalld.ipset(5).
362
363 Possible errors: INVALID_IPSET
364
365 getIPSets() → as
366 Return array of ipset names (s) in runtime configuration. For
367 permanent configuration see
368 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
369
370 queryEntry(s: ipset, s: entry) → b
371 Return whether entry has been added to ipset. For permanent
372 operation see
373 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
374
375 Possible errors: INVALID_IPSET
376
377 queryIPSet(s: ipset) → b
378 Return whether ipset is defined in runtime configuration.
379
380 removeEntry(s: ipset, s: entry) → as
381 Removes an entry from ipset. For permanent operation see
382 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
383
384 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
385
386 setEntries(as: entries) → Nothing
387 Permanently set list of entries to entries. For permanent
388 operation see
389 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
390 See entry tag in firewalld.ipset(5).
391
392 Signals
393 EntryAdded(s: ipset, s: entry)
394 Emitted when entry has been added to ipset.
395
396 EntryRemoved(s: ipset, s: entry)
397 Emitted when entry has been removed from ipset.
398
399 org.fedoraproject.FirewallD1.direct
400 DEPRECATED
401 The direct interface has been deprecated. It will be removed in a
402 future release. It is superseded by policies, see
403 firewalld.policies(5).
404
405 This interface enables more direct access to the firewall. It enables
406 runtime manipulation with chains and rules. For permanent configuration
407 see org.fedoraproject.FirewallD1.config.direct interface.
408
409 Methods
410 addChain(s: ipv, s: table, s: chain) → Nothing
411 Add a new chain to table for ipv being either ipv4 (iptables)
412 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
413 other chain with this name already. There already exist basic
414 chains to use with direct methods, for example INPUT_direct
415 chain. These chains are jumped into before chains for zones,
416 i.e. every rule put into INPUT_direct will be checked before
417 rules in zones. For permanent operation see
418 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
419
420 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
421 COMMAND_FAILED
422
423 addPassthrough(s: ipv, as: args) → Nothing
424 Add a tracked passthrough rule with the arguments args for ipv
425 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
426 (ebtables). Valid commands in args are only -A/--append,
427 -I/--insert and -N/--new-chain. This method is (unlike
428 passthrough method) tracked, i.e. firewalld remembers it. It's
429 useful with
430 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
431 permanent operation see
432 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
433
434 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
435
436 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
437 Nothing
438 Add a rule with the arguments args to chain in table with
439 priority for ipv being either ipv4 (iptables) or ipv6
440 (ip6tables) or eb (ebtables). The priority is used to order
441 rules. Priority 0 means add rule on top of the chain, with a
442 higher priority the rule will be added further down. Rules with
443 the same priority are on the same level and the order of these
444 rules is not fixed and may change. If you want to make sure
445 that a rule will be added after another one, use a low priority
446 for the first and a higher for the following. For permanent
447 operation see
448 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
449
450 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
451 COMMAND_FAILED
452
453 getAllChains() → a(sss)
454 Get all chains added to all tables in format: ipv, table,
455 chain. This concerns only chains previously added with
456 addChain. Return value is a array of (ipv, table, chain). For
457 permanent operation see
458 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
459
460 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
461 (ebtables).
462
463 table (s): one of filter, mangle, nat, raw, security
464
465 chain (s): name of a chain.
466
467
468 getAllPassthroughs() → a(sas)
469 Get all tracked passthrough rules added in all ipv types in
470 format: ipv, rule. This concerns only rules previously added
471 with addPassthrough. Return value is a array of (ipv, array of
472 arguments). For permanent operation see
473 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
474
475 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
476 (ebtables).
477
478 arguments (as): array of commands, parameters and other
479 iptables/ip6tables/ebtables command line options.
480
481
482 getAllRules() → a(sssias)
483 Get all rules added to all chains in all tables in format: ipv,
484 table, chain, priority, rule. This concerns only rules
485 previously added with addRule. Return value is a array of (ipv,
486 table, chain, priority, array of arguments). For permanent
487 operation see
488 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
489
490 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
491 (ebtables).
492
493 table (s): one of filter, mangle, nat, raw, security
494
495 chain (s): name of a chain.
496
497 priority (i): used to order rules.
498
499 arguments (as): array of commands, parameters and other
500 iptables/ip6tables/ebtables command line options.
501
502
503 getChains(s: ipv, s: table) → as
504 Return an array of chains (s) added to table for ipv being
505 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
506 This concerns only chains previously added with addChain. For
507 permanent operation see
508 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
509
510 Possible errors: INVALID_IPV, INVALID_TABLE
511
512 getPassthroughs(s: ipv) → aas
513 Get tracked passthrough rules added in either ipv4 (iptables)
514 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
515 previously added with addPassthrough. Return value is a array
516 of (array of arguments). For permanent operation see
517 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
518
519 arguments (as): array of commands, parameters and other
520 iptables/ip6tables/ebtables command line options.
521
522
523 getRules(s: ipv, s: table, s: chain) → a(ias)
524 Get all rules added to chain in table for ipv being either ipv4
525 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
526 only rules previously added with addRule. Return value is a
527 array of (priority, array of arguments). For permanent
528 operation see
529 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
530
531 priority (i): used to order rules.
532
533 arguments (as): array of commands, parameters and other
534 iptables/ip6tables/ebtables command line options.
535
536 Possible errors: INVALID_IPV, INVALID_TABLE
537
538 passthrough(s: ipv, as: args) → s
539 Pass a command through to the firewall. ipv can be either ipv4
540 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
541 all iptables, ip6tables and ebtables command line arguments.
542 args can be all iptables, ip6tables and ebtables command line
543 arguments. This command is untracked, which means that
544 firewalld is not able to provide information about this command
545 later on.
546
547 Possible errors: COMMAND_FAILED
548
549 queryChain(s: ipv, s: table, s: chain) → b
550 Return whether a chain exists in table for ipv being either
551 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
552 concerns only chains previously added with addChain. For
553 permanent operation see
554 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
555
556 Possible errors: INVALID_IPV, INVALID_TABLE
557
558 queryPassthrough(s: ipv, as: args) → b
559 Return whether a tracked passthrough rule with the arguments
560 args exists for ipv being either ipv4 (iptables) or ipv6
561 (ip6tables) or eb (ebtables). This concerns only rules
562 previously added with addPassthrough. For permanent operation
563 see
564 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
565
566 Possible errors: INVALID_IPV
567
568 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
569 Return whether a rule with priority and the arguments args
570 exists in chain in table for ipv being either ipv4 (iptables)
571 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
572 previously added with addRule. For permanent operation see
573 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
574
575 Possible errors: INVALID_IPV, INVALID_TABLE
576
577 removeAllPassthroughs() → Nothing
578 Remove all passthrough rules previously added with
579 addPassthrough.
580
581 removeChain(s: ipv, s: table, s: chain) → Nothing
582 Remove a chain from table for ipv being either ipv4 (iptables)
583 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
584 added with addChain can be removed this way. For permanent
585 operation see
586 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
587
588 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
589 COMMAND_FAILED
590
591 removePassthrough(s: ipv, as: args) → Nothing
592 Remove a tracked passthrough rule with arguments args for ipv
593 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
594 (ebtables). Only rules previously added with addPassthrough can
595 be removed this way. For permanent operation see
596 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
597
598 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
599
600 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
601 Nothing
602 Remove a rule with priority and arguments args from chain in
603 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
604 or eb (ebtables). Only rules previously added with addRule can
605 be removed this way. For permanent operation see
606 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
607
608 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
609 COMMAND_FAILED
610
611 removeRules(s: ipv, s: table, s: chain) → Nothing
612 Remove all rules from chain in table for ipv being either ipv4
613 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
614 only rules previously added with addRule. For permanent
615 operation see
616 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
617
618 Possible errors: INVALID_IPV, INVALID_TABLE
619
620 Signals
621 ChainAdded(s: ipv, s: table, s: chain)
622 Emitted when chain has been added into table for ipv being
623 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
624
625 ChainRemoved(s: ipv, s: table, s: chain)
626 Emitted when chain has been removed from table for ipv being
627 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
628
629 PassthroughAdded(s: ipv, as: args)
630 Emitted when a tracked passthruogh rule with args has been
631 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
632 or eb (ebtables).
633
634 PassthroughRemoved(s: ipv, as: args)
635 Emitted when a tracked passthrough rule with args has been
636 removed for ipv being either ipv4 (iptables) or ipv6
637 (ip6tables) or eb (ebtables).
638
639 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
640 Emitted when a rule with args has been added to chain in table
641 with priority for ipv being either ipv4 (iptables) or ipv6
642 (ip6tables) or eb (ebtables).
643
644 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
645 Emitted when a rule with args has been removed from chain in
646 table with priority for ipv being either ipv4 (iptables) or
647 ipv6 (ip6tables) or eb (ebtables).
648
649 org.fedoraproject.FirewallD1.policies
650 Enables firewalld to be able to lock down configuration changes from
651 local applications. Local applications or services are able to change
652 the firewall configuration if they are running as root (example:
653 libvirt). With these operations administrator can lock the firewall
654 configuration so that either none or only applications that are in the
655 whitelist are able to request firewall changes. For permanent
656 configuration see org.fedoraproject.FirewallD1.config.policies
657 interface.
658
659 Methods
660 addLockdownWhitelistCommand(s: command) → Nothing
661 Add command to whitelist. See command option in
662 firewalld.lockdown-whitelist(5). For permanent operation see
663 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
664
665 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
666
667 addLockdownWhitelistContext(s: context) → Nothing
668 Add context to whitelist. See selinux option in
669 firewalld.lockdown-whitelist(5). For permanent operation see
670 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
671
672 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
673
674 addLockdownWhitelistUid(i: uid) → Nothing
675 Add user id uid to whitelist. See user option in
676 firewalld.lockdown-whitelist(5). For permanent operation see
677 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
678
679 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
680
681 addLockdownWhitelistUser(s: user) → Nothing
682 Add user name to whitelist. See user option in
683 firewalld.lockdown-whitelist(5). For permanent operation see
684 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
685
686 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
687
688 disableLockdown() → Nothing
689 Disable lockdown. This is a runtime and permanent change.
690
691 Possible errors: NOT_ENABLED
692
693 enableLockdown() → Nothing
694 Enable lockdown. Be careful - if the calling application/user
695 is not on lockdown whitelist when you enable lockdown you won't
696 be able to disable it again with the application, you would
697 need to edit firewalld.conf. This is a runtime and permanent
698 change.
699
700 Possible errors: ALREADY_ENABLED
701
702 getLockdownWhitelistCommands() → as
703 List all command lines (s) that are on whitelist. For permanent
704 operation see
705 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
706
707 getLockdownWhitelistContexts() → as
708 List all contexts (s) that are on whitelist. For permanent
709 operation see
710 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
711
712 getLockdownWhitelistUids() → ai
713 List all user ids (i) that are on whitelist. For permanent
714 operation see
715 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
716
717 getLockdownWhitelistUsers() → as
718 List all users (s) that are on whitelist. For permanent
719 operation see
720 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
721
722 queryLockdown() → b
723 Query whether lockdown is enabled.
724
725 queryLockdownWhitelistCommand(s: command) → b
726 Query whether command is on whitelist. For permanent operation
727 see
728 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
729
730 queryLockdownWhitelistContext(s: context) → b
731 Query whether context is on whitelist. For permanent operation
732 see
733 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
734
735 queryLockdownWhitelistUid(i: uid) → b
736 Query whether user id uid is on whitelist. For permanent
737 operation see
738 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
739
740 queryLockdownWhitelistUser(s: user) → b
741 Query whether user is on whitelist. For permanent operation see
742 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
743
744 removeLockdownWhitelistCommand(s: command) → Nothing
745 Remove command from whitelist. For permanent operation see
746 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
747
748 Possible errors: NOT_ENABLED
749
750 removeLockdownWhitelistContext(s: context) → Nothing
751 Remove context from whitelist. For permanent operation see
752 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
753
754 Possible errors: NOT_ENABLED
755
756 removeLockdownWhitelistUid(i: uid) → Nothing
757 Remove user id uid from whitelist. For permanent operation see
758 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
759
760 Possible errors: NOT_ENABLED
761
762 removeLockdownWhitelistUser(s: user) → Nothing
763 Remove user from whitelist. For permanent operation see
764 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
765
766 Possible errors: NOT_ENABLED
767
768 Signals
769 LockdownDisabled()
770 Emitted when lockdown has been disabled.
771
772 LockdownEnabled()
773 Emitted when lockdown has been enabled.
774
775 LockdownWhitelistCommandAdded(s: command)
776 Emitted when command has been added to whitelist.
777
778 LockdownWhitelistCommandRemoved(s: command)
779 Emitted when command has been removed from whitelist.
780
781 LockdownWhitelistContextAdded(s: context)
782 Emitted when context has been added to whitelist.
783
784 LockdownWhitelistContextRemoved(s: context)
785 Emitted when context has been removed from whitelist.
786
787 LockdownWhitelistUidAdded(i: uid)
788 Emitted when user id uid has been added to whitelist.
789
790 LockdownWhitelistUidRemoved(i: uid)
791 Emitted when user id uid has been removed from whitelist.
792
793 LockdownWhitelistUserAdded(s: user)
794 Emitted when user has been added to whitelist.
795
796 LockdownWhitelistUserRemoved(s: user)
797 Emitted when user has been removed from whitelist.
798
799 org.fedoraproject.FirewallD1.zone
800 Operations in this interface allows one to get, add, remove and query
801 runtime zone's settings. For permanent settings see
802 org.fedoraproject.FirewallD1.config.zone interface.
803
804 Methods
805 getZoneSettings2(s: zone) → a{sv}
806 Return runtime settings of given zone. For getting permanent
807 settings see
808 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2.
809 Settings are a dictionary indexed by keywords. For the type of
810 each value see below. If the value is empty it may be omitted.
811
812 version (s): see version attribute of zone tag in
813 firewalld.zone(5).
814
815 name (s): see short tag in firewalld.zone(5).
816
817 description (s): see description tag in firewalld.zone(5).
818
819 target (s): see target attribute of zone tag in
820 firewalld.zone(5).
821
822 services (as): array of service names, see service tag in
823 firewalld.zone(5).
824
825 ports (a(ss)): array of port and protocol pairs. See port tag
826 in firewalld.zone(5).
827
828 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
829 firewalld.zone(5).
830
831 masquerade (b): see masquerade tag in firewalld.zone(5).
832
833 forward_ports (a(ssss)): array of (port, protocol, to-port,
834 to-addr). See forward-port tag in firewalld.zone(5).
835
836 interfaces (as): array of interfaces. See interface tag in
837 firewalld.zone(5).
838
839 sources (as): array of source addresses. See source tag in
840 firewalld.zone(5).
841
842 rules_str (as): array of rich-language rules. See rule tag in
843 firewalld.zone(5).
844
845 protocols (as): array of protocols, see protocol tag in
846 firewalld.zone(5).
847
848 source_ports (a(ss)): array of port and protocol pairs. See
849 source-port tag in firewalld.zone(5).
850
851 icmp_block_inversion (b): see icmp-block-inversion tag in
852 firewalld.zone(5).
853
854 forward (b): see forward tag in firewalld.zone(5).
855
856 Possible errors: INVALID_ZONE
857
858 setZoneSettings2(s: zone, a{sv}: settings, i: timeout)
859 Set runtime settings of given zone. For setting permanent
860 settings see
861 org.fedoraproject.FirewallD1.config.zone.Methods.update2.
862 Settings are a dictionary indexed by keywords. For the type of
863 each value see below. To zero a value pass an empty string or
864 list.
865
866 services (as): array of service names, see service tag in
867 firewalld.zone(5).
868
869 ports (a(ss)): array of port and protocol pairs. See port tag
870 in firewalld.zone(5).
871
872 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
873 firewalld.zone(5).
874
875 masquerade (b): see masquerade tag in firewalld.zone(5).
876
877 forward_ports (a(ssss)): array of (port, protocol, to-port,
878 to-addr). See forward-port tag in firewalld.zone(5).
879
880 interfaces (as): array of interfaces. See interface tag in
881 firewalld.zone(5).
882
883 sources (as): array of source addresses. See source tag in
884 firewalld.zone(5).
885
886 rules_str (as): array of rich-language rules. See rule tag in
887 firewalld.zone(5).
888
889 protocols (as): array of protocols, see protocol tag in
890 firewalld.zone(5).
891
892 source_ports (a(ss)): array of port and protocol pairs. See
893 source-port tag in firewalld.zone(5).
894
895 icmp_block_inversion (b): see icmp-block-inversion tag in
896 firewalld.zone(5).
897
898 forward (b): see forward tag in firewalld.zone(5).
899
900 Possible errors: INVALID_ZONE
901
902 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
903 i: timeout) → s
904 Add the IPv4 forward port into zone. If zone is empty, use
905 default zone. The port can either be a single port number
906 portid or a port range portid-portid. The protocol can either
907 be tcp or udp. The destination address is a simple IP address.
908 If timeout is non-zero, the operation will be active only for
909 the amount of seconds. For permanent settings see
910 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
911
912 Returns name of zone to which the forward port was added.
913
914 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
915 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
916 ALREADY_ENABLED, INVALID_COMMAND
917
918 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
919 Add an ICMP block icmp into zone. The icmp is the one of the
920 icmp types firewalld supports. To get a listing of supported
921 icmp types use
922 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
923 empty, use default zone. If timeout is non-zero, the operation
924 will be active only for the amount of seconds. For permanent
925 settings see
926 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
927
928 Returns name of zone to which the ICMP block was added.
929
930 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
931 ALREADY_ENABLED, INVALID_COMMAND
932
933 addIcmpBlockInversion(s: zone) → s
934 Add ICMP block inversion to zone. If zone is empty, use default
935 zone. For permanent settings see
936 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
937
938 Returns name of zone to which the ICMP block inversion was
939 added.
940
941 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
942
943 addInterface(s: zone, s: interface) → s
944 Bind interface with zone. From now on all traffic going through
945 the interface will respect the zone's settings. If zone is
946 empty, use default zone. For permanent settings see
947 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
948
949 Returns name of zone to which the interface was bound.
950
951 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
952 ALREADY_ENABLED, INVALID_COMMAND
953
954 addMasquerade(s: zone, i: timeout) → s
955 Enable masquerade in zone. If zone is empty, use default zone.
956 If timeout is non-zero, masquerading will be active for the
957 amount of seconds. For permanent settings see
958 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
959
960 Returns name of zone in which the masquerade was enabled.
961
962 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
963
964 addPort(s: zone, s: port, s: protocol, i: timeout) → s
965 Add port into zone. If zone is empty, use default zone. The
966 port can either be a single port number or a port range
967 portid-portid. The protocol can either be tcp or udp. If
968 timeout is non-zero, the operation will be active only for the
969 amount of seconds. For permanent settings see
970 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
971
972 Returns name of zone to which the port was added.
973
974 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
975 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
976
977 addProtocol(s: zone, s: protocol, i: timeout) → s
978 Add protocol into zone. If zone is empty, use default zone. The
979 protocol can be any protocol supported by the system. Please
980 have a look at /etc/protocols for supported protocols. If
981 timeout is non-zero, the operation will be active only for the
982 amount of seconds. For permanent settings see
983 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
984
985 Returns name of zone to which the protocol was added.
986
987 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
988 ALREADY_ENABLED, INVALID_COMMAND
989
990 addRichRule(s: zone, s: rule, i: timeout) → s
991 Add rich language rule into zone. For the rich language rule
992 syntax, please have a look at firewalld.direct(5). If zone is
993 empty, use default zone. If timeout is non-zero, the operation
994 will be active only for the amount of seconds. For permanent
995 settings see
996 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
997
998 Returns name of zone to which the rich language rule was added.
999
1000 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
1001 INVALID_COMMAND
1002
1003 addService(s: zone, s: service, i: timeout) → s
1004 Add service into zone. If zone is empty, use default zone. If
1005 timeout is non-zero, the operation will be active only for the
1006 amount of seconds. To get a list of supported services, use
1007 org.fedoraproject.FirewallD1.Methods.listServices. For
1008 permanent settings see
1009 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
1010
1011 Returns name of zone to which the service was added.
1012
1013 Possible errors: INVALID_ZONE, INVALID_SERVICE,
1014 ALREADY_ENABLED, INVALID_COMMAND
1015
1016 addSource(s: zone, s: source) → s
1017 Bind source with zone. From now on all traffic going from this
1018 source will respect the zone's settings. A source address or
1019 address range is either an IP address or a network IP address
1020 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
1021 network mask or a plain number. For IPv6 the mask is a plain
1022 number. Use of host names is not supported. If zone is empty,
1023 use default zone. For permanent settings see
1024 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
1025
1026 Returns name of zone to which the source was bound.
1027
1028 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
1029 INVALID_COMMAND
1030
1031 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
1032 Add source port into zone. If zone is empty, use default zone.
1033 The port can either be a single port number or a port range
1034 portid-portid. The protocol can either be tcp or udp. If
1035 timeout is non-zero, the operation will be active only for the
1036 amount of seconds. For permanent settings see
1037 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
1038
1039 Returns name of zone to which the port was added.
1040
1041 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1042 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
1043
1044 changeZone(s: zone, s: interface) → s
1045 This function is deprecated, use
1046 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
1047 instead.
1048
1049 changeZoneOfInterface(s: zone, s: interface) → s
1050 Change a zone an interface is bound to to zone. It's basically
1051 removeInterface(interface) followed by addInterface(zone,
1052 interface). If interface has not been bound to a zone before,
1053 it behaves like addInterface. If zone is empty, use default
1054 zone.
1055
1056 Returns name of zone to which the interface was bound.
1057
1058 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1059
1060 changeZoneOfSource(s: zone, s: source) → s
1061 Change a zone an source is bound to to zone. It's basically
1062 removeSource(source) followed by addSource(zone, source). If
1063 source has not been bound to a zone before, it behaves like
1064 addSource. If zone is empty, use default zone.
1065
1066 Returns name of zone to which the source was bound.
1067
1068 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1069
1070 getActiveZones() → a{sa{sas}}
1071 Return dictionary of currently active zones altogether with
1072 interfaces and sources used in these zones. Active zones are
1073 zones, that have a binding to an interface or source.
1074
1075 Return value is a dictionary where keys are zone names (s) and
1076 values are again dictionaries where keys are either
1077 'interfaces' or 'sources' and values are arrays of interface
1078 names (s) or sources (s).
1079
1080 getForwardPorts(s: zone) → aas
1081 Return array of IPv4 forward ports previously added into zone.
1082 If zone is empty, use default zone. For getting permanent
1083 settings see
1084 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1085
1086 Return value is array of 4-tuples, where each 4-tuple consists
1087 of (port, protocol, to-port, to-addr). to-addr might be empty
1088 in case of local forwarding.
1089
1090 Possible errors: INVALID_ZONE
1091
1092 getIcmpBlocks(s: zone) → as
1093 Return array of ICMP type (s) blocks previously added into
1094 zone. If zone is empty, use default zone. For getting permanent
1095 settings see
1096 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1097
1098 Possible errors: INVALID_ZONE
1099
1100 getIcmpBlockInversion(s: zone) → b
1101 Return whether ICMP block inversion was previously added to
1102 zone. If zone is empty, use default zone. For getting permanent
1103 settings see
1104 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1105
1106 Possible errors: INVALID_ZONE
1107
1108 getInterfaces(s: zone) → as
1109 Return array of interfaces (s) previously bound with zone. If
1110 zone is empty, use default zone. For getting permanent settings
1111 see
1112 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1113
1114 Possible errors: INVALID_ZONE
1115
1116 getPorts(s: zone) → aas
1117 Return array of ports (2-tuple of port and protocol) previously
1118 enabled in zone. If zone is empty, use default zone. For
1119 getting permanent settings see
1120 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1121
1122 Possible errors: INVALID_ZONE
1123
1124 getProtocols(s: zone) → as
1125 Return array of protocols (s) previously enabled in zone. If
1126 zone is empty, use default zone. For getting permanent settings
1127 see
1128 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1129
1130 Possible errors: INVALID_ZONE
1131
1132 getRichRules(s: zone) → as
1133 Return array of rich language rules (s) previously added into
1134 zone. If zone is empty, use default zone. For getting permanent
1135 settings see
1136 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1137
1138 Possible errors: INVALID_ZONE
1139
1140 getServices(s: zone) → as
1141 Return array of services (s) previously enabled in zone. If
1142 zone is empty, use default zone. For getting permanent settings
1143 see
1144 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1145
1146 Possible errors: INVALID_ZONE
1147
1148 getSourcePorts(s: zone) → aas
1149 Return array of source ports (2-tuple of port and protocol)
1150 previously enabled in zone. If zone is empty, use default zone.
1151 For getting permanent settings see
1152 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1153
1154 Possible errors: INVALID_ZONE
1155
1156 getSources(s: zone) → as
1157 Return array of sources (s) previously bound with zone. If zone
1158 is empty, use default zone. For getting permanent settings see
1159 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1160
1161 Possible errors: INVALID_ZONE
1162
1163 getZoneOfInterface(s: interface) → s
1164 Return name (s) of zone the interface is bound to or empty
1165 string.
1166
1167 getZoneOfSource(s: source) → s
1168 Return name (s) of zone the source is bound to or empty string.
1169
1170 getZones() → as
1171 Return array of names (s) of predefined zones known to current
1172 runtime environment. For list of zones known to permanent
1173 environment see
1174 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1175 lists (of zones known to runtime and permanent environment)
1176 will contain same zones in most cases, but might differ for
1177 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1178 has been called recently, but firewalld has not been reloaded
1179 since then.
1180
1181 isImmutable(s: zone) → b
1182 Deprecated.
1183
1184 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1185 toaddr) → b
1186 Return whether the IPv4 forward port (port, protocol, toport,
1187 toaddr) has been added into zone. If zone is empty, use default
1188 zone. For permanent operation see
1189 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1190
1191 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1192 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1193
1194 queryIcmpBlock(s: zone, s: icmp) → b
1195 Return whether an ICMP block for icmp has been added into zone.
1196 If zone is empty, use default zone. For permanent operation see
1197 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1198
1199 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1200
1201 queryIcmpBlockInversion(s: zone) → b
1202 Return whether ICMP block inversion has been added to zone. If
1203 zone is empty, use default zone. For permanent operation see
1204 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1205
1206 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1207
1208 queryInterface(s: zone, s: interface) → b
1209 Query whether interface has been bound to zone. If zone is
1210 empty, use default zone. For permanent operation see
1211 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1212
1213 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1214
1215 queryMasquerade(s: zone) → b
1216 Return whether masquerading has been enabled in zone If zone is
1217 empty, use default zone. For permanent operation see
1218 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1219
1220 Possible errors: INVALID_ZONE
1221
1222 queryPort(s: zone, s: port, s: protocol) → b
1223 Return whether port/protocol has been added in zone. If zone is
1224 empty, use default zone. For permanent operation see
1225 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1226
1227 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1228 INVALID_PROTOCOL
1229
1230 queryProtocol(s: zone, s: protocol) → b
1231 Return whether protocol has been added in zone. If zone is
1232 empty, use default zone. For permanent operation see
1233 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1234
1235 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1236
1237 queryRichRule(s: zone, s: rule) → b
1238 Return whether rich rule rule has been added in zone. If zone
1239 is empty, use default zone. For permanent operation see
1240 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1241
1242 Possible errors: INVALID_ZONE, INVALID_RULE
1243
1244 queryService(s: zone, s: service) → b
1245 Return whether service has been added for zone. If zone is
1246 empty, use default zone. For permanent operation see
1247 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1248
1249 Possible errors: INVALID_ZONE, INVALID_SERVICE
1250
1251 querySource(s: zone, s: source) → b
1252 Query whether sourcehas been bound to zone. If zone is empty,
1253 use default zone. For permanent operation see
1254 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1255
1256 Possible errors: INVALID_ZONE, INVALID_ADDR
1257
1258 querySourcePort(s: zone, s: port, s: protocol) → b
1259 Return whether port/protocol has been added in zone. If zone is
1260 empty, use default zone. For permanent operation see
1261 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1262
1263 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1264 INVALID_PROTOCOL
1265
1266 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1267 toaddr) → s
1268 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1269 from zone. If zone is empty, use default zone. For permanent
1270 operation see
1271 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1272
1273 Returns name of zone from which the forward port was removed.
1274
1275 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1276 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1277 INVALID_COMMAND
1278
1279 removeIcmpBlock(s: zone, s: icmp) → s
1280 Remove ICMP block icmp from zone. If zone is empty, use default
1281 zone. For permanent operation see
1282 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1283
1284 Returns name of zone from which the ICMP block was removed.
1285
1286 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1287 INVALID_COMMAND
1288
1289 removeIcmpBlockInversion(s: zone) → s
1290 Remove ICMP block inversion from zone. If zone is empty, use
1291 default zone. For permanent operation see
1292 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1293
1294 Returns name of zone from which the ICMP block inversion was
1295 removed.
1296
1297 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1298
1299 removeInterface(s: zone, s: interface) → s
1300 Remove binding of interface from zone. If zone is empty, the
1301 interface will be removed from zone it belongs to. For
1302 permanent operation see
1303 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1304
1305 Returns name of zone from which the interface was removed.
1306
1307 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1308 INVALID_COMMAND
1309
1310 removeMasquerade(s: zone) → s
1311 Disable masquerade for zone. If zone is empty, use default
1312 zone. For permanent operation see
1313 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1314
1315 Returns name of zone for which the masquerade was disabled.
1316
1317 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1318
1319 removePort(s: zone, s: port, s: protocol) → s
1320 Remove port/protocol from zone. If zone is empty, use default
1321 zone. For permanent operation see
1322 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1323
1324 Returns name of zone from which the port was removed.
1325
1326 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1327 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1328
1329 removeProtocol(s: zone, s: protocol) → s
1330 Remove protocol from zone. If zone is empty, use default zone.
1331 For permanent operation see
1332 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1333
1334 Returns name of zone from which the protocol was removed.
1335
1336 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1337 INVALID_COMMAND
1338
1339 removeRichRule(s: zone, s: rule) → s
1340 Remove rich language rule from zone. If zone is empty, use
1341 default zone. For permanent operation see
1342 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1343
1344 Returns name of zone from which the rich language rule was
1345 removed.
1346
1347 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1348 INVALID_COMMAND
1349
1350 removeService(s: zone, s: service) → s
1351 Remove service from zone. If zone is empty, use default zone.
1352 For permanent operation see
1353 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1354
1355 Returns name of zone from which the service was removed.
1356
1357 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1358 INVALID_COMMAND
1359
1360 removeSource(s: zone, s: source) → s
1361 Remove binding of source from zone. If zone is empty, the
1362 source will be removed from zone it belongs to. For permanent
1363 operation see
1364 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1365
1366 Returns name of zone from which the source was removed.
1367
1368 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1369 INVALID_COMMAND
1370
1371 removeSourcePort(s: zone, s: port, s: protocol) → s
1372 Remove port/protocol from zone. If zone is empty, use default
1373 zone. For permanent operation see
1374 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1375
1376 Returns name of zone from which the source port was removed.
1377
1378 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1379 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1380
1381 Signals
1382 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1383 toaddr, i: timeout)
1384 Emitted when forward port has been added to zone with timeout.
1385
1386 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1387 toaddr)
1388 Emitted when forward port has been removed from zone.
1389
1390 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1391 Emitted when ICMP block for icmp has been added to zone with
1392 timeout.
1393
1394 IcmpBlockInversionAdded(s: zone)
1395 Emitted when ICMP block inversion has been added to zone.
1396
1397 IcmpBlockInversionRemoved(s: zone)
1398 Emitted when ICMP block inversion has been removed from zone.
1399
1400 IcmpBlockRemoved(s: zone, s: icmp)
1401 Emitted when ICMP block for icmp has been removed from zone.
1402
1403 InterfaceAdded(s: zone, s: interface)
1404 Emitted when interface has been added to zone.
1405
1406 InterfaceRemoved(s: zone, s: interface)
1407 Emitted when interface has been removed from zone.
1408
1409 MasqueradeAdded(s: zone, i: timeout)
1410 Emitted when masquerade has been enabled for zone.
1411
1412 MasqueradeRemoved(s: zone)
1413 Emitted when masquerade has been disabled for zone.
1414
1415 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1416 Emitted when port/protocol has been added to zone with timeout.
1417
1418 PortRemoved(s: zone, s: port, s: protocol)
1419 Emitted when port/protocol has been removed from zone.
1420
1421 ProtocolAdded(s: zone, s: protocol, i: timeout)
1422 Emitted when protocol has been added to zone with timeout.
1423
1424 ProtocolRemoved(s: zone, s: protocol)
1425 Emitted when protocol has been removed from zone.
1426
1427 RichRuleAdded(s: zone, s: rule, i: timeout)
1428 Emitted when rich language rule has been added to zone with
1429 timeout.
1430
1431 RichRuleRemoved(s: zone, s: rule)
1432 Emitted when rich language rule has been removed from zone.
1433
1434 ServiceAdded(s: zone, s: service, i: timeout)
1435 Emitted when service has been added to zone with timeout.
1436
1437 ServiceRemoved(s: zone, s: service)
1438 Emitted when service has been removed from zone.
1439
1440 SourceAdded(s: zone, s: source)
1441 Emitted when source has been added to zone.
1442
1443 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1444 Emitted when source-port/protocol has been added to zone with
1445 timeout.
1446
1447 SourcePortRemoved(s: zone, s: port, s: protocol)
1448 Emitted when source-port/protocol has been removed from zone.
1449
1450 SourceRemoved(s: zone, s: source)
1451 Emitted when source has been removed from zone.
1452
1453 ZoneChanged(s: zone, s: interface)
1454 Deprecated
1455
1456 ZoneOfInterfaceChanged(s: zone, s: interface)
1457 Emitted when a zone an interface is part of has been changed to
1458 zone.
1459
1460 ZoneOfSourceChanged(s: zone, s: source)
1461 Emitted when a zone an source is part of has been changed to
1462 zone.
1463
1464 ZoneUpdated2(s: zone, a{sv}: settings)
1465 Emitted when a zone's settings are updated via
1466 org.fedoraproject.FirewallD1.zone.Methods.setZoneSettings2
1467
1468 org.fedoraproject.FirewallD1.policy
1469 Operations in this interface allows one to get, add, remove and query
1470 runtime policy settings. For permanent settings see
1471 org.fedoraproject.FirewallD1.config.policy interface.
1472
1473 Methods
1474 getActivePolicies() → a{sa{sas}}
1475 Return dictionary of currently active policies altogether with
1476 ingress zones and egress zones used in these policies. Active
1477 policies are policies, that have a binding to an active ingress
1478 zone and an active egress zone.
1479
1480 Return value is a dictionary where keys are policy names (s)
1481 and values are again dictionaries where keys are either
1482 'ingress_zones' or 'egress_zones' and values are arrays of zone
1483 names (s).
1484
1485 getPolicies() → as
1486 Return array of names (s) of predefined policies known to
1487 current runtime environment. For list of policies known to
1488 permanent environment see
1489 org.fedoraproject.FirewallD1.config.Methods.listPolicies. The
1490 lists (of policies known to runtime and permanent environment)
1491 will contain same policies in most cases, but might differ for
1492 example if
1493 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1494 called recently, but firewalld has not been reloaded since
1495 then.
1496
1497 getPolicySettings(s: policy) → a{sv}
1498 Return runtime settings of given policy. For getting permanent
1499 settings see
1500 org.fedoraproject.FirewallD1.config.policy.Methods.getSettings.
1501 Settings are a dictionary indexed by keywords. For possible
1502 keywords see
1503 org.fedoraproject.FirewallD1.config.Methods.addPolicy. If the
1504 value is empty it may be omitted.
1505
1506 Possible errors: INVALID_POLICY
1507
1508 setPolicySettings(s: policy, a{sv}: settings, i: timeout)
1509 Set runtime settings of given policy. For setting permanent
1510 settings see
1511 org.fedoraproject.FirewallD1.config.policy.Methods.update.
1512 Settings are a dictionary indexed by keywords. For possible
1513 keywords see
1514 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
1515 a value pass an empty string or list. Some keywords are not
1516 available to modify in the runtime: description, name,
1517 priority, target, version.
1518
1519 Possible errors: INVALID_POLICY
1520
1521 Signals
1522 ForwardPortAdded(s: policy, a{sv}: settings)
1523 Emitted when a policy's settings are updated via
1524 org.fedoraproject.FirewallD1.policy.Methods.setPolicySettings
1525
1526 org.fedoraproject.FirewallD1.config
1527 Allows one to permanently add, remove and query zones, services and
1528 icmp types.
1529
1530 Methods
1531 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1532 Add ipset with given settings into permanent configuration.
1533 Settings are in format: version, name, description, type,
1534 dictionary of options and array of entries.
1535
1536 version (s): see version attribute of ipset tag in
1537 firewalld.ipset(5).
1538
1539 name (s): see short tag in firewalld.ipset(5).
1540
1541 description (s): see description tag in firewalld.ipset(5).
1542
1543 type (s): see type attribute of ipset tag in
1544 firewalld.ipset(5).
1545
1546 options (a{ss}): dictionary of {option : value} . See options
1547 tag in firewalld.ipset(5).
1548
1549 entries (as): array of entries, see entry tag in
1550 firewalld.ipset(5).
1551
1552 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1553
1554 addIcmpType(s: icmptype, (sssas): settings) → o
1555 Add icmptype with given settings into permanent configuration.
1556 Settings are in format: version, name, description, array of
1557 destinations. Returns object path of the new icmp type.
1558
1559 version (s): see version attribute of icmptype tag in
1560 firewalld.icmptype(5).
1561
1562 name (s): see short tag in firewalld.icmptype(5).
1563
1564 description (s): see description tag in firewalld.icmptype(5).
1565
1566 destinations (as): array, either empty or containing strings
1567 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1568
1569 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1570
1571 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1572 This function is deprecated, use
1573 org.fedoraproject.FirewallD1.config.Methods.addService2
1574 instead.
1575
1576 addService2s: service, a{sv}: settings) → o
1577 Add service with given settings into permanent configuration.
1578 Settings are a dictionary indexed by keywords. For the type of
1579 each value see below. To zero a value pass an empty string or
1580 list.
1581
1582 version (s): see version attribute of service tag in
1583 firewalld.service(5).
1584
1585 name (s): see short tag in firewalld.service(5).
1586
1587 description (s): see description tag in firewalld.service(5).
1588
1589 ports (a(ss)): array of port and protocol pairs. See port tag
1590 in firewalld.service(5).
1591
1592 module names (as): array of kernel netfilter helpers, see
1593 module tag in firewalld.service(5).
1594
1595 destinations (a{ss}): dictionary of {IP family : IP address}
1596 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1597 destination tag in firewalld.service(5).
1598
1599 protocols (as): array of protocols, see protocol tag in
1600 firewalld.service(5).
1601
1602 source_ports (a(ss)): array of port and protocol pairs. See
1603 source-port tag in firewalld.service(5).
1604
1605 includes (as): array of service includes, see include tag in
1606 firewalld.service(5).
1607
1608 helpers (as): array of service helpers, see helper tag in
1609 firewalld.service(5).
1610
1611 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1612
1613 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings)
1614 → o
1615 This function is deprecated, use
1616 org.fedoraproject.FirewallD1.config.Methods.addZone2 instead.
1617
1618 addZone2(s: zone, a{sv}: settings) → o
1619 Add zone with given settings into permanent configuration.
1620 Settings are a dictionary indexed by keywords. For the type of
1621 each value see below. To zero a value pass an empty string or
1622 list.
1623
1624 version (s): see version attribute of zone tag in
1625 firewalld.zone(5).
1626
1627 name (s): see short tag in firewalld.zone(5).
1628
1629 description (s): see description tag in firewalld.zone(5).
1630
1631 target (s): see target attribute of zone tag in
1632 firewalld.zone(5).
1633
1634 services (as): array of service names, see service tag in
1635 firewalld.zone(5).
1636
1637 ports (a(ss)): array of port and protocol pairs. See port tag
1638 in firewalld.zone(5).
1639
1640 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1641 firewalld.zone(5).
1642
1643 masquerade (b): see masquerade tag in firewalld.zone(5).
1644
1645 forward_ports (a(ssss)): array of (port, protocol, to-port,
1646 to-addr). See forward-port tag in firewalld.zone(5).
1647
1648 interfaces (as): array of interfaces. See interface tag in
1649 firewalld.zone(5).
1650
1651 sources (as): array of source addresses. See source tag in
1652 firewalld.zone(5).
1653
1654 rules_str (as): array of rich-language rules. See rule tag in
1655 firewalld.zone(5).
1656
1657 protocols (as): array of protocols, see protocol tag in
1658 firewalld.zone(5).
1659
1660 source_ports (a(ss)): array of port and protocol pairs. See
1661 source-port tag in firewalld.zone(5).
1662
1663 icmp_block_inversion (b): see icmp-block-inversion tag in
1664 firewalld.zone(5).
1665
1666 forward (b): see forward tag in firewalld.zone(5).
1667
1668 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1669
1670 addPolicy(s: policy, a{sv}: settings) → o
1671 Add policy with given settings into permanent configuration.
1672 Settings are a dictionary indexed by keywords. For the type of
1673 each value see below. If a keyword is omitted the default value
1674 will be used.
1675
1676 description (s): see description tag in firewalld.policy(5).
1677
1678 egress_zones as: array of zone names. See egress-zone tag in
1679 firewalld.policy(5).
1680
1681 forward_ports (a(ssss)): array of (port, protocol, to-port,
1682 to-addr). See forward-port tag in firewalld.policy(5).
1683
1684 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1685 firewalld.policy(5).
1686
1687 ingress_zones as: array of zone names. See ingress-zone tag in
1688 firewalld.policy(5).
1689
1690 masquerade (b): see masquerade tag in firewalld.policy(5).
1691
1692 ports (a(ss)): array of port and protocol pairs. See port tag
1693 in firewalld.policy(5).
1694
1695 priority (i): see priority tag in firewalld.policy(5).
1696
1697 protocols (as): array of protocols, see protocol tag in
1698 firewalld.policy(5).
1699
1700 rich_rules (as): array of rich-language rules. See rule tag in
1701 firewalld.policy(5).
1702
1703 services (as): array of service names, see service tag in
1704 firewalld.policy(5).
1705
1706 short (s): see short tag in firewalld.policy(5).
1707
1708 source_ports (a(ss)): array of port and protocol pairs. See
1709 source-port tag in firewalld.policy(5).
1710
1711 target (s): see target attribute of policy tag in
1712 firewalld.policy(5).
1713
1714 version (s): see version attribute of policy tag in
1715 firewalld.policy(5).
1716
1717 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1718
1719 getHelperByName(s: helper) → o
1720 Return object path (permanent configuration) of helper with
1721 given name.
1722
1723 Possible errors: INVALID_HELPER
1724
1725 getHelperNames() → as
1726 Return list of helper names (permanent configuration).
1727
1728 getIPSetByName(s: ipset) → o
1729 Return object path (permanent configuration) of ipset with
1730 given name.
1731
1732 Possible errors: INVALID_IPSET
1733
1734 getIPSetNames() → as
1735 Return list of ipset names (permanent configuration).
1736
1737 getIcmpTypeByName(s: icmptype) → o
1738 Return object path (permanent configuration) of icmptype with
1739 given name.
1740
1741 Possible errors: INVALID_ICMPTYPE
1742
1743 getIcmpTypeNames() → as
1744 Return list of icmptype names (permanent configuration).
1745
1746 getServiceByName(s: service) → o
1747 Return object path (permanent configuration) of service with
1748 given name.
1749
1750 Possible errors: INVALID_SERVICE
1751
1752 getServiceNames() → as
1753 Return list of service names (permanent configuration).
1754
1755 getZoneByName(s: zone) → o
1756 Return object path (permanent configuration) of zone with given
1757 name.
1758
1759 Possible errors: INVALID_ZONE
1760
1761 getZoneNames() → as
1762 Return list of zone names (permanent configuration) of.
1763
1764 getZoneOfInterface(s: iface) → s
1765 Return name of zone the iface is bound to or empty string.
1766
1767 getZoneOfSource(s: source) → s
1768 Return name of zone the source is bound to or empty string.
1769
1770 getPolicyByName(s: policy) → o
1771 Return object path (permanent configuration) of policy with
1772 given name.
1773
1774 Possible errors: INVALID_POLICY
1775
1776 getPolicyNames() → as
1777 Return list of policy names (permanent configuration).
1778
1779 listHelpers() → ao
1780 Return array of object paths (o) of helper in permanent
1781 configuration. For runtime configuration see
1782 org.fedoraproject.FirewallD1.Methods.getHelpers.
1783
1784 listIPSets() → ao
1785 Return array of object paths (o) of ipset in permanent
1786 configuration. For runtime configuration see
1787 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1788
1789 listIcmpTypes() → ao
1790 Return array of object paths (o) of icmp types in permanent
1791 configuration. For runtime configuration see
1792 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1793
1794 listServices() → ao
1795 Return array of objects paths (o) of services in permanent
1796 configuration. For runtime configuration see
1797 org.fedoraproject.FirewallD1.Methods.listServices.
1798
1799 listZones() → ao
1800 List object paths of zones known to permanent environment. For
1801 list of zones known to runtime environment see
1802 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1803 (of zones known to runtime and permanent environment) will
1804 contain same zones in most cases, but might differ for example
1805 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1806 called recently, but firewalld has not been reloaded since
1807 then.
1808
1809 listPolicies() → ao
1810 List object paths of policies known to permanent environment.
1811 For list of policies known to runtime environment see
1812 org.fedoraproject.FirewallD1.policy.Methods.getPolicies. The
1813 lists (of policies known to runtime and permanent environment)
1814 will contain same policies in most cases, but might differ for
1815 example if
1816 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1817 called recently, but firewalld has not been reloaded since
1818 then.
1819
1820 Signals
1821 HelperAdded(s: helper)
1822 Emitted when helper has been added.
1823
1824 IPSetAdded(s: ipset)
1825 Emitted when ipset has been added.
1826
1827 IcmpTypeAdded(s: icmptype)
1828 Emitted when icmptype has been added.
1829
1830 ServiceAdded(s: service)
1831 Emitted when service has been added.
1832
1833 ZoneAdded(s: zone)
1834 Emitted when zone has been added.
1835
1836 Properties
1837 AllowZoneDrifting - s - (rw)
1838 Deprecated. Getting this value always returns "no". Setting
1839 this value is ignored.
1840
1841 AutomaticHelpers - s - (rw)
1842 Deprecated. Getting this value always returns "no". Setting
1843 this value is ignored.
1844
1845 CleanupModulesOnExit - s - (rw)
1846 Setting this option to yes or true unloads all firewall-related
1847 kernel modules when firewalld is stopped.
1848
1849 CleanupOnExit - s - (rw)
1850 If firewalld stops, it cleans up all firewall rules. Setting
1851 this option to no or false leaves the current firewall rules
1852 untouched.
1853
1854 DefaultZone - s - (ro)
1855 Default zone for connections or interfaces if the zone is not
1856 selected or specified by NetworkManager, initscripts or command
1857 line tool.
1858
1859 FirewallBackend - s - (rw)
1860 Selects the firewalld backend for all rules except the direct
1861 interface. Valid options are; nftables, iptables. Default in
1862 nftables.
1863
1864 Note: The iptables backend is deprecated. It will be removed in
1865 a future release.
1866
1867 FlushAllOnReload - s - (rw)
1868 Flush all runtime rules on a reload. Valid options are; yes,
1869 no.
1870
1871 IPv6_rpfilter - s - (rw)
1872 Indicates whether the reverse path filter test on a packet for
1873 IPv6 is enabled. If a reply to the packet would be sent via the
1874 same interface that the packet arrived on, the packet will
1875 match and be accepted, otherwise dropped.
1876
1877 IndividualCalls - s - (ro)
1878 Indicates whether individual calls combined -restore calls are
1879 used. If enabled, this increases the time that is needed to
1880 apply changes and to start the daemon, but is good for
1881 debugging.
1882
1883 Lockdown - s - (rw)
1884 If this property is enabled, firewall changes with the D-Bus
1885 interface will be limited to applications that are listed in
1886 the lockdown whitelist.
1887
1888 LogDenied - s - (rw)
1889 If LogDenied is enabled, then logging rules are added right
1890 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1891 chains for the default rules and also final reject and drop
1892 rules in zones. Possible values are: all, unicast, broadcast,
1893 multicast and off.
1894
1895 MinimalMark - i - (rw)
1896 Deprecated. This option is ignored and no longer used. Marks
1897 are no longer used internally.
1898
1899 RFC3964_IPv4 - s - (rw)
1900 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1901 addresses that correspond to IPv4 addresses that should not be
1902 routed over the public internet. Valid options are; yes, no.
1903
1904 org.fedoraproject.FirewallD1.config.direct
1905 DEPRECATED
1906 The direct interface has been deprecated. It will be removed in a
1907 future release. It is superseded by policies, see
1908 firewalld.policies(5).
1909
1910 Interface for permanent direct configuration, see also
1911 firewalld.direct(5). For runtime direct configuration see
1912 org.fedoraproject.FirewallD1.direct interface.
1913
1914 Methods
1915 addChain(s: ipv, s: table, s: chain) → Nothing
1916 Add a new chain to table for ipv being either ipv4 (iptables)
1917 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1918 other chain with this name already. There already exist basic
1919 chains to use with direct methods, for example INPUT_direct
1920 chain. These chains are jumped into before chains for zones,
1921 i.e. every rule put into INPUT_direct will be checked before
1922 rules in zones. For runtime operation see
1923 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1924
1925 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1926
1927 addPassthrough(s: ipv, as: args) → Nothing
1928 Add a passthrough rule with the arguments args for ipv being
1929 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1930 For runtime operation see
1931 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1932
1933 Possible errors: INVALID_IPV, ALREADY_ENABLED
1934
1935 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1936 Nothing
1937 Add a rule with the arguments args to chain in table with
1938 priority for ipv being either ipv4 (iptables) or ipv6
1939 (ip6tables) or eb (ebtables). The priority is used to order
1940 rules. Priority 0 means add rule on top of the chain, with a
1941 higher priority the rule will be added further down. Rules with
1942 the same priority are on the same level and the order of these
1943 rules is not fixed and may change. If you want to make sure
1944 that a rule will be added after another one, use a low priority
1945 for the first and a higher for the following. For runtime
1946 operation see
1947 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1948
1949 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1950
1951 getAllChains() → a(sss)
1952 Get all chains added to all tables in format: ipv, table,
1953 chain. This concerns only chains previously added with
1954 addChain. Return value is a array of (ipv, table, chain). For
1955 runtime operation see
1956 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1957
1958 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1959 (ebtables).
1960
1961 table (s): one of filter, mangle, nat, raw, security
1962
1963 chain (s): name of a chain.
1964
1965
1966 getAllPassthroughs() → a(sas)
1967 Get all passthrough rules added in all ipv types in format:
1968 ipv, rule. This concerns only rules previously added with
1969 addPassthrough. Return value is a array of (ipv, array of
1970 arguments). For runtime operation see
1971 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1972
1973 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1974 (ebtables).
1975
1976 arguments (as): array of commands, parameters and other
1977 iptables/ip6tables/ebtables command line options.
1978
1979
1980 getAllRules() → a(sssias)
1981 Get all rules added to all chains in all tables in format: ipv,
1982 table, chain, priority, rule. This concerns only rules
1983 previously added with addRule. Return value is a array of (ipv,
1984 table, chain, priority, array of arguments). For runtime
1985 operation see
1986 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
1987
1988 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1989 (ebtables).
1990
1991 table (s): one of filter, mangle, nat, raw, security
1992
1993 chain (s): name of a chain.
1994
1995 priority (i): used to order rules.
1996
1997 arguments (as): array of commands, parameters and other
1998 iptables/ip6tables/ebtables command line options.
1999
2000
2001 getChains(s: ipv, s: table) → as
2002 Return an array of chains (s) added to table for ipv being
2003 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2004 This concerns only chains previously added with addChain. For
2005 runtime operation see
2006 org.fedoraproject.FirewallD1.direct.Methods.getChains.
2007
2008 Possible errors: INVALID_IPV, INVALID_TABLE
2009
2010 getPassthroughs(s: ipv) → aas
2011 Get tracked passthrough rules added in either ipv4 (iptables)
2012 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2013 previously added with addPassthrough. Return value is a array
2014 of (array of arguments). For runtime operation see
2015 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
2016
2017 arguments (as): array of commands, parameters and other
2018 iptables/ip6tables/ebtables command line options.
2019
2020
2021 getRules(s: ipv, s: table, s: chain) → a(ias)
2022 Get all rules added to chain in table for ipv being either ipv4
2023 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2024 only rules previously added with addRule. Return value is a
2025 array of (priority, array of arguments). For runtime operation
2026 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
2027
2028 priority (i): used to order rules.
2029
2030 arguments (as): array of commands, parameters and other
2031 iptables/ip6tables/ebtables command line options.
2032
2033 Possible errors: INVALID_IPV, INVALID_TABLE
2034
2035 getSettings() → (a(sss)a(sssias)a(sas))
2036 Get settings of permanent direct configuration in format: array
2037 of chains, array of rules, array of passthroughs.
2038
2039 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2040 firewalld.direct(5).
2041 .
2042 .PP rules (a(sssias)): array of (ipv, table,
2043 chain, priority, array of arguments), see 'rule' in
2044 firewalld.direct(5).
2045 .
2046 .PP passthroughs (a(sas)): array of (ipv,
2047 array of arguments), see passthrough in firewalld.direct(5).
2048 .
2049 .sp
2050
2051 queryChain(s: ipv, s: table, s: chain) → b
2052 Return whether a chain exists in table for ipv being either
2053 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
2054 concerns only chains previously added with addChain. For
2055 runtime operation see
2056 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
2057
2058 Possible errors: INVALID_IPV, INVALID_TABLE
2059
2060 queryPassthrough(s: ipv, as: args) → b
2061 Return whether a tracked passthrough rule with the arguments
2062 args exists for ipv being either ipv4 (iptables) or ipv6
2063 (ip6tables) or eb (ebtables). This concerns only rules
2064 previously added with addPassthrough. For runtime operation see
2065 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
2066
2067 Possible errors: INVALID_IPV
2068
2069 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
2070 Return whether a rule with priority and the arguments args
2071 exists in chain in table for ipv being either ipv4 (iptables)
2072 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2073 previously added with addRule. For runtime operation see
2074 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
2075
2076 Possible errors: INVALID_IPV, INVALID_TABLE
2077
2078 removeChain(s: ipv, s: table, s: chain) → Nothing
2079 Remove a chain from table for ipv being either ipv4 (iptables)
2080 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
2081 added with addChain can be removed this way. For runtime
2082 operation see
2083 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
2084
2085 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2086
2087 removePassthrough(s: ipv, as: args) → Nothing
2088 Remove a passthrough rule with arguments args for ipv being
2089 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2090 Only rules previously added with addPassthrough can be removed
2091 this way. For runtime operation see
2092 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
2093
2094 Possible errors: INVALID_IPV, NOT_ENABLED
2095
2096 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
2097 Nothing
2098 Remove a rule with priority and arguments args from chain in
2099 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
2100 or eb (ebtables). Only rules previously added with addRule can
2101 be removed this way. For runtime operation see
2102 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
2103
2104 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2105
2106 removeRules(s: ipv, s: table, s: chain) → Nothing
2107 Remove all rules from chain in table for ipv being either ipv4
2108 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2109 only rules previously added with addRule. For runtime operation
2110 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
2111
2112 Possible errors: INVALID_IPV, INVALID_TABLE
2113
2114 update((a(sss)a(sssias)a(sas)): settings) → Nothing
2115 Update permanent direct configuration with given settings.
2116 Settings are in format: array of chains, array of rules, array
2117 of passthroughs.
2118
2119 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2120 firewalld.direct(5).
2121 .
2122 .PP rules (a(sssias)): array of (ipv, table,
2123 chain, priority, array of arguments), see 'rule' in
2124 firewalld.direct(5).
2125 .
2126 .PP passthroughs (a(sas)): array of (ipv,
2127 array of arguments), see passthrough in firewalld.direct(5).
2128 .
2129 .sp Possible errors: INVALID_TYPE
2130
2131 Signals
2132 Updated()
2133 Emitted when configuration has been updated.
2134
2135 org.fedoraproject.FirewallD1.config.policies
2136 Interface for permanent lockdown-whitelist configuration, see also
2137 firewalld.lockdown-whitelist(5). For runtime configuration see
2138 org.fedoraproject.FirewallD1.policies interface.
2139
2140 Methods
2141 addLockdownWhitelistCommand(s: command) → Nothing
2142 Add command to whitelist. See command option in
2143 firewalld.lockdown-whitelist(5). For runtime operation see
2144 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
2145
2146 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2147
2148 addLockdownWhitelistContext(s: context) → Nothing
2149 Add context to whitelist. See selinux option in
2150 firewalld.lockdown-whitelist(5). For runtime operation see
2151 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
2152
2153 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2154
2155 addLockdownWhitelistUid(i: uid) → Nothing
2156 Add user id uid to whitelist. See user option in
2157 firewalld.lockdown-whitelist(5). For runtime operation see
2158 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
2159
2160 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2161
2162 addLockdownWhitelistUser(s: user) → Nothing
2163 Add user name to whitelist. See user option in
2164 firewalld.lockdown-whitelist(5). For runtime operation see
2165 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
2166
2167 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2168
2169 getLockdownWhitelist() → (asasasai)
2170 Get settings of permanent lockdown-whitelist configuration in
2171 format: commands, selinux contexts, users, uids
2172
2173 commands (as): see command option in firewalld.lockdown-
2174 whitelist(5).
2175
2176 selinux contexts (as): see selinux option in
2177 firewalld.lockdown-whitelist(5).
2178
2179 users (as): see name attribute of user option in
2180 firewalld.lockdown-whitelist(5).
2181
2182 uids (ai): see id attribute of user option in
2183 firewalld.lockdown-whitelist(5).
2184
2185
2186 getLockdownWhitelistCommands() → as
2187 List all command lines (s) that are on whitelist. For runtime
2188 operation see
2189 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
2190
2191 getLockdownWhitelistContexts() → as
2192 List all contexts (s) that are on whitelist. For runtime
2193 operation see
2194 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2195
2196 getLockdownWhitelistUids() → ai
2197 List all user ids (i) that are on whitelist. For runtime
2198 operation see
2199 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2200
2201 getLockdownWhitelistUsers() → as
2202 List all users (s) that are on whitelist. For runtime operation
2203 see
2204 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2205
2206 queryLockdownWhitelistCommand(s: command) → b
2207 Query whether command is on whitelist. For runtime operation
2208 see
2209 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2210
2211 queryLockdownWhitelistContext(s: context) → b
2212 Query whether context is on whitelist. For runtime operation
2213 see
2214 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2215
2216 queryLockdownWhitelistUid(i: uid) → b
2217 Query whether user id uid is on whitelist. For runtime
2218 operation see
2219 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2220
2221 queryLockdownWhitelistUser(s: user) → b
2222 Query whether user is on whitelist. For runtime operation see
2223 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2224
2225 removeLockdownWhitelistCommand(s: command) → Nothing
2226 Remove command from whitelist. For runtime operation see
2227 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2228
2229 Possible errors: NOT_ENABLED
2230
2231 removeLockdownWhitelistContext(s: context) → Nothing
2232 Remove context from whitelist. For runtime operation see
2233 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2234
2235 Possible errors: NOT_ENABLED
2236
2237 removeLockdownWhitelistUid(i: uid) → Nothing
2238 Remove user id uid from whitelist. For runtime operation see
2239 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2240
2241 Possible errors: NOT_ENABLED
2242
2243 removeLockdownWhitelistUser(s: user) → Nothing
2244 Remove user from whitelist. For runtime operation see
2245 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2246
2247 Possible errors: NOT_ENABLED
2248
2249 setLockdownWhitelist((asasasai): settings) → Nothing
2250 Set permanent lockdown-whitelist configuration to settings.
2251 Settings are in format: commands, selinux contexts, users, uids
2252
2253 commands (as): see command option in firewalld.lockdown-
2254 whitelist(5).
2255
2256 selinux contexts (as): see selinux option in
2257 firewalld.lockdown-whitelist(5).
2258
2259 users (as): see name attribute of user option in
2260 firewalld.lockdown-whitelist(5).
2261
2262 uids (ai): see id attribute of user option in
2263 firewalld.lockdown-whitelist(5).
2264
2265 Possible errors: INVALID_TYPE
2266
2267 Signals
2268 LockdownWhitelistUpdated()
2269 Emitted when permanent lockdown-whitelist configuration has
2270 been updated.
2271
2272 org.fedoraproject.FirewallD1.config.ipset
2273 Interface for permanent ipset configuration, see also
2274 firewalld.ipset(5).
2275
2276 Methods
2277 addEntry(s: entry) → Nothing
2278 Permanently add entry to list of entries of ipset. See entry
2279 tag in firewalld.ipset(5). For runtime operation see
2280 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2281
2282 Possible errors: ALREADY_ENABLED
2283
2284 addOption(s: key, s: value) → Nothing
2285 Permanently add (key, value) to the ipset. See option tag in
2286 firewalld.ipset(5).
2287
2288 Possible errors: ALREADY_ENABLED
2289
2290 getDescription() → s
2291 Get description of ipset. See description tag in
2292 firewalld.ipset(5).
2293
2294 getEntries() → as
2295 Get list of entries added to ipset. See entry tag in
2296 firewalld.ipset(5). For runtime operation see
2297 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2298
2299 Possible errors: IPSET_WITH_TIMEOUT
2300
2301 getOptions() → a{ss}
2302 Get dictionary of options set for ipset. See option tag in
2303 firewalld.ipset(5).
2304
2305 getSettings() → (ssssa{ss}as)
2306 Return permanent settings of the ipset. For getting runtime
2307 settings see
2308 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2309 Settings are in format: version, name, description, type,
2310 dictionary of options and array of entries.
2311
2312 version (s): see version attribute of ipset tag in
2313 firewalld.ipset(5).
2314
2315 name (s): see short tag in firewalld.ipset(5).
2316
2317 description (s): see description tag in firewalld.ipset(5).
2318
2319 type (s): see type attribute of ipset tag in
2320 firewalld.ipset(5).
2321
2322 options (a{ss}): dictionary of {option : value} . See options
2323 tag in firewalld.ipset(5).
2324
2325 entries (as): array of entries, see entry tag in
2326 firewalld.ipset(5).
2327
2328
2329 getShort() → s
2330 Get name of ipset. See short tag in firewalld.ipset(5).
2331
2332 getType() → s
2333 Get type of ipset. See type attribute of ipset tag in
2334 firewalld.ipset(5).
2335
2336 getVersion() → s
2337 Get version of ipset. See version attribute of ipset tag in
2338 firewalld.ipset(5).
2339
2340 loadDefaults() → Nothing
2341 Load default settings for built-in ipset.
2342
2343 Possible errors: NO_DEFAULTS
2344
2345 queryEntry(s: entry) → b
2346 Return whether entry has been added to ipset. For runtime
2347 operation see
2348 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2349
2350 queryOption(s: key, s: value) → b
2351 Return whether (key, value) has been added to options of the
2352 ipset.
2353
2354 remove() → Nothing
2355 Remove not built-in ipset.
2356
2357 Possible errors: BUILTIN_IPSET
2358
2359 removeEntry(s: entry) → Nothing
2360 Permanently remove entry from ipset. See entry tag in
2361 firewalld.ipset(5). For runtime operation see
2362 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2363
2364 Possible errors: NOT_ENABLED
2365
2366 removeOption(s: key) → Nothing
2367 Permanently remove key from the ipset. See option tag in
2368 firewalld.ipset(5).
2369
2370 Possible errors: NOT_ENABLED
2371
2372 rename(s: name) → Nothing
2373 Rename not built-in ipset to name.
2374
2375 Possible errors: BUILTIN_IPSET
2376
2377 setDescription(s: description) → Nothing
2378 Permanently set description of ipset to description. See
2379 description tag in firewalld.ipset(5).
2380
2381 setEntries(as: entries) → Nothing
2382 Permanently set list of entries to entries. See entry tag in
2383 firewalld.ipset(5).
2384
2385 setOptions(a{ss}: options) → Nothing
2386 Permanently set dict of options to options. See option tag in
2387 firewalld.ipset(5).
2388
2389 setShort(s: short) → Nothing
2390 Permanently set name of ipset to short. See short tag in
2391 firewalld.ipset(5).
2392
2393 setType(s: ipset_type) → Nothing
2394 Permanently set type of ipset to ipset_type. See type attribute
2395 of ipset tag in firewalld.ipset(5).
2396
2397 setVersion(s: version) → Nothing
2398 Permanently set version of ipset to version. See version
2399 attribute of ipset tag in firewalld.ipset(5).
2400
2401 update((ssssa{ss}as): settings) → Nothing
2402 Update settings of ipset to settings. Settings are in format:
2403 version, name, description, type, dictionary of options and
2404 array of entries.
2405
2406 version (s): see version attribute of ipset tag in
2407 firewalld.ipset(5).
2408
2409 name (s): see short tag in firewalld.ipset(5).
2410
2411 description (s): see description tag in firewalld.ipset(5).
2412
2413 type (s): see type attribute of ipset tag in
2414 firewalld.ipset(5).
2415
2416 options (a{ss}): dictionary of {option : value} . See options
2417 tag in firewalld.ipset(5).
2418
2419 entries (as): array of entries, see entry tag in
2420 firewalld.ipset(5).
2421
2422 Possible errors: INVALID_TYPE
2423
2424 Signals
2425 Removed(s: name)
2426 Emitted when ipset with name has been removed.
2427
2428 Renamed(s: name)
2429 Emitted when ipset has been renamed to name.
2430
2431 Updated(s: name)
2432 Emitted when ipset with name has been updated.
2433
2434 Properties
2435 builtin - b - (ro)
2436 True if ipset is build-in, false else.
2437
2438 default - b - (ro)
2439 True if build-in ipset has default settings. False if it has
2440 been modified. Always False for not build-in ipsets.
2441
2442 filename - s - (ro)
2443 Name (including .xml extension) of file where the configuration
2444 is stored.
2445
2446 name - s - (ro)
2447 Name of ipset.
2448
2449 path - s - (ro)
2450 Path to directory where the ipset configuration is stored.
2451 Should be either /usr/lib/firewalld/ipsets or
2452 /etc/firewalld/ipsets.
2453
2454 org.fedoraproject.FirewallD1.config.zone
2455 Interface for permanent zone configuration, see also firewalld.zone(5).
2456
2457 Methods
2458 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2459 Nothing
2460 Permanently add (port, protocol, toport, toaddr) to list of
2461 forward ports of zone. See forward-port tag in
2462 firewalld.zone(5). For runtime operation see
2463 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2464
2465 Possible errors: ALREADY_ENABLED
2466
2467 addIcmpBlock(s: icmptype) → Nothing
2468 Permanently add icmptype to list of icmp types blocked in zone.
2469 See icmp-block tag in firewalld.zone(5). For runtime operation
2470 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2471
2472 Possible errors: ALREADY_ENABLED
2473
2474 addIcmpBlock(s: icmptype) → Nothing
2475 Permanently add icmp block inversion to zone. See
2476 icmp-block-inversion tag in firewalld.zone(5). For runtime
2477 operation see
2478 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2479
2480 Possible errors: ALREADY_ENABLED
2481
2482 addInterface(s: interface) → Nothing
2483 Permanently add interface to list of interfaces bound to zone.
2484 See interface tag in firewalld.zone(5). For runtime operation
2485 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2486
2487 Possible errors: ALREADY_ENABLED
2488
2489 addMasquerade() → Nothing
2490 Permanently enable masquerading in zone. See masquerade tag in
2491 firewalld.zone(5). For runtime operation see
2492 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2493
2494 Possible errors: ALREADY_ENABLED
2495
2496 addPort(s: port, s: protocol) → Nothing
2497 Permanently add (port, protocol) to list of ports of zone. See
2498 port tag in firewalld.zone(5). For runtime operation see
2499 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2500
2501 Possible errors: ALREADY_ENABLED
2502
2503 addProtocol(s: protocol) → Nothing
2504 Permanently add protocol into zone. The protocol can be any
2505 protocol supported by the system. Please have a look at
2506 /etc/protocols for supported protocols. For runtime operation
2507 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2508
2509 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2510
2511 addRichRule(s: rule) → Nothing
2512 Permanently add rule to list of rich-language rules in zone.
2513 See rule tag in firewalld.zone(5). For runtime operation see
2514 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2515
2516 Possible errors: ALREADY_ENABLED
2517
2518 addService(s: service) → Nothing
2519 Permanently add service to list of services used in zone. See
2520 service tag in firewalld.zone(5). For runtime operation see
2521 org.fedoraproject.FirewallD1.zone.Methods.addService.
2522
2523 Possible errors: ALREADY_ENABLED
2524
2525 addSource(s: source) → Nothing
2526 Permanently add source to list of source addresses bound to
2527 zone. See source tag in firewalld.zone(5). For runtime
2528 operation see
2529 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2530
2531 Possible errors: ALREADY_ENABLED
2532
2533 addSourcePort(s: port, s: protocol) → Nothing
2534 Permanently add (port, protocol) to list of source ports of
2535 zone. See source-port tag in firewalld.zone(5). For runtime
2536 operation see
2537 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2538
2539 Possible errors: ALREADY_ENABLED
2540
2541 getDescription() → s
2542 Get description of zone. See description tag in
2543 firewalld.zone(5).
2544
2545 getForwardPorts() → a(ssss)
2546 Get list of (port, protocol, toport, toaddr) defined in zone.
2547 See forward-port tag in firewalld.zone(5). For runtime
2548 operation see
2549 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2550
2551 getIcmpBlockInversion() → b
2552 Get icmp block inversion flag of zone. See icmp-block-inversion
2553 tag in firewalld.zone(5).
2554
2555 getIcmpBlocks() → as
2556 Get list of icmp type names blocked in zone. See icmp-block tag
2557 in firewalld.zone(5). For runtime operation see
2558 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2559
2560 getInterfaces() → as
2561 Get list of interfaces bound to zone. See interface tag in
2562 firewalld.zone(5). For runtime operation see
2563 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2564
2565 getMasquerade() → b
2566 Return whether masquerade is enabled in zone. This is the same
2567 as queryMasquerade() method. See masquerade tag in
2568 firewalld.zone(5).
2569
2570 getPorts() → a(ss)
2571 Get list of (port, protocol) defined in zone. See port tag in
2572 firewalld.zone(5). For runtime operation see
2573 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2574
2575 getProtocols() → as
2576 Return array of protocols (s) previously enabled in zone. For
2577 getting runtime settings see
2578 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2579
2580 getRichRules() → as
2581 Get list of rich-language rules in zone. See rule tag in
2582 firewalld.zone(5). For runtime operation see
2583 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2584
2585 getServices() → as
2586 Get list of service names used in zone. See service tag in
2587 firewalld.zone(5). For runtime operation see
2588 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2589
2590 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
2591 This function is deprecated, use
2592 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2
2593 instead.
2594
2595 getSettings2() → a{sv}
2596 Return permanent settings of given zone. For getting runtime
2597 settings see
2598 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2.
2599 Settings are a dictionary indexed by keywords. For the type of
2600 each value see below. If the value is empty it may be omitted.
2601
2602 version (s): see version attribute of zone tag in
2603 firewalld.zone(5).
2604
2605 name (s): see short tag in firewalld.zone(5).
2606
2607 description (s): see description tag in firewalld.zone(5).
2608
2609 target (s): see target attribute of zone tag in
2610 firewalld.zone(5).
2611
2612 services (as): array of service names, see service tag in
2613 firewalld.zone(5).
2614
2615 ports (a(ss)): array of port and protocol pairs. See port tag
2616 in firewalld.zone(5).
2617
2618 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2619 firewalld.zone(5).
2620
2621 masquerade (b): see masquerade tag in firewalld.zone(5).
2622
2623 forward_ports (a(ssss)): array of (port, protocol, to-port,
2624 to-addr). See forward-port tag in firewalld.zone(5).
2625
2626 interfaces (as): array of interfaces. See interface tag in
2627 firewalld.zone(5).
2628
2629 sources (as): array of source addresses. See source tag in
2630 firewalld.zone(5).
2631
2632 rules_str (as): array of rich-language rules. See rule tag in
2633 firewalld.zone(5).
2634
2635 protocols (as): array of protocols, see protocol tag in
2636 firewalld.zone(5).
2637
2638 source_ports (a(ss)): array of port and protocol pairs. See
2639 source-port tag in firewalld.zone(5).
2640
2641 icmp_block_inversion (b): see icmp-block-inversion tag in
2642 firewalld.zone(5).
2643
2644 forward (b): see forward tag in firewalld.zone(5).
2645
2646
2647 getShort() → s
2648 Get name of zone. See short tag in firewalld.zone(5).
2649
2650 getSourcePorts() → a(ss)
2651 Get list of (port, protocol) defined in zone. See source-port
2652 tag in firewalld.zone(5). For runtime operation see
2653 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2654
2655 getSources() → as
2656 Get list of source addresses bound to zone. See source tag in
2657 firewalld.zone(5). For runtime operation see
2658 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2659
2660 getTarget() → s
2661 Get target of zone. See target attribute of zone tag in
2662 firewalld.zone(5).
2663
2664 getVersion() → s
2665 Get version of zone. See version attribute of zone tag in
2666 firewalld.zone(5).
2667
2668 loadDefaults() → Nothing
2669 Load default settings for built-in zone.
2670
2671 Possible errors: NO_DEFAULTS
2672
2673 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2674 Return whether (port, protocol, toport, toaddr) is in list of
2675 forward ports of zone. See forward-port tag in
2676 firewalld.zone(5). For runtime operation see
2677 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2678
2679 queryIcmpBlock(s: icmptype) → b
2680 Return whether icmptype is in list of icmp types blocked in
2681 zone. See icmp-block tag in firewalld.zone(5). For runtime
2682 operation see
2683 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2684
2685 queryIcmpBlockInversion() → b
2686 Return whether icmp block inversion is in enabled in zone. See
2687 icmp-block-inversion tag in firewalld.zone(5). For runtime
2688 operation see
2689 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2690
2691 queryInterface(s: interface) → b
2692 Return whether interface is in list of interfaces bound to
2693 zone. See interface tag in firewalld.zone(5). For runtime
2694 operation see
2695 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2696
2697 queryMasquerade() → b
2698 Return whether masquerade is enabled in zone. This is the same
2699 as getMasquerade() method. See masquerade tag in
2700 firewalld.zone(5). For runtime operation see
2701 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2702
2703 queryPort(s: port, s: protocol) → b
2704 Return whether (port, protocol) is in list of ports of zone.
2705 See port tag in firewalld.zone(5). For runtime operation see
2706 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2707
2708 queryProtocol(s: protocol) → b
2709 Return whether protocol has been added in zone. For runtime
2710 operation see
2711 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2712
2713 Possible errors: INVALID_PROTOCOL
2714
2715 queryRichRule(s: rule) → b
2716 Return whether rule is in list of rich-language rules in zone.
2717 See rule tag in firewalld.zone(5). For runtime operation see
2718 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2719
2720 queryService(s: service) → b
2721 Return whether service is in list of services used in zone. See
2722 service tag in firewalld.zone(5). For runtime operation see
2723 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2724
2725 querySource(s: source) → b
2726 Return whether source is in list of source addresses bound to
2727 zone. See source tag in firewalld.zone(5). For runtime
2728 operation see
2729 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2730
2731 querySourcePort(s: port, s: protocol) → b
2732 Return whether (port, protocol) is in list of source ports of
2733 zone. See source-port tag in firewalld.zone(5). For runtime
2734 operation see
2735 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2736
2737 remove() → Nothing
2738 Remove not built-in zone.
2739
2740 Possible errors: BUILTIN_ZONE
2741
2742 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2743 Nothing
2744 Permanently remove (port, protocol, toport, toaddr) from list
2745 of forward ports of zone. See forward-port tag in
2746 firewalld.zone(5). For runtime operation see
2747 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2748
2749 Possible errors: NOT_ENABLED
2750
2751 removeIcmpBlock(s: icmptype) → Nothing
2752 Permanently remove icmptype from list of icmp types blocked in
2753 zone. See icmp-block tag in firewalld.zone(5). For runtime
2754 operation see
2755 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2756
2757 Possible errors: NOT_ENABLED
2758
2759 removeIcmpBlockInversion() → Nothing
2760 Permanently remove icmp block inversion from the zone. See
2761 icmp-block-inversion tag in firewalld.zone(5). For runtime
2762 operation see
2763 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2764
2765 Possible errors: NOT_ENABLED
2766
2767 removeInterface(s: interface) → Nothing
2768 Permanently remove interface from list of interfaces bound to
2769 zone. See interface tag in firewalld.zone(5). For runtime
2770 operation see
2771 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2772
2773 Possible errors: NOT_ENABLED
2774
2775 removeMasquerade() → Nothing
2776 Permanently disable masquerading in zone. See masquerade tag in
2777 firewalld.zone(5). For runtime operation see
2778 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2779
2780 Possible errors: NOT_ENABLED
2781
2782 removePort(s: port, s: protocol) → Nothing
2783 Permanently remove (port, protocol) from list of ports of zone.
2784 See port tag in firewalld.zone(5). For runtime operation see
2785 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2786
2787 Possible errors: NOT_ENABLED
2788
2789 removeProtocol(s: protocol) → Nothing
2790 Permanently remove protocol from zone. For runtime operation
2791 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2792
2793 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2794
2795 removeRichRule(s: rule) → Nothing
2796 Permanently remove rule from list of rich-language rules in
2797 zone. See rule tag in firewalld.zone(5). For runtime operation
2798 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2799
2800 Possible errors: NOT_ENABLED
2801
2802 removeService(s: service) → Nothing
2803 Permanently remove service from list of services used in zone.
2804 See service tag in firewalld.zone(5). For runtime operation see
2805 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2806
2807 Possible errors: NOT_ENABLED
2808
2809 removeSource(s: source) → Nothing
2810 Permanently remove source from list of source addresses bound
2811 to zone. See source tag in firewalld.zone(5). For runtime
2812 operation see
2813 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2814
2815 Possible errors: NOT_ENABLED
2816
2817 removeSourcePort(s: port, s: protocol) → Nothing
2818 Permanently remove (port, protocol) from list of source ports
2819 of zone. See source-port tag in firewalld.zone(5). For runtime
2820 operation see
2821 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2822
2823 Possible errors: NOT_ENABLED
2824
2825 rename(s: name) → Nothing
2826 Rename not built-in zone to name.
2827
2828 Possible errors: BUILTIN_ZONE
2829
2830 setDescription(s: description) → Nothing
2831 Permanently set description of zone to description. See
2832 description tag in firewalld.zone(5).
2833
2834 setForwardPorts(a(ssss): ports) → Nothing
2835 Permanently set forward ports of zone to list of (port,
2836 protocol, toport, toaddr). See forward-port tag in
2837 firewalld.zone(5).
2838
2839 setIcmpBlockInversion(b: flag) → Nothing
2840 Permanently set icmp block inversion flag of zone to flag. See
2841 icmp-block-inversion tag in firewalld.zone(5).
2842
2843 setIcmpBlocks(as: icmptypes) → Nothing
2844 Permanently set list of icmp types blocked in zone to
2845 icmptypes. See icmp-block tag in firewalld.zone(5).
2846
2847 setInterfaces(as: interfaces) → Nothing
2848 Permanently set list of interfaces bound to zone to interfaces.
2849 See interface tag in firewalld.zone(5).
2850
2851 setMasquerade(b: masquerade) → Nothing
2852 Permanently set masquerading in zone to masquerade. See
2853 masquerade tag in firewalld.zone(5).
2854
2855 setPorts(a(ss): ports) → Nothing
2856 Permanently set ports of zone to list of (port, protocol). See
2857 port tag in firewalld.zone(5).
2858
2859 setProtocols(as: protocols) → Nothing
2860 Permanently set list of protocols used in zone to protocols.
2861 See protocol tag in firewalld.zone(5).
2862
2863 setRichRules(as: rules) → Nothing
2864 Permanently set list of rich-language rules to rules. See rule
2865 tag in firewalld.zone(5).
2866
2867 setServices(as: services) → Nothing
2868 Permanently set list of services used in zone to services. See
2869 service tag in firewalld.zone(5).
2870
2871 setShort(s: short) → Nothing
2872 Permanently set name of zone to short. See short tag in
2873 firewalld.zone(5).
2874
2875 setSourcePorts(a(ss): ports) → Nothing
2876 Permanently set source-ports of zone to list of (port,
2877 protocol). See source-port tag in firewalld.zone(5).
2878
2879 setSources(as: sources) → Nothing
2880 Permanently set list of source addresses bound to zone to
2881 sources. See source tag in firewalld.zone(5).
2882
2883 setTarget(s: target) → Nothing
2884 Permanently set target of zone to target. See target attribute
2885 of zone tag in firewalld.zone(5).
2886
2887 setVersion(s: version) → Nothing
2888 Permanently set version of zone to version. See version
2889 attribute of zone tag in firewalld.zone(5).
2890
2891 update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing
2892 This function is deprecated, use
2893 org.fedoraproject.FirewallD1.config.zone.Methods.update2
2894 instead.
2895
2896 update2(a{sv}: settings) → Nothing
2897 Update settings of zone to settings. Settings are a dictionary
2898 indexed by keywords. For the type of each value see below. To
2899 zero a value pass an empty string or list.
2900
2901 version (s): see version attribute of zone tag in
2902 firewalld.zone(5).
2903
2904 name (s): see short tag in firewalld.zone(5).
2905
2906 description (s): see description tag in firewalld.zone(5).
2907
2908 target (s): see target attribute of zone tag in
2909 firewalld.zone(5).
2910
2911 services (as): array of service names, see service tag in
2912 firewalld.zone(5).
2913
2914 ports (a(ss)): array of port and protocol pairs. See port tag
2915 in firewalld.zone(5).
2916
2917 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2918 firewalld.zone(5).
2919
2920 masquerade (b): see masquerade tag in firewalld.zone(5).
2921
2922 forward_ports (a(ssss)): array of (port, protocol, to-port,
2923 to-addr). See forward-port tag in firewalld.zone(5).
2924
2925 interfaces (as): array of interfaces. See interface tag in
2926 firewalld.zone(5).
2927
2928 sources (as): array of source addresses. See source tag in
2929 firewalld.zone(5).
2930
2931 rules_str (as): array of rich-language rules. See rule tag in
2932 firewalld.zone(5).
2933
2934 protocols (as): array of protocols, see protocol tag in
2935 firewalld.zone(5).
2936
2937 source_ports (a(ss)): array of port and protocol pairs. See
2938 source-port tag in firewalld.zone(5).
2939
2940 icmp_block_inversion (b): see icmp-block-inversion tag in
2941 firewalld.zone(5).
2942
2943 forward (b): see forward tag in firewalld.zone(5).
2944
2945 Possible errors: INVALID_TYPE
2946
2947 Signals
2948 Removed(s: name)
2949 Emitted when zone with name has been removed.
2950
2951 Renamed(s: name)
2952 Emitted when zone has been renamed to name.
2953
2954 Updated(s: name)
2955 Emitted when zone with name has been updated.
2956
2957 Properties
2958 builtin - b - (ro)
2959 True if zone is build-in, false else.
2960
2961 default - b - (ro)
2962 True if build-in zone has default settings. False if it has
2963 been modified. Always False for not build-in zones.
2964
2965 filename - s - (ro)
2966 Name (including .xml extension) of file where the configuration
2967 is stored.
2968
2969 name - s - (ro)
2970 Name of zone.
2971
2972 path - s - (ro)
2973 Path to directory where the zone configuration is stored.
2974 Should be either /usr/lib/firewalld/zones or
2975 /etc/firewalld/zones.
2976
2977 org.fedoraproject.FirewallD1.config.policy
2978 Interface for permanent policy configuration, see also
2979 firewalld.policy(5).
2980
2981 Methods
2982 getSettings() → a{sv}
2983 Return permanent settings of given policy. For getting runtime
2984 settings see
2985 org.fedoraproject.FirewallD1.policy.Methods.getPolicySettings.
2986 Settings are a dictionary indexed by keywords. For possible
2987 keywords see
2988 org.fedoraproject.FirewallD1.config.Methods.addPolicy.
2989
2990 loadDefaults() → Nothing
2991 Load default settings for built-in policy.
2992
2993 Possible errors: NO_DEFAULTS
2994
2995 remove() → Nothing
2996 Remove not built-in policy.
2997
2998 Possible errors: BUILTIN_POLICY
2999
3000 rename(s: name) → Nothing
3001 Rename not built-in policy to name.
3002
3003 Possible errors: BUILTIN_POLICY
3004
3005 update(a{sv}: settings) → Nothing
3006 Update settings of policy to settings. Settings are a
3007 dictionary indexed by keywords. For possible keywords see
3008 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
3009 a value pass an empty string or list.
3010
3011 Possible errors: INVALID_TYPE
3012
3013 Signals
3014 Removed(s: name)
3015 Emitted when policy with name has been removed.
3016
3017 Renamed(s: name)
3018 Emitted when policy has been renamed to name.
3019
3020 Updated(s: name)
3021 Emitted when policy with name has been updated.
3022
3023 Properties
3024 builtin - b - (ro)
3025 True if policy is build-in, false else.
3026
3027 default - b - (ro)
3028 True if build-in policy has default settings. False if it has
3029 been modified. Always False for not build-in policies.
3030
3031 filename - s - (ro)
3032 Name (including .xml extension) of file where the configuration
3033 is stored.
3034
3035 name - s - (ro)
3036 Name of policy.
3037
3038 path - s - (ro)
3039 Path to directory where the policy configuration is stored.
3040 Should be either /usr/lib/firewalld/policies or
3041 /etc/firewalld/policies.
3042
3043 org.fedoraproject.FirewallD1.config.service
3044 Interface for permanent service configuration, see also
3045 firewalld.service(5).
3046
3047 Methods
3048 addModule(s: module) → Nothing
3049 This method is deprecated. Please use "helpers" in the
3050 update2() method.
3051
3052 addPort(s: port, s: protocol) → Nothing
3053 Permanently add (port, protocol) to list of ports in service.
3054 See port tag in firewalld.service(5).
3055
3056 Possible errors: ALREADY_ENABLED
3057
3058 addProtocol(s: protocol) → Nothing
3059 Permanently add protocol into zone. The protocol can be any
3060 protocol supported by the system. Please have a look at
3061 /etc/protocols for supported protocols. See protocol tag in
3062 firewalld.service(5).
3063
3064 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
3065
3066 addSourcePort(s: port, s: protocol) → Nothing
3067 Permanently add (port, protocol) to list of source ports in
3068 service. See source-port tag in firewalld.service(5).
3069
3070 Possible errors: ALREADY_ENABLED
3071
3072 getDescription() → s
3073 Get description of service. See description tag in
3074 firewalld.service(5).
3075
3076 getDestination(s: family) → s
3077 Get destination for IP family being either 'ipv4' or 'ipv6'.
3078 See destination tag in firewalld.service(5).
3079
3080 Possible errors: ALREADY_ENABLED
3081
3082 getDestinations() → a{ss}
3083 Get list of destinations. Return value is a dictionary of {IP
3084 family : IP address} where 'IP family' key can be either 'ipv4'
3085 or 'ipv6'. See destination tag in firewalld.service(5).
3086
3087 getModules() → as
3088 This method is deprecated. Please use "helpers" in the
3089 getSettings2() method.
3090
3091 getPorts() → a(ss)
3092 Get list of (port, protocol) defined in service. See port tag
3093 in firewalld.service(5).
3094
3095 getProtocols() → as
3096 Return array of protocols (s) defined in service. See protocol
3097 tag in firewalld.service(5).
3098
3099 getSettings() → (sssa(ss)asa{ss}asa(ss))
3100 This function is deprecated, use
3101 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
3102 instead.
3103
3104 getSettings2(s: service) → s{sv}
3105 Return runtime settings of given service. For getting runtime
3106 settings see
3107 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
3108 Settings are a dictionary indexed by keywords. For the type of
3109 each value see below. If the value is empty it may be omitted.
3110
3111 version (s): see version attribute of service tag in
3112 firewalld.service(5).
3113
3114 name (s): see short tag in firewalld.service(5).
3115
3116 description (s): see description tag in firewalld.service(5).
3117
3118 ports (a(ss)): array of port and protocol pairs. See port tag
3119 in firewalld.service(5).
3120
3121 module names (as): array of kernel netfilter helpers, see
3122 module tag in firewalld.service(5).
3123
3124 destinations (a{ss}): dictionary of {IP family : IP address}
3125 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3126 destination tag in firewalld.service(5).
3127
3128 protocols (as): array of protocols, see protocol tag in
3129 firewalld.service(5).
3130
3131 source_ports (a(ss)): array of port and protocol pairs. See
3132 source-port tag in firewalld.service(5).
3133
3134 includes (as): array of service includes, see include tag in
3135 firewalld.service(5).
3136
3137 helpers (as): array of service helpers, see helper tag in
3138 firewalld.service(5).
3139
3140
3141 getShort() → s
3142 Get name of service. See short tag in firewalld.service(5).
3143
3144 getSourcePorts() → a(ss)
3145 Get list of (port, protocol) defined in service. See
3146 source-port tag in firewalld.service(5).
3147
3148 getVersion() → s
3149 Get version of service. See version attribute of service tag in
3150 firewalld.service(5).
3151
3152 loadDefaults() → Nothing
3153 Load default settings for built-in service.
3154
3155 Possible errors: NO_DEFAULTS
3156
3157 queryDestination(s: family, s: address) → b
3158 Return whether a destination is in dictionary of destinations
3159 of this service. destination is in format: (IP family, IP
3160 address) where IP family can be either 'ipv4' or 'ipv6'. See
3161 destination tag in firewalld.service(5).
3162
3163 queryModule(s: module) → b
3164 This method is deprecated. Please use "helpers" in the
3165 getSettings2() method.
3166
3167 queryPort(s: port, s: protocol) → b
3168 Return whether (port, protocol) is in list of ports in service.
3169 See port tag in firewalld.service(5).
3170
3171 queryProtocol(s: protocol) → b
3172 Return whether protocol is in list of protocols in service. See
3173 protocol tag in firewalld.service(5).
3174
3175 querySourcePort(s: port, s: protocol) → b
3176 Return whether (port, protocol) is in list of source ports in
3177 service. See source-port tag in firewalld.service(5).
3178
3179 remove() → Nothing
3180 Remove not built-in service.
3181
3182 Possible errors: BUILTIN_SERVICE
3183
3184 removeDestination(s: family) → Nothing
3185 Permanently remove a destination with family ('ipv4' or 'ipv6')
3186 from service. See destination tag in firewalld.service(5).
3187
3188 Possible errors: NOT_ENABLED
3189
3190 removeModule(s: module) → Nothing
3191 This method is deprecated. Please use "helpers" in the
3192 update2() method.
3193
3194 removePort(s: port, s: protocol) → Nothing
3195 Permanently remove (port, protocol) from list of ports in
3196 service. See port tag in firewalld.service(5).
3197
3198 Possible errors: NOT_ENABLED
3199
3200 removeProtocol(s: protocol) → Nothing
3201 Permanently remove protocol from list of protocols in service.
3202 See protocol tag in firewalld.service(5).
3203
3204 Possible errors: NOT_ENABLED
3205
3206 removeSourcePort(s: port, s: protocol) → Nothing
3207 Permanently remove (port, protocol) from list of source ports
3208 in service. See source-port tag in firewalld.service(5).
3209
3210 Possible errors: NOT_ENABLED
3211
3212 rename(s: name) → Nothing
3213 Rename not built-in service to name.
3214
3215 Possible errors: BUILTIN_SERVICE
3216
3217 setDescription(s: description) → Nothing
3218 Permanently set description of service to description. See
3219 description tag in firewalld.service(5).
3220
3221 setDestination(s: family, s: address) → Nothing
3222 Permanently set a destination address. destination is in
3223 format: (IP family, IP address) where IP family can be either
3224 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
3225
3226 Possible errors: ALREADY_ENABLED
3227
3228 setDestinations(a{ss}: destinations) → Nothing
3229 Permanently set destinations of service to destinations, which
3230 is a dictionary of {IP family : IP address} where 'IP family'
3231 key can be either 'ipv4' or 'ipv6'. See destination tag in
3232 firewalld.service(5).
3233
3234 setModules(as: modules) → Nothing
3235 This method is deprecated. Please use "helpers" in the
3236 update2() method.
3237
3238 setPorts(a(ss): ports) → Nothing
3239 Permanently set ports of service to list of (port, protocol).
3240 See port tag in firewalld.service(5).
3241
3242 setProtocols(as: protocols) → Nothing
3243 Permanently set protocols of service to list of protocols. See
3244 protocol tag in firewalld.service(5).
3245
3246 setShort(s: short) → Nothing
3247 Permanently set name of service to short. See short tag in
3248 firewalld.service(5).
3249
3250 setSourcePorts(a(ss): ports) → Nothing
3251 Permanently set source-ports of service to list of (port,
3252 protocol). See source-port tag in firewalld.service(5).
3253
3254 setVersion(s: version) → Nothing
3255 Permanently set version of service to version. See version
3256 attribute of service tag in firewalld.service(5).
3257
3258 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
3259 This function is deprecated, use
3260 org.fedoraproject.FirewallD1.config.service.Methods.update2
3261 instead.
3262
3263 update2a{sv}: settings) → Nothing
3264 Update settings of service to settings. Settings are a
3265 dictionary indexed by keywords. For the type of each value see
3266 below. To zero a value pass an empty string or list.
3267
3268 version (s): see version attribute of service tag in
3269 firewalld.service(5).
3270
3271 name (s): see short tag in firewalld.service(5).
3272
3273 description (s): see description tag in firewalld.service(5).
3274
3275 ports (a(ss)): array of port and protocol pairs. See port tag
3276 in firewalld.service(5).
3277
3278 module names (as): array of kernel netfilter helpers, see
3279 module tag in firewalld.service(5).
3280
3281 destinations (a{ss}): dictionary of {IP family : IP address}
3282 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3283 destination tag in firewalld.service(5).
3284
3285 protocols (as): array of protocols, see protocol tag in
3286 firewalld.service(5).
3287
3288 source_ports (a(ss)): array of port and protocol pairs. See
3289 source-port tag in firewalld.service(5).
3290
3291 includes (as): array of service includes, see include tag in
3292 firewalld.service(5).
3293
3294 helpers (as): array of service helpers, see helper tag in
3295 firewalld.service(5).
3296
3297 Possible errors: INVALID_TYPE
3298
3299 Signals
3300 Removed(s: name)
3301 Emitted when service with name has been removed.
3302
3303 Renamed(s: name)
3304 Emitted when service has been renamed to name.
3305
3306 Updated(s: name)
3307 Emitted when service with name has been updated.
3308
3309 Properties
3310 builtin - b - (ro)
3311 True if service is build-in, false else.
3312
3313 default - b - (ro)
3314 True if build-in service has default settings. False if it has
3315 been modified. Always False for not build-in services.
3316
3317 filename - s - (ro)
3318 Name (including .xml extension) of file where the configuration
3319 is stored.
3320
3321 name - s - (ro)
3322 Name of service.
3323
3324 path - s - (ro)
3325 Path to directory where the configuration is stored. Should be
3326 either /usr/lib/firewalld/services or /etc/firewalld/services.
3327
3328 org.fedoraproject.FirewallD1.config.helper
3329 Interface for permanent helper configuration, see also
3330 firewalld.helper(5).
3331
3332 Methods
3333 addPort(s: port, s: protocol) → Nothing
3334 Permanently add (port, protocol) to list of ports in helper.
3335 See port tag in firewalld.helper(5).
3336
3337 Possible errors: ALREADY_ENABLED
3338
3339 getDescription() → s
3340 Get description of helper. See description tag in
3341 firewalld.helper(5).
3342
3343 getFamily() → s
3344 Get family being 'ipv4', 'ipv6' or empty for both. See family
3345 tag in firewalld.helper(5).
3346
3347 getModule() → s
3348 Get modules (netfilter kernel helpers) used in helper. See
3349 module tag in firewalld.helper(5).
3350
3351 getPorts() → a(ss)
3352 Get list of (port, protocol) defined in helper. See port tag in
3353 firewalld.helper(5).
3354
3355 getSettings() → (sssssa(ss))
3356 Return permanent settings of a helper. For getting runtime
3357 settings see
3358 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3359 Settings are in format: version, name, description, family,
3360 module, array of ports (port, protocol).
3361
3362 version (s): see version attribute of helper tag in
3363 firewalld.helper(5).
3364
3365 name (s): see short tag in firewalld.helper(5).
3366
3367 description (s): see description tag in firewalld.helper(5).
3368
3369 family (s): see family tag in firewalld.helper(5).
3370
3371 module (s): see module tag in firewalld.helper(5).
3372
3373 ports (a(ss)): array of port and protocol pairs. See port tag
3374 in firewalld.helper(5).
3375
3376
3377 getShort() → s
3378 Get name of helper. See short tag in firewalld.helper(5).
3379
3380 getVersion() → s
3381 Get version of helper. See version attribute of helper tag in
3382 firewalld.helper(5).
3383
3384 loadDefaults() → Nothing
3385 Load default settings for built-in helper.
3386
3387 Possible errors: NO_DEFAULTS
3388
3389 queryFamily(s: module) → b
3390 Return whether family is set for helper. See family tag in
3391 firewalld.helper(5).
3392
3393 queryModule(s: module) → b
3394 Return whether module (netfilter kernel helpers) is used in
3395 helper. See module tag in firewalld.helper(5).
3396
3397 queryPort(s: port, s: protocol) → b
3398 Return whether (port, protocol) is in list of ports in helper.
3399 See port tag in firewalld.helper(5).
3400
3401 remove() → Nothing
3402 Remove not built-in helper.
3403
3404 Possible errors: BUILTIN_HELPER
3405
3406 removePort(s: port, s: protocol) → Nothing
3407 Permanently remove (port, protocol) from list of ports in
3408 helper. See port tag in firewalld.helper(5).
3409
3410 Possible errors: NOT_ENABLED
3411
3412 rename(s: name) → Nothing
3413 Rename not built-in helper to name.
3414
3415 Possible errors: BUILTIN_HELPER
3416
3417 setDescription(s: description) → Nothing
3418 Permanently set description of helper to description. See
3419 description tag in firewalld.helper(5).
3420
3421 setFamily(s: family) → Nothing
3422 Permanently set family of helper to family. See family tag in
3423 firewalld.helper(5).
3424
3425 setModule(s: module) → Nothing
3426 Permanently set module of helper to description. See module tag
3427 in firewalld.helper(5).
3428
3429 setPorts(a(ss): ports) → Nothing
3430 Permanently set ports of helper to list of (port, protocol).
3431 See port tag in firewalld.helper(5).
3432
3433 setShort(s: short) → Nothing
3434 Permanently set name of helper to short. See short tag in
3435 firewalld.helper(5).
3436
3437 setVersion(s: version) → Nothing
3438 Permanently set version of helper to version. See version
3439 attribute of helper tag in firewalld.helper(5).
3440
3441 update((sssssa(ss)): settings) → Nothing
3442 Update settings of helper to settings. Settings are in format:
3443 version, name, description, family, module and array of ports.
3444
3445 version (s): see version attribute of helper tag in
3446 firewalld.helper(5).
3447
3448 name (s): see short tag in firewalld.helper(5).
3449
3450 description (s): see description tag in firewalld.helper(5).
3451
3452 family (s): see family tag in firewalld.helper(5).
3453
3454 module (s): see module tag in firewalld.helper(5).
3455
3456 ports (a(ss)): array of port and protocol pairs. See port tag
3457 in firewalld.helper(5).
3458
3459 Possible errors: INVALID_HELPER
3460
3461 Signals
3462 Removed(s: name)
3463 Emitted when helper with name has been removed.
3464
3465 Renamed(s: name)
3466 Emitted when helper has been renamed to name.
3467
3468 Updated(s: name)
3469 Emitted when helper with name has been updated.
3470
3471 Properties
3472 builtin - b - (ro)
3473 True if helper is build-in, false else.
3474
3475 default - b - (ro)
3476 True if build-in helper has default settings. False if it has
3477 been modified. Always False for not build-in helpers.
3478
3479 filename - s - (ro)
3480 Name (including .xml extension) of file where the configuration
3481 is stored.
3482
3483 name - s - (ro)
3484 Name of helper.
3485
3486 path - s - (ro)
3487 Path to directory where the configuration is stored. Should be
3488 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3489
3490 org.fedoraproject.FirewallD1.config.icmptype
3491 Interface for permanent icmp type configuration, see also
3492 firewalld.icmptype(5).
3493
3494 Methods
3495 addDestination(s: destination) → Nothing
3496 Permanently add a destination ('ipv4' or 'ipv6') to list of
3497 destinations of this icmp type. See destination tag in
3498 firewalld.icmptype(5).
3499
3500 Possible errors: ALREADY_ENABLED
3501
3502 getDescription() → s
3503 Get description of icmp type. See description tag in
3504 firewalld.icmptype(5).
3505
3506 getDestinations() → as
3507 Get list of destinations. See destination tag in
3508 firewalld.icmptype(5).
3509
3510 getSettings() → (sssas)
3511 Return permanent settings of icmp type. For getting runtime
3512 settings see
3513 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3514 Settings are in format: version, name, description, array of
3515 destinations.
3516
3517 version (s): see version attribute of icmptype tag in
3518 firewalld.icmptype(5).
3519
3520 name (s): see short tag in firewalld.icmptype(5).
3521
3522 description (s): see description tag in firewalld.icmptype(5).
3523
3524 destinations (as): array, either empty or containing strings
3525 'ipv4' and/or 'ipv6', see destination tag in
3526 firewalld.icmptype(5).
3527
3528
3529 getShort() → s
3530 Get name of icmp type. See short tag in firewalld.icmptype(5).
3531
3532 getVersion() → s
3533 Get version of icmp type. See version attribute of icmptype tag
3534 in firewalld.icmptype(5).
3535
3536 loadDefaults() → Nothing
3537 Load default settings for built-in icmp type.
3538
3539 Possible errors: NO_DEFAULTS
3540
3541 queryDestination(s: destination) → b
3542 Return whether a destination ('ipv4' or 'ipv6') is in list of
3543 destinations of this icmp type. See destination tag in
3544 firewalld.icmptype(5).
3545
3546 remove() → Nothing
3547 Remove not built-in icmp type.
3548
3549 Possible errors: BUILTIN_ICMPTYPE
3550
3551 removeDestination(s: destination) → Nothing
3552 Permanently remove a destination ('ipv4' or 'ipv6') from list
3553 of destinations of this icmp type. See destination tag in
3554 firewalld.icmptype(5).
3555
3556 Possible errors: NOT_ENABLED
3557
3558 rename(s: name) → Nothing
3559 Rename not built-in icmp type to name.
3560
3561 Possible errors: BUILTIN_ICMPTYPE
3562
3563 setDescription(s: description) → Nothing
3564 Permanently set description of icmp type to description. See
3565 description tag in firewalld.icmptype(5).
3566
3567 setDestinations(as: destinations) → Nothing
3568 Permanently set destinations of icmp type to destinations,
3569 which is array, either empty or containing strings 'ipv4'
3570 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3571
3572 setShort(s: short) → Nothing
3573 Permanently set name of icmp type to short. See short tag in
3574 firewalld.icmptype(5).
3575
3576 setVersion(s: version) → Nothing
3577 Permanently set version of icmp type to version. See version
3578 attribute of icmptype tag in firewalld.icmptype(5).
3579
3580 update((sssas): settings) → Nothing
3581 Update permanent settings of icmp type to settings. Settings
3582 are in format: version, name, description, array of
3583 destinations.
3584
3585 version (s): see version attribute of icmptype tag in
3586 firewalld.icmptype(5).
3587
3588 name (s): see short tag in firewalld.icmptype(5).
3589
3590 description (s): see description tag in firewalld.icmptype(5).
3591
3592 destinations (as): array, either empty or containing strings
3593 'ipv4' and/or 'ipv6', see destination tag in
3594 firewalld.icmptype(5).
3595
3596
3597 Signals
3598 Removed(s: name)
3599 Emitted when icmp type with name has been removed.
3600
3601 Renamed(s: name)
3602 Emitted when icmp type has been renamed to name.
3603
3604 Updated(s: name)
3605 Emitted when icmp type with name has been updated.
3606
3607 Properties
3608 builtin - b - (ro)
3609 True if icmptype is build-in, false else.
3610
3611 default - b - (ro)
3612 True if build-in icmp type has default settings. False if it
3613 has been modified. Always False for not build-in zones.
3614
3615 filename - s - (ro)
3616 Name (including .xml extension) of file where the configuration
3617 is stored.
3618
3619 name - s - (ro)
3620 Name of icmp type.
3621
3622 path - s - (ro)
3623 Path to directory where the icmp type configuration is stored.
3624 Should be either /usr/lib/firewalld/icmptypes or
3625 /etc/firewalld/icmptypes.
3626
3628 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3629 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3630 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3631 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3632 firewalld.zone(5), firewalld.zones(5), firewalld.policy(5),
3633 firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
3634
3636 firewalld home page:
3637 http://firewalld.org
3638
3639 More documentation with examples:
3640 http://fedoraproject.org/wiki/FirewallD
3641
3643 Thomas Woerner <twoerner@redhat.com>
3644 Developer
3645
3646 Jiri Popelka <jpopelka@redhat.com>
3647 Developer
3648
3649 Eric Garver <eric@garver.life>
3650 Developer
3651
3652
3653
3654firewalld 1.0.5 FIREWALLD.DBUS(5)