1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct (deprecated)
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct (deprecated)
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75 disablePanicMode() → Nothing
77 resetToDefaults() → Nothing
79 Reset firewall to its default configuration, then reload
80 firewall. This effects both runtime and permanent
81 configuration.
82 Disable panic mode. After disabling panic mode established
83 connections might work again, if panic mode was enabled for a
84 short period of time.
85 Possible errors: NOT_ENABLED, COMMAND_FAILED
87 enablePanicMode() → Nothing
89 Enable panic mode. All incoming and outgoing packets are
90 dropped, active connections will expire. Enable this only if
91 there are serious problems with your network environment.
92 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
94 getAutomaticHelpers() → s
96 Deprecated. This always returns "no".
97 getDefaultZone() → s
99 Return default zone.
100 getHelperSettings(s: helper) → (sssssa(ss))
102 Return runtime settings of given helper. For getting permanent
103 settings see
104 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
105 Settings are in format: version, name, description, family,
106 module and array of ports.
107 version (s): see version attribute of helper tag in
109 firewalld.helper(5).
110 name (s): see short tag in firewalld.helper(5).
112 description (s): see description tag in firewalld.helper(5).
114 family (s): see family tag in firewalld.helper(5).
116 module (s): see module tag in firewalld.helper(5).
118 ports (a(ss)): array of port and protocol pairs. See port tag
120 in firewalld.helper(5).
121 Possible errors: INVALID_HELPER
123 getHelpers() → as
125 Return array of helper names (s) in runtime configuration. For
126 permanent configuration see
127 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
128 getIcmpTypeSettings(s: icmptype) → (sssas)
130 Return runtime settings of given icmptype. For getting
131 permanent settings see
132 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
133 Settings are in format: version, name, description, array of
134 destinations.
135 version (s): see version attribute of icmptype tag in
137 firewalld.icmptype(5).
138 name (s): see short tag in firewalld.icmptype(5).
140 description (s): see description tag in firewalld.icmptype(5).
142 destinations (as): array, either empty or containing strings
144 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
145 Possible errors: INVALID_ICMPTYPE
147 getLogDenied() → s
149 Returns the LogDenied value. If LogDenied is enabled, then
150 logging rules are added right before reject and drop rules in
151 the INPUT, FORWARD and OUTPUT chains for the default rules and
152 also final reject and drop rules in zones. Possible values are:
153 all, unicast, broadcast, multicast and off. The default value
154 is off
155 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
157 This function is deprecated, use
158 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
159 instead.
160 getServiceSettings2(s: service) → s{sv}
162 Return runtime settings of given service. For getting permanent
163 settings see
164 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
165 Settings are a dictionary indexed by keywords. For the type of
166 each value see below. If the value is empty it may be omitted.
167 version (s): see version attribute of service tag in
169 firewalld.service(5).
170 name (s): see short tag in firewalld.service(5).
172 description (s): see description tag in firewalld.service(5).
174 ports (a(ss)): array of port and protocol pairs. See port tag
176 in firewalld.service(5).
177 module names (as): array of kernel netfilter helpers, see
179 module tag in firewalld.service(5).
180 destinations (a{ss}): dictionary of {IP family : IP address}
182 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
183 destination tag in firewalld.service(5).
184 protocols (as): array of protocols, see protocol tag in
186 firewalld.service(5).
187 source_ports (a(ss)): array of port and protocol pairs. See
189 source-port tag in firewalld.service(5).
190 includes (as): array of service includes, see include tag in
192 firewalld.service(5).
193 helpers (as): array of service helpers, see helper tag in
195 firewalld.service(5).
196 Possible errors: INVALID_SERVICE
198 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
200 This function is deprecated, use
201 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2
202 instead.
203 listIcmpTypes() → as
205 Return array of names (s) of icmp types in runtime
206 configuration. For permanent configuration see
207 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
208 listServices() → as
210 Return array of service names (s) in runtime configuration. For
211 permanent configuration see
212 org.fedoraproject.FirewallD1.config.Methods.listServices.
213 queryPanicMode() → b
215 Return true if panic mode is enabled, false otherwise. In panic
216 mode all incoming and outgoing packets are dropped.
217 reload() → Nothing
219 Reload firewall rules and keep state information. Current
220 permanent configuration will become new runtime configuration,
221 i.e. all runtime only changes done until reload are lost with
222 reload if they have not been also in permanent configuration.
223 runtimeToPermanent() → Nothing
225 Make runtime settings permanent. Replaces permanent settings
226 with runtime settings for zones, services, icmptypes, direct
227 (deprecated) and policies (lockdown whitelist).
228 Possible errors: RT_TO_PERM_FAILED
230 checkPermanentConfig() → Nothing
232 Run checks on the permanent configuration. This is most useful
233 if changes were made manually to configuration files.
234 Possible errors: any
236 setDefaultZone(s: zone) → Nothing
238 Set default zone for connections and interfaces where no zone
239 has been selected to zone. Setting the default zone changes the
240 zone for the connections or interfaces, that are using the
241 default zone. This is a runtime and permanent change.
242 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
244 setLogDenied(s: value) → Nothing
246 Set LogDenied value to value. If LogDenied is enabled, then
247 logging rules are added right before reject and drop rules in
248 the INPUT, FORWARD and OUTPUT chains for the default rules and
249 also final reject and drop rules in zones. Possible values are:
250 all, unicast, broadcast, multicast and off. The default value
251 is off This is a runtime and permanent change.
252 Possible errors: ALREADY_SET, INVALID_VALUE
254 Signals
256 DefaultZoneChanged(s: zone)
257 Emitted when default zone has been changed to zone.
258 LogDeniedChanged(s: value)
260 Emitted when LogDenied value has been changed.
261 PanicModeDisabled()
263 Emitted when panic mode has been deactivated.
264 PanicModeEnabled()
266 Emitted when panic mode has been activated.
267 Reloaded()
269 Emitted when firewalld has been reloaded. Also emitted for a
270 complete reload.
271 Properties
273 BRIDGE - b - (ro)
274 Indicates whether the firewall has ethernet bridge support.
275 IPSet - b - (ro)
277 Indicates whether the firewall has IPSet support.
278 IPSetTypes - as - (ro)
280 The supported IPSet types by ipset and firewalld.
281 IPv4 - b - (ro)
283 Indicates whether the firewall has IPv4 support.
284 IPv4ICMPTypes - as - (ro)
286 The list of supported IPv4 ICMP types.
287 IPv6 - b - (ro)
289 Indicates whether the firewall has IPv6 support.
290 IPv6_rpfilter - b - (ro)
292 Indicates whether the reverse path filter test on a packet for
293 IPv6 is enabled. If a reply to the packet would be sent via the
294 same interface that the packet arrived on, the packet will
295 match and be accepted, otherwise dropped.
296 IPv6ICMPTypes - as - (ro)
298 The list of supported IPv6 ICMP types.
299 nf_conntrach_helper_setting - b - (ro)
301 Deprecated. Always False.
302 nf_conntrack_helpers - a{sas} - (ro)
304 Deprecated. Always returns an empty dictionary.
305 nf_nat_helpers - a{sas} - (ro)
307 Deprecated. Always returns an empty dictionary.
308 interface_version - s - (ro)
310 firewalld D-Bus interface version string.
311 state - s - (ro)
313 firewalld state. This can be either INIT, FAILED, or RUNNING.
314 In INIT state, firewalld is starting up and initializing. In
315 FAILED state, firewalld completely started but experienced a
316 failure.
317 version - s - (ro)
319 firewalld version string.
320 org.fedoraproject.FirewallD1.ipset
322 Operations in this interface allows one to get, add, remove and query
323 runtime ipset settings. For permanent configuration see
324 org.fedoraproject.FirewallD1.config.ipset interface.
325 Methods
327 addEntry(s: ipset, s: entry) → as
328 Add a new entry to ipset. The entry must match the type of the
329 ipset. If the ipset is using the timeout option, it is not
330 possible to see the entries, as they are timing out
331 automatically in the kernel. For permanent operation see
332 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
333 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
335 getEntries(s: ipset) → Nothing
337 Get all entries added to the ipset. If the ipset is using the
338 timeout option, it is not possible to see the entries, as they
339 are timing out automatically in the kernel. Return value is a
340 array of entry. For permanent operation see
341 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
342 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
344 getIPSetSettings(s: ipset) → (ssssa{ss}as)
346 Return runtime settings of given ipset. For getting permanent
347 settings see
348 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
349 Settings are in format: version, name, description, type,
350 dictionary of options and array of entries.
351 version (s): see version attribute of ipset tag in
353 firewalld.ipset(5).
354 name (s): see short tag in firewalld.ipset(5).
356 description (s): see description tag in firewalld.ipset(5).
358 type (s): see type attribute of ipset tag in
360 firewalld.ipset(5).
361 options (a{ss}): dictionary of {option : value} . See options
363 tag in firewalld.ipset(5).
364 entries (as): array of entries, see entry tag in
366 firewalld.ipset(5).
367 Possible errors: INVALID_IPSET
369 getIPSets() → as
371 Return array of ipset names (s) in runtime configuration. For
372 permanent configuration see
373 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
374 queryEntry(s: ipset, s: entry) → b
376 Return whether entry has been added to ipset. For permanent
377 operation see
378 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
379 Possible errors: INVALID_IPSET
381 queryIPSet(s: ipset) → b
383 Return whether ipset is defined in runtime configuration.
384 removeEntry(s: ipset, s: entry) → as
386 Removes an entry from ipset. For permanent operation see
387 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
388 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
390 setEntries(as: entries) → Nothing
392 Permanently set list of entries to entries. For permanent
393 operation see
394 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
395 See entry tag in firewalld.ipset(5).
396 Signals
398 EntryAdded(s: ipset, s: entry)
399 Emitted when entry has been added to ipset.
400 EntryRemoved(s: ipset, s: entry)
402 Emitted when entry has been removed from ipset.
403 org.fedoraproject.FirewallD1.direct
405 DEPRECATED
406 The direct interface has been deprecated. It will be removed in a
407 future release. It is superseded by policies, see
408 firewalld.policies(5).
409 This interface enables more direct access to the firewall. It enables
411 runtime manipulation with chains and rules. For permanent configuration
412 see org.fedoraproject.FirewallD1.config.direct interface.
413 Methods
415 addChain(s: ipv, s: table, s: chain) → Nothing
416 Add a new chain to table for ipv being either ipv4 (iptables)
417 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
418 other chain with this name already. There already exist basic
419 chains to use with direct methods, for example INPUT_direct
420 chain. These chains are jumped into before chains for zones,
421 i.e. every rule put into INPUT_direct will be checked before
422 rules in zones. For permanent operation see
423 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
424 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
426 COMMAND_FAILED
427 addPassthrough(s: ipv, as: args) → Nothing
429 Add a tracked passthrough rule with the arguments args for ipv
430 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
431 (ebtables). Valid commands in args are only -A/--append,
432 -I/--insert and -N/--new-chain. This method is (unlike
433 passthrough method) tracked, i.e. firewalld remembers it. It's
434 useful with
435 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
436 permanent operation see
437 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
438 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
440 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
442 Nothing
443 Add a rule with the arguments args to chain in table with
444 priority for ipv being either ipv4 (iptables) or ipv6
445 (ip6tables) or eb (ebtables). The priority is used to order
446 rules. Priority 0 means add rule on top of the chain, with a
447 higher priority the rule will be added further down. Rules with
448 the same priority are on the same level and the order of these
449 rules is not fixed and may change. If you want to make sure
450 that a rule will be added after another one, use a low priority
451 for the first and a higher for the following. For permanent
452 operation see
453 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
454 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
456 COMMAND_FAILED
457 getAllChains() → a(sss)
459 Get all chains added to all tables in format: ipv, table,
460 chain. This concerns only chains previously added with
461 addChain. Return value is a array of (ipv, table, chain). For
462 permanent operation see
463 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
464 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
466 (ebtables).
467 table (s): one of filter, mangle, nat, raw, security
469 chain (s): name of a chain.
471 getAllPassthroughs() → a(sas)
474 Get all tracked passthrough rules added in all ipv types in
475 format: ipv, rule. This concerns only rules previously added
476 with addPassthrough. Return value is a array of (ipv, array of
477 arguments). For permanent operation see
478 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
479 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
481 (ebtables).
482 arguments (as): array of commands, parameters and other
484 iptables/ip6tables/ebtables command line options.
485 getAllRules() → a(sssias)
488 Get all rules added to all chains in all tables in format: ipv,
489 table, chain, priority, rule. This concerns only rules
490 previously added with addRule. Return value is a array of (ipv,
491 table, chain, priority, array of arguments). For permanent
492 operation see
493 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
494 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
496 (ebtables).
497 table (s): one of filter, mangle, nat, raw, security
499 chain (s): name of a chain.
501 priority (i): used to order rules.
503 arguments (as): array of commands, parameters and other
505 iptables/ip6tables/ebtables command line options.
506 getChains(s: ipv, s: table) → as
509 Return an array of chains (s) added to table for ipv being
510 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
511 This concerns only chains previously added with addChain. For
512 permanent operation see
513 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
514 Possible errors: INVALID_IPV, INVALID_TABLE
516 getPassthroughs(s: ipv) → aas
518 Get tracked passthrough rules added in either ipv4 (iptables)
519 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
520 previously added with addPassthrough. Return value is a array
521 of (array of arguments). For permanent operation see
522 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
523 arguments (as): array of commands, parameters and other
525 iptables/ip6tables/ebtables command line options.
526 getRules(s: ipv, s: table, s: chain) → a(ias)
529 Get all rules added to chain in table for ipv being either ipv4
530 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
531 only rules previously added with addRule. Return value is a
532 array of (priority, array of arguments). For permanent
533 operation see
534 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
535 priority (i): used to order rules.
537 arguments (as): array of commands, parameters and other
539 iptables/ip6tables/ebtables command line options.
540 Possible errors: INVALID_IPV, INVALID_TABLE
542 passthrough(s: ipv, as: args) → s
544 Pass a command through to the firewall. ipv can be either ipv4
545 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
546 all iptables, ip6tables and ebtables command line arguments.
547 args can be all iptables, ip6tables and ebtables command line
548 arguments. This command is untracked, which means that
549 firewalld is not able to provide information about this command
550 later on.
551 Possible errors: COMMAND_FAILED
553 queryChain(s: ipv, s: table, s: chain) → b
555 Return whether a chain exists in table for ipv being either
556 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
557 concerns only chains previously added with addChain. For
558 permanent operation see
559 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
560 Possible errors: INVALID_IPV, INVALID_TABLE
562 queryPassthrough(s: ipv, as: args) → b
564 Return whether a tracked passthrough rule with the arguments
565 args exists for ipv being either ipv4 (iptables) or ipv6
566 (ip6tables) or eb (ebtables). This concerns only rules
567 previously added with addPassthrough. For permanent operation
568 see
569 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
570 Possible errors: INVALID_IPV
572 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
574 Return whether a rule with priority and the arguments args
575 exists in chain in table for ipv being either ipv4 (iptables)
576 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
577 previously added with addRule. For permanent operation see
578 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
579 Possible errors: INVALID_IPV, INVALID_TABLE
581 removeAllPassthroughs() → Nothing
583 Remove all passthrough rules previously added with
584 addPassthrough.
585 removeChain(s: ipv, s: table, s: chain) → Nothing
587 Remove a chain from table for ipv being either ipv4 (iptables)
588 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
589 added with addChain can be removed this way. For permanent
590 operation see
591 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
592 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
594 COMMAND_FAILED
595 removePassthrough(s: ipv, as: args) → Nothing
597 Remove a tracked passthrough rule with arguments args for ipv
598 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
599 (ebtables). Only rules previously added with addPassthrough can
600 be removed this way. For permanent operation see
601 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
602 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
604 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
606 Nothing
607 Remove a rule with priority and arguments args from chain in
608 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
609 or eb (ebtables). Only rules previously added with addRule can
610 be removed this way. For permanent operation see
611 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
612 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
614 COMMAND_FAILED
615 removeRules(s: ipv, s: table, s: chain) → Nothing
617 Remove all rules from chain in table for ipv being either ipv4
618 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
619 only rules previously added with addRule. For permanent
620 operation see
621 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
622 Possible errors: INVALID_IPV, INVALID_TABLE
624 Signals
626 ChainAdded(s: ipv, s: table, s: chain)
627 Emitted when chain has been added into table for ipv being
628 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
629 ChainRemoved(s: ipv, s: table, s: chain)
631 Emitted when chain has been removed from table for ipv being
632 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
633 PassthroughAdded(s: ipv, as: args)
635 Emitted when a tracked passthrough rule with args has been
636 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
637 or eb (ebtables).
638 PassthroughRemoved(s: ipv, as: args)
640 Emitted when a tracked passthrough rule with args has been
641 removed for ipv being either ipv4 (iptables) or ipv6
642 (ip6tables) or eb (ebtables).
643 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
645 Emitted when a rule with args has been added to chain in table
646 with priority for ipv being either ipv4 (iptables) or ipv6
647 (ip6tables) or eb (ebtables).
648 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
650 Emitted when a rule with args has been removed from chain in
651 table with priority for ipv being either ipv4 (iptables) or
652 ipv6 (ip6tables) or eb (ebtables).
653 org.fedoraproject.FirewallD1.policies
655 Enables firewalld to be able to lock down configuration changes from
656 local applications. Local applications or services are able to change
657 the firewall configuration if they are running as root (example:
658 libvirt). With these operations administrator can lock the firewall
659 configuration so that either none or only applications that are in the
660 whitelist are able to request firewall changes. For permanent
661 configuration see org.fedoraproject.FirewallD1.config.policies
662 interface.
663 Methods
665 addLockdownWhitelistCommand(s: command) → Nothing
666 Add command to whitelist. See command option in
667 firewalld.lockdown-whitelist(5). For permanent operation see
668 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
669 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
671 addLockdownWhitelistContext(s: context) → Nothing
673 Add context to whitelist. See selinux option in
674 firewalld.lockdown-whitelist(5). For permanent operation see
675 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
676 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
678 addLockdownWhitelistUid(i: uid) → Nothing
680 Add user id uid to whitelist. See user option in
681 firewalld.lockdown-whitelist(5). For permanent operation see
682 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
683 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
685 addLockdownWhitelistUser(s: user) → Nothing
687 Add user name to whitelist. See user option in
688 firewalld.lockdown-whitelist(5). For permanent operation see
689 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
690 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
692 disableLockdown() → Nothing
694 Disable lockdown. This is a runtime and permanent change.
695 Possible errors: NOT_ENABLED
697 enableLockdown() → Nothing
699 Enable lockdown. Be careful - if the calling application/user
700 is not on lockdown whitelist when you enable lockdown you won't
701 be able to disable it again with the application, you would
702 need to edit firewalld.conf. This is a runtime and permanent
703 change.
704 Possible errors: ALREADY_ENABLED
706 getLockdownWhitelistCommands() → as
708 List all command lines (s) that are on whitelist. For permanent
709 operation see
710 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
711 getLockdownWhitelistContexts() → as
713 List all contexts (s) that are on whitelist. For permanent
714 operation see
715 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
716 getLockdownWhitelistUids() → ai
718 List all user ids (i) that are on whitelist. For permanent
719 operation see
720 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
721 getLockdownWhitelistUsers() → as
723 List all users (s) that are on whitelist. For permanent
724 operation see
725 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
726 queryLockdown() → b
728 Query whether lockdown is enabled.
729 queryLockdownWhitelistCommand(s: command) → b
731 Query whether command is on whitelist. For permanent operation
732 see
733 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
734 queryLockdownWhitelistContext(s: context) → b
736 Query whether context is on whitelist. For permanent operation
737 see
738 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
739 queryLockdownWhitelistUid(i: uid) → b
741 Query whether user id uid is on whitelist. For permanent
742 operation see
743 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
744 queryLockdownWhitelistUser(s: user) → b
746 Query whether user is on whitelist. For permanent operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
748 removeLockdownWhitelistCommand(s: command) → Nothing
750 Remove command from whitelist. For permanent operation see
751 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
752 Possible errors: NOT_ENABLED
754 removeLockdownWhitelistContext(s: context) → Nothing
756 Remove context from whitelist. For permanent operation see
757 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
758 Possible errors: NOT_ENABLED
760 removeLockdownWhitelistUid(i: uid) → Nothing
762 Remove user id uid from whitelist. For permanent operation see
763 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
764 Possible errors: NOT_ENABLED
766 removeLockdownWhitelistUser(s: user) → Nothing
768 Remove user from whitelist. For permanent operation see
769 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
770 Possible errors: NOT_ENABLED
772 Signals
774 LockdownDisabled()
775 Emitted when lockdown has been disabled.
776 LockdownEnabled()
778 Emitted when lockdown has been enabled.
779 LockdownWhitelistCommandAdded(s: command)
781 Emitted when command has been added to whitelist.
782 LockdownWhitelistCommandRemoved(s: command)
784 Emitted when command has been removed from whitelist.
785 LockdownWhitelistContextAdded(s: context)
787 Emitted when context has been added to whitelist.
788 LockdownWhitelistContextRemoved(s: context)
790 Emitted when context has been removed from whitelist.
791 LockdownWhitelistUidAdded(i: uid)
793 Emitted when user id uid has been added to whitelist.
794 LockdownWhitelistUidRemoved(i: uid)
796 Emitted when user id uid has been removed from whitelist.
797 LockdownWhitelistUserAdded(s: user)
799 Emitted when user has been added to whitelist.
800 LockdownWhitelistUserRemoved(s: user)
802 Emitted when user has been removed from whitelist.
803 org.fedoraproject.FirewallD1.zone
805 Operations in this interface allows one to get, add, remove and query
806 runtime zone's settings. For permanent settings see
807 org.fedoraproject.FirewallD1.config.zone interface.
808 Methods
810 getZoneSettings2(s: zone) → a{sv}
811 Return runtime settings of given zone. For getting permanent
812 settings see
813 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2.
814 Settings are a dictionary indexed by keywords. For the type of
815 each value see below. If the value is empty it may be omitted.
816 version (s): see version attribute of zone tag in
818 firewalld.zone(5).
819 name (s): see short tag in firewalld.zone(5).
821 description (s): see description tag in firewalld.zone(5).
823 target (s): see target attribute of zone tag in
825 firewalld.zone(5).
826 services (as): array of service names, see service tag in
828 firewalld.zone(5).
829 ports (a(ss)): array of port and protocol pairs. See port tag
831 in firewalld.zone(5).
832 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
834 firewalld.zone(5).
835 masquerade (b): see masquerade tag in firewalld.zone(5).
837 forward_ports (a(ssss)): array of (port, protocol, to-port,
839 to-addr). See forward-port tag in firewalld.zone(5).
840 interfaces (as): array of interfaces. See interface tag in
842 firewalld.zone(5).
843 sources (as): array of source addresses. See source tag in
845 firewalld.zone(5).
846 rules_str (as): array of rich-language rules. See rule tag in
848 firewalld.zone(5).
849 protocols (as): array of protocols, see protocol tag in
851 firewalld.zone(5).
852 source_ports (a(ss)): array of port and protocol pairs. See
854 source-port tag in firewalld.zone(5).
855 icmp_block_inversion (b): see icmp-block-inversion tag in
857 firewalld.zone(5).
858 forward (b): see forward tag in firewalld.zone(5).
860 ingress-priority (i): see ingress-priority tag in
862 firewalld.zone(5).
863 egress-priority (i): see egress-priority tag in
865 firewalld.zone(5).
866 Possible errors: INVALID_ZONE
868 setZoneSettings2(s: zone, a{sv}: settings, i: timeout)
870 Set runtime settings of given zone. For setting permanent
871 settings see
872 org.fedoraproject.FirewallD1.config.zone.Methods.update2.
873 Settings are a dictionary indexed by keywords. For the type of
874 each value see below. To zero a value pass an empty string or
875 list.
876 services (as): array of service names, see service tag in
878 firewalld.zone(5).
879 ports (a(ss)): array of port and protocol pairs. See port tag
881 in firewalld.zone(5).
882 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
884 firewalld.zone(5).
885 masquerade (b): see masquerade tag in firewalld.zone(5).
887 forward_ports (a(ssss)): array of (port, protocol, to-port,
889 to-addr). See forward-port tag in firewalld.zone(5).
890 interfaces (as): array of interfaces. See interface tag in
892 firewalld.zone(5).
893 sources (as): array of source addresses. See source tag in
895 firewalld.zone(5).
896 rules_str (as): array of rich-language rules. See rule tag in
898 firewalld.zone(5).
899 protocols (as): array of protocols, see protocol tag in
901 firewalld.zone(5).
902 source_ports (a(ss)): array of port and protocol pairs. See
904 source-port tag in firewalld.zone(5).
905 icmp_block_inversion (b): see icmp-block-inversion tag in
907 firewalld.zone(5).
908 forward (b): see forward tag in firewalld.zone(5).
910 Possible errors: INVALID_ZONE
912 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
914 i: timeout) → s
915 Add the IPv4 forward port into zone. If zone is empty, use
916 default zone. The port can either be a single port number
917 portid or a port range portid-portid. The protocol can either
918 be tcp or udp. The destination address is a simple IP address.
919 If timeout is non-zero, the operation will be active only for
920 the amount of seconds. For permanent settings see
921 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
922 Returns name of zone to which the forward port was added.
924 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
926 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
927 ALREADY_ENABLED, INVALID_COMMAND
928 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
930 Add an ICMP block icmp into zone. The icmp is the one of the
931 icmp types firewalld supports. To get a listing of supported
932 icmp types use
933 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
934 empty, use default zone. If timeout is non-zero, the operation
935 will be active only for the amount of seconds. For permanent
936 settings see
937 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
938 Returns name of zone to which the ICMP block was added.
940 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
942 ALREADY_ENABLED, INVALID_COMMAND
943 addIcmpBlockInversion(s: zone) → s
945 Add ICMP block inversion to zone. If zone is empty, use default
946 zone. For permanent settings see
947 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
948 Returns name of zone to which the ICMP block inversion was
950 added.
951 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
953 addInterface(s: zone, s: interface) → s
955 Bind interface with zone. From now on all traffic going through
956 the interface will respect the zone's settings. If zone is
957 empty, use default zone. For permanent settings see
958 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
959 Returns name of zone to which the interface was bound.
961 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
963 ALREADY_ENABLED, INVALID_COMMAND
964 addMasquerade(s: zone, i: timeout) → s
966 Enable masquerade in zone. If zone is empty, use default zone.
967 If timeout is non-zero, masquerading will be active for the
968 amount of seconds. For permanent settings see
969 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
970 Returns name of zone in which the masquerade was enabled.
972 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
974 addPort(s: zone, s: port, s: protocol, i: timeout) → s
976 Add port into zone. If zone is empty, use default zone. The
977 port can either be a single port number or a port range
978 portid-portid. The protocol can either be tcp or udp. If
979 timeout is non-zero, the operation will be active only for the
980 amount of seconds. For permanent settings see
981 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
982 Returns name of zone to which the port was added.
984 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
986 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
987 addProtocol(s: zone, s: protocol, i: timeout) → s
989 Add protocol into zone. If zone is empty, use default zone. The
990 protocol can be any protocol supported by the system. Please
991 have a look at /etc/protocols for supported protocols. If
992 timeout is non-zero, the operation will be active only for the
993 amount of seconds. For permanent settings see
994 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
995 Returns name of zone to which the protocol was added.
997 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
999 ALREADY_ENABLED, INVALID_COMMAND
1000 addRichRule(s: zone, s: rule, i: timeout) → s
1002 Add rich language rule into zone. For the rich language rule
1003 syntax, please have a look at firewalld.direct(5). If zone is
1004 empty, use default zone. If timeout is non-zero, the operation
1005 will be active only for the amount of seconds. For permanent
1006 settings see
1007 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
1008 Returns name of zone to which the rich language rule was added.
1010 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
1012 INVALID_COMMAND
1013 addService(s: zone, s: service, i: timeout) → s
1015 Add service into zone. If zone is empty, use default zone. If
1016 timeout is non-zero, the operation will be active only for the
1017 amount of seconds. To get a list of supported services, use
1018 org.fedoraproject.FirewallD1.Methods.listServices. For
1019 permanent settings see
1020 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
1021 Returns name of zone to which the service was added.
1023 Possible errors: INVALID_ZONE, INVALID_SERVICE,
1025 ALREADY_ENABLED, INVALID_COMMAND
1026 addSource(s: zone, s: source) → s
1028 Bind source with zone. From now on all traffic going from this
1029 source will respect the zone's settings. A source address or
1030 address range is either an IP address or a network IP address
1031 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
1032 network mask or a plain number. For IPv6 the mask is a plain
1033 number. Use of host names is not supported. If zone is empty,
1034 use default zone. For permanent settings see
1035 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
1036 Returns name of zone to which the source was bound.
1038 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
1040 INVALID_COMMAND
1041 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
1043 Add source port into zone. If zone is empty, use default zone.
1044 The port can either be a single port number or a port range
1045 portid-portid. The protocol can either be tcp or udp. If
1046 timeout is non-zero, the operation will be active only for the
1047 amount of seconds. For permanent settings see
1048 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
1049 Returns name of zone to which the port was added.
1051 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1053 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
1054 changeZone(s: zone, s: interface) → s
1056 This function is deprecated, use
1057 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
1058 instead.
1059 changeZoneOfInterface(s: zone, s: interface) → s
1061 Change a zone an interface is bound to to zone. It's basically
1062 removeInterface(interface) followed by addInterface(zone,
1063 interface). If interface has not been bound to a zone before,
1064 it behaves like addInterface. If zone is empty, use default
1065 zone.
1066 Returns name of zone to which the interface was bound.
1068 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1070 changeZoneOfSource(s: zone, s: source) → s
1072 Change a zone an source is bound to to zone. It's basically
1073 removeSource(source) followed by addSource(zone, source). If
1074 source has not been bound to a zone before, it behaves like
1075 addSource. If zone is empty, use default zone.
1076 Returns name of zone to which the source was bound.
1078 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1080 getActiveZones() → a{sa{sas}}
1082 Return dictionary of currently active zones altogether with
1083 interfaces and sources used in these zones. Active zones are
1084 zones, that have a binding to an interface or source.
1085 Return value is a dictionary where keys are zone names (s) and
1087 values are again dictionaries where keys are either
1088 'interfaces' or 'sources' and values are arrays of interface
1089 names (s) or sources (s).
1090 getForwardPorts(s: zone) → aas
1092 Return array of IPv4 forward ports previously added into zone.
1093 If zone is empty, use default zone. For getting permanent
1094 settings see
1095 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1096 Return value is array of 4-tuples, where each 4-tuple consists
1098 of (port, protocol, to-port, to-addr). to-addr might be empty
1099 in case of local forwarding.
1100 Possible errors: INVALID_ZONE
1102 getIcmpBlocks(s: zone) → as
1104 Return array of ICMP type (s) blocks previously added into
1105 zone. If zone is empty, use default zone. For getting permanent
1106 settings see
1107 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1108 Possible errors: INVALID_ZONE
1110 getIcmpBlockInversion(s: zone) → b
1112 Return whether ICMP block inversion was previously added to
1113 zone. If zone is empty, use default zone. For getting permanent
1114 settings see
1115 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1116 Possible errors: INVALID_ZONE
1118 getInterfaces(s: zone) → as
1120 Return array of interfaces (s) previously bound with zone. If
1121 zone is empty, use default zone. For getting permanent settings
1122 see
1123 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1124 Possible errors: INVALID_ZONE
1126 getPorts(s: zone) → aas
1128 Return array of ports (2-tuple of port and protocol) previously
1129 enabled in zone. If zone is empty, use default zone. For
1130 getting permanent settings see
1131 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1132 Possible errors: INVALID_ZONE
1134 getProtocols(s: zone) → as
1136 Return array of protocols (s) previously enabled in zone. If
1137 zone is empty, use default zone. For getting permanent settings
1138 see
1139 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1140 Possible errors: INVALID_ZONE
1142 getRichRules(s: zone) → as
1144 Return array of rich language rules (s) previously added into
1145 zone. If zone is empty, use default zone. For getting permanent
1146 settings see
1147 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1148 Possible errors: INVALID_ZONE
1150 getServices(s: zone) → as
1152 Return array of services (s) previously enabled in zone. If
1153 zone is empty, use default zone. For getting permanent settings
1154 see
1155 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1156 Possible errors: INVALID_ZONE
1158 getSourcePorts(s: zone) → aas
1160 Return array of source ports (2-tuple of port and protocol)
1161 previously enabled in zone. If zone is empty, use default zone.
1162 For getting permanent settings see
1163 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1164 Possible errors: INVALID_ZONE
1166 getSources(s: zone) → as
1168 Return array of sources (s) previously bound with zone. If zone
1169 is empty, use default zone. For getting permanent settings see
1170 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1171 Possible errors: INVALID_ZONE
1173 getZoneOfInterface(s: interface) → s
1175 Return name (s) of zone the interface is bound to or empty
1176 string.
1177 getZoneOfSource(s: source) → s
1179 Return name (s) of zone the source is bound to or empty string.
1180 getZones() → as
1182 Return array of names (s) of predefined zones known to current
1183 runtime environment. For list of zones known to permanent
1184 environment see
1185 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1186 lists (of zones known to runtime and permanent environment)
1187 will contain same zones in most cases, but might differ for
1188 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1189 has been called recently, but firewalld has not been reloaded
1190 since then.
1191 isImmutable(s: zone) → b
1193 Deprecated.
1194 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1196 toaddr) → b
1197 Return whether the IPv4 forward port (port, protocol, toport,
1198 toaddr) has been added into zone. If zone is empty, use default
1199 zone. For permanent operation see
1200 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1201 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1203 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1204 queryIcmpBlock(s: zone, s: icmp) → b
1206 Return whether an ICMP block for icmp has been added into zone.
1207 If zone is empty, use default zone. For permanent operation see
1208 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1209 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1211 queryIcmpBlockInversion(s: zone) → b
1213 Return whether ICMP block inversion has been added to zone. If
1214 zone is empty, use default zone. For permanent operation see
1215 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1216 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1218 queryInterface(s: zone, s: interface) → b
1220 Query whether interface has been bound to zone. If zone is
1221 empty, use default zone. For permanent operation see
1222 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1223 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1225 queryMasquerade(s: zone) → b
1227 Return whether masquerading has been enabled in zone If zone is
1228 empty, use default zone. For permanent operation see
1229 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1230 Possible errors: INVALID_ZONE
1232 queryPort(s: zone, s: port, s: protocol) → b
1234 Return whether port/protocol has been added in zone. If zone is
1235 empty, use default zone. For permanent operation see
1236 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1237 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1239 INVALID_PROTOCOL
1240 queryProtocol(s: zone, s: protocol) → b
1242 Return whether protocol has been added in zone. If zone is
1243 empty, use default zone. For permanent operation see
1244 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1245 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1247 queryRichRule(s: zone, s: rule) → b
1249 Return whether rich rule rule has been added in zone. If zone
1250 is empty, use default zone. For permanent operation see
1251 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1252 Possible errors: INVALID_ZONE, INVALID_RULE
1254 queryService(s: zone, s: service) → b
1256 Return whether service has been added for zone. If zone is
1257 empty, use default zone. For permanent operation see
1258 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1259 Possible errors: INVALID_ZONE, INVALID_SERVICE
1261 querySource(s: zone, s: source) → b
1263 Query whether sourcehas been bound to zone. If zone is empty,
1264 use default zone. For permanent operation see
1265 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1266 Possible errors: INVALID_ZONE, INVALID_ADDR
1268 querySourcePort(s: zone, s: port, s: protocol) → b
1270 Return whether port/protocol has been added in zone. If zone is
1271 empty, use default zone. For permanent operation see
1272 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1273 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1275 INVALID_PROTOCOL
1276 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1278 toaddr) → s
1279 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1280 from zone. If zone is empty, use default zone. For permanent
1281 operation see
1282 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1283 Returns name of zone from which the forward port was removed.
1285 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1287 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1288 INVALID_COMMAND
1289 removeIcmpBlock(s: zone, s: icmp) → s
1291 Remove ICMP block icmp from zone. If zone is empty, use default
1292 zone. For permanent operation see
1293 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1294 Returns name of zone from which the ICMP block was removed.
1296 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1298 INVALID_COMMAND
1299 removeIcmpBlockInversion(s: zone) → s
1301 Remove ICMP block inversion from zone. If zone is empty, use
1302 default zone. For permanent operation see
1303 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1304 Returns name of zone from which the ICMP block inversion was
1306 removed.
1307 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1309 removeInterface(s: zone, s: interface) → s
1311 Remove binding of interface from zone. If zone is empty, the
1312 interface will be removed from zone it belongs to. For
1313 permanent operation see
1314 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1315 Returns name of zone from which the interface was removed.
1317 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1319 INVALID_COMMAND
1320 removeMasquerade(s: zone) → s
1322 Disable masquerade for zone. If zone is empty, use default
1323 zone. For permanent operation see
1324 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1325 Returns name of zone for which the masquerade was disabled.
1327 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1329 removePort(s: zone, s: port, s: protocol) → s
1331 Remove port/protocol from zone. If zone is empty, use default
1332 zone. For permanent operation see
1333 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1334 Returns name of zone from which the port was removed.
1336 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1338 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1339 removeProtocol(s: zone, s: protocol) → s
1341 Remove protocol from zone. If zone is empty, use default zone.
1342 For permanent operation see
1343 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1344 Returns name of zone from which the protocol was removed.
1346 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1348 INVALID_COMMAND
1349 removeRichRule(s: zone, s: rule) → s
1351 Remove rich language rule from zone. If zone is empty, use
1352 default zone. For permanent operation see
1353 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1354 Returns name of zone from which the rich language rule was
1356 removed.
1357 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1359 INVALID_COMMAND
1360 removeService(s: zone, s: service) → s
1362 Remove service from zone. If zone is empty, use default zone.
1363 For permanent operation see
1364 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1365 Returns name of zone from which the service was removed.
1367 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1369 INVALID_COMMAND
1370 removeSource(s: zone, s: source) → s
1372 Remove binding of source from zone. If zone is empty, the
1373 source will be removed from zone it belongs to. For permanent
1374 operation see
1375 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1376 Returns name of zone from which the source was removed.
1378 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1380 INVALID_COMMAND
1381 removeSourcePort(s: zone, s: port, s: protocol) → s
1383 Remove port/protocol from zone. If zone is empty, use default
1384 zone. For permanent operation see
1385 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1386 Returns name of zone from which the source port was removed.
1388 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1390 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1391 Signals
1393 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1394 toaddr, i: timeout)
1395 Emitted when forward port has been added to zone with timeout.
1396 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1398 toaddr)
1399 Emitted when forward port has been removed from zone.
1400 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1402 Emitted when ICMP block for icmp has been added to zone with
1403 timeout.
1404 IcmpBlockInversionAdded(s: zone)
1406 Emitted when ICMP block inversion has been added to zone.
1407 IcmpBlockInversionRemoved(s: zone)
1409 Emitted when ICMP block inversion has been removed from zone.
1410 IcmpBlockRemoved(s: zone, s: icmp)
1412 Emitted when ICMP block for icmp has been removed from zone.
1413 InterfaceAdded(s: zone, s: interface)
1415 Emitted when interface has been added to zone.
1416 InterfaceRemoved(s: zone, s: interface)
1418 Emitted when interface has been removed from zone.
1419 MasqueradeAdded(s: zone, i: timeout)
1421 Emitted when masquerade has been enabled for zone.
1422 MasqueradeRemoved(s: zone)
1424 Emitted when masquerade has been disabled for zone.
1425 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1427 Emitted when port/protocol has been added to zone with timeout.
1428 PortRemoved(s: zone, s: port, s: protocol)
1430 Emitted when port/protocol has been removed from zone.
1431 ProtocolAdded(s: zone, s: protocol, i: timeout)
1433 Emitted when protocol has been added to zone with timeout.
1434 ProtocolRemoved(s: zone, s: protocol)
1436 Emitted when protocol has been removed from zone.
1437 RichRuleAdded(s: zone, s: rule, i: timeout)
1439 Emitted when rich language rule has been added to zone with
1440 timeout.
1441 RichRuleRemoved(s: zone, s: rule)
1443 Emitted when rich language rule has been removed from zone.
1444 ServiceAdded(s: zone, s: service, i: timeout)
1446 Emitted when service has been added to zone with timeout.
1447 ServiceRemoved(s: zone, s: service)
1449 Emitted when service has been removed from zone.
1450 SourceAdded(s: zone, s: source)
1452 Emitted when source has been added to zone.
1453 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1455 Emitted when source-port/protocol has been added to zone with
1456 timeout.
1457 SourcePortRemoved(s: zone, s: port, s: protocol)
1459 Emitted when source-port/protocol has been removed from zone.
1460 SourceRemoved(s: zone, s: source)
1462 Emitted when source has been removed from zone.
1463 ZoneChanged(s: zone, s: interface)
1465 Deprecated
1466 ZoneOfInterfaceChanged(s: zone, s: interface)
1468 Emitted when a zone an interface is part of has been changed to
1469 zone.
1470 ZoneOfSourceChanged(s: zone, s: source)
1472 Emitted when a zone an source is part of has been changed to
1473 zone.
1474 ZoneUpdated2(s: zone, a{sv}: settings)
1476 Emitted when a zone's settings are updated via
1477 org.fedoraproject.FirewallD1.zone.Methods.setZoneSettings2
1478 org.fedoraproject.FirewallD1.policy
1480 Operations in this interface allows one to get, add, remove and query
1481 runtime policy settings. For permanent settings see
1482 org.fedoraproject.FirewallD1.config.policy interface.
1483 Methods
1485 getActivePolicies() → a{sa{sas}}
1486 Return dictionary of currently active policies altogether with
1487 ingress zones and egress zones used in these policies. Active
1488 policies are policies, that have a binding to an active ingress
1489 zone and an active egress zone.
1490 Return value is a dictionary where keys are policy names (s)
1492 and values are again dictionaries where keys are either
1493 'ingress_zones' or 'egress_zones' and values are arrays of zone
1494 names (s).
1495 getPolicies() → as
1497 Return array of names (s) of predefined policies known to
1498 current runtime environment. For list of policies known to
1499 permanent environment see
1500 org.fedoraproject.FirewallD1.config.Methods.listPolicies. The
1501 lists (of policies known to runtime and permanent environment)
1502 will contain same policies in most cases, but might differ for
1503 example if
1504 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1505 called recently, but firewalld has not been reloaded since
1506 then.
1507 getPolicySettings(s: policy) → a{sv}
1509 Return runtime settings of given policy. For getting permanent
1510 settings see
1511 org.fedoraproject.FirewallD1.config.policy.Methods.getSettings.
1512 Settings are a dictionary indexed by keywords. For possible
1513 keywords see
1514 org.fedoraproject.FirewallD1.config.Methods.addPolicy. If the
1515 value is empty it may be omitted.
1516 Possible errors: INVALID_POLICY
1518 setPolicySettings(s: policy, a{sv}: settings, i: timeout)
1520 Set runtime settings of given policy. For setting permanent
1521 settings see
1522 org.fedoraproject.FirewallD1.config.policy.Methods.update.
1523 Settings are a dictionary indexed by keywords. For possible
1524 keywords see
1525 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
1526 a value pass an empty string or list. Some keywords are not
1527 available to modify in the runtime: description, name,
1528 priority, target, version.
1529 Possible errors: INVALID_POLICY
1531 Signals
1533 ForwardPortAdded(s: policy, a{sv}: settings)
1534 Emitted when a policy's settings are updated via
1535 org.fedoraproject.FirewallD1.policy.Methods.setPolicySettings
1536 org.fedoraproject.FirewallD1.config
1538 Allows one to permanently add, remove and query zones, services and
1539 icmp types.
1540 Methods
1542 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1543 Add ipset with given settings into permanent configuration.
1544 Settings are in format: version, name, description, type,
1545 dictionary of options and array of entries.
1546 version (s): see version attribute of ipset tag in
1548 firewalld.ipset(5).
1549 name (s): see short tag in firewalld.ipset(5).
1551 description (s): see description tag in firewalld.ipset(5).
1553 type (s): see type attribute of ipset tag in
1555 firewalld.ipset(5).
1556 options (a{ss}): dictionary of {option : value} . See options
1558 tag in firewalld.ipset(5).
1559 entries (as): array of entries, see entry tag in
1561 firewalld.ipset(5).
1562 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1564 addIcmpType(s: icmptype, (sssas): settings) → o
1566 Add icmptype with given settings into permanent configuration.
1567 Settings are in format: version, name, description, array of
1568 destinations. Returns object path of the new icmp type.
1569 version (s): see version attribute of icmptype tag in
1571 firewalld.icmptype(5).
1572 name (s): see short tag in firewalld.icmptype(5).
1574 description (s): see description tag in firewalld.icmptype(5).
1576 destinations (as): array, either empty or containing strings
1578 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1579 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1581 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1583 This function is deprecated, use
1584 org.fedoraproject.FirewallD1.config.Methods.addService2
1585 instead.
1586 addService2s: service, a{sv}: settings) → o
1588 Add service with given settings into permanent configuration.
1589 Settings are a dictionary indexed by keywords. For the type of
1590 each value see below. To zero a value pass an empty string or
1591 list.
1592 version (s): see version attribute of service tag in
1594 firewalld.service(5).
1595 name (s): see short tag in firewalld.service(5).
1597 description (s): see description tag in firewalld.service(5).
1599 ports (a(ss)): array of port and protocol pairs. See port tag
1601 in firewalld.service(5).
1602 module names (as): array of kernel netfilter helpers, see
1604 module tag in firewalld.service(5).
1605 destinations (a{ss}): dictionary of {IP family : IP address}
1607 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1608 destination tag in firewalld.service(5).
1609 protocols (as): array of protocols, see protocol tag in
1611 firewalld.service(5).
1612 source_ports (a(ss)): array of port and protocol pairs. See
1614 source-port tag in firewalld.service(5).
1615 includes (as): array of service includes, see include tag in
1617 firewalld.service(5).
1618 helpers (as): array of service helpers, see helper tag in
1620 firewalld.service(5).
1621 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1623 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings)
1625 → o
1626 This function is deprecated, use
1627 org.fedoraproject.FirewallD1.config.Methods.addZone2 instead.
1628 addZone2(s: zone, a{sv}: settings) → o
1630 Add zone with given settings into permanent configuration.
1631 Settings are a dictionary indexed by keywords. For the type of
1632 each value see below. To zero a value pass an empty string or
1633 list.
1634 version (s): see version attribute of zone tag in
1636 firewalld.zone(5).
1637 name (s): see short tag in firewalld.zone(5).
1639 description (s): see description tag in firewalld.zone(5).
1641 target (s): see target attribute of zone tag in
1643 firewalld.zone(5).
1644 services (as): array of service names, see service tag in
1646 firewalld.zone(5).
1647 ports (a(ss)): array of port and protocol pairs. See port tag
1649 in firewalld.zone(5).
1650 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1652 firewalld.zone(5).
1653 masquerade (b): see masquerade tag in firewalld.zone(5).
1655 forward_ports (a(ssss)): array of (port, protocol, to-port,
1657 to-addr). See forward-port tag in firewalld.zone(5).
1658 interfaces (as): array of interfaces. See interface tag in
1660 firewalld.zone(5).
1661 sources (as): array of source addresses. See source tag in
1663 firewalld.zone(5).
1664 rules_str (as): array of rich-language rules. See rule tag in
1666 firewalld.zone(5).
1667 protocols (as): array of protocols, see protocol tag in
1669 firewalld.zone(5).
1670 source_ports (a(ss)): array of port and protocol pairs. See
1672 source-port tag in firewalld.zone(5).
1673 icmp_block_inversion (b): see icmp-block-inversion tag in
1675 firewalld.zone(5).
1676 forward (b): see forward tag in firewalld.zone(5).
1678 ingress_priority (i): see ingress-priority tag in
1680 firewalld.zone(5).
1681 egress_priority (i): see egress-priority tag in
1683 firewalld.zone(5).
1684 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1686 addPolicy(s: policy, a{sv}: settings) → o
1688 Add policy with given settings into permanent configuration.
1689 Settings are a dictionary indexed by keywords. For the type of
1690 each value see below. If a keyword is omitted the default value
1691 will be used.
1692 description (s): see description tag in firewalld.policy(5).
1694 egress_zones as: array of zone names. See egress-zone tag in
1696 firewalld.policy(5).
1697 forward_ports (a(ssss)): array of (port, protocol, to-port,
1699 to-addr). See forward-port tag in firewalld.policy(5).
1700 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1702 firewalld.policy(5).
1703 ingress_zones as: array of zone names. See ingress-zone tag in
1705 firewalld.policy(5).
1706 masquerade (b): see masquerade tag in firewalld.policy(5).
1708 ports (a(ss)): array of port and protocol pairs. See port tag
1710 in firewalld.policy(5).
1711 priority (i): see priority tag in firewalld.policy(5).
1713 protocols (as): array of protocols, see protocol tag in
1715 firewalld.policy(5).
1716 rich_rules (as): array of rich-language rules. See rule tag in
1718 firewalld.policy(5).
1719 services (as): array of service names, see service tag in
1721 firewalld.policy(5).
1722 short (s): see short tag in firewalld.policy(5).
1724 source_ports (a(ss)): array of port and protocol pairs. See
1726 source-port tag in firewalld.policy(5).
1727 target (s): see target attribute of policy tag in
1729 firewalld.policy(5).
1730 version (s): see version attribute of policy tag in
1732 firewalld.policy(5).
1733 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1735 getHelperByName(s: helper) → o
1737 Return object path (permanent configuration) of helper with
1738 given name.
1739 Possible errors: INVALID_HELPER
1741 getHelperNames() → as
1743 Return list of helper names (permanent configuration).
1744 getIPSetByName(s: ipset) → o
1746 Return object path (permanent configuration) of ipset with
1747 given name.
1748 Possible errors: INVALID_IPSET
1750 getIPSetNames() → as
1752 Return list of ipset names (permanent configuration).
1753 getIcmpTypeByName(s: icmptype) → o
1755 Return object path (permanent configuration) of icmptype with
1756 given name.
1757 Possible errors: INVALID_ICMPTYPE
1759 getIcmpTypeNames() → as
1761 Return list of icmptype names (permanent configuration).
1762 getServiceByName(s: service) → o
1764 Return object path (permanent configuration) of service with
1765 given name.
1766 Possible errors: INVALID_SERVICE
1768 getServiceNames() → as
1770 Return list of service names (permanent configuration).
1771 getZoneByName(s: zone) → o
1773 Return object path (permanent configuration) of zone with given
1774 name.
1775 Possible errors: INVALID_ZONE
1777 getZoneNames() → as
1779 Return list of zone names (permanent configuration) of.
1780 getZoneOfInterface(s: iface) → s
1782 Return name of zone the iface is bound to or empty string.
1783 getZoneOfSource(s: source) → s
1785 Return name of zone the source is bound to or empty string.
1786 getPolicyByName(s: policy) → o
1788 Return object path (permanent configuration) of policy with
1789 given name.
1790 Possible errors: INVALID_POLICY
1792 getPolicyNames() → as
1794 Return list of policy names (permanent configuration).
1795 listHelpers() → ao
1797 Return array of object paths (o) of helper in permanent
1798 configuration. For runtime configuration see
1799 org.fedoraproject.FirewallD1.Methods.getHelpers.
1800 listIPSets() → ao
1802 Return array of object paths (o) of ipset in permanent
1803 configuration. For runtime configuration see
1804 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1805 listIcmpTypes() → ao
1807 Return array of object paths (o) of icmp types in permanent
1808 configuration. For runtime configuration see
1809 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1810 listServices() → ao
1812 Return array of objects paths (o) of services in permanent
1813 configuration. For runtime configuration see
1814 org.fedoraproject.FirewallD1.Methods.listServices.
1815 listZones() → ao
1817 List object paths of zones known to permanent environment. For
1818 list of zones known to runtime environment see
1819 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1820 (of zones known to runtime and permanent environment) will
1821 contain same zones in most cases, but might differ for example
1822 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1823 called recently, but firewalld has not been reloaded since
1824 then.
1825 listPolicies() → ao
1827 List object paths of policies known to permanent environment.
1828 For list of policies known to runtime environment see
1829 org.fedoraproject.FirewallD1.policy.Methods.getPolicies. The
1830 lists (of policies known to runtime and permanent environment)
1831 will contain same policies in most cases, but might differ for
1832 example if
1833 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1834 called recently, but firewalld has not been reloaded since
1835 then.
1836 Signals
1838 HelperAdded(s: helper)
1839 Emitted when helper has been added.
1840 IPSetAdded(s: ipset)
1842 Emitted when ipset has been added.
1843 IcmpTypeAdded(s: icmptype)
1845 Emitted when icmptype has been added.
1846 ServiceAdded(s: service)
1848 Emitted when service has been added.
1849 ZoneAdded(s: zone)
1851 Emitted when zone has been added.
1852 Properties
1854 AllowZoneDrifting - s - (rw)
1855 Deprecated. Getting this value always returns "no". Setting
1856 this value is ignored.
1857 AutomaticHelpers - s - (rw)
1859 Deprecated. Getting this value always returns "no". Setting
1860 this value is ignored.
1861 CleanupModulesOnExit - s - (rw)
1863 Setting this option to yes or true unloads all firewall-related
1864 kernel modules when firewalld is stopped.
1865 CleanupOnExit - s - (rw)
1867 If firewalld stops, it cleans up all firewall rules. Setting
1868 this option to no or false leaves the current firewall rules
1869 untouched.
1870 DefaultZone - s - (ro)
1872 Default zone for connections or interfaces if the zone is not
1873 selected or specified by NetworkManager, initscripts or command
1874 line tool.
1875 FirewallBackend - s - (rw)
1877 Selects the firewalld backend for all rules except the direct
1878 interface. Valid options are; nftables, iptables. Default in
1879 nftables.
1880 Note: The iptables backend is deprecated. It will be removed in
1882 a future release.
1883 FlushAllOnReload - s - (rw)
1885 Flush all runtime rules on a reload. Valid options are; yes,
1886 no.
1887 IPv6_rpfilter - s - (rw)
1889 Indicates whether the reverse path filter test on a packet for
1890 IPv6 is enabled. If a reply to the packet would be sent via the
1891 same interface that the packet arrived on, the packet will
1892 match and be accepted, otherwise dropped.
1893 IndividualCalls - s - (ro)
1895 Indicates whether individual calls combined -restore calls are
1896 used. If enabled, this increases the time that is needed to
1897 apply changes and to start the daemon, but is good for
1898 debugging.
1899 Lockdown - s - (rw)
1901 If this property is enabled, firewall changes with the D-Bus
1902 interface will be limited to applications that are listed in
1903 the lockdown whitelist.
1904 LogDenied - s - (rw)
1906 If LogDenied is enabled, then logging rules are added right
1907 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1908 chains for the default rules and also final reject and drop
1909 rules in zones. Possible values are: all, unicast, broadcast,
1910 multicast and off.
1911 MinimalMark - i - (rw)
1913 Deprecated. This option is ignored and no longer used. Marks
1914 are no longer used internally.
1915 RFC3964_IPv4 - s - (rw)
1917 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1918 addresses that correspond to IPv4 addresses that should not be
1919 routed over the public internet. Valid options are; yes, no.
1920 NftablesFlowtable - s - (rw)
1922 This may improve forwarded traffic throughput by enabling
1923 nftables flowtable. It is a software fastpath and avoids
1924 calling nftables rule evaluation for data packets. Its value is
1925 a space separate list of interfaces.
1926 NftablesCounters - s - (rw)
1928 If set to yes, add a counter to every nftables rule. This is
1929 useful for debugging and comes with a small performance cost.
1930 org.fedoraproject.FirewallD1.config.direct
1932 DEPRECATED
1933 The direct interface has been deprecated. It will be removed in a
1934 future release. It is superseded by policies, see
1935 firewalld.policies(5).
1936 Interface for permanent direct configuration, see also
1938 firewalld.direct(5). For runtime direct configuration see
1939 org.fedoraproject.FirewallD1.direct interface.
1940 Methods
1942 addChain(s: ipv, s: table, s: chain) → Nothing
1943 Add a new chain to table for ipv being either ipv4 (iptables)
1944 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1945 other chain with this name already. There already exist basic
1946 chains to use with direct methods, for example INPUT_direct
1947 chain. These chains are jumped into before chains for zones,
1948 i.e. every rule put into INPUT_direct will be checked before
1949 rules in zones. For runtime operation see
1950 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1951 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1953 addPassthrough(s: ipv, as: args) → Nothing
1955 Add a passthrough rule with the arguments args for ipv being
1956 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1957 For runtime operation see
1958 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1959 Possible errors: INVALID_IPV, ALREADY_ENABLED
1961 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1963 Nothing
1964 Add a rule with the arguments args to chain in table with
1965 priority for ipv being either ipv4 (iptables) or ipv6
1966 (ip6tables) or eb (ebtables). The priority is used to order
1967 rules. Priority 0 means add rule on top of the chain, with a
1968 higher priority the rule will be added further down. Rules with
1969 the same priority are on the same level and the order of these
1970 rules is not fixed and may change. If you want to make sure
1971 that a rule will be added after another one, use a low priority
1972 for the first and a higher for the following. For runtime
1973 operation see
1974 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1975 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1977 getAllChains() → a(sss)
1979 Get all chains added to all tables in format: ipv, table,
1980 chain. This concerns only chains previously added with
1981 addChain. Return value is a array of (ipv, table, chain). For
1982 runtime operation see
1983 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1984 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1986 (ebtables).
1987 table (s): one of filter, mangle, nat, raw, security
1989 chain (s): name of a chain.
1991 getAllPassthroughs() → a(sas)
1994 Get all passthrough rules added in all ipv types in format:
1995 ipv, rule. This concerns only rules previously added with
1996 addPassthrough. Return value is a array of (ipv, array of
1997 arguments). For runtime operation see
1998 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1999 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
2001 (ebtables).
2002 arguments (as): array of commands, parameters and other
2004 iptables/ip6tables/ebtables command line options.
2005 getAllRules() → a(sssias)
2008 Get all rules added to all chains in all tables in format: ipv,
2009 table, chain, priority, rule. This concerns only rules
2010 previously added with addRule. Return value is a array of (ipv,
2011 table, chain, priority, array of arguments). For runtime
2012 operation see
2013 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
2014 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
2016 (ebtables).
2017 table (s): one of filter, mangle, nat, raw, security
2019 chain (s): name of a chain.
2021 priority (i): used to order rules.
2023 arguments (as): array of commands, parameters and other
2025 iptables/ip6tables/ebtables command line options.
2026 getChains(s: ipv, s: table) → as
2029 Return an array of chains (s) added to table for ipv being
2030 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2031 This concerns only chains previously added with addChain. For
2032 runtime operation see
2033 org.fedoraproject.FirewallD1.direct.Methods.getChains.
2034 Possible errors: INVALID_IPV, INVALID_TABLE
2036 getPassthroughs(s: ipv) → aas
2038 Get tracked passthrough rules added in either ipv4 (iptables)
2039 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2040 previously added with addPassthrough. Return value is a array
2041 of (array of arguments). For runtime operation see
2042 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
2043 arguments (as): array of commands, parameters and other
2045 iptables/ip6tables/ebtables command line options.
2046 getRules(s: ipv, s: table, s: chain) → a(ias)
2049 Get all rules added to chain in table for ipv being either ipv4
2050 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2051 only rules previously added with addRule. Return value is a
2052 array of (priority, array of arguments). For runtime operation
2053 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
2054 priority (i): used to order rules.
2056 arguments (as): array of commands, parameters and other
2058 iptables/ip6tables/ebtables command line options.
2059 Possible errors: INVALID_IPV, INVALID_TABLE
2061 getSettings() → (a(sss)a(sssias)a(sas))
2063 Get settings of permanent direct configuration in format: array
2064 of chains, array of rules, array of passthroughs.
2065 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2067 firewalld.direct(5).
2068 .
2069 .PP rules (a(sssias)): array of (ipv, table,
2070 chain, priority, array of arguments), see 'rule' in
2071 firewalld.direct(5).
2072 .
2073 .PP passthroughs (a(sas)): array of (ipv,
2074 array of arguments), see passthrough in firewalld.direct(5).
2075 .
2076 .sp
2077 queryChain(s: ipv, s: table, s: chain) → b
2079 Return whether a chain exists in table for ipv being either
2080 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
2081 concerns only chains previously added with addChain. For
2082 runtime operation see
2083 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
2084 Possible errors: INVALID_IPV, INVALID_TABLE
2086 queryPassthrough(s: ipv, as: args) → b
2088 Return whether a tracked passthrough rule with the arguments
2089 args exists for ipv being either ipv4 (iptables) or ipv6
2090 (ip6tables) or eb (ebtables). This concerns only rules
2091 previously added with addPassthrough. For runtime operation see
2092 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
2093 Possible errors: INVALID_IPV
2095 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
2097 Return whether a rule with priority and the arguments args
2098 exists in chain in table for ipv being either ipv4 (iptables)
2099 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2100 previously added with addRule. For runtime operation see
2101 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
2102 Possible errors: INVALID_IPV, INVALID_TABLE
2104 removeChain(s: ipv, s: table, s: chain) → Nothing
2106 Remove a chain from table for ipv being either ipv4 (iptables)
2107 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
2108 added with addChain can be removed this way. For runtime
2109 operation see
2110 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
2111 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2113 removePassthrough(s: ipv, as: args) → Nothing
2115 Remove a passthrough rule with arguments args for ipv being
2116 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2117 Only rules previously added with addPassthrough can be removed
2118 this way. For runtime operation see
2119 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
2120 Possible errors: INVALID_IPV, NOT_ENABLED
2122 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
2124 Nothing
2125 Remove a rule with priority and arguments args from chain in
2126 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
2127 or eb (ebtables). Only rules previously added with addRule can
2128 be removed this way. For runtime operation see
2129 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
2130 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2132 removeRules(s: ipv, s: table, s: chain) → Nothing
2134 Remove all rules from chain in table for ipv being either ipv4
2135 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2136 only rules previously added with addRule. For runtime operation
2137 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
2138 Possible errors: INVALID_IPV, INVALID_TABLE
2140 update((a(sss)a(sssias)a(sas)): settings) → Nothing
2142 Update permanent direct configuration with given settings.
2143 Settings are in format: array of chains, array of rules, array
2144 of passthroughs.
2145 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2147 firewalld.direct(5).
2148 .
2149 .PP rules (a(sssias)): array of (ipv, table,
2150 chain, priority, array of arguments), see 'rule' in
2151 firewalld.direct(5).
2152 .
2153 .PP passthroughs (a(sas)): array of (ipv,
2154 array of arguments), see passthrough in firewalld.direct(5).
2155 .
2156 .sp Possible errors: INVALID_TYPE
2157 Signals
2159 Updated()
2160 Emitted when configuration has been updated.
2161 org.fedoraproject.FirewallD1.config.policies
2163 Interface for permanent lockdown-whitelist configuration, see also
2164 firewalld.lockdown-whitelist(5). For runtime configuration see
2165 org.fedoraproject.FirewallD1.policies interface.
2166 Methods
2168 addLockdownWhitelistCommand(s: command) → Nothing
2169 Add command to whitelist. See command option in
2170 firewalld.lockdown-whitelist(5). For runtime operation see
2171 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
2172 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2174 addLockdownWhitelistContext(s: context) → Nothing
2176 Add context to whitelist. See selinux option in
2177 firewalld.lockdown-whitelist(5). For runtime operation see
2178 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
2179 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2181 addLockdownWhitelistUid(i: uid) → Nothing
2183 Add user id uid to whitelist. See user option in
2184 firewalld.lockdown-whitelist(5). For runtime operation see
2185 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
2186 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2188 addLockdownWhitelistUser(s: user) → Nothing
2190 Add user name to whitelist. See user option in
2191 firewalld.lockdown-whitelist(5). For runtime operation see
2192 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
2193 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2195 getLockdownWhitelist() → (asasasai)
2197 Get settings of permanent lockdown-whitelist configuration in
2198 format: commands, selinux contexts, users, uids
2199 commands (as): see command option in firewalld.lockdown-
2201 whitelist(5).
2202 selinux contexts (as): see selinux option in
2204 firewalld.lockdown-whitelist(5).
2205 users (as): see name attribute of user option in
2207 firewalld.lockdown-whitelist(5).
2208 uids (ai): see id attribute of user option in
2210 firewalld.lockdown-whitelist(5).
2211 getLockdownWhitelistCommands() → as
2214 List all command lines (s) that are on whitelist. For runtime
2215 operation see
2216 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
2217 getLockdownWhitelistContexts() → as
2219 List all contexts (s) that are on whitelist. For runtime
2220 operation see
2221 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2222 getLockdownWhitelistUids() → ai
2224 List all user ids (i) that are on whitelist. For runtime
2225 operation see
2226 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2227 getLockdownWhitelistUsers() → as
2229 List all users (s) that are on whitelist. For runtime operation
2230 see
2231 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2232 queryLockdownWhitelistCommand(s: command) → b
2234 Query whether command is on whitelist. For runtime operation
2235 see
2236 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2237 queryLockdownWhitelistContext(s: context) → b
2239 Query whether context is on whitelist. For runtime operation
2240 see
2241 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2242 queryLockdownWhitelistUid(i: uid) → b
2244 Query whether user id uid is on whitelist. For runtime
2245 operation see
2246 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2247 queryLockdownWhitelistUser(s: user) → b
2249 Query whether user is on whitelist. For runtime operation see
2250 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2251 removeLockdownWhitelistCommand(s: command) → Nothing
2253 Remove command from whitelist. For runtime operation see
2254 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2255 Possible errors: NOT_ENABLED
2257 removeLockdownWhitelistContext(s: context) → Nothing
2259 Remove context from whitelist. For runtime operation see
2260 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2261 Possible errors: NOT_ENABLED
2263 removeLockdownWhitelistUid(i: uid) → Nothing
2265 Remove user id uid from whitelist. For runtime operation see
2266 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2267 Possible errors: NOT_ENABLED
2269 removeLockdownWhitelistUser(s: user) → Nothing
2271 Remove user from whitelist. For runtime operation see
2272 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2273 Possible errors: NOT_ENABLED
2275 setLockdownWhitelist((asasasai): settings) → Nothing
2277 Set permanent lockdown-whitelist configuration to settings.
2278 Settings are in format: commands, selinux contexts, users, uids
2279 commands (as): see command option in firewalld.lockdown-
2281 whitelist(5).
2282 selinux contexts (as): see selinux option in
2284 firewalld.lockdown-whitelist(5).
2285 users (as): see name attribute of user option in
2287 firewalld.lockdown-whitelist(5).
2288 uids (ai): see id attribute of user option in
2290 firewalld.lockdown-whitelist(5).
2291 Possible errors: INVALID_TYPE
2293 Signals
2295 LockdownWhitelistUpdated()
2296 Emitted when permanent lockdown-whitelist configuration has
2297 been updated.
2298 org.fedoraproject.FirewallD1.config.ipset
2300 Interface for permanent ipset configuration, see also
2301 firewalld.ipset(5).
2302 Methods
2304 addEntry(s: entry) → Nothing
2305 Permanently add entry to list of entries of ipset. See entry
2306 tag in firewalld.ipset(5). For runtime operation see
2307 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2308 Possible errors: ALREADY_ENABLED
2310 addOption(s: key, s: value) → Nothing
2312 Permanently add (key, value) to the ipset. See option tag in
2313 firewalld.ipset(5).
2314 Possible errors: ALREADY_ENABLED
2316 getDescription() → s
2318 Get description of ipset. See description tag in
2319 firewalld.ipset(5).
2320 getEntries() → as
2322 Get list of entries added to ipset. See entry tag in
2323 firewalld.ipset(5). For runtime operation see
2324 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2325 Possible errors: IPSET_WITH_TIMEOUT
2327 getOptions() → a{ss}
2329 Get dictionary of options set for ipset. See option tag in
2330 firewalld.ipset(5).
2331 getSettings() → (ssssa{ss}as)
2333 Return permanent settings of the ipset. For getting runtime
2334 settings see
2335 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2336 Settings are in format: version, name, description, type,
2337 dictionary of options and array of entries.
2338 version (s): see version attribute of ipset tag in
2340 firewalld.ipset(5).
2341 name (s): see short tag in firewalld.ipset(5).
2343 description (s): see description tag in firewalld.ipset(5).
2345 type (s): see type attribute of ipset tag in
2347 firewalld.ipset(5).
2348 options (a{ss}): dictionary of {option : value} . See options
2350 tag in firewalld.ipset(5).
2351 entries (as): array of entries, see entry tag in
2353 firewalld.ipset(5).
2354 getShort() → s
2357 Get name of ipset. See short tag in firewalld.ipset(5).
2358 getType() → s
2360 Get type of ipset. See type attribute of ipset tag in
2361 firewalld.ipset(5).
2362 getVersion() → s
2364 Get version of ipset. See version attribute of ipset tag in
2365 firewalld.ipset(5).
2366 loadDefaults() → Nothing
2368 Load default settings for built-in ipset.
2369 Possible errors: NO_DEFAULTS
2371 queryEntry(s: entry) → b
2373 Return whether entry has been added to ipset. For runtime
2374 operation see
2375 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2376 queryOption(s: key, s: value) → b
2378 Return whether (key, value) has been added to options of the
2379 ipset.
2380 remove() → Nothing
2382 Remove not built-in ipset.
2383 Possible errors: BUILTIN_IPSET
2385 removeEntry(s: entry) → Nothing
2387 Permanently remove entry from ipset. See entry tag in
2388 firewalld.ipset(5). For runtime operation see
2389 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2390 Possible errors: NOT_ENABLED
2392 removeOption(s: key) → Nothing
2394 Permanently remove key from the ipset. See option tag in
2395 firewalld.ipset(5).
2396 Possible errors: NOT_ENABLED
2398 rename(s: name) → Nothing
2400 Rename not built-in ipset to name.
2401 Possible errors: BUILTIN_IPSET
2403 setDescription(s: description) → Nothing
2405 Permanently set description of ipset to description. See
2406 description tag in firewalld.ipset(5).
2407 setEntries(as: entries) → Nothing
2409 Permanently set list of entries to entries. See entry tag in
2410 firewalld.ipset(5).
2411 setOptions(a{ss}: options) → Nothing
2413 Permanently set dict of options to options. See option tag in
2414 firewalld.ipset(5).
2415 setShort(s: short) → Nothing
2417 Permanently set name of ipset to short. See short tag in
2418 firewalld.ipset(5).
2419 setType(s: ipset_type) → Nothing
2421 Permanently set type of ipset to ipset_type. See type attribute
2422 of ipset tag in firewalld.ipset(5).
2423 setVersion(s: version) → Nothing
2425 Permanently set version of ipset to version. See version
2426 attribute of ipset tag in firewalld.ipset(5).
2427 update((ssssa{ss}as): settings) → Nothing
2429 Update settings of ipset to settings. Settings are in format:
2430 version, name, description, type, dictionary of options and
2431 array of entries.
2432 version (s): see version attribute of ipset tag in
2434 firewalld.ipset(5).
2435 name (s): see short tag in firewalld.ipset(5).
2437 description (s): see description tag in firewalld.ipset(5).
2439 type (s): see type attribute of ipset tag in
2441 firewalld.ipset(5).
2442 options (a{ss}): dictionary of {option : value} . See options
2444 tag in firewalld.ipset(5).
2445 entries (as): array of entries, see entry tag in
2447 firewalld.ipset(5).
2448 Possible errors: INVALID_TYPE
2450 Signals
2452 Removed(s: name)
2453 Emitted when ipset with name has been removed.
2454 Renamed(s: name)
2456 Emitted when ipset has been renamed to name.
2457 Updated(s: name)
2459 Emitted when ipset with name has been updated.
2460 Properties
2462 builtin - b - (ro)
2463 True if ipset is build-in, false else.
2464 default - b - (ro)
2466 True if build-in ipset has default settings. False if it has
2467 been modified. Always False for not build-in ipsets.
2468 filename - s - (ro)
2470 Name (including .xml extension) of file where the configuration
2471 is stored.
2472 name - s - (ro)
2474 Name of ipset.
2475 path - s - (ro)
2477 Path to directory where the ipset configuration is stored.
2478 Should be either /usr/lib/firewalld/ipsets or
2479 /etc/firewalld/ipsets.
2480 org.fedoraproject.FirewallD1.config.zone
2482 Interface for permanent zone configuration, see also firewalld.zone(5).
2483 Methods
2485 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2486 Nothing
2487 Permanently add (port, protocol, toport, toaddr) to list of
2488 forward ports of zone. See forward-port tag in
2489 firewalld.zone(5). For runtime operation see
2490 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2491 Possible errors: ALREADY_ENABLED
2493 addIcmpBlock(s: icmptype) → Nothing
2495 Permanently add icmptype to list of icmp types blocked in zone.
2496 See icmp-block tag in firewalld.zone(5). For runtime operation
2497 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2498 Possible errors: ALREADY_ENABLED
2500 addIcmpBlock(s: icmptype) → Nothing
2502 Permanently add icmp block inversion to zone. See
2503 icmp-block-inversion tag in firewalld.zone(5). For runtime
2504 operation see
2505 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2506 Possible errors: ALREADY_ENABLED
2508 addInterface(s: interface) → Nothing
2510 Permanently add interface to list of interfaces bound to zone.
2511 See interface tag in firewalld.zone(5). For runtime operation
2512 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2513 Possible errors: ALREADY_ENABLED
2515 addMasquerade() → Nothing
2517 Permanently enable masquerading in zone. See masquerade tag in
2518 firewalld.zone(5). For runtime operation see
2519 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2520 Possible errors: ALREADY_ENABLED
2522 addPort(s: port, s: protocol) → Nothing
2524 Permanently add (port, protocol) to list of ports of zone. See
2525 port tag in firewalld.zone(5). For runtime operation see
2526 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2527 Possible errors: ALREADY_ENABLED
2529 addProtocol(s: protocol) → Nothing
2531 Permanently add protocol into zone. The protocol can be any
2532 protocol supported by the system. Please have a look at
2533 /etc/protocols for supported protocols. For runtime operation
2534 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2535 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2537 addRichRule(s: rule) → Nothing
2539 Permanently add rule to list of rich-language rules in zone.
2540 See rule tag in firewalld.zone(5). For runtime operation see
2541 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2542 Possible errors: ALREADY_ENABLED
2544 addService(s: service) → Nothing
2546 Permanently add service to list of services used in zone. See
2547 service tag in firewalld.zone(5). For runtime operation see
2548 org.fedoraproject.FirewallD1.zone.Methods.addService.
2549 Possible errors: ALREADY_ENABLED
2551 addSource(s: source) → Nothing
2553 Permanently add source to list of source addresses bound to
2554 zone. See source tag in firewalld.zone(5). For runtime
2555 operation see
2556 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2557 Possible errors: ALREADY_ENABLED
2559 addSourcePort(s: port, s: protocol) → Nothing
2561 Permanently add (port, protocol) to list of source ports of
2562 zone. See source-port tag in firewalld.zone(5). For runtime
2563 operation see
2564 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2565 Possible errors: ALREADY_ENABLED
2567 getDescription() → s
2569 Get description of zone. See description tag in
2570 firewalld.zone(5).
2571 getForwardPorts() → a(ssss)
2573 Get list of (port, protocol, toport, toaddr) defined in zone.
2574 See forward-port tag in firewalld.zone(5). For runtime
2575 operation see
2576 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2577 getIcmpBlockInversion() → b
2579 Get icmp block inversion flag of zone. See icmp-block-inversion
2580 tag in firewalld.zone(5).
2581 getIcmpBlocks() → as
2583 Get list of icmp type names blocked in zone. See icmp-block tag
2584 in firewalld.zone(5). For runtime operation see
2585 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2586 getInterfaces() → as
2588 Get list of interfaces bound to zone. See interface tag in
2589 firewalld.zone(5). For runtime operation see
2590 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2591 getMasquerade() → b
2593 Return whether masquerade is enabled in zone. This is the same
2594 as queryMasquerade() method. See masquerade tag in
2595 firewalld.zone(5).
2596 getPorts() → a(ss)
2598 Get list of (port, protocol) defined in zone. See port tag in
2599 firewalld.zone(5). For runtime operation see
2600 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2601 getProtocols() → as
2603 Return array of protocols (s) previously enabled in zone. For
2604 getting runtime settings see
2605 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2606 getRichRules() → as
2608 Get list of rich-language rules in zone. See rule tag in
2609 firewalld.zone(5). For runtime operation see
2610 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2611 getServices() → as
2613 Get list of service names used in zone. See service tag in
2614 firewalld.zone(5). For runtime operation see
2615 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2616 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
2618 This function is deprecated, use
2619 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2
2620 instead.
2621 getSettings2() → a{sv}
2623 Return permanent settings of given zone. For getting runtime
2624 settings see
2625 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2.
2626 Settings are a dictionary indexed by keywords. For the type of
2627 each value see below. If the value is empty it may be omitted.
2628 version (s): see version attribute of zone tag in
2630 firewalld.zone(5).
2631 name (s): see short tag in firewalld.zone(5).
2633 description (s): see description tag in firewalld.zone(5).
2635 target (s): see target attribute of zone tag in
2637 firewalld.zone(5).
2638 services (as): array of service names, see service tag in
2640 firewalld.zone(5).
2641 ports (a(ss)): array of port and protocol pairs. See port tag
2643 in firewalld.zone(5).
2644 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2646 firewalld.zone(5).
2647 masquerade (b): see masquerade tag in firewalld.zone(5).
2649 forward_ports (a(ssss)): array of (port, protocol, to-port,
2651 to-addr). See forward-port tag in firewalld.zone(5).
2652 interfaces (as): array of interfaces. See interface tag in
2654 firewalld.zone(5).
2655 sources (as): array of source addresses. See source tag in
2657 firewalld.zone(5).
2658 rules_str (as): array of rich-language rules. See rule tag in
2660 firewalld.zone(5).
2661 protocols (as): array of protocols, see protocol tag in
2663 firewalld.zone(5).
2664 source_ports (a(ss)): array of port and protocol pairs. See
2666 source-port tag in firewalld.zone(5).
2667 icmp_block_inversion (b): see icmp-block-inversion tag in
2669 firewalld.zone(5).
2670 forward (b): see forward tag in firewalld.zone(5).
2672 ingress_priority (i): see ingress-priority tag in
2674 firewalld.zone(5).
2675 egress_priority (i): see egress-priority tag in
2677 firewalld.zone(5).
2678 getShort() → s
2681 Get name of zone. See short tag in firewalld.zone(5).
2682 getSourcePorts() → a(ss)
2684 Get list of (port, protocol) defined in zone. See source-port
2685 tag in firewalld.zone(5). For runtime operation see
2686 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2687 getSources() → as
2689 Get list of source addresses bound to zone. See source tag in
2690 firewalld.zone(5). For runtime operation see
2691 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2692 getTarget() → s
2694 Get target of zone. See target attribute of zone tag in
2695 firewalld.zone(5).
2696 getVersion() → s
2698 Get version of zone. See version attribute of zone tag in
2699 firewalld.zone(5).
2700 loadDefaults() → Nothing
2702 Load default settings for built-in zone.
2703 Possible errors: NO_DEFAULTS
2705 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2707 Return whether (port, protocol, toport, toaddr) is in list of
2708 forward ports of zone. See forward-port tag in
2709 firewalld.zone(5). For runtime operation see
2710 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2711 queryIcmpBlock(s: icmptype) → b
2713 Return whether icmptype is in list of icmp types blocked in
2714 zone. See icmp-block tag in firewalld.zone(5). For runtime
2715 operation see
2716 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2717 queryIcmpBlockInversion() → b
2719 Return whether icmp block inversion is in enabled in zone. See
2720 icmp-block-inversion tag in firewalld.zone(5). For runtime
2721 operation see
2722 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2723 queryInterface(s: interface) → b
2725 Return whether interface is in list of interfaces bound to
2726 zone. See interface tag in firewalld.zone(5). For runtime
2727 operation see
2728 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2729 queryMasquerade() → b
2731 Return whether masquerade is enabled in zone. This is the same
2732 as getMasquerade() method. See masquerade tag in
2733 firewalld.zone(5). For runtime operation see
2734 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2735 queryPort(s: port, s: protocol) → b
2737 Return whether (port, protocol) is in list of ports of zone.
2738 See port tag in firewalld.zone(5). For runtime operation see
2739 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2740 queryProtocol(s: protocol) → b
2742 Return whether protocol has been added in zone. For runtime
2743 operation see
2744 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2745 Possible errors: INVALID_PROTOCOL
2747 queryRichRule(s: rule) → b
2749 Return whether rule is in list of rich-language rules in zone.
2750 See rule tag in firewalld.zone(5). For runtime operation see
2751 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2752 queryService(s: service) → b
2754 Return whether service is in list of services used in zone. See
2755 service tag in firewalld.zone(5). For runtime operation see
2756 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2757 querySource(s: source) → b
2759 Return whether source is in list of source addresses bound to
2760 zone. See source tag in firewalld.zone(5). For runtime
2761 operation see
2762 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2763 querySourcePort(s: port, s: protocol) → b
2765 Return whether (port, protocol) is in list of source ports of
2766 zone. See source-port tag in firewalld.zone(5). For runtime
2767 operation see
2768 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2769 remove() → Nothing
2771 Remove not built-in zone.
2772 Possible errors: BUILTIN_ZONE
2774 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2776 Nothing
2777 Permanently remove (port, protocol, toport, toaddr) from list
2778 of forward ports of zone. See forward-port tag in
2779 firewalld.zone(5). For runtime operation see
2780 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2781 Possible errors: NOT_ENABLED
2783 removeIcmpBlock(s: icmptype) → Nothing
2785 Permanently remove icmptype from list of icmp types blocked in
2786 zone. See icmp-block tag in firewalld.zone(5). For runtime
2787 operation see
2788 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2789 Possible errors: NOT_ENABLED
2791 removeIcmpBlockInversion() → Nothing
2793 Permanently remove icmp block inversion from the zone. See
2794 icmp-block-inversion tag in firewalld.zone(5). For runtime
2795 operation see
2796 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2797 Possible errors: NOT_ENABLED
2799 removeInterface(s: interface) → Nothing
2801 Permanently remove interface from list of interfaces bound to
2802 zone. See interface tag in firewalld.zone(5). For runtime
2803 operation see
2804 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2805 Possible errors: NOT_ENABLED
2807 removeMasquerade() → Nothing
2809 Permanently disable masquerading in zone. See masquerade tag in
2810 firewalld.zone(5). For runtime operation see
2811 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2812 Possible errors: NOT_ENABLED
2814 removePort(s: port, s: protocol) → Nothing
2816 Permanently remove (port, protocol) from list of ports of zone.
2817 See port tag in firewalld.zone(5). For runtime operation see
2818 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2819 Possible errors: NOT_ENABLED
2821 removeProtocol(s: protocol) → Nothing
2823 Permanently remove protocol from zone. For runtime operation
2824 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2825 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2827 removeRichRule(s: rule) → Nothing
2829 Permanently remove rule from list of rich-language rules in
2830 zone. See rule tag in firewalld.zone(5). For runtime operation
2831 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2832 Possible errors: NOT_ENABLED
2834 removeService(s: service) → Nothing
2836 Permanently remove service from list of services used in zone.
2837 See service tag in firewalld.zone(5). For runtime operation see
2838 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2839 Possible errors: NOT_ENABLED
2841 removeSource(s: source) → Nothing
2843 Permanently remove source from list of source addresses bound
2844 to zone. See source tag in firewalld.zone(5). For runtime
2845 operation see
2846 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2847 Possible errors: NOT_ENABLED
2849 removeSourcePort(s: port, s: protocol) → Nothing
2851 Permanently remove (port, protocol) from list of source ports
2852 of zone. See source-port tag in firewalld.zone(5). For runtime
2853 operation see
2854 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2855 Possible errors: NOT_ENABLED
2857 rename(s: name) → Nothing
2859 Rename not built-in zone to name.
2860 Possible errors: BUILTIN_ZONE
2862 setDescription(s: description) → Nothing
2864 Permanently set description of zone to description. See
2865 description tag in firewalld.zone(5).
2866 setForwardPorts(a(ssss): ports) → Nothing
2868 Permanently set forward ports of zone to list of (port,
2869 protocol, toport, toaddr). See forward-port tag in
2870 firewalld.zone(5).
2871 setIcmpBlockInversion(b: flag) → Nothing
2873 Permanently set icmp block inversion flag of zone to flag. See
2874 icmp-block-inversion tag in firewalld.zone(5).
2875 setIcmpBlocks(as: icmptypes) → Nothing
2877 Permanently set list of icmp types blocked in zone to
2878 icmptypes. See icmp-block tag in firewalld.zone(5).
2879 setInterfaces(as: interfaces) → Nothing
2881 Permanently set list of interfaces bound to zone to interfaces.
2882 See interface tag in firewalld.zone(5).
2883 setMasquerade(b: masquerade) → Nothing
2885 Permanently set masquerading in zone to masquerade. See
2886 masquerade tag in firewalld.zone(5).
2887 setPorts(a(ss): ports) → Nothing
2889 Permanently set ports of zone to list of (port, protocol). See
2890 port tag in firewalld.zone(5).
2891 setProtocols(as: protocols) → Nothing
2893 Permanently set list of protocols used in zone to protocols.
2894 See protocol tag in firewalld.zone(5).
2895 setRichRules(as: rules) → Nothing
2897 Permanently set list of rich-language rules to rules. See rule
2898 tag in firewalld.zone(5).
2899 setServices(as: services) → Nothing
2901 Permanently set list of services used in zone to services. See
2902 service tag in firewalld.zone(5).
2903 setShort(s: short) → Nothing
2905 Permanently set name of zone to short. See short tag in
2906 firewalld.zone(5).
2907 setSourcePorts(a(ss): ports) → Nothing
2909 Permanently set source-ports of zone to list of (port,
2910 protocol). See source-port tag in firewalld.zone(5).
2911 setSources(as: sources) → Nothing
2913 Permanently set list of source addresses bound to zone to
2914 sources. See source tag in firewalld.zone(5).
2915 setTarget(s: target) → Nothing
2917 Permanently set target of zone to target. See target attribute
2918 of zone tag in firewalld.zone(5).
2919 setVersion(s: version) → Nothing
2921 Permanently set version of zone to version. See version
2922 attribute of zone tag in firewalld.zone(5).
2923 update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing
2925 This function is deprecated, use
2926 org.fedoraproject.FirewallD1.config.zone.Methods.update2
2927 instead.
2928 update2(a{sv}: settings) → Nothing
2930 Update settings of zone to settings. Settings are a dictionary
2931 indexed by keywords. For the type of each value see below. To
2932 zero a value pass an empty string or list.
2933 version (s): see version attribute of zone tag in
2935 firewalld.zone(5).
2936 name (s): see short tag in firewalld.zone(5).
2938 description (s): see description tag in firewalld.zone(5).
2940 target (s): see target attribute of zone tag in
2942 firewalld.zone(5).
2943 services (as): array of service names, see service tag in
2945 firewalld.zone(5).
2946 ports (a(ss)): array of port and protocol pairs. See port tag
2948 in firewalld.zone(5).
2949 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2951 firewalld.zone(5).
2952 masquerade (b): see masquerade tag in firewalld.zone(5).
2954 forward_ports (a(ssss)): array of (port, protocol, to-port,
2956 to-addr). See forward-port tag in firewalld.zone(5).
2957 interfaces (as): array of interfaces. See interface tag in
2959 firewalld.zone(5).
2960 sources (as): array of source addresses. See source tag in
2962 firewalld.zone(5).
2963 rules_str (as): array of rich-language rules. See rule tag in
2965 firewalld.zone(5).
2966 protocols (as): array of protocols, see protocol tag in
2968 firewalld.zone(5).
2969 source_ports (a(ss)): array of port and protocol pairs. See
2971 source-port tag in firewalld.zone(5).
2972 icmp_block_inversion (b): see icmp-block-inversion tag in
2974 firewalld.zone(5).
2975 forward (b): see forward tag in firewalld.zone(5).
2977 ingress_priority (i): see ingress-priority tag in
2979 firewalld.zone(5).
2980 egress_priority (i): see egress-priority tag in
2982 firewalld.zone(5).
2983 Possible errors: INVALID_TYPE
2985 Signals
2987 Removed(s: name)
2988 Emitted when zone with name has been removed.
2989 Renamed(s: name)
2991 Emitted when zone has been renamed to name.
2992 Updated(s: name)
2994 Emitted when zone with name has been updated.
2995 Properties
2997 builtin - b - (ro)
2998 True if zone is build-in, false else.
2999 default - b - (ro)
3001 True if build-in zone has default settings. False if it has
3002 been modified. Always False for not build-in zones.
3003 filename - s - (ro)
3005 Name (including .xml extension) of file where the configuration
3006 is stored.
3007 name - s - (ro)
3009 Name of zone.
3010 path - s - (ro)
3012 Path to directory where the zone configuration is stored.
3013 Should be either /usr/lib/firewalld/zones or
3014 /etc/firewalld/zones.
3015 org.fedoraproject.FirewallD1.config.policy
3017 Interface for permanent policy configuration, see also
3018 firewalld.policy(5).
3019 Methods
3021 getSettings() → a{sv}
3022 Return permanent settings of given policy. For getting runtime
3023 settings see
3024 org.fedoraproject.FirewallD1.policy.Methods.getPolicySettings.
3025 Settings are a dictionary indexed by keywords. For possible
3026 keywords see
3027 org.fedoraproject.FirewallD1.config.Methods.addPolicy.
3028 loadDefaults() → Nothing
3030 Load default settings for built-in policy.
3031 Possible errors: NO_DEFAULTS
3033 remove() → Nothing
3035 Remove not built-in policy.
3036 Possible errors: BUILTIN_POLICY
3038 rename(s: name) → Nothing
3040 Rename not built-in policy to name.
3041 Possible errors: BUILTIN_POLICY
3043 update(a{sv}: settings) → Nothing
3045 Update settings of policy to settings. Settings are a
3046 dictionary indexed by keywords. For possible keywords see
3047 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
3048 a value pass an empty string or list.
3049 Possible errors: INVALID_TYPE
3051 Signals
3053 Removed(s: name)
3054 Emitted when policy with name has been removed.
3055 Renamed(s: name)
3057 Emitted when policy has been renamed to name.
3058 Updated(s: name)
3060 Emitted when policy with name has been updated.
3061 Properties
3063 builtin - b - (ro)
3064 True if policy is build-in, false else.
3065 default - b - (ro)
3067 True if build-in policy has default settings. False if it has
3068 been modified. Always False for not build-in policies.
3069 filename - s - (ro)
3071 Name (including .xml extension) of file where the configuration
3072 is stored.
3073 name - s - (ro)
3075 Name of policy.
3076 path - s - (ro)
3078 Path to directory where the policy configuration is stored.
3079 Should be either /usr/lib/firewalld/policies or
3080 /etc/firewalld/policies.
3081 org.fedoraproject.FirewallD1.config.service
3083 Interface for permanent service configuration, see also
3084 firewalld.service(5).
3085 Methods
3087 addModule(s: module) → Nothing
3088 This method is deprecated. Please use "helpers" in the
3089 update2() method.
3090 addPort(s: port, s: protocol) → Nothing
3092 Permanently add (port, protocol) to list of ports in service.
3093 See port tag in firewalld.service(5).
3094 Possible errors: ALREADY_ENABLED
3096 addProtocol(s: protocol) → Nothing
3098 Permanently add protocol into zone. The protocol can be any
3099 protocol supported by the system. Please have a look at
3100 /etc/protocols for supported protocols. See protocol tag in
3101 firewalld.service(5).
3102 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
3104 addSourcePort(s: port, s: protocol) → Nothing
3106 Permanently add (port, protocol) to list of source ports in
3107 service. See source-port tag in firewalld.service(5).
3108 Possible errors: ALREADY_ENABLED
3110 getDescription() → s
3112 Get description of service. See description tag in
3113 firewalld.service(5).
3114 getDestination(s: family) → s
3116 Get destination for IP family being either 'ipv4' or 'ipv6'.
3117 See destination tag in firewalld.service(5).
3118 Possible errors: ALREADY_ENABLED
3120 getDestinations() → a{ss}
3122 Get list of destinations. Return value is a dictionary of {IP
3123 family : IP address} where 'IP family' key can be either 'ipv4'
3124 or 'ipv6'. See destination tag in firewalld.service(5).
3125 getModules() → as
3127 This method is deprecated. Please use "helpers" in the
3128 getSettings2() method.
3129 getPorts() → a(ss)
3131 Get list of (port, protocol) defined in service. See port tag
3132 in firewalld.service(5).
3133 getProtocols() → as
3135 Return array of protocols (s) defined in service. See protocol
3136 tag in firewalld.service(5).
3137 getSettings() → (sssa(ss)asa{ss}asa(ss))
3139 This function is deprecated, use
3140 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
3141 instead.
3142 getSettings2(s: service) → s{sv}
3144 Return runtime settings of given service. For getting runtime
3145 settings see
3146 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
3147 Settings are a dictionary indexed by keywords. For the type of
3148 each value see below. If the value is empty it may be omitted.
3149 version (s): see version attribute of service tag in
3151 firewalld.service(5).
3152 name (s): see short tag in firewalld.service(5).
3154 description (s): see description tag in firewalld.service(5).
3156 ports (a(ss)): array of port and protocol pairs. See port tag
3158 in firewalld.service(5).
3159 module names (as): array of kernel netfilter helpers, see
3161 module tag in firewalld.service(5).
3162 destinations (a{ss}): dictionary of {IP family : IP address}
3164 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3165 destination tag in firewalld.service(5).
3166 protocols (as): array of protocols, see protocol tag in
3168 firewalld.service(5).
3169 source_ports (a(ss)): array of port and protocol pairs. See
3171 source-port tag in firewalld.service(5).
3172 includes (as): array of service includes, see include tag in
3174 firewalld.service(5).
3175 helpers (as): array of service helpers, see helper tag in
3177 firewalld.service(5).
3178 getShort() → s
3181 Get name of service. See short tag in firewalld.service(5).
3182 getSourcePorts() → a(ss)
3184 Get list of (port, protocol) defined in service. See
3185 source-port tag in firewalld.service(5).
3186 getVersion() → s
3188 Get version of service. See version attribute of service tag in
3189 firewalld.service(5).
3190 loadDefaults() → Nothing
3192 Load default settings for built-in service.
3193 Possible errors: NO_DEFAULTS
3195 queryDestination(s: family, s: address) → b
3197 Return whether a destination is in dictionary of destinations
3198 of this service. destination is in format: (IP family, IP
3199 address) where IP family can be either 'ipv4' or 'ipv6'. See
3200 destination tag in firewalld.service(5).
3201 queryModule(s: module) → b
3203 This method is deprecated. Please use "helpers" in the
3204 getSettings2() method.
3205 queryPort(s: port, s: protocol) → b
3207 Return whether (port, protocol) is in list of ports in service.
3208 See port tag in firewalld.service(5).
3209 queryProtocol(s: protocol) → b
3211 Return whether protocol is in list of protocols in service. See
3212 protocol tag in firewalld.service(5).
3213 querySourcePort(s: port, s: protocol) → b
3215 Return whether (port, protocol) is in list of source ports in
3216 service. See source-port tag in firewalld.service(5).
3217 remove() → Nothing
3219 Remove not built-in service.
3220 Possible errors: BUILTIN_SERVICE
3222 removeDestination(s: family) → Nothing
3224 Permanently remove a destination with family ('ipv4' or 'ipv6')
3225 from service. See destination tag in firewalld.service(5).
3226 Possible errors: NOT_ENABLED
3228 removeModule(s: module) → Nothing
3230 This method is deprecated. Please use "helpers" in the
3231 update2() method.
3232 removePort(s: port, s: protocol) → Nothing
3234 Permanently remove (port, protocol) from list of ports in
3235 service. See port tag in firewalld.service(5).
3236 Possible errors: NOT_ENABLED
3238 removeProtocol(s: protocol) → Nothing
3240 Permanently remove protocol from list of protocols in service.
3241 See protocol tag in firewalld.service(5).
3242 Possible errors: NOT_ENABLED
3244 removeSourcePort(s: port, s: protocol) → Nothing
3246 Permanently remove (port, protocol) from list of source ports
3247 in service. See source-port tag in firewalld.service(5).
3248 Possible errors: NOT_ENABLED
3250 rename(s: name) → Nothing
3252 Rename not built-in service to name.
3253 Possible errors: BUILTIN_SERVICE
3255 setDescription(s: description) → Nothing
3257 Permanently set description of service to description. See
3258 description tag in firewalld.service(5).
3259 setDestination(s: family, s: address) → Nothing
3261 Permanently set a destination address. destination is in
3262 format: (IP family, IP address) where IP family can be either
3263 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
3264 Possible errors: ALREADY_ENABLED
3266 setDestinations(a{ss}: destinations) → Nothing
3268 Permanently set destinations of service to destinations, which
3269 is a dictionary of {IP family : IP address} where 'IP family'
3270 key can be either 'ipv4' or 'ipv6'. See destination tag in
3271 firewalld.service(5).
3272 setModules(as: modules) → Nothing
3274 This method is deprecated. Please use "helpers" in the
3275 update2() method.
3276 setPorts(a(ss): ports) → Nothing
3278 Permanently set ports of service to list of (port, protocol).
3279 See port tag in firewalld.service(5).
3280 setProtocols(as: protocols) → Nothing
3282 Permanently set protocols of service to list of protocols. See
3283 protocol tag in firewalld.service(5).
3284 setShort(s: short) → Nothing
3286 Permanently set name of service to short. See short tag in
3287 firewalld.service(5).
3288 setSourcePorts(a(ss): ports) → Nothing
3290 Permanently set source-ports of service to list of (port,
3291 protocol). See source-port tag in firewalld.service(5).
3292 setVersion(s: version) → Nothing
3294 Permanently set version of service to version. See version
3295 attribute of service tag in firewalld.service(5).
3296 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
3298 This function is deprecated, use
3299 org.fedoraproject.FirewallD1.config.service.Methods.update2
3300 instead.
3301 update2a{sv}: settings) → Nothing
3303 Update settings of service to settings. Settings are a
3304 dictionary indexed by keywords. For the type of each value see
3305 below. To zero a value pass an empty string or list.
3306 version (s): see version attribute of service tag in
3308 firewalld.service(5).
3309 name (s): see short tag in firewalld.service(5).
3311 description (s): see description tag in firewalld.service(5).
3313 ports (a(ss)): array of port and protocol pairs. See port tag
3315 in firewalld.service(5).
3316 module names (as): array of kernel netfilter helpers, see
3318 module tag in firewalld.service(5).
3319 destinations (a{ss}): dictionary of {IP family : IP address}
3321 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3322 destination tag in firewalld.service(5).
3323 protocols (as): array of protocols, see protocol tag in
3325 firewalld.service(5).
3326 source_ports (a(ss)): array of port and protocol pairs. See
3328 source-port tag in firewalld.service(5).
3329 includes (as): array of service includes, see include tag in
3331 firewalld.service(5).
3332 helpers (as): array of service helpers, see helper tag in
3334 firewalld.service(5).
3335 Possible errors: INVALID_TYPE
3337 Signals
3339 Removed(s: name)
3340 Emitted when service with name has been removed.
3341 Renamed(s: name)
3343 Emitted when service has been renamed to name.
3344 Updated(s: name)
3346 Emitted when service with name has been updated.
3347 Properties
3349 builtin - b - (ro)
3350 True if service is build-in, false else.
3351 default - b - (ro)
3353 True if build-in service has default settings. False if it has
3354 been modified. Always False for not build-in services.
3355 filename - s - (ro)
3357 Name (including .xml extension) of file where the configuration
3358 is stored.
3359 name - s - (ro)
3361 Name of service.
3362 path - s - (ro)
3364 Path to directory where the configuration is stored. Should be
3365 either /usr/lib/firewalld/services or /etc/firewalld/services.
3366 org.fedoraproject.FirewallD1.config.helper
3368 Interface for permanent helper configuration, see also
3369 firewalld.helper(5).
3370 Methods
3372 addPort(s: port, s: protocol) → Nothing
3373 Permanently add (port, protocol) to list of ports in helper.
3374 See port tag in firewalld.helper(5).
3375 Possible errors: ALREADY_ENABLED
3377 getDescription() → s
3379 Get description of helper. See description tag in
3380 firewalld.helper(5).
3381 getFamily() → s
3383 Get family being 'ipv4', 'ipv6' or empty for both. See family
3384 tag in firewalld.helper(5).
3385 getModule() → s
3387 Get modules (netfilter kernel helpers) used in helper. See
3388 module tag in firewalld.helper(5).
3389 getPorts() → a(ss)
3391 Get list of (port, protocol) defined in helper. See port tag in
3392 firewalld.helper(5).
3393 getSettings() → (sssssa(ss))
3395 Return permanent settings of a helper. For getting runtime
3396 settings see
3397 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3398 Settings are in format: version, name, description, family,
3399 module, array of ports (port, protocol).
3400 version (s): see version attribute of helper tag in
3402 firewalld.helper(5).
3403 name (s): see short tag in firewalld.helper(5).
3405 description (s): see description tag in firewalld.helper(5).
3407 family (s): see family tag in firewalld.helper(5).
3409 module (s): see module tag in firewalld.helper(5).
3411 ports (a(ss)): array of port and protocol pairs. See port tag
3413 in firewalld.helper(5).
3414 getShort() → s
3417 Get name of helper. See short tag in firewalld.helper(5).
3418 getVersion() → s
3420 Get version of helper. See version attribute of helper tag in
3421 firewalld.helper(5).
3422 loadDefaults() → Nothing
3424 Load default settings for built-in helper.
3425 Possible errors: NO_DEFAULTS
3427 queryFamily(s: module) → b
3429 Return whether family is set for helper. See family tag in
3430 firewalld.helper(5).
3431 queryModule(s: module) → b
3433 Return whether module (netfilter kernel helpers) is used in
3434 helper. See module tag in firewalld.helper(5).
3435 queryPort(s: port, s: protocol) → b
3437 Return whether (port, protocol) is in list of ports in helper.
3438 See port tag in firewalld.helper(5).
3439 remove() → Nothing
3441 Remove not built-in helper.
3442 Possible errors: BUILTIN_HELPER
3444 removePort(s: port, s: protocol) → Nothing
3446 Permanently remove (port, protocol) from list of ports in
3447 helper. See port tag in firewalld.helper(5).
3448 Possible errors: NOT_ENABLED
3450 rename(s: name) → Nothing
3452 Rename not built-in helper to name.
3453 Possible errors: BUILTIN_HELPER
3455 setDescription(s: description) → Nothing
3457 Permanently set description of helper to description. See
3458 description tag in firewalld.helper(5).
3459 setFamily(s: family) → Nothing
3461 Permanently set family of helper to family. See family tag in
3462 firewalld.helper(5).
3463 setModule(s: module) → Nothing
3465 Permanently set module of helper to description. See module tag
3466 in firewalld.helper(5).
3467 setPorts(a(ss): ports) → Nothing
3469 Permanently set ports of helper to list of (port, protocol).
3470 See port tag in firewalld.helper(5).
3471 setShort(s: short) → Nothing
3473 Permanently set name of helper to short. See short tag in
3474 firewalld.helper(5).
3475 setVersion(s: version) → Nothing
3477 Permanently set version of helper to version. See version
3478 attribute of helper tag in firewalld.helper(5).
3479 update((sssssa(ss)): settings) → Nothing
3481 Update settings of helper to settings. Settings are in format:
3482 version, name, description, family, module and array of ports.
3483 version (s): see version attribute of helper tag in
3485 firewalld.helper(5).
3486 name (s): see short tag in firewalld.helper(5).
3488 description (s): see description tag in firewalld.helper(5).
3490 family (s): see family tag in firewalld.helper(5).
3492 module (s): see module tag in firewalld.helper(5).
3494 ports (a(ss)): array of port and protocol pairs. See port tag
3496 in firewalld.helper(5).
3497 Possible errors: INVALID_HELPER
3499 Signals
3501 Removed(s: name)
3502 Emitted when helper with name has been removed.
3503 Renamed(s: name)
3505 Emitted when helper has been renamed to name.
3506 Updated(s: name)
3508 Emitted when helper with name has been updated.
3509 Properties
3511 builtin - b - (ro)
3512 True if helper is build-in, false else.
3513 default - b - (ro)
3515 True if build-in helper has default settings. False if it has
3516 been modified. Always False for not build-in helpers.
3517 filename - s - (ro)
3519 Name (including .xml extension) of file where the configuration
3520 is stored.
3521 name - s - (ro)
3523 Name of helper.
3524 path - s - (ro)
3526 Path to directory where the configuration is stored. Should be
3527 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3528 org.fedoraproject.FirewallD1.config.icmptype
3530 Interface for permanent icmp type configuration, see also
3531 firewalld.icmptype(5).
3532 Methods
3534 addDestination(s: destination) → Nothing
3535 Permanently add a destination ('ipv4' or 'ipv6') to list of
3536 destinations of this icmp type. See destination tag in
3537 firewalld.icmptype(5).
3538 Possible errors: ALREADY_ENABLED
3540 getDescription() → s
3542 Get description of icmp type. See description tag in
3543 firewalld.icmptype(5).
3544 getDestinations() → as
3546 Get list of destinations. See destination tag in
3547 firewalld.icmptype(5).
3548 getSettings() → (sssas)
3550 Return permanent settings of icmp type. For getting runtime
3551 settings see
3552 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3553 Settings are in format: version, name, description, array of
3554 destinations.
3555 version (s): see version attribute of icmptype tag in
3557 firewalld.icmptype(5).
3558 name (s): see short tag in firewalld.icmptype(5).
3560 description (s): see description tag in firewalld.icmptype(5).
3562 destinations (as): array, either empty or containing strings
3564 'ipv4' and/or 'ipv6', see destination tag in
3565 firewalld.icmptype(5).
3566 getShort() → s
3569 Get name of icmp type. See short tag in firewalld.icmptype(5).
3570 getVersion() → s
3572 Get version of icmp type. See version attribute of icmptype tag
3573 in firewalld.icmptype(5).
3574 loadDefaults() → Nothing
3576 Load default settings for built-in icmp type.
3577 Possible errors: NO_DEFAULTS
3579 queryDestination(s: destination) → b
3581 Return whether a destination ('ipv4' or 'ipv6') is in list of
3582 destinations of this icmp type. See destination tag in
3583 firewalld.icmptype(5).
3584 remove() → Nothing
3586 Remove not built-in icmp type.
3587 Possible errors: BUILTIN_ICMPTYPE
3589 removeDestination(s: destination) → Nothing
3591 Permanently remove a destination ('ipv4' or 'ipv6') from list
3592 of destinations of this icmp type. See destination tag in
3593 firewalld.icmptype(5).
3594 Possible errors: NOT_ENABLED
3596 rename(s: name) → Nothing
3598 Rename not built-in icmp type to name.
3599 Possible errors: BUILTIN_ICMPTYPE
3601 setDescription(s: description) → Nothing
3603 Permanently set description of icmp type to description. See
3604 description tag in firewalld.icmptype(5).
3605 setDestinations(as: destinations) → Nothing
3607 Permanently set destinations of icmp type to destinations,
3608 which is array, either empty or containing strings 'ipv4'
3609 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3610 setShort(s: short) → Nothing
3612 Permanently set name of icmp type to short. See short tag in
3613 firewalld.icmptype(5).
3614 setVersion(s: version) → Nothing
3616 Permanently set version of icmp type to version. See version
3617 attribute of icmptype tag in firewalld.icmptype(5).
3618 update((sssas): settings) → Nothing
3620 Update permanent settings of icmp type to settings. Settings
3621 are in format: version, name, description, array of
3622 destinations.
3623 version (s): see version attribute of icmptype tag in
3625 firewalld.icmptype(5).
3626 name (s): see short tag in firewalld.icmptype(5).
3628 description (s): see description tag in firewalld.icmptype(5).
3630 destinations (as): array, either empty or containing strings
3632 'ipv4' and/or 'ipv6', see destination tag in
3633 firewalld.icmptype(5).
3634 Signals
3637 Removed(s: name)
3638 Emitted when icmp type with name has been removed.
3639 Renamed(s: name)
3641 Emitted when icmp type has been renamed to name.
3642 Updated(s: name)
3644 Emitted when icmp type with name has been updated.
3645 Properties
3647 builtin - b - (ro)
3648 True if icmptype is build-in, false else.
3649 default - b - (ro)
3651 True if build-in icmp type has default settings. False if it
3652 has been modified. Always False for not build-in zones.
3653 filename - s - (ro)
3655 Name (including .xml extension) of file where the configuration
3656 is stored.
3657 name - s - (ro)
3659 Name of icmp type.
3660 path - s - (ro)
3662 Path to directory where the icmp type configuration is stored.
3663 Should be either /usr/lib/firewalld/icmptypes or
3664 /etc/firewalld/icmptypes.
3665
3667 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3668 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3669 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3670 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3671 firewalld.zone(5), firewalld.zones(5), firewalld.policy(5),
3672 firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
3673
3675 firewalld home page:
3676 http://firewalld.org
3677 More documentation with examples:
3679 http://fedoraproject.org/wiki/FirewallD
3680
3682 Thomas Woerner <twoerner@redhat.com>
3683 Developer
3684 Jiri Popelka <jpopelka@redhat.com>
3686 Developer
3687 Eric Garver <eric@garver.life>
3689 Developer
3690firewalld 2.0.2 FIREWALLD.DBUS(5)