1FIREWALLD.DBUS(5) firewalld.dbus FIREWALLD.DBUS(5)
2
3
4
6 firewalld.dbus - firewalld D-Bus interface description
7
9 This is the basic firewalld object path structure. The used interfaces
10 are explained below in the section called “INTERFACES”.
11
12 /org/fedoraproject/FirewallD1
13 Interfaces
14 org.fedoraproject.FirewallD1
15 org.fedoraproject.FirewallD1.direct (deprecated)
16 org.fedoraproject.FirewallD1.ipset
17 org.fedoraproject.FirewallD1.policies
18 org.fedoraproject.FirewallD1.zone
19 org.freedesktop.DBus.Introspectable
20 org.freedesktop.DBus.Properties
21
22 /org/fedoraproject/FirewallD1/config
23 Interfaces
24 org.fedoraproject.FirewallD1.config
25 org.fedoraproject.FirewallD1.config.direct (deprecated)
26 org.fedoraproject.FirewallD1.config.policies
27 org.freedesktop.DBus.Introspectable
28 org.freedesktop.DBus.Properties
29
30 /org/fedoraproject/FirewallD1/config/zone/i
31 Interfaces
32 org.fedoraproject.FirewallD1.config.zone
33 org.freedesktop.DBus.Introspectable
34 org.freedesktop.DBus.Properties
35
36 /org/fedoraproject/FirewallD1/config/service/i
37 Interfaces:
38 org.fedoraproject.FirewallD1.config.service
39 org.freedesktop.DBus.Introspectable
40 org.freedesktop.DBus.Properties
41
42 /org/fedoraproject/FirewallD1/config/ipset/i
43 Interfaces
44 org.fedoraproject.FirewallD1.config.ipset
45 org.freedesktop.DBus.Introspectable
46 org.freedesktop.DBus.Properties
47
48 /org/fedoraproject/FirewallD1/config/icmptype/i
49 Interfaces
50 org.fedoraproject.FirewallD1.config.icmptype
51 org.freedesktop.DBus.Introspectable
52 org.freedesktop.DBus.Properties
53
54
55
57 org.fedoraproject.FirewallD1
58 This interface contains general runtime operations, like: reloading,
59 panic mode, default zone handling, getting services and icmp types and
60 their settings.
61
62 Methods
63 authorizeAll() → Nothing
64 Initiate authorization for the complete firewalld D-Bus
65 interface. This method it mostly useful for configuration
66 applications.
67
68 completeReload() → Nothing
69 Reload firewall completely, even netfilter kernel modules. This
70 will most likely terminate active connections, because state
71 information is lost. This option should only be used in case of
72 severe firewall problems. For example if there are state
73 information problems that no connection can be established with
74 correct firewall rules.
75
76 disablePanicMode() → Nothing
77
78 resetToDefaults() → Nothing
79 Reset firewall to its default configuration, then reload
80 firewall. This effects both runtime and permanent
81 configuration.
82 Disable panic mode. After disabling panic mode established
83 connections might work again, if panic mode was enabled for a
84 short period of time.
85
86 Possible errors: NOT_ENABLED, COMMAND_FAILED
87
88 enablePanicMode() → Nothing
89 Enable panic mode. All incoming and outgoing packets are
90 dropped, active connections will expire. Enable this only if
91 there are serious problems with your network environment.
92
93 Possible errors: ALREADY_ENABLED, COMMAND_FAILED
94
95 getAutomaticHelpers() → s
96 Deprecated. This always returns "no".
97
98 getDefaultZone() → s
99 Return default zone.
100
101 getHelperSettings(s: helper) → (sssssa(ss))
102 Return runtime settings of given helper. For getting permanent
103 settings see
104 org.fedoraproject.FirewallD1.config.helper.Methods.getSettings.
105 Settings are in format: version, name, description, family,
106 module and array of ports.
107
108 version (s): see version attribute of helper tag in
109 firewalld.helper(5).
110
111 name (s): see short tag in firewalld.helper(5).
112
113 description (s): see description tag in firewalld.helper(5).
114
115 family (s): see family tag in firewalld.helper(5).
116
117 module (s): see module tag in firewalld.helper(5).
118
119 ports (a(ss)): array of port and protocol pairs. See port tag
120 in firewalld.helper(5).
121
122 Possible errors: INVALID_HELPER
123
124 getHelpers() → as
125 Return array of helper names (s) in runtime configuration. For
126 permanent configuration see
127 org.fedoraproject.FirewallD1.config.Methods.listHelpers.
128
129 getIcmpTypeSettings(s: icmptype) → (sssas)
130 Return runtime settings of given icmptype. For getting
131 permanent settings see
132 org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings.
133 Settings are in format: version, name, description, array of
134 destinations.
135
136 version (s): see version attribute of icmptype tag in
137 firewalld.icmptype(5).
138
139 name (s): see short tag in firewalld.icmptype(5).
140
141 description (s): see description tag in firewalld.icmptype(5).
142
143 destinations (as): array, either empty or containing strings
144 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
145
146 Possible errors: INVALID_ICMPTYPE
147
148 getLogDenied() → s
149 Returns the LogDenied value. If LogDenied is enabled, then
150 logging rules are added right before reject and drop rules in
151 the INPUT, FORWARD and OUTPUT chains for the default rules and
152 also final reject and drop rules in zones. Possible values are:
153 all, unicast, broadcast, multicast and off. The default value
154 is off
155
156 getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
157 This function is deprecated, use
158 org.fedoraproject.FirewallD1.Methods.getServiceSettings2
159 instead.
160
161 getServiceSettings2(s: service) → s{sv}
162 Return runtime settings of given service. For getting permanent
163 settings see
164 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2.
165 Settings are a dictionary indexed by keywords. For the type of
166 each value see below. If the value is empty it may be omitted.
167
168 version (s): see version attribute of service tag in
169 firewalld.service(5).
170
171 name (s): see short tag in firewalld.service(5).
172
173 description (s): see description tag in firewalld.service(5).
174
175 ports (a(ss)): array of port and protocol pairs. See port tag
176 in firewalld.service(5).
177
178 module names (as): array of kernel netfilter helpers, see
179 module tag in firewalld.service(5).
180
181 destinations (a{ss}): dictionary of {IP family : IP address}
182 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
183 destination tag in firewalld.service(5).
184
185 protocols (as): array of protocols, see protocol tag in
186 firewalld.service(5).
187
188 source_ports (a(ss)): array of port and protocol pairs. See
189 source-port tag in firewalld.service(5).
190
191 includes (as): array of service includes, see include tag in
192 firewalld.service(5).
193
194 helpers (as): array of service helpers, see helper tag in
195 firewalld.service(5).
196
197 Possible errors: INVALID_SERVICE
198
199 getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
200 This function is deprecated, use
201 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2
202 instead.
203
204 listIcmpTypes() → as
205 Return array of names (s) of icmp types in runtime
206 configuration. For permanent configuration see
207 org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes.
208
209 listServices() → as
210 Return array of service names (s) in runtime configuration. For
211 permanent configuration see
212 org.fedoraproject.FirewallD1.config.Methods.listServices.
213
214 queryPanicMode() → b
215 Return true if panic mode is enabled, false otherwise. In panic
216 mode all incoming and outgoing packets are dropped.
217
218 reload() → Nothing
219 Reload firewall rules and keep state information. Current
220 permanent configuration will become new runtime configuration,
221 i.e. all runtime only changes done until reload are lost with
222 reload if they have not been also in permanent configuration.
223
224 runtimeToPermanent() → Nothing
225 Make runtime settings permanent. Replaces permanent settings
226 with runtime settings for zones, services, icmptypes, direct
227 (deprecated) and policies (lockdown whitelist).
228
229 Possible errors: RT_TO_PERM_FAILED
230
231 checkPermanentConfig() → Nothing
232 Run checks on the permanent configuration. This is most useful
233 if changes were made manually to configuration files.
234
235 Possible errors: any
236
237 setDefaultZone(s: zone) → Nothing
238 Set default zone for connections and interfaces where no zone
239 has been selected to zone. Setting the default zone changes the
240 zone for the connections or interfaces, that are using the
241 default zone. This is a runtime and permanent change.
242
243 Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
244
245 setLogDenied(s: value) → Nothing
246 Set LogDenied value to value. If LogDenied is enabled, then
247 logging rules are added right before reject and drop rules in
248 the INPUT, FORWARD and OUTPUT chains for the default rules and
249 also final reject and drop rules in zones. Possible values are:
250 all, unicast, broadcast, multicast and off. The default value
251 is off This is a runtime and permanent change.
252
253 Possible errors: ALREADY_SET, INVALID_VALUE
254
255 Signals
256 DefaultZoneChanged(s: zone)
257 Emitted when default zone has been changed to zone.
258
259 LogDeniedChanged(s: value)
260 Emitted when LogDenied value has been changed.
261
262 PanicModeDisabled()
263 Emitted when panic mode has been deactivated.
264
265 PanicModeEnabled()
266 Emitted when panic mode has been activated.
267
268 Reloaded()
269 Emitted when firewalld has been reloaded. Also emitted for a
270 complete reload.
271
272 Properties
273 BRIDGE - b - (ro)
274 Indicates whether the firewall has ethernet bridge support.
275
276 IPSet - b - (ro)
277 Indicates whether the firewall has IPSet support.
278
279 IPSetTypes - as - (ro)
280 The supported IPSet types by ipset and firewalld.
281
282 IPv4 - b - (ro)
283 Indicates whether the firewall has IPv4 support.
284
285 IPv4ICMPTypes - as - (ro)
286 The list of supported IPv4 ICMP types.
287
288 IPv6 - b - (ro)
289 Indicates whether the firewall has IPv6 support.
290
291 IPv6_rpfilter - b - (ro)
292 Indicates whether the reverse path filter test on a packet for
293 IPv6 is enabled. If a reply to the packet would be sent via the
294 same interface that the packet arrived on, the packet will
295 match and be accepted, otherwise dropped.
296
297 IPv6ICMPTypes - as - (ro)
298 The list of supported IPv6 ICMP types.
299
300 nf_conntrach_helper_setting - b - (ro)
301 Deprecated. Always False.
302
303 nf_conntrack_helpers - a{sas} - (ro)
304 Deprecated. Always returns an empty dictionary.
305
306 nf_nat_helpers - a{sas} - (ro)
307 Deprecated. Always returns an empty dictionary.
308
309 interface_version - s - (ro)
310 firewalld D-Bus interface version string.
311
312 state - s - (ro)
313 firewalld state. This can be either INIT, FAILED, or RUNNING.
314 In INIT state, firewalld is starting up and initializing. In
315 FAILED state, firewalld completely started but experienced a
316 failure.
317
318 version - s - (ro)
319 firewalld version string.
320
321 org.fedoraproject.FirewallD1.ipset
322 Operations in this interface allows one to get, add, remove and query
323 runtime ipset settings. For permanent configuration see
324 org.fedoraproject.FirewallD1.config.ipset interface.
325
326 Methods
327 addEntry(s: ipset, s: entry) → as
328 Add a new entry to ipset. The entry must match the type of the
329 ipset. If the ipset is using the timeout option, it is not
330 possible to see the entries, as they are timing out
331 automatically in the kernel. For permanent operation see
332 org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry.
333
334 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
335
336 getEntries(s: ipset) → Nothing
337 Get all entries added to the ipset. If the ipset is using the
338 timeout option, it is not possible to see the entries, as they
339 are timing out automatically in the kernel. Return value is a
340 array of entry. For permanent operation see
341 org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries.
342
343 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
344
345 getIPSetSettings(s: ipset) → (ssssa{ss}as)
346 Return runtime settings of given ipset. For getting permanent
347 settings see
348 org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings.
349 Settings are in format: version, name, description, type,
350 dictionary of options and array of entries.
351
352 version (s): see version attribute of ipset tag in
353 firewalld.ipset(5).
354
355 name (s): see short tag in firewalld.ipset(5).
356
357 description (s): see description tag in firewalld.ipset(5).
358
359 type (s): see type attribute of ipset tag in
360 firewalld.ipset(5).
361
362 options (a{ss}): dictionary of {option : value} . See options
363 tag in firewalld.ipset(5).
364
365 entries (as): array of entries, see entry tag in
366 firewalld.ipset(5).
367
368 Possible errors: INVALID_IPSET
369
370 getIPSets() → as
371 Return array of ipset names (s) in runtime configuration. For
372 permanent configuration see
373 org.fedoraproject.FirewallD1.config.Methods.listIPSets.
374
375 queryEntry(s: ipset, s: entry) → b
376 Return whether entry has been added to ipset. For permanent
377 operation see
378 org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry.
379
380 Possible errors: INVALID_IPSET
381
382 queryIPSet(s: ipset) → b
383 Return whether ipset is defined in runtime configuration.
384
385 removeEntry(s: ipset, s: entry) → as
386 Removes an entry from ipset. For permanent operation see
387 org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry.
388
389 Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
390
391 setEntries(as: entries) → Nothing
392 Permanently set list of entries to entries. For permanent
393 operation see
394 org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries.
395 See entry tag in firewalld.ipset(5).
396
397 Signals
398 EntryAdded(s: ipset, s: entry)
399 Emitted when entry has been added to ipset.
400
401 EntryRemoved(s: ipset, s: entry)
402 Emitted when entry has been removed from ipset.
403
404 org.fedoraproject.FirewallD1.direct
405 DEPRECATED
406 The direct interface has been deprecated. It will be removed in a
407 future release. It is superseded by policies, see
408 firewalld.policies(5).
409
410 This interface enables more direct access to the firewall. It enables
411 runtime manipulation with chains and rules. For permanent configuration
412 see org.fedoraproject.FirewallD1.config.direct interface.
413
414 Methods
415 addChain(s: ipv, s: table, s: chain) → Nothing
416 Add a new chain to table for ipv being either ipv4 (iptables)
417 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
418 other chain with this name already. There already exist basic
419 chains to use with direct methods, for example INPUT_direct
420 chain. These chains are jumped into before chains for zones,
421 i.e. every rule put into INPUT_direct will be checked before
422 rules in zones. For permanent operation see
423 org.fedoraproject.FirewallD1.config.direct.Methods.addChain.
424
425 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
426 COMMAND_FAILED
427
428 addPassthrough(s: ipv, as: args) → Nothing
429 Add a tracked passthrough rule with the arguments args for ipv
430 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
431 (ebtables). Valid commands in args are only -A/--append,
432 -I/--insert and -N/--new-chain. This method is (unlike
433 passthrough method) tracked, i.e. firewalld remembers it. It's
434 useful with
435 org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For
436 permanent operation see
437 org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough.
438
439 Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
440
441 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
442 Nothing
443 Add a rule with the arguments args to chain in table with
444 priority for ipv being either ipv4 (iptables) or ipv6
445 (ip6tables) or eb (ebtables). The priority is used to order
446 rules. Priority 0 means add rule on top of the chain, with a
447 higher priority the rule will be added further down. Rules with
448 the same priority are on the same level and the order of these
449 rules is not fixed and may change. If you want to make sure
450 that a rule will be added after another one, use a low priority
451 for the first and a higher for the following. For permanent
452 operation see
453 org.fedoraproject.FirewallD1.config.direct.Methods.addRule.
454
455 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED,
456 COMMAND_FAILED
457
458 getAllChains() → a(sss)
459 Get all chains added to all tables in format: ipv, table,
460 chain. This concerns only chains previously added with
461 addChain. Return value is a array of (ipv, table, chain). For
462 permanent operation see
463 org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains.
464
465 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
466 (ebtables).
467
468 table (s): one of filter, mangle, nat, raw, security
469
470 chain (s): name of a chain.
471
472
473 getAllPassthroughs() → a(sas)
474 Get all tracked passthrough rules added in all ipv types in
475 format: ipv, rule. This concerns only rules previously added
476 with addPassthrough. Return value is a array of (ipv, array of
477 arguments). For permanent operation see
478 org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs.
479
480 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
481 (ebtables).
482
483 arguments (as): array of commands, parameters and other
484 iptables/ip6tables/ebtables command line options.
485
486
487 getAllRules() → a(sssias)
488 Get all rules added to all chains in all tables in format: ipv,
489 table, chain, priority, rule. This concerns only rules
490 previously added with addRule. Return value is a array of (ipv,
491 table, chain, priority, array of arguments). For permanent
492 operation see
493 org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules.
494
495 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
496 (ebtables).
497
498 table (s): one of filter, mangle, nat, raw, security
499
500 chain (s): name of a chain.
501
502 priority (i): used to order rules.
503
504 arguments (as): array of commands, parameters and other
505 iptables/ip6tables/ebtables command line options.
506
507
508 getChains(s: ipv, s: table) → as
509 Return an array of chains (s) added to table for ipv being
510 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
511 This concerns only chains previously added with addChain. For
512 permanent operation see
513 org.fedoraproject.FirewallD1.config.direct.Methods.getChains.
514
515 Possible errors: INVALID_IPV, INVALID_TABLE
516
517 getPassthroughs(s: ipv) → aas
518 Get tracked passthrough rules added in either ipv4 (iptables)
519 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
520 previously added with addPassthrough. Return value is a array
521 of (array of arguments). For permanent operation see
522 org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs.
523
524 arguments (as): array of commands, parameters and other
525 iptables/ip6tables/ebtables command line options.
526
527
528 getRules(s: ipv, s: table, s: chain) → a(ias)
529 Get all rules added to chain in table for ipv being either ipv4
530 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
531 only rules previously added with addRule. Return value is a
532 array of (priority, array of arguments). For permanent
533 operation see
534 org.fedoraproject.FirewallD1.config.direct.Methods.getRules.
535
536 priority (i): used to order rules.
537
538 arguments (as): array of commands, parameters and other
539 iptables/ip6tables/ebtables command line options.
540
541 Possible errors: INVALID_IPV, INVALID_TABLE
542
543 passthrough(s: ipv, as: args) → s
544 Pass a command through to the firewall. ipv can be either ipv4
545 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be
546 all iptables, ip6tables and ebtables command line arguments.
547 args can be all iptables, ip6tables and ebtables command line
548 arguments. This command is untracked, which means that
549 firewalld is not able to provide information about this command
550 later on.
551
552 Possible errors: COMMAND_FAILED
553
554 queryChain(s: ipv, s: table, s: chain) → b
555 Return whether a chain exists in table for ipv being either
556 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
557 concerns only chains previously added with addChain. For
558 permanent operation see
559 org.fedoraproject.FirewallD1.config.direct.Methods.queryChain.
560
561 Possible errors: INVALID_IPV, INVALID_TABLE
562
563 queryPassthrough(s: ipv, as: args) → b
564 Return whether a tracked passthrough rule with the arguments
565 args exists for ipv being either ipv4 (iptables) or ipv6
566 (ip6tables) or eb (ebtables). This concerns only rules
567 previously added with addPassthrough. For permanent operation
568 see
569 org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough.
570
571 Possible errors: INVALID_IPV
572
573 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
574 Return whether a rule with priority and the arguments args
575 exists in chain in table for ipv being either ipv4 (iptables)
576 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
577 previously added with addRule. For permanent operation see
578 org.fedoraproject.FirewallD1.config.direct.Methods.queryRule.
579
580 Possible errors: INVALID_IPV, INVALID_TABLE
581
582 removeAllPassthroughs() → Nothing
583 Remove all passthrough rules previously added with
584 addPassthrough.
585
586 removeChain(s: ipv, s: table, s: chain) → Nothing
587 Remove a chain from table for ipv being either ipv4 (iptables)
588 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
589 added with addChain can be removed this way. For permanent
590 operation see
591 org.fedoraproject.FirewallD1.config.direct.Methods.removeChain.
592
593 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
594 COMMAND_FAILED
595
596 removePassthrough(s: ipv, as: args) → Nothing
597 Remove a tracked passthrough rule with arguments args for ipv
598 being either ipv4 (iptables) or ipv6 (ip6tables) or eb
599 (ebtables). Only rules previously added with addPassthrough can
600 be removed this way. For permanent operation see
601 org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough.
602
603 Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
604
605 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
606 Nothing
607 Remove a rule with priority and arguments args from chain in
608 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
609 or eb (ebtables). Only rules previously added with addRule can
610 be removed this way. For permanent operation see
611 org.fedoraproject.FirewallD1.config.direct.Methods.removeRule.
612
613 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED,
614 COMMAND_FAILED
615
616 removeRules(s: ipv, s: table, s: chain) → Nothing
617 Remove all rules from chain in table for ipv being either ipv4
618 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
619 only rules previously added with addRule. For permanent
620 operation see
621 org.fedoraproject.FirewallD1.config.direct.Methods.removeRules.
622
623 Possible errors: INVALID_IPV, INVALID_TABLE
624
625 Signals
626 ChainAdded(s: ipv, s: table, s: chain)
627 Emitted when chain has been added into table for ipv being
628 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
629
630 ChainRemoved(s: ipv, s: table, s: chain)
631 Emitted when chain has been removed from table for ipv being
632 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
633
634 PassthroughAdded(s: ipv, as: args)
635 Emitted when a tracked passthrough rule with args has been
636 added for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
637 or eb (ebtables).
638
639 PassthroughRemoved(s: ipv, as: args)
640 Emitted when a tracked passthrough rule with args has been
641 removed for ipv being either ipv4 (iptables) or ipv6
642 (ip6tables) or eb (ebtables).
643
644 RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
645 Emitted when a rule with args has been added to chain in table
646 with priority for ipv being either ipv4 (iptables) or ipv6
647 (ip6tables) or eb (ebtables).
648
649 RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
650 Emitted when a rule with args has been removed from chain in
651 table with priority for ipv being either ipv4 (iptables) or
652 ipv6 (ip6tables) or eb (ebtables).
653
654 org.fedoraproject.FirewallD1.policies
655 Enables firewalld to be able to lock down configuration changes from
656 local applications. Local applications or services are able to change
657 the firewall configuration if they are running as root (example:
658 libvirt). With these operations administrator can lock the firewall
659 configuration so that either none or only applications that are in the
660 whitelist are able to request firewall changes. For permanent
661 configuration see org.fedoraproject.FirewallD1.config.policies
662 interface.
663
664 Methods
665 addLockdownWhitelistCommand(s: command) → Nothing
666 Add command to whitelist. See command option in
667 firewalld.lockdown-whitelist(5). For permanent operation see
668 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand.
669
670 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
671
672 addLockdownWhitelistContext(s: context) → Nothing
673 Add context to whitelist. See selinux option in
674 firewalld.lockdown-whitelist(5). For permanent operation see
675 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext.
676
677 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
678
679 addLockdownWhitelistUid(i: uid) → Nothing
680 Add user id uid to whitelist. See user option in
681 firewalld.lockdown-whitelist(5). For permanent operation see
682 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid.
683
684 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
685
686 addLockdownWhitelistUser(s: user) → Nothing
687 Add user name to whitelist. See user option in
688 firewalld.lockdown-whitelist(5). For permanent operation see
689 org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser.
690
691 Possible errors: ALREADY_ENABLED, INVALID_COMMAND
692
693 disableLockdown() → Nothing
694 Disable lockdown. This is a runtime and permanent change.
695
696 Possible errors: NOT_ENABLED
697
698 enableLockdown() → Nothing
699 Enable lockdown. Be careful - if the calling application/user
700 is not on lockdown whitelist when you enable lockdown you won't
701 be able to disable it again with the application, you would
702 need to edit firewalld.conf. This is a runtime and permanent
703 change.
704
705 Possible errors: ALREADY_ENABLED
706
707 getLockdownWhitelistCommands() → as
708 List all command lines (s) that are on whitelist. For permanent
709 operation see
710 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands.
711
712 getLockdownWhitelistContexts() → as
713 List all contexts (s) that are on whitelist. For permanent
714 operation see
715 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts.
716
717 getLockdownWhitelistUids() → ai
718 List all user ids (i) that are on whitelist. For permanent
719 operation see
720 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids.
721
722 getLockdownWhitelistUsers() → as
723 List all users (s) that are on whitelist. For permanent
724 operation see
725 org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers.
726
727 queryLockdown() → b
728 Query whether lockdown is enabled.
729
730 queryLockdownWhitelistCommand(s: command) → b
731 Query whether command is on whitelist. For permanent operation
732 see
733 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand.
734
735 queryLockdownWhitelistContext(s: context) → b
736 Query whether context is on whitelist. For permanent operation
737 see
738 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext.
739
740 queryLockdownWhitelistUid(i: uid) → b
741 Query whether user id uid is on whitelist. For permanent
742 operation see
743 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid.
744
745 queryLockdownWhitelistUser(s: user) → b
746 Query whether user is on whitelist. For permanent operation see
747 org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser.
748
749 removeLockdownWhitelistCommand(s: command) → Nothing
750 Remove command from whitelist. For permanent operation see
751 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand.
752
753 Possible errors: NOT_ENABLED
754
755 removeLockdownWhitelistContext(s: context) → Nothing
756 Remove context from whitelist. For permanent operation see
757 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext.
758
759 Possible errors: NOT_ENABLED
760
761 removeLockdownWhitelistUid(i: uid) → Nothing
762 Remove user id uid from whitelist. For permanent operation see
763 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid.
764
765 Possible errors: NOT_ENABLED
766
767 removeLockdownWhitelistUser(s: user) → Nothing
768 Remove user from whitelist. For permanent operation see
769 org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser.
770
771 Possible errors: NOT_ENABLED
772
773 Signals
774 LockdownDisabled()
775 Emitted when lockdown has been disabled.
776
777 LockdownEnabled()
778 Emitted when lockdown has been enabled.
779
780 LockdownWhitelistCommandAdded(s: command)
781 Emitted when command has been added to whitelist.
782
783 LockdownWhitelistCommandRemoved(s: command)
784 Emitted when command has been removed from whitelist.
785
786 LockdownWhitelistContextAdded(s: context)
787 Emitted when context has been added to whitelist.
788
789 LockdownWhitelistContextRemoved(s: context)
790 Emitted when context has been removed from whitelist.
791
792 LockdownWhitelistUidAdded(i: uid)
793 Emitted when user id uid has been added to whitelist.
794
795 LockdownWhitelistUidRemoved(i: uid)
796 Emitted when user id uid has been removed from whitelist.
797
798 LockdownWhitelistUserAdded(s: user)
799 Emitted when user has been added to whitelist.
800
801 LockdownWhitelistUserRemoved(s: user)
802 Emitted when user has been removed from whitelist.
803
804 org.fedoraproject.FirewallD1.zone
805 Operations in this interface allows one to get, add, remove and query
806 runtime zone's settings. For permanent settings see
807 org.fedoraproject.FirewallD1.config.zone interface.
808
809 Methods
810 getZoneSettings2(s: zone) → a{sv}
811 Return runtime settings of given zone. For getting permanent
812 settings see
813 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2.
814 Settings are a dictionary indexed by keywords. For the type of
815 each value see below. If the value is empty it may be omitted.
816
817 version (s): see version attribute of zone tag in
818 firewalld.zone(5).
819
820 name (s): see short tag in firewalld.zone(5).
821
822 description (s): see description tag in firewalld.zone(5).
823
824 target (s): see target attribute of zone tag in
825 firewalld.zone(5).
826
827 services (as): array of service names, see service tag in
828 firewalld.zone(5).
829
830 ports (a(ss)): array of port and protocol pairs. See port tag
831 in firewalld.zone(5).
832
833 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
834 firewalld.zone(5).
835
836 masquerade (b): see masquerade tag in firewalld.zone(5).
837
838 forward_ports (a(ssss)): array of (port, protocol, to-port,
839 to-addr). See forward-port tag in firewalld.zone(5).
840
841 interfaces (as): array of interfaces. See interface tag in
842 firewalld.zone(5).
843
844 sources (as): array of source addresses. See source tag in
845 firewalld.zone(5).
846
847 rules_str (as): array of rich-language rules. See rule tag in
848 firewalld.zone(5).
849
850 protocols (as): array of protocols, see protocol tag in
851 firewalld.zone(5).
852
853 source_ports (a(ss)): array of port and protocol pairs. See
854 source-port tag in firewalld.zone(5).
855
856 icmp_block_inversion (b): see icmp-block-inversion tag in
857 firewalld.zone(5).
858
859 forward (b): see forward tag in firewalld.zone(5).
860
861 ingress-priority (i): see ingress-priority tag in
862 firewalld.zone(5).
863
864 egress-priority (i): see egress-priority tag in
865 firewalld.zone(5).
866
867 Possible errors: INVALID_ZONE
868
869 setZoneSettings2(s: zone, a{sv}: settings, i: timeout)
870 Set runtime settings of given zone. For setting permanent
871 settings see
872 org.fedoraproject.FirewallD1.config.zone.Methods.update2.
873 Settings are a dictionary indexed by keywords. For the type of
874 each value see below. To zero a value pass an empty string or
875 list.
876
877 services (as): array of service names, see service tag in
878 firewalld.zone(5).
879
880 ports (a(ss)): array of port and protocol pairs. See port tag
881 in firewalld.zone(5).
882
883 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
884 firewalld.zone(5).
885
886 masquerade (b): see masquerade tag in firewalld.zone(5).
887
888 forward_ports (a(ssss)): array of (port, protocol, to-port,
889 to-addr). See forward-port tag in firewalld.zone(5).
890
891 interfaces (as): array of interfaces. See interface tag in
892 firewalld.zone(5).
893
894 sources (as): array of source addresses. See source tag in
895 firewalld.zone(5).
896
897 rules_str (as): array of rich-language rules. See rule tag in
898 firewalld.zone(5).
899
900 protocols (as): array of protocols, see protocol tag in
901 firewalld.zone(5).
902
903 source_ports (a(ss)): array of port and protocol pairs. See
904 source-port tag in firewalld.zone(5).
905
906 icmp_block_inversion (b): see icmp-block-inversion tag in
907 firewalld.zone(5).
908
909 forward (b): see forward tag in firewalld.zone(5).
910
911 Possible errors: INVALID_ZONE
912
913 addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr,
914 i: timeout) → s
915 Add the IPv4 forward port into zone. If zone is empty, use
916 default zone. The port can either be a single port number
917 portid or a port range portid-portid. The protocol can either
918 be tcp or udp. The destination address is a simple IP address.
919 If timeout is non-zero, the operation will be active only for
920 the amount of seconds. For permanent settings see
921 org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort.
922
923 Returns name of zone to which the forward port was added.
924
925 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
926 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD,
927 ALREADY_ENABLED, INVALID_COMMAND
928
929 addIcmpBlock(s: zone, s: icmp, i: timeout) → s
930 Add an ICMP block icmp into zone. The icmp is the one of the
931 icmp types firewalld supports. To get a listing of supported
932 icmp types use
933 org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is
934 empty, use default zone. If timeout is non-zero, the operation
935 will be active only for the amount of seconds. For permanent
936 settings see
937 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock.
938
939 Returns name of zone to which the ICMP block was added.
940
941 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE,
942 ALREADY_ENABLED, INVALID_COMMAND
943
944 addIcmpBlockInversion(s: zone) → s
945 Add ICMP block inversion to zone. If zone is empty, use default
946 zone. For permanent settings see
947 org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion.
948
949 Returns name of zone to which the ICMP block inversion was
950 added.
951
952 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
953
954 addInterface(s: zone, s: interface) → s
955 Bind interface with zone. From now on all traffic going through
956 the interface will respect the zone's settings. If zone is
957 empty, use default zone. For permanent settings see
958 org.fedoraproject.FirewallD1.config.zone.Methods.addInterface.
959
960 Returns name of zone to which the interface was bound.
961
962 Possible errors: INVALID_ZONE, INVALID_INTERFACE,
963 ALREADY_ENABLED, INVALID_COMMAND
964
965 addMasquerade(s: zone, i: timeout) → s
966 Enable masquerade in zone. If zone is empty, use default zone.
967 If timeout is non-zero, masquerading will be active for the
968 amount of seconds. For permanent settings see
969 org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade.
970
971 Returns name of zone in which the masquerade was enabled.
972
973 Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
974
975 addPort(s: zone, s: port, s: protocol, i: timeout) → s
976 Add port into zone. If zone is empty, use default zone. The
977 port can either be a single port number or a port range
978 portid-portid. The protocol can either be tcp or udp. If
979 timeout is non-zero, the operation will be active only for the
980 amount of seconds. For permanent settings see
981 org.fedoraproject.FirewallD1.config.zone.Methods.addPort.
982
983 Returns name of zone to which the port was added.
984
985 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
986 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
987
988 addProtocol(s: zone, s: protocol, i: timeout) → s
989 Add protocol into zone. If zone is empty, use default zone. The
990 protocol can be any protocol supported by the system. Please
991 have a look at /etc/protocols for supported protocols. If
992 timeout is non-zero, the operation will be active only for the
993 amount of seconds. For permanent settings see
994 org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol.
995
996 Returns name of zone to which the protocol was added.
997
998 Possible errors: INVALID_ZONE, INVALID_PROTOCOL,
999 ALREADY_ENABLED, INVALID_COMMAND
1000
1001 addRichRule(s: zone, s: rule, i: timeout) → s
1002 Add rich language rule into zone. For the rich language rule
1003 syntax, please have a look at firewalld.direct(5). If zone is
1004 empty, use default zone. If timeout is non-zero, the operation
1005 will be active only for the amount of seconds. For permanent
1006 settings see
1007 org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule.
1008
1009 Returns name of zone to which the rich language rule was added.
1010
1011 Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED,
1012 INVALID_COMMAND
1013
1014 addService(s: zone, s: service, i: timeout) → s
1015 Add service into zone. If zone is empty, use default zone. If
1016 timeout is non-zero, the operation will be active only for the
1017 amount of seconds. To get a list of supported services, use
1018 org.fedoraproject.FirewallD1.Methods.listServices. For
1019 permanent settings see
1020 org.fedoraproject.FirewallD1.config.zone.Methods.addService.
1021
1022 Returns name of zone to which the service was added.
1023
1024 Possible errors: INVALID_ZONE, INVALID_SERVICE,
1025 ALREADY_ENABLED, INVALID_COMMAND
1026
1027 addSource(s: zone, s: source) → s
1028 Bind source with zone. From now on all traffic going from this
1029 source will respect the zone's settings. A source address or
1030 address range is either an IP address or a network IP address
1031 with a mask for IPv4 or IPv6. For IPv4, the mask can be a
1032 network mask or a plain number. For IPv6 the mask is a plain
1033 number. Use of host names is not supported. If zone is empty,
1034 use default zone. For permanent settings see
1035 org.fedoraproject.FirewallD1.config.zone.Methods.addSource.
1036
1037 Returns name of zone to which the source was bound.
1038
1039 Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED,
1040 INVALID_COMMAND
1041
1042 addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
1043 Add source port into zone. If zone is empty, use default zone.
1044 The port can either be a single port number or a port range
1045 portid-portid. The protocol can either be tcp or udp. If
1046 timeout is non-zero, the operation will be active only for the
1047 amount of seconds. For permanent settings see
1048 org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort.
1049
1050 Returns name of zone to which the port was added.
1051
1052 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1053 INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
1054
1055 changeZone(s: zone, s: interface) → s
1056 This function is deprecated, use
1057 org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
1058 instead.
1059
1060 changeZoneOfInterface(s: zone, s: interface) → s
1061 Change a zone an interface is bound to to zone. It's basically
1062 removeInterface(interface) followed by addInterface(zone,
1063 interface). If interface has not been bound to a zone before,
1064 it behaves like addInterface. If zone is empty, use default
1065 zone.
1066
1067 Returns name of zone to which the interface was bound.
1068
1069 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1070
1071 changeZoneOfSource(s: zone, s: source) → s
1072 Change a zone an source is bound to to zone. It's basically
1073 removeSource(source) followed by addSource(zone, source). If
1074 source has not been bound to a zone before, it behaves like
1075 addSource. If zone is empty, use default zone.
1076
1077 Returns name of zone to which the source was bound.
1078
1079 Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
1080
1081 getActiveZones() → a{sa{sas}}
1082 Return dictionary of currently active zones altogether with
1083 interfaces and sources used in these zones. Active zones are
1084 zones, that have a binding to an interface or source.
1085
1086 Return value is a dictionary where keys are zone names (s) and
1087 values are again dictionaries where keys are either
1088 'interfaces' or 'sources' and values are arrays of interface
1089 names (s) or sources (s).
1090
1091 getForwardPorts(s: zone) → aas
1092 Return array of IPv4 forward ports previously added into zone.
1093 If zone is empty, use default zone. For getting permanent
1094 settings see
1095 org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts.
1096
1097 Return value is array of 4-tuples, where each 4-tuple consists
1098 of (port, protocol, to-port, to-addr). to-addr might be empty
1099 in case of local forwarding.
1100
1101 Possible errors: INVALID_ZONE
1102
1103 getIcmpBlocks(s: zone) → as
1104 Return array of ICMP type (s) blocks previously added into
1105 zone. If zone is empty, use default zone. For getting permanent
1106 settings see
1107 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks.
1108
1109 Possible errors: INVALID_ZONE
1110
1111 getIcmpBlockInversion(s: zone) → b
1112 Return whether ICMP block inversion was previously added to
1113 zone. If zone is empty, use default zone. For getting permanent
1114 settings see
1115 org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion.
1116
1117 Possible errors: INVALID_ZONE
1118
1119 getInterfaces(s: zone) → as
1120 Return array of interfaces (s) previously bound with zone. If
1121 zone is empty, use default zone. For getting permanent settings
1122 see
1123 org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces.
1124
1125 Possible errors: INVALID_ZONE
1126
1127 getPorts(s: zone) → aas
1128 Return array of ports (2-tuple of port and protocol) previously
1129 enabled in zone. If zone is empty, use default zone. For
1130 getting permanent settings see
1131 org.fedoraproject.FirewallD1.config.zone.Methods.getPorts.
1132
1133 Possible errors: INVALID_ZONE
1134
1135 getProtocols(s: zone) → as
1136 Return array of protocols (s) previously enabled in zone. If
1137 zone is empty, use default zone. For getting permanent settings
1138 see
1139 org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols.
1140
1141 Possible errors: INVALID_ZONE
1142
1143 getRichRules(s: zone) → as
1144 Return array of rich language rules (s) previously added into
1145 zone. If zone is empty, use default zone. For getting permanent
1146 settings see
1147 org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules.
1148
1149 Possible errors: INVALID_ZONE
1150
1151 getServices(s: zone) → as
1152 Return array of services (s) previously enabled in zone. If
1153 zone is empty, use default zone. For getting permanent settings
1154 see
1155 org.fedoraproject.FirewallD1.config.zone.Methods.getServices.
1156
1157 Possible errors: INVALID_ZONE
1158
1159 getSourcePorts(s: zone) → aas
1160 Return array of source ports (2-tuple of port and protocol)
1161 previously enabled in zone. If zone is empty, use default zone.
1162 For getting permanent settings see
1163 org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts.
1164
1165 Possible errors: INVALID_ZONE
1166
1167 getSources(s: zone) → as
1168 Return array of sources (s) previously bound with zone. If zone
1169 is empty, use default zone. For getting permanent settings see
1170 org.fedoraproject.FirewallD1.config.zone.Methods.getSources.
1171
1172 Possible errors: INVALID_ZONE
1173
1174 getZoneOfInterface(s: interface) → s
1175 Return name (s) of zone the interface is bound to or empty
1176 string.
1177
1178 getZoneOfSource(s: source) → s
1179 Return name (s) of zone the source is bound to or empty string.
1180
1181 getZones() → as
1182 Return array of names (s) of predefined zones known to current
1183 runtime environment. For list of zones known to permanent
1184 environment see
1185 org.fedoraproject.FirewallD1.config.Methods.listZones. The
1186 lists (of zones known to runtime and permanent environment)
1187 will contain same zones in most cases, but might differ for
1188 example if org.fedoraproject.FirewallD1.config.Methods.addZone
1189 has been called recently, but firewalld has not been reloaded
1190 since then.
1191
1192 isImmutable(s: zone) → b
1193 Deprecated.
1194
1195 queryForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1196 toaddr) → b
1197 Return whether the IPv4 forward port (port, protocol, toport,
1198 toaddr) has been added into zone. If zone is empty, use default
1199 zone. For permanent operation see
1200 org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort.
1201
1202 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1203 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
1204
1205 queryIcmpBlock(s: zone, s: icmp) → b
1206 Return whether an ICMP block for icmp has been added into zone.
1207 If zone is empty, use default zone. For permanent operation see
1208 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock.
1209
1210 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1211
1212 queryIcmpBlockInversion(s: zone) → b
1213 Return whether ICMP block inversion has been added to zone. If
1214 zone is empty, use default zone. For permanent operation see
1215 org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion.
1216
1217 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
1218
1219 queryInterface(s: zone, s: interface) → b
1220 Query whether interface has been bound to zone. If zone is
1221 empty, use default zone. For permanent operation see
1222 org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface.
1223
1224 Possible errors: INVALID_ZONE, INVALID_INTERFACE
1225
1226 queryMasquerade(s: zone) → b
1227 Return whether masquerading has been enabled in zone If zone is
1228 empty, use default zone. For permanent operation see
1229 org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade.
1230
1231 Possible errors: INVALID_ZONE
1232
1233 queryPort(s: zone, s: port, s: protocol) → b
1234 Return whether port/protocol has been added in zone. If zone is
1235 empty, use default zone. For permanent operation see
1236 org.fedoraproject.FirewallD1.config.zone.Methods.queryPort.
1237
1238 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1239 INVALID_PROTOCOL
1240
1241 queryProtocol(s: zone, s: protocol) → b
1242 Return whether protocol has been added in zone. If zone is
1243 empty, use default zone. For permanent operation see
1244 org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol.
1245
1246 Possible errors: INVALID_ZONE, INVALID_PROTOCOL
1247
1248 queryRichRule(s: zone, s: rule) → b
1249 Return whether rich rule rule has been added in zone. If zone
1250 is empty, use default zone. For permanent operation see
1251 org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule.
1252
1253 Possible errors: INVALID_ZONE, INVALID_RULE
1254
1255 queryService(s: zone, s: service) → b
1256 Return whether service has been added for zone. If zone is
1257 empty, use default zone. For permanent operation see
1258 org.fedoraproject.FirewallD1.config.zone.Methods.queryService.
1259
1260 Possible errors: INVALID_ZONE, INVALID_SERVICE
1261
1262 querySource(s: zone, s: source) → b
1263 Query whether sourcehas been bound to zone. If zone is empty,
1264 use default zone. For permanent operation see
1265 org.fedoraproject.FirewallD1.config.zone.Methods.querySource.
1266
1267 Possible errors: INVALID_ZONE, INVALID_ADDR
1268
1269 querySourcePort(s: zone, s: port, s: protocol) → b
1270 Return whether port/protocol has been added in zone. If zone is
1271 empty, use default zone. For permanent operation see
1272 org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort.
1273
1274 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1275 INVALID_PROTOCOL
1276
1277 removeForwardPort(s: zone, s: port, s: protocol, s: toport, s:
1278 toaddr) → s
1279 Remove IPv4 forward port ((port, protocol, toport, toaddr))
1280 from zone. If zone is empty, use default zone. For permanent
1281 operation see
1282 org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort.
1283
1284 Returns name of zone from which the forward port was removed.
1285
1286 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1287 INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED,
1288 INVALID_COMMAND
1289
1290 removeIcmpBlock(s: zone, s: icmp) → s
1291 Remove ICMP block icmp from zone. If zone is empty, use default
1292 zone. For permanent operation see
1293 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock.
1294
1295 Returns name of zone from which the ICMP block was removed.
1296
1297 Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED,
1298 INVALID_COMMAND
1299
1300 removeIcmpBlockInversion(s: zone) → s
1301 Remove ICMP block inversion from zone. If zone is empty, use
1302 default zone. For permanent operation see
1303 org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion.
1304
1305 Returns name of zone from which the ICMP block inversion was
1306 removed.
1307
1308 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1309
1310 removeInterface(s: zone, s: interface) → s
1311 Remove binding of interface from zone. If zone is empty, the
1312 interface will be removed from zone it belongs to. For
1313 permanent operation see
1314 org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface.
1315
1316 Returns name of zone from which the interface was removed.
1317
1318 Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED,
1319 INVALID_COMMAND
1320
1321 removeMasquerade(s: zone) → s
1322 Disable masquerade for zone. If zone is empty, use default
1323 zone. For permanent operation see
1324 org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade.
1325
1326 Returns name of zone for which the masquerade was disabled.
1327
1328 Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
1329
1330 removePort(s: zone, s: port, s: protocol) → s
1331 Remove port/protocol from zone. If zone is empty, use default
1332 zone. For permanent operation see
1333 org.fedoraproject.FirewallD1.config.zone.Methods.removePort.
1334
1335 Returns name of zone from which the port was removed.
1336
1337 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1338 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1339
1340 removeProtocol(s: zone, s: protocol) → s
1341 Remove protocol from zone. If zone is empty, use default zone.
1342 For permanent operation see
1343 org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol.
1344
1345 Returns name of zone from which the protocol was removed.
1346
1347 Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED,
1348 INVALID_COMMAND
1349
1350 removeRichRule(s: zone, s: rule) → s
1351 Remove rich language rule from zone. If zone is empty, use
1352 default zone. For permanent operation see
1353 org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule.
1354
1355 Returns name of zone from which the rich language rule was
1356 removed.
1357
1358 Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED,
1359 INVALID_COMMAND
1360
1361 removeService(s: zone, s: service) → s
1362 Remove service from zone. If zone is empty, use default zone.
1363 For permanent operation see
1364 org.fedoraproject.FirewallD1.config.zone.Methods.removeService.
1365
1366 Returns name of zone from which the service was removed.
1367
1368 Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED,
1369 INVALID_COMMAND
1370
1371 removeSource(s: zone, s: source) → s
1372 Remove binding of source from zone. If zone is empty, the
1373 source will be removed from zone it belongs to. For permanent
1374 operation see
1375 org.fedoraproject.FirewallD1.config.zone.Methods.removeSource.
1376
1377 Returns name of zone from which the source was removed.
1378
1379 Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED,
1380 INVALID_COMMAND
1381
1382 removeSourcePort(s: zone, s: port, s: protocol) → s
1383 Remove port/protocol from zone. If zone is empty, use default
1384 zone. For permanent operation see
1385 org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort.
1386
1387 Returns name of zone from which the source port was removed.
1388
1389 Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL,
1390 INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
1391
1392 Signals
1393 ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s:
1394 toaddr, i: timeout)
1395 Emitted when forward port has been added to zone with timeout.
1396
1397 ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s:
1398 toaddr)
1399 Emitted when forward port has been removed from zone.
1400
1401 IcmpBlockAdded(s: zone, s: icmp, i: timeout)
1402 Emitted when ICMP block for icmp has been added to zone with
1403 timeout.
1404
1405 IcmpBlockInversionAdded(s: zone)
1406 Emitted when ICMP block inversion has been added to zone.
1407
1408 IcmpBlockInversionRemoved(s: zone)
1409 Emitted when ICMP block inversion has been removed from zone.
1410
1411 IcmpBlockRemoved(s: zone, s: icmp)
1412 Emitted when ICMP block for icmp has been removed from zone.
1413
1414 InterfaceAdded(s: zone, s: interface)
1415 Emitted when interface has been added to zone.
1416
1417 InterfaceRemoved(s: zone, s: interface)
1418 Emitted when interface has been removed from zone.
1419
1420 MasqueradeAdded(s: zone, i: timeout)
1421 Emitted when masquerade has been enabled for zone.
1422
1423 MasqueradeRemoved(s: zone)
1424 Emitted when masquerade has been disabled for zone.
1425
1426 PortAdded(s: zone, s: port, s: protocol, i: timeout)
1427 Emitted when port/protocol has been added to zone with timeout.
1428
1429 PortRemoved(s: zone, s: port, s: protocol)
1430 Emitted when port/protocol has been removed from zone.
1431
1432 ProtocolAdded(s: zone, s: protocol, i: timeout)
1433 Emitted when protocol has been added to zone with timeout.
1434
1435 ProtocolRemoved(s: zone, s: protocol)
1436 Emitted when protocol has been removed from zone.
1437
1438 RichRuleAdded(s: zone, s: rule, i: timeout)
1439 Emitted when rich language rule has been added to zone with
1440 timeout.
1441
1442 RichRuleRemoved(s: zone, s: rule)
1443 Emitted when rich language rule has been removed from zone.
1444
1445 ServiceAdded(s: zone, s: service, i: timeout)
1446 Emitted when service has been added to zone with timeout.
1447
1448 ServiceRemoved(s: zone, s: service)
1449 Emitted when service has been removed from zone.
1450
1451 SourceAdded(s: zone, s: source)
1452 Emitted when source has been added to zone.
1453
1454 SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
1455 Emitted when source-port/protocol has been added to zone with
1456 timeout.
1457
1458 SourcePortRemoved(s: zone, s: port, s: protocol)
1459 Emitted when source-port/protocol has been removed from zone.
1460
1461 SourceRemoved(s: zone, s: source)
1462 Emitted when source has been removed from zone.
1463
1464 ZoneChanged(s: zone, s: interface)
1465 Deprecated
1466
1467 ZoneOfInterfaceChanged(s: zone, s: interface)
1468 Emitted when a zone an interface is part of has been changed to
1469 zone.
1470
1471 ZoneOfSourceChanged(s: zone, s: source)
1472 Emitted when a zone an source is part of has been changed to
1473 zone.
1474
1475 ZoneUpdated2(s: zone, a{sv}: settings)
1476 Emitted when a zone's settings are updated via
1477 org.fedoraproject.FirewallD1.zone.Methods.setZoneSettings2
1478
1479 org.fedoraproject.FirewallD1.policy
1480 Operations in this interface allows one to get, add, remove and query
1481 runtime policy settings. For permanent settings see
1482 org.fedoraproject.FirewallD1.config.policy interface.
1483
1484 Methods
1485 getActivePolicies() → a{sa{sas}}
1486 Return dictionary of currently active policies altogether with
1487 ingress zones and egress zones used in these policies. Active
1488 policies are policies, that have a binding to an active ingress
1489 zone and an active egress zone.
1490
1491 Return value is a dictionary where keys are policy names (s)
1492 and values are again dictionaries where keys are either
1493 'ingress_zones' or 'egress_zones' and values are arrays of zone
1494 names (s).
1495
1496 getPolicies() → as
1497 Return array of names (s) of predefined policies known to
1498 current runtime environment. For list of policies known to
1499 permanent environment see
1500 org.fedoraproject.FirewallD1.config.Methods.listPolicies. The
1501 lists (of policies known to runtime and permanent environment)
1502 will contain same policies in most cases, but might differ for
1503 example if
1504 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1505 called recently, but firewalld has not been reloaded since
1506 then.
1507
1508 getPolicySettings(s: policy) → a{sv}
1509 Return runtime settings of given policy. For getting permanent
1510 settings see
1511 org.fedoraproject.FirewallD1.config.policy.Methods.getSettings.
1512 Settings are a dictionary indexed by keywords. For possible
1513 keywords see
1514 org.fedoraproject.FirewallD1.config.Methods.addPolicy. If the
1515 value is empty it may be omitted.
1516
1517 Possible errors: INVALID_POLICY
1518
1519 setPolicySettings(s: policy, a{sv}: settings, i: timeout)
1520 Set runtime settings of given policy. For setting permanent
1521 settings see
1522 org.fedoraproject.FirewallD1.config.policy.Methods.update.
1523 Settings are a dictionary indexed by keywords. For possible
1524 keywords see
1525 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
1526 a value pass an empty string or list. Some keywords are not
1527 available to modify in the runtime: description, name,
1528 priority, target, version.
1529
1530 Possible errors: INVALID_POLICY
1531
1532 Signals
1533 ForwardPortAdded(s: policy, a{sv}: settings)
1534 Emitted when a policy's settings are updated via
1535 org.fedoraproject.FirewallD1.policy.Methods.setPolicySettings
1536
1537 org.fedoraproject.FirewallD1.config
1538 Allows one to permanently add, remove and query zones, services and
1539 icmp types.
1540
1541 Methods
1542 addIPSet(s: ipset, (ssssa{ss}as): settings) → o
1543 Add ipset with given settings into permanent configuration.
1544 Settings are in format: version, name, description, type,
1545 dictionary of options and array of entries.
1546
1547 version (s): see version attribute of ipset tag in
1548 firewalld.ipset(5).
1549
1550 name (s): see short tag in firewalld.ipset(5).
1551
1552 description (s): see description tag in firewalld.ipset(5).
1553
1554 type (s): see type attribute of ipset tag in
1555 firewalld.ipset(5).
1556
1557 options (a{ss}): dictionary of {option : value} . See options
1558 tag in firewalld.ipset(5).
1559
1560 entries (as): array of entries, see entry tag in
1561 firewalld.ipset(5).
1562
1563 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1564
1565 addIcmpType(s: icmptype, (sssas): settings) → o
1566 Add icmptype with given settings into permanent configuration.
1567 Settings are in format: version, name, description, array of
1568 destinations. Returns object path of the new icmp type.
1569
1570 version (s): see version attribute of icmptype tag in
1571 firewalld.icmptype(5).
1572
1573 name (s): see short tag in firewalld.icmptype(5).
1574
1575 description (s): see description tag in firewalld.icmptype(5).
1576
1577 destinations (as): array, either empty or containing strings
1578 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
1579
1580 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1581
1582 addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
1583 This function is deprecated, use
1584 org.fedoraproject.FirewallD1.config.Methods.addService2
1585 instead.
1586
1587 addService2s: service, a{sv}: settings) → o
1588 Add service with given settings into permanent configuration.
1589 Settings are a dictionary indexed by keywords. For the type of
1590 each value see below. To zero a value pass an empty string or
1591 list.
1592
1593 version (s): see version attribute of service tag in
1594 firewalld.service(5).
1595
1596 name (s): see short tag in firewalld.service(5).
1597
1598 description (s): see description tag in firewalld.service(5).
1599
1600 ports (a(ss)): array of port and protocol pairs. See port tag
1601 in firewalld.service(5).
1602
1603 module names (as): array of kernel netfilter helpers, see
1604 module tag in firewalld.service(5).
1605
1606 destinations (a{ss}): dictionary of {IP family : IP address}
1607 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
1608 destination tag in firewalld.service(5).
1609
1610 protocols (as): array of protocols, see protocol tag in
1611 firewalld.service(5).
1612
1613 source_ports (a(ss)): array of port and protocol pairs. See
1614 source-port tag in firewalld.service(5).
1615
1616 includes (as): array of service includes, see include tag in
1617 firewalld.service(5).
1618
1619 helpers (as): array of service helpers, see helper tag in
1620 firewalld.service(5).
1621
1622 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1623
1624 addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings)
1625 → o
1626 This function is deprecated, use
1627 org.fedoraproject.FirewallD1.config.Methods.addZone2 instead.
1628
1629 addZone2(s: zone, a{sv}: settings) → o
1630 Add zone with given settings into permanent configuration.
1631 Settings are a dictionary indexed by keywords. For the type of
1632 each value see below. To zero a value pass an empty string or
1633 list.
1634
1635 version (s): see version attribute of zone tag in
1636 firewalld.zone(5).
1637
1638 name (s): see short tag in firewalld.zone(5).
1639
1640 description (s): see description tag in firewalld.zone(5).
1641
1642 target (s): see target attribute of zone tag in
1643 firewalld.zone(5).
1644
1645 services (as): array of service names, see service tag in
1646 firewalld.zone(5).
1647
1648 ports (a(ss)): array of port and protocol pairs. See port tag
1649 in firewalld.zone(5).
1650
1651 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1652 firewalld.zone(5).
1653
1654 masquerade (b): see masquerade tag in firewalld.zone(5).
1655
1656 forward_ports (a(ssss)): array of (port, protocol, to-port,
1657 to-addr). See forward-port tag in firewalld.zone(5).
1658
1659 interfaces (as): array of interfaces. See interface tag in
1660 firewalld.zone(5).
1661
1662 sources (as): array of source addresses. See source tag in
1663 firewalld.zone(5).
1664
1665 rules_str (as): array of rich-language rules. See rule tag in
1666 firewalld.zone(5).
1667
1668 protocols (as): array of protocols, see protocol tag in
1669 firewalld.zone(5).
1670
1671 source_ports (a(ss)): array of port and protocol pairs. See
1672 source-port tag in firewalld.zone(5).
1673
1674 icmp_block_inversion (b): see icmp-block-inversion tag in
1675 firewalld.zone(5).
1676
1677 forward (b): see forward tag in firewalld.zone(5).
1678
1679 ingress_priority (i): see ingress-priority tag in
1680 firewalld.zone(5).
1681
1682 egress_priority (i): see egress-priority tag in
1683 firewalld.zone(5).
1684
1685 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1686
1687 addPolicy(s: policy, a{sv}: settings) → o
1688 Add policy with given settings into permanent configuration.
1689 Settings are a dictionary indexed by keywords. For the type of
1690 each value see below. If a keyword is omitted the default value
1691 will be used.
1692
1693 description (s): see description tag in firewalld.policy(5).
1694
1695 egress_zones as: array of zone names. See egress-zone tag in
1696 firewalld.policy(5).
1697
1698 forward_ports (a(ssss)): array of (port, protocol, to-port,
1699 to-addr). See forward-port tag in firewalld.policy(5).
1700
1701 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
1702 firewalld.policy(5).
1703
1704 ingress_zones as: array of zone names. See ingress-zone tag in
1705 firewalld.policy(5).
1706
1707 masquerade (b): see masquerade tag in firewalld.policy(5).
1708
1709 ports (a(ss)): array of port and protocol pairs. See port tag
1710 in firewalld.policy(5).
1711
1712 priority (i): see priority tag in firewalld.policy(5).
1713
1714 protocols (as): array of protocols, see protocol tag in
1715 firewalld.policy(5).
1716
1717 rich_rules (as): array of rich-language rules. See rule tag in
1718 firewalld.policy(5).
1719
1720 services (as): array of service names, see service tag in
1721 firewalld.policy(5).
1722
1723 short (s): see short tag in firewalld.policy(5).
1724
1725 source_ports (a(ss)): array of port and protocol pairs. See
1726 source-port tag in firewalld.policy(5).
1727
1728 target (s): see target attribute of policy tag in
1729 firewalld.policy(5).
1730
1731 version (s): see version attribute of policy tag in
1732 firewalld.policy(5).
1733
1734 Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
1735
1736 getHelperByName(s: helper) → o
1737 Return object path (permanent configuration) of helper with
1738 given name.
1739
1740 Possible errors: INVALID_HELPER
1741
1742 getHelperNames() → as
1743 Return list of helper names (permanent configuration).
1744
1745 getIPSetByName(s: ipset) → o
1746 Return object path (permanent configuration) of ipset with
1747 given name.
1748
1749 Possible errors: INVALID_IPSET
1750
1751 getIPSetNames() → as
1752 Return list of ipset names (permanent configuration).
1753
1754 getIcmpTypeByName(s: icmptype) → o
1755 Return object path (permanent configuration) of icmptype with
1756 given name.
1757
1758 Possible errors: INVALID_ICMPTYPE
1759
1760 getIcmpTypeNames() → as
1761 Return list of icmptype names (permanent configuration).
1762
1763 getServiceByName(s: service) → o
1764 Return object path (permanent configuration) of service with
1765 given name.
1766
1767 Possible errors: INVALID_SERVICE
1768
1769 getServiceNames() → as
1770 Return list of service names (permanent configuration).
1771
1772 getZoneByName(s: zone) → o
1773 Return object path (permanent configuration) of zone with given
1774 name.
1775
1776 Possible errors: INVALID_ZONE
1777
1778 getZoneNames() → as
1779 Return list of zone names (permanent configuration) of.
1780
1781 getZoneOfInterface(s: iface) → s
1782 Return name of zone the iface is bound to or empty string.
1783
1784 getZoneOfSource(s: source) → s
1785 Return name of zone the source is bound to or empty string.
1786
1787 getPolicyByName(s: policy) → o
1788 Return object path (permanent configuration) of policy with
1789 given name.
1790
1791 Possible errors: INVALID_POLICY
1792
1793 getPolicyNames() → as
1794 Return list of policy names (permanent configuration).
1795
1796 listHelpers() → ao
1797 Return array of object paths (o) of helper in permanent
1798 configuration. For runtime configuration see
1799 org.fedoraproject.FirewallD1.Methods.getHelpers.
1800
1801 listIPSets() → ao
1802 Return array of object paths (o) of ipset in permanent
1803 configuration. For runtime configuration see
1804 org.fedoraproject.FirewallD1.ipset.Methods.getIPSets.
1805
1806 listIcmpTypes() → ao
1807 Return array of object paths (o) of icmp types in permanent
1808 configuration. For runtime configuration see
1809 org.fedoraproject.FirewallD1.Methods.listIcmpTypes.
1810
1811 listServices() → ao
1812 Return array of objects paths (o) of services in permanent
1813 configuration. For runtime configuration see
1814 org.fedoraproject.FirewallD1.Methods.listServices.
1815
1816 listZones() → ao
1817 List object paths of zones known to permanent environment. For
1818 list of zones known to runtime environment see
1819 org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists
1820 (of zones known to runtime and permanent environment) will
1821 contain same zones in most cases, but might differ for example
1822 if org.fedoraproject.FirewallD1.config.Methods.addZone has been
1823 called recently, but firewalld has not been reloaded since
1824 then.
1825
1826 listPolicies() → ao
1827 List object paths of policies known to permanent environment.
1828 For list of policies known to runtime environment see
1829 org.fedoraproject.FirewallD1.policy.Methods.getPolicies. The
1830 lists (of policies known to runtime and permanent environment)
1831 will contain same policies in most cases, but might differ for
1832 example if
1833 org.fedoraproject.FirewallD1.config.Methods.addPolicy has been
1834 called recently, but firewalld has not been reloaded since
1835 then.
1836
1837 Signals
1838 HelperAdded(s: helper)
1839 Emitted when helper has been added.
1840
1841 IPSetAdded(s: ipset)
1842 Emitted when ipset has been added.
1843
1844 IcmpTypeAdded(s: icmptype)
1845 Emitted when icmptype has been added.
1846
1847 ServiceAdded(s: service)
1848 Emitted when service has been added.
1849
1850 ZoneAdded(s: zone)
1851 Emitted when zone has been added.
1852
1853 Properties
1854 AllowZoneDrifting - s - (rw)
1855 Deprecated. Getting this value always returns "no". Setting
1856 this value is ignored.
1857
1858 AutomaticHelpers - s - (rw)
1859 Deprecated. Getting this value always returns "no". Setting
1860 this value is ignored.
1861
1862 CleanupModulesOnExit - s - (rw)
1863 Setting this option to yes or true unloads all firewall-related
1864 kernel modules when firewalld is stopped.
1865
1866 CleanupOnExit - s - (rw)
1867 If firewalld stops, it cleans up all firewall rules. Setting
1868 this option to no or false leaves the current firewall rules
1869 untouched.
1870
1871 DefaultZone - s - (ro)
1872 Default zone for connections or interfaces if the zone is not
1873 selected or specified by NetworkManager, initscripts or command
1874 line tool.
1875
1876 FirewallBackend - s - (rw)
1877 Selects the firewalld backend for all rules except the direct
1878 interface. Valid options are; nftables, iptables. Default in
1879 nftables.
1880
1881 Note: The iptables backend is deprecated. It will be removed in
1882 a future release.
1883
1884 FlushAllOnReload - s - (rw)
1885 Flush all runtime rules on a reload. Valid options are; yes,
1886 no.
1887
1888 IPv6_rpfilter - s - (rw)
1889 Indicates whether the reverse path filter test on a packet for
1890 IPv6 is enabled. If a reply to the packet would be sent via the
1891 same interface that the packet arrived on, the packet will
1892 match and be accepted, otherwise dropped.
1893
1894 IndividualCalls - s - (ro)
1895 Indicates whether individual calls combined -restore calls are
1896 used. If enabled, this increases the time that is needed to
1897 apply changes and to start the daemon, but is good for
1898 debugging.
1899
1900 Lockdown - s - (rw)
1901 If this property is enabled, firewall changes with the D-Bus
1902 interface will be limited to applications that are listed in
1903 the lockdown whitelist.
1904
1905 LogDenied - s - (rw)
1906 If LogDenied is enabled, then logging rules are added right
1907 before reject and drop rules in the INPUT, FORWARD and OUTPUT
1908 chains for the default rules and also final reject and drop
1909 rules in zones. Possible values are: all, unicast, broadcast,
1910 multicast and off.
1911
1912 MinimalMark - i - (rw)
1913 Deprecated. This option is ignored and no longer used. Marks
1914 are no longer used internally.
1915
1916 RFC3964_IPv4 - s - (rw)
1917 As per RFC 3964, filter IPv6 traffic with 6to4 destination
1918 addresses that correspond to IPv4 addresses that should not be
1919 routed over the public internet. Valid options are; yes, no.
1920
1921 NftablesFlowtable - s - (rw)
1922 This may improve forwarded traffic throughput by enabling
1923 nftables flowtable. It is a software fastpath and avoids
1924 calling nftables rule evaluation for data packets. Its value is
1925 a space separate list of interfaces.
1926
1927 NftablesCounters - s - (rw)
1928 If set to yes, add a counter to every nftables rule. This is
1929 useful for debugging and comes with a small performance cost.
1930
1931 org.fedoraproject.FirewallD1.config.direct
1932 DEPRECATED
1933 The direct interface has been deprecated. It will be removed in a
1934 future release. It is superseded by policies, see
1935 firewalld.policies(5).
1936
1937 Interface for permanent direct configuration, see also
1938 firewalld.direct(5). For runtime direct configuration see
1939 org.fedoraproject.FirewallD1.direct interface.
1940
1941 Methods
1942 addChain(s: ipv, s: table, s: chain) → Nothing
1943 Add a new chain to table for ipv being either ipv4 (iptables)
1944 or ipv6 (ip6tables) or eb (ebtables). Make sure there's no
1945 other chain with this name already. There already exist basic
1946 chains to use with direct methods, for example INPUT_direct
1947 chain. These chains are jumped into before chains for zones,
1948 i.e. every rule put into INPUT_direct will be checked before
1949 rules in zones. For runtime operation see
1950 org.fedoraproject.FirewallD1.direct.Methods.addChain.
1951
1952 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1953
1954 addPassthrough(s: ipv, as: args) → Nothing
1955 Add a passthrough rule with the arguments args for ipv being
1956 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
1957 For runtime operation see
1958 org.fedoraproject.FirewallD1.direct.Methods.addPassthrough.
1959
1960 Possible errors: INVALID_IPV, ALREADY_ENABLED
1961
1962 addRule(s: ipv, s: table, s: chain, i: priority, as: args) →
1963 Nothing
1964 Add a rule with the arguments args to chain in table with
1965 priority for ipv being either ipv4 (iptables) or ipv6
1966 (ip6tables) or eb (ebtables). The priority is used to order
1967 rules. Priority 0 means add rule on top of the chain, with a
1968 higher priority the rule will be added further down. Rules with
1969 the same priority are on the same level and the order of these
1970 rules is not fixed and may change. If you want to make sure
1971 that a rule will be added after another one, use a low priority
1972 for the first and a higher for the following. For runtime
1973 operation see
1974 org.fedoraproject.FirewallD1.direct.Methods.addRule.
1975
1976 Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
1977
1978 getAllChains() → a(sss)
1979 Get all chains added to all tables in format: ipv, table,
1980 chain. This concerns only chains previously added with
1981 addChain. Return value is a array of (ipv, table, chain). For
1982 runtime operation see
1983 org.fedoraproject.FirewallD1.direct.Methods.getAllChains.
1984
1985 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
1986 (ebtables).
1987
1988 table (s): one of filter, mangle, nat, raw, security
1989
1990 chain (s): name of a chain.
1991
1992
1993 getAllPassthroughs() → a(sas)
1994 Get all passthrough rules added in all ipv types in format:
1995 ipv, rule. This concerns only rules previously added with
1996 addPassthrough. Return value is a array of (ipv, array of
1997 arguments). For runtime operation see
1998 org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs.
1999
2000 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
2001 (ebtables).
2002
2003 arguments (as): array of commands, parameters and other
2004 iptables/ip6tables/ebtables command line options.
2005
2006
2007 getAllRules() → a(sssias)
2008 Get all rules added to all chains in all tables in format: ipv,
2009 table, chain, priority, rule. This concerns only rules
2010 previously added with addRule. Return value is a array of (ipv,
2011 table, chain, priority, array of arguments). For runtime
2012 operation see
2013 org.fedoraproject.FirewallD1.direct.Methods.getAllRules.
2014
2015 ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb
2016 (ebtables).
2017
2018 table (s): one of filter, mangle, nat, raw, security
2019
2020 chain (s): name of a chain.
2021
2022 priority (i): used to order rules.
2023
2024 arguments (as): array of commands, parameters and other
2025 iptables/ip6tables/ebtables command line options.
2026
2027
2028 getChains(s: ipv, s: table) → as
2029 Return an array of chains (s) added to table for ipv being
2030 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2031 This concerns only chains previously added with addChain. For
2032 runtime operation see
2033 org.fedoraproject.FirewallD1.direct.Methods.getChains.
2034
2035 Possible errors: INVALID_IPV, INVALID_TABLE
2036
2037 getPassthroughs(s: ipv) → aas
2038 Get tracked passthrough rules added in either ipv4 (iptables)
2039 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2040 previously added with addPassthrough. Return value is a array
2041 of (array of arguments). For runtime operation see
2042 org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs.
2043
2044 arguments (as): array of commands, parameters and other
2045 iptables/ip6tables/ebtables command line options.
2046
2047
2048 getRules(s: ipv, s: table, s: chain) → a(ias)
2049 Get all rules added to chain in table for ipv being either ipv4
2050 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2051 only rules previously added with addRule. Return value is a
2052 array of (priority, array of arguments). For runtime operation
2053 see org.fedoraproject.FirewallD1.direct.Methods.getRules.
2054
2055 priority (i): used to order rules.
2056
2057 arguments (as): array of commands, parameters and other
2058 iptables/ip6tables/ebtables command line options.
2059
2060 Possible errors: INVALID_IPV, INVALID_TABLE
2061
2062 getSettings() → (a(sss)a(sssias)a(sas))
2063 Get settings of permanent direct configuration in format: array
2064 of chains, array of rules, array of passthroughs.
2065
2066 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2067 firewalld.direct(5).
2068 .
2069 .PP rules (a(sssias)): array of (ipv, table,
2070 chain, priority, array of arguments), see 'rule' in
2071 firewalld.direct(5).
2072 .
2073 .PP passthroughs (a(sas)): array of (ipv,
2074 array of arguments), see passthrough in firewalld.direct(5).
2075 .
2076 .sp
2077
2078 queryChain(s: ipv, s: table, s: chain) → b
2079 Return whether a chain exists in table for ipv being either
2080 ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This
2081 concerns only chains previously added with addChain. For
2082 runtime operation see
2083 org.fedoraproject.FirewallD1.direct.Methods.queryChain.
2084
2085 Possible errors: INVALID_IPV, INVALID_TABLE
2086
2087 queryPassthrough(s: ipv, as: args) → b
2088 Return whether a tracked passthrough rule with the arguments
2089 args exists for ipv being either ipv4 (iptables) or ipv6
2090 (ip6tables) or eb (ebtables). This concerns only rules
2091 previously added with addPassthrough. For runtime operation see
2092 org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough.
2093
2094 Possible errors: INVALID_IPV
2095
2096 queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
2097 Return whether a rule with priority and the arguments args
2098 exists in chain in table for ipv being either ipv4 (iptables)
2099 or ipv6 (ip6tables) or eb (ebtables). This concerns only rules
2100 previously added with addRule. For runtime operation see
2101 org.fedoraproject.FirewallD1.direct.Methods.queryRule.
2102
2103 Possible errors: INVALID_IPV, INVALID_TABLE
2104
2105 removeChain(s: ipv, s: table, s: chain) → Nothing
2106 Remove a chain from table for ipv being either ipv4 (iptables)
2107 or ipv6 (ip6tables) or eb (ebtables). Only chains previously
2108 added with addChain can be removed this way. For runtime
2109 operation see
2110 org.fedoraproject.FirewallD1.direct.Methods.removeChain.
2111
2112 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2113
2114 removePassthrough(s: ipv, as: args) → Nothing
2115 Remove a passthrough rule with arguments args for ipv being
2116 either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
2117 Only rules previously added with addPassthrough can be removed
2118 this way. For runtime operation see
2119 org.fedoraproject.FirewallD1.direct.Methods.removePassthrough.
2120
2121 Possible errors: INVALID_IPV, NOT_ENABLED
2122
2123 removeRule(s: ipv, s: table, s: chain, i: priority, as: args) →
2124 Nothing
2125 Remove a rule with priority and arguments args from chain in
2126 table for ipv being either ipv4 (iptables) or ipv6 (ip6tables)
2127 or eb (ebtables). Only rules previously added with addRule can
2128 be removed this way. For runtime operation see
2129 org.fedoraproject.FirewallD1.direct.Methods.removeRule.
2130
2131 Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
2132
2133 removeRules(s: ipv, s: table, s: chain) → Nothing
2134 Remove all rules from chain in table for ipv being either ipv4
2135 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns
2136 only rules previously added with addRule. For runtime operation
2137 see org.fedoraproject.FirewallD1.direct.Methods.removeRules.
2138
2139 Possible errors: INVALID_IPV, INVALID_TABLE
2140
2141 update((a(sss)a(sssias)a(sas)): settings) → Nothing
2142 Update permanent direct configuration with given settings.
2143 Settings are in format: array of chains, array of rules, array
2144 of passthroughs.
2145
2146 chains (a(sss)): array of (ipv, table, chain), see 'chain' in
2147 firewalld.direct(5).
2148 .
2149 .PP rules (a(sssias)): array of (ipv, table,
2150 chain, priority, array of arguments), see 'rule' in
2151 firewalld.direct(5).
2152 .
2153 .PP passthroughs (a(sas)): array of (ipv,
2154 array of arguments), see passthrough in firewalld.direct(5).
2155 .
2156 .sp Possible errors: INVALID_TYPE
2157
2158 Signals
2159 Updated()
2160 Emitted when configuration has been updated.
2161
2162 org.fedoraproject.FirewallD1.config.policies
2163 Interface for permanent lockdown-whitelist configuration, see also
2164 firewalld.lockdown-whitelist(5). For runtime configuration see
2165 org.fedoraproject.FirewallD1.policies interface.
2166
2167 Methods
2168 addLockdownWhitelistCommand(s: command) → Nothing
2169 Add command to whitelist. See command option in
2170 firewalld.lockdown-whitelist(5). For runtime operation see
2171 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand.
2172
2173 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2174
2175 addLockdownWhitelistContext(s: context) → Nothing
2176 Add context to whitelist. See selinux option in
2177 firewalld.lockdown-whitelist(5). For runtime operation see
2178 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext.
2179
2180 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2181
2182 addLockdownWhitelistUid(i: uid) → Nothing
2183 Add user id uid to whitelist. See user option in
2184 firewalld.lockdown-whitelist(5). For runtime operation see
2185 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid.
2186
2187 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2188
2189 addLockdownWhitelistUser(s: user) → Nothing
2190 Add user name to whitelist. See user option in
2191 firewalld.lockdown-whitelist(5). For runtime operation see
2192 org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser.
2193
2194 Possible errors: ALREADY_ENABLED, INVALID_TYPE
2195
2196 getLockdownWhitelist() → (asasasai)
2197 Get settings of permanent lockdown-whitelist configuration in
2198 format: commands, selinux contexts, users, uids
2199
2200 commands (as): see command option in firewalld.lockdown-
2201 whitelist(5).
2202
2203 selinux contexts (as): see selinux option in
2204 firewalld.lockdown-whitelist(5).
2205
2206 users (as): see name attribute of user option in
2207 firewalld.lockdown-whitelist(5).
2208
2209 uids (ai): see id attribute of user option in
2210 firewalld.lockdown-whitelist(5).
2211
2212
2213 getLockdownWhitelistCommands() → as
2214 List all command lines (s) that are on whitelist. For runtime
2215 operation see
2216 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands.
2217
2218 getLockdownWhitelistContexts() → as
2219 List all contexts (s) that are on whitelist. For runtime
2220 operation see
2221 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts.
2222
2223 getLockdownWhitelistUids() → ai
2224 List all user ids (i) that are on whitelist. For runtime
2225 operation see
2226 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids.
2227
2228 getLockdownWhitelistUsers() → as
2229 List all users (s) that are on whitelist. For runtime operation
2230 see
2231 org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers.
2232
2233 queryLockdownWhitelistCommand(s: command) → b
2234 Query whether command is on whitelist. For runtime operation
2235 see
2236 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand.
2237
2238 queryLockdownWhitelistContext(s: context) → b
2239 Query whether context is on whitelist. For runtime operation
2240 see
2241 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext.
2242
2243 queryLockdownWhitelistUid(i: uid) → b
2244 Query whether user id uid is on whitelist. For runtime
2245 operation see
2246 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid.
2247
2248 queryLockdownWhitelistUser(s: user) → b
2249 Query whether user is on whitelist. For runtime operation see
2250 org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser.
2251
2252 removeLockdownWhitelistCommand(s: command) → Nothing
2253 Remove command from whitelist. For runtime operation see
2254 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand.
2255
2256 Possible errors: NOT_ENABLED
2257
2258 removeLockdownWhitelistContext(s: context) → Nothing
2259 Remove context from whitelist. For runtime operation see
2260 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext.
2261
2262 Possible errors: NOT_ENABLED
2263
2264 removeLockdownWhitelistUid(i: uid) → Nothing
2265 Remove user id uid from whitelist. For runtime operation see
2266 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid.
2267
2268 Possible errors: NOT_ENABLED
2269
2270 removeLockdownWhitelistUser(s: user) → Nothing
2271 Remove user from whitelist. For runtime operation see
2272 org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser.
2273
2274 Possible errors: NOT_ENABLED
2275
2276 setLockdownWhitelist((asasasai): settings) → Nothing
2277 Set permanent lockdown-whitelist configuration to settings.
2278 Settings are in format: commands, selinux contexts, users, uids
2279
2280 commands (as): see command option in firewalld.lockdown-
2281 whitelist(5).
2282
2283 selinux contexts (as): see selinux option in
2284 firewalld.lockdown-whitelist(5).
2285
2286 users (as): see name attribute of user option in
2287 firewalld.lockdown-whitelist(5).
2288
2289 uids (ai): see id attribute of user option in
2290 firewalld.lockdown-whitelist(5).
2291
2292 Possible errors: INVALID_TYPE
2293
2294 Signals
2295 LockdownWhitelistUpdated()
2296 Emitted when permanent lockdown-whitelist configuration has
2297 been updated.
2298
2299 org.fedoraproject.FirewallD1.config.ipset
2300 Interface for permanent ipset configuration, see also
2301 firewalld.ipset(5).
2302
2303 Methods
2304 addEntry(s: entry) → Nothing
2305 Permanently add entry to list of entries of ipset. See entry
2306 tag in firewalld.ipset(5). For runtime operation see
2307 org.fedoraproject.FirewallD1.ipset.Methods.addEntry.
2308
2309 Possible errors: ALREADY_ENABLED
2310
2311 addOption(s: key, s: value) → Nothing
2312 Permanently add (key, value) to the ipset. See option tag in
2313 firewalld.ipset(5).
2314
2315 Possible errors: ALREADY_ENABLED
2316
2317 getDescription() → s
2318 Get description of ipset. See description tag in
2319 firewalld.ipset(5).
2320
2321 getEntries() → as
2322 Get list of entries added to ipset. See entry tag in
2323 firewalld.ipset(5). For runtime operation see
2324 org.fedoraproject.FirewallD1.ipset.Methods.getEntries.
2325
2326 Possible errors: IPSET_WITH_TIMEOUT
2327
2328 getOptions() → a{ss}
2329 Get dictionary of options set for ipset. See option tag in
2330 firewalld.ipset(5).
2331
2332 getSettings() → (ssssa{ss}as)
2333 Return permanent settings of the ipset. For getting runtime
2334 settings see
2335 org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings.
2336 Settings are in format: version, name, description, type,
2337 dictionary of options and array of entries.
2338
2339 version (s): see version attribute of ipset tag in
2340 firewalld.ipset(5).
2341
2342 name (s): see short tag in firewalld.ipset(5).
2343
2344 description (s): see description tag in firewalld.ipset(5).
2345
2346 type (s): see type attribute of ipset tag in
2347 firewalld.ipset(5).
2348
2349 options (a{ss}): dictionary of {option : value} . See options
2350 tag in firewalld.ipset(5).
2351
2352 entries (as): array of entries, see entry tag in
2353 firewalld.ipset(5).
2354
2355
2356 getShort() → s
2357 Get name of ipset. See short tag in firewalld.ipset(5).
2358
2359 getType() → s
2360 Get type of ipset. See type attribute of ipset tag in
2361 firewalld.ipset(5).
2362
2363 getVersion() → s
2364 Get version of ipset. See version attribute of ipset tag in
2365 firewalld.ipset(5).
2366
2367 loadDefaults() → Nothing
2368 Load default settings for built-in ipset.
2369
2370 Possible errors: NO_DEFAULTS
2371
2372 queryEntry(s: entry) → b
2373 Return whether entry has been added to ipset. For runtime
2374 operation see
2375 org.fedoraproject.FirewallD1.ipset.Methods.queryEntry.
2376
2377 queryOption(s: key, s: value) → b
2378 Return whether (key, value) has been added to options of the
2379 ipset.
2380
2381 remove() → Nothing
2382 Remove not built-in ipset.
2383
2384 Possible errors: BUILTIN_IPSET
2385
2386 removeEntry(s: entry) → Nothing
2387 Permanently remove entry from ipset. See entry tag in
2388 firewalld.ipset(5). For runtime operation see
2389 org.fedoraproject.FirewallD1.ipset.Methods.removeEntry.
2390
2391 Possible errors: NOT_ENABLED
2392
2393 removeOption(s: key) → Nothing
2394 Permanently remove key from the ipset. See option tag in
2395 firewalld.ipset(5).
2396
2397 Possible errors: NOT_ENABLED
2398
2399 rename(s: name) → Nothing
2400 Rename not built-in ipset to name.
2401
2402 Possible errors: BUILTIN_IPSET
2403
2404 setDescription(s: description) → Nothing
2405 Permanently set description of ipset to description. See
2406 description tag in firewalld.ipset(5).
2407
2408 setEntries(as: entries) → Nothing
2409 Permanently set list of entries to entries. See entry tag in
2410 firewalld.ipset(5).
2411
2412 setOptions(a{ss}: options) → Nothing
2413 Permanently set dict of options to options. See option tag in
2414 firewalld.ipset(5).
2415
2416 setShort(s: short) → Nothing
2417 Permanently set name of ipset to short. See short tag in
2418 firewalld.ipset(5).
2419
2420 setType(s: ipset_type) → Nothing
2421 Permanently set type of ipset to ipset_type. See type attribute
2422 of ipset tag in firewalld.ipset(5).
2423
2424 setVersion(s: version) → Nothing
2425 Permanently set version of ipset to version. See version
2426 attribute of ipset tag in firewalld.ipset(5).
2427
2428 update((ssssa{ss}as): settings) → Nothing
2429 Update settings of ipset to settings. Settings are in format:
2430 version, name, description, type, dictionary of options and
2431 array of entries.
2432
2433 version (s): see version attribute of ipset tag in
2434 firewalld.ipset(5).
2435
2436 name (s): see short tag in firewalld.ipset(5).
2437
2438 description (s): see description tag in firewalld.ipset(5).
2439
2440 type (s): see type attribute of ipset tag in
2441 firewalld.ipset(5).
2442
2443 options (a{ss}): dictionary of {option : value} . See options
2444 tag in firewalld.ipset(5).
2445
2446 entries (as): array of entries, see entry tag in
2447 firewalld.ipset(5).
2448
2449 Possible errors: INVALID_TYPE
2450
2451 Signals
2452 Removed(s: name)
2453 Emitted when ipset with name has been removed.
2454
2455 Renamed(s: name)
2456 Emitted when ipset has been renamed to name.
2457
2458 Updated(s: name)
2459 Emitted when ipset with name has been updated.
2460
2461 Properties
2462 builtin - b - (ro)
2463 True if ipset is build-in, false else.
2464
2465 default - b - (ro)
2466 True if build-in ipset has default settings. False if it has
2467 been modified. Always False for not build-in ipsets.
2468
2469 filename - s - (ro)
2470 Name (including .xml extension) of file where the configuration
2471 is stored.
2472
2473 name - s - (ro)
2474 Name of ipset.
2475
2476 path - s - (ro)
2477 Path to directory where the ipset configuration is stored.
2478 Should be either /usr/lib/firewalld/ipsets or
2479 /etc/firewalld/ipsets.
2480
2481 org.fedoraproject.FirewallD1.config.zone
2482 Interface for permanent zone configuration, see also firewalld.zone(5).
2483
2484 Methods
2485 addForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2486 Nothing
2487 Permanently add (port, protocol, toport, toaddr) to list of
2488 forward ports of zone. See forward-port tag in
2489 firewalld.zone(5). For runtime operation see
2490 org.fedoraproject.FirewallD1.zone.Methods.addForwardPort.
2491
2492 Possible errors: ALREADY_ENABLED
2493
2494 addIcmpBlock(s: icmptype) → Nothing
2495 Permanently add icmptype to list of icmp types blocked in zone.
2496 See icmp-block tag in firewalld.zone(5). For runtime operation
2497 see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock.
2498
2499 Possible errors: ALREADY_ENABLED
2500
2501 addIcmpBlock(s: icmptype) → Nothing
2502 Permanently add icmp block inversion to zone. See
2503 icmp-block-inversion tag in firewalld.zone(5). For runtime
2504 operation see
2505 org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion.
2506
2507 Possible errors: ALREADY_ENABLED
2508
2509 addInterface(s: interface) → Nothing
2510 Permanently add interface to list of interfaces bound to zone.
2511 See interface tag in firewalld.zone(5). For runtime operation
2512 see org.fedoraproject.FirewallD1.zone.Methods.addInterface.
2513
2514 Possible errors: ALREADY_ENABLED
2515
2516 addMasquerade() → Nothing
2517 Permanently enable masquerading in zone. See masquerade tag in
2518 firewalld.zone(5). For runtime operation see
2519 org.fedoraproject.FirewallD1.zone.Methods.addMasquerade.
2520
2521 Possible errors: ALREADY_ENABLED
2522
2523 addPort(s: port, s: protocol) → Nothing
2524 Permanently add (port, protocol) to list of ports of zone. See
2525 port tag in firewalld.zone(5). For runtime operation see
2526 org.fedoraproject.FirewallD1.zone.Methods.addPort.
2527
2528 Possible errors: ALREADY_ENABLED
2529
2530 addProtocol(s: protocol) → Nothing
2531 Permanently add protocol into zone. The protocol can be any
2532 protocol supported by the system. Please have a look at
2533 /etc/protocols for supported protocols. For runtime operation
2534 see org.fedoraproject.FirewallD1.zone.Methods.addProtocol.
2535
2536 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
2537
2538 addRichRule(s: rule) → Nothing
2539 Permanently add rule to list of rich-language rules in zone.
2540 See rule tag in firewalld.zone(5). For runtime operation see
2541 org.fedoraproject.FirewallD1.zone.Methods.addRichRule.
2542
2543 Possible errors: ALREADY_ENABLED
2544
2545 addService(s: service) → Nothing
2546 Permanently add service to list of services used in zone. See
2547 service tag in firewalld.zone(5). For runtime operation see
2548 org.fedoraproject.FirewallD1.zone.Methods.addService.
2549
2550 Possible errors: ALREADY_ENABLED
2551
2552 addSource(s: source) → Nothing
2553 Permanently add source to list of source addresses bound to
2554 zone. See source tag in firewalld.zone(5). For runtime
2555 operation see
2556 org.fedoraproject.FirewallD1.zone.Methods.addSource.
2557
2558 Possible errors: ALREADY_ENABLED
2559
2560 addSourcePort(s: port, s: protocol) → Nothing
2561 Permanently add (port, protocol) to list of source ports of
2562 zone. See source-port tag in firewalld.zone(5). For runtime
2563 operation see
2564 org.fedoraproject.FirewallD1.zone.Methods.addSourcePort.
2565
2566 Possible errors: ALREADY_ENABLED
2567
2568 getDescription() → s
2569 Get description of zone. See description tag in
2570 firewalld.zone(5).
2571
2572 getForwardPorts() → a(ssss)
2573 Get list of (port, protocol, toport, toaddr) defined in zone.
2574 See forward-port tag in firewalld.zone(5). For runtime
2575 operation see
2576 org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts.
2577
2578 getIcmpBlockInversion() → b
2579 Get icmp block inversion flag of zone. See icmp-block-inversion
2580 tag in firewalld.zone(5).
2581
2582 getIcmpBlocks() → as
2583 Get list of icmp type names blocked in zone. See icmp-block tag
2584 in firewalld.zone(5). For runtime operation see
2585 org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks.
2586
2587 getInterfaces() → as
2588 Get list of interfaces bound to zone. See interface tag in
2589 firewalld.zone(5). For runtime operation see
2590 org.fedoraproject.FirewallD1.zone.Methods.getInterfaces.
2591
2592 getMasquerade() → b
2593 Return whether masquerade is enabled in zone. This is the same
2594 as queryMasquerade() method. See masquerade tag in
2595 firewalld.zone(5).
2596
2597 getPorts() → a(ss)
2598 Get list of (port, protocol) defined in zone. See port tag in
2599 firewalld.zone(5). For runtime operation see
2600 org.fedoraproject.FirewallD1.zone.Methods.getPorts.
2601
2602 getProtocols() → as
2603 Return array of protocols (s) previously enabled in zone. For
2604 getting runtime settings see
2605 org.fedoraproject.FirewallD1.zone.Methods.getProtocols.
2606
2607 getRichRules() → as
2608 Get list of rich-language rules in zone. See rule tag in
2609 firewalld.zone(5). For runtime operation see
2610 org.fedoraproject.FirewallD1.zone.Methods.getRichRules.
2611
2612 getServices() → as
2613 Get list of service names used in zone. See service tag in
2614 firewalld.zone(5). For runtime operation see
2615 org.fedoraproject.FirewallD1.zone.Methods.getServices.
2616
2617 getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
2618 This function is deprecated, use
2619 org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2
2620 instead.
2621
2622 getSettings2() → a{sv}
2623 Return permanent settings of given zone. For getting runtime
2624 settings see
2625 org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2.
2626 Settings are a dictionary indexed by keywords. For the type of
2627 each value see below. If the value is empty it may be omitted.
2628
2629 version (s): see version attribute of zone tag in
2630 firewalld.zone(5).
2631
2632 name (s): see short tag in firewalld.zone(5).
2633
2634 description (s): see description tag in firewalld.zone(5).
2635
2636 target (s): see target attribute of zone tag in
2637 firewalld.zone(5).
2638
2639 services (as): array of service names, see service tag in
2640 firewalld.zone(5).
2641
2642 ports (a(ss)): array of port and protocol pairs. See port tag
2643 in firewalld.zone(5).
2644
2645 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2646 firewalld.zone(5).
2647
2648 masquerade (b): see masquerade tag in firewalld.zone(5).
2649
2650 forward_ports (a(ssss)): array of (port, protocol, to-port,
2651 to-addr). See forward-port tag in firewalld.zone(5).
2652
2653 interfaces (as): array of interfaces. See interface tag in
2654 firewalld.zone(5).
2655
2656 sources (as): array of source addresses. See source tag in
2657 firewalld.zone(5).
2658
2659 rules_str (as): array of rich-language rules. See rule tag in
2660 firewalld.zone(5).
2661
2662 protocols (as): array of protocols, see protocol tag in
2663 firewalld.zone(5).
2664
2665 source_ports (a(ss)): array of port and protocol pairs. See
2666 source-port tag in firewalld.zone(5).
2667
2668 icmp_block_inversion (b): see icmp-block-inversion tag in
2669 firewalld.zone(5).
2670
2671 forward (b): see forward tag in firewalld.zone(5).
2672
2673 ingress_priority (i): see ingress-priority tag in
2674 firewalld.zone(5).
2675
2676 egress_priority (i): see egress-priority tag in
2677 firewalld.zone(5).
2678
2679
2680 getShort() → s
2681 Get name of zone. See short tag in firewalld.zone(5).
2682
2683 getSourcePorts() → a(ss)
2684 Get list of (port, protocol) defined in zone. See source-port
2685 tag in firewalld.zone(5). For runtime operation see
2686 org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts.
2687
2688 getSources() → as
2689 Get list of source addresses bound to zone. See source tag in
2690 firewalld.zone(5). For runtime operation see
2691 org.fedoraproject.FirewallD1.zone.Methods.getSources.
2692
2693 getTarget() → s
2694 Get target of zone. See target attribute of zone tag in
2695 firewalld.zone(5).
2696
2697 getVersion() → s
2698 Get version of zone. See version attribute of zone tag in
2699 firewalld.zone(5).
2700
2701 loadDefaults() → Nothing
2702 Load default settings for built-in zone.
2703
2704 Possible errors: NO_DEFAULTS
2705
2706 queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
2707 Return whether (port, protocol, toport, toaddr) is in list of
2708 forward ports of zone. See forward-port tag in
2709 firewalld.zone(5). For runtime operation see
2710 org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort.
2711
2712 queryIcmpBlock(s: icmptype) → b
2713 Return whether icmptype is in list of icmp types blocked in
2714 zone. See icmp-block tag in firewalld.zone(5). For runtime
2715 operation see
2716 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock.
2717
2718 queryIcmpBlockInversion() → b
2719 Return whether icmp block inversion is in enabled in zone. See
2720 icmp-block-inversion tag in firewalld.zone(5). For runtime
2721 operation see
2722 org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion.
2723
2724 queryInterface(s: interface) → b
2725 Return whether interface is in list of interfaces bound to
2726 zone. See interface tag in firewalld.zone(5). For runtime
2727 operation see
2728 org.fedoraproject.FirewallD1.zone.Methods.queryInterface.
2729
2730 queryMasquerade() → b
2731 Return whether masquerade is enabled in zone. This is the same
2732 as getMasquerade() method. See masquerade tag in
2733 firewalld.zone(5). For runtime operation see
2734 org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade.
2735
2736 queryPort(s: port, s: protocol) → b
2737 Return whether (port, protocol) is in list of ports of zone.
2738 See port tag in firewalld.zone(5). For runtime operation see
2739 org.fedoraproject.FirewallD1.zone.Methods.queryPort.
2740
2741 queryProtocol(s: protocol) → b
2742 Return whether protocol has been added in zone. For runtime
2743 operation see
2744 org.fedoraproject.FirewallD1.zone.Methods.queryProtocol.
2745
2746 Possible errors: INVALID_PROTOCOL
2747
2748 queryRichRule(s: rule) → b
2749 Return whether rule is in list of rich-language rules in zone.
2750 See rule tag in firewalld.zone(5). For runtime operation see
2751 org.fedoraproject.FirewallD1.zone.Methods.queryRichRule.
2752
2753 queryService(s: service) → b
2754 Return whether service is in list of services used in zone. See
2755 service tag in firewalld.zone(5). For runtime operation see
2756 org.fedoraproject.FirewallD1.zone.Methods.queryService.
2757
2758 querySource(s: source) → b
2759 Return whether source is in list of source addresses bound to
2760 zone. See source tag in firewalld.zone(5). For runtime
2761 operation see
2762 org.fedoraproject.FirewallD1.zone.Methods.querySource.
2763
2764 querySourcePort(s: port, s: protocol) → b
2765 Return whether (port, protocol) is in list of source ports of
2766 zone. See source-port tag in firewalld.zone(5). For runtime
2767 operation see
2768 org.fedoraproject.FirewallD1.zone.Methods.querySourcePort.
2769
2770 remove() → Nothing
2771 Remove not built-in zone.
2772
2773 Possible errors: BUILTIN_ZONE
2774
2775 removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) →
2776 Nothing
2777 Permanently remove (port, protocol, toport, toaddr) from list
2778 of forward ports of zone. See forward-port tag in
2779 firewalld.zone(5). For runtime operation see
2780 org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort.
2781
2782 Possible errors: NOT_ENABLED
2783
2784 removeIcmpBlock(s: icmptype) → Nothing
2785 Permanently remove icmptype from list of icmp types blocked in
2786 zone. See icmp-block tag in firewalld.zone(5). For runtime
2787 operation see
2788 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock.
2789
2790 Possible errors: NOT_ENABLED
2791
2792 removeIcmpBlockInversion() → Nothing
2793 Permanently remove icmp block inversion from the zone. See
2794 icmp-block-inversion tag in firewalld.zone(5). For runtime
2795 operation see
2796 org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion.
2797
2798 Possible errors: NOT_ENABLED
2799
2800 removeInterface(s: interface) → Nothing
2801 Permanently remove interface from list of interfaces bound to
2802 zone. See interface tag in firewalld.zone(5). For runtime
2803 operation see
2804 org.fedoraproject.FirewallD1.zone.Methods.removeInterface.
2805
2806 Possible errors: NOT_ENABLED
2807
2808 removeMasquerade() → Nothing
2809 Permanently disable masquerading in zone. See masquerade tag in
2810 firewalld.zone(5). For runtime operation see
2811 org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade.
2812
2813 Possible errors: NOT_ENABLED
2814
2815 removePort(s: port, s: protocol) → Nothing
2816 Permanently remove (port, protocol) from list of ports of zone.
2817 See port tag in firewalld.zone(5). For runtime operation see
2818 org.fedoraproject.FirewallD1.zone.Methods.removePort.
2819
2820 Possible errors: NOT_ENABLED
2821
2822 removeProtocol(s: protocol) → Nothing
2823 Permanently remove protocol from zone. For runtime operation
2824 see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol.
2825
2826 Possible errors: INVALID_PROTOCOL, NOT_ENABLED
2827
2828 removeRichRule(s: rule) → Nothing
2829 Permanently remove rule from list of rich-language rules in
2830 zone. See rule tag in firewalld.zone(5). For runtime operation
2831 see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule.
2832
2833 Possible errors: NOT_ENABLED
2834
2835 removeService(s: service) → Nothing
2836 Permanently remove service from list of services used in zone.
2837 See service tag in firewalld.zone(5). For runtime operation see
2838 org.fedoraproject.FirewallD1.zone.Methods.removeService.
2839
2840 Possible errors: NOT_ENABLED
2841
2842 removeSource(s: source) → Nothing
2843 Permanently remove source from list of source addresses bound
2844 to zone. See source tag in firewalld.zone(5). For runtime
2845 operation see
2846 org.fedoraproject.FirewallD1.zone.Methods.removeSource.
2847
2848 Possible errors: NOT_ENABLED
2849
2850 removeSourcePort(s: port, s: protocol) → Nothing
2851 Permanently remove (port, protocol) from list of source ports
2852 of zone. See source-port tag in firewalld.zone(5). For runtime
2853 operation see
2854 org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort.
2855
2856 Possible errors: NOT_ENABLED
2857
2858 rename(s: name) → Nothing
2859 Rename not built-in zone to name.
2860
2861 Possible errors: BUILTIN_ZONE
2862
2863 setDescription(s: description) → Nothing
2864 Permanently set description of zone to description. See
2865 description tag in firewalld.zone(5).
2866
2867 setForwardPorts(a(ssss): ports) → Nothing
2868 Permanently set forward ports of zone to list of (port,
2869 protocol, toport, toaddr). See forward-port tag in
2870 firewalld.zone(5).
2871
2872 setIcmpBlockInversion(b: flag) → Nothing
2873 Permanently set icmp block inversion flag of zone to flag. See
2874 icmp-block-inversion tag in firewalld.zone(5).
2875
2876 setIcmpBlocks(as: icmptypes) → Nothing
2877 Permanently set list of icmp types blocked in zone to
2878 icmptypes. See icmp-block tag in firewalld.zone(5).
2879
2880 setInterfaces(as: interfaces) → Nothing
2881 Permanently set list of interfaces bound to zone to interfaces.
2882 See interface tag in firewalld.zone(5).
2883
2884 setMasquerade(b: masquerade) → Nothing
2885 Permanently set masquerading in zone to masquerade. See
2886 masquerade tag in firewalld.zone(5).
2887
2888 setPorts(a(ss): ports) → Nothing
2889 Permanently set ports of zone to list of (port, protocol). See
2890 port tag in firewalld.zone(5).
2891
2892 setProtocols(as: protocols) → Nothing
2893 Permanently set list of protocols used in zone to protocols.
2894 See protocol tag in firewalld.zone(5).
2895
2896 setRichRules(as: rules) → Nothing
2897 Permanently set list of rich-language rules to rules. See rule
2898 tag in firewalld.zone(5).
2899
2900 setServices(as: services) → Nothing
2901 Permanently set list of services used in zone to services. See
2902 service tag in firewalld.zone(5).
2903
2904 setShort(s: short) → Nothing
2905 Permanently set name of zone to short. See short tag in
2906 firewalld.zone(5).
2907
2908 setSourcePorts(a(ss): ports) → Nothing
2909 Permanently set source-ports of zone to list of (port,
2910 protocol). See source-port tag in firewalld.zone(5).
2911
2912 setSources(as: sources) → Nothing
2913 Permanently set list of source addresses bound to zone to
2914 sources. See source tag in firewalld.zone(5).
2915
2916 setTarget(s: target) → Nothing
2917 Permanently set target of zone to target. See target attribute
2918 of zone tag in firewalld.zone(5).
2919
2920 setVersion(s: version) → Nothing
2921 Permanently set version of zone to version. See version
2922 attribute of zone tag in firewalld.zone(5).
2923
2924 update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing
2925 This function is deprecated, use
2926 org.fedoraproject.FirewallD1.config.zone.Methods.update2
2927 instead.
2928
2929 update2(a{sv}: settings) → Nothing
2930 Update settings of zone to settings. Settings are a dictionary
2931 indexed by keywords. For the type of each value see below. To
2932 zero a value pass an empty string or list.
2933
2934 version (s): see version attribute of zone tag in
2935 firewalld.zone(5).
2936
2937 name (s): see short tag in firewalld.zone(5).
2938
2939 description (s): see description tag in firewalld.zone(5).
2940
2941 target (s): see target attribute of zone tag in
2942 firewalld.zone(5).
2943
2944 services (as): array of service names, see service tag in
2945 firewalld.zone(5).
2946
2947 ports (a(ss)): array of port and protocol pairs. See port tag
2948 in firewalld.zone(5).
2949
2950 icmp_blocks (as): array of icmp-blocks. See icmp-block tag in
2951 firewalld.zone(5).
2952
2953 masquerade (b): see masquerade tag in firewalld.zone(5).
2954
2955 forward_ports (a(ssss)): array of (port, protocol, to-port,
2956 to-addr). See forward-port tag in firewalld.zone(5).
2957
2958 interfaces (as): array of interfaces. See interface tag in
2959 firewalld.zone(5).
2960
2961 sources (as): array of source addresses. See source tag in
2962 firewalld.zone(5).
2963
2964 rules_str (as): array of rich-language rules. See rule tag in
2965 firewalld.zone(5).
2966
2967 protocols (as): array of protocols, see protocol tag in
2968 firewalld.zone(5).
2969
2970 source_ports (a(ss)): array of port and protocol pairs. See
2971 source-port tag in firewalld.zone(5).
2972
2973 icmp_block_inversion (b): see icmp-block-inversion tag in
2974 firewalld.zone(5).
2975
2976 forward (b): see forward tag in firewalld.zone(5).
2977
2978 ingress_priority (i): see ingress-priority tag in
2979 firewalld.zone(5).
2980
2981 egress_priority (i): see egress-priority tag in
2982 firewalld.zone(5).
2983
2984 Possible errors: INVALID_TYPE
2985
2986 Signals
2987 Removed(s: name)
2988 Emitted when zone with name has been removed.
2989
2990 Renamed(s: name)
2991 Emitted when zone has been renamed to name.
2992
2993 Updated(s: name)
2994 Emitted when zone with name has been updated.
2995
2996 Properties
2997 builtin - b - (ro)
2998 True if zone is build-in, false else.
2999
3000 default - b - (ro)
3001 True if build-in zone has default settings. False if it has
3002 been modified. Always False for not build-in zones.
3003
3004 filename - s - (ro)
3005 Name (including .xml extension) of file where the configuration
3006 is stored.
3007
3008 name - s - (ro)
3009 Name of zone.
3010
3011 path - s - (ro)
3012 Path to directory where the zone configuration is stored.
3013 Should be either /usr/lib/firewalld/zones or
3014 /etc/firewalld/zones.
3015
3016 org.fedoraproject.FirewallD1.config.policy
3017 Interface for permanent policy configuration, see also
3018 firewalld.policy(5).
3019
3020 Methods
3021 getSettings() → a{sv}
3022 Return permanent settings of given policy. For getting runtime
3023 settings see
3024 org.fedoraproject.FirewallD1.policy.Methods.getPolicySettings.
3025 Settings are a dictionary indexed by keywords. For possible
3026 keywords see
3027 org.fedoraproject.FirewallD1.config.Methods.addPolicy.
3028
3029 loadDefaults() → Nothing
3030 Load default settings for built-in policy.
3031
3032 Possible errors: NO_DEFAULTS
3033
3034 remove() → Nothing
3035 Remove not built-in policy.
3036
3037 Possible errors: BUILTIN_POLICY
3038
3039 rename(s: name) → Nothing
3040 Rename not built-in policy to name.
3041
3042 Possible errors: BUILTIN_POLICY
3043
3044 update(a{sv}: settings) → Nothing
3045 Update settings of policy to settings. Settings are a
3046 dictionary indexed by keywords. For possible keywords see
3047 org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero
3048 a value pass an empty string or list.
3049
3050 Possible errors: INVALID_TYPE
3051
3052 Signals
3053 Removed(s: name)
3054 Emitted when policy with name has been removed.
3055
3056 Renamed(s: name)
3057 Emitted when policy has been renamed to name.
3058
3059 Updated(s: name)
3060 Emitted when policy with name has been updated.
3061
3062 Properties
3063 builtin - b - (ro)
3064 True if policy is build-in, false else.
3065
3066 default - b - (ro)
3067 True if build-in policy has default settings. False if it has
3068 been modified. Always False for not build-in policies.
3069
3070 filename - s - (ro)
3071 Name (including .xml extension) of file where the configuration
3072 is stored.
3073
3074 name - s - (ro)
3075 Name of policy.
3076
3077 path - s - (ro)
3078 Path to directory where the policy configuration is stored.
3079 Should be either /usr/lib/firewalld/policies or
3080 /etc/firewalld/policies.
3081
3082 org.fedoraproject.FirewallD1.config.service
3083 Interface for permanent service configuration, see also
3084 firewalld.service(5).
3085
3086 Methods
3087 addModule(s: module) → Nothing
3088 This method is deprecated. Please use "helpers" in the
3089 update2() method.
3090
3091 addPort(s: port, s: protocol) → Nothing
3092 Permanently add (port, protocol) to list of ports in service.
3093 See port tag in firewalld.service(5).
3094
3095 Possible errors: ALREADY_ENABLED
3096
3097 addProtocol(s: protocol) → Nothing
3098 Permanently add protocol into zone. The protocol can be any
3099 protocol supported by the system. Please have a look at
3100 /etc/protocols for supported protocols. See protocol tag in
3101 firewalld.service(5).
3102
3103 Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
3104
3105 addSourcePort(s: port, s: protocol) → Nothing
3106 Permanently add (port, protocol) to list of source ports in
3107 service. See source-port tag in firewalld.service(5).
3108
3109 Possible errors: ALREADY_ENABLED
3110
3111 getDescription() → s
3112 Get description of service. See description tag in
3113 firewalld.service(5).
3114
3115 getDestination(s: family) → s
3116 Get destination for IP family being either 'ipv4' or 'ipv6'.
3117 See destination tag in firewalld.service(5).
3118
3119 Possible errors: ALREADY_ENABLED
3120
3121 getDestinations() → a{ss}
3122 Get list of destinations. Return value is a dictionary of {IP
3123 family : IP address} where 'IP family' key can be either 'ipv4'
3124 or 'ipv6'. See destination tag in firewalld.service(5).
3125
3126 getModules() → as
3127 This method is deprecated. Please use "helpers" in the
3128 getSettings2() method.
3129
3130 getPorts() → a(ss)
3131 Get list of (port, protocol) defined in service. See port tag
3132 in firewalld.service(5).
3133
3134 getProtocols() → as
3135 Return array of protocols (s) defined in service. See protocol
3136 tag in firewalld.service(5).
3137
3138 getSettings() → (sssa(ss)asa{ss}asa(ss))
3139 This function is deprecated, use
3140 org.fedoraproject.FirewallD1.config.service.Methods.getSettings2
3141 instead.
3142
3143 getSettings2(s: service) → s{sv}
3144 Return runtime settings of given service. For getting runtime
3145 settings see
3146 org.fedoraproject.FirewallD1.Methods.getServiceSettings2.
3147 Settings are a dictionary indexed by keywords. For the type of
3148 each value see below. If the value is empty it may be omitted.
3149
3150 version (s): see version attribute of service tag in
3151 firewalld.service(5).
3152
3153 name (s): see short tag in firewalld.service(5).
3154
3155 description (s): see description tag in firewalld.service(5).
3156
3157 ports (a(ss)): array of port and protocol pairs. See port tag
3158 in firewalld.service(5).
3159
3160 module names (as): array of kernel netfilter helpers, see
3161 module tag in firewalld.service(5).
3162
3163 destinations (a{ss}): dictionary of {IP family : IP address}
3164 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3165 destination tag in firewalld.service(5).
3166
3167 protocols (as): array of protocols, see protocol tag in
3168 firewalld.service(5).
3169
3170 source_ports (a(ss)): array of port and protocol pairs. See
3171 source-port tag in firewalld.service(5).
3172
3173 includes (as): array of service includes, see include tag in
3174 firewalld.service(5).
3175
3176 helpers (as): array of service helpers, see helper tag in
3177 firewalld.service(5).
3178
3179
3180 getShort() → s
3181 Get name of service. See short tag in firewalld.service(5).
3182
3183 getSourcePorts() → a(ss)
3184 Get list of (port, protocol) defined in service. See
3185 source-port tag in firewalld.service(5).
3186
3187 getVersion() → s
3188 Get version of service. See version attribute of service tag in
3189 firewalld.service(5).
3190
3191 loadDefaults() → Nothing
3192 Load default settings for built-in service.
3193
3194 Possible errors: NO_DEFAULTS
3195
3196 queryDestination(s: family, s: address) → b
3197 Return whether a destination is in dictionary of destinations
3198 of this service. destination is in format: (IP family, IP
3199 address) where IP family can be either 'ipv4' or 'ipv6'. See
3200 destination tag in firewalld.service(5).
3201
3202 queryModule(s: module) → b
3203 This method is deprecated. Please use "helpers" in the
3204 getSettings2() method.
3205
3206 queryPort(s: port, s: protocol) → b
3207 Return whether (port, protocol) is in list of ports in service.
3208 See port tag in firewalld.service(5).
3209
3210 queryProtocol(s: protocol) → b
3211 Return whether protocol is in list of protocols in service. See
3212 protocol tag in firewalld.service(5).
3213
3214 querySourcePort(s: port, s: protocol) → b
3215 Return whether (port, protocol) is in list of source ports in
3216 service. See source-port tag in firewalld.service(5).
3217
3218 remove() → Nothing
3219 Remove not built-in service.
3220
3221 Possible errors: BUILTIN_SERVICE
3222
3223 removeDestination(s: family) → Nothing
3224 Permanently remove a destination with family ('ipv4' or 'ipv6')
3225 from service. See destination tag in firewalld.service(5).
3226
3227 Possible errors: NOT_ENABLED
3228
3229 removeModule(s: module) → Nothing
3230 This method is deprecated. Please use "helpers" in the
3231 update2() method.
3232
3233 removePort(s: port, s: protocol) → Nothing
3234 Permanently remove (port, protocol) from list of ports in
3235 service. See port tag in firewalld.service(5).
3236
3237 Possible errors: NOT_ENABLED
3238
3239 removeProtocol(s: protocol) → Nothing
3240 Permanently remove protocol from list of protocols in service.
3241 See protocol tag in firewalld.service(5).
3242
3243 Possible errors: NOT_ENABLED
3244
3245 removeSourcePort(s: port, s: protocol) → Nothing
3246 Permanently remove (port, protocol) from list of source ports
3247 in service. See source-port tag in firewalld.service(5).
3248
3249 Possible errors: NOT_ENABLED
3250
3251 rename(s: name) → Nothing
3252 Rename not built-in service to name.
3253
3254 Possible errors: BUILTIN_SERVICE
3255
3256 setDescription(s: description) → Nothing
3257 Permanently set description of service to description. See
3258 description tag in firewalld.service(5).
3259
3260 setDestination(s: family, s: address) → Nothing
3261 Permanently set a destination address. destination is in
3262 format: (IP family, IP address) where IP family can be either
3263 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
3264
3265 Possible errors: ALREADY_ENABLED
3266
3267 setDestinations(a{ss}: destinations) → Nothing
3268 Permanently set destinations of service to destinations, which
3269 is a dictionary of {IP family : IP address} where 'IP family'
3270 key can be either 'ipv4' or 'ipv6'. See destination tag in
3271 firewalld.service(5).
3272
3273 setModules(as: modules) → Nothing
3274 This method is deprecated. Please use "helpers" in the
3275 update2() method.
3276
3277 setPorts(a(ss): ports) → Nothing
3278 Permanently set ports of service to list of (port, protocol).
3279 See port tag in firewalld.service(5).
3280
3281 setProtocols(as: protocols) → Nothing
3282 Permanently set protocols of service to list of protocols. See
3283 protocol tag in firewalld.service(5).
3284
3285 setShort(s: short) → Nothing
3286 Permanently set name of service to short. See short tag in
3287 firewalld.service(5).
3288
3289 setSourcePorts(a(ss): ports) → Nothing
3290 Permanently set source-ports of service to list of (port,
3291 protocol). See source-port tag in firewalld.service(5).
3292
3293 setVersion(s: version) → Nothing
3294 Permanently set version of service to version. See version
3295 attribute of service tag in firewalld.service(5).
3296
3297 update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
3298 This function is deprecated, use
3299 org.fedoraproject.FirewallD1.config.service.Methods.update2
3300 instead.
3301
3302 update2a{sv}: settings) → Nothing
3303 Update settings of service to settings. Settings are a
3304 dictionary indexed by keywords. For the type of each value see
3305 below. To zero a value pass an empty string or list.
3306
3307 version (s): see version attribute of service tag in
3308 firewalld.service(5).
3309
3310 name (s): see short tag in firewalld.service(5).
3311
3312 description (s): see description tag in firewalld.service(5).
3313
3314 ports (a(ss)): array of port and protocol pairs. See port tag
3315 in firewalld.service(5).
3316
3317 module names (as): array of kernel netfilter helpers, see
3318 module tag in firewalld.service(5).
3319
3320 destinations (a{ss}): dictionary of {IP family : IP address}
3321 where 'IP family' key can be either 'ipv4' or 'ipv6'. See
3322 destination tag in firewalld.service(5).
3323
3324 protocols (as): array of protocols, see protocol tag in
3325 firewalld.service(5).
3326
3327 source_ports (a(ss)): array of port and protocol pairs. See
3328 source-port tag in firewalld.service(5).
3329
3330 includes (as): array of service includes, see include tag in
3331 firewalld.service(5).
3332
3333 helpers (as): array of service helpers, see helper tag in
3334 firewalld.service(5).
3335
3336 Possible errors: INVALID_TYPE
3337
3338 Signals
3339 Removed(s: name)
3340 Emitted when service with name has been removed.
3341
3342 Renamed(s: name)
3343 Emitted when service has been renamed to name.
3344
3345 Updated(s: name)
3346 Emitted when service with name has been updated.
3347
3348 Properties
3349 builtin - b - (ro)
3350 True if service is build-in, false else.
3351
3352 default - b - (ro)
3353 True if build-in service has default settings. False if it has
3354 been modified. Always False for not build-in services.
3355
3356 filename - s - (ro)
3357 Name (including .xml extension) of file where the configuration
3358 is stored.
3359
3360 name - s - (ro)
3361 Name of service.
3362
3363 path - s - (ro)
3364 Path to directory where the configuration is stored. Should be
3365 either /usr/lib/firewalld/services or /etc/firewalld/services.
3366
3367 org.fedoraproject.FirewallD1.config.helper
3368 Interface for permanent helper configuration, see also
3369 firewalld.helper(5).
3370
3371 Methods
3372 addPort(s: port, s: protocol) → Nothing
3373 Permanently add (port, protocol) to list of ports in helper.
3374 See port tag in firewalld.helper(5).
3375
3376 Possible errors: ALREADY_ENABLED
3377
3378 getDescription() → s
3379 Get description of helper. See description tag in
3380 firewalld.helper(5).
3381
3382 getFamily() → s
3383 Get family being 'ipv4', 'ipv6' or empty for both. See family
3384 tag in firewalld.helper(5).
3385
3386 getModule() → s
3387 Get modules (netfilter kernel helpers) used in helper. See
3388 module tag in firewalld.helper(5).
3389
3390 getPorts() → a(ss)
3391 Get list of (port, protocol) defined in helper. See port tag in
3392 firewalld.helper(5).
3393
3394 getSettings() → (sssssa(ss))
3395 Return permanent settings of a helper. For getting runtime
3396 settings see
3397 org.fedoraproject.FirewallD1.Methods.getHelperSettings.
3398 Settings are in format: version, name, description, family,
3399 module, array of ports (port, protocol).
3400
3401 version (s): see version attribute of helper tag in
3402 firewalld.helper(5).
3403
3404 name (s): see short tag in firewalld.helper(5).
3405
3406 description (s): see description tag in firewalld.helper(5).
3407
3408 family (s): see family tag in firewalld.helper(5).
3409
3410 module (s): see module tag in firewalld.helper(5).
3411
3412 ports (a(ss)): array of port and protocol pairs. See port tag
3413 in firewalld.helper(5).
3414
3415
3416 getShort() → s
3417 Get name of helper. See short tag in firewalld.helper(5).
3418
3419 getVersion() → s
3420 Get version of helper. See version attribute of helper tag in
3421 firewalld.helper(5).
3422
3423 loadDefaults() → Nothing
3424 Load default settings for built-in helper.
3425
3426 Possible errors: NO_DEFAULTS
3427
3428 queryFamily(s: module) → b
3429 Return whether family is set for helper. See family tag in
3430 firewalld.helper(5).
3431
3432 queryModule(s: module) → b
3433 Return whether module (netfilter kernel helpers) is used in
3434 helper. See module tag in firewalld.helper(5).
3435
3436 queryPort(s: port, s: protocol) → b
3437 Return whether (port, protocol) is in list of ports in helper.
3438 See port tag in firewalld.helper(5).
3439
3440 remove() → Nothing
3441 Remove not built-in helper.
3442
3443 Possible errors: BUILTIN_HELPER
3444
3445 removePort(s: port, s: protocol) → Nothing
3446 Permanently remove (port, protocol) from list of ports in
3447 helper. See port tag in firewalld.helper(5).
3448
3449 Possible errors: NOT_ENABLED
3450
3451 rename(s: name) → Nothing
3452 Rename not built-in helper to name.
3453
3454 Possible errors: BUILTIN_HELPER
3455
3456 setDescription(s: description) → Nothing
3457 Permanently set description of helper to description. See
3458 description tag in firewalld.helper(5).
3459
3460 setFamily(s: family) → Nothing
3461 Permanently set family of helper to family. See family tag in
3462 firewalld.helper(5).
3463
3464 setModule(s: module) → Nothing
3465 Permanently set module of helper to description. See module tag
3466 in firewalld.helper(5).
3467
3468 setPorts(a(ss): ports) → Nothing
3469 Permanently set ports of helper to list of (port, protocol).
3470 See port tag in firewalld.helper(5).
3471
3472 setShort(s: short) → Nothing
3473 Permanently set name of helper to short. See short tag in
3474 firewalld.helper(5).
3475
3476 setVersion(s: version) → Nothing
3477 Permanently set version of helper to version. See version
3478 attribute of helper tag in firewalld.helper(5).
3479
3480 update((sssssa(ss)): settings) → Nothing
3481 Update settings of helper to settings. Settings are in format:
3482 version, name, description, family, module and array of ports.
3483
3484 version (s): see version attribute of helper tag in
3485 firewalld.helper(5).
3486
3487 name (s): see short tag in firewalld.helper(5).
3488
3489 description (s): see description tag in firewalld.helper(5).
3490
3491 family (s): see family tag in firewalld.helper(5).
3492
3493 module (s): see module tag in firewalld.helper(5).
3494
3495 ports (a(ss)): array of port and protocol pairs. See port tag
3496 in firewalld.helper(5).
3497
3498 Possible errors: INVALID_HELPER
3499
3500 Signals
3501 Removed(s: name)
3502 Emitted when helper with name has been removed.
3503
3504 Renamed(s: name)
3505 Emitted when helper has been renamed to name.
3506
3507 Updated(s: name)
3508 Emitted when helper with name has been updated.
3509
3510 Properties
3511 builtin - b - (ro)
3512 True if helper is build-in, false else.
3513
3514 default - b - (ro)
3515 True if build-in helper has default settings. False if it has
3516 been modified. Always False for not build-in helpers.
3517
3518 filename - s - (ro)
3519 Name (including .xml extension) of file where the configuration
3520 is stored.
3521
3522 name - s - (ro)
3523 Name of helper.
3524
3525 path - s - (ro)
3526 Path to directory where the configuration is stored. Should be
3527 either /usr/lib/firewalld/helpers or /etc/firewalld/helpers.
3528
3529 org.fedoraproject.FirewallD1.config.icmptype
3530 Interface for permanent icmp type configuration, see also
3531 firewalld.icmptype(5).
3532
3533 Methods
3534 addDestination(s: destination) → Nothing
3535 Permanently add a destination ('ipv4' or 'ipv6') to list of
3536 destinations of this icmp type. See destination tag in
3537 firewalld.icmptype(5).
3538
3539 Possible errors: ALREADY_ENABLED
3540
3541 getDescription() → s
3542 Get description of icmp type. See description tag in
3543 firewalld.icmptype(5).
3544
3545 getDestinations() → as
3546 Get list of destinations. See destination tag in
3547 firewalld.icmptype(5).
3548
3549 getSettings() → (sssas)
3550 Return permanent settings of icmp type. For getting runtime
3551 settings see
3552 org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings.
3553 Settings are in format: version, name, description, array of
3554 destinations.
3555
3556 version (s): see version attribute of icmptype tag in
3557 firewalld.icmptype(5).
3558
3559 name (s): see short tag in firewalld.icmptype(5).
3560
3561 description (s): see description tag in firewalld.icmptype(5).
3562
3563 destinations (as): array, either empty or containing strings
3564 'ipv4' and/or 'ipv6', see destination tag in
3565 firewalld.icmptype(5).
3566
3567
3568 getShort() → s
3569 Get name of icmp type. See short tag in firewalld.icmptype(5).
3570
3571 getVersion() → s
3572 Get version of icmp type. See version attribute of icmptype tag
3573 in firewalld.icmptype(5).
3574
3575 loadDefaults() → Nothing
3576 Load default settings for built-in icmp type.
3577
3578 Possible errors: NO_DEFAULTS
3579
3580 queryDestination(s: destination) → b
3581 Return whether a destination ('ipv4' or 'ipv6') is in list of
3582 destinations of this icmp type. See destination tag in
3583 firewalld.icmptype(5).
3584
3585 remove() → Nothing
3586 Remove not built-in icmp type.
3587
3588 Possible errors: BUILTIN_ICMPTYPE
3589
3590 removeDestination(s: destination) → Nothing
3591 Permanently remove a destination ('ipv4' or 'ipv6') from list
3592 of destinations of this icmp type. See destination tag in
3593 firewalld.icmptype(5).
3594
3595 Possible errors: NOT_ENABLED
3596
3597 rename(s: name) → Nothing
3598 Rename not built-in icmp type to name.
3599
3600 Possible errors: BUILTIN_ICMPTYPE
3601
3602 setDescription(s: description) → Nothing
3603 Permanently set description of icmp type to description. See
3604 description tag in firewalld.icmptype(5).
3605
3606 setDestinations(as: destinations) → Nothing
3607 Permanently set destinations of icmp type to destinations,
3608 which is array, either empty or containing strings 'ipv4'
3609 and/or 'ipv6'. See destination tag in firewalld.icmptype(5).
3610
3611 setShort(s: short) → Nothing
3612 Permanently set name of icmp type to short. See short tag in
3613 firewalld.icmptype(5).
3614
3615 setVersion(s: version) → Nothing
3616 Permanently set version of icmp type to version. See version
3617 attribute of icmptype tag in firewalld.icmptype(5).
3618
3619 update((sssas): settings) → Nothing
3620 Update permanent settings of icmp type to settings. Settings
3621 are in format: version, name, description, array of
3622 destinations.
3623
3624 version (s): see version attribute of icmptype tag in
3625 firewalld.icmptype(5).
3626
3627 name (s): see short tag in firewalld.icmptype(5).
3628
3629 description (s): see description tag in firewalld.icmptype(5).
3630
3631 destinations (as): array, either empty or containing strings
3632 'ipv4' and/or 'ipv6', see destination tag in
3633 firewalld.icmptype(5).
3634
3635
3636 Signals
3637 Removed(s: name)
3638 Emitted when icmp type with name has been removed.
3639
3640 Renamed(s: name)
3641 Emitted when icmp type has been renamed to name.
3642
3643 Updated(s: name)
3644 Emitted when icmp type with name has been updated.
3645
3646 Properties
3647 builtin - b - (ro)
3648 True if icmptype is build-in, false else.
3649
3650 default - b - (ro)
3651 True if build-in icmp type has default settings. False if it
3652 has been modified. Always False for not build-in zones.
3653
3654 filename - s - (ro)
3655 Name (including .xml extension) of file where the configuration
3656 is stored.
3657
3658 name - s - (ro)
3659 Name of icmp type.
3660
3661 path - s - (ro)
3662 Path to directory where the icmp type configuration is stored.
3663 Should be either /usr/lib/firewalld/icmptypes or
3664 /etc/firewalld/icmptypes.
3665
3667 firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1),
3668 firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5),
3669 firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-
3670 offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5),
3671 firewalld.zone(5), firewalld.zones(5), firewalld.policy(5),
3672 firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
3673
3675 firewalld home page:
3676 http://firewalld.org
3677
3678 More documentation with examples:
3679 http://fedoraproject.org/wiki/FirewallD
3680
3682 Thomas Woerner <twoerner@redhat.com>
3683 Developer
3684
3685 Jiri Popelka <jpopelka@redhat.com>
3686 Developer
3687
3688 Eric Garver <eric@garver.life>
3689 Developer
3690
3691
3692
3693firewalld 2.0.2 FIREWALLD.DBUS(5)