'\" t .\" Title: firewalld.service .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.79.1 .\" Date: .\" Manual: firewalld.service .\" Source: firewalld 0.6.3 .\" Language: English .\" .TH "FIREWALLD\&.SERVICE" "5" "" "firewalld 0.6.3" "firewalld.service" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.service \- firewalld service configuration files .SH "SYNOPSIS" .PP .nf \fI/etc/firewalld/services/service\&.xml\fR \fI/usr/lib/firewalld/services/service\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld service configuration file provides the information of a service entry for firewalld\&. The most important configuration options are ports, modules and destination addresses\&. .PP This example configuration file shows the structure of a service configuration file: .sp .if n \{\ .RS 4 .\} .nf \fIMy Service\fR \fIdescription\fR .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "service" .PP The mandatory service start and end tag defines the service\&. This tag can only be used once in a service configuration file\&. There are optional attributes for services: .PP version="\fIstring\fR" .RS 4 To give the service a version\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give an icmptype a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a icmptype\&. .SS "port" .PP Is an optional empty\-element tag and can be used several times to have more than one port entry\&. All attributes of a port entry are mandatory: .PP port="\fIstring\fR" .RS 4 The port \fIstring\fR can be a single port number or a port range \fIportid\fR\-\fIportid\fR or also empty to match a protocol only\&. .RE .PP protocol="\fIstring\fR" .RS 4 The protocol value can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .PP For compatibility with older firewalld versions, it is possible to add protocols with the port option where the port is empty\&. With the addition of native protocol support in the service, this it not needed anymore\&. These entries will automatically be converted to protocols\&. With the next modification of the service file, the enries will be listed as protocols\&. .SS "protocol" .PP Is an optional empty\-element tag and can be used several times to have more than one protocol entry\&. A protocol entry has exactly one attribute: .PP value="\fIstring\fR" .RS 4 The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .RE .SS "source\-port" .PP Is an optional empty\-element tag and can be used several times to have more than one source port entry\&. All attributes of a source port entry are mandatory: .PP port="\fIstring\fR" .RS 4 The port \fIstring\fR can be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fIstring\fR" .RS 4 The protocol value can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .SS "module" .PP Is an optional empty\-element tag and can be used several times to enable more than one netfilter kernel helper for the service\&. A module entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 Defines the name of the kernel netfilter helper as a string\&. .RE .SS "destination" .PP Is an optional empty\-element tag and can be used only once\&. The destination specifies the destination network as a network IP address (optional with /mask), or a plain IP address\&. The use of hostnames is not recommended, because these will only be resolved at service activation and transmitted to the kernel\&. For more information in this element, please have a look at \fB\-\-destination\fR in \fBiptables\fR(8) and \fBip6tables\fR(8)\&. .PP ipv4="\fIaddress\fR[/\fImask\fR]" .RS 4 The IPv4 destination address with optional mask\&. .RE .PP ipv6="\fIaddress\fR[/\fImask\fR]" .RS 4 The IPv6 destination address with optional mask\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE