table of contents
FIREWALLD.DBUS(5) | firewalld.dbus | FIREWALLD.DBUS(5) |
NAME¶
firewalld.dbus - firewalld D-Bus interface description
OBJECT PATHS¶
This is the basic firewalld object path structure. The used interfaces are explained below in the section called “INTERFACES”.
/org/fedoraproject/FirewallD1
Interfaces
org.fedoraproject.FirewallD1
org.fedoraproject.FirewallD1.direct (deprecated)
org.fedoraproject.FirewallD1.ipset
org.fedoraproject.FirewallD1.policies
org.fedoraproject.FirewallD1.zone
org.freedesktop.DBus.Introspectable
org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config
Interfaces
org.fedoraproject.FirewallD1.config
org.fedoraproject.FirewallD1.config.direct (deprecated)
org.fedoraproject.FirewallD1.config.policies
org.freedesktop.DBus.Introspectable
org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/zone/i
Interfaces
org.fedoraproject.FirewallD1.config.zone
org.freedesktop.DBus.Introspectable
org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/service/i
Interfaces:
org.fedoraproject.FirewallD1.config.service
org.freedesktop.DBus.Introspectable
org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/ipset/i
Interfaces
org.fedoraproject.FirewallD1.config.ipset
org.freedesktop.DBus.Introspectable
org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/icmptype/i
Interfaces
org.fedoraproject.FirewallD1.config.icmptype
org.freedesktop.DBus.Introspectable
org.freedesktop.DBus.Properties
INTERFACES¶
org.fedoraproject.FirewallD1¶
This interface contains general runtime operations, like: reloading, panic mode, default zone handling, getting services and icmp types and their settings.
Methods
authorizeAll() → Nothing
completeReload() → Nothing
disablePanicMode() → Nothing
resetToDefaults() → Nothing
Possible errors: NOT_ENABLED, COMMAND_FAILED
enablePanicMode() → Nothing
Possible errors: ALREADY_ENABLED, COMMAND_FAILED
getAutomaticHelpers() → s
getDefaultZone() → s
getHelperSettings(s: helper) → (sssssa(ss))
version (s): see version attribute of helper tag in firewalld.helper(5).
name (s): see short tag in firewalld.helper(5).
description (s): see description tag in firewalld.helper(5).
family (s): see family tag in firewalld.helper(5).
module (s): see module tag in firewalld.helper(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.helper(5).
Possible errors: INVALID_HELPER
getHelpers() → as
getIcmpTypeSettings(s: icmptype) → (sssas)
version (s): see version attribute of icmptype tag in firewalld.icmptype(5).
name (s): see short tag in firewalld.icmptype(5).
description (s): see description tag in firewalld.icmptype(5).
destinations (as): array, either empty or containing strings 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
Possible errors: INVALID_ICMPTYPE
getLogDenied() → s
getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss))
getServiceSettings2(s: service) → s{sv}
version (s): see version attribute of service tag in firewalld.service(5).
name (s): see short tag in firewalld.service(5).
description (s): see description tag in firewalld.service(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service(5).
module names (as): array of kernel netfilter helpers, see module tag in firewalld.service(5).
destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
protocols (as): array of protocols, see protocol tag in firewalld.service(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service(5).
includes (as): array of service includes, see include tag in firewalld.service(5).
helpers (as): array of service helpers, see helper tag in firewalld.service(5).
Possible errors: INVALID_SERVICE
getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
listIcmpTypes() → as
listServices() → as
queryPanicMode() → b
reload() → Nothing
runtimeToPermanent() → Nothing
Possible errors: RT_TO_PERM_FAILED
checkPermanentConfig() → Nothing
Possible errors: any
setDefaultZone(s: zone) → Nothing
Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
setLogDenied(s: value) → Nothing
Possible errors: ALREADY_SET, INVALID_VALUE
Signals
DefaultZoneChanged(s: zone)
LogDeniedChanged(s: value)
PanicModeDisabled()
PanicModeEnabled()
Reloaded()
Properties
BRIDGE - b - (ro)
IPSet - b - (ro)
IPSetTypes - as - (ro)
IPv4 - b - (ro)
IPv4ICMPTypes - as - (ro)
IPv6 - b - (ro)
IPv6_rpfilter - b - (ro)
IPv6ICMPTypes - as - (ro)
nf_conntrach_helper_setting - b - (ro)
nf_conntrack_helpers - a{sas} - (ro)
nf_nat_helpers - a{sas} - (ro)
interface_version - s - (ro)
state - s - (ro)
version - s - (ro)
org.fedoraproject.FirewallD1.ipset¶
Operations in this interface allows one to get, add, remove and query runtime ipset settings. For permanent configuration see org.fedoraproject.FirewallD1.config.ipset interface.
Methods
addEntry(s: ipset, s: entry) → as
Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
getEntries(s: ipset) → Nothing
Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
getIPSetSettings(s: ipset) → (ssssa{ss}as)
version (s): see version attribute of ipset tag in firewalld.ipset(5).
name (s): see short tag in firewalld.ipset(5).
description (s): see description tag in firewalld.ipset(5).
type (s): see type attribute of ipset tag in firewalld.ipset(5).
options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset(5).
entries (as): array of entries, see entry tag in firewalld.ipset(5).
Possible errors: INVALID_IPSET
getIPSets() → as
queryEntry(s: ipset, s: entry) → b
Possible errors: INVALID_IPSET
queryIPSet(s: ipset) → b
removeEntry(s: ipset, s: entry) → as
Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT
setEntries(as: entries) → Nothing
Signals
EntryAdded(s: ipset, s: entry)
EntryRemoved(s: ipset, s: entry)
org.fedoraproject.FirewallD1.direct¶
DEPRECATED
The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies(5).
This interface enables more direct access to the firewall. It enables runtime manipulation with chains and rules. For permanent configuration see org.fedoraproject.FirewallD1.config.direct interface.
Methods
addChain(s: ipv, s: table, s: chain) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED
addPassthrough(s: ipv, as: args) → Nothing
Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED
getAllChains() → a(sss)
ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
table (s): one of filter, mangle, nat, raw, security
chain (s): name of a chain.
getAllPassthroughs() → a(sas)
ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options.
getAllRules() → a(sssias)
ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
table (s): one of filter, mangle, nat, raw, security
chain (s): name of a chain.
priority (i): used to order rules.
arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options.
getChains(s: ipv, s: table) → as
Possible errors: INVALID_IPV, INVALID_TABLE
getPassthroughs(s: ipv) → aas
arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options.
getRules(s: ipv, s: table, s: chain) → a(ias)
priority (i): used to order rules.
arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options.
Possible errors: INVALID_IPV, INVALID_TABLE
passthrough(s: ipv, as: args) → s
Possible errors: COMMAND_FAILED
queryChain(s: ipv, s: table, s: chain) → b
Possible errors: INVALID_IPV, INVALID_TABLE
queryPassthrough(s: ipv, as: args) → b
Possible errors: INVALID_IPV
queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
Possible errors: INVALID_IPV, INVALID_TABLE
removeAllPassthroughs() → Nothing
removeChain(s: ipv, s: table, s: chain) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED
removePassthrough(s: ipv, as: args) → Nothing
Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED
removeRules(s: ipv, s: table, s: chain) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE
Signals
ChainAdded(s: ipv, s: table, s: chain)
ChainRemoved(s: ipv, s: table, s: chain)
PassthroughAdded(s: ipv, as: args)
PassthroughRemoved(s: ipv, as: args)
RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
org.fedoraproject.FirewallD1.policies¶
Enables firewalld to be able to lock down configuration changes from local applications. Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt). With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes. For permanent configuration see org.fedoraproject.FirewallD1.config.policies interface.
Methods
addLockdownWhitelistCommand(s: command) → Nothing
Possible errors: ALREADY_ENABLED, INVALID_COMMAND
addLockdownWhitelistContext(s: context) → Nothing
Possible errors: ALREADY_ENABLED, INVALID_COMMAND
addLockdownWhitelistUid(i: uid) → Nothing
Possible errors: ALREADY_ENABLED, INVALID_COMMAND
addLockdownWhitelistUser(s: user) → Nothing
Possible errors: ALREADY_ENABLED, INVALID_COMMAND
disableLockdown() → Nothing
Possible errors: NOT_ENABLED
enableLockdown() → Nothing
Possible errors: ALREADY_ENABLED
getLockdownWhitelistCommands() → as
getLockdownWhitelistContexts() → as
getLockdownWhitelistUids() → ai
getLockdownWhitelistUsers() → as
queryLockdown() → b
queryLockdownWhitelistCommand(s: command) → b
queryLockdownWhitelistContext(s: context) → b
queryLockdownWhitelistUid(i: uid) → b
queryLockdownWhitelistUser(s: user) → b
removeLockdownWhitelistCommand(s: command) → Nothing
Possible errors: NOT_ENABLED
removeLockdownWhitelistContext(s: context) → Nothing
Possible errors: NOT_ENABLED
removeLockdownWhitelistUid(i: uid) → Nothing
Possible errors: NOT_ENABLED
removeLockdownWhitelistUser(s: user) → Nothing
Possible errors: NOT_ENABLED
Signals
LockdownDisabled()
LockdownEnabled()
LockdownWhitelistCommandAdded(s: command)
LockdownWhitelistCommandRemoved(s: command)
LockdownWhitelistContextAdded(s: context)
LockdownWhitelistContextRemoved(s: context)
LockdownWhitelistUidAdded(i: uid)
LockdownWhitelistUidRemoved(i: uid)
LockdownWhitelistUserAdded(s: user)
LockdownWhitelistUserRemoved(s: user)
org.fedoraproject.FirewallD1.zone¶
Operations in this interface allows one to get, add, remove and query runtime zone's settings. For permanent settings see org.fedoraproject.FirewallD1.config.zone interface.
Methods
getZoneSettings2(s: zone) → a{sv}
version (s): see version attribute of zone tag in firewalld.zone(5).
name (s): see short tag in firewalld.zone(5).
description (s): see description tag in firewalld.zone(5).
target (s): see target attribute of zone tag in firewalld.zone(5).
services (as): array of service names, see service tag in firewalld.zone(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone(5).
icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone(5).
masquerade (b): see masquerade tag in firewalld.zone(5).
forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone(5).
interfaces (as): array of interfaces. See interface tag in firewalld.zone(5).
sources (as): array of source addresses. See source tag in firewalld.zone(5).
rules_str (as): array of rich-language rules. See rule tag in firewalld.zone(5).
protocols (as): array of protocols, see protocol tag in firewalld.zone(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone(5).
icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone(5).
forward (b): see forward tag in firewalld.zone(5).
ingress-priority (i): see ingress-priority tag in firewalld.zone(5).
egress-priority (i): see egress-priority tag in firewalld.zone(5).
Possible errors: INVALID_ZONE
setZoneSettings2(s: zone, a{sv}: settings, i: timeout)
services (as): array of service names, see service tag in firewalld.zone(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone(5).
icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone(5).
masquerade (b): see masquerade tag in firewalld.zone(5).
forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone(5).
interfaces (as): array of interfaces. See interface tag in firewalld.zone(5).
sources (as): array of source addresses. See source tag in firewalld.zone(5).
rules_str (as): array of rich-language rules. See rule tag in firewalld.zone(5).
protocols (as): array of protocols, see protocol tag in firewalld.zone(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone(5).
icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone(5).
forward (b): see forward tag in firewalld.zone(5).
Possible errors: INVALID_ZONE
addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s
Returns name of zone to which the forward port was added.
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, ALREADY_ENABLED, INVALID_COMMAND
addIcmpBlock(s: zone, s: icmp, i: timeout) → s
Returns name of zone to which the ICMP block was added.
Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, ALREADY_ENABLED, INVALID_COMMAND
addIcmpBlockInversion(s: zone) → s
Returns name of zone to which the ICMP block inversion was added.
Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
addInterface(s: zone, s: interface) → s
Returns name of zone to which the interface was bound.
Possible errors: INVALID_ZONE, INVALID_INTERFACE, ALREADY_ENABLED, INVALID_COMMAND
addMasquerade(s: zone, i: timeout) → s
Returns name of zone in which the masquerade was enabled.
Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
addPort(s: zone, s: port, s: protocol, i: timeout) → s
Returns name of zone to which the port was added.
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
addProtocol(s: zone, s: protocol, i: timeout) → s
Returns name of zone to which the protocol was added.
Possible errors: INVALID_ZONE, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
addRichRule(s: zone, s: rule, i: timeout) → s
Returns name of zone to which the rich language rule was added.
Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED, INVALID_COMMAND
addService(s: zone, s: service, i: timeout) → s
Returns name of zone to which the service was added.
Possible errors: INVALID_ZONE, INVALID_SERVICE, ALREADY_ENABLED, INVALID_COMMAND
addSource(s: zone, s: source) → s
Returns name of zone to which the source was bound.
Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED, INVALID_COMMAND
addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s
Returns name of zone to which the port was added.
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
changeZone(s: zone, s: interface) → s
changeZoneOfInterface(s: zone, s: interface) → s
Returns name of zone to which the interface was bound.
Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
changeZoneOfSource(s: zone, s: source) → s
Returns name of zone to which the source was bound.
Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
getActiveZones() → a{sa{sas}}
Return value is a dictionary where keys are zone names (s) and values are again dictionaries where keys are either 'interfaces' or 'sources' and values are arrays of interface names (s) or sources (s).
getForwardPorts(s: zone) → aas
Return value is array of 4-tuples, where each 4-tuple consists of (port, protocol, to-port, to-addr). to-addr might be empty in case of local forwarding.
Possible errors: INVALID_ZONE
getIcmpBlocks(s: zone) → as
Possible errors: INVALID_ZONE
getIcmpBlockInversion(s: zone) → b
Possible errors: INVALID_ZONE
getInterfaces(s: zone) → as
Possible errors: INVALID_ZONE
getPorts(s: zone) → aas
Possible errors: INVALID_ZONE
getProtocols(s: zone) → as
Possible errors: INVALID_ZONE
getRichRules(s: zone) → as
Possible errors: INVALID_ZONE
getServices(s: zone) → as
Possible errors: INVALID_ZONE
getSourcePorts(s: zone) → aas
Possible errors: INVALID_ZONE
getSources(s: zone) → as
Possible errors: INVALID_ZONE
getZoneOfInterface(s: interface) → s
getZoneOfSource(s: source) → s
getZones() → as
isImmutable(s: zone) → b
queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
queryIcmpBlock(s: zone, s: icmp) → b
Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
queryIcmpBlockInversion(s: zone) → b
Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
queryInterface(s: zone, s: interface) → b
Possible errors: INVALID_ZONE, INVALID_INTERFACE
queryMasquerade(s: zone) → b
Possible errors: INVALID_ZONE
queryPort(s: zone, s: port, s: protocol) → b
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL
queryProtocol(s: zone, s: protocol) → b
Possible errors: INVALID_ZONE, INVALID_PROTOCOL
queryRichRule(s: zone, s: rule) → b
Possible errors: INVALID_ZONE, INVALID_RULE
queryService(s: zone, s: service) → b
Possible errors: INVALID_ZONE, INVALID_SERVICE
querySource(s: zone, s: source) → b
Possible errors: INVALID_ZONE, INVALID_ADDR
querySourcePort(s: zone, s: port, s: protocol) → b
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL
removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s
Returns name of zone from which the forward port was removed.
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED, INVALID_COMMAND
removeIcmpBlock(s: zone, s: icmp) → s
Returns name of zone from which the ICMP block was removed.
Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED, INVALID_COMMAND
removeIcmpBlockInversion(s: zone) → s
Returns name of zone from which the ICMP block inversion was removed.
Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
removeInterface(s: zone, s: interface) → s
Returns name of zone from which the interface was removed.
Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED, INVALID_COMMAND
removeMasquerade(s: zone) → s
Returns name of zone for which the masquerade was disabled.
Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
removePort(s: zone, s: port, s: protocol) → s
Returns name of zone from which the port was removed.
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
removeProtocol(s: zone, s: protocol) → s
Returns name of zone from which the protocol was removed.
Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
removeRichRule(s: zone, s: rule) → s
Returns name of zone from which the rich language rule was removed.
Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED, INVALID_COMMAND
removeService(s: zone, s: service) → s
Returns name of zone from which the service was removed.
Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED, INVALID_COMMAND
removeSource(s: zone, s: source) → s
Returns name of zone from which the source was removed.
Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED, INVALID_COMMAND
removeSourcePort(s: zone, s: port, s: protocol) → s
Returns name of zone from which the source port was removed.
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
Signals
ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout)
ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr)
IcmpBlockAdded(s: zone, s: icmp, i: timeout)
IcmpBlockInversionAdded(s: zone)
IcmpBlockInversionRemoved(s: zone)
IcmpBlockRemoved(s: zone, s: icmp)
InterfaceAdded(s: zone, s: interface)
InterfaceRemoved(s: zone, s: interface)
MasqueradeAdded(s: zone, i: timeout)
MasqueradeRemoved(s: zone)
PortAdded(s: zone, s: port, s: protocol, i: timeout)
PortRemoved(s: zone, s: port, s: protocol)
ProtocolAdded(s: zone, s: protocol, i: timeout)
ProtocolRemoved(s: zone, s: protocol)
RichRuleAdded(s: zone, s: rule, i: timeout)
RichRuleRemoved(s: zone, s: rule)
ServiceAdded(s: zone, s: service, i: timeout)
ServiceRemoved(s: zone, s: service)
SourceAdded(s: zone, s: source)
SourcePortAdded(s: zone, s: port, s: protocol, i: timeout)
SourcePortRemoved(s: zone, s: port, s: protocol)
SourceRemoved(s: zone, s: source)
ZoneChanged(s: zone, s: interface)
ZoneOfInterfaceChanged(s: zone, s: interface)
ZoneOfSourceChanged(s: zone, s: source)
ZoneUpdated2(s: zone, a{sv}: settings)
org.fedoraproject.FirewallD1.policy¶
Operations in this interface allows one to get, add, remove and query runtime policy settings. For permanent settings see org.fedoraproject.FirewallD1.config.policy interface.
Methods
getActivePolicies() → a{sa{sas}}
Return value is a dictionary where keys are policy names (s) and values are again dictionaries where keys are either 'ingress_zones' or 'egress_zones' and values are arrays of zone names (s).
getPolicies() → as
getPolicySettings(s: policy) → a{sv}
Possible errors: INVALID_POLICY
setPolicySettings(s: policy, a{sv}: settings, i: timeout)
Possible errors: INVALID_POLICY
Signals
ForwardPortAdded(s: policy, a{sv}: settings)
org.fedoraproject.FirewallD1.config¶
Allows one to permanently add, remove and query zones, services and icmp types.
Methods
addIPSet(s: ipset, (ssssa{ss}as): settings) → o
version (s): see version attribute of ipset tag in firewalld.ipset(5).
name (s): see short tag in firewalld.ipset(5).
description (s): see description tag in firewalld.ipset(5).
type (s): see type attribute of ipset tag in firewalld.ipset(5).
options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset(5).
entries (as): array of entries, see entry tag in firewalld.ipset(5).
Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
addIcmpType(s: icmptype, (sssas): settings) → o
version (s): see version attribute of icmptype tag in firewalld.icmptype(5).
name (s): see short tag in firewalld.icmptype(5).
description (s): see description tag in firewalld.icmptype(5).
destinations (as): array, either empty or containing strings 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype(5).
Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o
addService2s: service, a{sv}: settings) → o
version (s): see version attribute of service tag in firewalld.service(5).
name (s): see short tag in firewalld.service(5).
description (s): see description tag in firewalld.service(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service(5).
module names (as): array of kernel netfilter helpers, see module tag in firewalld.service(5).
destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
protocols (as): array of protocols, see protocol tag in firewalld.service(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service(5).
includes (as): array of service includes, see include tag in firewalld.service(5).
helpers (as): array of service helpers, see helper tag in firewalld.service(5).
Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → o
addZone2(s: zone, a{sv}: settings) → o
version (s): see version attribute of zone tag in firewalld.zone(5).
name (s): see short tag in firewalld.zone(5).
description (s): see description tag in firewalld.zone(5).
target (s): see target attribute of zone tag in firewalld.zone(5).
services (as): array of service names, see service tag in firewalld.zone(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone(5).
icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone(5).
masquerade (b): see masquerade tag in firewalld.zone(5).
forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone(5).
interfaces (as): array of interfaces. See interface tag in firewalld.zone(5).
sources (as): array of source addresses. See source tag in firewalld.zone(5).
rules_str (as): array of rich-language rules. See rule tag in firewalld.zone(5).
protocols (as): array of protocols, see protocol tag in firewalld.zone(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone(5).
icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone(5).
forward (b): see forward tag in firewalld.zone(5).
ingress_priority (i): see ingress-priority tag in firewalld.zone(5).
egress_priority (i): see egress-priority tag in firewalld.zone(5).
Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
addPolicy(s: policy, a{sv}: settings) → o
description (s): see description tag in firewalld.policy(5).
egress_zones as: array of zone names. See egress-zone tag in firewalld.policy(5).
forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.policy(5).
icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.policy(5).
ingress_zones as: array of zone names. See ingress-zone tag in firewalld.policy(5).
masquerade (b): see masquerade tag in firewalld.policy(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.policy(5).
priority (i): see priority tag in firewalld.policy(5).
protocols (as): array of protocols, see protocol tag in firewalld.policy(5).
rich_rules (as): array of rich-language rules. See rule tag in firewalld.policy(5).
services (as): array of service names, see service tag in firewalld.policy(5).
short (s): see short tag in firewalld.policy(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.policy(5).
target (s): see target attribute of policy tag in firewalld.policy(5).
version (s): see version attribute of policy tag in firewalld.policy(5).
Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
getHelperByName(s: helper) → o
Possible errors: INVALID_HELPER
getHelperNames() → as
getIPSetByName(s: ipset) → o
Possible errors: INVALID_IPSET
getIPSetNames() → as
getIcmpTypeByName(s: icmptype) → o
Possible errors: INVALID_ICMPTYPE
getIcmpTypeNames() → as
getServiceByName(s: service) → o
Possible errors: INVALID_SERVICE
getServiceNames() → as
getZoneByName(s: zone) → o
Possible errors: INVALID_ZONE
getZoneNames() → as
getZoneOfInterface(s: iface) → s
getZoneOfSource(s: source) → s
getPolicyByName(s: policy) → o
Possible errors: INVALID_POLICY
getPolicyNames() → as
listHelpers() → ao
listIPSets() → ao
listIcmpTypes() → ao
listServices() → ao
listZones() → ao
listPolicies() → ao
Signals
HelperAdded(s: helper)
IPSetAdded(s: ipset)
IcmpTypeAdded(s: icmptype)
ServiceAdded(s: service)
ZoneAdded(s: zone)
Properties
AllowZoneDrifting - s - (rw)
AutomaticHelpers - s - (rw)
CleanupModulesOnExit - s - (rw)
CleanupOnExit - s - (rw)
DefaultZone - s - (ro)
FirewallBackend - s - (rw)
Note: The iptables backend is deprecated. It will be removed in a future release.
FlushAllOnReload - s - (rw)
IPv6_rpfilter - s - (rw)
IndividualCalls - s - (ro)
Lockdown - s - (rw)
LogDenied - s - (rw)
MinimalMark - i - (rw)
RFC3964_IPv4 - s - (rw)
NftablesFlowtable - s - (rw)
NftablesCounters - s - (rw)
org.fedoraproject.FirewallD1.config.direct¶
DEPRECATED
The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies(5).
Interface for permanent direct configuration, see also firewalld.direct(5). For runtime direct configuration see org.fedoraproject.FirewallD1.direct interface.
Methods
addChain(s: ipv, s: table, s: chain) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
addPassthrough(s: ipv, as: args) → Nothing
Possible errors: INVALID_IPV, ALREADY_ENABLED
addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
getAllChains() → a(sss)
ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
table (s): one of filter, mangle, nat, raw, security
chain (s): name of a chain.
getAllPassthroughs() → a(sas)
ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options.
getAllRules() → a(sssias)
ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables).
table (s): one of filter, mangle, nat, raw, security
chain (s): name of a chain.
priority (i): used to order rules.
arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options.
getChains(s: ipv, s: table) → as
Possible errors: INVALID_IPV, INVALID_TABLE
getPassthroughs(s: ipv) → aas
arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options.
getRules(s: ipv, s: table, s: chain) → a(ias)
priority (i): used to order rules.
arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options.
Possible errors: INVALID_IPV, INVALID_TABLE
getSettings() → (a(sss)a(sssias)a(sas))
chains (a(sss)): array of (ipv, table, chain), see 'chain' in firewalld.direct(5).
..PP rules (a(sssias)): array of (ipv, table, chain, priority, array of arguments), see 'rule' in firewalld.direct(5). .
.PP passthroughs (a(sas)): array of (ipv, array of arguments), see passthrough in firewalld.direct(5). .
.sp
queryChain(s: ipv, s: table, s: chain) → b
Possible errors: INVALID_IPV, INVALID_TABLE
queryPassthrough(s: ipv, as: args) → b
Possible errors: INVALID_IPV
queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
Possible errors: INVALID_IPV, INVALID_TABLE
removeChain(s: ipv, s: table, s: chain) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
removePassthrough(s: ipv, as: args) → Nothing
Possible errors: INVALID_IPV, NOT_ENABLED
removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
removeRules(s: ipv, s: table, s: chain) → Nothing
Possible errors: INVALID_IPV, INVALID_TABLE
update((a(sss)a(sssias)a(sas)): settings) → Nothing
chains (a(sss)): array of (ipv, table, chain), see 'chain' in firewalld.direct(5).
..PP rules (a(sssias)): array of (ipv, table, chain, priority, array of arguments), see 'rule' in firewalld.direct(5). .
.PP passthroughs (a(sas)): array of (ipv, array of arguments), see passthrough in firewalld.direct(5). .
.sp Possible errors: INVALID_TYPE
Signals
Updated()
org.fedoraproject.FirewallD1.config.policies¶
Interface for permanent lockdown-whitelist configuration, see also firewalld.lockdown-whitelist(5). For runtime configuration see org.fedoraproject.FirewallD1.policies interface.
Methods
addLockdownWhitelistCommand(s: command) → Nothing
Possible errors: ALREADY_ENABLED, INVALID_TYPE
addLockdownWhitelistContext(s: context) → Nothing
Possible errors: ALREADY_ENABLED, INVALID_TYPE
addLockdownWhitelistUid(i: uid) → Nothing
Possible errors: ALREADY_ENABLED, INVALID_TYPE
addLockdownWhitelistUser(s: user) → Nothing
Possible errors: ALREADY_ENABLED, INVALID_TYPE
getLockdownWhitelist() → (asasasai)
commands (as): see command option in firewalld.lockdown-whitelist(5).
selinux contexts (as): see selinux option in firewalld.lockdown-whitelist(5).
users (as): see name attribute of user option in firewalld.lockdown-whitelist(5).
uids (ai): see id attribute of user option in firewalld.lockdown-whitelist(5).
getLockdownWhitelistCommands() → as
getLockdownWhitelistContexts() → as
getLockdownWhitelistUids() → ai
getLockdownWhitelistUsers() → as
queryLockdownWhitelistCommand(s: command) → b
queryLockdownWhitelistContext(s: context) → b
queryLockdownWhitelistUid(i: uid) → b
queryLockdownWhitelistUser(s: user) → b
removeLockdownWhitelistCommand(s: command) → Nothing
Possible errors: NOT_ENABLED
removeLockdownWhitelistContext(s: context) → Nothing
Possible errors: NOT_ENABLED
removeLockdownWhitelistUid(i: uid) → Nothing
Possible errors: NOT_ENABLED
removeLockdownWhitelistUser(s: user) → Nothing
Possible errors: NOT_ENABLED
setLockdownWhitelist((asasasai): settings) → Nothing
commands (as): see command option in firewalld.lockdown-whitelist(5).
selinux contexts (as): see selinux option in firewalld.lockdown-whitelist(5).
users (as): see name attribute of user option in firewalld.lockdown-whitelist(5).
uids (ai): see id attribute of user option in firewalld.lockdown-whitelist(5).
Possible errors: INVALID_TYPE
Signals
LockdownWhitelistUpdated()
org.fedoraproject.FirewallD1.config.ipset¶
Interface for permanent ipset configuration, see also firewalld.ipset(5).
Methods
addEntry(s: entry) → Nothing
Possible errors: ALREADY_ENABLED
addOption(s: key, s: value) → Nothing
Possible errors: ALREADY_ENABLED
getDescription() → s
getEntries() → as
Possible errors: IPSET_WITH_TIMEOUT
getOptions() → a{ss}
getSettings() → (ssssa{ss}as)
version (s): see version attribute of ipset tag in firewalld.ipset(5).
name (s): see short tag in firewalld.ipset(5).
description (s): see description tag in firewalld.ipset(5).
type (s): see type attribute of ipset tag in firewalld.ipset(5).
options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset(5).
entries (as): array of entries, see entry tag in firewalld.ipset(5).
getShort() → s
getType() → s
getVersion() → s
loadDefaults() → Nothing
Possible errors: NO_DEFAULTS
queryEntry(s: entry) → b
queryOption(s: key, s: value) → b
remove() → Nothing
Possible errors: BUILTIN_IPSET
removeEntry(s: entry) → Nothing
Possible errors: NOT_ENABLED
removeOption(s: key) → Nothing
Possible errors: NOT_ENABLED
rename(s: name) → Nothing
Possible errors: BUILTIN_IPSET
setDescription(s: description) → Nothing
setEntries(as: entries) → Nothing
setOptions(a{ss}: options) → Nothing
setShort(s: short) → Nothing
setType(s: ipset_type) → Nothing
setVersion(s: version) → Nothing
update((ssssa{ss}as): settings) → Nothing
version (s): see version attribute of ipset tag in firewalld.ipset(5).
name (s): see short tag in firewalld.ipset(5).
description (s): see description tag in firewalld.ipset(5).
type (s): see type attribute of ipset tag in firewalld.ipset(5).
options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset(5).
entries (as): array of entries, see entry tag in firewalld.ipset(5).
Possible errors: INVALID_TYPE
Signals
Removed(s: name)
Renamed(s: name)
Updated(s: name)
Properties
builtin - b - (ro)
default - b - (ro)
filename - s - (ro)
name - s - (ro)
path - s - (ro)
org.fedoraproject.FirewallD1.config.zone¶
Interface for permanent zone configuration, see also firewalld.zone(5).
Methods
addForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing
Possible errors: ALREADY_ENABLED
addIcmpBlock(s: icmptype) → Nothing
Possible errors: ALREADY_ENABLED
addIcmpBlock(s: icmptype) → Nothing
Possible errors: ALREADY_ENABLED
addInterface(s: interface) → Nothing
Possible errors: ALREADY_ENABLED
addMasquerade() → Nothing
Possible errors: ALREADY_ENABLED
addPort(s: port, s: protocol) → Nothing
Possible errors: ALREADY_ENABLED
addProtocol(s: protocol) → Nothing
Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
addRichRule(s: rule) → Nothing
Possible errors: ALREADY_ENABLED
addService(s: service) → Nothing
Possible errors: ALREADY_ENABLED
addSource(s: source) → Nothing
Possible errors: ALREADY_ENABLED
addSourcePort(s: port, s: protocol) → Nothing
Possible errors: ALREADY_ENABLED
getDescription() → s
getForwardPorts() → a(ssss)
getIcmpBlockInversion() → b
getIcmpBlocks() → as
getInterfaces() → as
getMasquerade() → b
getPorts() → a(ss)
getProtocols() → as
getRichRules() → as
getServices() → as
getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b)
getSettings2() → a{sv}
version (s): see version attribute of zone tag in firewalld.zone(5).
name (s): see short tag in firewalld.zone(5).
description (s): see description tag in firewalld.zone(5).
target (s): see target attribute of zone tag in firewalld.zone(5).
services (as): array of service names, see service tag in firewalld.zone(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone(5).
icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone(5).
masquerade (b): see masquerade tag in firewalld.zone(5).
forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone(5).
interfaces (as): array of interfaces. See interface tag in firewalld.zone(5).
sources (as): array of source addresses. See source tag in firewalld.zone(5).
rules_str (as): array of rich-language rules. See rule tag in firewalld.zone(5).
protocols (as): array of protocols, see protocol tag in firewalld.zone(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone(5).
icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone(5).
forward (b): see forward tag in firewalld.zone(5).
ingress_priority (i): see ingress-priority tag in firewalld.zone(5).
egress_priority (i): see egress-priority tag in firewalld.zone(5).
getShort() → s
getSourcePorts() → a(ss)
getSources() → as
getTarget() → s
getVersion() → s
loadDefaults() → Nothing
Possible errors: NO_DEFAULTS
queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b
queryIcmpBlock(s: icmptype) → b
queryIcmpBlockInversion() → b
queryInterface(s: interface) → b
queryMasquerade() → b
queryPort(s: port, s: protocol) → b
queryProtocol(s: protocol) → b
Possible errors: INVALID_PROTOCOL
queryRichRule(s: rule) → b
queryService(s: service) → b
querySource(s: source) → b
querySourcePort(s: port, s: protocol) → b
remove() → Nothing
Possible errors: BUILTIN_ZONE
removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing
Possible errors: NOT_ENABLED
removeIcmpBlock(s: icmptype) → Nothing
Possible errors: NOT_ENABLED
removeIcmpBlockInversion() → Nothing
Possible errors: NOT_ENABLED
removeInterface(s: interface) → Nothing
Possible errors: NOT_ENABLED
removeMasquerade() → Nothing
Possible errors: NOT_ENABLED
removePort(s: port, s: protocol) → Nothing
Possible errors: NOT_ENABLED
removeProtocol(s: protocol) → Nothing
Possible errors: INVALID_PROTOCOL, NOT_ENABLED
removeRichRule(s: rule) → Nothing
Possible errors: NOT_ENABLED
removeService(s: service) → Nothing
Possible errors: NOT_ENABLED
removeSource(s: source) → Nothing
Possible errors: NOT_ENABLED
removeSourcePort(s: port, s: protocol) → Nothing
Possible errors: NOT_ENABLED
rename(s: name) → Nothing
Possible errors: BUILTIN_ZONE
setDescription(s: description) → Nothing
setForwardPorts(a(ssss): ports) → Nothing
setIcmpBlockInversion(b: flag) → Nothing
setIcmpBlocks(as: icmptypes) → Nothing
setInterfaces(as: interfaces) → Nothing
setMasquerade(b: masquerade) → Nothing
setPorts(a(ss): ports) → Nothing
setProtocols(as: protocols) → Nothing
setRichRules(as: rules) → Nothing
setServices(as: services) → Nothing
setShort(s: short) → Nothing
setSourcePorts(a(ss): ports) → Nothing
setSources(as: sources) → Nothing
setTarget(s: target) → Nothing
setVersion(s: version) → Nothing
update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing
update2(a{sv}: settings) → Nothing
version (s): see version attribute of zone tag in firewalld.zone(5).
name (s): see short tag in firewalld.zone(5).
description (s): see description tag in firewalld.zone(5).
target (s): see target attribute of zone tag in firewalld.zone(5).
services (as): array of service names, see service tag in firewalld.zone(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone(5).
icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone(5).
masquerade (b): see masquerade tag in firewalld.zone(5).
forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone(5).
interfaces (as): array of interfaces. See interface tag in firewalld.zone(5).
sources (as): array of source addresses. See source tag in firewalld.zone(5).
rules_str (as): array of rich-language rules. See rule tag in firewalld.zone(5).
protocols (as): array of protocols, see protocol tag in firewalld.zone(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone(5).
icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone(5).
forward (b): see forward tag in firewalld.zone(5).
ingress_priority (i): see ingress-priority tag in firewalld.zone(5).
egress_priority (i): see egress-priority tag in firewalld.zone(5).
Possible errors: INVALID_TYPE
Signals
Removed(s: name)
Renamed(s: name)
Updated(s: name)
Properties
builtin - b - (ro)
default - b - (ro)
filename - s - (ro)
name - s - (ro)
path - s - (ro)
org.fedoraproject.FirewallD1.config.policy¶
Interface for permanent policy configuration, see also firewalld.policy(5).
Methods
getSettings() → a{sv}
loadDefaults() → Nothing
Possible errors: NO_DEFAULTS
remove() → Nothing
Possible errors: BUILTIN_POLICY
rename(s: name) → Nothing
Possible errors: BUILTIN_POLICY
update(a{sv}: settings) → Nothing
Possible errors: INVALID_TYPE
Signals
Removed(s: name)
Renamed(s: name)
Updated(s: name)
Properties
builtin - b - (ro)
default - b - (ro)
filename - s - (ro)
name - s - (ro)
path - s - (ro)
org.fedoraproject.FirewallD1.config.service¶
Interface for permanent service configuration, see also firewalld.service(5).
Methods
addModule(s: module) → Nothing
addPort(s: port, s: protocol) → Nothing
Possible errors: ALREADY_ENABLED
addProtocol(s: protocol) → Nothing
Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED
addSourcePort(s: port, s: protocol) → Nothing
Possible errors: ALREADY_ENABLED
getDescription() → s
getDestination(s: family) → s
Possible errors: ALREADY_ENABLED
getDestinations() → a{ss}
getModules() → as
getPorts() → a(ss)
getProtocols() → as
getSettings() → (sssa(ss)asa{ss}asa(ss))
getSettings2(s: service) → s{sv}
version (s): see version attribute of service tag in firewalld.service(5).
name (s): see short tag in firewalld.service(5).
description (s): see description tag in firewalld.service(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service(5).
module names (as): array of kernel netfilter helpers, see module tag in firewalld.service(5).
destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
protocols (as): array of protocols, see protocol tag in firewalld.service(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service(5).
includes (as): array of service includes, see include tag in firewalld.service(5).
helpers (as): array of service helpers, see helper tag in firewalld.service(5).
getShort() → s
getSourcePorts() → a(ss)
getVersion() → s
loadDefaults() → Nothing
Possible errors: NO_DEFAULTS
queryDestination(s: family, s: address) → b
queryModule(s: module) → b
queryPort(s: port, s: protocol) → b
queryProtocol(s: protocol) → b
querySourcePort(s: port, s: protocol) → b
remove() → Nothing
Possible errors: BUILTIN_SERVICE
removeDestination(s: family) → Nothing
Possible errors: NOT_ENABLED
removeModule(s: module) → Nothing
removePort(s: port, s: protocol) → Nothing
Possible errors: NOT_ENABLED
removeProtocol(s: protocol) → Nothing
Possible errors: NOT_ENABLED
removeSourcePort(s: port, s: protocol) → Nothing
Possible errors: NOT_ENABLED
rename(s: name) → Nothing
Possible errors: BUILTIN_SERVICE
setDescription(s: description) → Nothing
setDestination(s: family, s: address) → Nothing
Possible errors: ALREADY_ENABLED
setDestinations(a{ss}: destinations) → Nothing
setModules(as: modules) → Nothing
setPorts(a(ss): ports) → Nothing
setProtocols(as: protocols) → Nothing
setShort(s: short) → Nothing
setSourcePorts(a(ss): ports) → Nothing
setVersion(s: version) → Nothing
update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing
update2a{sv}: settings) → Nothing
version (s): see version attribute of service tag in firewalld.service(5).
name (s): see short tag in firewalld.service(5).
description (s): see description tag in firewalld.service(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service(5).
module names (as): array of kernel netfilter helpers, see module tag in firewalld.service(5).
destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service(5).
protocols (as): array of protocols, see protocol tag in firewalld.service(5).
source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service(5).
includes (as): array of service includes, see include tag in firewalld.service(5).
helpers (as): array of service helpers, see helper tag in firewalld.service(5).
Possible errors: INVALID_TYPE
Signals
Removed(s: name)
Renamed(s: name)
Updated(s: name)
Properties
builtin - b - (ro)
default - b - (ro)
filename - s - (ro)
name - s - (ro)
path - s - (ro)
org.fedoraproject.FirewallD1.config.helper¶
Interface for permanent helper configuration, see also firewalld.helper(5).
Methods
addPort(s: port, s: protocol) → Nothing
Possible errors: ALREADY_ENABLED
getDescription() → s
getFamily() → s
getModule() → s
getPorts() → a(ss)
getSettings() → (sssssa(ss))
version (s): see version attribute of helper tag in firewalld.helper(5).
name (s): see short tag in firewalld.helper(5).
description (s): see description tag in firewalld.helper(5).
family (s): see family tag in firewalld.helper(5).
module (s): see module tag in firewalld.helper(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.helper(5).
getShort() → s
getVersion() → s
loadDefaults() → Nothing
Possible errors: NO_DEFAULTS
queryFamily(s: module) → b
queryModule(s: module) → b
queryPort(s: port, s: protocol) → b
remove() → Nothing
Possible errors: BUILTIN_HELPER
removePort(s: port, s: protocol) → Nothing
Possible errors: NOT_ENABLED
rename(s: name) → Nothing
Possible errors: BUILTIN_HELPER
setDescription(s: description) → Nothing
setFamily(s: family) → Nothing
setModule(s: module) → Nothing
setPorts(a(ss): ports) → Nothing
setShort(s: short) → Nothing
setVersion(s: version) → Nothing
update((sssssa(ss)): settings) → Nothing
version (s): see version attribute of helper tag in firewalld.helper(5).
name (s): see short tag in firewalld.helper(5).
description (s): see description tag in firewalld.helper(5).
family (s): see family tag in firewalld.helper(5).
module (s): see module tag in firewalld.helper(5).
ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.helper(5).
Possible errors: INVALID_HELPER
Signals
Removed(s: name)
Renamed(s: name)
Updated(s: name)
Properties
builtin - b - (ro)
default - b - (ro)
filename - s - (ro)
name - s - (ro)
path - s - (ro)
org.fedoraproject.FirewallD1.config.icmptype¶
Interface for permanent icmp type configuration, see also firewalld.icmptype(5).
Methods
addDestination(s: destination) → Nothing
Possible errors: ALREADY_ENABLED
getDescription() → s
getDestinations() → as
getSettings() → (sssas)
version (s): see version attribute of icmptype tag in firewalld.icmptype(5).
name (s): see short tag in firewalld.icmptype(5).
description (s): see description tag in firewalld.icmptype(5).
destinations (as): array, either empty or containing strings 'ipv4' and/or 'ipv6', see destination tag in firewalld.icmptype(5).
getShort() → s
getVersion() → s
loadDefaults() → Nothing
Possible errors: NO_DEFAULTS
queryDestination(s: destination) → b
remove() → Nothing
Possible errors: BUILTIN_ICMPTYPE
removeDestination(s: destination) → Nothing
Possible errors: NOT_ENABLED
rename(s: name) → Nothing
Possible errors: BUILTIN_ICMPTYPE
setDescription(s: description) → Nothing
setDestinations(as: destinations) → Nothing
setShort(s: short) → Nothing
setVersion(s: version) → Nothing
update((sssas): settings) → Nothing
version (s): see version attribute of icmptype tag in firewalld.icmptype(5).
name (s): see short tag in firewalld.icmptype(5).
description (s): see description tag in firewalld.icmptype(5).
destinations (as): array, either empty or containing strings 'ipv4' and/or 'ipv6', see destination tag in firewalld.icmptype(5).
Signals
Removed(s: name)
Renamed(s: name)
Updated(s: name)
Properties
builtin - b - (ro)
default - b - (ro)
filename - s - (ro)
name - s - (ro)
path - s - (ro)
SEE ALSO¶
firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5), firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5), firewalld.zones(5), firewalld.policy(5), firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
NOTES¶
firewalld home page:
More documentation with examples:
AUTHORS¶
Thomas Woerner <twoerner@redhat.com>
Jiri Popelka <jpopelka@redhat.com>
Eric Garver <eric@garver.life>
firewalld 2.0.0 |