'\" t
.\"     Title: firewalld.dbus
.\"    Author: Thomas Woerner <twoerner@redhat.com>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\"      Date: 
.\"    Manual: firewalld.dbus
.\"    Source: firewalld 0.3.12
.\"  Language: English
.\"
.TH "FIREWALLD\&.DBUS" "5" "" "firewalld 0.3.12" "firewalld.dbus"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
firewalld.dbus \- firewalld D\-Bus interface description
.SH "OBJECT PATHS"
.PP
This is the basic firewalld object path structure\&. The used interfaces are explained below in
the section called \(lqINTERFACES\(rq\&.
.sp
.if n \{\
.RS 4
.\}
.nf
/org/fedoraproject/FirewallD1
  Interfaces
    org.fedoraproject.FirewallD1
    org.fedoraproject.FirewallD1.direct
    org.fedoraproject.FirewallD1.policies
    org.fedoraproject.FirewallD1.zone
    org\&.freedesktop\&.DBus\&.Introspectable
    org\&.freedesktop\&.DBus\&.Properties

/org/fedoraproject/FirewallD1/config
  Interfaces
    org.fedoraproject.FirewallD1.config
    org.fedoraproject.FirewallD1.config.direct
    org.fedoraproject.FirewallD1.config.policies
    org\&.freedesktop\&.DBus\&.Introspectable
    org\&.freedesktop\&.DBus\&.Properties

/org/fedoraproject/FirewallD1/config/zone/i
  Interfaces
    org.fedoraproject.FirewallD1.config.zone
    org\&.freedesktop\&.DBus\&.Introspectable
    org\&.freedesktop\&.DBus\&.Properties

/org/fedoraproject/FirewallD1/config/service/i
  Interfaces:
    org.fedoraproject.FirewallD1.config.service
    org\&.freedesktop\&.DBus\&.Introspectable
    org\&.freedesktop\&.DBus\&.Properties

/org/fedoraproject/FirewallD1/config/icmptype/i
  Interfaces
    org.fedoraproject.FirewallD1.config.icmptype
    org\&.freedesktop\&.DBus\&.Introspectable
    org\&.freedesktop\&.DBus\&.Properties
    
.fi
.if n \{\
.RE
.\}
.SH "INTERFACES"
.PP
.SS "org\&.fedoraproject\&.FirewallD1"
.PP
This interface contains general runtime operations, like: reloading, panic mode, default zone handling, getting services and icmp types and their settings\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
completeReload() → Nothing
.RS 4
Reload firewall completely, even netfilter kernel modules\&. This will most likely terminate active connections, because state information is lost\&. This option should only be used in case of severe firewall problems\&. For example if there are state information problems that no connection can be established with correct firewall rules\&.
.RE
.PP
enablePanicMode() → Nothing
.RS 4
Enable panic mode\&. All incoming and outgoing packets are dropped, active connections will expire\&. Enable this only if there are serious problems with your network environment\&.
.sp
Possible errors: ALREADY_ENABLED, COMMAND_FAILED
.RE
.PP
disablePanicMode() → Nothing
.RS 4
Disable panic mode\&. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time\&.
.sp
Possible errors: NOT_ENABLED, COMMAND_FAILED
.RE
.PP
getDefaultZone() → s
.RS 4
Return default zone\&.
.RE
.PP
getIcmpTypeSettings(s: \fIicmptype\fR) → (sssas)
.RS 4
Return runtime settings of given
\fIicmptype\fR\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR, array of
\fIdestinations\fR\&.
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq, see \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.sp
Possible errors: INVALID_ICMPTYPE
.RE
.PP
getServiceSettings(s: \fIservice\fR) → (sssa(ss)asa{ss})
.RS 4
Return runtime settings of given
\fIservice\fR\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.service.Methods.getSettings\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR, array of
\fIports\fR
(port, protocol), array of
\fImodule names\fR, dictionary of
\fIdestinations\fR\&.
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.sp
Possible errors: INVALID_SERVICE
.RE
.PP
getZoneSettings(s: \fIzone\fR) → (sssbsasa(ss)asba(ssss)asasas)
.RS 4
Return runtime settings of given
\fIzone\fR\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.getSettings\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR,
\fIUNUSED\fR,
\fItarget\fR, array of
\fIservices\fR, array of
\fIports\fR
(port, protocol), array of
\fIicmp\-blocks\fR,
\fImasquerade\fR, array of
\fIforward\-ports\fR
(port, protocol, to\-port, to\-addr), array of
\fIinterfaces\fR, array of
\fIsources\fR, array of
\fIrich rules\fR
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIUNUSED (b)\fR: this boolean value is no longer used for anything\&.
.RS 4
.RE
.PP
\fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIicmp\-blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIforward\-ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIsource addresses (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIrich rules (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.sp
Possible errors: INVALID_ZONE
.RE
.PP
listIcmpTypes() → as
.RS 4
Return array of names (s) of icmp types in runtime configuration\&. For permanent configuration see
org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes\&.
.RE
.PP
listServices() → as
.RS 4
Return array of service names (s) in runtime configuration\&. For permanent configuration see
org.fedoraproject.FirewallD1.config.Methods.listServices\&.
.RE
.PP
queryPanicMode() → b
.RS 4
Return true if panic mode is enabled, false otherwise\&. In panic mode all incoming and outgoing packets are dropped\&.
.RE
.PP
reload() → Nothing
.RS 4
Reload firewall rules and keep state information\&. Current permanent configuration will become new runtime configuration, i\&.e\&. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration\&.
.RE
.PP
setDefaultZone(s: \fIzone\fR) → Nothing
.RS 4
Set default zone for connections and interfaces where no zone has been selected to
\fIzone\fR\&. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone\&. This is a runtime and permanent change\&.
.sp
Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED
.RE
.PP
runtimeToPermanent() → Nothing
.RS 4
Make runtime settings permanent\&. Replaces permanent settings with runtime settings for zones, services, icmptypes, direct and policies (lockdown whitelist)\&.
.sp
Possible errors: RT_TO_PERM_FAILED
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
DefaultZoneChanged(s: \fIzone\fR)
.RS 4
Emitted when default zone has been changed to
\fIzone\fR\&.
.RE
.PP
PanicModeDisabled()
.RS 4
Emitted when panic mode has been deactivated\&.
.RE
.PP
PanicModeEnabled()
.RS 4
Emitted when panic mode has been activated\&.
.RE
.PP
Reloaded()
.RS 4
Emitted when firewalld has been reloaded\&. Also emitted for a complete reload\&.
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBProperties\fR
.RS 4
.PP
\fIBRIDGE\fR \- b \- (ro)
.RS 4
Indicates whether the firewall has ethernet bridge support\&.
.RE
.PP
\fIIPv4\fR \- b \- (ro)
.RS 4
Indicates whether the firewall has IPv4 support\&.
.RE
.PP
\fIIPv6\fR \- b \- (ro)
.RS 4
Indicates whether the firewall has IPv6 support\&.
.RE
.PP
\fIinterface_version\fR \- s \- (ro)
.RS 4
firewalld D\-Bus interface version string\&.
.RE
.PP
\fIstate\fR \- s \- (ro)
.RS 4
firewalld state\&. This can be either
\fIINIT\fR
or
\fIRUNNING\fR\&. In
\fIINIT\fR
state, firewalld is starting up and initializing\&.
.RE
.PP
\fIversion\fR \- s \- (ro)
.RS 4
firewalld version string\&.
.RE
.RE
.SS "org\&.fedoraproject\&.FirewallD1\&.direct"
.PP
This interface enables more direct access to the firewall\&. It enables runtime manipulation with chains and rules\&. For permanent configuration see
org.fedoraproject.FirewallD1.config.direct
interface\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
addChain(s: ipv, s: table, s: chain) → Nothing
.RS 4
Add a new
\fIchain\fR
to
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. Make sure there\*(Aqs no other chain with this name already\&. There already exist basic chains to use with direct methods, for example
\fIINPUT_direct\fR
chain\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into
\fIINPUT_direct\fR
will be checked before rules in zones\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.addChain\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED
.RE
.PP
addPassthrough(s: ipv, as: args) → Nothing
.RS 4
Add a tracked passthrough rule with the arguments
\fIargs\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough\&.
.sp
Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED
.RE
.PP
addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing
.RS 4
Add a rule with the arguments
\fIargs\fR
to
\fIchain\fR
in
\fItable\fR
with
\fIpriority\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. The priority is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.addRule\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED
.RE
.PP
getAllChains() → a(sss)
.RS 4
Get all chains added to all tables in format: ipv, table, chain\&. This concerns only chains previously added with
addChain\&. Return value is a array of (\fIipv\fR,
\fItable\fR,
\fIchain\fR)\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains\&.
.PP
\fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&.
.RS 4
.RE
.PP
\fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR
.RS 4
.RE
.PP
\fIchain (s)\fR: name of a chain\&.
.RS 4
.RE
.sp
.RE
.PP
getAllPassthroughs() → a(sas)
.RS 4
Get all tracked passthrough rules added in all ipv types in format: ipv, rule\&. This concerns only rules previously added with
addPassthrough\&. Return value is a array of (\fIipv\fR, array of
\fIarguments\fR)\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs\&.
.PP
\fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&.
.RS 4
.RE
.PP
\fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&.
.RS 4
.RE
.sp
.RE
.PP
getAllRules() → a(sssias)
.RS 4
Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule\&. This concerns only rules previously added with
addRule\&. Return value is a array of (\fIipv\fR,
\fItable\fR,
\fIchain\fR,
\fIpriority\fR, array of
\fIarguments\fR)\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules\&.
.PP
\fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&.
.RS 4
.RE
.PP
\fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR
.RS 4
.RE
.PP
\fIchain (s)\fR: name of a chain\&.
.RS 4
.RE
.PP
\fIpriority (i)\fR: used to order rules\&.
.RS 4
.RE
.PP
\fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&.
.RS 4
.RE
.sp
.RE
.PP
getChains(s: ipv, s: table) → as
.RS 4
Return an array of chains (s) added to
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only chains previously added with
addChain\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.getChains\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.PP
getRules(s: ipv, s: table, s: chain) → a(ias)
.RS 4
Get all rules added to
\fIchain\fR
in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only rules previously added with
addRule\&. Return value is a array of (\fIpriority\fR, array of
\fIarguments\fR)\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.getRules\&.
.PP
\fIpriority (i)\fR: used to order rules\&.
.RS 4
.RE
.PP
\fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&.
.RS 4
.RE
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.PP
queryChain(s: ipv, s: table, s: chain) → b
.RS 4
Return whether a
\fIchain\fR
exists in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only chains previously added with
addChain\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.queryChain\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.PP
queryPassthrough(s: ipv, as: args) → b
.RS 4
Return whether a tracked passthrough rule with the arguments
\fIargs\fR
exists for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only rules previously added with
addPassthrough\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough\&.
.sp
Possible errors: INVALID_IPV
.RE
.PP
queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
.RS 4
Return whether a rule with
\fIpriority\fR
and the arguments
\fIargs\fR
exists in
\fIchain\fR
in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only rules previously added with
addRule\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.queryRule\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.PP
removeChain(s: ipv, s: table, s: chain) → Nothing
.RS 4
Remove a
\fIchain\fR
from
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. Only chains previously added with
addChain
can be removed this way\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.removeChain\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED
.RE
.PP
removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing
.RS 4
Remove a rule with
\fIpriority\fR
and arguments
\fIargs\fR
from
\fIchain\fR
in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. Only rules previously added with
addRule
can be removed this way\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.removeRule\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED
.RE
.PP
removePassthrough(s: ipv, as: args) → Nothing
.RS 4
Remove a tracked passthrough rule with arguments
\fIargs\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. Only rules previously added with
addPassthrough
can be removed this way\&. For permanent operation see
org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough\&.
.sp
Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED
.RE
.PP
removeRules(s: ipv, s: table, s: chain) → Nothing
.RS 4
Remove all rules from
\fIchain\fR
in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only rules previously added with
addRule\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.PP
passthrough(s: ipv, as: args) → s
.RS 4
Pass a command through to the firewall\&.
\fIipv\fR
can be either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&.
\fIargs\fR
can be all
\fBiptables\fR,
\fBip6tables\fR
and
\fBebtables\fR
command line arguments\&.
\fIargs\fR
can be all iptables, ip6tables and ebtables command line arguments\&. This command is untracked, which means that firewalld is not able to provide information about this command later on\&.
.sp
Possible errors: COMMAND_FAILED
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
ChainAdded(s: ipv, s: table, s: chain)
.RS 4
Emitted when
\fIchain\fR
has been added into
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&.
.RE
.PP
ChainRemoved(s: ipv, s: table, s: chain)
.RS 4
Emitted when
\fIchain\fR
has been removed from
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&.
.RE
.PP
PassthroughAdded(s: ipv, as: args)
.RS 4
Emitted when a tracked passthruogh rule with
\fIargs\fR
has been added for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&.
.RE
.PP
PassthroughRemoved(s: ipv, as: args)
.RS 4
Emitted when a tracked passthrough rule with
\fIargs\fR
has been removed for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&.
.RE
.PP
RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)
.RS 4
Emitted when a rule with
\fIargs\fR
has been added to
\fIchain\fR
in
\fItable\fR
with
\fIpriority\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&.
.RE
.PP
RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)
.RS 4
Emitted when a rule with
\fIargs\fR
has been removed from
\fIchain\fR
in
\fItable\fR
with
\fIpriority\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&.
.RE
.RE
.SS "org\&.fedoraproject\&.FirewallD1\&.policies"
.PP
Enables firewalld to be able to lock down configuration changes from local applications\&. Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt)\&. With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes\&. For permanent configuration see
org.fedoraproject.FirewallD1.config.policies
interface\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
addLockdownWhitelistCommand(s: command) → Nothing
.RS 4
Add
\fIcommand\fR
to whitelist\&. See
\fIcommand\fR
option in
\fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand\&.
.sp
Possible errors: ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addLockdownWhitelistContext(s: context) → Nothing
.RS 4
Add
\fIcontext\fR
to whitelist\&. See
\fIselinux\fR
option in
\fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext\&.
.sp
Possible errors: ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addLockdownWhitelistUid(i: uid) → Nothing
.RS 4
Add user id
\fIuid\fR
to whitelist\&. See
\fIuser\fR
option in
\fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid\&.
.sp
Possible errors: ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addLockdownWhitelistUser(s: user) → Nothing
.RS 4
Add
\fIuser\fR
name to whitelist\&. See
\fIuser\fR
option in
\fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser\&.
.sp
Possible errors: ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
disableLockdown() → Nothing
.RS 4
Disable lockdown\&. This is a runtime and permanent change\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
enableLockdown() → Nothing
.RS 4
Enable lockdown\&. Be careful \- if the calling application/user is not on lockdown whitelist when you enable lockdown you won\*(Aqt be able to disable it again with the application, you would need to edit firewalld\&.conf\&. This is a runtime and permanent change\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
getLockdownWhitelistCommands() → as
.RS 4
List all command lines (s) that are on whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands\&.
.RE
.PP
getLockdownWhitelistContexts() → as
.RS 4
List all contexts (s) that are on whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts\&.
.RE
.PP
getLockdownWhitelistUids() → ai
.RS 4
List all user ids (i) that are on whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids\&.
.RE
.PP
getLockdownWhitelistUsers() → as
.RS 4
List all users (s) that are on whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers\&.
.RE
.PP
queryLockdown() → b
.RS 4
Query whether lockdown is enabled\&.
.RE
.PP
queryLockdownWhitelistCommand(s: command) → b
.RS 4
Query whether
\fIcommand\fR
is on whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand\&.
.RE
.PP
queryLockdownWhitelistContext(s: context) → b
.RS 4
Query whether
\fIcontext\fR
is on whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext\&.
.RE
.PP
queryLockdownWhitelistUid(i: uid) → b
.RS 4
Query whether user id
\fIuid\fR
is on whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid\&.
.RE
.PP
queryLockdownWhitelistUser(s: user) → b
.RS 4
Query whether
\fIuser\fR
is on whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser\&.
.RE
.PP
removeLockdownWhitelistCommand(s: command) → Nothing
.RS 4
Remove
\fIcommand\fR
from whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
removeLockdownWhitelistContext(s: context) → Nothing
.RS 4
Remove
\fIcontext\fR
from whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
removeLockdownWhitelistUid(i: uid) → Nothing
.RS 4
Remove user id
\fIuid\fR
from whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
removeLockdownWhitelistUser(s: user) → Nothing
.RS 4
Remove
\fIuser\fR
from whitelist\&. For permanent operation see
org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser\&.
.sp
Possible errors: NOT_ENABLED
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
LockdownDisabled()
.RS 4
Emitted when lockdown has been disabled\&.
.RE
.PP
LockdownEnabled()
.RS 4
Emitted when lockdown has been enabled\&.
.RE
.PP
LockdownWhitelistCommandAdded(s: command)
.RS 4
Emitted when
\fIcommand\fR
has been added to whitelist\&.
.RE
.PP
LockdownWhitelistCommandRemoved(s: command)
.RS 4
Emitted when
\fIcommand\fR
has been removed from whitelist\&.
.RE
.PP
LockdownWhitelistContextAdded(s: context)
.RS 4
Emitted when
\fIcontext\fR
has been added to whitelist\&.
.RE
.PP
LockdownWhitelistContextRemoved(s: context)
.RS 4
Emitted when
\fIcontext\fR
has been removed from whitelist\&.
.RE
.PP
LockdownWhitelistUidAdded(i: uid)
.RS 4
Emitted when user id
\fIuid\fR
has been added to whitelist\&.
.RE
.PP
LockdownWhitelistUidRemoved(i: uid)
.RS 4
Emitted when user id
\fIuid\fR
has been removed from whitelist\&.
.RE
.PP
LockdownWhitelistUserAdded(s: user)
.RS 4
Emitted when
\fIuser\fR
has been added to whitelist\&.
.RE
.PP
LockdownWhitelistUserRemoved(s: user)
.RS 4
Emitted when
\fIuser\fR
has been removed from whitelist\&.
.RE
.RE
.SS "org\&.fedoraproject\&.FirewallD1\&.zone"
.PP
Operations in this interface allows to get, add, remove and query runtime zone\*(Aqs settings\&. For permanent settings see
org.fedoraproject.FirewallD1.config.zone
interface\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s
.RS 4
Add the IPv4 forward port into
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. The port can either be a single port number
\fIportid\fR
or a port range
\fIportid\fR\-\fIportid\fR\&. The protocol can either be
\fItcp\fR
or
\fIudp\fR\&. The destination address is a simple IP address\&. If
\fItimeout\fR
is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort\&.
.sp
Returns name of zone to which the forward port was added\&.
.sp
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addIcmpBlock(s: zone, s: icmp, i: timeout) → s
.RS 4
Add an ICMP block
\fIicmp\fR
into
\fIzone\fR\&. The
\fIicmp\fR
is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types use
org.fedoraproject.FirewallD1.Methods.listIcmpTypes
If
\fIzone\fR
is empty, use default zone\&. If
\fItimeout\fR
is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock\&.
.sp
Returns name of zone to which the ICMP block was added\&.
.sp
Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addInterface(s: zone, s: interface) → s
.RS 4
Bind
\fIinterface\fR
with
\fIzone\fR\&. From now on all traffic going through the
\fIinterface\fR
will respect the
\fIzone\fR\*(Aqs settings\&. If
\fIzone\fR
is empty, use default zone\&. For permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.addInterface\&.
.sp
Returns name of zone to which the interface was bound\&.
.sp
Possible errors: INVALID_ZONE, INVALID_INTERFACE, ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addMasquerade(s: zone, i: timeout) → s
.RS 4
Enable IPv4 masquerade in
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. If
\fItimeout\fR
is non\-zero, masquerading will be active for the amount of seconds\&. For permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade\&.
.sp
Returns name of zone in which the masquerade was enabled\&.
.sp
Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addPort(s: zone, s: port, s: protocol, i: timeout) → s
.RS 4
Add port into
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. The port can either be a single port number or a port range
\fIportid\fR\-\fIportid\fR\&. The protocol can either be
\fItcp\fR
or
\fIudp\fR\&. If
\fItimeout\fR
is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.addPort\&.
.sp
Returns name of zone to which the port was added\&.
.sp
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addRichRule(s: zone, s: rule, i: timeout) → s
.RS 4
Add rich language
\fIrule\fR
into
\fIzone\fR\&. For the rich language rule syntax, please have a look at
\fBfirewalld.direct\fR(5)\&. If
\fIzone\fR
is empty, use default zone\&. If
\fItimeout\fR
is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule\&.
.sp
Returns name of zone to which the rich language rule was added\&.
.sp
Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addService(s: zone, s: service, i: timeout) → s
.RS 4
Add
\fIservice\fR
into
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. If
\fItimeout\fR
is non\-zero, the operation will be active only for the amount of seconds\&. To get a list of supported services, use
org.fedoraproject.FirewallD1.Methods.listServices\&. For permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.addService\&.
.sp
Returns name of zone to which the service was added\&.
.sp
Possible errors: INVALID_ZONE, INVALID_SERVICE, ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
addSource(s: zone, s: source) → s
.RS 4
Bind
\fIsource\fR
with
\fIzone\fR\&. From now on all traffic going from this
\fIsource\fR
will respect the
\fIzone\fR\*(Aqs settings\&. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6\&. For IPv4, the mask can be a network mask or a plain number\&. For IPv6 the mask is a plain number\&. Use of host names is not supported\&. If
\fIzone\fR
is empty, use default zone\&. For permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.addSource\&.
.sp
Returns name of zone to which the source was bound\&.
.sp
Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED, INVALID_COMMAND
.RE
.PP
changeZone(s: zone, s: interface) → s
.RS 4
This function is deprecated, use
org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface
instead\&.
.RE
.PP
changeZoneOfInterface(s: zone, s: interface) → s
.RS 4
Change a zone an
\fIinterface\fR
is bound to to
\fIzone\fR\&. It\*(Aqs basically removeInterface(\fIinterface\fR) followed by addInterface(\fIzone\fR,
\fIinterface\fR)\&. If
\fIinterface\fR
has not been bound to a zone before, it behaves like
addInterface\&. If
\fIzone\fR
is empty, use default zone\&.
.sp
Returns name of zone to which the interface was bound\&.
.sp
Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
.RE
.PP
changeZoneOfSource(s: zone, s: source) → s
.RS 4
Change a zone an
\fIsource\fR
is bound to to
\fIzone\fR\&. It\*(Aqs basically removeSource(\fIsource\fR) followed by addSource(\fIzone\fR,
\fIsource\fR)\&. If
\fIsource\fR
has not been bound to a zone before, it behaves like
addSource\&. If
\fIzone\fR
is empty, use default zone\&.
.sp
Returns name of zone to which the source was bound\&.
.sp
Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT
.RE
.PP
getActiveZones() → a{sa{sas}}
.RS 4
Return dictionary of currently active zones altogether with interfaces and sources used in these zones\&. Active zones are zones, that have a binding to an interface or source\&.
.sp
Return value is a dictionary where keys are zone names (s) and values are again dictionaries where keys are either \*(Aqinterfaces\*(Aq or \*(Aqsources\*(Aq and values are arrays of interface names (s) or sources (s)\&.
.RE
.PP
getForwardPorts(s: zone) → aas
.RS 4
Return array of IPv4 forward ports previously added into
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts\&.
.sp
Return value is array of 4\-tuples, where each 4\-tuple consists of (port, protocol, to\-port, to\-addr)\&. to\-addr might be empty in case of local forwarding\&.
.sp
Possible errors: INVALID_ZONE
.RE
.PP
getIcmpBlocks(s: zone) → as
.RS 4
Return array of ICMP type (s) blocks previously added into
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks\&.
.sp
Possible errors: INVALID_ZONE
.RE
.PP
getInterfaces(s: zone) → as
.RS 4
Return array of interfaces (s) previously bound with
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces\&.
.sp
Possible errors: INVALID_ZONE
.RE
.PP
getPorts(s: zone) → aas
.RS 4
Return array of ports (2\-tuple of port and protocol) previously enabled in
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.getPorts\&.
.sp
Possible errors: INVALID_ZONE
.RE
.PP
getRichRules(s: zone) → as
.RS 4
Return array of rich language rules (s) previously added into
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules\&.
.sp
Possible errors: INVALID_ZONE
.RE
.PP
getServices(s: zone) → as
.RS 4
Return array of services (s) previously enabled in
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.getServices\&.
.sp
Possible errors: INVALID_ZONE
.RE
.PP
getSources(s: zone) → as
.RS 4
Return array of sources (s) previously bound with
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For getting permanent settings see
org.fedoraproject.FirewallD1.config.zone.Methods.getSources\&.
.sp
Possible errors: INVALID_ZONE
.RE
.PP
getZoneOfInterface(s: interface) → s
.RS 4
Return name (s) of zone the
\fIinterface\fR
is bound to or empty string\&.
.RE
.PP
getZoneOfSource(s: source) → s
.RS 4
Return name (s) of zone the
\fIsource\fR
is bound to or empty string\&.
.RE
.PP
getZones() → as
.RS 4
Return array of names (s) of predefined zones known to current runtime environment\&. For list of zones known to permanent environment see
org.fedoraproject.FirewallD1.config.Methods.listZones\&. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if
org.fedoraproject.FirewallD1.config.Methods.addZone
has been called recently, but firewalld has not been reloaded since then\&.
.RE
.PP
isImmutable(s: zone) → b
.RS 4
Deprecated\&.
.RE
.PP
queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b
.RS 4
Return whether the IPv4 forward port (\fIport\fR,
\fIprotocol\fR,
\fItoport\fR,
\fItoaddr\fR) has been added into
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort\&.
.sp
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD
.RE
.PP
queryIcmpBlock(s: zone, s: icmp) → b
.RS 4
Return whether an ICMP block for
\fIicmp\fR
has been added into
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock\&.
.sp
Possible errors: INVALID_ZONE, INVALID_ICMPTYPE
.RE
.PP
queryInterface(s: zone, s: interface) → b
.RS 4
Query whether
\fIinterface\fR
has been bound to
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface\&.
.sp
Possible errors: INVALID_ZONE, INVALID_INTERFACE
.RE
.PP
queryMasquerade(s: zone) → b
.RS 4
Return whether IPv4 masquerading has been enabled in
\fIzone\fR
If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade\&.
.sp
Possible errors: INVALID_ZONE
.RE
.PP
queryPort(s: zone, s: port, s: protocol) → b
.RS 4
Return whether
\fIport\fR/\fIprotocol\fR
has been added in
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.queryPort\&.
.sp
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL
.RE
.PP
queryRichRule(s: zone, s: rule) → b
.RS 4
Return whether rich rule
\fIrule\fR
has been added in
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule\&.
.sp
Possible errors: INVALID_ZONE, INVALID_RULE
.RE
.PP
queryService(s: zone, s: service) → b
.RS 4
Return whether
\fIservice\fR
has been added for
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.queryService\&.
.sp
Possible errors: INVALID_ZONE, INVALID_SERVICE
.RE
.PP
querySource(s: zone, s: source) → b
.RS 4
Query whether
\fIsource\fRhas been bound to
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.querySource\&.
.sp
Possible errors: INVALID_ZONE, INVALID_ADDR
.RE
.PP
removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s
.RS 4
Remove IPv4 forward port ((\fIport\fR,
\fIprotocol\fR,
\fItoport\fR,
\fItoaddr\fR)) from
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort\&.
.sp
Returns name of zone from which the forward port was removed\&.
.sp
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED, INVALID_COMMAND
.RE
.PP
removeIcmpBlock(s: zone, s: icmp) → s
.RS 4
Remove ICMP block
\fIicmp\fR
from
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock\&.
.sp
Returns name of zone from which the ICMP block was removed\&.
.sp
Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED, INVALID_COMMAND
.RE
.PP
removeInterface(s: zone, s: interface) → s
.RS 4
Remove binding of
\fIinterface\fR
from
\fIzone\fR\&. If
\fIzone\fR
is empty, the interface will be removed from zone it belongs to\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface\&.
.sp
Returns name of zone from which the
\fIinterface\fR
was removed\&.
.sp
Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED, INVALID_COMMAND
.RE
.PP
removeMasquerade(s: zone) → s
.RS 4
Disable IPv4 masquerade for
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade\&.
.sp
Returns name of zone for which the masquerade was disabled\&.
.sp
Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND
.RE
.PP
removePort(s: zone, s: port, s: protocol) → s
.RS 4
Remove port/protocol from
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.removePort\&.
.sp
Returns name of zone from which the port was removed\&.
.sp
Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND
.RE
.PP
removeRichRule(s: zone, s: rule) → s
.RS 4
Remove rich language
\fIrule\fR
from
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule\&.
.sp
Returns name of zone from which the rich language rule was removed\&.
.sp
Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED, INVALID_COMMAND
.RE
.PP
removeService(s: zone, s: service) → s
.RS 4
Remove
\fIservice\fR
from
\fIzone\fR\&. If
\fIzone\fR
is empty, use default zone\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.removeService\&.
.sp
Returns name of zone from which the service was removed\&.
.sp
Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED, INVALID_COMMAND
.RE
.PP
removeSource(s: zone, s: source) → s
.RS 4
Remove binding of
\fIsource\fR
from
\fIzone\fR\&. If
\fIzone\fR
is empty, the source will be removed from zone it belongs to\&. For permanent operation see
org.fedoraproject.FirewallD1.config.zone.Methods.removeSource\&.
.sp
Returns name of zone from which the
\fIsource\fR
was removed\&.
.sp
Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED, INVALID_COMMAND
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout)
.RS 4
Emitted when forward port has been added to
\fIzone\fR
with
\fItimeout\fR\&.
.RE
.PP
ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr)
.RS 4
Emitted when forward port has been removed from
\fIzone\fR\&.
.RE
.PP
IcmpBlockAdded(s: zone, s: icmp, i: timeout)
.RS 4
Emitted when ICMP block for
\fIicmp\fR
has been added to
\fIzone\fR
with
\fItimeout\fR\&.
.RE
.PP
IcmpBlockRemoved(s: zone, s: icmp)
.RS 4
Emitted when ICMP block for
\fIicmp\fR
has been removed from
\fIzone\fR\&.
.RE
.PP
InterfaceAdded(s: zone, s: interface)
.RS 4
Emitted when
\fIinterface\fR
has been added to
\fIzone\fR\&.
.RE
.PP
InterfaceRemoved(s: zone, s: interface)
.RS 4
Emitted when
\fIinterface\fR
has been removed from
\fIzone\fR\&.
.RE
.PP
MasqueradeAdded(s: zone, i: timeout)
.RS 4
Emitted when IPv4 masquerade has been enabled for
\fIzone\fR\&.
.RE
.PP
MasqueradeRemoved(s: zone)
.RS 4
Emitted when IPv4 masquerade has been disabled for
\fIzone\fR\&.
.RE
.PP
PortAdded(s: zone, s: port, s: protocol, i: timeout)
.RS 4
Emitted when
\fIport\fR/\fIprotocol\fR
has been added to
\fIzone\fR
with
\fItimeout\fR\&.
.RE
.PP
PortRemoved(s: zone, s: port, s: protocol)
.RS 4
Emitted when
\fIport\fR/\fIprotocol\fR
has been removed from
\fIzone\fR\&.
.RE
.PP
RichRuleAdded(s: zone, s: rule, i: timeout)
.RS 4
Emitted when rich language
\fIrule\fR
has been added to
\fIzone\fR
with
\fItimeout\fR\&.
.RE
.PP
RichRuleRemoved(s: zone, s: rule)
.RS 4
Emitted when rich language
\fIrule\fR
has been removed from
\fIzone\fR\&.
.RE
.PP
ServiceAdded(s: zone, s: service, i: timeout)
.RS 4
Emitted when
\fIservice\fR
has been added to
\fIzone\fR
with
\fItimeout\fR\&.
.RE
.PP
ServiceRemoved(s: zone, s: service)
.RS 4
Emitted when
\fIservice\fR
has been removed from
\fIzone\fR\&.
.RE
.PP
SourceAdded(s: zone, s: source)
.RS 4
Emitted when
\fIsource\fR
has been added to
\fIzone\fR\&.
.RE
.PP
SourceRemoved(s: zone, s: source)
.RS 4
Emitted when
\fIsource\fR
has been removed from
\fIzone\fR\&.
.RE
.PP
ZoneChanged(s: zone, s: interface)
.RS 4
Deprecated
.RE
.PP
ZoneOfInterfaceChanged(s: zone, s: interface)
.RS 4
Emitted when a zone an
\fIinterface\fR
is part of has been changed to
\fIzone\fR\&.
.RE
.PP
ZoneOfSourceChanged(s: zone, s: source)
.RS 4
Emitted when a zone an
\fIsource\fR
is part of has been changed to
\fIzone\fR\&.
.RE
.RE
.SS "org\&.fedoraproject\&.FirewallD1\&.config"
.PP
Allows to permanently add, remove and query zones, services and icmp types\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
addIcmpType(s: icmptype, (sssas): settings) → o
.RS 4
Add
\fIicmptype\fR
with given
\fIsettings\fR
into permanent configuration\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR, array of
\fIdestinations\fR\&. Returns object path of the new icmp type\&.
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq, see \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.sp
Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
.RE
.PP
addService(s: service, (sssa(ss)asa{ss}): settings) → o
.RS 4
Add
\fIservice\fR
with given
\fIsettings\fR
into permanent configuration\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR, array of
\fIports\fR
(port, protocol), array of
\fImodule names\fR, dictionary of
\fIdestinations\fR\&. Returns object path of the new icmp type\&.
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.sp
Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
.RE
.PP
addZone(s: zone, (sssbsasa(ss)asba(ssss)asasas): settings) → o
.RS 4
Add
\fIzone\fR
with given
\fIsettings\fR
into permanent configuration\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR,
\fIUNUSED\fR,
\fItarget\fR, array of
\fIservices\fR, array of
\fIports\fR
(port, protocol), array of
\fIicmp\-blocks\fR,
\fImasquerade\fR, array of
\fIforward\-ports\fR
(port, protocol, to\-port, to\-addr), array of
\fIinterfaces\fR, array of
\fIsources\fR, array of
\fIrich rules\fR
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIUNUSED (b)\fR: this boolean value is no longer used for anything\&.
.RS 4
.RE
.PP
\fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIicmp\-blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIforward\-ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIsource addresses (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIrich rules (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.sp
Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE
.RE
.PP
getIcmpTypeByName(s: icmptype) → o
.RS 4
Return object path (permanent configuration) of
\fIicmptype\fR
with given name\&.
.sp
Possible errors: INVALID_ICMPTYPE
.RE
.PP
getServiceByName(s: service) → o
.RS 4
Return object path (permanent configuration) of
\fIservice\fR
with given name\&.
.sp
Possible errors: INVALID_SERVICE
.RE
.PP
getZoneByName(s: zone) → o
.RS 4
Return object path (permanent configuration) of
\fIzone\fR
with given name\&.
.sp
Possible errors: INVALID_ZONE
.RE
.PP
getZoneOfInterface(s: iface) → s
.RS 4
Return name of zone the
\fIiface\fR
is bound to or empty string\&.
.RE
.PP
getZoneOfSource(s: source) → s
.RS 4
Return name of zone the
\fIsource\fR
is bound to or empty string\&.
.RE
.PP
listIcmpTypes() → ao
.RS 4
Return array of object paths (o) of
icmp types
in permanent configuration\&. For runtime configuration see
org.fedoraproject.FirewallD1.Methods.listIcmpTypes\&.
.RE
.PP
listServices() → ao
.RS 4
Return array of objects paths (o) of
services
in permanent configuration\&. For runtime configuration see
org.fedoraproject.FirewallD1.Methods.listServices\&.
.RE
.PP
listZones() → ao
.RS 4
List object paths of zones known to permanent environment\&. For list of zones known to runtime environment see
org.fedoraproject.FirewallD1.zone.Methods.getZones\&. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if
org.fedoraproject.FirewallD1.config.Methods.addZone
has been called recently, but firewalld has not been reloaded since then\&.
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
IcmpTypeAdded(s: icmptype)
.RS 4
Emitted when
\fIicmptype\fR
has been added\&.
.RE
.PP
ServiceAdded(s: service)
.RS 4
Emitted when
\fIservice\fR
has been added\&.
.RE
.PP
ZoneAdded(s: zone)
.RS 4
Emitted when
\fIzone\fR
has been added\&.
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBProperties\fR
.RS 4
.PP
CleanupOnExit \- s \- (rw)
.RS 4
If firewalld stops, it cleans up all firewall rules\&. Setting this option to no or false leaves the current firewall rules untouched\&.
.RE
.PP
DefaultZone \- s \- (ro)
.RS 4
Default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool\&.
.RE
.PP
Lockdown \- s \- (rw)
.RS 4
If this property is enabled, firewall changes with the D\-Bus interface will be limited to applications that are listed in the lockdown whitelist\&.
.RE
.PP
MinimalMark \- i \- (rw)
.RS 4
For some firewall settings several rules are needed in different tables to be able to handle packets in the correct way\&. To achieve that these packets are marked using the MARK target\&. With the MinimalMark property a block of marks can be reserved for private use; only marks over this value are used\&.
.RE
.RE
.SS "org\&.fedoraproject\&.FirewallD1\&.config\&.direct"
.PP
Interface for permanent direct configuration, see also
\fBfirewalld.direct\fR(5)\&. For runtime direct configuration see
org.fedoraproject.FirewallD1.direct
interface\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
getSettings() → (a(sss)a(sssias)a(sas))
.RS 4
Get settings of permanent direct configuration in format: array of
\fIchains\fR, array of
\fIrules\fR, array of
\fIpassthroughs\fR\&.
.PP
\fIchains (a(sss))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR), see \*(Aqchain\*(Aq in \fBfirewalld.direct\fR(5)\&.
.RS 4
.RE
\&.
                  .PP
\fIrules (a(sssias))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR), see \*(Aqrule\*(Aq in \fBfirewalld.direct\fR(5)\&.
.RS 4
.RE
\&.
                  .PP
\fIpassthroughs (a(sas))\fR: array of (\fIipv\fR, array of \fIarguments\fR), see passthrough in \fBfirewalld.direct\fR(5)\&.
.RS 4
.RE
\&.
                .sp
.RE
.PP
update((a(sss)a(sssias)a(sas)): settings) → Nothing
.RS 4
Update permanent direct configuration with given
\fIsettings\fR\&. Settings are in format: array of
\fIchains\fR, array of
\fIrules\fR, array of
\fIpassthroughs\fR\&.
.PP
\fIchains (a(sss))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR), see \*(Aqchain\*(Aq in \fBfirewalld.direct\fR(5)\&.
.RS 4
.RE
\&.
                  .PP
\fIrules (a(sssias))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR), see \*(Aqrule\*(Aq in \fBfirewalld.direct\fR(5)\&.
.RS 4
.RE
\&.
                  .PP
\fIpassthroughs (a(sas))\fR: array of (\fIipv\fR, array of \fIarguments\fR), see passthrough in \fBfirewalld.direct\fR(5)\&.
.RS 4
.RE
\&.
                .sp
Possible errors: INVALID_TYPE
.RE
.PP
addChain(s: ipv, s: table, s: chain) → Nothing
.RS 4
Add a new
\fIchain\fR
to
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. Make sure there\*(Aqs no other chain with this name already\&. There already exist basic chains to use with direct methods, for example
\fIINPUT_direct\fR
chain\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into
\fIINPUT_direct\fR
will be checked before rules in zones\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.addChain\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
.RE
.PP
addPassthrough(s: ipv, as: args) → Nothing
.RS 4
Add a passthrough rule with the arguments
\fIargs\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.addPassthrough\&.
.sp
Possible errors: INVALID_IPV, ALREADY_ENABLED
.RE
.PP
addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing
.RS 4
Add a rule with the arguments
\fIargs\fR
to
\fIchain\fR
in
\fItable\fR
with
\fIpriority\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. The priority is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.addRule\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED
.RE
.PP
getAllChains() → a(sss)
.RS 4
Get all chains added to all tables in format: ipv, table, chain\&. This concerns only chains previously added with
addChain\&. Return value is a array of (\fIipv\fR,
\fItable\fR,
\fIchain\fR)\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.getAllChains\&.
.PP
\fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&.
.RS 4
.RE
.PP
\fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR
.RS 4
.RE
.PP
\fIchain (s)\fR: name of a chain\&.
.RS 4
.RE
.sp
.RE
.PP
getAllPassthroughs() → a(sas)
.RS 4
Get all passthrough rules added in all ipv types in format: ipv, rule\&. This concerns only rules previously added with
addPassthrough\&. Return value is a array of (\fIipv\fR, array of
\fIarguments\fR)\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs\&.
.PP
\fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&.
.RS 4
.RE
.PP
\fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&.
.RS 4
.RE
.sp
.RE
.PP
getAllRules() → a(sssias)
.RS 4
Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule\&. This concerns only rules previously added with
addRule\&. Return value is a array of (\fIipv\fR,
\fItable\fR,
\fIchain\fR,
\fIpriority\fR, array of
\fIarguments\fR)\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.getAllRules\&.
.PP
\fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&.
.RS 4
.RE
.PP
\fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR
.RS 4
.RE
.PP
\fIchain (s)\fR: name of a chain\&.
.RS 4
.RE
.PP
\fIpriority (i)\fR: used to order rules\&.
.RS 4
.RE
.PP
\fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&.
.RS 4
.RE
.sp
.RE
.PP
getChains(s: ipv, s: table) → as
.RS 4
Return an array of chains (s) added to
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only chains previously added with
addChain\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.getChains\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.PP
getRules(s: ipv, s: table, s: chain) → a(ias)
.RS 4
Get all rules added to
\fIchain\fR
in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only rules previously added with
addRule\&. Return value is a array of (\fIpriority\fR, array of
\fIarguments\fR)\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.getRules\&.
.PP
\fIpriority (i)\fR: used to order rules\&.
.RS 4
.RE
.PP
\fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&.
.RS 4
.RE
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.PP
queryChain(s: ipv, s: table, s: chain) → b
.RS 4
Return whether a
\fIchain\fR
exists in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only chains previously added with
addChain\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.queryChain\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.PP
queryPassthrough(s: ipv, as: args) → b
.RS 4
Return whether a tracked passthrough rule with the arguments
\fIargs\fR
exists for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only rules previously added with
addPassthrough\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough\&.
.sp
Possible errors: INVALID_IPV
.RE
.PP
queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b
.RS 4
Return whether a rule with
\fIpriority\fR
and the arguments
\fIargs\fR
exists in
\fIchain\fR
in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only rules previously added with
addRule\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.queryRule\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.PP
removeChain(s: ipv, s: table, s: chain) → Nothing
.RS 4
Remove a
\fIchain\fR
from
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. Only chains previously added with
addChain
can be removed this way\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.removeChain\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
.RE
.PP
removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing
.RS 4
Remove a rule with
\fIpriority\fR
and arguments
\fIargs\fR
from
\fIchain\fR
in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. Only rules previously added with
addRule
can be removed this way\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.removeRule\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED
.RE
.PP
removePassthrough(s: ipv, as: args) → Nothing
.RS 4
Remove a passthrough rule with arguments
\fIargs\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. Only rules previously added with
addPassthrough
can be removed this way\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.removePassthrough\&.
.sp
Possible errors: INVALID_IPV, NOT_ENABLED
.RE
.PP
removeRules(s: ipv, s: table, s: chain) → Nothing
.RS 4
Remove all rules from
\fIchain\fR
in
\fItable\fR
for
\fIipv\fR
being either
\fIipv4\fR
(iptables) or
\fIipv6\fR
(ip6tables) or
\fIeb\fR
(ebtables)\&. This concerns only rules previously added with
addRule\&. For runtime operation see
org.fedoraproject.FirewallD1.direct.Methods.removeRules\&.
.sp
Possible errors: INVALID_IPV, INVALID_TABLE
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
Updated()
.RS 4
Emitted when configuration has been updated\&.
.RE
.RE
.SS "org\&.fedoraproject\&.FirewallD1\&.config\&.policies"
.PP
Interface for permanent lockdown\-whitelist configuration, see also
\fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime configuration see
org.fedoraproject.FirewallD1.policies
interface\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
getLockdownWhitelist() → (asasasai)
.RS 4
Get settings of permanent lockdown\-whitelist configuration in format:
\fIcommands\fR,
\fIselinux contexts\fR,
\fIusers\fR,
\fIuids\fR
.PP
\fIcommands (as)\fR: see \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&.
.RS 4
.RE
.PP
\fIselinux contexts (as)\fR: see \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&.
.RS 4
.RE
.PP
\fIusers (as)\fR: see \fIname\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&.
.RS 4
.RE
.PP
\fIuids (ai)\fR: see \fIid\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&.
.RS 4
.RE
.sp
.RE
.PP
setLockdownWhitelist((asasasai): settings) → Nothing
.RS 4
Set permanent lockdown\-whitelist configuration to
\fIsettings\fR\&. Settings are in format:
\fIcommands\fR,
\fIselinux contexts\fR,
\fIusers\fR,
\fIuids\fR
.PP
\fIcommands (as)\fR: see \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&.
.RS 4
.RE
.PP
\fIselinux contexts (as)\fR: see \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&.
.RS 4
.RE
.PP
\fIusers (as)\fR: see \fIname\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&.
.RS 4
.RE
.PP
\fIuids (ai)\fR: see \fIid\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&.
.RS 4
.RE
.sp
Possible errors: INVALID_TYPE
.RE
.PP
addLockdownWhitelistCommand(s: command) → Nothing
.RS 4
Add
\fIcommand\fR
to whitelist\&. See
\fIcommand\fR
option in
\fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand\&.
.sp
Possible errors: ALREADY_ENABLED, INVALID_TYPE
.RE
.PP
addLockdownWhitelistContext(s: context) → Nothing
.RS 4
Add
\fIcontext\fR
to whitelist\&. See
\fIselinux\fR
option in
\fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext\&.
.sp
Possible errors: ALREADY_ENABLED, INVALID_TYPE
.RE
.PP
addLockdownWhitelistUid(i: uid) → Nothing
.RS 4
Add user id
\fIuid\fR
to whitelist\&. See
\fIuser\fR
option in
\fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid\&.
.sp
Possible errors: ALREADY_ENABLED, INVALID_TYPE
.RE
.PP
addLockdownWhitelistUser(s: user) → Nothing
.RS 4
Add
\fIuser\fR
name to whitelist\&. See
\fIuser\fR
option in
\fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser\&.
.sp
Possible errors: ALREADY_ENABLED, INVALID_TYPE
.RE
.PP
getLockdownWhitelistCommands() → as
.RS 4
List all command lines (s) that are on whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands\&.
.RE
.PP
getLockdownWhitelistContexts() → as
.RS 4
List all contexts (s) that are on whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts\&.
.RE
.PP
getLockdownWhitelistUids() → ai
.RS 4
List all user ids (i) that are on whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids\&.
.RE
.PP
getLockdownWhitelistUsers() → as
.RS 4
List all users (s) that are on whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers\&.
.RE
.PP
queryLockdownWhitelistCommand(s: command) → b
.RS 4
Query whether
\fIcommand\fR
is on whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand\&.
.RE
.PP
queryLockdownWhitelistContext(s: context) → b
.RS 4
Query whether
\fIcontext\fR
is on whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext\&.
.RE
.PP
queryLockdownWhitelistUid(i: uid) → b
.RS 4
Query whether user id
\fIuid\fR
is on whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid\&.
.RE
.PP
queryLockdownWhitelistUser(s: user) → b
.RS 4
Query whether
\fIuser\fR
is on whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser\&.
.RE
.PP
removeLockdownWhitelistCommand(s: command) → Nothing
.RS 4
Remove
\fIcommand\fR
from whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
removeLockdownWhitelistContext(s: context) → Nothing
.RS 4
Remove
\fIcontext\fR
from whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
removeLockdownWhitelistUid(i: uid) → Nothing
.RS 4
Remove user id
\fIuid\fR
from whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
removeLockdownWhitelistUser(s: user) → Nothing
.RS 4
Remove
\fIuser\fR
from whitelist\&. For runtime operation see
org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser\&.
.sp
Possible errors: NOT_ENABLED
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
LockdownWhitelistUpdated()
.RS 4
Emitted when permanent lockdown\-whitelist configuration has been updated\&.
.RE
.RE
.SS "org\&.fedoraproject\&.FirewallD1\&.config\&.zone"
.PP
Interface for permanent zone configuration, see also
\fBfirewalld.zone\fR(5)\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
getSettings() → (sssbsasa(ss)asba(ssss)asasas)
.RS 4
Return permanent settings of given
\fIzone\fR\&. For getting runtime settings see
org.fedoraproject.FirewallD1.Methods.getZoneSettings\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR,
\fIUNUSED\fR,
\fItarget\fR, array of
\fIservices\fR, array of
\fIports\fR
(port, protocol), array of
\fIicmp\-blocks\fR,
\fImasquerade\fR, array of
\fIforward\-ports\fR
(port, protocol, to\-port, to\-addr), array of
\fIinterfaces\fR, array of
\fIsources\fR, array of
\fIrich rules\fR
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIUNUSED (b)\fR: this boolean value is no longer used for anything\&.
.RS 4
.RE
.PP
\fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIicmp\-blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIforward\-ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIsource addresses (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIrich rules (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.sp
.RE
.PP
loadDefaults() → Nothing
.RS 4
Load default settings for built\-in zone\&.
.sp
Possible errors: NO_DEFAULTS
.RE
.PP
remove() → Nothing
.RS 4
Remove not built\-in zone\&.
.sp
Possible errors: BUILTIN_ZONE
.RE
.PP
rename(s: name) → Nothing
.RS 4
Rename not built\-in zone to
\fIname\fR\&.
.sp
Possible errors: BUILTIN_ZONE
.RE
.PP
update((sssbsasa(ss)asba(ssss)asasas): settings) → Nothing
.RS 4
Update settings of zone to
\fIsettings\fR\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR,
\fIUNUSED\fR,
\fItarget\fR, array of
\fIservices\fR, array of
\fIports\fR
(port, protocol), array of
\fIicmp\-blocks\fR,
\fImasquerade\fR, array of
\fIforward\-ports\fR
(port, protocol, to\-port, to\-addr), array of
\fIinterfaces\fR, array of
\fIsources\fR, array of
\fIrich rules\fR
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIUNUSED (b)\fR: this boolean value is no longer used for anything\&.
.RS 4
.RE
.PP
\fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIicmp\-blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIforward\-ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIsource addresses (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.PP
\fIrich rules (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&.
.RS 4
.RE
.sp
Possible errors: INVALID_TYPE
.RE
.PP
getVersion() → s
.RS 4
Get version of zone\&. See
\fIversion\fR
attribute of
\fIzone\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
setVersion(s: version) → Nothing
.RS 4
Permanently set version of zone to
\fIversion\fR\&. See
\fIversion\fR
attribute of
\fIzone\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
getShort() → s
.RS 4
Get name of zone\&. See
\fIshort\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
setShort(s: short) → Nothing
.RS 4
Permanently set name of zone to
\fIshort\fR\&. See
\fIshort\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
getDescription() → s
.RS 4
Get description of zone\&. See
\fIdescription\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
setDescription(s: description) → Nothing
.RS 4
Permanently set description of zone to
\fIdescription\fR\&. See
\fIdescription\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
getTarget() → s
.RS 4
Get target of zone\&. See
\fItarget\fR
attribute of
\fIzone\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
setTarget(s: target) → Nothing
.RS 4
Permanently set target of zone to
\fItarget\fR\&. See
\fItarget\fR
attribute of
\fIzone\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
getServices() → as
.RS 4
Get list of service names used in zone\&. See
\fIservice\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.getServices\&.
.RE
.PP
setServices(as: services) → Nothing
.RS 4
Permanently set list of services used in zone to
\fIservices\fR\&. See
\fIservice\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
addService(s: service) → Nothing
.RS 4
Permanently add
\fIservice\fR
to list of services used in zone\&. See
\fIservice\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.addService\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeService(s: service) → Nothing
.RS 4
Permanently remove
\fIservice\fR
from list of services used in zone\&. See
\fIservice\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.removeService\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryService(s: service) → Nothing
.RS 4
Return whether
\fIservice\fR
is in list of services used in zone\&. See
\fIservice\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.queryService\&.
.RE
.PP
getPorts() → a(ss)
.RS 4
Get list of (\fIport\fR,
\fIprotocol\fR) defined in zone\&. See
\fIport\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.getPorts\&.
.RE
.PP
setPorts(a(ss): ports) → Nothing
.RS 4
Permanently set ports of zone to list of (\fIport\fR,
\fIprotocol\fR)\&. See
\fIport\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
addPort(s: port, s: protocol) → Nothing
.RS 4
Permanently add (\fIport\fR,
\fIprotocol\fR) to list of ports of zone\&. See
\fIport\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.addPort\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removePort(s: port, s: protocol) → Nothing
.RS 4
Permanently remove (\fIport\fR,
\fIprotocol\fR) from list of ports of zone\&. See
\fIport\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.removePort\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryPort(s: port, s: protocol) → Nothing
.RS 4
Return whether (\fIport\fR,
\fIprotocol\fR) is in list of ports of zone\&. See
\fIport\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.queryPort\&.
.RE
.PP
getIcmpBlocks() → as
.RS 4
Get list of icmp type names blocked in zone\&. See
\fIicmp\-block\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks\&.
.RE
.PP
setIcmpBlocks(as: icmptypes) → Nothing
.RS 4
Permanently set list of icmp types blocked in zone to
\fIicmptypes\fR\&. See
\fIicmp\-block\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
addIcmpBlock(s: icmptype) → Nothing
.RS 4
Permanently add
\fIicmptype\fR
to list of icmp types blocked in zone\&. See
\fIicmp\-block\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeIcmpBlock(s: icmptype) → Nothing
.RS 4
Permanently remove
\fIicmptype\fR
from list of icmp types blocked in zone\&. See
\fIicmp\-block\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryIcmpBlock(s: icmptype) → Nothing
.RS 4
Return whether
\fIicmptype\fR
is in list of icmp types blocked in zone\&. See
\fIicmp\-block\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock\&.
.RE
.PP
getMasquerade() → b
.RS 4
Return whether
\fImasquerade\fR
is enabled in zone\&. This is the same as queryMasquerade() method\&. See
\fImasquerade\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
setMasquerade(b: masquerade) → Nothing
.RS 4
Permanently set masquerading in zone to
\fImasquerade\fR\&. See
\fImasquerade\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
addMasquerade() → Nothing
.RS 4
Permanently enable masquerading in zone\&. See
\fImasquerade\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.addMasquerade\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeMasquerade() → Nothing
.RS 4
Permanently disable masquerading in zone\&. See
\fImasquerade\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryMasquerade() → b
.RS 4
Return whether
\fImasquerade\fR
is enabled in zone\&. This is the same as getMasquerade() method\&. See
\fImasquerade\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade\&.
.RE
.PP
getForwardPorts() → a(ssss)
.RS 4
Get list of (\fIport\fR,
\fIprotocol\fR,
\fItoport\fR,
\fItoaddr\fR) defined in zone\&. See
\fIforward\-port\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts\&.
.RE
.PP
setForwardPorts(a(ssss): ports) → Nothing
.RS 4
Permanently set forward ports of zone to list of (\fIport\fR,
\fIprotocol\fR,
\fItoport\fR,
\fItoaddr\fR)\&. See
\fIforward\-port\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
addForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing
.RS 4
Permanently add (\fIport\fR,
\fIprotocol\fR,
\fItoport\fR,
\fItoaddr\fR) to list of forward ports of zone\&. See
\fIforward\-port\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.addForwardPort\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing
.RS 4
Permanently remove (\fIport\fR,
\fIprotocol\fR,
\fItoport\fR,
\fItoaddr\fR) from list of forward ports of zone\&. See
\fIforward\-port\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing
.RS 4
Return whether (\fIport\fR,
\fIprotocol\fR,
\fItoport\fR,
\fItoaddr\fR) is in list of forward ports of zone\&. See
\fIforward\-port\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort\&.
.RE
.PP
getInterfaces() → as
.RS 4
Get list of interfaces bound to zone\&. See
\fIinterface\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.getInterfaces\&.
.RE
.PP
setInterfaces(as: interfaces) → Nothing
.RS 4
Permanently set list of interfaces bound to zone to
\fIinterfaces\fR\&. See
\fIinterface\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
addInterface(s: interface) → Nothing
.RS 4
Permanently add
\fIinterface\fR
to list of interfaces bound to zone\&. See
\fIinterface\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.addInterface\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeInterface(s: interface) → Nothing
.RS 4
Permanently remove
\fIinterface\fR
from list of interfaces bound to zone\&. See
\fIinterface\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.removeInterface\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryInterface(s: interface) → Nothing
.RS 4
Return whether
\fIinterface\fR
is in list of interfaces bound to zone\&. See
\fIinterface\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.queryInterface\&.
.RE
.PP
getSources() → as
.RS 4
Get list of source addresses bound to zone\&. See
\fIsource\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.getSources\&.
.RE
.PP
setSources(as: sources) → Nothing
.RS 4
Permanently set list of source addresses bound to zone to
\fIsources\fR\&. See
\fIsource\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
addSource(s: source) → Nothing
.RS 4
Permanently add
\fIsource\fR
to list of source addresses bound to zone\&. See
\fIsource\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.addSource\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeSource(s: source) → Nothing
.RS 4
Permanently remove
\fIsource\fR
from list of source addresses bound to zone\&. See
\fIsource\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.removeSource\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
querySource(s: source) → Nothing
.RS 4
Return whether
\fIsource\fR
is in list of source addresses bound to zone\&. See
\fIsource\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.querySource\&.
.RE
.PP
getRichRules() → as
.RS 4
Get list of rich\-language rules in zone\&. See
\fIrule\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.getRichRules\&.
.RE
.PP
setRichRules(as: rules) → Nothing
.RS 4
Permanently set list of rich\-language rules to
\fIrules\fR\&. See
\fIrule\fR
tag in
\fBfirewalld.zone\fR(5)\&.
.RE
.PP
addRichRule(s: rule) → Nothing
.RS 4
Permanently add
\fIrule\fR
to list of rich\-language rules in zone\&. See
\fIrule\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.addRichRule\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeRichRule(s: rule) → Nothing
.RS 4
Permanently remove
\fIrule\fR
from list of rich\-language rules in zone\&. See
\fIrule\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.removeRichRule\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryRichRule(s: rule) → Nothing
.RS 4
Return whether
\fIrule\fR
is in list of rich\-language rules in zone\&. See
\fIrule\fR
tag in
\fBfirewalld.zone\fR(5)\&. For runtime operation see
org.fedoraproject.FirewallD1.zone.Methods.queryRichRule\&.
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
Removed(s: name)
.RS 4
Emitted when zone with
\fIname\fR
has been removed\&.
.RE
.PP
Renamed(s: name)
.RS 4
Emitted when zone has been renamed to
\fIname\fR\&.
.RE
.PP
Updated(s: name)
.RS 4
Emitted when zone with
\fIname\fR
has been updated\&.
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBProperties\fR
.RS 4
.PP
default \- b \- (ro)
.RS 4
True if build\-in zone has default settings\&. False if it has been modified\&. Always False for not build\-in zones\&.
.RE
.PP
filename \- s \- (ro)
.RS 4
Name (including \&.xml extension) of file where the configuration is stored\&.
.RE
.PP
name \- s \- (ro)
.RS 4
Name of zone\&.
.RE
.PP
path \- s \- (ro)
.RS 4
Path to directory where the zone configuration is stored\&. Should be either /usr/lib/firewalld/zones or /etc/firewalld/zones\&.
.RE
.RE
.SS "org\&.fedoraproject\&.FirewallD1\&.config\&.service"
.PP
Interface for permanent service configuration, see also
\fBfirewalld.service\fR(5)\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
getSettings() → (sssa(ss)asa{ss})
.RS 4
Return permanent settings of a
\fIservice\fR\&. For getting runtime settings see
org.fedoraproject.FirewallD1.Methods.getServiceSettings\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR, array of
\fIports\fR
(port, protocol), array of
\fImodule names\fR, dictionary of
\fIdestinations\fR\&.
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.sp
.RE
.PP
loadDefaults() → Nothing
.RS 4
Load default settings for built\-in service\&.
.sp
Possible errors: NO_DEFAULTS
.RE
.PP
remove() → Nothing
.RS 4
Remove not built\-in service\&.
.sp
Possible errors: BUILTIN_SERVICE
.RE
.PP
rename(s: name) → Nothing
.RS 4
Rename not built\-in service to
\fIname\fR\&.
.sp
Possible errors: BUILTIN_SERVICE
.RE
.PP
update((sssa(ss)asa{ss}): settings) → Nothing
.RS 4
Update settings of service to
\fIsettings\fR\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR, array of
\fIports\fR
(port, protocol), array of
\fImodule names\fR, dictionary of
\fIdestinations\fR\&.
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.PP
\fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&.
.RS 4
.RE
.sp
Possible errors: INVALID_TYPE
.RE
.PP
getVersion() → s
.RS 4
Get version of service\&. See
\fIversion\fR
attribute of
\fIservice\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
setVersion(s: version) → Nothing
.RS 4
Permanently set version of service to
\fIversion\fR\&. See
\fIversion\fR
attribute of
\fIservice\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
getShort() → s
.RS 4
Get name of service\&. See
\fIshort\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
setShort(s: short) → Nothing
.RS 4
Permanently set name of service to
\fIshort\fR\&. See
\fIshort\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
getDescription() → s
.RS 4
Get description of service\&. See
\fIdescription\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
setDescription(s: description) → Nothing
.RS 4
Permanently set description of service to
\fIdescription\fR\&. See
\fIdescription\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
getPorts() → a(ss)
.RS 4
Get list of (\fIport\fR,
\fIprotocol\fR) defined in service\&. See
\fIport\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
setPorts(a(ss): ports) → Nothing
.RS 4
Permanently set ports of service to list of (\fIport\fR,
\fIprotocol\fR)\&. See
\fIport\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
addPort(s: port, s: protocol) → Nothing
.RS 4
Permanently add (\fIport\fR,
\fIprotocol\fR) to list of ports in service\&. See
\fIport\fR
tag in
\fBfirewalld.service\fR(5)\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removePort(s: port, s: protocol) → Nothing
.RS 4
Permanently remove (\fIport\fR,
\fIprotocol\fR) from list of ports in service\&. See
\fIport\fR
tag in
\fBfirewalld.service\fR(5)\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryPort(s: port, s: protocol) → Nothing
.RS 4
Return whether (\fIport\fR,
\fIprotocol\fR) is in list of ports in service\&. See
\fIport\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
getModules() → as
.RS 4
Get list of modules (netfilter kernel helpers) used in service\&. See
\fImodule\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
setModules(as: modules) → Nothing
.RS 4
Permanently set list of modules (netfilter kernel helpers) used in service to
\fImodules\fR\&. See
\fImodule\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
addModule(s: module) → Nothing
.RS 4
Permanently add
\fImodule\fR
to list of modules (netfilter kernel helpers) used in service\&. See
\fImodule\fR
tag in
\fBfirewalld.service\fR(5)\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeModule(s: module) → Nothing
.RS 4
Permanently remove
\fImodule\fR
from list of modules (netfilter kernel helpers) used in service\&. See
\fImodule\fR
tag in
\fBfirewalld.service\fR(5)\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryModule(s: module) → Nothing
.RS 4
Return whether
\fImodule\fR
is in list of modules (netfilter kernel helpers) used in service\&. See
\fImodule\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
getDestinations() → a{ss}
.RS 4
Get list of destinations\&. Return value is a dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See
\fIdestination\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
setDestinations(a{ss}: destinations) → Nothing
.RS 4
Permanently set destinations of service to
\fIdestinations\fR, which is a dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See
\fIdestination\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.PP
getDestination(s: family) → s
.RS 4
Permanently set a destination address\&. destination is in format: (\fIIP_family\fR,
\fIIP_address\fR) where
\fIIP_family\fR
can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See
\fIdestination\fR
tag in
\fBfirewalld.service\fR(5)\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
setDestination(ss: destination) → Nothing
.RS 4
Permanently set a destination address\&. destination is in format: (\fIIP_family\fR,
\fIIP_address\fR) where
\fIIP_family\fR
can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See
\fIdestination\fR
tag in
\fBfirewalld.service\fR(5)\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeDestination(s: family) → Nothing
.RS 4
Permanently remove a destination with
\fIfamily\fR
(\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) from service\&. See
\fIdestination\fR
tag in
\fBfirewalld.service\fR(5)\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryDestination(ss: destination) → b
.RS 4
Return whether a
\fIdestination\fR
is in dictionary of destinations of this service\&. destination is in format: (\fIIP_family\fR,
\fIIP_address\fR) where
\fIIP_family\fR
can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See
\fIdestination\fR
tag in
\fBfirewalld.service\fR(5)\&.
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
Removed(s: name)
.RS 4
Emitted when service with
\fIname\fR
has been removed\&.
.RE
.PP
Renamed(s: name)
.RS 4
Emitted when service has been renamed to
\fIname\fR\&.
.RE
.PP
Updated(s: name)
.RS 4
Emitted when service with
\fIname\fR
has been updated\&.
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBProperties\fR
.RS 4
.PP
default \- b \- (ro)
.RS 4
True if build\-in service has default settings\&. False if it has been modified\&. Always False for not build\-in services\&.
.RE
.PP
filename \- s \- (ro)
.RS 4
Name (including \&.xml extension) of file where the configuration is stored\&.
.RE
.PP
name \- s \- (ro)
.RS 4
Name of service\&.
.RE
.PP
path \- s \- (ro)
.RS 4
Path to directory where the configuration is stored\&. Should be either /usr/lib/firewalld/services or /etc/firewalld/services\&.
.RE
.RE
.SS "org\&.fedoraproject\&.FirewallD1\&.config\&.icmptype"
.PP
Interface for permanent icmp type configuration, see also
\fBfirewalld.icmptype\fR(5)\&.
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBMethods\fR
.RS 4
.PP
getSettings() → (sssas)
.RS 4
Return permanent settings of
\fIicmp type\fR\&. For getting runtime settings see
org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR, array of
\fIdestinations\fR\&.
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq and/or \*(Aqipv6\*(Aq, see destination tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.sp
.RE
.PP
loadDefaults() → Nothing
.RS 4
Load default settings for built\-in icmp type\&.
.sp
Possible errors: NO_DEFAULTS
.RE
.PP
remove() → Nothing
.RS 4
Remove not built\-in icmp type\&.
.sp
Possible errors: BUILTIN_ICMPTYPE
.RE
.PP
rename(s: name) → Nothing
.RS 4
Rename not built\-in icmp type to
\fIname\fR\&.
.sp
Possible errors: BUILTIN_ICMPTYPE
.RE
.PP
update((sssas): settings) → Nothing
.RS 4
Update permanent settings of icmp type to
\fIsettings\fR\&. Settings are in format:
\fIversion\fR,
\fIname\fR,
\fIdescription\fR, array of
\fIdestinations\fR\&.
.PP
\fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.PP
\fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq and/or \*(Aqipv6\*(Aq, see destination tag in \fBfirewalld.icmptype\fR(5)\&.
.RS 4
.RE
.sp
.RE
.PP
getVersion() → s
.RS 4
Get version of icmp type\&. See
\fIversion\fR
attribute of
\fIicmptype\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.RE
.PP
setVersion(s: version) → Nothing
.RS 4
Permanently set version of icmp type to
\fIversion\fR\&. See
\fIversion\fR
attribute of
\fIicmptype\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.RE
.PP
getShort() → s
.RS 4
Get name of icmp type\&. See
\fIshort\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.RE
.PP
setShort(s: short) → Nothing
.RS 4
Permanently set name of icmp type to
\fIshort\fR\&. See
\fIshort\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.RE
.PP
getDescription() → s
.RS 4
Get description of icmp type\&. See
\fIdescription\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.RE
.PP
setDescription(s: description) → Nothing
.RS 4
Permanently set description of icmp type to
\fIdescription\fR\&. See
\fIdescription\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.RE
.PP
getDestinations() → as
.RS 4
Get list of destinations\&. See
\fIdestination\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.RE
.PP
setDestinations(as: destinations) → Nothing
.RS 4
Permanently set destinations of icmp type to
\fIdestinations\fR, which is array, either empty or containing strings \*(Aqipv4\*(Aq and/or \*(Aqipv6\*(Aq\&. See
\fIdestination\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.RE
.PP
addDestination(s: destination) → Nothing
.RS 4
Permanently add a
\fIdestination\fR
(\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) to list of destinations of this icmp type\&. See
\fIdestination\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.sp
Possible errors: ALREADY_ENABLED
.RE
.PP
removeDestination(s: destination) → Nothing
.RS 4
Permanently remove a
\fIdestination\fR
(\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) from list of destinations of this icmp type\&. See
\fIdestination\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.sp
Possible errors: NOT_ENABLED
.RE
.PP
queryDestination(s: destination) → b
.RS 4
Return whether a
\fIdestination\fR
(\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) is in list of destinations of this icmp type\&. See
\fIdestination\fR
tag in
\fBfirewalld.icmptype\fR(5)\&.
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBSignals\fR
.RS 4
.PP
Removed(s: name)
.RS 4
Emitted when icmp type with
\fIname\fR
has been removed\&.
.RE
.PP
Renamed(s: name)
.RS 4
Emitted when icmp type has been renamed to
\fIname\fR\&.
.RE
.PP
Updated(s: name)
.RS 4
Emitted when icmp type with
\fIname\fR
has been updated\&.
.RE
.RE
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBProperties\fR
.RS 4
.PP
default \- b \- (ro)
.RS 4
True if build\-in icmp type has default settings\&. False if it has been modified\&. Always False for not build\-in zones\&.
.RE
.PP
filename \- s \- (ro)
.RS 4
Name (including \&.xml extension) of file where the configuration is stored\&.
.RE
.PP
name \- s \- (ro)
.RS 4
Name of icmp type\&.
.RE
.PP
path \- s \- (ro)
.RS 4
Path to directory where the icmp type configuration is stored\&. Should be either /usr/lib/firewalld/icmptypes or /etc/firewalld/icmptypes\&.
.RE
.RE
.SH "SEE ALSO"
\fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5)
.SH "NOTES"
.PP
firewalld home page:
.RS 4
\m[blue]\fB\%http://www.firewalld.org\fR\m[]
.RE
.PP
More documentation with examples:
.RS 4
\m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[]
.RE
.SH "AUTHORS"
.PP
\fBThomas Woerner\fR <\&twoerner@redhat\&.com\&>
.RS 4
Developer
.RE
.PP
\fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&>
.RS 4
Developer
.RE