commit d47792727a4b779ee1f1dfd292336e6f9767ed91 Author: Jiri Popelka Date: Thu Feb 6 11:06:08 2014 +0100 dos2unix firewalld.dbus.xml diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml index 32199e6..0742908 100644 --- a/doc/xml/firewalld.dbus.xml +++ b/doc/xml/firewalld.dbus.xml @@ -1,1899 +1,1899 @@ - - - - -]> - - - - - - - firewalld.dbus - firewalld - &authors; - - - - firewalld.dbus - 5 - - - - firewalld.dbus - firewalld D-Bus interface description - - - - Object Paths - - This is the basic firewalld object path structure. The used interfaces are explained below in the INTERFACES section. - - -/org/fedoraproject/FirewallD1 - Interfaces - org.fedoraproject.FirewallD1 - org.fedoraproject.FirewallD1.direct - org.fedoraproject.FirewallD1.policies - org.fedoraproject.FirewallD1.zone - org.freedesktop.DBus.Introspectable - org.freedesktop.DBus.Properties - -/org/fedoraproject/FirewallD1/config - Interfaces - org.fedoraproject.FirewallD1.config - org.fedoraproject.FirewallD1.config.direct - org.fedoraproject.FirewallD1.config.policies - org.freedesktop.DBus.Introspectable - org.freedesktop.DBus.Properties - -/org/fedoraproject/FirewallD1/config/icmptype/i - Interfaces - org.fedoraproject.FirewallD1.config.icmptype - org.freedesktop.DBus.Introspectable - org.freedesktop.DBus.Properties - -/org/fedoraproject/FirewallD1/config/service/i - Interfaces: - org.fedoraproject.FirewallD1.config.service - org.freedesktop.DBus.Introspectable - org.freedesktop.DBus.Properties - -/org/fedoraproject/FirewallD1/config/zone/i - Interfaces - org.fedoraproject.FirewallD1.config.zone - org.freedesktop.DBus.Introspectable - org.freedesktop.DBus.Properties - - - - - Interfaces - - - - - - - org.fedoraproject.FirewallD1 - - This interface contains general runtime operations, like: reloading, panic mode, default zone, getting services and icmp types and their settings. - - - - Methods - - - completeReload() → Nothing - - - Reload firewall completely, even netfilter kernel modules. - - - - - disablePanicMode() → Nothing - - - Disable panic mode. - - - - - enablePanicMode() → Nothing - - - Enable panic mode. - - - - - getDefaultZone() → s - - - Return default zone. - - - - - getIcmpTypeSettings(s: icmptype) → (sssas) - - - Return icmptype settings in format: version, name, description, array of destinations - - - - - getServiceSettings(s: service) → (sssa(ss)asa{ss}) - - - Return service settings in format: version, name, description, array of ports (port, protocol), array of module names, destinations {IP family : IP address} - - - - - listIcmpTypes() → as - - - Return list of icmptype names. - - - - - listServices() → as - - - Return list of service names. - - - - - queryPanicMode() → b - - - Return true if panic mode is enabled, false otherwise. - - - - - reload() → Nothing - - - Reload firewall rules and keep state information. - - - - - setDefaultZone(s: zone) → Nothing - - - Set default zone to zone. - - - - - - - - Signals - - - DefaultZoneChanged(s: zone) - - - Emitted when default zone has been changed to zone. - - - - - PanicModeDisabled() - - - Emitted when panic mode has been deactivated. - - - - - PanicModeEnabled() - - - Emitted when panic mode has been activated. - - - - - Reloaded() - - - Emitted when firewalld has been reloaded. Also emitted for a complete reload. - - - - - - - - Properties - - - BRIDGE - b - (ro) - - - Indicates whether the firewall has ethernet bridge support. - - - - - IPv4 - b - (ro) - - - Indicates whether the firewall has IPv4 support. - - - - - IPv6 - b - (ro) - - - Indicates whether the firewall has IPv6 support. - - - - - interface_version - s - (ro) - - - firewalld D-Bus interface version string. - - - - - state - s - (ro) - - - firewalld state. This can be either INIT or RUNNING. In INIT state, firewalld is starting up and initializing. - - - - - version - s - (ro) - - - firewalld version string. - - - - - - - - - org.fedoraproject.FirewallD1.direct - - This interface enables more direct access to the firewall. It enables runtime manipulation with chains and rules. For permanent configuration see org.fedoraproject.FirewallD1.config.direct interface. - - - - Methods - - - addChain(s: ipv, s: table, s: chain) → Nothing - - - Add a new chain to table for ipv being either ipv4 or ipv6 or eb. - - - - - addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing - - - Add a rule with the arguments args to chain in table with priority for ipv being either ipv4 or ipv6 or eb. - - - - - getAllChains() → a(sss) - - - Get all chains added to all tables in format: ipv, table, chain. - - - - - getAllRules() → a(sssias) - - - Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule - - - - - getChains(s: ipv, s: table) → as - - - Get all chains added to table for ipv being either ipv4 or ipv6 or eb. - - - - - getRules(s: ipv, s: table, s: chain) → a(ias) - - - Get all rules added to chain in table for ipv being either ipv4 or ipv6 or eb. - - - - - passthrough(s: ipv, as: args) → s - - - Pass a command through to the firewall. ipv can be either ipv4 or ipv6 or eb. args can be all iptables, ip6tables and ebtables command line arguments. - - - - - queryChain(s: ipv, s: table, s: chain) → b - - - Return whether a chain exists in table for ipv being either ipv4 or ipv6. - - - - - queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b - - - Return whether a rule with priority and the arguments args exists in chain in table for ipv being either ipv4 or ipv6 or eb. - - - - - removeChain(s: ipv, s: table, s: chain) → Nothing - - - Remove a chain from table for ipv being either ipv4 or ipv6. - - - - - removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing - - - Remove a rule with priority and arguments args from chain in table for ipv being either ipv4 or ipv6. - - - - - removeRules(s: ipv, s: table, s: chain) → Nothing - - - Remove all rules from chain in table for ipv being either ipv4 or ipv6. - - - - - - - - Signals - - - ChainAdded(s: ipv, s: table, s: chain) - - - Emitted when chain has been changed into table for ipv being either ipv4 or ipv6. - - - - - ChainRemoved(s: ipv, s: table, s: chain) - - - Emitted when chain has been changed from table for ipv being either ipv4 or ipv6. - - - - - RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args) - - - Emitted when a rule with args has been added to chain in table with priority for ipv being either ipv4 or ipv6 or eb. - - - - - RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args) - - - Emitted when a rule with args has been removed from chain in table with priority for ipv being either ipv4 or ipv6 or eb. - - - - - - - - - org.fedoraproject.FirewallD1.policies - - Enables firewalld to be able to lock down configuration changes from local applications. - Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt). - With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes. - For permanent configuration see org.fedoraproject.FirewallD1.config.policies interface. - - - - Methods - - - addLockdownWhitelistCommand(s: command) → Nothing - - - Add command to whitelist. - - - - - addLockdownWhitelistContext(s: context) → Nothing - - - Add context to whitelist. - - - - - addLockdownWhitelistUid(i: uid) → Nothing - - - Add user id uid to whitelist. - - - - - addLockdownWhitelistUser(s: user) → Nothing - - - Add user to whitelist. - - - - - disableLockdown() → Nothing - - - Disable lockdown. - - - - - enableLockdown() → Nothing - - - Enable lockdown. - - - - - getLockdownWhitelistCommands() → as - - - List all command lines that are on whitelist. - - - - - getLockdownWhitelistContexts() → as - - - List all contexts that are on whitelist. - - - - - getLockdownWhitelistUids() → ai - - - List all user ids that are on whitelist. - - - - - getLockdownWhitelistUsers() → as - - - List all users that are on whitelist. - - - - - queryLockdown() → b - - - Query whether lockdown is enabled. - - - - - queryLockdownWhitelistCommand(s: command) → b - - - Query whether command is on whitelist. - - - - - queryLockdownWhitelistContext(s: context) → b - - - Query whether context is on whitelist. - - - - - queryLockdownWhitelistUid(i: uid) → b - - - Query whether user id uid is on whitelist. - - - - - queryLockdownWhitelistUser(s: user) → b - - - Query whether user is on whitelist. - - - - - removeLockdownWhitelistCommand(s: command) → Nothing - - - Remove command from whitelist. - - - - - removeLockdownWhitelistContext(s: context) → Nothing - - - Remove context from whitelist. - - - - - removeLockdownWhitelistUid(i: uid) → Nothing - - - Remove user id uid from whitelist. - - - - - removeLockdownWhitelistUser(s: user) → Nothing - - - Remove user from whitelist. - - - - - - - - Signals - - - LockdownDisabled() - - - Emitted when lockdown has been disabled. - - - - - LockdownEnabled() - - - Emitted when lockdown has been enabled. - - - - - LockdownWhitelistCommandAdded(s: command) - - - Emitted when command has been added to whitelist. - - - - - LockdownWhitelistCommandRemoved(s: command) - - - Emitted when command has been removed from whitelist. - - - - - LockdownWhitelistContextAdded(s: context) - - - Emitted when context has been added to whitelist. - - - - - LockdownWhitelistContextRemoved(s: context) - - - Emitted when context has been removed from whitelist. - - - - - LockdownWhitelistUidAdded(i: uid) - - - Emitted when user id uid has been added to whitelist. - - - - - LockdownWhitelistUidRemoved(i: uid) - - - Emitted when user id uid has been removed from whitelist. - - - - - LockdownWhitelistUserAdded(s: user) - - - Emitted when user has been added to whitelist. - - - - - LockdownWhitelistUserRemoved(s: user) - - - Emitted when user has been removed from whitelist. - - - - - - - - - org.fedoraproject.FirewallD1.zone - - Operations in this interface allows to get, add, remove and query runtime zone's settings. - For permanent configuration see org.fedoraproject.FirewallD1.config.zone interface. - - - - Methods - - - addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s - - - Add the IPv4 forward port for zone. - If zone is empty, use default zone. - The port can either be a single port number portid or a port range portid-portid. - The protocol can either be tcp or udp. - The destination address is a simple IP address. - If timeout is non-zero, the operation will be active only for the amount of seconds. - - - Returns name of zone to which the forward port was added. - - - - - addIcmpBlock(s: zone, s: icmp, i: timeout) → s - - - Add an ICMP block icmp for zone. - If zone is empty, use default zone. - If timeout is non-zero, the operation will be active only for the amount of seconds. - - - Returns name of zone to which the ICMP block was added. - - - - - addInterface(s: zone, s: interface) → s - - - Bind interface to zone. - If zone is empty, use default zone. - - - Returns name of zone to which the interface was bound. - - - - - addMasquerade(s: zone, i: timeout) → s - - - Enable IPv4 masquerade for zone. - If zone is empty, use default zone. - If timeout is non-zero, masquerading will be active for the amount of seconds. - - - Returns name of zone in which the masquerade was enabled. - - - - - addPort(s: zone, s: port, s: protocol, i: timeout) → s - - - Add port for zone. - If zone is empty, use default zone. - The port can either be a single port number or a port range portid-portid. - The protocol can either be tcp or udp. - If timeout is non-zero, the operation will be active only for the amount of seconds. - - - Returns name of zone to which the port was added. - - - - - addRichRule(s: zone, s: rule, i: timeout) → s - - - Add rich language rule for zone. - If zone is empty, use default zone. - If timeout is non-zero, the operation will be active only for the amount of seconds. - - - Returns name of zone to which the rich language rule was added. - - - - - addService(s: zone, s: service, i: timeout) → s - - - Add service for zone. - If zone is empty, use default zone. - If timeout is non-zero, the operation will be active only for the amount of seconds. - - - Returns name of zone to which the service was added. - - - - - addSource(s: zone, s: source) → s - - - Bind source to zone. - If zone is empty, use default zone. - - - Returns name of zone to which the source was bound. - - - - - changeZone(s: zone, s: interface) → s - - - This function is deprecated, use changeZoneOfInterface instead. - - - - - changeZoneOfInterface(s: zone, s: interface) → s - - - Change a zone an interface is part of to zone. - If zone is empty, use default zone. - - - Returns name of zone. - - - - - changeZoneOfSource(s: zone, s: source) → s - - - Change a zone an source is part of to zone. - If zone is empty, use default zone. - - - Returns name of zone. - - - - - getActiveZones() → a{sa{sas}} - - - Return dictionary of currently active zones altogether with interfaces and sources used in these zones. - Active zones are zones, that have a binding to an interface or source. - - - - - getForwardPorts(s: zone) → aas - - - Return list of IPv4 forward ports added for zone. - If zone is empty, use default zone. - - - - - getIcmpBlocks(s: zone) → as - - - Return list of Internet Control Message Protocol (ICMP) type blocks added for zone. - If zone is empty, use default zone. - - - - - getInterfaces(s: zone) → as - - - Return list of interfaces of a zone. - If zone is empty, use default zone. - - - - - getPorts(s: zone) → aas - - - Return list of enabled ports in a zone. - If zone is empty, use default zone. - - - - - getRichRules(s: zone) → as - - - Return list of rich language rules added for zone. - If zone is empty, use default zone. - - - - - getServices(s: zone) → as - - - Return list of enabled services in a zone. - If zone is empty, use default zone. - - - - - getSources(s: zone) → as - - - Return list of sources of a zone. - If zone is empty, use default zone. - - - - - getZoneOfInterface(s: interface) → s - - - Return name of zone the interface is bound to or empty string. - - - - - getZoneOfSource(s: source) → s - - - Return name of zone the source is bound to or empty string. - - - - - getZones() → as - - - Return names of predefined zones. - - - - - isImmutable(s: zone) → b - - - Deprecated. - - - - - queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b - - - Return whether the IPv4 forward port has been added for zone. - If zone is empty, use default zone. - - - - - queryIcmpBlock(s: zone, s: icmp) → b - - - Return whether an ICMP block for icmp has been added for zone. - If zone is empty, use default zone. - - - - - queryInterface(s: zone, s: interface) → b - - - Query whether interface has been bound to zone. - If zone is empty, use default zone. - - - - - queryMasquerade(s: zone) → b - - - Return whether IPv4 masquerading has been enabled for zone - If zone is empty, use default zone. - - - - - queryPort(s: zone, s: port, s: protocol) → b - - - Return whether port/protocol has been added for zone. - If zone is empty, use default zone. - - - - - queryRichRule(s: zone, s: rule) → b - - - Return whether rich rule rule has been added for zone. - If zone is empty, use default zone. - - - - - queryService(s: zone, s: service) → b - - - Return whether service has been added for zone. - If zone is empty, use default zone. - - - - - querySource(s: zone, s: source) → b - - - Query whether sourcehas been bound to zone. - If zone is empty, use default zone. - - - - - removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s - - - Remove IPv4 forward port from zone. - If zone is empty, use default zone. - - - Returns name of zone from which the forward port was removed. - - - - - removeIcmpBlock(s: zone, s: icmp) → s - - - Remove ICMP block icmp from zone. - If zone is empty, use default zone. - - - Returns name of zone from which the ICMP block was removed. - - - - - removeInterface(s: zone, s: interface) → s - - - Remove binding of interface from zone. - If zone is empty, use default zone. - - - Returns name of zone. - - - - - removeMasquerade(s: zone) → s - - - Disable IPv4 masquerade for zone. - If zone is empty, use default zone. - - - Returns name of zone for which the masquerade was disabled. - - - - - removePort(s: zone, s: port, s: protocol) → s - - - Remove port from zone. - If zone is empty, use default zone. - - - Returns name of zone from which the port was removed. - - - - - removeRichRule(s: zone, s: rule) → s - - - Remove rich language rule from zone. - If zone is empty, use default zone. - - - Returns name of zone from which the rich language rule was removed. - - - - - removeService(s: zone, s: service) → s - - - Remove service from zone. - If zone is empty, use default zone. - - - Returns name of zone from which the service was removed. - - - - - removeSource(s: zone, s: source) → s - - - Remove binding of source from zone. - If zone is empty, use default zone. - - - Returns name of zone. - - - - - - - - Signals - - - ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) - - - Emitted when forward port has been added to zone with timeout. - - - - - ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr) - - - Emitted when forward port has been removed from zone. - - - - - IcmpBlockAdded(s: zone, s: icmp, i: timeout) - - - Emitted when ICMP block for icmp has been added to zone with timeout. - - - - - IcmpBlockRemoved(s: zone, s: icmp) - - - Emitted when ICMP block for icmp has been removed from zone. - - - - - InterfaceAdded(s: zone, s: interface) - - - Emitted when interface has been added to zone. - - - - - InterfaceRemoved(s: zone, s: interface) - - - Emitted when interface has been removed from zone. - - - - - MasqueradeAdded(s: zone, i: timeout) - - - Emitted when IPv4 masquerade has been enabled for zone. - - - - - MasqueradeRemoved(s: zone) - - - Emitted when IPv4 masquerade has been disabled for zone. - - - - - PortAdded(s: zone, s: port, s: protocol, i: timeout) - - - Emitted when port/protocol has been added to zone with timeout. - - - - - PortRemoved(s: zone, s: port, s: protocol) - - - Emitted when port/protocol has been removed from zone. - - - - - RichRuleAdded(s: zone, s: rule, i: timeout) - - - Emitted when rich language rule has been added to zone with timeout. - - - - - RichRuleRemoved(s: zone, s: rule) - - - Emitted when rich language rule has been removed from zone. - - - - - ServiceAdded(s: zone, s: service, i: timeout) - - - Emitted when service has been added to zone with timeout. - - - - - ServiceRemoved(s: zone, s: service) - - - Emitted when service has been removed from zone. - - - - - SourceAdded(s: zone, s: source) - - - Emitted when source has been added to zone. - - - - - SourceRemoved(s: zone, s: source) - - - Emitted when source has been removed from zone. - - - - - ZoneChanged(s: zone, s: interface) - - - Deprecated - - - - - ZoneOfInterfaceChanged(s: zone, s: interface) - - - Emitted when a zone an interface is part of has been changed to zone. - - - - - ZoneOfSourceChanged(s: zone, s: source) - - - Emitted when a zone an source is part of has been changed to zone. - - - - - - - - - org.fedoraproject.FirewallD1.config - - Allows to permanently add, remove and query zones, services and icmp types. - - - - Methods - - - addIcmpType(s: icmptype, (sssas): settings) → o - - - Add icmptype with given settings. - - - - - addService(s: service, (sssa(ss)asa{ss}): settings) → o - - - Add service with given settings. - - - - - addZone(s: zone, (sssbsasa(ss)asba(ssss)asasas): settings) → o - - - Add zone with given settings. - - - - - getIcmpTypeByName(s: icmptype) → o - - - Return object path of icmptype. - - - - - getServiceByName(s: service) → o - - - Return object path of service. - - - - - getZoneByName(s: zone) → o - - - Return object path of zone. - - - - - getZoneOfInterface(s: iface) → s - - - Return name of zone the iface is bound to or empty string. - - - - - getZoneOfSource(s: source) → s - - - Return name of zone the source is bound to or empty string. - - - - - listIcmpTypes() → ao - - - List icmptypes objects paths. - - - - - listServices() → ao - - - List services objects paths. - - - - - listZones() → ao - - - List zones object paths. - - - - - - - - Signals - - - IcmpTypeAdded(s: icmptype) - - - Emitted when icmptype has been added. - - - - - ServiceAdded(s: service) - - - Emitted when service has been added. - - - - - ZoneAdded(s: zone) - - - Emitted when zone has been added. - - - - - - - - Properties - - - CleanupOnExit - s - (rw) - - - If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched. - - - - - DefaultZone - s - (ro) - - - Default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool. - - - - - Lockdown - s - (ro) - - - If this property is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist. - - - - - MinimalMark - i - (rw) - - - For some firewall settings several rules are needed in different tables to be able to handle packets in the correct way. - To achieve that these packets are marked using the MARK target. With the MinimalMark property a block of marks can be reserved for private use; only marks over this value are used. - - - - - - - - - org.fedoraproject.FirewallD1.config.direct - - Interface for permanent direct configuration firewalld.direct5. For runtime direct configuration see org.fedoraproject.FirewallD1.direct interface. - - - - Methods - - - getSettings() → (a(sss)a(sssias)a(sas)) - - - Get settings of permanent direct configuration. - - - - - update((a(sss)a(sssias)a(sas)): settings) → Nothing - - - Update permanent direct configuration with given settings. - - - - - - - - Signals - - - Updated() - - - Emitted when configuration has been updated. - - - - - - - - - org.fedoraproject.FirewallD1.config.policies - - Interface for permanent lockdown-whitelist configuration firewalld.lockdown5. - For runtime configuration see org.fedoraproject.FirewallD1.policies interface. - - - Methods - - - getLockdownWhitelist() → (asasasai) - - - Get settings of permanent lockdown-whitelist configuration. - - - - - setLockdownWhitelist((asasasai): settings) → Nothing - - - Set permanent lockdown-whitelist configuration to settings. - - - - - - - - Signals - - - LockdownWhitelistUpdated() - - - Emitted when permanent lockdown-whitelist configuration has been updated. - - - - - - - - - org.fedoraproject.FirewallD1.config.zone - - Interface for permanent zone configuration firewalld.zone5. - - - Methods - - - getSettings() → (sssbsasa(ss)asba(ssss)asasas) - - - Return permanent settings of a zone. - - - - - loadDefaults() → Nothing - - - Load default settings for built-in zone. - - - - - remove() → Nothing - - - Remove not built-in zone. - - - - - rename(s: name) → Nothing - - - Rename not built-in zone to name. - - - - - update((sssbsasa(ss)asba(ssss)asasas): settings) → Nothing - - - Update settings of zone to settings. - - - - - - - - Signals - - - Removed(s: name) - - - Emitted when zone with name has been removed. - - - - - Renamed(s: name) - - - Emitted when zone has been renamed to name. - - - - - Updated(s: name) - - - Emitted when zone with name has been updated. - - - - - - - - Properties - - - default - b - (ro) - - - True if build-in zone has default settings. False if it has been modified. Always False for not build-in zones. - - - - - filename - s - (ro) - - - Name (including .xml extension) of file where the configuration is stored. - - - - - name - s - (ro) - - - Name of zone. - - - - - path - s - (ro) - - - Path to directory where the zone configuration is stored. Should be either /usr/lib/firewalld/zones or /etc/firewalld/zones. - - - - - - - - - org.fedoraproject.FirewallD1.config.service - - Interface for permanent service configuration firewalld.service5. - - - - Methods - - - getSettings() → (sssa(ss)asa{ss}) - - - Return permanent settings of a service. - - - - - loadDefaults() → Nothing - - - Load default settings for built-in service. - - - - - remove() → Nothing - - - Remove not built-in zone. - - - - - rename(s: name) → Nothing - - - Rename not built-in service to name. - - - - - update((sssa(ss)asa{ss}): settings) → Nothing - - - Update settings of service to settings. - - - - - - - - Signals - - - Removed(s: name) - - - Emitted when service with name has been removed. - - - - - Renamed(s: name) - - - Emitted when service has been renamed to name. - - - - - Updated(s: name) - - - Emitted when service with name has been updated. - - - - - - - - Properties - - - default - b - (ro) - - - True if build-in service has default settings. False if it has been modified. Always False for not build-in services. - - - - - filename - s - (ro) - - - Name (including .xml extension) of file where the configuration is stored. - - - - - name - s - (ro) - - - Name of service. - - - - - path - s - (ro) - - - Path to directory where the configuration is stored. Should be either /usr/lib/firewalld/services or /etc/firewalld/services. - - - - - - - - - org.fedoraproject.FirewallD1.config.icmptype - - Interface for permanent icmp type configuration firewalld.icmptype5. - - - - Methods - - - getSettings() → (sssas) - - - Return permanent settings of a icmp type. - - - - - loadDefaults() → Nothing - - - Load default settings for built-in icmp type. - - - - - remove() → Nothing - - - Remove not built-in icmp type. - - - - - rename(s: name) → Nothing - - - Rename not built-in icmp type to name. - - - - - update((sssas): settings) → Nothing - - - Update settings of icmp type to settings. - - - - - - - - Signals - - - Removed(s: name) - - - Emitted when icmp type with name has been removed. - - - - - Renamed(s: name) - - - Emitted when icmp type has been renamed to name. - - - - - Updated(s: name) - - - Emitted when icmp type with name has been updated. - - - - - - - - Properties - - - default - b - (ro) - - - True if build-in icmp type has default settings. False if it has been modified. Always False for not build-in zones. - - - - - filename - s - (ro) - - - Name (including .xml extension) of file where the configuration is stored. - - - - - name - s - (ro) - - - Name of icmp type. - - - - - path - s - (ro) - - - Path to directory where the icmp type configuration is stored. Should be either /usr/lib/firewalld/icmptypes or /etc/firewalld/icmptypes. - - - - - - - - - - &seealso; - - ¬es; - - + + + + +]> + + + + + + + firewalld.dbus + firewalld + &authors; + + + + firewalld.dbus + 5 + + + + firewalld.dbus + firewalld D-Bus interface description + + + + Object Paths + + This is the basic firewalld object path structure. The used interfaces are explained below in the INTERFACES section. + + +/org/fedoraproject/FirewallD1 + Interfaces + org.fedoraproject.FirewallD1 + org.fedoraproject.FirewallD1.direct + org.fedoraproject.FirewallD1.policies + org.fedoraproject.FirewallD1.zone + org.freedesktop.DBus.Introspectable + org.freedesktop.DBus.Properties + +/org/fedoraproject/FirewallD1/config + Interfaces + org.fedoraproject.FirewallD1.config + org.fedoraproject.FirewallD1.config.direct + org.fedoraproject.FirewallD1.config.policies + org.freedesktop.DBus.Introspectable + org.freedesktop.DBus.Properties + +/org/fedoraproject/FirewallD1/config/icmptype/i + Interfaces + org.fedoraproject.FirewallD1.config.icmptype + org.freedesktop.DBus.Introspectable + org.freedesktop.DBus.Properties + +/org/fedoraproject/FirewallD1/config/service/i + Interfaces: + org.fedoraproject.FirewallD1.config.service + org.freedesktop.DBus.Introspectable + org.freedesktop.DBus.Properties + +/org/fedoraproject/FirewallD1/config/zone/i + Interfaces + org.fedoraproject.FirewallD1.config.zone + org.freedesktop.DBus.Introspectable + org.freedesktop.DBus.Properties + + + + + Interfaces + + + + + + + org.fedoraproject.FirewallD1 + + This interface contains general runtime operations, like: reloading, panic mode, default zone, getting services and icmp types and their settings. + + + + Methods + + + completeReload() → Nothing + + + Reload firewall completely, even netfilter kernel modules. + + + + + disablePanicMode() → Nothing + + + Disable panic mode. + + + + + enablePanicMode() → Nothing + + + Enable panic mode. + + + + + getDefaultZone() → s + + + Return default zone. + + + + + getIcmpTypeSettings(s: icmptype) → (sssas) + + + Return icmptype settings in format: version, name, description, array of destinations + + + + + getServiceSettings(s: service) → (sssa(ss)asa{ss}) + + + Return service settings in format: version, name, description, array of ports (port, protocol), array of module names, destinations {IP family : IP address} + + + + + listIcmpTypes() → as + + + Return list of icmptype names. + + + + + listServices() → as + + + Return list of service names. + + + + + queryPanicMode() → b + + + Return true if panic mode is enabled, false otherwise. + + + + + reload() → Nothing + + + Reload firewall rules and keep state information. + + + + + setDefaultZone(s: zone) → Nothing + + + Set default zone to zone. + + + + + + + + Signals + + + DefaultZoneChanged(s: zone) + + + Emitted when default zone has been changed to zone. + + + + + PanicModeDisabled() + + + Emitted when panic mode has been deactivated. + + + + + PanicModeEnabled() + + + Emitted when panic mode has been activated. + + + + + Reloaded() + + + Emitted when firewalld has been reloaded. Also emitted for a complete reload. + + + + + + + + Properties + + + BRIDGE - b - (ro) + + + Indicates whether the firewall has ethernet bridge support. + + + + + IPv4 - b - (ro) + + + Indicates whether the firewall has IPv4 support. + + + + + IPv6 - b - (ro) + + + Indicates whether the firewall has IPv6 support. + + + + + interface_version - s - (ro) + + + firewalld D-Bus interface version string. + + + + + state - s - (ro) + + + firewalld state. This can be either INIT or RUNNING. In INIT state, firewalld is starting up and initializing. + + + + + version - s - (ro) + + + firewalld version string. + + + + + + + + + org.fedoraproject.FirewallD1.direct + + This interface enables more direct access to the firewall. It enables runtime manipulation with chains and rules. For permanent configuration see org.fedoraproject.FirewallD1.config.direct interface. + + + + Methods + + + addChain(s: ipv, s: table, s: chain) → Nothing + + + Add a new chain to table for ipv being either ipv4 or ipv6 or eb. + + + + + addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing + + + Add a rule with the arguments args to chain in table with priority for ipv being either ipv4 or ipv6 or eb. + + + + + getAllChains() → a(sss) + + + Get all chains added to all tables in format: ipv, table, chain. + + + + + getAllRules() → a(sssias) + + + Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule + + + + + getChains(s: ipv, s: table) → as + + + Get all chains added to table for ipv being either ipv4 or ipv6 or eb. + + + + + getRules(s: ipv, s: table, s: chain) → a(ias) + + + Get all rules added to chain in table for ipv being either ipv4 or ipv6 or eb. + + + + + passthrough(s: ipv, as: args) → s + + + Pass a command through to the firewall. ipv can be either ipv4 or ipv6 or eb. args can be all iptables, ip6tables and ebtables command line arguments. + + + + + queryChain(s: ipv, s: table, s: chain) → b + + + Return whether a chain exists in table for ipv being either ipv4 or ipv6. + + + + + queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b + + + Return whether a rule with priority and the arguments args exists in chain in table for ipv being either ipv4 or ipv6 or eb. + + + + + removeChain(s: ipv, s: table, s: chain) → Nothing + + + Remove a chain from table for ipv being either ipv4 or ipv6. + + + + + removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing + + + Remove a rule with priority and arguments args from chain in table for ipv being either ipv4 or ipv6. + + + + + removeRules(s: ipv, s: table, s: chain) → Nothing + + + Remove all rules from chain in table for ipv being either ipv4 or ipv6. + + + + + + + + Signals + + + ChainAdded(s: ipv, s: table, s: chain) + + + Emitted when chain has been changed into table for ipv being either ipv4 or ipv6. + + + + + ChainRemoved(s: ipv, s: table, s: chain) + + + Emitted when chain has been changed from table for ipv being either ipv4 or ipv6. + + + + + RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args) + + + Emitted when a rule with args has been added to chain in table with priority for ipv being either ipv4 or ipv6 or eb. + + + + + RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args) + + + Emitted when a rule with args has been removed from chain in table with priority for ipv being either ipv4 or ipv6 or eb. + + + + + + + + + org.fedoraproject.FirewallD1.policies + + Enables firewalld to be able to lock down configuration changes from local applications. + Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt). + With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes. + For permanent configuration see org.fedoraproject.FirewallD1.config.policies interface. + + + + Methods + + + addLockdownWhitelistCommand(s: command) → Nothing + + + Add command to whitelist. + + + + + addLockdownWhitelistContext(s: context) → Nothing + + + Add context to whitelist. + + + + + addLockdownWhitelistUid(i: uid) → Nothing + + + Add user id uid to whitelist. + + + + + addLockdownWhitelistUser(s: user) → Nothing + + + Add user to whitelist. + + + + + disableLockdown() → Nothing + + + Disable lockdown. + + + + + enableLockdown() → Nothing + + + Enable lockdown. + + + + + getLockdownWhitelistCommands() → as + + + List all command lines that are on whitelist. + + + + + getLockdownWhitelistContexts() → as + + + List all contexts that are on whitelist. + + + + + getLockdownWhitelistUids() → ai + + + List all user ids that are on whitelist. + + + + + getLockdownWhitelistUsers() → as + + + List all users that are on whitelist. + + + + + queryLockdown() → b + + + Query whether lockdown is enabled. + + + + + queryLockdownWhitelistCommand(s: command) → b + + + Query whether command is on whitelist. + + + + + queryLockdownWhitelistContext(s: context) → b + + + Query whether context is on whitelist. + + + + + queryLockdownWhitelistUid(i: uid) → b + + + Query whether user id uid is on whitelist. + + + + + queryLockdownWhitelistUser(s: user) → b + + + Query whether user is on whitelist. + + + + + removeLockdownWhitelistCommand(s: command) → Nothing + + + Remove command from whitelist. + + + + + removeLockdownWhitelistContext(s: context) → Nothing + + + Remove context from whitelist. + + + + + removeLockdownWhitelistUid(i: uid) → Nothing + + + Remove user id uid from whitelist. + + + + + removeLockdownWhitelistUser(s: user) → Nothing + + + Remove user from whitelist. + + + + + + + + Signals + + + LockdownDisabled() + + + Emitted when lockdown has been disabled. + + + + + LockdownEnabled() + + + Emitted when lockdown has been enabled. + + + + + LockdownWhitelistCommandAdded(s: command) + + + Emitted when command has been added to whitelist. + + + + + LockdownWhitelistCommandRemoved(s: command) + + + Emitted when command has been removed from whitelist. + + + + + LockdownWhitelistContextAdded(s: context) + + + Emitted when context has been added to whitelist. + + + + + LockdownWhitelistContextRemoved(s: context) + + + Emitted when context has been removed from whitelist. + + + + + LockdownWhitelistUidAdded(i: uid) + + + Emitted when user id uid has been added to whitelist. + + + + + LockdownWhitelistUidRemoved(i: uid) + + + Emitted when user id uid has been removed from whitelist. + + + + + LockdownWhitelistUserAdded(s: user) + + + Emitted when user has been added to whitelist. + + + + + LockdownWhitelistUserRemoved(s: user) + + + Emitted when user has been removed from whitelist. + + + + + + + + + org.fedoraproject.FirewallD1.zone + + Operations in this interface allows to get, add, remove and query runtime zone's settings. + For permanent configuration see org.fedoraproject.FirewallD1.config.zone interface. + + + + Methods + + + addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s + + + Add the IPv4 forward port for zone. + If zone is empty, use default zone. + The port can either be a single port number portid or a port range portid-portid. + The protocol can either be tcp or udp. + The destination address is a simple IP address. + If timeout is non-zero, the operation will be active only for the amount of seconds. + + + Returns name of zone to which the forward port was added. + + + + + addIcmpBlock(s: zone, s: icmp, i: timeout) → s + + + Add an ICMP block icmp for zone. + If zone is empty, use default zone. + If timeout is non-zero, the operation will be active only for the amount of seconds. + + + Returns name of zone to which the ICMP block was added. + + + + + addInterface(s: zone, s: interface) → s + + + Bind interface to zone. + If zone is empty, use default zone. + + + Returns name of zone to which the interface was bound. + + + + + addMasquerade(s: zone, i: timeout) → s + + + Enable IPv4 masquerade for zone. + If zone is empty, use default zone. + If timeout is non-zero, masquerading will be active for the amount of seconds. + + + Returns name of zone in which the masquerade was enabled. + + + + + addPort(s: zone, s: port, s: protocol, i: timeout) → s + + + Add port for zone. + If zone is empty, use default zone. + The port can either be a single port number or a port range portid-portid. + The protocol can either be tcp or udp. + If timeout is non-zero, the operation will be active only for the amount of seconds. + + + Returns name of zone to which the port was added. + + + + + addRichRule(s: zone, s: rule, i: timeout) → s + + + Add rich language rule for zone. + If zone is empty, use default zone. + If timeout is non-zero, the operation will be active only for the amount of seconds. + + + Returns name of zone to which the rich language rule was added. + + + + + addService(s: zone, s: service, i: timeout) → s + + + Add service for zone. + If zone is empty, use default zone. + If timeout is non-zero, the operation will be active only for the amount of seconds. + + + Returns name of zone to which the service was added. + + + + + addSource(s: zone, s: source) → s + + + Bind source to zone. + If zone is empty, use default zone. + + + Returns name of zone to which the source was bound. + + + + + changeZone(s: zone, s: interface) → s + + + This function is deprecated, use changeZoneOfInterface instead. + + + + + changeZoneOfInterface(s: zone, s: interface) → s + + + Change a zone an interface is part of to zone. + If zone is empty, use default zone. + + + Returns name of zone. + + + + + changeZoneOfSource(s: zone, s: source) → s + + + Change a zone an source is part of to zone. + If zone is empty, use default zone. + + + Returns name of zone. + + + + + getActiveZones() → a{sa{sas}} + + + Return dictionary of currently active zones altogether with interfaces and sources used in these zones. + Active zones are zones, that have a binding to an interface or source. + + + + + getForwardPorts(s: zone) → aas + + + Return list of IPv4 forward ports added for zone. + If zone is empty, use default zone. + + + + + getIcmpBlocks(s: zone) → as + + + Return list of Internet Control Message Protocol (ICMP) type blocks added for zone. + If zone is empty, use default zone. + + + + + getInterfaces(s: zone) → as + + + Return list of interfaces of a zone. + If zone is empty, use default zone. + + + + + getPorts(s: zone) → aas + + + Return list of enabled ports in a zone. + If zone is empty, use default zone. + + + + + getRichRules(s: zone) → as + + + Return list of rich language rules added for zone. + If zone is empty, use default zone. + + + + + getServices(s: zone) → as + + + Return list of enabled services in a zone. + If zone is empty, use default zone. + + + + + getSources(s: zone) → as + + + Return list of sources of a zone. + If zone is empty, use default zone. + + + + + getZoneOfInterface(s: interface) → s + + + Return name of zone the interface is bound to or empty string. + + + + + getZoneOfSource(s: source) → s + + + Return name of zone the source is bound to or empty string. + + + + + getZones() → as + + + Return names of predefined zones. + + + + + isImmutable(s: zone) → b + + + Deprecated. + + + + + queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b + + + Return whether the IPv4 forward port has been added for zone. + If zone is empty, use default zone. + + + + + queryIcmpBlock(s: zone, s: icmp) → b + + + Return whether an ICMP block for icmp has been added for zone. + If zone is empty, use default zone. + + + + + queryInterface(s: zone, s: interface) → b + + + Query whether interface has been bound to zone. + If zone is empty, use default zone. + + + + + queryMasquerade(s: zone) → b + + + Return whether IPv4 masquerading has been enabled for zone + If zone is empty, use default zone. + + + + + queryPort(s: zone, s: port, s: protocol) → b + + + Return whether port/protocol has been added for zone. + If zone is empty, use default zone. + + + + + queryRichRule(s: zone, s: rule) → b + + + Return whether rich rule rule has been added for zone. + If zone is empty, use default zone. + + + + + queryService(s: zone, s: service) → b + + + Return whether service has been added for zone. + If zone is empty, use default zone. + + + + + querySource(s: zone, s: source) → b + + + Query whether sourcehas been bound to zone. + If zone is empty, use default zone. + + + + + removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s + + + Remove IPv4 forward port from zone. + If zone is empty, use default zone. + + + Returns name of zone from which the forward port was removed. + + + + + removeIcmpBlock(s: zone, s: icmp) → s + + + Remove ICMP block icmp from zone. + If zone is empty, use default zone. + + + Returns name of zone from which the ICMP block was removed. + + + + + removeInterface(s: zone, s: interface) → s + + + Remove binding of interface from zone. + If zone is empty, use default zone. + + + Returns name of zone. + + + + + removeMasquerade(s: zone) → s + + + Disable IPv4 masquerade for zone. + If zone is empty, use default zone. + + + Returns name of zone for which the masquerade was disabled. + + + + + removePort(s: zone, s: port, s: protocol) → s + + + Remove port from zone. + If zone is empty, use default zone. + + + Returns name of zone from which the port was removed. + + + + + removeRichRule(s: zone, s: rule) → s + + + Remove rich language rule from zone. + If zone is empty, use default zone. + + + Returns name of zone from which the rich language rule was removed. + + + + + removeService(s: zone, s: service) → s + + + Remove service from zone. + If zone is empty, use default zone. + + + Returns name of zone from which the service was removed. + + + + + removeSource(s: zone, s: source) → s + + + Remove binding of source from zone. + If zone is empty, use default zone. + + + Returns name of zone. + + + + + + + + Signals + + + ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) + + + Emitted when forward port has been added to zone with timeout. + + + + + ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr) + + + Emitted when forward port has been removed from zone. + + + + + IcmpBlockAdded(s: zone, s: icmp, i: timeout) + + + Emitted when ICMP block for icmp has been added to zone with timeout. + + + + + IcmpBlockRemoved(s: zone, s: icmp) + + + Emitted when ICMP block for icmp has been removed from zone. + + + + + InterfaceAdded(s: zone, s: interface) + + + Emitted when interface has been added to zone. + + + + + InterfaceRemoved(s: zone, s: interface) + + + Emitted when interface has been removed from zone. + + + + + MasqueradeAdded(s: zone, i: timeout) + + + Emitted when IPv4 masquerade has been enabled for zone. + + + + + MasqueradeRemoved(s: zone) + + + Emitted when IPv4 masquerade has been disabled for zone. + + + + + PortAdded(s: zone, s: port, s: protocol, i: timeout) + + + Emitted when port/protocol has been added to zone with timeout. + + + + + PortRemoved(s: zone, s: port, s: protocol) + + + Emitted when port/protocol has been removed from zone. + + + + + RichRuleAdded(s: zone, s: rule, i: timeout) + + + Emitted when rich language rule has been added to zone with timeout. + + + + + RichRuleRemoved(s: zone, s: rule) + + + Emitted when rich language rule has been removed from zone. + + + + + ServiceAdded(s: zone, s: service, i: timeout) + + + Emitted when service has been added to zone with timeout. + + + + + ServiceRemoved(s: zone, s: service) + + + Emitted when service has been removed from zone. + + + + + SourceAdded(s: zone, s: source) + + + Emitted when source has been added to zone. + + + + + SourceRemoved(s: zone, s: source) + + + Emitted when source has been removed from zone. + + + + + ZoneChanged(s: zone, s: interface) + + + Deprecated + + + + + ZoneOfInterfaceChanged(s: zone, s: interface) + + + Emitted when a zone an interface is part of has been changed to zone. + + + + + ZoneOfSourceChanged(s: zone, s: source) + + + Emitted when a zone an source is part of has been changed to zone. + + + + + + + + + org.fedoraproject.FirewallD1.config + + Allows to permanently add, remove and query zones, services and icmp types. + + + + Methods + + + addIcmpType(s: icmptype, (sssas): settings) → o + + + Add icmptype with given settings. + + + + + addService(s: service, (sssa(ss)asa{ss}): settings) → o + + + Add service with given settings. + + + + + addZone(s: zone, (sssbsasa(ss)asba(ssss)asasas): settings) → o + + + Add zone with given settings. + + + + + getIcmpTypeByName(s: icmptype) → o + + + Return object path of icmptype. + + + + + getServiceByName(s: service) → o + + + Return object path of service. + + + + + getZoneByName(s: zone) → o + + + Return object path of zone. + + + + + getZoneOfInterface(s: iface) → s + + + Return name of zone the iface is bound to or empty string. + + + + + getZoneOfSource(s: source) → s + + + Return name of zone the source is bound to or empty string. + + + + + listIcmpTypes() → ao + + + List icmptypes objects paths. + + + + + listServices() → ao + + + List services objects paths. + + + + + listZones() → ao + + + List zones object paths. + + + + + + + + Signals + + + IcmpTypeAdded(s: icmptype) + + + Emitted when icmptype has been added. + + + + + ServiceAdded(s: service) + + + Emitted when service has been added. + + + + + ZoneAdded(s: zone) + + + Emitted when zone has been added. + + + + + + + + Properties + + + CleanupOnExit - s - (rw) + + + If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched. + + + + + DefaultZone - s - (ro) + + + Default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool. + + + + + Lockdown - s - (ro) + + + If this property is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist. + + + + + MinimalMark - i - (rw) + + + For some firewall settings several rules are needed in different tables to be able to handle packets in the correct way. + To achieve that these packets are marked using the MARK target. With the MinimalMark property a block of marks can be reserved for private use; only marks over this value are used. + + + + + + + + + org.fedoraproject.FirewallD1.config.direct + + Interface for permanent direct configuration firewalld.direct5. For runtime direct configuration see org.fedoraproject.FirewallD1.direct interface. + + + + Methods + + + getSettings() → (a(sss)a(sssias)a(sas)) + + + Get settings of permanent direct configuration. + + + + + update((a(sss)a(sssias)a(sas)): settings) → Nothing + + + Update permanent direct configuration with given settings. + + + + + + + + Signals + + + Updated() + + + Emitted when configuration has been updated. + + + + + + + + + org.fedoraproject.FirewallD1.config.policies + + Interface for permanent lockdown-whitelist configuration firewalld.lockdown5. + For runtime configuration see org.fedoraproject.FirewallD1.policies interface. + + + Methods + + + getLockdownWhitelist() → (asasasai) + + + Get settings of permanent lockdown-whitelist configuration. + + + + + setLockdownWhitelist((asasasai): settings) → Nothing + + + Set permanent lockdown-whitelist configuration to settings. + + + + + + + + Signals + + + LockdownWhitelistUpdated() + + + Emitted when permanent lockdown-whitelist configuration has been updated. + + + + + + + + + org.fedoraproject.FirewallD1.config.zone + + Interface for permanent zone configuration firewalld.zone5. + + + Methods + + + getSettings() → (sssbsasa(ss)asba(ssss)asasas) + + + Return permanent settings of a zone. + + + + + loadDefaults() → Nothing + + + Load default settings for built-in zone. + + + + + remove() → Nothing + + + Remove not built-in zone. + + + + + rename(s: name) → Nothing + + + Rename not built-in zone to name. + + + + + update((sssbsasa(ss)asba(ssss)asasas): settings) → Nothing + + + Update settings of zone to settings. + + + + + + + + Signals + + + Removed(s: name) + + + Emitted when zone with name has been removed. + + + + + Renamed(s: name) + + + Emitted when zone has been renamed to name. + + + + + Updated(s: name) + + + Emitted when zone with name has been updated. + + + + + + + + Properties + + + default - b - (ro) + + + True if build-in zone has default settings. False if it has been modified. Always False for not build-in zones. + + + + + filename - s - (ro) + + + Name (including .xml extension) of file where the configuration is stored. + + + + + name - s - (ro) + + + Name of zone. + + + + + path - s - (ro) + + + Path to directory where the zone configuration is stored. Should be either /usr/lib/firewalld/zones or /etc/firewalld/zones. + + + + + + + + + org.fedoraproject.FirewallD1.config.service + + Interface for permanent service configuration firewalld.service5. + + + + Methods + + + getSettings() → (sssa(ss)asa{ss}) + + + Return permanent settings of a service. + + + + + loadDefaults() → Nothing + + + Load default settings for built-in service. + + + + + remove() → Nothing + + + Remove not built-in zone. + + + + + rename(s: name) → Nothing + + + Rename not built-in service to name. + + + + + update((sssa(ss)asa{ss}): settings) → Nothing + + + Update settings of service to settings. + + + + + + + + Signals + + + Removed(s: name) + + + Emitted when service with name has been removed. + + + + + Renamed(s: name) + + + Emitted when service has been renamed to name. + + + + + Updated(s: name) + + + Emitted when service with name has been updated. + + + + + + + + Properties + + + default - b - (ro) + + + True if build-in service has default settings. False if it has been modified. Always False for not build-in services. + + + + + filename - s - (ro) + + + Name (including .xml extension) of file where the configuration is stored. + + + + + name - s - (ro) + + + Name of service. + + + + + path - s - (ro) + + + Path to directory where the configuration is stored. Should be either /usr/lib/firewalld/services or /etc/firewalld/services. + + + + + + + + + org.fedoraproject.FirewallD1.config.icmptype + + Interface for permanent icmp type configuration firewalld.icmptype5. + + + + Methods + + + getSettings() → (sssas) + + + Return permanent settings of a icmp type. + + + + + loadDefaults() → Nothing + + + Load default settings for built-in icmp type. + + + + + remove() → Nothing + + + Remove not built-in icmp type. + + + + + rename(s: name) → Nothing + + + Rename not built-in icmp type to name. + + + + + update((sssas): settings) → Nothing + + + Update settings of icmp type to settings. + + + + + + + + Signals + + + Removed(s: name) + + + Emitted when icmp type with name has been removed. + + + + + Renamed(s: name) + + + Emitted when icmp type has been renamed to name. + + + + + Updated(s: name) + + + Emitted when icmp type with name has been updated. + + + + + + + + Properties + + + default - b - (ro) + + + True if build-in icmp type has default settings. False if it has been modified. Always False for not build-in zones. + + + + + filename - s - (ro) + + + Name (including .xml extension) of file where the configuration is stored. + + + + + name - s - (ro) + + + Name of icmp type. + + + + + path - s - (ro) + + + Path to directory where the icmp type configuration is stored. Should be either /usr/lib/firewalld/icmptypes or /etc/firewalld/icmptypes. + + + + + + + + + + &seealso; + + ¬es; + + commit ffc70ef5072024020476ed092d92be514d77f988 Author: Thomas Woerner Date: Tue Feb 11 16:08:18 2014 +0100 firewall-cmd: New --get-target and --set-target --set-target is only usable with --permanent diff --git a/doc/xml/firewall-cmd.xml b/doc/xml/firewall-cmd.xml index b1b1a15..869b1e4 100644 --- a/doc/xml/firewall-cmd.xml +++ b/doc/xml/firewall-cmd.xml @@ -289,6 +289,24 @@ + + + =zone + + + Get the target of a permanent zone. + + + + + + =zone =zone + + + Set the target of a permanent zone. + + + diff --git a/src/firewall-cmd b/src/firewall-cmd index 3316883..029e2b7 100755 --- a/src/firewall-cmd +++ b/src/firewall-cmd @@ -90,6 +90,9 @@ Zone Options --delete-zone= Delete an existing zone [P only] --zone= Use this zone to set or query options, else default zone Usable for options maked with [Z] + --get-target Get the zone target [P only] + --set-target= + Set the zone target [P only] IcmpType Options --new-icmptype= @@ -455,6 +458,8 @@ parser_group_zone.add_argument("--list-ports", action="store_true") parser_group_zone.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone.add_argument("--list-forward-ports", action="store_true") parser_group_zone.add_argument("--list-all", action="store_true") +parser_group_zone.add_argument("--get-target", action="store_true") +parser_group_zone.add_argument("--set-target", metavar="") parser.add_argument("--direct", action="store_true") @@ -535,7 +540,7 @@ options_zone_adapt_query = \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_all or \ - a.list_forward_ports or a.list_rich_rules or a.list_all + a.get_target or a.set_target options_zone_ops = options_zone_interfaces_sources or \ options_zone_action_action or options_zone_adapt_query @@ -565,7 +570,8 @@ options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_services or a.list_ports or a.list_icmp_blocks or a.list_forward_ports \ or a.list_rich_rules or a.list_interfaces or a.list_sources or \ a.get_default_zone or a.get_active_zones or a.get_zone_of_interface or \ - a.get_zone_of_source or a.get_zones or a.get_services or a.get_icmptypes + a.get_zone_of_source or a.get_zones or a.get_services or a.get_icmptypes or \ + a.get_target or a.set_target # Check various impossible combinations of options @@ -598,6 +604,10 @@ if options_permanent_only and not a.permanent: __fail(parser.format_usage() + "Option can be used only with --permanent.") +if a.set_target and not a.permanent: + __fail(parser.format_usage() + + "Option can be used only with --permanent.") + if options_config and options_zone: __fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes.") @@ -982,6 +992,12 @@ if a.permanent: elif a.query_icmp_block: __print_query_result(fw_settings.queryIcmpBlock(a.query_icmp_block)) + # zone target + elif a.get_target: + __print_and_exit(fw_settings.getTarget()) + elif a.set_target: + fw_settings.setTarget(a.set_target) + # list all zone settings elif a.list_all: __list_all_permanent(fw_settings, zone if zone else fw.getDefaultZone()) @@ -1288,6 +1304,10 @@ elif a.remove_icmp_block: elif a.query_icmp_block: __print_query_result(fw.queryIcmpBlock(zone, a.query_icmp_block)) +# zone target +elif a.get_target: + __print_and_exit(fw.getZoneSettings(zone).getTarget()) + # list all elif a.list_all: __list_all(fw, zone if zone else fw.getDefaultZone()) commit a9770f96c216ee7f5d44d4b3d4f16055e4d3d3ad Author: Thomas Woerner Date: Tue Feb 11 15:56:59 2014 +0100 New DBUS_INTERFACE.getZoneSettings to get all run-time zone settings (ro) diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml index 0742908..c2a8bcd 100644 --- a/doc/xml/firewalld.dbus.xml +++ b/doc/xml/firewalld.dbus.xml @@ -9,7 +9,7 @@