commit d47792727a4b779ee1f1dfd292336e6f9767ed91
Author: Jiri Popelka <jpopelka@redhat.com>
Date: Thu Feb 6 11:06:08 2014 +0100
dos2unix firewalld.dbus.xml
diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml
index 32199e6..0742908 100644
--- a/doc/xml/firewalld.dbus.xml
+++ b/doc/xml/firewalld.dbus.xml
@@ -1,1899 +1,1899 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-[
-<!ENTITY authors SYSTEM "authors.xml">
-<!ENTITY seealso SYSTEM "seealso.xml">
-<!ENTITY notes SYSTEM "notes.xml">
-]>
-
-<!--
- This file is part of firewalld.
-
- Copyright (C) 2010-2013 Red Hat, Inc.
- Authors:
- Thomas Woerner <twoerner@redhat.com>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
--->
-
-<refentry id="firewalld.dbus">
-
- <refentryinfo>
- <title>firewalld.dbus</title>
- <productname>firewalld</productname>
- &authors;
- </refentryinfo>
-
- <refmeta>
- <refentrytitle>firewalld.dbus</refentrytitle>
- <manvolnum>5</manvolnum>
- </refmeta>
-
- <refnamediv>
- <refname>firewalld.dbus</refname>
- <refpurpose>firewalld D-Bus interface description</refpurpose>
- </refnamediv>
-
- <refsect1 id="object-paths">
- <title>Object Paths</title>
- <para>
- This is the basic firewalld object path structure. The used interfaces are explained below in the INTERFACES section.
- </para>
- <programlisting>
-/org/fedoraproject/FirewallD1
- Interfaces
- org.fedoraproject.FirewallD1
- org.fedoraproject.FirewallD1.direct
- org.fedoraproject.FirewallD1.policies
- org.fedoraproject.FirewallD1.zone
- org.freedesktop.DBus.Introspectable
- org.freedesktop.DBus.Properties
-
-/org/fedoraproject/FirewallD1/config
- Interfaces
- org.fedoraproject.FirewallD1.config
- org.fedoraproject.FirewallD1.config.direct
- org.fedoraproject.FirewallD1.config.policies
- org.freedesktop.DBus.Introspectable
- org.freedesktop.DBus.Properties
-
-/org/fedoraproject/FirewallD1/config/icmptype/i
- Interfaces
- org.fedoraproject.FirewallD1.config.icmptype
- org.freedesktop.DBus.Introspectable
- org.freedesktop.DBus.Properties
-
-/org/fedoraproject/FirewallD1/config/service/i
- Interfaces:
- org.fedoraproject.FirewallD1.config.service
- org.freedesktop.DBus.Introspectable
- org.freedesktop.DBus.Properties
-
-/org/fedoraproject/FirewallD1/config/zone/i
- Interfaces
- org.fedoraproject.FirewallD1.config.zone
- org.freedesktop.DBus.Introspectable
- org.freedesktop.DBus.Properties
- </programlisting>
- </refsect1>
-
- <refsect1 id="interfaces">
- <title>Interfaces</title>
-
- <para>
- </para>
-
-
- <refsect2 id="org.fedoraproject.FirewallD1">
- <title>org.fedoraproject.FirewallD1</title>
- <para>
- This interface contains general runtime operations, like: reloading, panic mode, default zone, getting services and icmp types and their settings.
- </para>
-
- <refsect3 id="org.fedoraproject.FirewallD1.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>completeReload() → Nothing</term>
- <listitem>
- <para>
- Reload firewall completely, even netfilter kernel modules.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>disablePanicMode() → Nothing</term>
- <listitem>
- <para>
- Disable panic mode.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>enablePanicMode() → Nothing</term>
- <listitem>
- <para>
- Enable panic mode.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getDefaultZone() → s</term>
- <listitem>
- <para>
- Return default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getIcmpTypeSettings(s: icmptype) → (sssas)</term>
- <listitem>
- <para>
- Return <replaceable>icmptype</replaceable> settings in format: version, name, description, array of destinations
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getServiceSettings(s: service) → (sssa(ss)asa{ss})</term>
- <listitem>
- <para>
- Return <replaceable>service</replaceable> settings in format: version, name, description, array of ports (port, protocol), array of module names, destinations {IP family : IP address}
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>listIcmpTypes() → as</term>
- <listitem>
- <para>
- Return list of icmptype names.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>listServices() → as</term>
- <listitem>
- <para>
- Return list of service names.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryPanicMode() → b</term>
- <listitem>
- <para>
- Return true if panic mode is enabled, false otherwise.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>reload() → Nothing</term>
- <listitem>
- <para>
- Reload firewall rules and keep state information.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>setDefaultZone(s: zone) → Nothing</term>
- <listitem>
- <para>
- Set default zone to <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>DefaultZoneChanged(s: zone)</term>
- <listitem>
- <para>
- Emitted when default zone has been changed to <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PanicModeDisabled()</term>
- <listitem>
- <para>
- Emitted when panic mode has been deactivated.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PanicModeEnabled()</term>
- <listitem>
- <para>
- Emitted when panic mode has been activated.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Reloaded()</term>
- <listitem>
- <para>
- Emitted when firewalld has been reloaded. Also emitted for a complete reload.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.Properties">
- <title>Properties</title>
- <variablelist>
- <varlistentry>
- <term>BRIDGE - b - (ro)</term>
- <listitem>
- <para>
- Indicates whether the firewall has ethernet bridge support.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>IPv4 - b - (ro)</term>
- <listitem>
- <para>
- Indicates whether the firewall has IPv4 support.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>IPv6 - b - (ro)</term>
- <listitem>
- <para>
- Indicates whether the firewall has IPv6 support.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>interface_version - s - (ro)</term>
- <listitem>
- <para>
- firewalld D-Bus interface version string.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>state - s - (ro)</term>
- <listitem>
- <para>
- firewalld state. This can be either <literal>INIT</literal> or <literal>RUNNING</literal>. In <literal>INIT</literal> state, firewalld is starting up and initializing.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>version - s - (ro)</term>
- <listitem>
- <para>
- firewalld version string.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- <refsect2 id="org.fedoraproject.FirewallD1.direct">
- <title>org.fedoraproject.FirewallD1.direct</title>
- <para>
- This interface enables more direct access to the firewall. It enables runtime manipulation with chains and rules. For permanent configuration see org.fedoraproject.FirewallD1.config.direct interface.
- </para>
-
- <refsect3 id="org.fedoraproject.FirewallD1.direct.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>addChain(s: ipv, s: table, s: chain) → Nothing</term>
- <listitem>
- <para>
- Add a new <replaceable>chain</replaceable> to <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing</term>
- <listitem>
- <para>
- Add a rule with the arguments <replaceable>args</replaceable> to <replaceable>chain</replaceable> in <replaceable>table</replaceable> with <replaceable>priority</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getAllChains() → a(sss)</term>
- <listitem>
- <para>
- Get all chains added to all tables in format: ipv, table, chain.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getAllRules() → a(sssias)</term>
- <listitem>
- <para>
- Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getChains(s: ipv, s: table) → as</term>
- <listitem>
- <para>
- Get all chains added to <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getRules(s: ipv, s: table, s: chain) → a(ias)</term>
- <listitem>
- <para>
- Get all rules added to <replaceable>chain</replaceable> in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>passthrough(s: ipv, as: args) → s</term>
- <listitem>
- <para>
- Pass a command through to the firewall. <replaceable>ipv</replaceable> can be either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>. <replaceable>args</replaceable> can be all <command>iptables</command>, <command>ip6tables</command> and <command>ebtables</command> command line arguments.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryChain(s: ipv, s: table, s: chain) → b</term>
- <listitem>
- <para>
- Return whether a <replaceable>chain</replaceable> exists in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b</term>
- <listitem>
- <para>
- Return whether a rule with <replaceable>priority</replaceable> and the arguments <replaceable>args</replaceable> exists in <replaceable>chain</replaceable> in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeChain(s: ipv, s: table, s: chain) → Nothing</term>
- <listitem>
- <para>
- Remove a <replaceable>chain</replaceable> from <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing</term>
- <listitem>
- <para>
- Remove a rule with <replaceable>priority</replaceable> and arguments <replaceable>args</replaceable> from <replaceable>chain</replaceable> in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeRules(s: ipv, s: table, s: chain) → Nothing</term>
- <listitem>
- <para>
- Remove all rules from <replaceable>chain</replaceable> in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.direct.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>ChainAdded(s: ipv, s: table, s: chain)</term>
- <listitem>
- <para>
- Emitted when <replaceable>chain</replaceable> has been changed into <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ChainRemoved(s: ipv, s: table, s: chain)</term>
- <listitem>
- <para>
- Emitted when <replaceable>chain</replaceable> has been changed from <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)</term>
- <listitem>
- <para>
- Emitted when a rule with <replaceable>args</replaceable> has been added to <replaceable>chain</replaceable> in <replaceable>table</replaceable> with <replaceable>priority</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)</term>
- <listitem>
- <para>
- Emitted when a rule with <replaceable>args</replaceable> has been removed from <replaceable>chain</replaceable> in <replaceable>table</replaceable> with <replaceable>priority</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- <refsect2 id="org.fedoraproject.FirewallD1.policies">
- <title>org.fedoraproject.FirewallD1.policies</title>
- <para>
- Enables firewalld to be able to lock down configuration changes from local applications.
- Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt).
- With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes.
- For permanent configuration see org.fedoraproject.FirewallD1.config.policies interface.
- </para>
-
- <refsect3 id="org.fedoraproject.FirewallD1.policies.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>addLockdownWhitelistCommand(s: command) → Nothing</term>
- <listitem>
- <para>
- Add <replaceable>command</replaceable> to whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addLockdownWhitelistContext(s: context) → Nothing</term>
- <listitem>
- <para>
- Add <replaceable>context</replaceable> to whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addLockdownWhitelistUid(i: uid) → Nothing</term>
- <listitem>
- <para>
- Add user id <replaceable>uid</replaceable> to whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addLockdownWhitelistUser(s: user) → Nothing</term>
- <listitem>
- <para>
- Add <replaceable>user</replaceable> to whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>disableLockdown() → Nothing</term>
- <listitem>
- <para>
- Disable lockdown.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>enableLockdown() → Nothing</term>
- <listitem>
- <para>
- Enable lockdown.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getLockdownWhitelistCommands() → as</term>
- <listitem>
- <para>
- List all command lines that are on whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getLockdownWhitelistContexts() → as</term>
- <listitem>
- <para>
- List all contexts that are on whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getLockdownWhitelistUids() → ai</term>
- <listitem>
- <para>
- List all user ids that are on whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getLockdownWhitelistUsers() → as</term>
- <listitem>
- <para>
- List all users that are on whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryLockdown() → b</term>
- <listitem>
- <para>
- Query whether lockdown is enabled.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryLockdownWhitelistCommand(s: command) → b</term>
- <listitem>
- <para>
- Query whether <replaceable>command</replaceable> is on whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryLockdownWhitelistContext(s: context) → b</term>
- <listitem>
- <para>
- Query whether <replaceable>context</replaceable> is on whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryLockdownWhitelistUid(i: uid) → b</term>
- <listitem>
- <para>
- Query whether user id <replaceable>uid</replaceable> is on whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryLockdownWhitelistUser(s: user) → b</term>
- <listitem>
- <para>
- Query whether <replaceable>user</replaceable> is on whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeLockdownWhitelistCommand(s: command) → Nothing</term>
- <listitem>
- <para>
- Remove <replaceable>command</replaceable> from whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeLockdownWhitelistContext(s: context) → Nothing</term>
- <listitem>
- <para>
- Remove <replaceable>context</replaceable> from whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeLockdownWhitelistUid(i: uid) → Nothing</term>
- <listitem>
- <para>
- Remove user id <replaceable>uid</replaceable> from whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeLockdownWhitelistUser(s: user) → Nothing</term>
- <listitem>
- <para>
- Remove <replaceable>user</replaceable> from whitelist.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.policies.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>LockdownDisabled()</term>
- <listitem>
- <para>
- Emitted when lockdown has been disabled.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>LockdownEnabled()</term>
- <listitem>
- <para>
- Emitted when lockdown has been enabled.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>LockdownWhitelistCommandAdded(s: command)</term>
- <listitem>
- <para>
- Emitted when <replaceable>command</replaceable> has been added to whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>LockdownWhitelistCommandRemoved(s: command)</term>
- <listitem>
- <para>
- Emitted when <replaceable>command</replaceable> has been removed from whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>LockdownWhitelistContextAdded(s: context)</term>
- <listitem>
- <para>
- Emitted when <replaceable>context</replaceable> has been added to whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>LockdownWhitelistContextRemoved(s: context)</term>
- <listitem>
- <para>
- Emitted when <replaceable>context</replaceable> has been removed from whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>LockdownWhitelistUidAdded(i: uid)</term>
- <listitem>
- <para>
- Emitted when user id <replaceable>uid</replaceable> has been added to whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>LockdownWhitelistUidRemoved(i: uid)</term>
- <listitem>
- <para>
- Emitted when user id <replaceable>uid</replaceable> has been removed from whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>LockdownWhitelistUserAdded(s: user)</term>
- <listitem>
- <para>
- Emitted when <replaceable>user</replaceable> has been added to whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>LockdownWhitelistUserRemoved(s: user)</term>
- <listitem>
- <para>
- Emitted when <replaceable>user</replaceable> has been removed from whitelist.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- <refsect2 id="org.fedoraproject.FirewallD1.zone">
- <title>org.fedoraproject.FirewallD1.zone</title>
- <para>
- Operations in this interface allows to get, add, remove and query runtime zone's settings.
- For permanent configuration see org.fedoraproject.FirewallD1.config.zone interface.
- </para>
-
- <refsect3 id="org.fedoraproject.FirewallD1.zone.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s</term>
- <listitem>
- <para>
- Add the IPv4 forward port for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- The port can either be a single port number <replaceable>portid</replaceable> or a port range <replaceable>portid</replaceable>-<replaceable>portid</replaceable>.
- The protocol can either be <literal>tcp</literal> or <literal>udp</literal>.
- The destination address is a simple IP address.
- If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
- </para>
- <para>
- Returns name of zone to which the forward port was added.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addIcmpBlock(s: zone, s: icmp, i: timeout) → s</term>
- <listitem>
- <para>
- Add an ICMP block <replaceable>icmp</replaceable> for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
- </para>
- <para>
- Returns name of zone to which the ICMP block was added.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addInterface(s: zone, s: interface) → s</term>
- <listitem>
- <para>
- Bind <replaceable>interface</replaceable> to <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone to which the interface was bound.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addMasquerade(s: zone, i: timeout) → s</term>
- <listitem>
- <para>
- Enable IPv4 masquerade for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- If <replaceable>timeout</replaceable> is non-zero, masquerading will be active for the amount of seconds.
- </para>
- <para>
- Returns name of zone in which the masquerade was enabled.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addPort(s: zone, s: port, s: protocol, i: timeout) → s</term>
- <listitem>
- <para>
- Add port for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- The port can either be a single port number or a port range <replaceable>portid</replaceable>-<replaceable>portid</replaceable>.
- The protocol can either be <literal>tcp</literal> or <literal>udp</literal>.
- If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
- </para>
- <para>
- Returns name of zone to which the port was added.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addRichRule(s: zone, s: rule, i: timeout) → s</term>
- <listitem>
- <para>
- Add rich language <replaceable>rule</replaceable> for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
- </para>
- <para>
- Returns name of zone to which the rich language rule was added.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addService(s: zone, s: service, i: timeout) → s</term>
- <listitem>
- <para>
- Add <replaceable>service</replaceable> for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
- </para>
- <para>
- Returns name of zone to which the service was added.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addSource(s: zone, s: source) → s</term>
- <listitem>
- <para>
- Bind <replaceable>source</replaceable> to <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone to which the source was bound.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>changeZone(s: zone, s: interface) → s</term>
- <listitem>
- <para>
- This function is deprecated, use changeZoneOfInterface instead.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>changeZoneOfInterface(s: zone, s: interface) → s</term>
- <listitem>
- <para>
- Change a zone an <replaceable>interface</replaceable> is part of to <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>changeZoneOfSource(s: zone, s: source) → s</term>
- <listitem>
- <para>
- Change a zone an <replaceable>source</replaceable> is part of to <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getActiveZones() → a{sa{sas}}</term>
- <listitem>
- <para>
- Return dictionary of currently active zones altogether with interfaces and sources used in these zones.
- Active zones are zones, that have a binding to an interface or source.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getForwardPorts(s: zone) → aas</term>
- <listitem>
- <para>
- Return list of IPv4 forward ports added for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getIcmpBlocks(s: zone) → as</term>
- <listitem>
- <para>
- Return list of Internet Control Message Protocol (ICMP) type blocks added for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getInterfaces(s: zone) → as</term>
- <listitem>
- <para>
- Return list of interfaces of a <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getPorts(s: zone) → aas</term>
- <listitem>
- <para>
- Return list of enabled ports in a <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getRichRules(s: zone) → as</term>
- <listitem>
- <para>
- Return list of rich language rules added for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getServices(s: zone) → as</term>
- <listitem>
- <para>
- Return list of enabled services in a <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getSources(s: zone) → as</term>
- <listitem>
- <para>
- Return list of sources of a <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getZoneOfInterface(s: interface) → s</term>
- <listitem>
- <para>
- Return name of zone the <replaceable>interface</replaceable> is bound to or empty string.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getZoneOfSource(s: source) → s</term>
- <listitem>
- <para>
- Return name of zone the <replaceable>source</replaceable> is bound to or empty string.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getZones() → as</term>
- <listitem>
- <para>
- Return names of predefined zones.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>isImmutable(s: zone) → b</term>
- <listitem>
- <para>
- Deprecated.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b</term>
- <listitem>
- <para>
- Return whether the IPv4 forward port has been added for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryIcmpBlock(s: zone, s: icmp) → b</term>
- <listitem>
- <para>
- Return whether an ICMP block for <replaceable>icmp</replaceable> has been added for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryInterface(s: zone, s: interface) → b</term>
- <listitem>
- <para>
- Query whether <replaceable>interface</replaceable> has been bound to <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryMasquerade(s: zone) → b</term>
- <listitem>
- <para>
- Return whether IPv4 masquerading has been enabled for <replaceable>zone</replaceable>
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryPort(s: zone, s: port, s: protocol) → b</term>
- <listitem>
- <para>
- Return whether <replaceable>port</replaceable>/<replaceable>protocol</replaceable> has been added for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryRichRule(s: zone, s: rule) → b</term>
- <listitem>
- <para>
- Return whether rich rule <replaceable>rule</replaceable> has been added for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>queryService(s: zone, s: service) → b</term>
- <listitem>
- <para>
- Return whether <replaceable>service</replaceable> has been added for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>querySource(s: zone, s: source) → b</term>
- <listitem>
- <para>
- Query whether <replaceable>source</replaceable>has been bound to <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s</term>
- <listitem>
- <para>
- Remove IPv4 forward port from <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone from which the forward port was removed.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeIcmpBlock(s: zone, s: icmp) → s</term>
- <listitem>
- <para>
- Remove ICMP block <replaceable>icmp</replaceable> from <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone from which the ICMP block was removed.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeInterface(s: zone, s: interface) → s</term>
- <listitem>
- <para>
- Remove binding of <replaceable>interface</replaceable> from <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeMasquerade(s: zone) → s</term>
- <listitem>
- <para>
- Disable IPv4 masquerade for <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone for which the masquerade was disabled.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removePort(s: zone, s: port, s: protocol) → s</term>
- <listitem>
- <para>
- Remove port from <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone from which the port was removed.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeRichRule(s: zone, s: rule) → s</term>
- <listitem>
- <para>
- Remove rich language <replaceable>rule</replaceable> from <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone from which the rich language rule was removed.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeService(s: zone, s: service) → s</term>
- <listitem>
- <para>
- Remove <replaceable>service</replaceable> from <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone from which the service was removed.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>removeSource(s: zone, s: source) → s</term>
- <listitem>
- <para>
- Remove binding of <replaceable>source</replaceable> from <replaceable>zone</replaceable>.
- If <replaceable>zone</replaceable> is empty, use default zone.
- </para>
- <para>
- Returns name of zone.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.zone.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout)</term>
- <listitem>
- <para>
- Emitted when forward port has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr)</term>
- <listitem>
- <para>
- Emitted when forward port has been removed from <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>IcmpBlockAdded(s: zone, s: icmp, i: timeout)</term>
- <listitem>
- <para>
- Emitted when ICMP block for <replaceable>icmp</replaceable> has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>IcmpBlockRemoved(s: zone, s: icmp)</term>
- <listitem>
- <para>
- Emitted when ICMP block for <replaceable>icmp</replaceable> has been removed from <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>InterfaceAdded(s: zone, s: interface)</term>
- <listitem>
- <para>
- Emitted when <replaceable>interface</replaceable> has been added to <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>InterfaceRemoved(s: zone, s: interface)</term>
- <listitem>
- <para>
- Emitted when <replaceable>interface</replaceable> has been removed from <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>MasqueradeAdded(s: zone, i: timeout)</term>
- <listitem>
- <para>
- Emitted when IPv4 masquerade has been enabled for <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>MasqueradeRemoved(s: zone)</term>
- <listitem>
- <para>
- Emitted when IPv4 masquerade has been disabled for <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PortAdded(s: zone, s: port, s: protocol, i: timeout)</term>
- <listitem>
- <para>
- Emitted when <replaceable>port</replaceable>/<replaceable>protocol</replaceable> has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PortRemoved(s: zone, s: port, s: protocol)</term>
- <listitem>
- <para>
- Emitted when <replaceable>port</replaceable>/<replaceable>protocol</replaceable> has been removed from <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>RichRuleAdded(s: zone, s: rule, i: timeout)</term>
- <listitem>
- <para>
- Emitted when rich language <replaceable>rule</replaceable> has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>RichRuleRemoved(s: zone, s: rule)</term>
- <listitem>
- <para>
- Emitted when rich language <replaceable>rule</replaceable> has been removed from <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ServiceAdded(s: zone, s: service, i: timeout)</term>
- <listitem>
- <para>
- Emitted when <replaceable>service</replaceable> has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ServiceRemoved(s: zone, s: service)</term>
- <listitem>
- <para>
- Emitted when <replaceable>service</replaceable> has been removed from <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>SourceAdded(s: zone, s: source)</term>
- <listitem>
- <para>
- Emitted when <replaceable>source</replaceable> has been added to <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>SourceRemoved(s: zone, s: source)</term>
- <listitem>
- <para>
- Emitted when <replaceable>source</replaceable> has been removed from <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ZoneChanged(s: zone, s: interface)</term>
- <listitem>
- <para>
- Deprecated
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ZoneOfInterfaceChanged(s: zone, s: interface)</term>
- <listitem>
- <para>
- Emitted when a zone an <replaceable>interface</replaceable> is part of has been changed to <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ZoneOfSourceChanged(s: zone, s: source)</term>
- <listitem>
- <para>
- Emitted when a zone an <replaceable>source</replaceable> is part of has been changed to <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- <refsect2 id="org.fedoraproject.FirewallD1.config">
- <title>org.fedoraproject.FirewallD1.config</title>
- <para>
- Allows to permanently add, remove and query zones, services and icmp types.
- </para>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>addIcmpType(s: icmptype, (sssas): settings) → o</term>
- <listitem>
- <para>
- Add <replaceable>icmptype</replaceable> with given <replaceable>settings</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addService(s: service, (sssa(ss)asa{ss}): settings) → o</term>
- <listitem>
- <para>
- Add <replaceable>service</replaceable> with given <replaceable>settings</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>addZone(s: zone, (sssbsasa(ss)asba(ssss)asasas): settings) → o</term>
- <listitem>
- <para>
- Add <replaceable>zone</replaceable> with given <replaceable>settings</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getIcmpTypeByName(s: icmptype) → o</term>
- <listitem>
- <para>
- Return object path of <replaceable>icmptype</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getServiceByName(s: service) → o</term>
- <listitem>
- <para>
- Return object path of <replaceable>service</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getZoneByName(s: zone) → o</term>
- <listitem>
- <para>
- Return object path of <replaceable>zone</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getZoneOfInterface(s: iface) → s</term>
- <listitem>
- <para>
- Return name of zone the <replaceable>iface</replaceable> is bound to or empty string.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>getZoneOfSource(s: source) → s</term>
- <listitem>
- <para>
- Return name of zone the <replaceable>source</replaceable> is bound to or empty string.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>listIcmpTypes() → ao</term>
- <listitem>
- <para>
- List icmptypes objects paths.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>listServices() → ao</term>
- <listitem>
- <para>
- List services objects paths.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>listZones() → ao</term>
- <listitem>
- <para>
- List zones object paths.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>IcmpTypeAdded(s: icmptype)</term>
- <listitem>
- <para>
- Emitted when <replaceable>icmptype</replaceable> has been added.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ServiceAdded(s: service)</term>
- <listitem>
- <para>
- Emitted when <replaceable>service</replaceable> has been added.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ZoneAdded(s: zone)</term>
- <listitem>
- <para>
- Emitted when <replaceable>zone</replaceable> has been added.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.Properties">
- <title>Properties</title>
- <variablelist>
- <varlistentry>
- <term>CleanupOnExit - s - (rw)</term>
- <listitem>
- <para>
- If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>DefaultZone - s - (ro)</term>
- <listitem>
- <para>
- Default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Lockdown - s - (ro)</term>
- <listitem>
- <para>
- If this property is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>MinimalMark - i - (rw)</term>
- <listitem>
- <para>
- For some firewall settings several rules are needed in different tables to be able to handle packets in the correct way.
- To achieve that these packets are marked using the MARK target. With the MinimalMark property a block of marks can be reserved for private use; only marks over this value are used.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- <refsect2 id="org.fedoraproject.FirewallD1.config.direct">
- <title>org.fedoraproject.FirewallD1.config.direct</title>
- <para>
- Interface for permanent direct configuration <citerefentry><refentrytitle>firewalld.direct</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For runtime direct configuration see org.fedoraproject.FirewallD1.direct interface.
- </para>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.direct.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>getSettings() → (a(sss)a(sssias)a(sas))</term>
- <listitem>
- <para>
- Get settings of permanent direct configuration.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>update((a(sss)a(sssias)a(sas)): settings) → Nothing</term>
- <listitem>
- <para>
- Update permanent direct configuration with given <replaceable>settings</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.direct.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>Updated()</term>
- <listitem>
- <para>
- Emitted when configuration has been updated.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- <refsect2 id="org.fedoraproject.FirewallD1.config.policies">
- <title>org.fedoraproject.FirewallD1.config.policies</title>
- <para>
- Interface for permanent lockdown-whitelist configuration <citerefentry><refentrytitle>firewalld.lockdown</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
- For runtime configuration see org.fedoraproject.FirewallD1.policies interface.
- </para>
- <refsect3 id="org.fedoraproject.FirewallD1.config.policies.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>getLockdownWhitelist() → (asasasai)</term>
- <listitem>
- <para>
- Get settings of permanent lockdown-whitelist configuration.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>setLockdownWhitelist((asasasai): settings) → Nothing</term>
- <listitem>
- <para>
- Set permanent lockdown-whitelist configuration to <replaceable>settings</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.policies.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>LockdownWhitelistUpdated()</term>
- <listitem>
- <para>
- Emitted when permanent lockdown-whitelist configuration has been updated.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- <refsect2 id="org.fedoraproject.FirewallD1.config.zone">
- <title>org.fedoraproject.FirewallD1.config.zone</title>
- <para>
- Interface for permanent zone configuration <citerefentry><refentrytitle>firewalld.zone</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
- </para>
- <refsect3 id="org.fedoraproject.FirewallD1.config.zone.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>getSettings() → (sssbsasa(ss)asba(ssss)asasas)</term>
- <listitem>
- <para>
- Return permanent settings of a zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>loadDefaults() → Nothing</term>
- <listitem>
- <para>
- Load default settings for built-in zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>remove() → Nothing</term>
- <listitem>
- <para>
- Remove not built-in zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>rename(s: name) → Nothing</term>
- <listitem>
- <para>
- Rename not built-in zone to <replaceable>name</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>update((sssbsasa(ss)asba(ssss)asasas): settings) → Nothing</term>
- <listitem>
- <para>
- Update settings of zone to <replaceable>settings</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.zone.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>Removed(s: name)</term>
- <listitem>
- <para>
- Emitted when zone with <replaceable>name</replaceable> has been removed.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Renamed(s: name)</term>
- <listitem>
- <para>
- Emitted when zone has been renamed to <replaceable>name</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Updated(s: name)</term>
- <listitem>
- <para>
- Emitted when zone with <replaceable>name</replaceable> has been updated.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.zone.Properties">
- <title>Properties</title>
- <variablelist>
- <varlistentry>
- <term>default - b - (ro)</term>
- <listitem>
- <para>
- True if build-in zone has default settings. False if it has been modified. Always False for not build-in zones.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>filename - s - (ro)</term>
- <listitem>
- <para>
- Name (including .xml extension) of file where the configuration is stored.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>name - s - (ro)</term>
- <listitem>
- <para>
- Name of zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>path - s - (ro)</term>
- <listitem>
- <para>
- Path to directory where the zone configuration is stored. Should be either /usr/lib/firewalld/zones or /etc/firewalld/zones.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- <refsect2 id="org.fedoraproject.FirewallD1.config.service">
- <title>org.fedoraproject.FirewallD1.config.service</title>
- <para>
- Interface for permanent service configuration <citerefentry><refentrytitle>firewalld.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
- </para>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.service.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>getSettings() → (sssa(ss)asa{ss})</term>
- <listitem>
- <para>
- Return permanent settings of a service.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>loadDefaults() → Nothing</term>
- <listitem>
- <para>
- Load default settings for built-in service.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>remove() → Nothing</term>
- <listitem>
- <para>
- Remove not built-in zone.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>rename(s: name) → Nothing</term>
- <listitem>
- <para>
- Rename not built-in service to <replaceable>name</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>update((sssa(ss)asa{ss}): settings) → Nothing</term>
- <listitem>
- <para>
- Update settings of service to <replaceable>settings</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.service.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>Removed(s: name)</term>
- <listitem>
- <para>
- Emitted when service with <replaceable>name</replaceable> has been removed.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Renamed(s: name)</term>
- <listitem>
- <para>
- Emitted when service has been renamed to <replaceable>name</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Updated(s: name)</term>
- <listitem>
- <para>
- Emitted when service with <replaceable>name</replaceable> has been updated.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.service.Properties">
- <title>Properties</title>
- <variablelist>
- <varlistentry>
- <term>default - b - (ro)</term>
- <listitem>
- <para>
- True if build-in service has default settings. False if it has been modified. Always False for not build-in services.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>filename - s - (ro)</term>
- <listitem>
- <para>
- Name (including .xml extension) of file where the configuration is stored.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>name - s - (ro)</term>
- <listitem>
- <para>
- Name of service.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>path - s - (ro)</term>
- <listitem>
- <para>
- Path to directory where the configuration is stored. Should be either /usr/lib/firewalld/services or /etc/firewalld/services.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- <refsect2 id="org.fedoraproject.FirewallD1.config.icmptype">
- <title>org.fedoraproject.FirewallD1.config.icmptype</title>
- <para>
- Interface for permanent icmp type configuration <citerefentry><refentrytitle>firewalld.icmptype</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
- </para>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.icmptype.Methods">
- <title>Methods</title>
- <variablelist>
- <varlistentry>
- <term>getSettings() → (sssas)</term>
- <listitem>
- <para>
- Return permanent settings of a icmp type.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>loadDefaults() → Nothing</term>
- <listitem>
- <para>
- Load default settings for built-in icmp type.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>remove() → Nothing</term>
- <listitem>
- <para>
- Remove not built-in icmp type.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>rename(s: name) → Nothing</term>
- <listitem>
- <para>
- Rename not built-in icmp type to <replaceable>name</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>update((sssas): settings) → Nothing</term>
- <listitem>
- <para>
- Update settings of icmp type to <replaceable>settings</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.icmptype.Signals">
- <title>Signals</title>
- <variablelist>
- <varlistentry>
- <term>Removed(s: name)</term>
- <listitem>
- <para>
- Emitted when icmp type with <replaceable>name</replaceable> has been removed.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Renamed(s: name)</term>
- <listitem>
- <para>
- Emitted when icmp type has been renamed to <replaceable>name</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Updated(s: name)</term>
- <listitem>
- <para>
- Emitted when icmp type with <replaceable>name</replaceable> has been updated.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
-
- <refsect3 id="org.fedoraproject.FirewallD1.config.icmptype.Properties">
- <title>Properties</title>
- <variablelist>
- <varlistentry>
- <term>default - b - (ro)</term>
- <listitem>
- <para>
- True if build-in icmp type has default settings. False if it has been modified. Always False for not build-in zones.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>filename - s - (ro)</term>
- <listitem>
- <para>
- Name (including .xml extension) of file where the configuration is stored.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>name - s - (ro)</term>
- <listitem>
- <para>
- Name of icmp type.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>path - s - (ro)</term>
- <listitem>
- <para>
- Path to directory where the icmp type configuration is stored. Should be either /usr/lib/firewalld/icmptypes or /etc/firewalld/icmptypes.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect3>
- </refsect2>
-
- </refsect1>
-
- &seealso;
-
- ¬es;
-
-</refentry>
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+[
+<!ENTITY authors SYSTEM "authors.xml">
+<!ENTITY seealso SYSTEM "seealso.xml">
+<!ENTITY notes SYSTEM "notes.xml">
+]>
+
+<!--
+ This file is part of firewalld.
+
+ Copyright (C) 2010-2013 Red Hat, Inc.
+ Authors:
+ Thomas Woerner <twoerner@redhat.com>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+-->
+
+<refentry id="firewalld.dbus">
+
+ <refentryinfo>
+ <title>firewalld.dbus</title>
+ <productname>firewalld</productname>
+ &authors;
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>firewalld.dbus</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>firewalld.dbus</refname>
+ <refpurpose>firewalld D-Bus interface description</refpurpose>
+ </refnamediv>
+
+ <refsect1 id="object-paths">
+ <title>Object Paths</title>
+ <para>
+ This is the basic firewalld object path structure. The used interfaces are explained below in the INTERFACES section.
+ </para>
+ <programlisting>
+/org/fedoraproject/FirewallD1
+ Interfaces
+ org.fedoraproject.FirewallD1
+ org.fedoraproject.FirewallD1.direct
+ org.fedoraproject.FirewallD1.policies
+ org.fedoraproject.FirewallD1.zone
+ org.freedesktop.DBus.Introspectable
+ org.freedesktop.DBus.Properties
+
+/org/fedoraproject/FirewallD1/config
+ Interfaces
+ org.fedoraproject.FirewallD1.config
+ org.fedoraproject.FirewallD1.config.direct
+ org.fedoraproject.FirewallD1.config.policies
+ org.freedesktop.DBus.Introspectable
+ org.freedesktop.DBus.Properties
+
+/org/fedoraproject/FirewallD1/config/icmptype/i
+ Interfaces
+ org.fedoraproject.FirewallD1.config.icmptype
+ org.freedesktop.DBus.Introspectable
+ org.freedesktop.DBus.Properties
+
+/org/fedoraproject/FirewallD1/config/service/i
+ Interfaces:
+ org.fedoraproject.FirewallD1.config.service
+ org.freedesktop.DBus.Introspectable
+ org.freedesktop.DBus.Properties
+
+/org/fedoraproject/FirewallD1/config/zone/i
+ Interfaces
+ org.fedoraproject.FirewallD1.config.zone
+ org.freedesktop.DBus.Introspectable
+ org.freedesktop.DBus.Properties
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="interfaces">
+ <title>Interfaces</title>
+
+ <para>
+ </para>
+
+
+ <refsect2 id="org.fedoraproject.FirewallD1">
+ <title>org.fedoraproject.FirewallD1</title>
+ <para>
+ This interface contains general runtime operations, like: reloading, panic mode, default zone, getting services and icmp types and their settings.
+ </para>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>completeReload() → Nothing</term>
+ <listitem>
+ <para>
+ Reload firewall completely, even netfilter kernel modules.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>disablePanicMode() → Nothing</term>
+ <listitem>
+ <para>
+ Disable panic mode.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>enablePanicMode() → Nothing</term>
+ <listitem>
+ <para>
+ Enable panic mode.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getDefaultZone() → s</term>
+ <listitem>
+ <para>
+ Return default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getIcmpTypeSettings(s: icmptype) → (sssas)</term>
+ <listitem>
+ <para>
+ Return <replaceable>icmptype</replaceable> settings in format: version, name, description, array of destinations
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getServiceSettings(s: service) → (sssa(ss)asa{ss})</term>
+ <listitem>
+ <para>
+ Return <replaceable>service</replaceable> settings in format: version, name, description, array of ports (port, protocol), array of module names, destinations {IP family : IP address}
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>listIcmpTypes() → as</term>
+ <listitem>
+ <para>
+ Return list of icmptype names.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>listServices() → as</term>
+ <listitem>
+ <para>
+ Return list of service names.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryPanicMode() → b</term>
+ <listitem>
+ <para>
+ Return true if panic mode is enabled, false otherwise.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>reload() → Nothing</term>
+ <listitem>
+ <para>
+ Reload firewall rules and keep state information.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>setDefaultZone(s: zone) → Nothing</term>
+ <listitem>
+ <para>
+ Set default zone to <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>DefaultZoneChanged(s: zone)</term>
+ <listitem>
+ <para>
+ Emitted when default zone has been changed to <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PanicModeDisabled()</term>
+ <listitem>
+ <para>
+ Emitted when panic mode has been deactivated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PanicModeEnabled()</term>
+ <listitem>
+ <para>
+ Emitted when panic mode has been activated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Reloaded()</term>
+ <listitem>
+ <para>
+ Emitted when firewalld has been reloaded. Also emitted for a complete reload.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.Properties">
+ <title>Properties</title>
+ <variablelist>
+ <varlistentry>
+ <term>BRIDGE - b - (ro)</term>
+ <listitem>
+ <para>
+ Indicates whether the firewall has ethernet bridge support.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>IPv4 - b - (ro)</term>
+ <listitem>
+ <para>
+ Indicates whether the firewall has IPv4 support.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>IPv6 - b - (ro)</term>
+ <listitem>
+ <para>
+ Indicates whether the firewall has IPv6 support.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>interface_version - s - (ro)</term>
+ <listitem>
+ <para>
+ firewalld D-Bus interface version string.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>state - s - (ro)</term>
+ <listitem>
+ <para>
+ firewalld state. This can be either <literal>INIT</literal> or <literal>RUNNING</literal>. In <literal>INIT</literal> state, firewalld is starting up and initializing.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>version - s - (ro)</term>
+ <listitem>
+ <para>
+ firewalld version string.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ <refsect2 id="org.fedoraproject.FirewallD1.direct">
+ <title>org.fedoraproject.FirewallD1.direct</title>
+ <para>
+ This interface enables more direct access to the firewall. It enables runtime manipulation with chains and rules. For permanent configuration see org.fedoraproject.FirewallD1.config.direct interface.
+ </para>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.direct.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>addChain(s: ipv, s: table, s: chain) → Nothing</term>
+ <listitem>
+ <para>
+ Add a new <replaceable>chain</replaceable> to <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing</term>
+ <listitem>
+ <para>
+ Add a rule with the arguments <replaceable>args</replaceable> to <replaceable>chain</replaceable> in <replaceable>table</replaceable> with <replaceable>priority</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getAllChains() → a(sss)</term>
+ <listitem>
+ <para>
+ Get all chains added to all tables in format: ipv, table, chain.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getAllRules() → a(sssias)</term>
+ <listitem>
+ <para>
+ Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getChains(s: ipv, s: table) → as</term>
+ <listitem>
+ <para>
+ Get all chains added to <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getRules(s: ipv, s: table, s: chain) → a(ias)</term>
+ <listitem>
+ <para>
+ Get all rules added to <replaceable>chain</replaceable> in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>passthrough(s: ipv, as: args) → s</term>
+ <listitem>
+ <para>
+ Pass a command through to the firewall. <replaceable>ipv</replaceable> can be either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>. <replaceable>args</replaceable> can be all <command>iptables</command>, <command>ip6tables</command> and <command>ebtables</command> command line arguments.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryChain(s: ipv, s: table, s: chain) → b</term>
+ <listitem>
+ <para>
+ Return whether a <replaceable>chain</replaceable> exists in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b</term>
+ <listitem>
+ <para>
+ Return whether a rule with <replaceable>priority</replaceable> and the arguments <replaceable>args</replaceable> exists in <replaceable>chain</replaceable> in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeChain(s: ipv, s: table, s: chain) → Nothing</term>
+ <listitem>
+ <para>
+ Remove a <replaceable>chain</replaceable> from <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing</term>
+ <listitem>
+ <para>
+ Remove a rule with <replaceable>priority</replaceable> and arguments <replaceable>args</replaceable> from <replaceable>chain</replaceable> in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeRules(s: ipv, s: table, s: chain) → Nothing</term>
+ <listitem>
+ <para>
+ Remove all rules from <replaceable>chain</replaceable> in <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.direct.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>ChainAdded(s: ipv, s: table, s: chain)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>chain</replaceable> has been changed into <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ChainRemoved(s: ipv, s: table, s: chain)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>chain</replaceable> has been changed from <replaceable>table</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args)</term>
+ <listitem>
+ <para>
+ Emitted when a rule with <replaceable>args</replaceable> has been added to <replaceable>chain</replaceable> in <replaceable>table</replaceable> with <replaceable>priority</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args)</term>
+ <listitem>
+ <para>
+ Emitted when a rule with <replaceable>args</replaceable> has been removed from <replaceable>chain</replaceable> in <replaceable>table</replaceable> with <replaceable>priority</replaceable> for <replaceable>ipv</replaceable> being either <literal>ipv4</literal> or <literal>ipv6</literal> or <literal>eb</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ <refsect2 id="org.fedoraproject.FirewallD1.policies">
+ <title>org.fedoraproject.FirewallD1.policies</title>
+ <para>
+ Enables firewalld to be able to lock down configuration changes from local applications.
+ Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt).
+ With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes.
+ For permanent configuration see org.fedoraproject.FirewallD1.config.policies interface.
+ </para>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.policies.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>addLockdownWhitelistCommand(s: command) → Nothing</term>
+ <listitem>
+ <para>
+ Add <replaceable>command</replaceable> to whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addLockdownWhitelistContext(s: context) → Nothing</term>
+ <listitem>
+ <para>
+ Add <replaceable>context</replaceable> to whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addLockdownWhitelistUid(i: uid) → Nothing</term>
+ <listitem>
+ <para>
+ Add user id <replaceable>uid</replaceable> to whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addLockdownWhitelistUser(s: user) → Nothing</term>
+ <listitem>
+ <para>
+ Add <replaceable>user</replaceable> to whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>disableLockdown() → Nothing</term>
+ <listitem>
+ <para>
+ Disable lockdown.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>enableLockdown() → Nothing</term>
+ <listitem>
+ <para>
+ Enable lockdown.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getLockdownWhitelistCommands() → as</term>
+ <listitem>
+ <para>
+ List all command lines that are on whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getLockdownWhitelistContexts() → as</term>
+ <listitem>
+ <para>
+ List all contexts that are on whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getLockdownWhitelistUids() → ai</term>
+ <listitem>
+ <para>
+ List all user ids that are on whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getLockdownWhitelistUsers() → as</term>
+ <listitem>
+ <para>
+ List all users that are on whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryLockdown() → b</term>
+ <listitem>
+ <para>
+ Query whether lockdown is enabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryLockdownWhitelistCommand(s: command) → b</term>
+ <listitem>
+ <para>
+ Query whether <replaceable>command</replaceable> is on whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryLockdownWhitelistContext(s: context) → b</term>
+ <listitem>
+ <para>
+ Query whether <replaceable>context</replaceable> is on whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryLockdownWhitelistUid(i: uid) → b</term>
+ <listitem>
+ <para>
+ Query whether user id <replaceable>uid</replaceable> is on whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryLockdownWhitelistUser(s: user) → b</term>
+ <listitem>
+ <para>
+ Query whether <replaceable>user</replaceable> is on whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeLockdownWhitelistCommand(s: command) → Nothing</term>
+ <listitem>
+ <para>
+ Remove <replaceable>command</replaceable> from whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeLockdownWhitelistContext(s: context) → Nothing</term>
+ <listitem>
+ <para>
+ Remove <replaceable>context</replaceable> from whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeLockdownWhitelistUid(i: uid) → Nothing</term>
+ <listitem>
+ <para>
+ Remove user id <replaceable>uid</replaceable> from whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeLockdownWhitelistUser(s: user) → Nothing</term>
+ <listitem>
+ <para>
+ Remove <replaceable>user</replaceable> from whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.policies.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>LockdownDisabled()</term>
+ <listitem>
+ <para>
+ Emitted when lockdown has been disabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LockdownEnabled()</term>
+ <listitem>
+ <para>
+ Emitted when lockdown has been enabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LockdownWhitelistCommandAdded(s: command)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>command</replaceable> has been added to whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LockdownWhitelistCommandRemoved(s: command)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>command</replaceable> has been removed from whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LockdownWhitelistContextAdded(s: context)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>context</replaceable> has been added to whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LockdownWhitelistContextRemoved(s: context)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>context</replaceable> has been removed from whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LockdownWhitelistUidAdded(i: uid)</term>
+ <listitem>
+ <para>
+ Emitted when user id <replaceable>uid</replaceable> has been added to whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LockdownWhitelistUidRemoved(i: uid)</term>
+ <listitem>
+ <para>
+ Emitted when user id <replaceable>uid</replaceable> has been removed from whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LockdownWhitelistUserAdded(s: user)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>user</replaceable> has been added to whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LockdownWhitelistUserRemoved(s: user)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>user</replaceable> has been removed from whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ <refsect2 id="org.fedoraproject.FirewallD1.zone">
+ <title>org.fedoraproject.FirewallD1.zone</title>
+ <para>
+ Operations in this interface allows to get, add, remove and query runtime zone's settings.
+ For permanent configuration see org.fedoraproject.FirewallD1.config.zone interface.
+ </para>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.zone.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s</term>
+ <listitem>
+ <para>
+ Add the IPv4 forward port for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ The port can either be a single port number <replaceable>portid</replaceable> or a port range <replaceable>portid</replaceable>-<replaceable>portid</replaceable>.
+ The protocol can either be <literal>tcp</literal> or <literal>udp</literal>.
+ The destination address is a simple IP address.
+ If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
+ </para>
+ <para>
+ Returns name of zone to which the forward port was added.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addIcmpBlock(s: zone, s: icmp, i: timeout) → s</term>
+ <listitem>
+ <para>
+ Add an ICMP block <replaceable>icmp</replaceable> for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
+ </para>
+ <para>
+ Returns name of zone to which the ICMP block was added.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addInterface(s: zone, s: interface) → s</term>
+ <listitem>
+ <para>
+ Bind <replaceable>interface</replaceable> to <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone to which the interface was bound.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addMasquerade(s: zone, i: timeout) → s</term>
+ <listitem>
+ <para>
+ Enable IPv4 masquerade for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ If <replaceable>timeout</replaceable> is non-zero, masquerading will be active for the amount of seconds.
+ </para>
+ <para>
+ Returns name of zone in which the masquerade was enabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addPort(s: zone, s: port, s: protocol, i: timeout) → s</term>
+ <listitem>
+ <para>
+ Add port for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ The port can either be a single port number or a port range <replaceable>portid</replaceable>-<replaceable>portid</replaceable>.
+ The protocol can either be <literal>tcp</literal> or <literal>udp</literal>.
+ If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
+ </para>
+ <para>
+ Returns name of zone to which the port was added.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addRichRule(s: zone, s: rule, i: timeout) → s</term>
+ <listitem>
+ <para>
+ Add rich language <replaceable>rule</replaceable> for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
+ </para>
+ <para>
+ Returns name of zone to which the rich language rule was added.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addService(s: zone, s: service, i: timeout) → s</term>
+ <listitem>
+ <para>
+ Add <replaceable>service</replaceable> for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ If <replaceable>timeout</replaceable> is non-zero, the operation will be active only for the amount of seconds.
+ </para>
+ <para>
+ Returns name of zone to which the service was added.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addSource(s: zone, s: source) → s</term>
+ <listitem>
+ <para>
+ Bind <replaceable>source</replaceable> to <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone to which the source was bound.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>changeZone(s: zone, s: interface) → s</term>
+ <listitem>
+ <para>
+ This function is deprecated, use changeZoneOfInterface instead.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>changeZoneOfInterface(s: zone, s: interface) → s</term>
+ <listitem>
+ <para>
+ Change a zone an <replaceable>interface</replaceable> is part of to <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>changeZoneOfSource(s: zone, s: source) → s</term>
+ <listitem>
+ <para>
+ Change a zone an <replaceable>source</replaceable> is part of to <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getActiveZones() → a{sa{sas}}</term>
+ <listitem>
+ <para>
+ Return dictionary of currently active zones altogether with interfaces and sources used in these zones.
+ Active zones are zones, that have a binding to an interface or source.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getForwardPorts(s: zone) → aas</term>
+ <listitem>
+ <para>
+ Return list of IPv4 forward ports added for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getIcmpBlocks(s: zone) → as</term>
+ <listitem>
+ <para>
+ Return list of Internet Control Message Protocol (ICMP) type blocks added for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getInterfaces(s: zone) → as</term>
+ <listitem>
+ <para>
+ Return list of interfaces of a <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getPorts(s: zone) → aas</term>
+ <listitem>
+ <para>
+ Return list of enabled ports in a <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getRichRules(s: zone) → as</term>
+ <listitem>
+ <para>
+ Return list of rich language rules added for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getServices(s: zone) → as</term>
+ <listitem>
+ <para>
+ Return list of enabled services in a <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getSources(s: zone) → as</term>
+ <listitem>
+ <para>
+ Return list of sources of a <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getZoneOfInterface(s: interface) → s</term>
+ <listitem>
+ <para>
+ Return name of zone the <replaceable>interface</replaceable> is bound to or empty string.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getZoneOfSource(s: source) → s</term>
+ <listitem>
+ <para>
+ Return name of zone the <replaceable>source</replaceable> is bound to or empty string.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getZones() → as</term>
+ <listitem>
+ <para>
+ Return names of predefined zones.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>isImmutable(s: zone) → b</term>
+ <listitem>
+ <para>
+ Deprecated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b</term>
+ <listitem>
+ <para>
+ Return whether the IPv4 forward port has been added for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryIcmpBlock(s: zone, s: icmp) → b</term>
+ <listitem>
+ <para>
+ Return whether an ICMP block for <replaceable>icmp</replaceable> has been added for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryInterface(s: zone, s: interface) → b</term>
+ <listitem>
+ <para>
+ Query whether <replaceable>interface</replaceable> has been bound to <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryMasquerade(s: zone) → b</term>
+ <listitem>
+ <para>
+ Return whether IPv4 masquerading has been enabled for <replaceable>zone</replaceable>
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryPort(s: zone, s: port, s: protocol) → b</term>
+ <listitem>
+ <para>
+ Return whether <replaceable>port</replaceable>/<replaceable>protocol</replaceable> has been added for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryRichRule(s: zone, s: rule) → b</term>
+ <listitem>
+ <para>
+ Return whether rich rule <replaceable>rule</replaceable> has been added for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>queryService(s: zone, s: service) → b</term>
+ <listitem>
+ <para>
+ Return whether <replaceable>service</replaceable> has been added for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>querySource(s: zone, s: source) → b</term>
+ <listitem>
+ <para>
+ Query whether <replaceable>source</replaceable>has been bound to <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s</term>
+ <listitem>
+ <para>
+ Remove IPv4 forward port from <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone from which the forward port was removed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeIcmpBlock(s: zone, s: icmp) → s</term>
+ <listitem>
+ <para>
+ Remove ICMP block <replaceable>icmp</replaceable> from <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone from which the ICMP block was removed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeInterface(s: zone, s: interface) → s</term>
+ <listitem>
+ <para>
+ Remove binding of <replaceable>interface</replaceable> from <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeMasquerade(s: zone) → s</term>
+ <listitem>
+ <para>
+ Disable IPv4 masquerade for <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone for which the masquerade was disabled.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removePort(s: zone, s: port, s: protocol) → s</term>
+ <listitem>
+ <para>
+ Remove port from <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone from which the port was removed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeRichRule(s: zone, s: rule) → s</term>
+ <listitem>
+ <para>
+ Remove rich language <replaceable>rule</replaceable> from <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone from which the rich language rule was removed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeService(s: zone, s: service) → s</term>
+ <listitem>
+ <para>
+ Remove <replaceable>service</replaceable> from <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone from which the service was removed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>removeSource(s: zone, s: source) → s</term>
+ <listitem>
+ <para>
+ Remove binding of <replaceable>source</replaceable> from <replaceable>zone</replaceable>.
+ If <replaceable>zone</replaceable> is empty, use default zone.
+ </para>
+ <para>
+ Returns name of zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.zone.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout)</term>
+ <listitem>
+ <para>
+ Emitted when forward port has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr)</term>
+ <listitem>
+ <para>
+ Emitted when forward port has been removed from <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>IcmpBlockAdded(s: zone, s: icmp, i: timeout)</term>
+ <listitem>
+ <para>
+ Emitted when ICMP block for <replaceable>icmp</replaceable> has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>IcmpBlockRemoved(s: zone, s: icmp)</term>
+ <listitem>
+ <para>
+ Emitted when ICMP block for <replaceable>icmp</replaceable> has been removed from <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>InterfaceAdded(s: zone, s: interface)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>interface</replaceable> has been added to <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>InterfaceRemoved(s: zone, s: interface)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>interface</replaceable> has been removed from <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>MasqueradeAdded(s: zone, i: timeout)</term>
+ <listitem>
+ <para>
+ Emitted when IPv4 masquerade has been enabled for <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>MasqueradeRemoved(s: zone)</term>
+ <listitem>
+ <para>
+ Emitted when IPv4 masquerade has been disabled for <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PortAdded(s: zone, s: port, s: protocol, i: timeout)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>port</replaceable>/<replaceable>protocol</replaceable> has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PortRemoved(s: zone, s: port, s: protocol)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>port</replaceable>/<replaceable>protocol</replaceable> has been removed from <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>RichRuleAdded(s: zone, s: rule, i: timeout)</term>
+ <listitem>
+ <para>
+ Emitted when rich language <replaceable>rule</replaceable> has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>RichRuleRemoved(s: zone, s: rule)</term>
+ <listitem>
+ <para>
+ Emitted when rich language <replaceable>rule</replaceable> has been removed from <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ServiceAdded(s: zone, s: service, i: timeout)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>service</replaceable> has been added to <replaceable>zone</replaceable> with <replaceable>timeout</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ServiceRemoved(s: zone, s: service)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>service</replaceable> has been removed from <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>SourceAdded(s: zone, s: source)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>source</replaceable> has been added to <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>SourceRemoved(s: zone, s: source)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>source</replaceable> has been removed from <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ZoneChanged(s: zone, s: interface)</term>
+ <listitem>
+ <para>
+ Deprecated
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ZoneOfInterfaceChanged(s: zone, s: interface)</term>
+ <listitem>
+ <para>
+ Emitted when a zone an <replaceable>interface</replaceable> is part of has been changed to <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ZoneOfSourceChanged(s: zone, s: source)</term>
+ <listitem>
+ <para>
+ Emitted when a zone an <replaceable>source</replaceable> is part of has been changed to <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ <refsect2 id="org.fedoraproject.FirewallD1.config">
+ <title>org.fedoraproject.FirewallD1.config</title>
+ <para>
+ Allows to permanently add, remove and query zones, services and icmp types.
+ </para>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>addIcmpType(s: icmptype, (sssas): settings) → o</term>
+ <listitem>
+ <para>
+ Add <replaceable>icmptype</replaceable> with given <replaceable>settings</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addService(s: service, (sssa(ss)asa{ss}): settings) → o</term>
+ <listitem>
+ <para>
+ Add <replaceable>service</replaceable> with given <replaceable>settings</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>addZone(s: zone, (sssbsasa(ss)asba(ssss)asasas): settings) → o</term>
+ <listitem>
+ <para>
+ Add <replaceable>zone</replaceable> with given <replaceable>settings</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getIcmpTypeByName(s: icmptype) → o</term>
+ <listitem>
+ <para>
+ Return object path of <replaceable>icmptype</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getServiceByName(s: service) → o</term>
+ <listitem>
+ <para>
+ Return object path of <replaceable>service</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getZoneByName(s: zone) → o</term>
+ <listitem>
+ <para>
+ Return object path of <replaceable>zone</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getZoneOfInterface(s: iface) → s</term>
+ <listitem>
+ <para>
+ Return name of zone the <replaceable>iface</replaceable> is bound to or empty string.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>getZoneOfSource(s: source) → s</term>
+ <listitem>
+ <para>
+ Return name of zone the <replaceable>source</replaceable> is bound to or empty string.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>listIcmpTypes() → ao</term>
+ <listitem>
+ <para>
+ List icmptypes objects paths.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>listServices() → ao</term>
+ <listitem>
+ <para>
+ List services objects paths.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>listZones() → ao</term>
+ <listitem>
+ <para>
+ List zones object paths.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>IcmpTypeAdded(s: icmptype)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>icmptype</replaceable> has been added.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ServiceAdded(s: service)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>service</replaceable> has been added.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ZoneAdded(s: zone)</term>
+ <listitem>
+ <para>
+ Emitted when <replaceable>zone</replaceable> has been added.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.Properties">
+ <title>Properties</title>
+ <variablelist>
+ <varlistentry>
+ <term>CleanupOnExit - s - (rw)</term>
+ <listitem>
+ <para>
+ If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>DefaultZone - s - (ro)</term>
+ <listitem>
+ <para>
+ Default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Lockdown - s - (ro)</term>
+ <listitem>
+ <para>
+ If this property is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>MinimalMark - i - (rw)</term>
+ <listitem>
+ <para>
+ For some firewall settings several rules are needed in different tables to be able to handle packets in the correct way.
+ To achieve that these packets are marked using the MARK target. With the MinimalMark property a block of marks can be reserved for private use; only marks over this value are used.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ <refsect2 id="org.fedoraproject.FirewallD1.config.direct">
+ <title>org.fedoraproject.FirewallD1.config.direct</title>
+ <para>
+ Interface for permanent direct configuration <citerefentry><refentrytitle>firewalld.direct</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For runtime direct configuration see org.fedoraproject.FirewallD1.direct interface.
+ </para>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.direct.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>getSettings() → (a(sss)a(sssias)a(sas))</term>
+ <listitem>
+ <para>
+ Get settings of permanent direct configuration.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>update((a(sss)a(sssias)a(sas)): settings) → Nothing</term>
+ <listitem>
+ <para>
+ Update permanent direct configuration with given <replaceable>settings</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.direct.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>Updated()</term>
+ <listitem>
+ <para>
+ Emitted when configuration has been updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ <refsect2 id="org.fedoraproject.FirewallD1.config.policies">
+ <title>org.fedoraproject.FirewallD1.config.policies</title>
+ <para>
+ Interface for permanent lockdown-whitelist configuration <citerefentry><refentrytitle>firewalld.lockdown</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ For runtime configuration see org.fedoraproject.FirewallD1.policies interface.
+ </para>
+ <refsect3 id="org.fedoraproject.FirewallD1.config.policies.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>getLockdownWhitelist() → (asasasai)</term>
+ <listitem>
+ <para>
+ Get settings of permanent lockdown-whitelist configuration.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>setLockdownWhitelist((asasasai): settings) → Nothing</term>
+ <listitem>
+ <para>
+ Set permanent lockdown-whitelist configuration to <replaceable>settings</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.policies.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>LockdownWhitelistUpdated()</term>
+ <listitem>
+ <para>
+ Emitted when permanent lockdown-whitelist configuration has been updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ <refsect2 id="org.fedoraproject.FirewallD1.config.zone">
+ <title>org.fedoraproject.FirewallD1.config.zone</title>
+ <para>
+ Interface for permanent zone configuration <citerefentry><refentrytitle>firewalld.zone</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ </para>
+ <refsect3 id="org.fedoraproject.FirewallD1.config.zone.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>getSettings() → (sssbsasa(ss)asba(ssss)asasas)</term>
+ <listitem>
+ <para>
+ Return permanent settings of a zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>loadDefaults() → Nothing</term>
+ <listitem>
+ <para>
+ Load default settings for built-in zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>remove() → Nothing</term>
+ <listitem>
+ <para>
+ Remove not built-in zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>rename(s: name) → Nothing</term>
+ <listitem>
+ <para>
+ Rename not built-in zone to <replaceable>name</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>update((sssbsasa(ss)asba(ssss)asasas): settings) → Nothing</term>
+ <listitem>
+ <para>
+ Update settings of zone to <replaceable>settings</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.zone.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>Removed(s: name)</term>
+ <listitem>
+ <para>
+ Emitted when zone with <replaceable>name</replaceable> has been removed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Renamed(s: name)</term>
+ <listitem>
+ <para>
+ Emitted when zone has been renamed to <replaceable>name</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Updated(s: name)</term>
+ <listitem>
+ <para>
+ Emitted when zone with <replaceable>name</replaceable> has been updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.zone.Properties">
+ <title>Properties</title>
+ <variablelist>
+ <varlistentry>
+ <term>default - b - (ro)</term>
+ <listitem>
+ <para>
+ True if build-in zone has default settings. False if it has been modified. Always False for not build-in zones.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>filename - s - (ro)</term>
+ <listitem>
+ <para>
+ Name (including .xml extension) of file where the configuration is stored.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>name - s - (ro)</term>
+ <listitem>
+ <para>
+ Name of zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>path - s - (ro)</term>
+ <listitem>
+ <para>
+ Path to directory where the zone configuration is stored. Should be either /usr/lib/firewalld/zones or /etc/firewalld/zones.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ <refsect2 id="org.fedoraproject.FirewallD1.config.service">
+ <title>org.fedoraproject.FirewallD1.config.service</title>
+ <para>
+ Interface for permanent service configuration <citerefentry><refentrytitle>firewalld.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ </para>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.service.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>getSettings() → (sssa(ss)asa{ss})</term>
+ <listitem>
+ <para>
+ Return permanent settings of a service.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>loadDefaults() → Nothing</term>
+ <listitem>
+ <para>
+ Load default settings for built-in service.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>remove() → Nothing</term>
+ <listitem>
+ <para>
+ Remove not built-in zone.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>rename(s: name) → Nothing</term>
+ <listitem>
+ <para>
+ Rename not built-in service to <replaceable>name</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>update((sssa(ss)asa{ss}): settings) → Nothing</term>
+ <listitem>
+ <para>
+ Update settings of service to <replaceable>settings</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.service.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>Removed(s: name)</term>
+ <listitem>
+ <para>
+ Emitted when service with <replaceable>name</replaceable> has been removed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Renamed(s: name)</term>
+ <listitem>
+ <para>
+ Emitted when service has been renamed to <replaceable>name</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Updated(s: name)</term>
+ <listitem>
+ <para>
+ Emitted when service with <replaceable>name</replaceable> has been updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.service.Properties">
+ <title>Properties</title>
+ <variablelist>
+ <varlistentry>
+ <term>default - b - (ro)</term>
+ <listitem>
+ <para>
+ True if build-in service has default settings. False if it has been modified. Always False for not build-in services.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>filename - s - (ro)</term>
+ <listitem>
+ <para>
+ Name (including .xml extension) of file where the configuration is stored.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>name - s - (ro)</term>
+ <listitem>
+ <para>
+ Name of service.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>path - s - (ro)</term>
+ <listitem>
+ <para>
+ Path to directory where the configuration is stored. Should be either /usr/lib/firewalld/services or /etc/firewalld/services.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ <refsect2 id="org.fedoraproject.FirewallD1.config.icmptype">
+ <title>org.fedoraproject.FirewallD1.config.icmptype</title>
+ <para>
+ Interface for permanent icmp type configuration <citerefentry><refentrytitle>firewalld.icmptype</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ </para>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.icmptype.Methods">
+ <title>Methods</title>
+ <variablelist>
+ <varlistentry>
+ <term>getSettings() → (sssas)</term>
+ <listitem>
+ <para>
+ Return permanent settings of a icmp type.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>loadDefaults() → Nothing</term>
+ <listitem>
+ <para>
+ Load default settings for built-in icmp type.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>remove() → Nothing</term>
+ <listitem>
+ <para>
+ Remove not built-in icmp type.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>rename(s: name) → Nothing</term>
+ <listitem>
+ <para>
+ Rename not built-in icmp type to <replaceable>name</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>update((sssas): settings) → Nothing</term>
+ <listitem>
+ <para>
+ Update settings of icmp type to <replaceable>settings</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.icmptype.Signals">
+ <title>Signals</title>
+ <variablelist>
+ <varlistentry>
+ <term>Removed(s: name)</term>
+ <listitem>
+ <para>
+ Emitted when icmp type with <replaceable>name</replaceable> has been removed.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Renamed(s: name)</term>
+ <listitem>
+ <para>
+ Emitted when icmp type has been renamed to <replaceable>name</replaceable>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Updated(s: name)</term>
+ <listitem>
+ <para>
+ Emitted when icmp type with <replaceable>name</replaceable> has been updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+
+ <refsect3 id="org.fedoraproject.FirewallD1.config.icmptype.Properties">
+ <title>Properties</title>
+ <variablelist>
+ <varlistentry>
+ <term>default - b - (ro)</term>
+ <listitem>
+ <para>
+ True if build-in icmp type has default settings. False if it has been modified. Always False for not build-in zones.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>filename - s - (ro)</term>
+ <listitem>
+ <para>
+ Name (including .xml extension) of file where the configuration is stored.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>name - s - (ro)</term>
+ <listitem>
+ <para>
+ Name of icmp type.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>path - s - (ro)</term>
+ <listitem>
+ <para>
+ Path to directory where the icmp type configuration is stored. Should be either /usr/lib/firewalld/icmptypes or /etc/firewalld/icmptypes.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect3>
+ </refsect2>
+
+ </refsect1>
+
+ &seealso;
+
+ ¬es;
+
+</refentry>
commit ffc70ef5072024020476ed092d92be514d77f988
Author: Thomas Woerner <twoerner@redhat.com>
Date: Tue Feb 11 16:08:18 2014 +0100
firewall-cmd: New --get-target and --set-target
--set-target is only usable with --permanent
diff --git a/doc/xml/firewall-cmd.xml b/doc/xml/firewall-cmd.xml
index b1b1a15..869b1e4 100644
--- a/doc/xml/firewall-cmd.xml
+++ b/doc/xml/firewall-cmd.xml
@@ -289,6 +289,24 @@
</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><option>--permanent</option> <option>--zone</option>=<replaceable>zone</replaceable> <option>--get-target</option></term>
+ <listitem>
+ <para>
+ Get the target of a permanent zone.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--permanent</option> <option>--zone</option>=<replaceable>zone</replaceable> <option>--set-target</option>=<replaceable>zone</replaceable></term>
+ <listitem>
+ <para>
+ Set the target of a permanent zone.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect2>
diff --git a/src/firewall-cmd b/src/firewall-cmd
index 3316883..029e2b7 100755
--- a/src/firewall-cmd
+++ b/src/firewall-cmd
@@ -90,6 +90,9 @@ Zone Options
--delete-zone=<zone> Delete an existing zone [P only]
--zone=<zone> Use this zone to set or query options, else default zone
Usable for options maked with [Z]
+ --get-target Get the zone target [P only]
+ --set-target=<target>
+ Set the zone target [P only]
IcmpType Options
--new-icmptype=<icmptype>
@@ -455,6 +458,8 @@ parser_group_zone.add_argument("--list-ports", action="store_true")
parser_group_zone.add_argument("--list-icmp-blocks", action="store_true")
parser_group_zone.add_argument("--list-forward-ports", action="store_true")
parser_group_zone.add_argument("--list-all", action="store_true")
+parser_group_zone.add_argument("--get-target", action="store_true")
+parser_group_zone.add_argument("--set-target", metavar="<target>")
parser.add_argument("--direct", action="store_true")
@@ -535,7 +540,7 @@ options_zone_adapt_query = \
a.add_masquerade or a.remove_masquerade or a.query_masquerade or \
a.list_services or a.list_ports or a.list_icmp_blocks or \
a.list_forward_ports or a.list_rich_rules or a.list_all or \
- a.list_forward_ports or a.list_rich_rules or a.list_all
+ a.get_target or a.set_target
options_zone_ops = options_zone_interfaces_sources or \
options_zone_action_action or options_zone_adapt_query
@@ -565,7 +570,8 @@ options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \
a.list_services or a.list_ports or a.list_icmp_blocks or a.list_forward_ports \
or a.list_rich_rules or a.list_interfaces or a.list_sources or \
a.get_default_zone or a.get_active_zones or a.get_zone_of_interface or \
- a.get_zone_of_source or a.get_zones or a.get_services or a.get_icmptypes
+ a.get_zone_of_source or a.get_zones or a.get_services or a.get_icmptypes or \
+ a.get_target or a.set_target
# Check various impossible combinations of options
@@ -598,6 +604,10 @@ if options_permanent_only and not a.permanent:
__fail(parser.format_usage() +
"Option can be used only with --permanent.")
+if a.set_target and not a.permanent:
+ __fail(parser.format_usage() +
+ "Option can be used only with --permanent.")
+
if options_config and options_zone:
__fail(parser.format_usage() +
"Wrong usage of --get-zones | --get-services | --get-icmptypes.")
@@ -982,6 +992,12 @@ if a.permanent:
elif a.query_icmp_block:
__print_query_result(fw_settings.queryIcmpBlock(a.query_icmp_block))
+ # zone target
+ elif a.get_target:
+ __print_and_exit(fw_settings.getTarget())
+ elif a.set_target:
+ fw_settings.setTarget(a.set_target)
+
# list all zone settings
elif a.list_all:
__list_all_permanent(fw_settings, zone if zone else fw.getDefaultZone())
@@ -1288,6 +1304,10 @@ elif a.remove_icmp_block:
elif a.query_icmp_block:
__print_query_result(fw.queryIcmpBlock(zone, a.query_icmp_block))
+# zone target
+elif a.get_target:
+ __print_and_exit(fw.getZoneSettings(zone).getTarget())
+
# list all
elif a.list_all:
__list_all(fw, zone if zone else fw.getDefaultZone())
commit a9770f96c216ee7f5d44d4b3d4f16055e4d3d3ad
Author: Thomas Woerner <twoerner@redhat.com>
Date: Tue Feb 11 15:56:59 2014 +0100
New DBUS_INTERFACE.getZoneSettings to get all run-time zone settings (ro)
diff --git a/doc/xml/firewalld.dbus.xml b/doc/xml/firewalld.dbus.xml
index 0742908..c2a8bcd 100644
--- a/doc/xml/firewalld.dbus.xml
+++ b/doc/xml/firewalld.dbus.xml
@@ -9,7 +9,7 @@
<!--
This file is part of firewalld.
- Copyright (C) 2010-2013 Red Hat, Inc.
+ Copyright (C) 2010-2014 Red Hat, Inc.
Authors:
Thomas Woerner <twoerner@redhat.com>
@@ -153,6 +153,14 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasas)</term>
+ <listitem>
+ <para>
+ Return <replaceable>zone</replaceable> settings in format: version, name, description, UNUSED boolean, target, array of services, array of ports (port, protocol), array of icmp-blocks, masquerade boolean, array of forward-ports (port, protocol, to-port, to-addr), array of interfaces, array of sources, array of rich rules
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>listIcmpTypes() → as</term>
<listitem>
<para>
diff --git a/src/firewall/client.py b/src/firewall/client.py
index 3168887..f9b016a 100644
--- a/src/firewall/client.py
+++ b/src/firewall/client.py
@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
-# Copyright (C) 2009,2010,2012 Red Hat, Inc.
+# Copyright (C) 2009-2014 Red Hat, Inc.
#
# Authors:
# Thomas Woerner <twoerner@redhat.com>
@@ -1229,6 +1229,12 @@ class FirewallClient(object):
@slip.dbus.polkit.enable_proxy
@handle_exceptions
+ def getZoneSettings(self, zone):
+ return FirewallClientZoneSettings(list(dbus_to_python(\
+ self.fw.getZoneSettings(zone))))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
def listServices(self):
return dbus_to_python(self.fw.listServices())
diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py
index 1e8ff45..4b5b788 100644
--- a/src/firewall/server/firewalld.py
+++ b/src/firewall/server/firewalld.py
@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
-# Copyright (C) 2010-2012 Red Hat, Inc.
+# Copyright (C) 2010-2014 Red Hat, Inc.
#
# Authors:
# Thomas Woerner <twoerner@redhat.com>
@@ -38,6 +38,7 @@ from firewall.server.decorators import *
from firewall.server.config import FirewallDConfig
from firewall.dbus_utils import dbus_to_python, \
command_of_sender, context_of_sender, uid_of_sender, user_of_uid
+from firewall.core.io.zone import Zone
from firewall.core.io.service import Service
from firewall.core.io.icmptype import IcmpType
from firewall.errors import *
@@ -609,6 +610,16 @@ class FirewallD(slip.dbus.service.Object):
# list functions
@slip.dbus.polkit.require_auth(PK_ACTION_INFO)
+ @dbus_service_method(DBUS_INTERFACE, in_signature='s',
+ out_signature=Zone.DBUS_SIGNATURE)
+ @dbus_handle_exceptions
+ def getZoneSettings(self, zone, sender=None):
+ # returns zone settings for zone
+ zone = dbus_to_python(zone)
+ log.debug1("getZoneSettings(%s)", zone)
+ return self.fw.zone.get_zone(zone).export_config()
+
+ @slip.dbus.polkit.require_auth(PK_ACTION_INFO)
@dbus_service_method(DBUS_INTERFACE, in_signature='',
out_signature='as')
@dbus_handle_exceptions
commit d13b400d2e33c816208a3e71d1241c36cb7b1d64
Author: Thomas Woerner <twoerner@redhat.com>
Date: Tue Feb 11 16:04:31 2014 +0100
fw_config.set_zone_config: Check if zone target is valid
This is for example used in DBUS_INTERFACE_CONFIG_ZONE.update
diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py
index b0d5ca2..86ac5d8 100644
--- a/src/firewall/core/io/zone.py
+++ b/src/firewall/core/io/zone.py
@@ -180,6 +180,9 @@ class Zone(IO_Object):
if fwd_port[3]:
if not checkIP(fwd_port[3]):
raise FirewallError(INVALID_ADDR, fwd_port[3])
+ elif item == "target":
+ if config not in ZONE_TARGETS:
+ raise FirewallError(INVALID_TARGET, config)
def check_name(self, name):
super(Zone, self).check_name(name)