Interface manipulation of /etc/sysconfig/SuSEFirewall (expert rules)
List of Global Functions
AddNewAcceptRule - Adds a new accept-rule. Possible keys for parameters are "network", "protocol", "dport" and "sport". Needed are "network" and "protocol".
DeleteRuleID - Deletes Custom Rule defined by the ID of the rule. The ID is an order of list returned by GetListOfAcceptRules(). ID starts at number 0. Every time you delete some rule, the list is, of course, regenerated.
GetAllExpertRulesProtocols - Returns list of all protocols accepted by the expert rules.
GetListOfAcceptRules - Returns list of rules (maps) describing protocols and ports that are allowed to be accessed from listed hosts. "network" and "protocol" are needed arguments, "dport" and "sport" are optional. Undefined values are returned as empty strings.
IsValidNetwork - Function checks the network definition used for firewall expert rules.
RemoveAcceptRule - Removes a single expert firewall rule.
ValidNetwork - Returns string of valid network definition.
List of Global Variables
Adds a new accept-rule. Possible keys for parameters are "network", "protocol", "dport" and "sport". Needed are "network" and "protocol".
Function parameters
string zone
map <string, string> params
Return value
boolean - if successful
Example 128.
AddNewAcceptRule ( "EXT", $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22"] ) -> true
See also:
GetListOfAcceptRules()
RemoveAcceptRule()
Deletes Custom Rule defined by the ID of the rule. The ID is an order of list returned by GetListOfAcceptRules(). ID starts at number 0. Every time you delete some rule, the list is, of course, regenerated.
Function parameters
string zone
integer rule_id
Return value
boolean - if successful
See also:
GetListOfAcceptRules()
Returns list of all protocols accepted by the expert rules.
Return value
list <string> - of protocols
See also:
list <string> allowed_expert_protocols
Returns list of rules (maps) describing protocols and ports that are allowed to be accessed from listed hosts. "network" and "protocol" are needed arguments, "dport" and "sport" are optional. Undefined values are returned as empty strings.
Function parameters
string zone
Return value
list <map <string, string> > - of rules
This might return, e.g., [ // All requests from 80.44.11.22 to TCP port 22 $[ "network" : "80.44.11.22", "protocol" : "tcp", "dport" : "22", "sport" : "" ], // All requests from network 80.44.11.0/24 to UDP port 53 originating on port 53 $[ "network" : "80.44.11.0/24", "protocol" : "udp", "dport" : "53", "sport" : "53" ], // All requests from network 0/0 (everywhere) to TCP port 443 $[ "network" : "0/0", "protocol" : "tcp", "dport" : "443", "sport" : "" ], ]
See also:
IsValidNetwork()
Function checks the network definition used for firewall expert rules.
Function parameters
string network
Return value
boolean - if it is a valid network definition
Example 131.
IsValidNetwork("192.168.0.1") -> true IsValidNetwork("192.168.0.355") -> false IsValidNetwork("192.168.0.0/24") -> true IsValidNetwork("192.168.0.1/32") -> true IsValidNetwork("192.168.0.1/0") -> false IsValidNetwork("192.168.0.0/255.255.0.0") -> true IsValidNetwork("192.168.0.0/255.255.333.0") -> false IsValidNetwork("192.168.0.0/255.255.224.0") -> true IsValidNetwork("0/0") -> true
See also:
`man iptables`
Removes a single expert firewall rule.
Function parameters
string zone
map <string, string> params
Return value
boolean - if successful
Example 132.
RemoveAcceptRule ( "EXT", $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22"] ) -> true
See also:
GetListOfAcceptRules() for possible keys in map
AddNewAcceptRule()