265. SuSEFirewallServices

Definition of Supported Firewall Services and Port Aliases.

265.1. Authors

Lukas Ocilka <locilka@suse.cz>

265.2. Summary of Module Globals

List of Global Functions

GetFilenameFromServiceDefinedByPackage - Creates a file name from service name defined by package. Service MUST be defined by package, otherwise it returns 'nil'.
GetListOfServicesAddedByPackage - Returns list of service-ids defined by packages.
GetModified - Returns whether configuration was modified
GetNeededBroadcastPorts - Function returns needed ports allowing broadcast
GetNeededIPProtocols - Function returns needed IP protocols for service
GetNeededPortsAndProtocols - Function returns needed ports and protocols for service. Function cares about if the service is defined or not.
GetNeededRPCPorts - Function returns needed RPC ports for service
GetNeededTCPPorts - Function returns needed TCP ports for service
GetNeededUDPPorts - Function returns needed UDP ports for service
GetPossiblyConflictServices - Function returns list of possibly conflicting services. Conflicting services are for instance nis-client and nis-server. DEPRECATED - we currently don't have such services - services are defined by packages.
GetSupportedServices - Function returns the map of supported (known) services.
IsKnownService - Function returns if the service_id is a known (defined) service
ReadServicesDefinedByRPMPackages - Reads definition of services that can be used in FW_CONFIGURATIONS_[EXT|INT|DMZ] in SuSEfirewall2.
ResetModified - Sets that configuration was not modified
ServiceDefinedByPackage - Returns whether the service ID is defined by package. Returns 'false' if it isn't.
SetModified - Sets that configuration was modified
SetNeededPortsAndProtocols - Immediately writes the configuration of service defined by package to the service definition file. Service must be defined by package, this function doesn't work for hard-coded services (SuSEFirewallServices).

List of Global Variables

265.3. Global Functions

265.3.1. GetFilenameFromServiceDefinedByPackage

Creates a file name from service name defined by package. Service MUST be defined by package, otherwise it returns 'nil'.

Function parameters

string service

Return value

string - file name (e.g., 'abc')

Example 133.

	GetFilenameFromServiceDefinedByPackage ("service:abc") -> "abc"
	GetFilenameFromServiceDefinedByPackage ("abc") -> nil

265.3.2. GetListOfServicesAddedByPackage

Returns list of service-ids defined by packages.

Return value

list <string> - service ids

265.3.3. GetModified

Returns whether configuration was modified

Return value

boolean - modified

265.3.4. GetNeededBroadcastPorts

Function returns needed ports allowing broadcast

Function parameters

string service

Return value

list <string> - of needed broadcast ports

265.3.5. GetNeededIPProtocols

Function returns needed IP protocols for service

Function parameters

string service

Return value

list <string> - of needed IP protocols

265.3.6. GetNeededPortsAndProtocols

Function returns needed ports and protocols for service. Function cares about if the service is defined or not.

Function parameters

string service

Return value

map <string, list <string> > - of needed ports and protocols

Example 134.

	GetNeededPortsAndProtocols ("service:aaa") -> $[
		"tcp_ports"       : [ "122", "ftp-data" ],
		"udp_ports"       : [ "427" ],
		"rpc_ports"       : [ "portmap", "ypbind" ],
		"ip_protocols"    : [],
		"broadcast_ports" : [ "427" ],
	];

265.3.7. GetNeededRPCPorts

Function returns needed RPC ports for service

Function parameters

string service

Return value

list <string> - of needed RPC ports

265.3.8. GetNeededTCPPorts

Function returns needed TCP ports for service

Function parameters

string service

Return value

list <string> - of needed TCP ports

265.3.9. GetNeededUDPPorts

Function returns needed UDP ports for service

Function parameters

string service

Return value

list <string> - of needed UDP ports

265.3.10. GetPossiblyConflictServices

Function returns list of possibly conflicting services. Conflicting services are for instance nis-client and nis-server. DEPRECATED - we currently don't have such services - services are defined by packages.

Return value

list <string> - of conflicting services

265.3.11. GetSupportedServices

Function returns the map of supported (known) services.

Return value

map <string, string> - supported services

	$[ service_id : localized_service_name ]
	$[
	  "dns-server" : "DNS Server",
    "vnc" : "Remote Administration",
  ]

265.3.12. IsKnownService

Function returns if the service_id is a known (defined) service

Function parameters

string service_id

Return value

boolean - if is known (defined)

265.3.13. ReadServicesDefinedByRPMPackages

Reads definition of services that can be used in FW_CONFIGURATIONS_[EXT|INT|DMZ] in SuSEfirewall2.

Return value

boolean - if successful

265.3.14. ResetModified

Sets that configuration was not modified

Return value

void

265.3.15. ServiceDefinedByPackage

Returns whether the service ID is defined by package. Returns 'false' if it isn't.

Function parameters

string service

Return value

boolean - whether service is defined by package

Example 135.

	ServiceDefinedByPackage ("http-server") -> false
	ServiceDefinedByPackage ("service:http-server") -> true

265.3.16. SetModified

Sets that configuration was modified

Return value

void

265.3.17. SetNeededPortsAndProtocols

Immediately writes the configuration of service defined by package to the service definition file. Service must be defined by package, this function doesn't work for hard-coded services (SuSEFirewallServices).

Function parameters

string service
map <string, list <string> > store_definition

Return value

boolean - if successful (nil in case of developer's mistake)

Example 136.

	SetNeededPortsAndProtocols (
		"service:something",
		$[
			"tcp_ports"       : [ "22", "ftp-data", "400:420" ],
			"udp_ports"       : [ ],
			"rpc_ports"       : [ "portmap", "ypbind" ],
			"ip_protocols"    : [ "esp" ],
			"broadcast_ports" : [ ],
		]
	);