Interface manipulation of /etc/sysconfig/SuSEFirewall
List of Global Functions
ActivateConfiguration - Function which stops firewall. Then firewall is started immediately when firewall is wanted to be started: SetStartService(boolean).
AddForwardIntoMasqueradeRule - Adds forward into masquerade rule.
AddInterfaceIntoZone - Functions adds interface into defined zone. All appearances of interface in other zones are removed.
AddService - Function adds service into selected zone (or zone of interface) for selected protocol. Function take care about port-aliases, first of all, removes all of them.
AddSpecialInterfaceIntoZone - Functions adds special string into defined zone.
AddXenSupport - Function adds a special interface into the FW_FORWARD_ALWAYS_INOUT_DEV variable
DisableServices - Functions disables services needed for SuSEFirewall in /etc/inet.d/
EnableServices - Functions enables services needed for SuSEFirewall in /etc/inet.d/
Export - Function for getting exported SuSEFirewall configuration
GetAdditionalServices - This powerful function returns list of services/ports which are not assigned to any fully-supported known-services.
GetAllDialUpInterfaces - Function returns list of dial-up interfaces.
GetAllKnownInterfaces - Function returns list of maps of known interfaces.
GetAllNonDialUpInterfaces - Function returns list of non-dial-up interfaces.
GetBroadcastAllowedPorts - Local function return map of allowed ports (without aliases). If any list for zone is defined but empty, all allowed UDP ports for this zone also accept broadcast packets.
GetEnableService - Function which returns whether SuSEfirewall should be enabled in /etc/init.d/ starting scripts during the Write() process
GetFirewallInterfaces - Function returns all interfaces configured in firewall, already
GetFirewallInterfacesMap - Function returns map of `interfaces in zones`.
GetIgnoreLoggingBroadcast - Function returns yes/no - ingoring broadcast for zone
GetInterfacesInZone - Function returns list of known interfaces in requested zone. Special strings like 'any' or 'auto' and unknown interfaces are removed from list.
GetInterfacesInZoneSupportingAnyFeature - Function returns list of known interfaces in requested zone. Special string 'any' in EXT zone covers all interfaces without any zone assignment.
GetKnownFirewallZones - Function returns list of known firewall zones (shortnames)
GetListOfForwardsIntoMasquerade - Function returns list of rules of forwarding ports to masqueraded IPs.
GetListOfKnownInterfaces - Function returns list of all known interfaces.
GetLoggingSettings - Function returns actual state of logging for rule taken as parameter.
GetMasquerade - Function returns actual state of Masquerading support.
GetModified - Functions returns if any firewall's configuration was modified or wasn't
GetProtectFromInternalZone - Function returns if firewall is protected from internal zone
GetServices - Function returns map of supported services in all firewall zones.
GetServicesInZones - Function returns map of supported services all network interfaces.
GetSpecialInterfacesInZone - Function returns list of special strings like 'any' or 'auto' and uknown interfaces.
GetStartService - Function which returns if SuSEfirewall should start in Write process
GetSupportRoute - Function returns if firewall supports routing.
GetTrustIPsecAs - Function returns the trust level of IPsec packets. See SetTrustIPsecAs() for more information.
GetZoneFullName - Function returns name of the zone identified by zone shortname.
GetZoneOfInterface - Function returns the firewall zone of interface, nil if no zone includes the interface. Error is reported when interface is found in multiple firewall zones, then the first appearance is returned.
GetZonesOfInterfaces - Function returns list of zones of requested interfaces
GetZonesOfInterfacesWithAnyFeatureSupported - Function returns list of zones of requested interfaces. Special string 'any' in 'EXT' zone is supported.
HaveService - Function returns if requested service is allowed in respective zone. Function takes care for service's aliases (only for TCP and UDP).
Import - Function for setting SuSEFirewall configuration from input
InterfacesSupportedByAnyFeature - Returns list of interfaces not mentioned in any zone and covered by the special string 'any' in zone 'EXT' if such string exists there and the zone is EXT.
IsAnyNetworkInterfaceSupported - Function returns whether the feature 'any' network interface is supported in the firewall configuration. The string 'any' must be in the 'EXT' zone.
IsEnabled - Function determines if all SuSEFirewall scripts are enabled in init scripts /etc/init.d/ now. For configuration "enabled" status use GetEnableService().
IsInterfaceInZone - Function returns if the interface is in zone.
IsOtherFirewallRunning - Function returns if any other firewall then SuSEfirewall2 is currently running on the system. It uses command `iptables` to get information about just active iptables rules and compares the output with current status of SuSEfirewall2.
IsServiceSupportedInZone - Function returns if service is supported (allowed) in zone. Service must be defined in the SuSEFirewallServices.
IsStarted - Function determines if at least one SuSEFirewall script is started now. For configuration "started" status use GetStartService().
Read - Function for reading SuSEFirewall configuration. Fills internal variables only.
RemoveForwardIntoMasqueradeRule - Function removes rule for forwarding into masquerade from the list of current rules.
RemoveInterfaceFromZone - Function removes interface from defined zone.
RemoveService - Function removes service from selected zone (or for interface) for selected protocol. Function take care about port-aliases, removes all of them.
RemoveSpecialInterfaceFromZone - Function removes special string from defined zone.
ResetReadFlag - Function resets flag which doesn't allow to read configuration from disk again
SaveAndRestartService - Function for saving configuration and restarting firewall. Is is the same as Write() but write is allways forced.
SetAdditionalServices - Function sets additional ports/services from taken list. Firstly, all additional services are removed also with their aliases. Secondly new ports/protocols are added.
SetBroadcastAllowedPorts - Function creates allowed-broadcast-ports string from broadcast map and saves it.
SetEnableService - Function which sets if SuSEfirewall should start in Write process
SetIgnoreLoggingBroadcast - Function sets yes/no - ingoring broadcast for zone
SetLoggingSettings - Function sets state of logging for rule taken as parameter.
SetMasquerade - Function sets Masquerade support.
SetModified - Function sets internal variable, which indicates, that any "firewall settings were modified", to "true"
SetProtectFromInternalZone - Function sets if firewall should be protected from internal zone.
SetServices - Function sets status for several services in several network interfaces.
SetServicesForZones - Function sets status for several services in several firewall zones.
SetStartService - Function which sets if SuSEfirewall should start in Write process
SetSupportRoute - Function sets if firewall should support routing.
SetTrustIPsecAs - Function sets how firewall should trust successfully decrypted IPsec packets. It should be the zone name (shortname) or 'no' to trust packets the same as firewall trusts the zone from which IPsec packet came.
StartServices - Functions starts services needed for SuSEFirewall
StopServices - Functions stops services needed for SuSEFirewall
Write - Function for writing and enabling configuration it is an union of WriteConfiguration() and ActivateConfiguration().
WriteConfiguration - Function writes configuration into /etc/sysconfig/ and enables or disables firewall in /etc/init.d/ by the setting SetEnableService(boolean). This is a write-only configuration, firewall is never started only enabled or disabled.
WriteOnly - Helper function for the backward compatibility. See WriteConfiguration(). Remove from code ASAP.
List of Global Variables
max_port_number - Maximal number of port number, they are in the interval 1-65535 included
special_all_interface_string - String which includes all interfaces not-defined in any zone
special_all_interface_zone - Zone which works with the special_all_interface_string string
Function which stops firewall. Then firewall is started immediately when firewall is wanted to be started: SetStartService(boolean).
Return value
boolean - if successful
Adds forward into masquerade rule.
Function parameters
string source_net
string forward_to_ip
string protocol
string req_port
string redirect_to_port
string requested_ip
Return value
void
Functions adds interface into defined zone. All appearances of interface in other zones are removed.
Function parameters
string interface
string zone
Return value
void
Function adds service into selected zone (or zone of interface) for selected protocol. Function take care about port-aliases, first of all, removes all of them.
Function parameters
string service
string protocol
string interface
Return value
boolean - success
Functions adds special string into defined zone.
Function parameters
string interface
string zone
Return value
void
Function adds a special interface into the FW_FORWARD_ALWAYS_INOUT_DEV variable
Return value
void
Functions disables services needed for SuSEFirewall in /etc/inet.d/
Return value
boolean - result
Functions enables services needed for SuSEFirewall in /etc/inet.d/
Return value
boolean - result
Function for getting exported SuSEFirewall configuration
Return value
map <string, any> - with configuration
This powerful function returns list of services/ports which are not assigned to any fully-supported known-services.
Function parameters
string protocol
string zone
Return value
list <string> - of additional (unassigned) services
Function returns list of dial-up interfaces.
Return value
list <string> - of dial-up interface names
Function returns list of maps of known interfaces.
Return value
list <map <string, string> >
[ $[ "id":"modem0", "name":"Askey 815C", "type":"dialup", "zone":"EXT" ], ... ]
Function returns list of non-dial-up interfaces.
Return value
list <string> - of non-dial-up interface names
Local function return map of allowed ports (without aliases). If any list for zone is defined but empty, all allowed UDP ports for this zone also accept broadcast packets.
Return value
map <string, list <string> > - <zone, list <string> > strings are allowed ports or port ranges
Function which returns whether SuSEfirewall should be enabled in /etc/init.d/ starting scripts during the Write() process
Return value
boolean - if the firewall should start
Function returns all interfaces configured in firewall, already
Return value
list<string> - of configured interfaces
Function returns map of `interfaces in zones`.
Return value
map <string, list <string> >
map $[zone : [list of interfaces]]
Function returns yes/no - ingoring broadcast for zone
Function parameters
string zone
Return value
string
Function returns list of known interfaces in requested zone. Special strings like 'any' or 'auto' and unknown interfaces are removed from list.
Function parameters
string zone
Return value
list<string> - of interfaces
Function returns list of known interfaces in requested zone. Special string 'any' in EXT zone covers all interfaces without any zone assignment.
Function parameters
string zone
Return value
list<string> - of interfaces
Function returns list of known firewall zones (shortnames)
Return value
list <string> - of firewall zones
Function returns list of rules of forwarding ports to masqueraded IPs.
Return value
list <map <string, string> >
list [$[ key: value ]]
Function returns list of all known interfaces.
Return value
list <string> - of interfaces
Function returns actual state of logging for rule taken as parameter.
Function parameters
string rule
Return value
string - 'ALL', 'CRIT', or 'NONE'
Function returns actual state of Masquerading support.
Return value
boolean - if supported
Functions returns if any firewall's configuration was modified or wasn't
Return value
boolean - if the configuration was modified
Function returns if firewall is protected from internal zone
Return value
boolean - if protected from internal
Function returns map of supported services in all firewall zones.
Function parameters
list<string> services
Return value
map <string, map <string, boolean> > - <string, map < string : boolean> >
Returns $[service : $[ zone_name : supported_status]]
Function returns map of supported services all network interfaces.
Function parameters
list<string> services
Return value
map <string, map <string, boolean> > - <string, map < string : boolean > >
Returns $[service : $[ interface : supported_status ]]
Function returns list of special strings like 'any' or 'auto' and uknown interfaces.
Function parameters
string zone
Return value
list <string> - special strings or unknown interfaces
Function which returns if SuSEfirewall should start in Write process
Return value
boolean - if the firewall should start
Function returns if firewall supports routing.
Return value
boolean - if route is supported
Function returns the trust level of IPsec packets. See SetTrustIPsecAs() for more information.
Return value
string - zone or "no"
Function returns name of the zone identified by zone shortname.
Function parameters
string zone
Return value
string - zone name
Function returns the firewall zone of interface, nil if no zone includes the interface. Error is reported when interface is found in multiple firewall zones, then the first appearance is returned.
Function parameters
string interface
Return value
string - zone
Function returns list of zones of requested interfaces
Function parameters
list<string> interfaces
Return value
list<string>
Function returns list of zones of requested interfaces. Special string 'any' in 'EXT' zone is supported.
Function parameters
list<string> interfaces
Return value
list<string>
Function returns if requested service is allowed in respective zone. Function takes care for service's aliases (only for TCP and UDP).
Function parameters
string service
string protocol
string interface
Return value
boolean - if service is allowed
Function for setting SuSEFirewall configuration from input
Function parameters
map <string, any> import_settings
Return value
void
Returns list of interfaces not mentioned in any zone and covered by the special string 'any' in zone 'EXT' if such string exists there and the zone is EXT.
Function parameters
string zone
Return value
list<string> - of interfaces covered by special string 'any'
Function returns whether the feature 'any' network interface is supported in the firewall configuration. The string 'any' must be in the 'EXT' zone.
Return value
boolean - is_supported whether the feature is supported or not
Function determines if all SuSEFirewall scripts are enabled in init scripts /etc/init.d/ now. For configuration "enabled" status use GetEnableService().
Return value
boolean - if enabled
Function returns if the interface is in zone.
Function parameters
string interface
string zone
Return value
boolean - is in zone
Function returns if any other firewall then SuSEfirewall2 is currently running on the system. It uses command `iptables` to get information about just active iptables rules and compares the output with current status of SuSEfirewall2.
Return value
boolean - if other firewall is running
Function returns if service is supported (allowed) in zone. Service must be defined in the SuSEFirewallServices.
Function parameters
string service
string zone
Return value
boolean - if supported
Function determines if at least one SuSEFirewall script is started now. For configuration "started" status use GetStartService().
Return value
boolean - if started
Function for reading SuSEFirewall configuration. Fills internal variables only.
Return value
boolean
Function removes rule for forwarding into masquerade from the list of current rules.
Function parameters
integer remove_item
Return value
void
Function removes interface from defined zone.
Function parameters
string interface
string zone
Return value
void
Function removes service from selected zone (or for interface) for selected protocol. Function take care about port-aliases, removes all of them.
Function parameters
string service
string protocol
string interface
Return value
boolean - success
Function removes special string from defined zone.
Function parameters
string interface
string zone
Return value
void
Function resets flag which doesn't allow to read configuration from disk again
Return value
void
Function for saving configuration and restarting firewall. Is is the same as Write() but write is allways forced.
Return value
boolean - if successful
Function sets additional ports/services from taken list. Firstly, all additional services are removed also with their aliases. Secondly new ports/protocols are added.
Function parameters
string protocol
string zone
list <string> new_list_services
Return value
void
Function creates allowed-broadcast-ports string from broadcast map and saves it.
Function parameters
map <string, list <string> > broadcast
Return value
void
Function which sets if SuSEfirewall should start in Write process
Function parameters
boolean enable_service
Return value
void
Function sets yes/no - ingoring broadcast for zone
Function parameters
string zone
string bcast
Return value
void
Function sets state of logging for rule taken as parameter.
Function parameters
string rule
string state
Return value
void
Function sets Masquerade support.
Function parameters
boolean enable
Return value
void
Function sets internal variable, which indicates, that any "firewall settings were modified", to "true"
Return value
void
Function sets if firewall should be protected from internal zone.
Function parameters
boolean set_protect
Return value
void
Function sets status for several services in several network interfaces.
Function parameters
list<string> services_ids
list<string> interfaces
boolean new_status
Return value
boolean - if successfull
Function sets status for several services in several firewall zones.
Function parameters
list<string> services_ids
list<string> firewall_zones
boolean new_status
Return value
boolean - if successfull
Function which sets if SuSEfirewall should start in Write process
Function parameters
boolean start_service
Return value
void
Function sets if firewall should support routing.
Function parameters
boolean set_route
Return value
void
Function sets how firewall should trust successfully decrypted IPsec packets. It should be the zone name (shortname) or 'no' to trust packets the same as firewall trusts the zone from which IPsec packet came.
Function parameters
string zone
Return value
void
Functions starts services needed for SuSEFirewall
Return value
boolean - result
Function for writing and enabling configuration it is an union of WriteConfiguration() and ActivateConfiguration().
Return value
boolean - if succesfull
Function writes configuration into /etc/sysconfig/ and enables or disables firewall in /etc/init.d/ by the setting SetEnableService(boolean). This is a write-only configuration, firewall is never started only enabled or disabled.
Return value
boolean - if successful