232. SuSEFirewallExpertRules
Prev   Next

232. SuSEFirewallExpertRules

Interface manipulation of /etc/sysconfig/SuSEFirewall (expert rules)

232.1. Summary of Module Globals

List of Global Functions

  • AddNewAcceptRule - Adds a new accept-rule. Possible keys for parameters are "network", "protocol", "dport" and "sport". Needed are "network" and "protocol".

  • GetAllExpertRulesProtocols - Returns list of all protocols accepted by the expert rules.

  • GetListOfAcceptRules - Returns list of rules (maps) describing protocols and ports that are allowed to be accessed from listed hosts. "network" and "protocol" are needed arguments, "dport" and "sport" are optional. Undefined values are returned as empty strings.

  • IsValidNetwork - Function checks the network definition used for firewall expert rules.

  • RemoveAcceptRule - Removes a single expert firewall rule.

  • ValidNetwork - Returns string of valid network definition.

List of Global Variables

    232.2. Global Functions

    232.2.1. AddNewAcceptRule

    Adds a new accept-rule. Possible keys for parameters are "network", "protocol", "dport" and "sport". Needed are "network" and "protocol".

    Function parameters

    • string zone

    • map <string, string> params

    Return value

    • boolean

    Example 68. 

     AddNewAcceptRule (
     "EXT",
     $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22"]
 ) -> true


    232.2.2. GetAllExpertRulesProtocols

    Returns list of all protocols accepted by the expert rules.

    Return value

    • list <string>

    232.2.3. GetListOfAcceptRules

    Returns list of rules (maps) describing protocols and ports that are allowed to be accessed from listed hosts. "network" and "protocol" are needed arguments, "dport" and "sport" are optional. Undefined values are returned as empty strings.

    Function parameters

    • string zone

    Return value

    • list <map <string, string> > - of rules 

    This might return, e.g., [
     // All requests from 80.44.11.22 to TCP port 22
	   $[ "network" : "80.44.11.22",   "protocol" : "tcp", "dport" : "22",  "sport" : ""   ],

     // All requests from network 80.44.11.0/24 to UDP port 53 originating on port 53
	   $[ "network" : "80.44.11.0/24", "protocol" : "udp", "dport" : "53",  "sport" : "53" ],

     // All requests from network 0/0 (everywhere) to TCP port 443
	   $[ "network" : "0/0",           "protocol" : "tcp", "dport" : "443", "sport" : ""   ],
 ]

    Example 69. 

     GetListOfAcceptRules("EXT") -> $[]


    232.2.4. IsValidNetwork

    Function checks the network definition used for firewall expert rules.

    Function parameters

    • string network

    Return value

    • boolean - if it is a valid network definition

    Example 70. 

     IsValidNetwork("192.168.0.1")               -> true
 IsValidNetwork("192.168.0.355")             -> false
 IsValidNetwork("192.168.0.0/24")            -> true
 IsValidNetwork("192.168.0.1/32")            -> true
 IsValidNetwork("192.168.0.1/0")             -> false
 IsValidNetwork("192.168.0.0/255.255.0.0")   -> true
 IsValidNetwork("192.168.0.0/255.255.333.0") -> false
 IsValidNetwork("192.168.0.0/255.255.224.0") -> true
 IsValidNetwork("0/0")                       -> true


    232.2.5. RemoveAcceptRule

    Removes a single expert firewall rule.

    Function parameters

    • string zone

    • map <string, string> params

    Return value

    • boolean

    Example 71. 

     RemoveAcceptRule (
     "EXT",
     $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22"]
 ) -> true


    232.2.6. ValidNetwork

    Returns string of valid network definition.

    Return value

    • string - describing the valid network.

    232.3. Global Variables

    232.4. Module Requirements

    232.4.1. Module Imports

    • IP
    • Netmask
    • SuSEFirewall

    232.4.2. Module Includes

      Prev   Next
      231. SuSEFirewallCMDLine Home 233. SuSEFirewallProposal