SuSEFirewall configuration |
modules/SuSEFirewall.ycp |
| Interface manipulation of /etc/sysconfig/SuSEFirewall | |
|
Function sets internal variable, which indicates, that any "firewall settings were modified", to "true"
Function returns list of known firewall zones (shortnames)
- Return value:
-
of firewall zones
Function return list of variables needed for SuSEFirewall's settings.
- Return value:
-
of names of variables
Local function for increasing the verbosity level.
Local function for decreasing the verbosity level.
Local function returns if other functions should produce verbose output. like popups, reporting errors, etc.
Local function for returning default values (if defined) for sysconfig variables.
- Parameters:
-
variable
Local function for reading list of sysconfig variables into internal variables.
- Parameters:
-
variables
Local function for reseting list of sysconfig variables in internal variables.
- Parameters:
-
variables
Local function for writing the list of internal variables into sysconfig. List of variables is list of keys in SETTINGS map, to sync configuration into the disk, use `nil` as the last list item.
- Parameters:
-
variables
Local function returns if protocol is supported by firewall. Protocol name must be in upper-cases.
- Parameters:
-
protocol
- Return value:
-
if protocol is supported
Local function returns if zone (shortname like "EXT") is supported by firewall. Undefined zones are, for sure, unsupported.
- Parameters:
-
zone
- Return value:
-
if zone is known and supported.
Local function returns configuration string used in configuration for zone. For instance "ext" for "EXT" zone.
- Parameters:
-
zone
- Return value:
-
zone configuration string
Local function returns zone name (shortname) for configuration string. For instance "EXT" for "ext" zone.
- Parameters:
-
zone_string
- Return value:
-
zone shortname
Function returns list of allowed services for zone and protocol
- Parameters:
-
zone protocol
- Return value:
-
[string] of allowed services/ports
Function sets list of services as allowed ports for zone and protocol
- Parameters:
-
allowed_services zone protocol
Local function returns configuration string for broadcast packets.
- Parameters:
-
zone
- Return value:
-
with broadcast configuration
Local function saves configuration string for broadcast packets.
- Parameters:
-
zone broadcast_configuration
Local function return map of allowed ports (without aliases). If any list for zone is defined but empty, all allowed UDP ports for this zone also accept broadcast packets.
- Return value:
-
[zone, list [of allowed ports] ]
Function creates allowed-broadcast-ports string from broadcast map and saves it.
- Parameters:
-
broadcast
Function returns if broadcast is allowed for needed ports in zone.
- Parameters:
-
needed_ports zone
- Return value:
-
if is allowed
Local function removes list of ports from port allowing broadcast packets in zone.
- Parameters:
-
needed_ports zone
Local function adds list of ports to ports accepting broadcast
- Parameters:
-
needed_ports zone
Local function for adding (allowing) single service/port for defined protocol and zone. Function doesn't take care of port-aliases.
- Parameters:
-
add_service protocol zone
- Return value:
-
success
Local function for removing (disallowing) single service/port for defined protocol and zone. Functions doesn't take care of port-aliases.
- Parameters:
-
remove_service protocol zone
- Return value:
-
success
Local function removes ports and their aliases (if check_for_aliases is true), for requested protocol and zone.
- Parameters:
-
remove_ports protocol zone check_for_aliases
Local function allows ports for requested protocol and zone.
- Parameters:
-
add_ports protocol zone
Local function removes well-known service's support from zone. Allowed ports are removed with all of their port-aliases.
- Parameters:
-
service zone
Local function adds well-known service's support into zone. It first of all removes the current support for service with port-aliases.
- Parameters:
-
service zone
Local function returns conflicting services.
- Return value:
-
of services
Local function for handling conflicting services in memory. Makes sense for services which share ports like RPC services.
- Parameters:
-
service zone enable
Functions returns if any firewall's configuration was modified or wasn't
- Return value:
-
if the configuration was modified
Function resets flag which doesn't allow to read configuration from disk again
Function returns name of the zone identified by zone shortname.
- Parameters:
-
zone
- Return value:
-
zone name
Function sets if firewall should be protected from internal zone.
- Parameters:
-
set_protect
Function returns if firewall is protected from internal zone
- Return value:
-
if protected from internal
Function sets if firewall should support routing.
- Parameters:
-
set_route
Function returns if firewall supports routing.
- Return value:
-
if route is supported
Function sets how firewall should trust successfully decrypted IPsec packets. It should be the zone name (shortname) or 'no' to trust packets the same as firewall trusts the zone from which IPsec packet came.
- Parameters:
-
zone
Function returns the trust level of IPsec packets. See SetTrustIPsecAs() for more information.
- Return value:
-
zone or "no"
Function which returns if SuSEfirewall should start in Write process
- Return value:
-
if the firewall should start
Function which sets if SuSEfirewall should start in Write process
- Parameters:
-
start_service
Function which returns if SuSEfirewall should start in Write process
- Return value:
-
if the firewall should start
Function which sets if SuSEfirewall should start in Write process
- Parameters:
-
enable_service
Functions starts services needed for SuSEFirewall
- Return value:
-
result
Functions stops services needed for SuSEFirewall
- Return value:
-
result
Functions enables services needed for SuSEFirewall in /etc/inet.d/
- Return value:
-
result
Functions disables services needed for SuSEFirewall in /etc/inet.d/
- Return value:
-
result
Function determines if all SuSEFirewall scripts are enabled in init scripts /etc/init.d/ now. For configuration "enabled" status use GetEnableService().
- Return value:
-
if enabled
Function determines if at least one SuSEFirewall script is started now. For configuration "started" status use GetStartService().
- Return value:
-
if started
Function for getting exported SuSEFirewall configuration
- Return value:
-
[string, any] with configuration
Function for setting SuSEFirewall configuration from input
- Parameters:
-
import_settings
Function returns if the interface is in zone
- Parameters:
-
interface zone
- Return value:
-
is in zone
Function returns the firewall zone of interface, nil if no zone includes the interface. Error is reported when interface is found in multiple firewall zones, then the first appearance is returned.
- Parameters:
-
interface
- Return value:
-
zone
Function returns list of zones of requested interfaces
- Parameters:
-
interfaces
Function returns list of maps of known interfaces. [ $[ "id":"modem0", "name":"Askey 815C", "type":"dialup", "zone":"EXT" ], ... ]
- Return value:
-
[map [string, string] ]
Function returns list of all known interfaces.
- Return value:
-
[string] of interfaces
Function removes interface from defined zone.
- Parameters:
-
interface zone
Functions adds interface into defined zone. All appearances of interface in other zones are removed.
- Parameters:
-
interface zone
Function returns list of known interfaces in requested zone. Special strings like 'any' or 'auto' and unknown interfaces are removed from list.
- Parameters:
-
zone
- Return value:
-
[string] of interfaces
Function returns all interfaces configured in firewall, already
- Return value:
-
[string] of configured interfaces
Function returns if requested service is allowed in respective zone. Function takes care for service's aliases (only for TCP and UDP).
- Parameters:
-
service protocol TCP, UDP, RCP or IP interface name (like modem0), firewall zone (like "EXT") or "any" for all zones.
- Return value:
-
if service is allowed
Function adds service into selected zone (or zone of interface) for selected protocol. Function take care about port-aliases, first of all, removes all them.
- Parameters:
-
service protocol interface
- Return value:
-
success
Function removes service from selected zone (or for interface) for selected protocol. Function take care about port-aliases, removes all of them.
- Parameters:
-
service protocol interface
- Return value:
-
success
Function returns if needed services are all allowed (or not) in the firewall. Last parameter sets if it also should check for port-aliases, what makes sense for TCP and UDP ports. Protocols and Zones aren't checked for existency. It's on you to do it.
- Parameters:
-
needed_ports protocol zone name like EXT check_for_aliases
- Return value:
-
if all ports are allowed
Function returns if service is supported (allowed) in zone
- Parameters:
-
service zone
- Return value:
-
if supported
Function returns map of supported services all network interfaces.
- Parameters:
-
services
- Return value:
-
[ service, map [ interface : supported_status ]]
Function returns map of supported services in all firewall zones.
- Parameters:
-
services
- Return value:
-
[ service, map [ zone_name : supported_status ]]
Function sets status for several services in several firewall zones.
- Parameters:
-
services_ids firewall_zones new_status
- Return value:
-
if successfull
Function sets status for several services in several network interfaces.
- Parameters:
-
services_ids interfaces new_status
- Return value:
-
if successfull
Local function check is any of possibly conflicting services was turned on in the firewall configuration.
Local function sets the default configuration and fills internal values.
Local function reads current configuration and fills internal values.
Function for reading SuSEFirewall configuration. Fills internal variables only.
Function which stops firewall. Then firewall is started immediately when firewall is wanted to be started: SetStartService(boolean).
- Return value:
-
if successful
Function writes configuration into /etc/sysconfig/ and enables or disables firewall in /etc/init.d/ by the setting SetEnableService(boolean). This is a write-only configuration, firewall is never started only enabled or disabled.
- Return value:
-
if successful
Helper function for the backward compatibility. See WriteConfiguration(). Remove from code ASAP.
Function for writing and enabling configuration it is an union of WriteConfiguration() and ActivateConfiguration().
- Return value:
-
if succesfull
Function for saving configuration and restarting firewall. Is is the same as Write() but write is allways forced.
- Return value:
-
if successful
This powerful function returns list of services/ports which are not assigned to any fully-supported known-services.
- Parameters:
-
protocol zone
- Return value:
-
[string] of additional (unassigned) services
Function sets additional ports/services from taken list. Firstly, all additional services are removed also with their aliases. Secondly new ports/protocols are added.
- Parameters:
-
protocol zone new_list_services
Function returns if any other firewall then SuSEfirewall2 is currently running on the system. It uses command `iptables` to get information about just active iptables rules and compares the output with current status of SuSEfirewall2.
- Return value:
-
if other firewall is running
Function returns map of `interfaces in zones`.
- Return value:
-
[zone : [list of interfaces]]
Function returns list of special strings like 'any' or 'auto' and uknown interfaces.
- Parameters:
-
zone
- Return value:
-
[string] special strings or unknown interfaces
Function removes special string from defined zone.
- Parameters:
-
interface zone
Functions adds special string into defined zone.
- Parameters:
-
interface zone
Function returns actual state of Masquerading support.
- Return value:
-
if supported
Function sets Masquerade support.
- Parameters:
-
enable
Function returns list of rules of forwarding ports to masqueraded IPs.
- Return value:
-
[$[ key: value ]]
Function removes rule for forwarding into masquerade from the list of current rules.
- Parameters:
-
remove_item
Adds forward into masquerade rule.
- Parameters:
-
source_net forward_to_ip protocol req_port redirect_to_port requested_ip
Function returns actual state of logging for rule taken as parameter.
- Parameters:
-
rule
- Return value:
-
'ALL', 'CRIT', or 'NONE'
Function sets state of logging for rule taken as parameter.
- Parameters:
-
rule state
Function returns yes/no - ingoring broadcast for zone
- Parameters:
-
zone
Function sets yes/no - ingoring broadcast for zone
- Parameters:
-
zone bcast