global SetModified () -> void

Function sets internal variable, which indicates, that any "firewall settings were modified", to "true"

global GetKnownFirewallZones () -> list <string>

Function returns list of known firewall zones (shortnames)

Return value:

of firewall zones

local GetListOfSuSEFirewallVariables () -> list <string>

Function return list of variables needed for SuSEFirewall's settings.

Return value:

of names of variables

local IncreaseVerbosity () -> void

Local function for increasing the verbosity level.

local DecreaseVerbosity () -> void

Local function for decreasing the verbosity level.

local IsVerbose () -> boolean

Local function returns if other functions should produce verbose output. like popups, reporting errors, etc.

local GetDefaultValue (string variable) -> string

Local function for returning default values (if defined) for sysconfig variables.

Parameters:

variable

local ReadSysconfigSuSEFirewall (list<string> variables) -> void

Local function for reading list of sysconfig variables into internal variables.

Parameters:

variables

local ResetSysconfigSuSEFirewall (list<string> variables) -> void

Local function for reseting list of sysconfig variables in internal variables.

Parameters:

variables

local WriteSysconfigSuSEFirewall (list<string> variables) -> boolean

Local function for writing the list of internal variables into sysconfig. List of variables is list of keys in SETTINGS map, to sync configuration into the disk, use `nil` as the last list item.

Parameters:

variables

local IsSupportedProtocol (string protocol) -> boolean

Local function returns if protocol is supported by firewall. Protocol name must be in upper-cases.

Parameters:

protocol

Return value:

if protocol is supported

local IsKnownZone (string zone) -> boolean

Local function returns if zone (shortname like "EXT") is supported by firewall. Undefined zones are, for sure, unsupported.

Parameters:

zone

Return value:

if zone is known and supported.

local GetZoneConfigurationString (string zone) -> string

Local function returns configuration string used in configuration for zone. For instance "ext" for "EXT" zone.

Parameters:

zone

Return value:

zone configuration string

local GetConfigurationStringZone (string zone_string) -> string

Local function returns zone name (shortname) for configuration string. For instance "EXT" for "ext" zone.

Parameters:

zone_string

Return value:

zone shortname

local GetAllowedServicesForZoneProto (string zone, string protocol) -> list <string>

Function returns list of allowed services for zone and protocol

Parameters:

zone
protocol

Return value:

[string] of allowed services/ports

local SetAllowedServicesForZoneProto (list <string> allowed_services, string zone, string protocol) -> void

Function sets list of services as allowed ports for zone and protocol

Parameters:

allowed_services
zone
protocol

local GetBroadcastConfiguration (string zone) -> string

Local function returns configuration string for broadcast packets.

Parameters:

zone

Return value:

with broadcast configuration

local SetBroadcastConfiguration (string zone, string broadcast_configuration) -> void

Local function saves configuration string for broadcast packets.

Parameters:

zone
broadcast_configuration

global GetBroadcastAllowedPorts () -> map <string, list <string> >

Local function return map of allowed ports (without aliases). If any list for zone is defined but empty, all allowed UDP ports for this zone also accept broadcast packets.

Return value:

[zone, list [of allowed ports] ]

global SetBroadcastAllowedPorts (map <string, list <string> > broadcast) -> void

Function creates allowed-broadcast-ports string from broadcast map and saves it.

Parameters:

broadcast

local IsBroadcastAllowed (list <string> needed_ports, string zone) -> boolean

Function returns if broadcast is allowed for needed ports in zone.

Parameters:

needed_ports
zone

Return value:

if is allowed

local RemoveAllowedBroadcast (list <string> needed_ports, string zone) -> void

Local function removes list of ports from port allowing broadcast packets in zone.

Parameters:

needed_ports
zone

local AddAllowedBroadcast (list <string> needed_ports, string zone) -> void

Local function adds list of ports to ports accepting broadcast

Parameters:

needed_ports
zone

local AddServiceIntoProtocolZone (string add_service, string protocol, string zone) -> boolean

Local function for adding (allowing) single service/port for defined protocol and zone. Function doesn't take care of port-aliases.

Parameters:

add_service
protocol
zone

Return value:

success

local RemoveServiceFromProtocolZone (string remove_service, string protocol, string zone) -> boolean

Local function for removing (disallowing) single service/port for defined protocol and zone. Functions doesn't take care of port-aliases.

Parameters:

remove_service
protocol
zone

Return value:

success

local RemoveAllowedPortsOrServices (list <string> remove_ports, string protocol, string zone, boolean check_for_aliases) -> void

Local function removes ports and their aliases (if check_for_aliases is true), for requested protocol and zone.

Parameters:

remove_ports
protocol
zone
check_for_aliases

local AddAllowedPortsOrServices (list <string> add_ports, string protocol, string zone) -> void

Local function allows ports for requested protocol and zone.

Parameters:

add_ports
protocol
zone

local RemoveServiceSupportFromZone (string service, string zone) -> void

Local function removes well-known service's support from zone. Allowed ports are removed with all of their port-aliases.

Parameters:

service
zone

local AddServiceSupportIntoZone (string service, string zone) -> void

Local function adds well-known service's support into zone. It first of all removes the current support for service with port-aliases.

Parameters:

service
zone

local GetPossiblyConflictServices () -> list <string>

Local function returns conflicting services.

Return value:

of services

local HandleConflictService (string service, string zone, boolean enable) -> void

Local function for handling conflicting services in memory. Makes sense for services which share ports like RPC services.

Parameters:

service
zone
enable

global GetModified () -> boolean

Functions returns if any firewall's configuration was modified or wasn't

Return value:

if the configuration was modified

global ResetReadFlag () -> void

Function resets flag which doesn't allow to read configuration from disk again

global GetZoneFullName (string zone) -> string

Function returns name of the zone identified by zone shortname.

Parameters:

zone

Return value:

zone name

global SetProtectFromInternalZone (boolean set_protect) -> void

Function sets if firewall should be protected from internal zone.

Parameters:

set_protect

global GetProtectFromInternalZone () -> boolean

Function returns if firewall is protected from internal zone

Return value:

if protected from internal

global SetSupportRoute (boolean set_route) -> void

Function sets if firewall should support routing.

Parameters:

set_route

global GetSupportRoute () -> boolean

Function returns if firewall supports routing.

Return value:

if route is supported

global SetTrustIPsecAs (string zone) -> void

Function sets how firewall should trust successfully decrypted IPsec packets. It should be the zone name (shortname) or 'no' to trust packets the same as firewall trusts the zone from which IPsec packet came.

Parameters:

zone

global GetTrustIPsecAs () -> string

Function returns the trust level of IPsec packets. See SetTrustIPsecAs() for more information.

Return value:

zone or "no"

global GetStartService () -> boolean

Function which returns if SuSEfirewall should start in Write process

Return value:

if the firewall should start

global SetStartService (boolean start_service) -> void

Function which sets if SuSEfirewall should start in Write process

Parameters:

start_service

global GetEnableService () -> boolean

Function which returns if SuSEfirewall should start in Write process

Return value:

if the firewall should start

global SetEnableService (boolean enable_service) -> void

Function which sets if SuSEfirewall should start in Write process

Parameters:

enable_service

global StartServices () -> boolean

Functions starts services needed for SuSEFirewall

Return value:

result

global StopServices () -> boolean

Functions stops services needed for SuSEFirewall

Return value:

result

global EnableServices () -> boolean

Functions enables services needed for SuSEFirewall in /etc/inet.d/

Return value:

result

global DisableServices () -> boolean

Functions disables services needed for SuSEFirewall in /etc/inet.d/

Return value:

result

global IsEnabled () -> boolean

Function determines if all SuSEFirewall scripts are enabled in init scripts /etc/init.d/ now. For configuration "enabled" status use GetEnableService().

Return value:

if enabled

global IsStarted () -> boolean

Function determines if at least one SuSEFirewall script is started now. For configuration "started" status use GetStartService().

Return value:

if started

global Export () -> map <string, any>

Function for getting exported SuSEFirewall configuration

Return value:

[string, any] with configuration

global Import (map <string, any> import_settings) -> void

Function for setting SuSEFirewall configuration from input

Parameters:

import_settings

global IsInterfaceInZone (string interface, string zone) -> boolean

Function returns if the interface is in zone

Parameters:

interface
zone

Return value:

is in zone

global GetZoneOfInterface (string interface) -> string

Function returns the firewall zone of interface, nil if no zone includes the interface. Error is reported when interface is found in multiple firewall zones, then the first appearance is returned.

Parameters:

interface

Return value:

zone

global GetZonesOfInterfaces (list<string> interfaces) -> list<string>

Function returns list of zones of requested interfaces

Parameters:

interfaces

global GetAllKnownInterfaces () -> list <map <string, string> >

Function returns list of maps of known interfaces. [ $[ "id":"modem0", "name":"Askey 815C", "type":"dialup", "zone":"EXT" ], ... ]

Return value:

[map [string, string] ]

global GetListOfKnownInterfaces () -> list <string>

Function returns list of all known interfaces.

Return value:

[string] of interfaces

global RemoveInterfaceFromZone (string interface, string zone) -> void

Function removes interface from defined zone.

Parameters:

interface
zone

global AddInterfaceIntoZone (string interface, string zone) -> void

Functions adds interface into defined zone. All appearances of interface in other zones are removed.

Parameters:

interface
zone

global GetInterfacesInZone (string zone) -> list<string>

Function returns list of known interfaces in requested zone. Special strings like 'any' or 'auto' and unknown interfaces are removed from list.

Parameters:

zone

Return value:

[string] of interfaces

global GetFirewallInterfaces () -> list<string>

Function returns all interfaces configured in firewall, already

Return value:

[string] of configured interfaces

global HaveService (string service, string protocol, string interface) -> boolean

Function returns if requested service is allowed in respective zone. Function takes care for service's aliases (only for TCP and UDP).

Parameters:

service
protocol	TCP, UDP, RCP or IP
interface	name (like modem0), firewall zone (like "EXT") or "any" for all zones.

Return value:

if service is allowed

global AddService (string service, string protocol, string interface) -> boolean

Function adds service into selected zone (or zone of interface) for selected protocol. Function take care about port-aliases, first of all, removes all them.

Parameters:

service
protocol
interface

Return value:

success

global RemoveService (string service, string protocol, string interface) -> boolean

Function removes service from selected zone (or for interface) for selected protocol. Function take care about port-aliases, removes all of them.

Parameters:

service
protocol
interface

Return value:

success

local ArePortsOrServicesAllowed (list <string> needed_ports, string protocol, string zone, boolean check_for_aliases) -> boolean

Function returns if needed services are all allowed (or not) in the firewall. Last parameter sets if it also should check for port-aliases, what makes sense for TCP and UDP ports. Protocols and Zones aren't checked for existency. It's on you to do it.

Parameters:

needed_ports
protocol
zone	name like EXT
check_for_aliases

Return value:

if all ports are allowed

global IsServiceSupportedInZone (string service, string zone) -> boolean

Function returns if service is supported (allowed) in zone

Parameters:

service
zone

Return value:

if supported

global GetServicesInZones (list<string> services) -> map <string, map <string, boolean> >

Function returns map of supported services all network interfaces.

Parameters:

services

Return value:

[ service, map [ interface : supported_status ]]

global GetServices (list<string> services) -> map <string, map <string, boolean> >

Function returns map of supported services in all firewall zones.

Parameters:

services

Return value:

[ service, map [ zone_name : supported_status ]]

global SetServicesForZones (list<string> services_ids, list<string> firewall_zones, boolean new_status) -> boolean

Function sets status for several services in several firewall zones.

Parameters:

services_ids
firewall_zones
new_status

Return value:

if successfull

global SetServices (list<string> services_ids, list<string> interfaces, boolean new_status) -> boolean

Function sets status for several services in several network interfaces.

Parameters:

services_ids
interfaces
new_status

Return value:

if successfull

local CheckAllPossiblyConflictingServices () -> void

Local function check is any of possibly conflicting services was turned on in the firewall configuration.

local ReadDefaultConfiguration () -> void

Local function sets the default configuration and fills internal values.

local ReadCurrentConfiguration () -> void

Local function reads current configuration and fills internal values.

global Read () -> boolean

Function for reading SuSEFirewall configuration. Fills internal variables only.

global ActivateConfiguration () -> boolean

Function which stops firewall. Then firewall is started immediately when firewall is wanted to be started: SetStartService(boolean).

Return value:

if successful

global WriteConfiguration () -> boolean

Function writes configuration into /etc/sysconfig/ and enables or disables firewall in /etc/init.d/ by the setting SetEnableService(boolean). This is a write-only configuration, firewall is never started only enabled or disabled.

Return value:

if successful

global WriteOnly () -> boolean

Helper function for the backward compatibility. See WriteConfiguration(). Remove from code ASAP.

global Write () -> boolean

Function for writing and enabling configuration it is an union of WriteConfiguration() and ActivateConfiguration().

Return value:

if succesfull

global SaveAndRestartService () -> boolean

Function for saving configuration and restarting firewall. Is is the same as Write() but write is allways forced.

Return value:

if successful

global GetAdditionalServices (string protocol, string zone) -> list <string>

This powerful function returns list of services/ports which are not assigned to any fully-supported known-services.

Parameters:

protocol
zone

Return value:

[string] of additional (unassigned) services

global SetAdditionalServices (string protocol, string zone, list <string> new_list_services) -> void

Function sets additional ports/services from taken list. Firstly, all additional services are removed also with their aliases. Secondly new ports/protocols are added.

Parameters:

protocol
zone
new_list_services

global IsOtherFirewallRunning () -> boolean

Function returns if any other firewall then SuSEfirewall2 is currently running on the system. It uses command `iptables` to get information about just active iptables rules and compares the output with current status of SuSEfirewall2.

Return value:

if other firewall is running

global GetFirewallInterfacesMap () -> map <string, list <string> >

Function returns map of `interfaces in zones`.

Return value:

[zone : [list of interfaces]]

global GetSpecialInterfacesInZone (string zone) -> list <string>

Function returns list of special strings like 'any' or 'auto' and uknown interfaces.

Parameters:

zone

Return value:

[string] special strings or unknown interfaces

global RemoveSpecialInterfaceFromZone (string interface, string zone) -> void

Function removes special string from defined zone.

Parameters:

interface
zone

global AddSpecialInterfaceIntoZone (string interface, string zone) -> void

Functions adds special string into defined zone.

Parameters:

interface
zone

global GetMasquerade () -> boolean

Function returns actual state of Masquerading support.

Return value:

if supported

global SetMasquerade (boolean enable) -> void

Function sets Masquerade support.

Parameters:

enable

global GetListOfForwardsIntoMasquerade () -> list <map <string, string> >

Function returns list of rules of forwarding ports to masqueraded IPs.

Return value:

[$[ key: value ]]

global RemoveForwardIntoMasqueradeRule (integer remove_item) -> void

Function removes rule for forwarding into masquerade from the list of current rules.

Parameters:

remove_item

global AddForwardIntoMasqueradeRule (string source_net, string forward_to_ip, string protocol, string req_port, string redirect_to_port, string requested_ip) -> void

Adds forward into masquerade rule.

Parameters:

source_net
forward_to_ip
protocol
req_port
redirect_to_port
requested_ip

global GetLoggingSettings (string rule) -> string

Function returns actual state of logging for rule taken as parameter.

Parameters:

rule

Return value:

'ALL', 'CRIT', or 'NONE'

global SetLoggingSettings (string rule, string state) -> void

Function sets state of logging for rule taken as parameter.

Parameters:

rule
state

global GetIgnoreLoggingBroadcast (string zone) -> string

Function returns yes/no - ingoring broadcast for zone

Parameters:

zone

global SetIgnoreLoggingBroadcast (string zone, string bcast) -> void

Function sets yes/no - ingoring broadcast for zone

Parameters:

zone
bcast