Subclass of LMI_FirewalldRule
Firewalld Rich Rules allow more complex firewall rules to be created. The Rich Rules extends the zone configuration rules with additional source and destination addresses, logging, actions and limits for the logs and actions.
Each Rich Rule can be extended by associating (via LMI_FirewalldRuleComponent) instances of following classes: LMI_FirewalldLogAction, LMI_FirewalldPort, LMI_FirewalldICMPType, LMI_FirewalldForwardPort, and LMI_FirewalldService. Use AddRuleComponent method to add rule to the Rich Rule.
string DestinationAddress
DestinationAddress can be used to manage the packets based on its destination address. Source address can be either IPv4/IPv6 address, or network address in which case the DestinationAddressPrefix might be specified.
boolean DestinationAddressInvert
If the DestinationAddressInvert property is true, the destination address will be inverted, meaning that all but used address with match.
uint16 Family
Family can be used to limit the Rich Rule to IPv4 or IPv6 only. If the source or destination addresses are used, then the family must be provided. This is also the case for port/packet forwarding.
ValueMap Values 0 IPv4 1 IPv6 2 Both
uint16 DestinationAddressPrefix
When DestinationAddress is network address this property can be use to specify the network address prefix.
boolean SourceAddressInvert
If the SourceAddressInvert property is true, the source address will be inverted, meaning that all but used address with match.
string RejectType
When Action is Reject the reject type can be specified in this property. For valid reject types see –reject-with type in iptables-extensions(8) man page. Because the reject types are different for IPv4 and IPv6 you have to specify rule family when using reject type.
uint16 Action
Action determines how will be the incoming packet handled. With Accept all new connection attempts will be granted. With Reject they will not be accepted and there source will get a reject message. The reject type can be set to use an other value using RejectType property. With Drop all packets will be dropped immediately, there is no information sent to the source.
ValueMap Values 0 No Target 1 Accept 2 Reject 3 Drop
boolean Masquarade
This property turns on masquerading in the rule. A source address can be provided to limit masquerading to this area, but not a destination address.
string SourceAddress
SourceAddress can be used to manage the packets based on its source address. Source address can be either IPv4/IPv6 address, or network address in which case the SourceAddressPrefix might be specified.
uint16 SourceAddressPrefix
When SourceAddress is network address this property can be use to specify the network address prefix.
uint32 AddPort (uint16 Port, uint16 Protocol, LMI_FirewalldPort FirewalldPort)
Manage the traffic on given port and protocol. Range of ports can be managed by setting PortRangeEnd property of LMI_FirewalldPort instance returned from this method.
Parameters
- IN uint16 Port
- Port to be allowed in given Rich Rule
- IN uint16 Protocol
Manage traffic using given protocol
ValueMap Values 1 TCP 2 UDP - OUT LMI_FirewalldPort FirewalldPort
- Instance of LMI_FirewalldPort class that represents that given port (or range of ports) is managed by the Rich Rule.
uint32 AddForwardPort (uint16 Port, uint16 Protocol, LMI_FirewalldForwardPort ForwardPort)
Manage port forwarding in the Rich Rule. Other properties of the port forwarding can be set by modification of LMI_FirewalldForwardPort instance returned from this method.
Parameters
- IN uint16 Port
- Port to be forwarded. By default, the port is forwarded to itself on the same machine. Modify the returned instance of LMI_FirewalldForwardPort to set the destination address and/or the destination port.
- IN uint16 Protocol
Forward traffic on the given protocol
ValueMap Values 1 TCP 2 UDP - OUT LMI_FirewalldForwardPort ForwardPort
- Instance of LMI_FirewalldForwardPort class that represents that given port (or range of ports) is allowed in the given Rich Rule.