/*
* Copyright (C) 2014 Red Hat, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Authors: Radek Novacek <rnovacek@redhat.com>
*/
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("Service for managing Firewalld daemon on the managed system."),
Experimental ]
class LMI_FirewalldConfigurationService: CIM_Service
{
[ Description("Create new Firewalld zone. The zone is created empty and "
"should be later configured by modifying the LMI_FirewalldZone "
"instance, or adding rules into it."),
ValueMap { "0", "1", "2", "3", "4", "5", "4096" },
Values { "Completed with No Error", "Not Supported",
"Unknown/Unspecified Error", "Failed",
"Invalid Parameter", "Busy",
"Method Parameters Checked - Job Started" } ]
uint32 CreateZone(
[ Required, IN, Description("Name of the zone.") ]
string Name,
[ IN(false), OUT, Description("Created zone object.") ]
LMI_FirewalldZone REF Zone);
[ Description("Create new Firewalld service that can be used in "
"Firewalld rules."),
ValueMap { "0", "1", "2", "3", "4", "5", "4096" },
Values { "Completed with No Error", "Not Supported",
"Unknown/Unspecified Error", "Failed",
"Invalid Parameter", "Busy",
"Method Parameters Checked - Job Started" } ]
uint32 CreateService(
[ Required, IN, Description("Name of the service.") ]
string Name,
[ IN(false), OUT, Description("Created service object.") ]
LMI_FirewalldService REF Service);
[ Description("Create new ICMP type that can be used in Firewalld rules."),
ValueMap { "0", "1", "2", "3", "4", "5", "4096" },
Values { "Completed with No Error", "Not Supported",
"Unknown/Unspecified Error", "Failed",
"Invalid Parameter", "Busy",
"Method Parameters Checked - Job Started" } ]
uint32 CreateICMPType(
[ Required, IN, Description("Name of the ICMP type.") ]
string Name,
[ IN(false), OUT, Description("Created ICMP type object.") ]
LMI_FirewalldICMPType REF ICMPType);
[ Description("Apply the zone setting to given IPNetworkConnection."),
ValueMap { "0", "1", "2", "3", "4", "5", "4096" },
Values { "Completed with No Error", "Not Supported",
"Unknown/Unspecified Error", "Failed",
"Invalid Parameter", "Busy",
"Method Parameters Checked - Job Started" } ]
uint32 ApplySettingToIPNetworkConnection(
[ Required, IN, Description("The Firewalld zone to apply.") ]
LMI_FirewalldZone REF SettingData,
[ Required, IN, Description("The IPNetworkConnection to which the "
"zone will be applied.") ]
CIM_IPNetworkConnection REF IPNetworkConnection,
[ IN(false), OUT, Description(
"Reference to the job spawned if the operation "
"continues after the method returns. This parameter "
"MUST NOT be null if a value of 4096 is returned. "
"This parameter MUST be null if any other value is "
"returned by the method.\n\n"
"NOTE: This method does not currently return jobs.") ]
CIM_ConcreteJob REF Job);
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_HostedFirewalldConfigurationService is an association "
"between FirewalldConfigurationService and the System which firewall "
"is managed."), Experimental ]
class LMI_HostedFirewalldConfigurationService: CIM_HostedService
{
[ Override("Antecedent"), Description("Computer system which firewall is "
"managed") ]
CIM_ComputerSystem REF Antecedent;
[ Override("Dependent"), Weak, Description("Service for firewall "
"configuration") ]
LMI_FirewalldConfigurationService REF Dependent;
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("Firewall zone defines the trust level of the interface used "
"for a connection. Features that are enabled in the zone are "
"associated to the instance of this class via LMI_FirewalldZoneComponent."),
Experimental ]
class LMI_FirewalldZone: CIM_SettingData
{
[ Implemented(true), Description("Name of the zone.") ]
string Name;
[ Implemented(true), Description("Target defines policy of handling "
"packets that don't match any rule associated to this instance.\n"
"\n"
"ACCEPT target is used to accept every packet that doesn't match any "
"rule.\n"
"REJECT target will reject all packets that doesn't match any rule with "
"default firewalld reject type.\n"
"DROP target will drop all the non-matching packets without any reply "
"to the sender.\n"
"Default behavior when no target is specified is to reject the "
"packets."),
ValueMap { "1", "2", "3" },
Values { "Accept", "Reject", "Drop" } ]
uint16 Target;
[ Implemented(true), Description("Description of the zone.") ]
string Description;
[ Implemented(true), Description("Version of the zone.") ]
string Version;
[ Implemented(true), Description("Enable masquarading for the firewall "
"zone.\nThis option is not usable for IPv6.") ]
boolean Masquarade;
[ Implemented(true), Description("Allow the traffic on given port "
"and protocol. Range of ports can be allowed by setting PortRangeEnd "
"property of LMI_FirewalldPort instance returned from this method.") ]
uint32 AddPort(
[ IN, Required, Description("Port (or port range) to be allowed in "
"given zone. Allowed format is either plain port number as string "
"or dash separated port range '1234-2345'.") ]
string Port,
[ IN, Required, Description("Allow traffic using given protocol"),
ValueMap { "1", "2" },
Values { "TCP", "UDP" } ]
uint16 Protocol,
[ IN, Required, Description("Mode parameter determines whether the "
"port will be enabled in current runtime configuration only or "
"if it will be applied after all future reboots (or "
"reconfigurations) or both."),
ValueMap { "0", "1", "2" },
Values { "Current", "Permanent", "Both" } ]
uint16 Mode,
[ IN(false), OUT, Description("Instance of LMI_FirewalldPort class "
"that represents that given port (or range of ports) is allowed "
"in the given zone.") ]
LMI_FirewalldPort REF FirewalldPort);
[ Implemented(true), Description("Allow an existing firewalld service "
"in the zone.") ]
uint32 AddService(
[ IN, Required, Description("Service that will be allowed.") ]
LMI_FirewalldService REF Service,
[ IN, Required, Description("Mode parameter determines whether the "
"service will be enabled in current runtime configuration only or "
"if it will be applied after all future reboots (or "
"reconfigurations) or both."),
ValueMap { "0", "1", "2" },
Values { "Current", "Permanent", "Both" } ]
uint16 Mode);
[ Implemented(true), Description("Block given Internet Control Message "
"Protocol (ICMP) packets in the zone.") ]
uint32 AddICMPBlock(
[ IN, Required, Description("Type of ICMP packet that will be "
"blocked.") ]
LMI_FirewalldICMPType REF ICMPType,
[ IN, Required, Description("Mode parameter determines whether the "
"ICMP type will be blocked in current runtime configuration only or "
"if it will be applied after all future reboots (or "
"reconfigurations) or both."),
ValueMap { "0", "1", "2" },
Values { "Current", "Permanent", "Both" } ]
uint16 Mode);
[ Implemented(true), Description("Enable port forwarding in the zone.") ]
uint32 AddForwardPort(
[ IN, Required, Description("Port (or port range) to be forwarded. "
"Allowed format is either plain port number as string "
"or dash separated port range '1234-2345'.") ]
string Port,
[ IN, Required, Description("Forward traffic on the given protocol"),
ValueMap { "1", "2" },
Values { "TCP", "UDP" } ]
uint16 Protocol,
[ IN, Description("Destination port (or port range) "
"where should be the traffic forwarded. Allowed format is either "
"plain port number as string or dash separated port range "
"'1234-2345'. The range has to be the same size as `Port` "
"parameter.\n"
"This parameter can be also `null`, in that case destination "
"ports are the same as source ports.") ]
string ToPort,
[ IN, Description("The destination IPv4 address. Can be `null`.") ]
string ToAddress,
[ IN, Required, Description("Mode parameter determines whether the "
"port forwarding will be enabled in current runtime configuration "
"only or if it will be applied after all future reboots (or "
"reconfigurations) or both."),
ValueMap { "0", "1", "2" },
Values { "Current", "Permanent", "Both" } ]
uint16 Mode,
[ IN(false), OUT, Description("Instance of LMI_FirewalldForwardPort "
"class that represents that given port (or range of ports) is "
"allowed in the given zone.") ]
LMI_FirewalldForwardPort REF ForwardPort);
[ Implemented(true), Description("Add rich rule to the zone configuration."
"Rich rules extends the current zone elements (service, port, "
"icmp-block, masquerade and forward-port) with additional source "
"and destination addresses, logging, actions and limits for logs "
"and actions.") ]
uint32 AddRichRule(
[ IN, Required, Description("Mode parameter determines whether the "
"rich rule will be added to current runtime configuration "
"only or if it will be applied after all future reboots (or "
"reconfigurations) or both."),
ValueMap { "0", "1", "2" },
Values { "Current", "Permanent", "Both" } ]
uint16 Mode,
[ IN(false), OUT, Description("Instance of LMI_FirewalldForwardPort "
"class that represents that given Rich Rule.") ]
LMI_FirewalldRichRule REF RichRule);
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"), Description(
"LMI_FirewalldIPNetworkConnectionZone association represents that the "
"ManagedElement (CIM_IPNetworkConnection) is binded into the Firewalld "
"zone."), Experimental ]
class LMI_FirewalldIPNetworkConnectionZone: CIM_ElementSettingData
{
[ Key, Description("Network connection that is in the zone."),
Override("ManagedElement") ]
CIM_IPNetworkConnection REF ManagedElement;
[ Key, Description("Firewalld zone."), Override("SettingData") ]
LMI_FirewalldZone REF SettingData;
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_HostedFirewalldZone association denotes which Firewalld "
"zones are available on given Computer System.\n"
"One of the zones can be marked as default and will be used for interfaces "
"that are not explicitly assigned to another zone."), Experimental ]
class LMI_HostedFirewalldZone: CIM_ElementSettingData
{
[ Implemented(true), Description("An enumerated integer that indicates "
"that the referenced setting is a default setting for the element "
"or that this information is unknown."),
ValueMap { "0", "1", "2" },
Values { "Unknown", "Is Default", "Is Not Default" } ]
uint16 IsDefault;
[ Key, Description("Computer System that has the zones available."),
Override("ManagedElement") ]
CIM_ComputerSystem REF ManagedElement;
[ Key, Description("Zone that exist on given Computer System."),
Override("SettingData") ]
LMI_FirewalldZone REF SettingData;
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"), Description(
"LMI_FirewalldRule is an abstract class that represents one rule in the "
"Firewalld Zone configuration. All the packets matching any of the rules "
"are accepted. If the packet doesn't match any of the rules, it will be "
"accepted, rejected or dropped, depending on value of Target property of "
"associated LMI_FirewalldZone."), Experimental ]
class LMI_FirewalldRule: CIM_SettingData
{
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldZoneComponent association describes Rules that "
"are part of the Zone. There is two layers of configuration, Current and "
"Permanent, Current configuration describes how is the firewall "
"configured right now. Permanent configuration on the other hand "
"describes the state of firewall after system reboot or firewalld service "
"reconfiguration."), Experimental ]
class LMI_FirewalldZoneComponent: CIM_OrderedComponent
{
[ Implemented(true), Description("True value of the IsCurrent property "
"means that the Rule (PartComponent) is a part of current (run-time) "
"zone configuration.") ]
boolean IsCurrent;
[ Implemented(true), Description("True value of the IsPermanent property "
"means that the Rule (PartComponent) is a part of permanent "
"zone configuration.") ]
boolean IsPermanent;
[ Key, Description("Firewalld Zone that the Rule is part of."),
Override("GroupComponent") ]
LMI_FirewalldZone REF GroupComponent;
[ Key, Description("Firewalld Rule that describes behavior for incoming "
"packets."), Override("PartComponent") ]
LMI_FirewalldRule REF PartComponent;
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldService represents known service. Apart from "
"properties defined in this class, Service also can have FirewalldPorts "
"associated via LMI_FirewalldRuleComponent association. Firewalld service "
"makes it easier to enable and disable access to a service.\n"
"LMI_FirewalldService is shared between all its uses. For removing service "
"from zone, delete instance of LMI_FirewalldZoneComponent."),
Experimental ]
class LMI_FirewalldService: LMI_FirewalldRule
{
[ Implemented(true), Description("Name of the service.") ]
string Name;
[ Implemented(true), Description("Optional description of the service.") ]
string Description;
[ Implemented(true), Description("Optional destination network IP address "
"(with prefix possibly specified in the IPv4DestinationPrefixLength "
"property) or plain IP address. The use of hostnames is not "
"recommended, because these will only be resolved at service "
"activation and transmitted to the kernel.") ]
string IPv4Destination;
[ Implemented(true), Description("Optional IP network prefix. "
"IPv4Destination must be specified if this property is set.") ]
uint8 IPv4DestinationPrefixLength = null;
[ Implemented(true), Description("Optional destination network IP address "
"(with prefix possibly specified in the IPv6DestinationPrefixLength "
"property) or plain IP address. The use of hostnames is not "
"recommended, because these will only be resolved at service "
"activation and transmitted to the kernel.") ]
string IPv6Destination;
[ Implemented(true), Description("Optional IP network prefix. "
"IPv6Destination must be specified if this property is set.") ]
uint8 IPv6DestinationPrefixLength = null;
[ Implemented(true), Description("List of kernel netfilter helpers that "
"will be used.") ]
string modules[];
[ Implemented(true), Description("Add port (or port range) to the service "
"configuration.") ]
uint32 AddPort(
[ IN, Required, Description("Port (or port range) to be allowed in "
"given zone. Allowed format is either plain port number as string "
"or dash separated port range '1234-2345'.") ]
string Port,
[ IN, Required, Description("Allow traffic using given protocol"),
ValueMap { "1", "2" },
Values { "TCP", "UDP" } ]
uint16 Protocol,
[ IN, Required, Description("Mode parameter determines whether the "
"port will be enabled in current runtime configuration only or "
"if it will be applied after all future reboots (or "
"reconfigurations) or both."),
ValueMap { "0", "1", "2" },
Values { "Current", "Permanent", "Both" } ]
uint16 Mode,
[ IN(false), OUT, Description("Instance of LMI_FirewalldPort class "
"that represents that given port (or range of ports) is allowed "
"in the given zone.") ]
LMI_FirewalldPort REF FirewalldPort);
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldPort represents a network port on given protocol "
"which access is managed by the firewall."), Experimental ]
class LMI_FirewalldPort: LMI_FirewalldRule
{
[ Implemented(true), Description("Protocol that the port belongs to."),
ValueMap { "1", "2" },
Values { "TCP", "UDP" } ]
uint16 Protocol;
[ Implemented(true), Description("Port that is managed by the firewall. "
"It could be also beginning of a port range if PortRangeEnd property "
"is not null.") ]
uint16 Port;
[ Implemented(true), Description("If not null this property represents "
"ending of port range, beginning is specified by Port property") ]
uint16 PortRangeEnd = null;
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldServicePort association binds Firewalld service "
"to the network port (or port range) meaning that when the service is "
"enabled in the zone, all the associated ports are opened."),
Experimental ]
class LMI_FirewalldServicePort: CIM_OrderedComponent
{
[ Key, Description("Firewalld Service that has its ports specified."),
Override("GroupComponent") ]
LMI_FirewalldService REF GroupComponent;
[ Key, Description("The port (or port range) that is associated to the "
"service."), Override("PartComponent") ]
LMI_FirewalldPort REF PartComponent;
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldSource can be used to bind a source address or "
"source address range to a zone."), Experimental ]
class LMI_FirewalldSource: LMI_FirewalldRule
{
[ Implemented(true), Description("IP family where the IPAddress belongs."),
ValueMap { "1", "2" },
Values { "IPv4", "IPv6" } ]
uint8 IPFamily;
[ Implemented(true), Description("IP address source that will be bound to "
"the zone. It can be plain IP address or netwokr IP address with "
"prefix optionally specified by the Prefix property.") ]
string IPAddress;
[ Implemented(true), Description("Prefix for network specified by the "
"IPAddress property.") ]
uint8 Prefix = null;
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldICMPType represent rule for incoming ICMP packets. "
"This rule can be used for blocking these packets."), Experimental ]
class LMI_FirewalldICMPType: LMI_FirewalldRule
{
[ Implemented(true), Description("Name of the ICMP type.") ]
string Name;
[ Implemented(true), Description("ICMP packet description.") ]
string Description;
[ Implemented(true), Description("Describes if the ICMP type is available "
"on IPv4.") ]
boolean IPv4;
[ Implemented(true), Description("Describes if the ICMP type is available "
"on IPv6.") ]
boolean IPv6;
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldForwardPort describes forwarding rule in the "
"firewall. Currently this rule can be used for IPv4 forwarding only, use "
"LMI_FirewalldRichRule for IPv6."), Experimental ]
class LMI_FirewalldForwardPort: LMI_FirewalldPort
{
[ Implemented(true), Description("Local port to be forwarded to "
"destination. Range of ports can be specified by setting PortRangeEnd "
"property. In that case, Port is used as beginning of the range and "
"PortRangeEnd as end of the range.") ]
uint16 Port;
[ Implemented(true), Description("If this property is set, whole range of "
"ports between Port and PortRangeEnd is forwarded, otherwise "
"only the Port is forwarded.") ]
uint16 PortRangeEnd = NULL;
[ Implemented(true), Description("Protocol which ports are forwarded."),
ValueMap { "1", "2" },
Values { "TCP", "UDP" } ]
uint16 Protocol;
[ Implemented(true), Description("The destination where the traffic is "
"forwarded to. If the value of this property is not specified, the "
"traffic will be forwarded to same port (or port range) on the "
"destination.") ]
uint16 ToPort = NULL;
[ Implemented(true), Description("If a port range is forwarded, the "
"ToPortRange should delimiter destination range of same size as the "
"input range.") ]
uint16 ToPortRangeEnd = NULL;
[ Implemented(true), Description("Destination IPv4 address where is the "
"traffic forwarded to.") ]
string ToAddress;
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"), Description("Firewalld "
"Rich Rules allow more complex firewall rules to be created. The Rich "
"Rules extends the zone configuration rules with additional source and "
"destination addresses, logging, actions and limits for the logs and "
"actions.\n"
"Each Rich Rule can be extended by associating (via "
"LMI_FirewalldRuleComponent) instances of following classes: "
"LMI_FirewalldLogAction, LMI_FirewalldPort, LMI_FirewalldICMPType, "
"LMI_FirewalldForwardPort, and LMI_FirewalldService."), Experimental ]
class LMI_FirewalldRichRule: LMI_FirewalldRule
{
[ Implemented(true), Description("Family can be used to limit the Rich "
"Rule to IPv4 or IPv6 only. If the source or destination addresses "
"are used, then the family must be provided. This is also the case "
"for port/packet forwarding."),
ValueMap { "0", "1", "2" },
Values { "IPv4", "IPv6", "Both" } ]
uint16 Family;
[ Implemented(true), Description("SourceAddress can be used to manage the "
"packets based on its source address. Source address can be either "
"IPv4/IPv6 address, or network address in which case the "
"SourceAddressPrefix might be specified.") ]
string SourceAddress;
[ Implemented(true), Description("When SourceAddress is network address "
"this property can be use to specify the network address prefix.") ]
uint16 SourceAddressPrefix;
[ Implemented(true), Description("If the SourceAddressInvert property is "
"true, the source address will be inverted, meaning that all but used "
"address with match.") ]
boolean SourceAddressInvert;
[ Implemented(true), Description("DestinationAddress can be used to manage "
"the packets based on its destination address. Source address can be "
"either IPv4/IPv6 address, or network address in which case the "
"DestinationAddressPrefix might be specified.") ]
string DestinationAddress;
[ Implemented(true), Description("When DestinationAddress is network "
"address this property can be use to specify the network address "
"prefix.") ]
uint16 DestinationAddressPrefix;
[ Implemented(true), Description("If the DestinationAddressInvert property "
"is true, the destination address will be inverted, meaning that all "
"but used address with match.") ]
boolean DestinationAddressInvert;
[ Implemented(true), Description("Action determines how will be the "
"incoming packet handled. With Accept all new connection attempts will "
"be granted. With Reject they will not be accepted and there source "
"will get a reject message. The reject type can be set to use an "
"other value using RejectType property. With Drop all packets will "
"be dropped immediately, there is no information sent to the source."),
ValueMap { "0", "1", "2", "3" },
Values { "No Target", "Accept", "Reject", "Drop" } ]
uint16 Action;
[ Implemented(true), Description("When Action is Reject the reject type "
"can be specified in this property. For valid reject types see "
"--reject-with type in iptables-extensions(8) man page. Because "
"the reject types are different for IPv4 and IPv6 you have to "
"specify rule family when using reject type.") ]
string RejectType = NULL;
[ Implemented(true), Description("This property turns on masquerading "
"in the rule. A source address can be provided to limit masquerading "
"to this area, but not a destination address.") ]
boolean Masquarade;
[ Implemented(true), Description("Manage the traffic on given port (or "
"range of ports) and protocol.") ]
uint32 AddPort(
[ IN, Required, Description("Port to be allowed in given Rich Rule. "
"Allowed format is either plain port number as string or dash "
"separated port range '1234-2345'.") ]
string Port,
[ IN, Required, Description("Manage traffic using given protocol"),
ValueMap { "1", "2" },
Values { "TCP", "UDP" } ]
uint16 Protocol,
[ IN(false), OUT, Description("Instance of LMI_FirewalldPort class "
"that represents that given port (or range of ports) is managed "
"by the Rich Rule.") ]
LMI_FirewalldPort REF FirewalldPort);
[ Implemented(true), Description("Manage port forwarding in the Rich "
"Rule.") ]
uint32 AddForwardPort(
[ IN, Required, Description("Port (or range of ports) to be "
"forwarded. Allowed format is either plain port number as string "
"or dash separated port range '1234-2345'.") ]
string Port,
[ IN, Required, Description("Forward traffic on the given protocol"),
ValueMap { "1", "2" },
Values { "TCP", "UDP" } ]
uint16 Protocol,
[ IN, Description("Destination port (or port range) "
"where should be the traffic forwarded. Allowed format is either "
"plain port number as string or dash separated port range "
"'1234-2345'. The range has to be the same size as `Port` "
"parameter.\n"
"This parameter can be also `null`, in that case destination "
"ports are the same as source ports.") ]
string ToPort,
[ IN, Description("The destination IPv4 address. Can be `null`.") ]
string ToAddress,
[ IN(false), OUT, Description("Instance of LMI_FirewalldForwardPort "
"class that represents that given port (or range of ports) is "
"allowed in the given Rich Rule.") ]
LMI_FirewalldForwardPort REF ForwardPort);
[ Implemented(true), Description("Manage given service in the Rich Rule.") ]
uint32 AddService(
[ IN, Required, Description("Firewalld Service that that will be added "
"to the Rich Rule.") ]
LMI_FirewalldService REF Service);
[ Implemented(true), Description("Manage blocking of ICMP packets in "
"the Rich Rule.") ]
uint32 AddICMPBlock(
[ IN, Required, Description("Add Firewalld ICMP Type that that will be "
"blocked by the Rich Rule.") ]
LMI_FirewalldICMPType REF ICMPType);
[ Implemented(true), Description("Add logging of new connections "
"to the Rich Rule.") ]
uint32 AddLogAction(
[ IN, Description("Prefix that will be added to the log message.") ]
string Prefix,
[ IN, Description("Level that will be used when logging "
"the message. Default value is \"warning\"."),
ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8" },
Values { "Unknown", "Emergency", "Alert", "Crititcal", "Error",
"Warning", "Notice", "Info", "Debug" } ]
uint16 Level,
[ IN, Description("Limit property can be used to limit "
"the logging. LimitRate and LimitUnit determine how often will "
"be written new entry into the log. Maximal value is once "
"per day.") ]
uint32 LimitRate,
[ IN, Description("Unit for limiting logging entries."),
ValueMap { "0", "1", "2", "3", "4" },
Values { "Unknown", "Seconds", "Minutes", "Hours", "Days" } ]
uint16 LimitUnit,
[ IN, Description("If the Audit property is set to True, "
"logging entries will be sent to the auditd service instead "
"of writing to syslog.") ]
boolean Audit);
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldRichRuleComponent association specified details "
"about Firewalld Rich Language Rule."),
Experimental ]
class LMI_FirewalldRichRuleComponent: CIM_OrderedComponent
{
[ Key, Description("Firewalld Rich Rule which details is specified."),
Override("GroupComponent") ]
LMI_FirewalldRichRule REF GroupComponent;
[ Key, Description("Part of Firewalld Rich Rule specification."),
Override("PartComponent") ]
LMI_FirewalldRule REF PartComponent;
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldLogAction describes logging of new connection "
"attempts with kernel logging for example in syslog."), Experimental ]
class LMI_FirewalldLogAction: LMI_FirewalldRule
{
[ Implemented(true), Description("Prefix that will be added to the log "
"message.") ]
string Prefix;
[ Implemented(true), Description("Level that will be used when logging "
"the message. Default value is \"warning\"."),
ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8" },
Values { "Unknown", "Emergency", "Alert", "Crititcal", "Error", "Warning", "Notice", "Info", "Debug" } ]
uint16 Level;
[ Implemented(true), Description("Limit property can be used to limit "
"the logging. LimitRate and LimitUnit determine how often will be written new "
"entry into the log. Maximal value is once per day.") ]
uint32 LimitRate;
[ Implemented(true), Description("Unit for limiting logging entries."),
ValueMap { "0", "1", "2", "3", "4" },
Values { "Unknown", "Seconds", "Minutes", "Hours", "Days" } ]
uint16 LimitUnit;
[ Implemented(true), Description("If the Audit property is set to True, "
"logging entries will be sent to the auditd service instead of writing "
"to syslog.") ]
boolean Audit;
};
[ Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("Direct configuration gives more direct access to the firewall. "
"It allows to directly specify ip(6)tables rule. Direct configuration "
"should be used only as a last resort when it's not possible to use "
"LMI_FirwalldZone configuration."), Experimental ]
class LMI_FirewalldDirectConfiguration: CIM_SettingData
{
[ Description("Add new Firewalld Chain into the direct configuration.") ]
uint16 AddDirectChain(
[ IN, Required, Description("The IP family where the chain will be "
"created."),
ValueMap { "1", "2" },
Values { "IPv4", "IPv6" } ]
uint8 IPFamily,
[ IN, Required, Description("The table name where the chain will be "
"created. This can be one of the tables that can be used for "
"iptables or ip6tables. For the possible values, please have a "
"look at the TABLES section in the iptables man pages: For "
"IPv4 in iptables(8), for IPv6 in ip6tables(8).") ]
string Table,
[ IN, Required, Description("The name of the chain, that will be "
"created. Please make sure that there is no other chain with this "
"name already.") ]
string Chain,
[ IN(false), OUT, Description("Newly created LMI_FirewalldDirectChain "
"instance.") ]
LMI_FirewalldDirectChain REF DirectChain);
[ Description("Add new Firewalld Direct Rule into the direct "
"configuration.") ]
uint16 AddDirectRule(
[ IN, Required, Description("The IP family where the direct rule will "
"be created."),
ValueMap { "1", "2" },
Values { "IPv4", "IPv6" } ]
uint8 IPFamily,
[ IN, Required, Description("The table name where the rule will be "
"added. This can be one of the tables that can be used for "
"iptables or ip6tables. For the possible values, please have a "
"look at the TABLES section in the iptables man pages: For "
"IPv4 in iptables(8), for IPv6 in ip6tables(8).") ]
string Table,
[ IN, Required, Description("The name of the chain where the rule will "
"be added. This can be either a built-in chain or a chain that "
"has been created with the chain rule. If the chain name is a "
"built-in chain, then the rule will be added to chain_direct,"
"else the supplied chain name is used. chain_direct is created "
"internally for all built-in chains to make sure that the added "
"rules do not conflict with the rules created by firewalld.") ]
string Chain,
[ IN, Required, Description("The priority is used to order rules. "
"Priority 0 means add rule on top of the chain, with a higher "
"priority the rule will be added further down. Rules with the "
"same priority are on the same level and the order of these "
"rules is not fixed and may change. If you want to make sure "
"that a rule will be added after another one, use a low priority "
"for the first and a higher for the following.") ]
uint32 Priority,
[ IN, Required, Description("The Rule can be any arguments of iptables "
"or ip6tables, that do not conflict with the table or chain "
"attributes.") ]
string Rule,
[ IN(false), OUT, Description("Newly created LMI_FirewalldDirectRule "
"instance.") ]
LMI_FirewalldDirectRule REF DirectRule);
[ Description("Add new Firewalld Passthrough Rule.") ]
uint16 AddDirectPassthough(
[ IN, Required, Description("The IP family where the passthrough rule "
"will be created."),
ValueMap { "1", "2" },
Values { "IPv4", "IPv6" } ]
uint8 IPFamily,
[ IN, Required, Description("The Rule can be any arguments of "
"iptables or ip6tables.") ]
string Rule,
[ IN(false), OUT, Description("") ]
LMI_FirewalldDirectPassthrough REF Passthrough);
};
class LMI_FirewalldDirect: CIM_SettingData
{
[ Implemented(true), Description(" The IP family where the direct rule "
"will be created."),
ValueMap { "1", "2" },
Values { "IPv4", "IPv6" } ]
uint8 IPFamily;
};
class LMI_FirewalldDirectRule: LMI_FirewalldDirect
{
[ Implemented(true), Description("The table name where the rule will be "
"added. This can be one of the tables that can be used for "
"iptables or ip6tables. For the possible values, please have a "
"look at the TABLES section in the iptables man pages: For "
"IPv4 in iptables(8), for IPv6 in ip6tables(8).") ]
string Table;
[ Implemented(true), Description("The name of the chain where the rule will "
"be added. This can be either a built-in chain or a chain that "
"has been created with the chain rule. If the chain name is a "
"built-in chain, then the rule will be added to chain_direct,"
"else the supplied chain name is used. chain_direct is created "
"internally for all built-in chains to make sure that the added "
"rules do not conflict with the rules created by firewalld.") ]
string Chain;
[ Implemented(true), Description("The Rule can be any arguments of "
"iptables or ip6tables, that do not conflict with the table or chain "
"attributes.") ]
string Rule;
};
class LMI_FirewalldDirectChain: LMI_FirewalldDirect
{
[ Implemented(true), Description("The table name where the chain will be "
"created. This can be one of the tables that can be used for "
"iptables or ip6tables. For the possible values, please have a look "
"at the TABLES section in the iptables man pages: For IPv4 in "
"iptables(8), for IPv6 in ip6tables(8).") ]
string Table;
[ Implemented(true), Description("The name of the chain, that will be "
"created. Please make sure that there is no other chain with this "
"name already.") ]
string Chain;
};
class LMI_FirewalldDirectPassthrough: LMI_FirewalldDirect
{
[ Implemented(true), Description("The Rule can be any arguments of "
"iptables or ip6tables.") ]
string Rule;
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_HostedFirewalldDirect association denotes which Firewalld "
"direct configuration rules are used on given Computer System."),
Experimental ]
class LMI_HostedFirewalldDirect: CIM_ElementSettingData
{
[ Key, Description("Computer System that has the direct firewall "
"configuration."), Override("ManagedElement") ]
CIM_ComputerSystem REF ManagedElement;
[ Key, Description("Direct firewall configuration that exist on given "
"Computer System."), Override("SettingData") ]
LMI_FirewalldDirectConfiguration REF SettingData;
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldDirectConfigurationComponent association describes "
"Direct rules that are part of the Direct Configuration."), Experimental ]
class LMI_FirewalldDirectConfigurationComponent: CIM_OrderedComponent
{
[ Key, Description("Firewalld Direct Configuration that the Direct rule "
"is part of."), Override("GroupComponent") ]
LMI_FirewalldDirectConfiguration REF GroupComponent;
[ Key, Description("Firewalld Direct rule that is part of Direct "
"Configuration."), Override("PartComponent") ]
LMI_FirewalldDirect REF PartComponent;
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_FirewalldServiceOnSystem association can be used to obtain "
"all firewalld services that are defined on given Computer System."),
Experimental ]
class LMI_FirewalldServiceOnSystem: CIM_ElementSettingData
{
[ Key, Description("Computer System that has the firewalld services "
"defined."), Override("ManagedElement") ]
CIM_ComputerSystem REF ManagedElement;
[ Key, Description("Firewalld service that is defined on given "
"Computer System."), Override("SettingData") ]
LMI_FirewalldService REF SettingData;
};
[ Association, Provider("cmpi:cmpiLMI_Firewalld"), Version("0.0.1"),
Description("LMI_HostedFirewalldICMPType association can be used to obtain "
"all defined firewalld ICMP types that are defined on given Computer "
"System."), Experimental ]
class LMI_HostedFirewalldICMPType: CIM_ElementSettingData
{
[ Key, Description("Computer System that has the firewalld ICMP types "
"defined."), Override("ManagedElement") ]
CIM_ComputerSystem REF ManagedElement;
[ Key, Description("ICMP types that is defined on given Computer System."),
Override("SettingData") ]
LMI_FirewalldICMPType REF SettingData;
};