.. _LMI-FirewalldZone: LMI_FirewalldZone ----------------- Class reference =============== Subclass of :ref:`CIM_SettingData ` Firewall zone defines the trust level of the interface used for a connection. Features that are enabled in the zone are associated to the instance of this class via LMI_FirewalldZoneComponent. Key properties ^^^^^^^^^^^^^^ | :ref:`InstanceID ` Local properties ^^^^^^^^^^^^^^^^ .. _LMI-FirewalldZone-Masquarade: ``boolean`` **Masquarade** Enable masquarading for the firewall zone. This option is not usable for IPv6. .. _LMI-FirewalldZone-Target: ``uint16`` **Target** Target defines policy of handling packets that doesn't match any rule associated to this instance. ACCEPT target is used to accept every packet that doesn't match any rule. REJECT target will reject all packets that doesn't match any rule with default firewalld reject type. DROP target will drop all the non-matching packets without any reply to the sender. Default behavior when no target is specified is to reject the packets. ======== ====== ValueMap Values ======== ====== 1 Accept 2 Reject 3 Drop ======== ====== .. _LMI-FirewalldZone-Version: ``string`` **Version** Version of the zone. .. _LMI-FirewalldZone-Name: ``string`` **Name** Name of the zone. .. _LMI-FirewalldZone-Description: ``string`` **Description** Description of the zone. Local methods ^^^^^^^^^^^^^ .. _LMI-FirewalldZone-AddService: ``uint32`` **AddService** (:ref:`LMI_FirewalldService ` Service, ``uint16`` Mode) Allow an existing firewalld service in the zone. **Parameters** *IN* :ref:`LMI_FirewalldService ` **Service** Service that will be allowed. *IN* ``uint16`` **Mode** Mode parameter determines whether the service will be enabled in current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both. ======== ========= ValueMap Values ======== ========= 0 Current 1 Permanent 2 Both ======== ========= .. _LMI-FirewalldZone-AddICMPBlock: ``uint32`` **AddICMPBlock** (:ref:`LMI_FirewalldICMPType ` ICMPType, ``uint16`` Mode) Block given Internet Control Message Protocol (ICMP) packets in the zone. **Parameters** *IN* :ref:`LMI_FirewalldICMPType ` **ICMPType** Type of ICMP packet that will be blocked. *IN* ``uint16`` **Mode** Mode parameter determines whether the ICMP type will be blocked in current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both. ======== ========= ValueMap Values ======== ========= 0 Current 1 Permanent 2 Both ======== ========= .. _LMI-FirewalldZone-AddRichRule: ``uint32`` **AddRichRule** (``uint16`` Mode, :ref:`LMI_FirewalldRichRule ` RichRule) Add rich rule to the zone configuration.Rich rules extends the current zone elements (service, port, icmp-block, masquerade and forward-port) with additional source and destination addresses, logging, actions and limits for logs and actions. **Parameters** *IN* ``uint16`` **Mode** Mode parameter determines whether the rich rule will be added to current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both. ======== ========= ValueMap Values ======== ========= 0 Current 1 Permanent 2 Both ======== ========= *OUT* :ref:`LMI_FirewalldRichRule ` **RichRule** Instance of LMI_FirewalldForwardPort class that represents that given Rich Rule. .. _LMI-FirewalldZone-AddPort: ``uint32`` **AddPort** (``string`` Port, ``uint16`` Protocol, ``uint16`` Mode, :ref:`LMI_FirewalldPort ` FirewalldPort) Allow the traffic on given port and protocol. Range of ports can be allowed by setting PortRangeEnd property of LMI_FirewalldPort instance returned from this method. **Parameters** *IN* ``string`` **Port** Port (or port range) to be allowed in given zone. Allowed format is either plain port number as string or dash separated port range '1234-2345'. *IN* ``uint16`` **Protocol** Allow traffic using given protocol ======== ====== ValueMap Values ======== ====== 1 TCP 2 UDP ======== ====== *IN* ``uint16`` **Mode** Mode parameter determines whether the port will be enabled in current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both. ======== ========= ValueMap Values ======== ========= 0 Current 1 Permanent 2 Both ======== ========= *OUT* :ref:`LMI_FirewalldPort ` **FirewalldPort** Instance of LMI_FirewalldPort class that represents that given port (or range of ports) is allowed in the given zone. .. _LMI-FirewalldZone-AddForwardPort: ``uint32`` **AddForwardPort** (``string`` Port, ``uint16`` Protocol, ``string`` ToPort, ``string`` ToAddress, ``uint16`` Mode, :ref:`LMI_FirewalldForwardPort ` ForwardPort) Enable port forwarding in the zone. **Parameters** *IN* ``string`` **Port** Port (or port range) to be forwarded. Allowed format is either plain port number as string or dash separated port range '1234-2345'. *IN* ``uint16`` **Protocol** Forward traffic on the given protocol ======== ====== ValueMap Values ======== ====== 1 TCP 2 UDP ======== ====== *IN* ``string`` **ToPort** Destination port (or port range) where should be the traffic forwarded. Allowed format is either plain port number as string or dash separated port range '1234-2345'. The range has to be the same size as `Port` parameter. This parameter can be also `null`, in that case destination ports are the same as source ports. *IN* ``string`` **ToAddress** The destination IPv4 address. Can be `null`. *IN* ``uint16`` **Mode** Mode parameter determines whether the port forwarding will be enabled in current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both. ======== ========= ValueMap Values ======== ========= 0 Current 1 Permanent 2 Both ======== ========= *OUT* :ref:`LMI_FirewalldForwardPort ` **ForwardPort** Instance of LMI_FirewalldForwardPort class that represents that given port (or range of ports) is allowed in the given zone. Inherited properties ^^^^^^^^^^^^^^^^^^^^ | ``string`` :ref:`ElementName ` | ``uint16`` :ref:`ChangeableType ` | ``string`` :ref:`InstanceID ` | ``uint64`` :ref:`Generation ` | ``string`` :ref:`Caption ` | ``string`` :ref:`ConfigurationName ` Inherited methods ^^^^^^^^^^^^^^^^^ *None*