Subclass of CIM_SettingData
Firewall zone defines the trust level of the interface used for a connection. Features that are enabled in the zone are associated to the instance of this class via LMI_FirewalldZoneComponent.
boolean Masquarade
Enable masquarading for the firewall zone.
This option is not usable for IPv6.
uint16 Target
Target defines policy of handling packets that doesn’t match any rule associated to this instance.
ACCEPT target is used to accept every packet that doesn’t match any rule.
REJECT target will reject all packets that doesn’t match any rule with default firewalld reject type.
DROP target will drop all the non-matching packets without any reply to the sender.
Default behavior when no target is specified is to reject the packets.
ValueMap Values 1 Accept 2 Reject 3 Drop
string Version
Version of the zone.
string Name
Name of the zone.
string Description
Description of the zone.
uint32 AddService (LMI_FirewalldService Service, uint16 Mode)
Allow an existing firewalld service in the zone.
Parameters
- IN LMI_FirewalldService Service
- Service that will be allowed.
- IN uint16 Mode
Mode parameter determines whether the service will be enabled in current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both.
ValueMap Values 0 Current 1 Permanent 2 Both
uint32 AddICMPBlock (LMI_FirewalldICMPType ICMPType, uint16 Mode)
Block given Internet Control Message Protocol (ICMP) packets in the zone.
Parameters
- IN LMI_FirewalldICMPType ICMPType
- Type of ICMP packet that will be blocked.
- IN uint16 Mode
Mode parameter determines whether the ICMP type will be blocked in current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both.
ValueMap Values 0 Current 1 Permanent 2 Both
uint32 AddRichRule (uint16 Mode, LMI_FirewalldRichRule RichRule)
Add rich rule to the zone configuration.Rich rules extends the current zone elements (service, port, icmp-block, masquerade and forward-port) with additional source and destination addresses, logging, actions and limits for logs and actions.
Parameters
- IN uint16 Mode
Mode parameter determines whether the rich rule will be added to current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both.
ValueMap Values 0 Current 1 Permanent 2 Both - OUT LMI_FirewalldRichRule RichRule
- Instance of LMI_FirewalldForwardPort class that represents that given Rich Rule.
uint32 AddPort (string Port, uint16 Protocol, uint16 Mode, LMI_FirewalldPort FirewalldPort)
Allow the traffic on given port and protocol. Range of ports can be allowed by setting PortRangeEnd property of LMI_FirewalldPort instance returned from this method.
Parameters
- IN string Port
- Port (or port range) to be allowed in given zone. Allowed format is either plain port number as string or dash separated port range ‘1234-2345’.
- IN uint16 Protocol
Allow traffic using given protocol
ValueMap Values 1 TCP 2 UDP - IN uint16 Mode
Mode parameter determines whether the port will be enabled in current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both.
ValueMap Values 0 Current 1 Permanent 2 Both - OUT LMI_FirewalldPort FirewalldPort
- Instance of LMI_FirewalldPort class that represents that given port (or range of ports) is allowed in the given zone.
uint32 AddForwardPort (string Port, uint16 Protocol, string ToPort, string ToAddress, uint16 Mode, LMI_FirewalldForwardPort ForwardPort)
Enable port forwarding in the zone.
Parameters
- IN string Port
- Port (or port range) to be forwarded. Allowed format is either plain port number as string or dash separated port range ‘1234-2345’.
- IN uint16 Protocol
Forward traffic on the given protocol
ValueMap Values 1 TCP 2 UDP - IN string ToPort
Destination port (or port range) where should be the traffic forwarded. Allowed format is either plain port number as string or dash separated port range ‘1234-2345’. The range has to be the same size as Port parameter.
This parameter can be also null, in that case destination ports are the same as source ports.
- IN string ToAddress
- The destination IPv4 address. Can be null.
- IN uint16 Mode
Mode parameter determines whether the port forwarding will be enabled in current runtime configuration only or if it will be applied after all future reboots (or reconfigurations) or both.
ValueMap Values 0 Current 1 Permanent 2 Both - OUT LMI_FirewalldForwardPort ForwardPort
- Instance of LMI_FirewalldForwardPort class that represents that given port (or range of ports) is allowed in the given zone.
None