SuSEFirewall configuration |
modules/SuSEFirewallExpertRules.ycp |
Interface manipulation of /etc/sysconfig/SuSEFirewall (expert rules) | |
|
|
This module has an unstable interface. |
Copyright 2004, Novell, Inc. All rights reserved.
Imports
StructuresGlobal Functions
Local VariablesLocal Functions |
List of all possible protocols for expert rulezz. _rpc_ expects RPC service name as the destination port then.
Returns list of all protocols accepted by the expert rules.
Returns whether the netmask bits are valid.
- Parameters:
-
netmask_bits
Function checks the network definition used for firewall expert rules.
- Parameters:
-
network
- Return value:
-
if it is a valid network definition
- Example
-
IsValidNetwork("192.168.0.1") -> true IsValidNetwork("192.168.0.355") -> false IsValidNetwork("192.168.0.0/24") -> true IsValidNetwork("192.168.0.1/32") -> true IsValidNetwork("192.168.0.1/0") -> false IsValidNetwork("192.168.0.0/255.255.0.0") -> true IsValidNetwork("192.168.0.0/255.255.333.0") -> false IsValidNetwork("192.168.0.0/255.255.224.0") -> true IsValidNetwork("0/0") -> true
- See
-
`man iptables`
Returns string of valid network definition.
- Return value:
-
describing the valid network.
Adjusts parameters to the acceptable representation
- Parameters:
-
params
Returns list of rules (maps) describing protocols and ports that are allowed to be accessed from listed hosts. "network" and "protocol" are needed arguments, "dport" and "sport" are optional. Undefined values are returned as empty strings.
"network" is either an IP, IP/Netmask or IP/Netmask_Bits where the connection originates; "protocol" defines the transport protocol; "dport" is the destination port on the current host; "sport" is the source port on the client.
Port can be port number, port name, port range. Protocol can be 'tcp', 'udp', 'icmp', 'all' or '_rpc_' (dport is then a RPC service name, e.g., ypbind).
Structure This might return, e.g., [
// All requests from 80.44.11.22 to TCP port 22 $[ "network" : "80.44.11.22", "protocol" : "tcp", "dport" : "22", "sport" : "" ], // All requests from network 80.44.11.0/24 to UDP port 53 originating on port 53 $[ "network" : "80.44.11.0/24", "protocol" : "udp", "dport" : "53", "sport" : "53" ], // All requests from network 0/0 (everywhere) to TCP port 443 $[ "network" : "0/0", "protocol" : "tcp", "dport" : "443", "sport" : "" ], ]
- Parameters:
-
zone
- Return value:
-
of rules
- Example
-
GetListOfAcceptRules("EXT") -> $[]
- See
-
IsValidNetwork()
Adds a new accept-rule. Possible keys for parameters are "network", "protocol", "dport" and "sport". Needed are "network" and "protocol".
- Parameters:
-
zone params
- Example
-
AddNewAcceptRule ( "EXT", $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22"] ) -> true
Removes a single expert firewall rule.
- Parameters:
-
zone params
- Example
-
RemoveAcceptRule ( "EXT", $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22"] ) -> true