Unknown YCP Module |
This module has an unstable interface. |
Imports
StructuresGlobal Functions
Local VariablesLocal Functions |
File: modules/SuSEFirewallExpertRules.ycp
Package: SuSEFirewall configuration
Summary: Interface manipulation of /etc/sysconfig/SuSEFirewall (expert rules)
Authors: Lukas Ocilka
$id$
List of all possible protocols for expert rulezz. _rpc_ expects RPC service name as the destination port then.
Returns list of all protocols accepted by the expert rules.
- Return value:
-
of protocols
Returns whether the netmask bits are valid.
- Parameters:
-
netmask_bits
- Return value:
-
whether valid
Function checks the network definition used for firewall expert rules.
- Parameters:
-
network
- Return value:
-
if it is a valid network definition
- Example
-
IsValidNetwork("192.168.0.1") -> true IsValidNetwork("192.168.0.355") -> false IsValidNetwork("192.168.0.0/24") -> true IsValidNetwork("192.168.0.1/32") -> true IsValidNetwork("192.168.0.1/0") -> false IsValidNetwork("192.168.0.0/255.255.0.0") -> true IsValidNetwork("192.168.0.0/255.255.333.0") -> false IsValidNetwork("192.168.0.0/255.255.224.0") -> true IsValidNetwork("0/0") -> true
- See
-
`man iptables`
Returns string of valid network definition.
- Return value:
-
describing the valid network.
Adjusts parameters to the acceptable representation
- Parameters:
-
params
- Return value:
-
modified params
Returns list of rules (maps) describing protocols and ports that are allowed to be accessed from listed hosts. "network" and "protocol" are needed arguments, "dport" and "sport" are optional. Undefined values are returned as empty strings.
"network" is either an IP, IP/Netmask or IP/Netmask_Bits where the connection originates; "protocol" defines the transport protocol; "dport" is the destination port on the current host; "sport" is the source port on the client.
Port can be port number, port name, port range. Protocol can be 'tcp', 'udp', 'icmp', 'all' or '_rpc_' (dport is then a RPC service name, e.g., ypbind).
Structure This might return, e.g., [
// All requests from 80.44.11.22 to TCP port 22 $[ "network" : "80.44.11.22", "protocol" : "tcp", "dport" : "22", "sport" : "" ], // All requests from network 80.44.11.0/24 to UDP port 53 originating on port 53 $[ "network" : "80.44.11.0/24", "protocol" : "udp", "dport" : "53", "sport" : "53" ], // All requests from network 0/0 (everywhere) to TCP port 443 $[ "network" : "0/0", "protocol" : "tcp", "dport" : "443", "sport" : "" ], ]
- Parameters:
-
zone
- Return value:
-
of rules
- Example
-
GetListOfAcceptRules("EXT") -> $[]
- See
-
IsValidNetwork()
Creates a string with one rule definition as described by the given params. All the trailing commas are removed
- Parameters:
-
params
- Return value:
-
rule definition
Adds a new accept-rule. Possible keys for parameters are "network", "protocol", "dport" and "sport". Needed are "network" and "protocol".
- Parameters:
-
zone params
- Return value:
-
if successful
- Example
-
AddNewAcceptRule ( "EXT", $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22", "options":"hitcount=3,blockseconds=60,recentname=ssh"] ) -> true
Removes a single expert firewall rule.
- Parameters:
-
zone params
- Return value:
-
if successful
- Example
-
RemoveAcceptRule ( "EXT", $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22"] ) -> true
Deletes Custom Rule defined by the ID of the rule. The ID is an order of list returned by GetListOfAcceptRules(). ID starts at number 0. Every time you delete some rule, the list is, of course, regenerated.
- Parameters:
-
zone rule_id
- Return value:
-
if successful
- Example
-
DeleteRuleID (0) -> true