YaST2 Developers Documentation: Unknown YCP Module

Unknown YCP Module

This module has an unstable interface.

Imports

  • IP
  • Netmask
  • SuSEFirewall

Structures

Global Functions

Local Variables

Local Functions

Info:

File: modules/SuSEFirewallExpertRules.ycp Package: SuSEFirewall configuration Summary: Interface manipulation of /etc/sysconfig/SuSEFirewall (expert rules) Authors: Lukas Ocilka Flags: Unstable

$id$

local allowed_expert_protocols -> list <string>

List of all possible protocols for expert rulezz. _rpc_ expects RPC service name as the destination port then.

global GetAllExpertRulesProtocols () -> list <string>

Returns list of all protocols accepted by the expert rules.

Return value:
of protocols
See
list allowed_expert_protocols
local ValidNetmaskBits (integer netmask_bits) -> boolean

Returns whether the netmask bits are valid.

Parameters:
netmask_bits
Return value:
whether valid
global IsValidNetwork (string network) -> boolean

Function checks the network definition used for firewall expert rules.

Parameters:
network
Return value:
if it is a valid network definition
Example

 IsValidNetwork("192.168.0.1")               -> true
 IsValidNetwork("192.168.0.355")             -> false
 IsValidNetwork("192.168.0.0/24")            -> true
 IsValidNetwork("192.168.0.1/32")            -> true
 IsValidNetwork("192.168.0.1/0")             -> false
 IsValidNetwork("192.168.0.0/255.255.0.0")   -> true
 IsValidNetwork("192.168.0.0/255.255.333.0") -> false
 IsValidNetwork("192.168.0.0/255.255.224.0") -> true
 IsValidNetwork("0/0")                       -> true
See
`man iptables`
global ValidNetwork () -> string

Returns string of valid network definition.

Return value:
describing the valid network.
local AdjustParameters (map <string, string> params) -> map <string, string>

Adjusts parameters to the acceptable representation

Parameters:
params
Return value:
modified params
global GetListOfAcceptRules (string zone) -> list <map <string, string> >

Returns list of rules (maps) describing protocols and ports that are allowed to be accessed from listed hosts. "network" and "protocol" are needed arguments, "dport" and "sport" are optional. Undefined values are returned as empty strings.

"network" is either an IP, IP/Netmask or IP/Netmask_Bits where the connection originates; "protocol" defines the transport protocol; "dport" is the destination port on the current host; "sport" is the source port on the client.

Port can be port number, port name, port range. Protocol can be 'tcp', 'udp', 'icmp', 'all' or '_rpc_' (dport is then a RPC service name, e.g., ypbind).

Structure This might return, e.g., [

     // All requests from 80.44.11.22 to TCP port 22
	   $[ "network" : "80.44.11.22",   "protocol" : "tcp", "dport" : "22",  "sport" : ""   ],

     // All requests from network 80.44.11.0/24 to UDP port 53 originating on port 53
	   $[ "network" : "80.44.11.0/24", "protocol" : "udp", "dport" : "53",  "sport" : "53" ],

     // All requests from network 0/0 (everywhere) to TCP port 443
	   $[ "network" : "0/0",           "protocol" : "tcp", "dport" : "443", "sport" : ""   ],
 ]
Parameters:
zone
Return value:
of rules
Example

 GetListOfAcceptRules("EXT") -> $[]
See
IsValidNetwork()
local CreateRuleFromParams (map <string, string> params) -> string

Creates a string with one rule definition as described by the given params. All the trailing commas are removed

Parameters:
params
Return value:
rule definition
global AddNewAcceptRule (string zone, map <string, string> params) -> boolean

Adds a new accept-rule. Possible keys for parameters are "network", "protocol", "dport" and "sport". Needed are "network" and "protocol".

Parameters:
zone
params
Return value:
if successful
Example

 AddNewAcceptRule (
     "EXT",
     $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22",
         "options":"hitcount=3,blockseconds=60,recentname=ssh"]
 ) -> true
See
GetListOfAcceptRules() RemoveAcceptRule()
global RemoveAcceptRule (string zone, map <string, string> params) -> boolean

Removes a single expert firewall rule.

Parameters:
zone
params
Return value:
if successful
Example

 RemoveAcceptRule (
     "EXT",
     $["network":"192.168.0.1/255.255.240.0", "protocol":"tcp", "sport":"22"]
 ) -> true
See
GetListOfAcceptRules() for possible keys in map AddNewAcceptRule()
global DeleteRuleID (string zone, integer rule_id) -> boolean

Deletes Custom Rule defined by the ID of the rule. The ID is an order of list returned by GetListOfAcceptRules(). ID starts at number 0. Every time you delete some rule, the list is, of course, regenerated.

Parameters:
zone
rule_id
Return value:
if successful
Example

 	DeleteRuleID (0) -> true
See
GetListOfAcceptRules()