global write_only -> boolean

Write only, used during autoinstallation. Don't run services and SuSEconfig, it's all done at one place.

global SuSEFirewall () -> void

Constructor

global Import (map s) -> boolean

Get all firewall settings from the first parameter (for use by autoinstallation).

Parameters:

s	data to be imported

Return value:

true on success

global Export () -> map

Dump the firewall settings to a single map (for use by autoinstallation).

Return value:

dumped settings (later acceptable by Import())

global Summary () -> list

Create a textual summary and a list of unconfigured cards

Return value:

summary of the current configuration

global Read () -> boolean

Fill the map of all firewall settings from the SCR

Return value:

true on success

global Write () -> boolean

Update the SCR from the map of all firewall settings

Return value:

true on success

global IsExtInterface (string interface) -> boolean

Is this interface external for firewall?

Parameters:

interface

the name of the interface

Return value:

true if it is an external interface

global IsIntInterface (string interface) -> boolean

Is this interface internal for firewall?

Parameters:

interface

the name of the interface

Return value:

true if it is an internal interface

global IsDmzInterface (string interface) -> boolean

Is this interface DMZ for firewall?

Parameters:

interface

the name of the interface

Return value:

true if it is a DMZ interface

local AddServiceToConfig (string set, string service) -> boolean

Add service into a given setting variable. Low-level manipulation.

Parameters:

set	the name of the sysconfig variable to be modified
service	the name of the service

Return value:

true on success

local RemoveServiceFromConfig (string set, string service) -> boolean

Remove service from a given setting variable. Low-level manipulation.

Parameters:

set	the name of the sysconfig variable to be modified
service	the name of the service

Return value:

true on success

global AddService (string service, string proto, string interface) -> boolean

Add service for a given interface and protocol into a firewall. Will not modify the list of configured interfaces in the firewall.

Parameters:

service	the name of the service
proto	UDP, TCP or IP
interface	the name of the interface, for example eth0, "all" for all interfaces, INT, EXT or DMZ for the respective zone

Return value:

true on success

global RemoveService (string service, string proto, string interface) -> boolean

Remove service for a given interface and protocol from a firewall. Will not modify the list of configured interfaces in the firewall.

Parameters:

service	the name of the service
proto	UDP, TCP or IP
interface	the name of the interface, for example eth0, "all" for all interfaces, INT, EXT or DMZ for the respective zone

Return value:

true on success

global HaveService (string service, string proto, string interface) -> boolean

Whether a service is allowed on the specified interface

Parameters:

service
proto	UDP, TCP or IP
interface	the name of the interface, for example eth0, "any" for any interface, INT, EXT or DMZ for the respective zone

Return value:

true if service is allowed

global MostInsecureInterface (list<string> interfaces) -> string

Get the interface with the smallest security

Parameters:

interfaces

list of interfaces

Return value:

in SuSEfirewall syntax - no, yes, dmz, ext

global IsIPsecAllowed () -> boolean

whether IPsec traffic is allowed and treated as internal @returns true if it is allowed, false if not and nil if unknown

global AllowIPsec (boolean yes) -> void

Allow or Disallow IPsec Traffic and treat it as internal

Parameters:

yes	true, false or nil for no change