File: policy_zone_syntax.xml

package info (click to toggle)
firewalld 2.4.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 28,900 kB
  • sloc: sh: 242,081; python: 29,155; xml: 13,238; makefile: 929
file content (48 lines) | stat: -rw-r--r-- 4,458 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
<?xml version="1.0" encoding="utf-8"?>

<!--
  SPDX-License-Identifier: GPL-2.0-or-later

  This file is part of firewalld.

  Copyright (C) 2020 Red Hat, Inc.

  Authors:
  Eric Garver <eric@garver.life>
-->

    [ &lt;short&gt;<replaceable>short description</replaceable>&lt;/short&gt; ]
    [ &lt;description&gt;<replaceable>description</replaceable>&lt;/description&gt; ]
    [ &lt;service name="<replaceable>string</replaceable>"/&gt; ]
    [ &lt;port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/&gt; ]
    [ &lt;protocol value="<replaceable>protocol</replaceable>"/&gt; ]
    [ &lt;icmp-block name="<replaceable>string</replaceable>"/&gt; ]
    [ &lt;masquerade/&gt; ]
    [ &lt;forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>IP address</replaceable>"]/&gt; ]
    [ &lt;source-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/&gt; ]
    [
        &lt;rule [family="<literal>ipv4</literal>|<literal>ipv6</literal>"] [priority="<replaceable>priority</replaceable>"]&gt;
            [ &lt;source address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]"|mac="<replaceable>MAC</replaceable>"|ipset="<replaceable>ipset</replaceable>" [invert="<replaceable>True</replaceable>"]/&gt; ]
            [ &lt;destination address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]"|ipset="<replaceable>ipset</replaceable>" [invert="<replaceable>True</replaceable>"]/&gt; ]
            [
                &lt;service name="<replaceable>string</replaceable>"/&gt; |
                &lt;port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/&gt; |
                &lt;protocol value="<replaceable>protocol</replaceable>"/&gt; |
                &lt;icmp-block name="<replaceable>icmptype</replaceable>"/&gt; |
                &lt;icmp-type name="<replaceable>icmptype</replaceable>"/&gt; |
                &lt;masquerade/&gt; |
                &lt;forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>address</replaceable>"]/&gt;
            ]
            [
                &lt;log [prefix="<replaceable>prefix text</replaceable>"] [level="<literal>emerg</literal>|<literal>alert</literal>|<literal>crit</literal>|<literal>err</literal>|<literal>warn</literal>|<literal>notice</literal>|<literal>info</literal>|<literal>debug</literal>"]&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/log&gt; |
                &lt;nflog [group="<replaceable>group id</replaceable>"] [prefix="<replaceable>prefix text</replaceable>"] [queue-size="<replaceable>threshold</replaceable>"]&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/nflog&gt;
            ]
            [ &lt;audit&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/audit&gt; ]
            [
                &lt;accept&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/accept&gt; |
                &lt;reject [type="<replaceable>rejecttype</replaceable>"]&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/reject&gt; |
                &lt;drop&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/drop&gt; |
                &lt;mark set="<replaceable>mark</replaceable>[/<replaceable>mask</replaceable>]"&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/mark&gt;
            ]
        &lt;/rule&gt;
    ]