FW_RULE_PLACEMENT_UNKNOWNFW_RULE_PLACEMENT_BEFOREFW_RULE_PLACEMENT_AFTERFW_RULE_PLACEMENT_ORDERSTATE_DISABLEDSTATE_ENABLEDPROTOCOL_ANYPROTOCOL_IPV6PROTOCOL_ROUTINGPROTOCOL_NONEPROTOCOL_FRAGMENTPROTOCOL_DSTOPTSPROTOCOL_TCPPROTOCOL_UDPPROTOCOL_ICMPPROTOCOL_ICMPV6PROTOCOL_OSPFPROTOCOL_SCTPPROTOCOL_UNKNOWNFW_RULE_ACTION_UNKNOWNFW_RULE_ACTION_ACCEPTFW_RULE_ACTION_ACCEPT_DECISIVELYFW_RULE_ACTION_REJECTFW_RULE_ACTION_DROPFW_RULE_STATE_UNKNOWNFW_RULE_STATE_DISABLEDFW_RULE_STATE_ENABLEDFW_RULE_STATE_SCHEDULEDFW_RULE_STATE_INVALID
Gets the list of firewall rule lists on this device.
Creates a firewall rule list.
Deletes the specified firewall rule lists.
Deletes all firewall rule lists on this device.
Sets the description for the specified firewall rule lists.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rule lists.
Gets the firewall rules for the specified firewall rule lists.
Adds firewall rules to the specified firewall rule lists.
Note that the abilities to add more than one rule or,
especially, add partial rules and build them up introduce a
need for best practices: (1) introduce the rule or rules
initially disabled (using the states parameter) and enable
them (or set them as scheduled) as a whole when you have
them complete or (2) use transactions (see
System::Session::start_transaction) to avoid accidentally
putting partial rules or incomplete rule sets into place.
Removes firewall rules from the specified firewall rule lists.
Removes all firewall rules from the specified firewall rule lists.
Sets the state for the specified firewall rules.
You can add a rule as enabled or disabled initially, build
it up, then enable it. You can temporarily disable a rule
with no other effect on it, so that it can be enabled
easily later without having to rebuild it. You can use the
state of FW_RULE_STATE_SCHEDULED to enable scheduling for the
rule. See add_fw_rule for more information.
Gets the state for the specified firewall rules.
Sets the order (numerically) for the specified firewall rules.
Two rules can't have the same order, so one must manage
order carefully if using numeric order to arrange firewall
rules. See add_fw_rule for more information.
Gets the order (numerically) for the specified firewall rules.
Gets source address lists for the specified firewall rules.
Adds source address lists to the specified firewall rules.
Removes source address lists from the specified firewall rules.
Removes all source address lists from the specified firewall rules.
Gets (inlined) source addresses for the specified firewall rules.
Adds (inlined) source addresses to the specified firewall rules.
Removes (inlined) source addresses from the specified firewall rules.
Removes all (inlined) source addresses from the specified firewall rules.
Sets the description for the specified firewall rules' source addresses.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' source addresses.
Gets destination address lists for the specified firewall rules.
Adds destination address lists to the specified firewall rules.
Removes destination address lists from the specified firewall rules.
Removes all destination address lists from the specified firewall rules.
Gets (inlined) destination addresses for the specified firewall rules.
Adds (inlined) destination addresses to the specified firewall rules.
Removes (inlined) destination addresses from the specified firewall rules.
Removes all (inlined) destination addresses from the specified firewall rules.
Sets the description for the specified firewall rules' destination addresses.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' destination addresses.
Gets source port lists for the specified firewall rules.
Adds source port lists to the specified firewall rules.
Removes source port lists from the specified firewall rules.
Removes all source port lists from the specified firewall rules.
Gets (inlined) source ports for the specified firewall rules.
Adds (inlined) source ports to the specified firewall rules.
Removes (inlined) source ports from the specified firewall rules.
Removes all (inlined) source ports from the specified firewall rules.
Sets the description for the specified firewall rules' (inlined) source ports.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' (inlined) source ports.
Gets destination port lists for the specified firewall rules.
Adds destination port lists to the specified firewall rules.
Removes destination port lists from the specified firewall rules.
Removes all destination port lists from the specified firewall rules.
Gets (inlined) destination ports for the specified firewall rules.
Adds (inlined) destination ports to the specified firewall rules.
Removes (inlined) destination ports from the specified firewall rules.
Removes all (inlined) destination ports from the specified firewall rules.
Sets the description for the specified firewall rules' (inlined) destination ports.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' (inlined) destination ports.
Gets (inlined) ICMP type/code values for the specified firewall rules.
A value of 255 for either ICMP type or code is a wildcard value.
Adds (inlined) ICMP type/code values to the specified firewall rules.
Removes (inlined) ICMP type/code values from the specified firewall rules.
Removes all (inlined) ICMP type/code values from the specified firewall rules.
Sets the description for the specified firewall rules' (inlined) ICMP type/code values.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' (inlined) ICMP type/code values.
Gets source VLANs for the specified firewall rules.
Adds source VLANs to the specified firewall rules.
Removes source VLANs from the specified firewall rules.
Removes all source VLANs from the specified firewall rules.
Sets a weekly schedule for the specified firewall rules.
See Security::FirewallWeeklySchedule for how to create and
manipulate weekly schedules.
Gets a weekly schedule for the specified firewall rules.
Sets the (IP) protocol for the specified firewall rules.
Note: if the protocol is not one of the supported standard
protocols, use set_fw_rule_protocol_numeric.
Gets the (IP) protocol for the specified firewall rules.
Sets the IP protocol (numerically) for the specified firewall rules.
Gets the IP protocol (numerically) for the specified firewall rules.
Sets the action for the specified firewall rules.
Gets the action for the specified firewall rules.
Sets the rule list for the specified firewall rules.
If a list is specified then the system will validate that
no other properties were specified in the current
transaction, and will clear all other match criteria fields
(src, dst, ip protocol, et cetera).
The empty string means no rule list.
Note: this method is reserved for future use, and the
functionality (rule list on firewall rule list rules) is
unsupported by the system.
Gets the rule list for the specified firewall rules.
Note: this method is reserved for future use, and the
functionality (rule list on firewall rule list rules) is
unsupported by the system.
Sets the description for the specified firewall rules.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules.
Sets the logging property for the specified firewall rules.
Specifies whether the security software should write a log entry
for all packets that match this rule. You must also enable network
filter logging in the "security log profile" component for this
option to have any effect. Note that the security software always
increments the statistics counter when a packet matches a rule,
no matter how you set this option.
Gets the logging property for the specified firewall rules.
Gets the version information for this interface.
Gets the list of firewall rule lists on this device.
Creates a firewall rule list.
Deletes the specified firewall rule lists.
Deletes all firewall rule lists on this device.
Sets the description for the specified firewall rule lists.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rule lists.
Gets the firewall rules for the specified firewall rule lists.
Adds firewall rules to the specified firewall rule lists.
Note that the abilities to add more than one rule or,
especially, add partial rules and build them up introduce a
need for best practices: (1) introduce the rule or rules
initially disabled (using the states parameter) and enable
them (or set them as scheduled) as a whole when you have
them complete or (2) use transactions (see
System::Session::start_transaction) to avoid accidentally
putting partial rules or incomplete rule sets into place.
Removes firewall rules from the specified firewall rule lists.
Removes all firewall rules from the specified firewall rule lists.
Sets the state for the specified firewall rules.
You can add a rule as enabled or disabled initially, build
it up, then enable it. You can temporarily disable a rule
with no other effect on it, so that it can be enabled
easily later without having to rebuild it. You can use the
state of FW_RULE_STATE_SCHEDULED to enable scheduling for the
rule. See add_fw_rule for more information.
Gets the state for the specified firewall rules.
Sets the order (numerically) for the specified firewall rules.
Two rules can't have the same order, so one must manage
order carefully if using numeric order to arrange firewall
rules. See add_fw_rule for more information.
Gets the order (numerically) for the specified firewall rules.
Gets source address lists for the specified firewall rules.
Adds source address lists to the specified firewall rules.
Removes source address lists from the specified firewall rules.
Removes all source address lists from the specified firewall rules.
Gets (inlined) source addresses for the specified firewall rules.
Adds (inlined) source addresses to the specified firewall rules.
Removes (inlined) source addresses from the specified firewall rules.
Removes all (inlined) source addresses from the specified firewall rules.
Sets the description for the specified firewall rules' source addresses.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' source addresses.
Gets destination address lists for the specified firewall rules.
Adds destination address lists to the specified firewall rules.
Removes destination address lists from the specified firewall rules.
Removes all destination address lists from the specified firewall rules.
Gets (inlined) destination addresses for the specified firewall rules.
Adds (inlined) destination addresses to the specified firewall rules.
Removes (inlined) destination addresses from the specified firewall rules.
Removes all (inlined) destination addresses from the specified firewall rules.
Sets the description for the specified firewall rules' destination addresses.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' destination addresses.
Gets source port lists for the specified firewall rules.
Adds source port lists to the specified firewall rules.
Removes source port lists from the specified firewall rules.
Removes all source port lists from the specified firewall rules.
Gets (inlined) source ports for the specified firewall rules.
Adds (inlined) source ports to the specified firewall rules.
Removes (inlined) source ports from the specified firewall rules.
Removes all (inlined) source ports from the specified firewall rules.
Sets the description for the specified firewall rules' (inlined) source ports.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' (inlined) source ports.
Gets destination port lists for the specified firewall rules.
Adds destination port lists to the specified firewall rules.
Removes destination port lists from the specified firewall rules.
Removes all destination port lists from the specified firewall rules.
Gets (inlined) destination ports for the specified firewall rules.
Adds (inlined) destination ports to the specified firewall rules.
Removes (inlined) destination ports from the specified firewall rules.
Removes all (inlined) destination ports from the specified firewall rules.
Sets the description for the specified firewall rules' (inlined) destination ports.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' (inlined) destination ports.
Gets (inlined) ICMP type/code values for the specified firewall rules.
A value of 255 for either ICMP type or code is a wildcard value.
Adds (inlined) ICMP type/code values to the specified firewall rules.
Removes (inlined) ICMP type/code values from the specified firewall rules.
Removes all (inlined) ICMP type/code values from the specified firewall rules.
Sets the description for the specified firewall rules' (inlined) ICMP type/code values.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules' (inlined) ICMP type/code values.
Gets source VLANs for the specified firewall rules.
Adds source VLANs to the specified firewall rules.
Removes source VLANs from the specified firewall rules.
Removes all source VLANs from the specified firewall rules.
Sets a weekly schedule for the specified firewall rules.
See Security::FirewallWeeklySchedule for how to create and
manipulate weekly schedules.
Gets a weekly schedule for the specified firewall rules.
Sets the (IP) protocol for the specified firewall rules.
Note: if the protocol is not one of the supported standard
protocols, use set_fw_rule_protocol_numeric.
Gets the (IP) protocol for the specified firewall rules.
Sets the IP protocol (numerically) for the specified firewall rules.
Gets the IP protocol (numerically) for the specified firewall rules.
Sets the action for the specified firewall rules.
Gets the action for the specified firewall rules.
Sets the rule list for the specified firewall rules.
If a list is specified then the system will validate that
no other properties were specified in the current
transaction, and will clear all other match criteria fields
(src, dst, ip protocol, et cetera).
The empty string means no rule list.
Note: this method is reserved for future use, and the
functionality (rule list on firewall rule list rules) is
unsupported by the system.
Gets the rule list for the specified firewall rules.
Note: this method is reserved for future use, and the
functionality (rule list on firewall rule list rules) is
unsupported by the system.
Sets the description for the specified firewall rules.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for the specified firewall rules.
Sets the logging property for the specified firewall rules.
Specifies whether the security software should write a log entry
for all packets that match this rule. You must also enable network
filter logging in the "security log profile" component for this
option to have any effect. Note that the security software always
increments the statistics counter when a packet matches a rule,
no matter how you set this option.
Gets the logging property for the specified firewall rules.
Gets the version information for this interface.
The FirewallRuleList interface enables you to create and modify
named collections of firewall rules. You can attach a rule list
to rules for other objects, like virtual servers and self IPs.
Note that the source and destination addresses in the firewall
methods (get_fw_rule and so on) are type Common::NetAddress, a
type which allows one to specify a prefix length after the
address, e.g., "10.1.1.0/24".