Class Firewall
Firewall base class.
Located in /api/Firewall.class.php (line 87)
Engine | --Software | --Daemon | --Firewall
| Class | Description |
|---|---|
| FirewallRedirect | Firewall redirect class. |
| FirewallMultiWan | Firewall MultiWAN support class. |
| FirewallForward | Firewall forward connections config. |
| FirewallLayer7Filter | Firewall l7-filter support class. |
| Bandwidth | Bandwidth manager |
| FirewallOutgoing | Firewall outgoing connections config. |
| FirewallIncoming | Firewall incoming connections config. |
| FirewallOneToOneNat | Firewall 1:1 NAT config. |
| FirewallDmz | Firewall DMZ connections config. |
| FirewallWifi | Firewall Wifi base class. |
Inherited Variables
Inherited from Daemon
Daemon::$initscript
Daemon::$package
Daemon::$processname
Daemon::$reloadable
Daemon::$title
Inherited from Software
Software::$copyright
Software::$description
Software::$installsize
Software::$installtime
Software::$packager
Software::$pkgname
Software::$release
Software::$summary
Software::$version
Inherited from Engine
Engine::$errors
Firewall constructor.
- Daemon::__construct()
- Daemon constructor.
- FirewallRedirect::__construct() : Firewall redirect constructor.
- FirewallMultiWan::__construct() : Class constructor.
- FirewallForward::__construct() : FirewallForward constructor.
- FirewallLayer7Filter::__construct() : FirewallLayer7Filter constructor.
- Bandwidth::__construct() : Bandwidth constructor.
- FirewallOutgoing::__construct() : Firewall constructor.
- FirewallIncoming::__construct() : FirewallIncoming constructor.
- FirewallOneToOneNat::__construct() : FirewallOneToOneNat constructor.
- FirewallDmz::__construct() : Firewall DMZ constructor.
- FirewallWifi::__construct() : FirewallWifi constructor.
Generic add for host, IP or network list.
- string $host: host domain name, IP, or network address
- string $key: key key for the list
Generic add MAC list.
- string $mac: mac MAC address
- string $key: key key for the list
Generic add for a protocol/port list.
- string $protocol: protocol the protocol - UDP/TCP
- string $port: port service name, port number
- string $key: key key for the list
- FirewallOneToOneNat::AddPort() : Adds a port only 1:1 NAT rule.
Generic add for a protocol/port-range list.
- string $protocol: protocol the protocol - UDP/TCP
- string $from: from from service name, port number
- string $to: to to service name, port number
- string $key: key key for the list
- FirewallOneToOneNat::AddPortRange() : Adds a port range 1:1 NAT rule.
Add firewall rule.
- object val $val: FirewallRule object to add
Generic add for a protocol/port list - specified by service name.
- string $service: service service name eg HTTP, FTP, SMTP
- string $key: key key for the list
Generic delete for a host/IP/network list.
- string $host: host host, IP or network
- $key
Generic delete for a MAC address.
- string $mac: mac MAC address
- $key
Generic delete for a protocol/port list.
- string $protocol: protocol the protocol - UDP/TCP
- string $port: port service name, port number
- $key
- FirewallOneToOneNat::DeletePort() : Delete an existing 1:1 NAT port rule.
Generic delete for a protocol/port-range list.
- string $protocol: protocol the protocol - UDP/TCP
- string $from: port service name, port number
- string $to: key key for the list
- $key
- FirewallOneToOneNat::DeletePortRange() : Delete an existing 1:1 NAT port range rule.
Delete firewall rule.
- object val $val: FirewallRule object to delete
Find firewall rule.
- object val $val: FirewallRule object to search for
Generic get list for a hosts or networks.
- string $key: key key for the list
Get network interface definition. The firewall needs to know which
interface performs which function. If you pass the interface role into this method, it will return the interface (eg eth0). The interface roles are defined as follows:
Firewall::CONSTANT_EXTERNAL Firewall::CONSTANT_LAN Firewall::CONSTANT_HOT_LAN Firewall::CONSTANT_DMZ
Example: GetInterfaceDefinition(Firewall::CONSTANT_LAN) returns eth1 in most cases -- since this is the default.
TODO: with multiple interfaces now allowed, we have to add a new method that will return a list. For now, just return the first interface found.
- string $role: role Interface role
Get network interface role. The firewall needs to know which
interface performs which function. If you pass the interface device into this method, it will return the interface's role. The interface roles are defined as follows:
Firewall::CONSTANT_EXTERNAL Firewall::CONSTANT_HOT_LAN Firewall::CONSTANT_LAN Firewall::CONSTANT_DMZ
Example: GetInterfaceRole("eth0") returns Firewall::CONSTANT_LAN in most cases -- since this is the default.
- string $device: device Interface name
Returns network interface role in text.
- string $device: interface name
Generic get list for MAC addresses.
- string $key: key key for the list
Returns the current firewall mode.
Generic get list for a protocol/port-range list.
The information is an array with the following hash array entries:
info[protocol] info[from] info[to]
- string $key: key key for the list
Generic get list for a protocol/port list.
The information is an array with the following hash array entries:
info[protocol] info[port] info[service] (FTP, HTTP, etc.)
- string $key: key key for the list
Get array of firewall rules.
Returns the pre-defined list of ports/and services.
Generic get state for a on/off key.
- string $key: key key for the list
- Bandwidth::GetState() : Returns the state of the bandwidth manager.
Generic get value for a key.
- string $key: key key for the list
Validation routine for IPs
- string $ip: ip IP address
Validation routine for MACs
- string $mac: mac MAC address
Validation routine for firewall mode.
- string $mode: mode Firewall mode
Validation routine for integer port address
- int $port: port Numeric port address
Validation routine for integer port range
- int $from: from Low port address
- int $to: to High port address
Validation routine for protocol (TCP, UDP, ALL)
- string $protocol: protocol Protocol (TCP, UDP, or ALL)
Validation routine for IPSec Server
- boolean $ipsecserver: ipsecserver IPSec server toggle setting (true/false)
Validation routine for service.
- string $service: service service eg HTTP
Returns the special name for a given host (eg ICQ servers).
- string $host: host
Returns the service defined by the given port/protocol.
- string $protocol: protocol
- int $port: port
Remove interface role. The interface is removed from any role variables if it has been previously assigned a role.
- string $device: device Interface name
Generic set state for a on/off key.
- string $interface: interface device name
- string $key: value of the key
Set network interface role. The interface is first removed from it's previous role (if any).
- string $device: device Interface name
- string $role: role Interface role
Generic set firewall mode.
- string $mode: mode Firewall mode
Set firewall rules from array.
- array $rules: rules Array of FirewallRule objects
Generic set state for a on/off key.
- boolean $state: state true or false
- string $key: key value of the key
Generic set for a miscelleanous value.
- string $value: value of the key
- string $key: key name
Inherited Methods
Inherited From Daemon
Daemon::__construct()
Daemon::GetBootState()
Daemon::GetProcessName()
Daemon::GetRunningState()
Daemon::GetTitle()
Daemon::Reset()
Daemon::Restart()
Daemon::SetBootState()
Daemon::SetRunningState()
Daemon::__destruct()
Inherited From Software
Software::__construct()
Software::GetCopyright()
Software::GetDescription()
Software::GetInstallSize()
Software::GetInstallTime()
Software::GetPackageName()
Software::GetPackager()
Software::GetRelease()
Software::GetRpmInfo()
Software::GetSummary()
Software::GetVersion()
Software::IsInstalled()
Software::__destruct()
Inherited From Engine
Engine::__construct()
Engine::AddValidationError()
Engine::CheckValidationErrors()
Engine::CopyValidationErrors()
Engine::GetValidationErrors()
Engine::Log()
Engine::__destruct()
CONSTANT_ALL_PORTS
= 0
(line 112)
CONSTANT_ALL_PROTOCOLS
= "ALL"
(line 113)
CONSTANT_AUTO
= 1
(line 103)
CONSTANT_DISABLED
= "disabled"
(line 97)
CONSTANT_DMZ
= "DMZIF"
(line 109)
CONSTANT_ENABLED
= "enabled"
(line 96)
CONSTANT_EXTERNAL
= "EXTIF"
(line 108)
CONSTANT_GATEWAY
= "gateway"
(line 104)
CONSTANT_HOT_LAN
= "HOTIF"
(line 111)
CONSTANT_LAN
= "LANIF"
(line 110)
CONSTANT_MULTIPATH
= "MULTIPATH"
(line 114)
CONSTANT_NORMAL
= "normal"
(line 100)
CONSTANT_NOT_CONFIGURED
= "notconfigured"
(line 95)
CONSTANT_OFF
= "off"
(line 99)
CONSTANT_ON
= "on"
(line 98)
CONSTANT_ONE_TO_ONE_NAT_START
= 200
(line 118)
CONSTANT_PORT_RANGE
= "portrange"
(line 102)
CONSTANT_PROTOCOL_TCP
= "TCP"
(line 116)
CONSTANT_PROTOCOL_UDP
= "UDP"
(line 115)
CONSTANT_SPECIAL
= "special"
(line 101)
CONSTANT_STANDALONE
= "standalone"
(line 105)
CONSTANT_TRUSTEDGATEWAY
= "trustedgateway"
(line 107)
CONSTANT_TRUSTEDSTANDALONE
= "trustedstandalone"
(line 106)
FILE_CONFIG
= "/etc/firewall"
(line 93)
FILE_CUSTOM_RULES
= "/etc/rc.d/rc.firewall.local"
(line 94)
Inherited Constants
Inherited from Daemon
Inherited from Software
Inherited from Engine
Documentation generated on Fri, 28 Aug 2009 20:32:05 -0400 by phpDocumentor 1.3.2
