Firewall policy group provides a front-end to configure Firewall Rules on device using iptables.
More...
|
| mdm_data_t * | mdm_get_iptables_allow_rules (void) |
| | API to get "allow rules". More...
|
| |
| mdm_data_t * | mdm_get_iptables_deny_rules (void) |
| | API to get "deny rules". More...
|
| |
| mdm_data_t * | mdm_get_iptables_proxy_rules (void) |
| | API to get "proxy rules". More...
|
| |
| mdm_data_t * | mdm_get_iptables_reroute_rules (void) |
| | API to get "reroute rules". More...
|
| |
| mdm_data_t * | mdm_get_iptables_rules (void) |
| | API to get all "allow", "deny", "reroute", and "redirect exceptions" rules. More...
|
| |
| mdm_result_t | mdm_add_iptables_allow_rules (void *p_ruleslist) |
| | API to add "allow rules" in iptables. More...
|
| |
| mdm_result_t | mdm_add_iptables_deny_rules (void *p_ruleslist) |
| | API to add "deny rules" in iptables. More...
|
| |
| mdm_result_t | mdm_add_iptables_reroute_rules (void *p_ruleslist) |
| | API to add "reroute rules" in iptables. More...
|
| |
| mdm_result_t | mdm_clean_iptables_allow_rules (void) |
| | API to clean "allow rules" in iptables. More...
|
| |
| mdm_result_t | mdm_clean_iptables_deny_rules (void) |
| | API to clean "deny rules" in iptables. More...
|
| |
| mdm_result_t | mdm_clean_iptables_proxy_rules (void) |
| | API to clean "proxy rules" in iptables. More...
|
| |
| mdm_result_t | mdm_clean_iptables_reroute_rules (void) |
| | API to clean "reroute rules" in iptables. More...
|
| |
| mdm_result_t | mdm_get_allow_iptables_option (int *p_value) |
| | API to query whether "allow", "deny", and "reroute" rules are enabled or not. More...
|
| |
| mdm_result_t | mdm_get_allow_iptables_proxy_option (int *p_value) |
| | API to query whether "proxy" rules are enabled or not. More...
|
| |
| mdm_result_t | mdm_remove_iptables_allow_rules (void *p_ruleslist) |
| | API to remove "allow rules" from iptables. More...
|
| |
| mdm_result_t | mdm_remove_iptables_deny_rules (void *p_ruleslist) |
| | API to remove "deny rules" from iptables. More...
|
| |
| mdm_result_t | mdm_remove_iptables_reroute_rules (void *p_ruleslist) |
| | API to remove "reroute rules" from iptables. More...
|
| |
| mdm_result_t | mdm_remove_iptables_rules (void) |
| | API to remove "allow", "deny", and "reroute" from iptables. More...
|
| |
| mdm_result_t | mdm_set_iptables_allow_rules (void *p_ruleslist) |
| | API to set "allow rules" to iptables. More...
|
| |
| mdm_result_t | mdm_set_iptables_deny_rules (void *p_ruleslist) |
| | API to set "deny rules" to iptables. More...
|
| |
| mdm_result_t | mdm_set_allow_iptables_option (mdm_status_t status) |
| | API to enable or disable all "allow", "deny", "reroute", and "redirect exceptions" rules on iptables. More...
|
| |
| mdm_result_t | mdm_set_allow_iptables_proxy_option (mdm_status_t status) |
| | API to enable or disable "proxy rule" on iptables. More...
|
| |
| mdm_result_t | mdm_set_iptables_proxy_rules (char *ip, char *port) |
| | API to set a "proxy rule" on iptables. This API is used to setup a transparent HTTP proxy by defining an IP and port of the target proxy server. More...
|
| |
| mdm_result_t | mdm_set_iptables_reroute_rules (void *p_ruleslist) |
| | API to set "reroute rules" on iptables. More...
|
| |
Firewall policy group provides a front-end to configure Firewall Rules on device using iptables.
Firewall policy group.
Required Header
#include <mdm.h>
Overview
This API provides a front-end to configure Firewall Rules on device using iptables. Be careful when using rules with hostnames as iptables uses a DNS to translate hostnames to IP addresses. When using this type of rules make sure that you did not block the DNS Server port or DNS Server IP and that you have an internet connection available. If DNS is blocked (internet connection is not available) Firewall will enqueue rules with hostname and apply them when a valid DNS connection is verified. Firewall resolves hostnames when the device is powered up and when rules are applied. Be aware that during this interval hostname's IP address are subject to change. Firewall Policy can conflict with others features that uses iptables breaking firewall functionality. Tethering, Cisco AnyConnect App, Data Usage (feature available on settings menu of device), and B2C Firewall (feature available on settings menu of some Samsung devices) are known to conflict with Firewall Policy. Do not use Firewall Policy together with this features. Firewall must be used with Tethering disabled.
-Firewall Definitions: Local Port - It is the device's port. Example: To block the device's port 21 (FTP) to receive connections you must block "Local Port" 21. Remote Port - It is the server's port. Example: To block the device to connect to port 80 (HTTP) of a server you must block "Remote Port" 80. Wildcard - is a character that represents of all possible values for a parameter. Example: To block all ports for IP 1.2.3.4 you must specify * as the port parameter and 1.2.3.4 as the IP parameter.
-Firewall Rules Types: Allow Rules - Are firewall rules that allows the device to send traffic to or receive traffic from an specific network location, according to the rule created (that can be specified by IP, port, hostname, domain, port range, etc). Deny Rules - Are firewall rules that blocks the device to send traffic to or receive traffic from an specific network location, according to the rule created (that can be specified by IP, port, hostname, domain, port range, etc). Reroute Rules - Are firewall rules used to redirect traffic destined to a target to another destination, for instance, a proxy server.
- Redirect Exceptions Rules - Are firewall rules used to avoid traffic to be redirected. Use case example 1: Administrator sets up a HTTP proxy but he desires that some IP addresses of the intranet not be redirected to the proxy. He can use redirect exceptions rules to sets up IPs that shouldn't be redirected to the proxy. Use case example 2: Administrator sets up a reroute rule to redirect all native browser traffic to a proxy but he desires that some IPs of the intranet don't be redirect. He can use redirect exceptions rules to sets up IPs that shouldn't be redirect to the proxy. Basic Rules - Are the set of all "allow Rules", "deny rules", "reroute rules", and "redirect exceptions rules". Proxy Rule - It is a firewall rule used to setup a transparent HTTP proxy. All traffic to TCP port 80 is redirected to the proxy set. NOTE: When using set* or add* APIs the rules are not immediately applied to iptables (if they are disabled), but only stored in a database. To enable or disable firewall rules you must use setIptablesOption(boolean) for "Basic Rules" or setIptablesProxyOption(boolean) for "Proxy Rule". Once successfully enabled firewall rules will be applied to iptables. If all "Basic Rules" were removed or cleaned they will be automatically disabled. If "Proxy Rule" was cleaned it will be automatically disabled.
-Multi Admin Scenario: When used with Multi Admin, Firewall will behave as follows:
- Each Admin can add his set of Firewall rules.
- The rules activated are the set of rules that the last admin enabled.
- When an Admin enables his set of rules, the rules previously enabled by any other admin will be overwritten.
- When an Admin disables his set of rules, the rules previously enabled by other admin will be re-enabled.
-Example: Admin 1 enables his set of rules (Admin 1 rules set are active). Admin 2 enables his set of rules (Admin 2 rules set are active). Admin 3 enables his set of rules (Admin 3 rules set are active). Admin 2 disables his set of rules (Admin 3 rules set are active). Admin 3 disables his set of rules (Admin 1 rules set are active). Admin 1 disables his set of rules (No rules active).
-NOTE: "Basic rules" and "Proxy Rule" behave separately because they have different APIs for enable or disable. "Basic rules" use setIptablesOption(boolean) and "Proxy Rules" uses setIptablesProxyOption(boolean).
-Example: Admin 1 enables "Basic Rules" (Admin 1 "Basic rules" set are active, no "Proxy rule" active). Admin 2 enables "Proxy Rule" (Admin 1 "Basic rules" set are active, Admin 2 "Proxy rule" is active). Admin 3 enables "Basic Rules" (Admin 3 "Basic rules" set are active, Admin 2 "Proxy rule" is active). Admin 1 enables "Proxy Rules" (Admin 3 "Basic rules" set are active, Admin 1 "Proxy rule" is active). Admin 3 disables "Basic Rules" (Admin 1 "Basic rules" set are active, Admin 1 "Proxy rule" is active). Admin 1 disables "Proxy Rules" (Admin 1 "Basic rules" set are active, Admin 2 "Proxy rule" is active). Admin 2 disables "Proxy Rules" (Admin 1 "Basic rules" set are active, no "Proxy rule" active). Admin 1 disables "Basic Rules" (No "Basic rules" active, no "Proxy rule" active).
| mdm_result_t mdm_add_iptables_allow_rules |
( |
void * |
p_ruleslist | ) |
|
API to add "allow rules" in iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can add "allow rules" on iptables. "Allow rules" have precedence over deny rules.
GList *lp_List = NULL;
lp_List = g_list_append(lp_List, g_strdup("1.2.3.4:*;*"));
lp_List = g_list_append(lp_List, g_strdup("*:80;remote"));
lp_List = g_list_append(lp_List, g_strdup("*:80;local"));
} else {
}
g_list_foreach((GList *)lp_List, (GFunc)g_free, NULL);
g_list_free((GList *)lp_List);
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | p_ruleslist | Each node in the list must be in one of the following formats: (In this function, we only add one node each time) "hostname:port;portLocation" or "hostname:port;portLocation;networkInterface" hostname - IP address, IP range (e.g. 100.0.0.0-100.0.0.10) and domain name are valid entries for hostname parameter. port - Port number, port range (e.g. 8080-8085) are valid entries for port parameter. portLocation - Specify if this rule must be applied to remote and, or local port(s); "local" and "remote" strings are valid entries for portLocation parameter. networkInterface: must only be "wifi", "data", or "*", all other values are invalid "*" can be used as a wildcard for the parameters (see example above). |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_allow_rules
| mdm_result_t mdm_add_iptables_deny_rules |
( |
void * |
p_ruleslist | ) |
|
API to add "deny rules" in iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can add "deny rules" on iptables. "Allow rules" have precedence over deny rules
GList *lp_List = NULL;
lp_List = g_list_append(lp_List, g_strdup("1.2.3.4:*;*"));
lp_List = g_list_append(lp_List, g_strdup("10.0.0.0-10.0.0.10:*;*"))
lp_List = g_list_append(lp_List, g_strdup("*:80;remote"));
lp_List = g_list_append(lp_List, g_strdup("*:80;local"));
} else {
}
g_list_foreach((GList *)lp_List, (GFunc)g_free, NULL);
g_list_free((GList *)lp_List);
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | p_ruleslist | Each node in the list must be in one of the following formats: (In this function now, we only add one node each time) "hostname:port;portLocation" "hostname:port;portLocation;nativebrowser;networkInterface" hostname - IP address, IP range (e.g. 100.0.0.0-100.0.0.10) and domain name are valid entries for hostname parameter. port - Port number, port range (e.g. 8080-8085) are valid entries for port parameter. portLocation - Specify if this rule must be applied to remote and, or local port(s) "local" and "remote" strings are valid for portLocation parameter "*" can be used as a wildcard for the parameters (see the example above). |
- Returns
- MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_deny_rules
| mdm_result_t mdm_add_iptables_reroute_rules |
( |
void * |
p_ruleslist | ) |
|
API to add "reroute rules" in iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can add "reroute rules" on iptables. "Reroute rules" have precedence over "proxy rule".
GList *lp_List = NULL;
lp_List = g_list_append(lp_List, g_strdup("1.2.3.4:*;1.1.1.1:80"));
} else {
}
g_list_foreach((GList *)lp_List, (GFunc)g_free, NULL);
g_list_free((GList *)lp_List);
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | p_ruleslist | Each node in the list must be in one of the following formats: "hostTarget:portTarget;ipProxy:portProxy" hostTarget - IP address, IP range (e.g. 100.0.0.0-100.0.0.10) and Domain Name are valid entries for hostTarget parameter. portTarget - Port number, port range (e.g. 8080-8085) are valid entries for portTarget parameter. ipProxy - IP Address is a valid entry for IP parameter. portProxy - Port Number is a valid entry for portProxy parameter. "*" can be used as a wildcard for hostTarget and portTarget . ipProxy and portProxy do not support "*" wildcard (see the example above). |
- Returns
- MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_reroute_rules
API to clean "allow rules" in iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can clean all "allow rules" from iptables.
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_allow_rules, mdm_add_iptables_allow_rules
API to clean "deny rules" in iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can clean all "deny rules" from iptables.
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_deny_rules, mdm_add_iptables_deny_rules
API to clean "proxy rules" in iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can clean all "proxy rules" from iptables.
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_proxy_rules
API to clean "reroute rules" in iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can clean all "reroute rules" from iptables.
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_reroute_rules
API to query whether "allow", "deny", and "reroute" rules are enabled or not.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can query whether "allow", "deny," and "reroute" rules are enabled or not
int value = 0;
} else {
printf("%d", value);
}
- Parameters
-
| [out] | p_value | iptables_option |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- See also
- mdm_set_allow_iptables_option
| mdm_result_t mdm_get_allow_iptables_proxy_option |
( |
int * |
p_value | ) |
|
API to query whether "proxy" rules are enabled or not.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can query whether "proxy" rules are enabled or not
int value = 0;
} else {
printf("%d", value);
}
- Parameters
-
| [out] | p_value | iptables_option |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- See also
- mdm_set_allow_iptables_proxy_option
API to get "allow rules".
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can get the "allow rules".
if (lp_data) {
GList *lp_list = (GList *)lp_data->
data;
if (lp_list) {
lp_list = g_list_first(lp_list);
while (lp_list && lp_list->data) {
printf ("%s", (char *) lp_list->data);
lp_list = g_list_next(lp_list);
}
}
}
- Returns
- mdm_data_t * on success, NULL on error
- See also
- mdm_set_iptables_allow_rules
API to get "deny rules".
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can get the "deny rules".
if (lp_data) {
GList *lp_list = (GList *)lp_data->
data;
if (lp_list) {
lp_list = g_list_first(lp_list);
while (lp_list && lp_list->data) {
printf ("%s", (char *) lp_list->data);
lp_list = g_list_next(lp_list);
}
}
}
- Returns
- mdm_data_t * on success, NULL on error
- See also
- mdm_set_iptables_deny_rules
API to get "proxy rules".
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can get the "proxy rules".
if (lp_data) {
GList *lp_list = (GList *)lp_data->
data;
if (lp_list) {
lp_list = g_list_first(lp_list);
while (lp_list && lp_list->data) {
printf ("%s", (char *) lp_list->data);
lp_list = g_list_next(lp_list);
}
}
}
- Returns
- mdm_data_t * on success, NULL on error
- See also
- mdm_set_iptables_proxy_rules
| mdm_data_t* mdm_get_iptables_reroute_rules |
( |
void |
| ) |
|
API to get "reroute rules".
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can get the "reroute rules".
if (lp_data) {
GList *lp_list = (GList *)lp_data->
data;
if (lp_list) {
lp_list = g_list_first(lp_list);
while (lp_list && lp_list->data) {
printf ("%s", (char *) lp_list->data);
lp_list = g_list_next(lp_list);
}
}
}
- Returns
- mdm_data_t * on success, NULL on error
- See also
- mdm_set_iptables_reroute_rules
API to get all "allow", "deny", "reroute", and "redirect exceptions" rules.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can get all "allow", "deny", "reroute", and "redirect exceptions" rules.
if (lp_data) {
GList *lp_list = (GList *)lp_data->
data;
if (lp_list) {
lp_list = g_list_first(lp_list);
while (lp_list && lp_list->data) {
printf ("%s", (char *) lp_list->data);
lp_list = g_list_next(lp_list);
}
}
}
- Returns
- mdm_data_t * on success, NULL on error
- See also
- mdm_get_iptables_allow_rules, mdm_get_iptables_deny_rules, mdm_get_iptables_proxy_rules, mdm_get_iptables_reroute_rules
| mdm_result_t mdm_remove_iptables_allow_rules |
( |
void * |
p_ruleslist | ) |
|
API to remove "allow rules" from iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can remove "allow rules" from iptables. Be sure to use the same parameters when setting or adding the rule to be removed.
GList *lp_List = NULL;
lp_List = g_list_append(lp_List, g_strdup("1.2.3.4:*;*"));
lp_List = g_list_append(lp_List, g_strdup("*:80;remote"));
lp_List = g_list_append(lp_List, g_strdup("*:80;local"));
} else {
}
g_list_foreach((GList *)lp_List, (GFunc)g_free, NULL);
g_list_free((GList *)lp_List);
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | p_ruleslist | Each node in the list must be in one of the following formats: "hostname:port;portLocation" or "hostname:port;portLocation;networkInterface" hostname - IP address, IP range (e.g. 100.0.0.0-100.0.0.10) and domain name are valid entries for hostname parameter. port - Port number, port range (e.g. 8080-8085) are valid entries for port parameter. portLocation - Specify if this rule must be applied to remote and, or local port(s); "local" and "remote" strings are valid for portLocation parameter. networkInterface: must only be "wifi", "data", or "*", all other values are invalid "*" can be used as a wildcard for the parameters (see the example above). |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_add_iptables_allow_rules
| mdm_result_t mdm_remove_iptables_deny_rules |
( |
void * |
p_ruleslist | ) |
|
API to remove "deny rules" from iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can remove "deny rules" from iptables. Be sure to use the same parameters when setting or adding the rule to be removed.
GList *lp_List = NULL;
lp_List = g_list_append(lp_List, g_strdup("1.2.3.4:*;*"));
lp_List = g_list_append(lp_List, g_strdup("10.0.0.0-10.0.0.10:*;*"))
lp_List = g_list_append(lp_List, g_strdup("*:80;remote"));
lp_List = g_list_append(lp_List, g_strdup("*:80;local"));
} else {
}
g_list_foreach((GList *)lp_List, (GFunc)g_free, NULL);
g_list_free((GList *)lp_List);
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | p_ruleslist | Each node in the list must be in one of the following formats: "hostname:port;portLocation" or "hostname:port;portLocation;networkInterface" hostname - IP address, IP range (e.g. 100.0.0.0-100.0.0.10) and domain name are valid entries for hostname parameter. port - Port number, port range (e.g. 8080-8085) are valid entries for port parameter. portLocation - Specify if this rule must be applied to remote and, or local port(s); "local" and "remote" strings are valid for portLocation parameter. networkInterface: must only be "wifi", "data", or "*", all other values are invalid "*" can be used as a wildcard for the parameters (see the example above). |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_add_iptables_deny_rules
| mdm_result_t mdm_remove_iptables_reroute_rules |
( |
void * |
p_ruleslist | ) |
|
API to remove "reroute rules" from iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can remove "reroute rules" from iptables. Be sure to use the same parameters when setting or adding the rule to be removed.
GList *lp_List = NULL;
lp_List = g_list_append(lp_List, g_strdup("1.2.3.4:*;1.1.1.1:80"));
} else {
}
g_list_foreach((GList *)lp_List, (GFunc)g_free, NULL);
g_list_free((GList *)lp_List);
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | p_ruleslist | Each node in the list must be in one of the following formats: "hostname:port;portLocation" or "hostname:port;portLocation;networkInterface" hostname - IP address, IP range (e.g. 100.0.0.0-100.0.0.10) and domain name are valid entries for hostname parameter. port - Port number, port range (e.g. 8080-8085) are valid entries for port parameter. portLocation - Specify if this rule must be applied to remote and, or local port(s); "local" and "remote" strings are valid for portLocation parameter. networkInterface: must only be "wifi", "data", or "*", all other values are invalid "*" can be used as a wildcard for the parameters (see the example above). |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_add_iptables_reroute_rules
API to remove "allow", "deny", and "reroute" from iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can remove "allow", "deny", and "reroute" from iptables. Be sure to use the same parameters when setting or adding the rule to be removed.
int value = 0;
} else {
}
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_rules
API to enable or disable all "allow", "deny", "reroute", and "redirect exceptions" rules on iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can enable or disable all "allow", "deny", "reroute", and "redirect exceptions" rules on iptables
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_allow_iptables_option
API to enable or disable "proxy rule" on iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can enable or disable "proxy rule" on iptables
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_allow_iptables_proxy_option
| mdm_result_t mdm_set_iptables_allow_rules |
( |
void * |
p_ruleslist | ) |
|
API to set "allow rules" to iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can set "allow rules" to iptables. This API overwrites the "allow rules" previously added or set. "Allow rules" have precedence over "deny rules".
GList *lp_List = NULL;
lp_List = g_list_append(lp_List, g_strdup("1.2.3.4:*;*"));
lp_List = g_list_append(lp_List, g_strdup("10.0.0.0-10.0.0.10:*;*"))
lp_List = g_list_append(lp_List, g_strdup("*:80;remote"));
lp_List = g_list_append(lp_List, g_strdup("*:80;local"));
} else {
}
g_list_foreach((GList *)lp_List, (GFunc)g_free, NULL);
g_list_free((GList *)lp_List);
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | p_ruleslist | Each node in the list must be in one of the following formats: (In this function now, we only add one node each time) "hostname:port;portLocation" or "hostname:port;portLocation;networkInterface" hostname - IP address, IP range (e.g. 100.0.0.0-100.0.0.10) and domain name are valid entries for hostname parameter. port - Port number, port range (e.g. 8080-8085) are valid entries for port parameter. portLocation - Specify if this rule must be applied to remote and, or local port(s); "local" and "remote" strings are valid for portLocation parameter. networkInterface: must only be "wifi", "data", or "*", all other values are invalid "*" can be used as a wildcard for the parameters (see the example above). |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_allow_rules
| mdm_result_t mdm_set_iptables_deny_rules |
( |
void * |
p_ruleslist | ) |
|
API to set "deny rules" to iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can set "deny rules" on iptables. This API overwrites the "deny rules" previously added or set. "Allow rules" have precedence over "deny rules".
GList *lp_List = NULL;
lp_List = g_list_append(lp_List, g_strdup("1.2.3.4:80;remote"));
} else {
}
g_list_foreach((GList *)lp_List, (GFunc)g_free, NULL);
g_list_free((GList *)lp_List);
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | p_ruleslist | Each node in the list must be in one of the following formats: (In this function now, we only add one node each time) "hostname:port;portLocation" or "hostname:port;portLocation;nativebrowser;networkInterface" hostname - IP address, IP range (e.g. 100.0.0.0-100.0.0.10) and domain name are valid entries for hostname parameter. port - Port number, port range (e.g. 8080-8085) are valid entries for port parameter. portLocation - Specify if this rule must be applied to remote and, or local port(s); "local" and "remote" strings are valid for portLocation parameter. networkInterface: must only be "wifi", "data", or "*", all other values are invalid "*" can be used as a wildcard for the parameters (see the example above). |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_deny_rules
| mdm_result_t mdm_set_iptables_proxy_rules |
( |
char * |
ip, |
|
|
char * |
port |
|
) |
| |
API to set a "proxy rule" on iptables. This API is used to setup a transparent HTTP proxy by defining an IP and port of the target proxy server.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can set a "proxy rule" on iptables. A "proxy rule" is a set of IP address:port to where all traffic originally targeted to TCP port 80 will be redirected to. This API overwrites the "proxy rule" previously set
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | ip | Ip address |
| [in] | port | Port number |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_proxy_rules
| mdm_result_t mdm_set_iptables_reroute_rules |
( |
void * |
p_ruleslist | ) |
|
API to set "reroute rules" on iptables.
- Since (Knox_wearable):
- 1.0.0
- Since (Tizen):
- 2.3.2.3
- Feature:
- http://developer.samsung.com/tizen/feature/mdm
- Usage:
- Admin can set "reroute rules" on iptables. This API overwrites the "reroute rules" previously set. "Reroute rules" have precedence over "proxy rules".
GList *lp_List = NULL;
lp_List = g_list_append(lp_List, g_strdup("1.2.3.4:*;1.1.1.1:80"));
} else {
}
g_list_foreach((GList *)lp_List, (GFunc)g_free, NULL);
g_list_free((GList *)lp_List);
- Privilege Level:
- public
- Privilege:
- http://developer.samsung.com/tizen/privilege/mdm.firewall
- Parameters
-
| [in] | p_ruleslist | Each node in the list must be in one of the following formats: "hostTarget:portTarget;ipProxy:portProxy" hostTarget - IP address, IP range (e.g. 100.0.0.0-100.0.0.10) and Domain Name are valid entries for hostTarget parameter. portTarget - Port number, port range (e.g. 8080-8085) are valid entries for portTarget parameter. ipProxy - IP Address is a valid entry for IP parameter. portProxy - Port Number is a valid entry for portProxy parameter. "*" can be used as a wildcard for hostTarget, portTarget. ipProxy and portProxy do not support "*" wildcard (see the example above). |
- Returns
- mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
- Return values
-
- Permission:
- Usage of this API is restricted to registered clients only.
- See also
- mdm_get_iptables_reroute_rules
