# @ohos.enterprise.networkManager(网络管理) 本模块提供设备网络管理能力,包括查询设备IP地址、MAC地址信息等。 > **说明:** > > 本模块首批接口从API version 12开始支持。后续版本的新增接口,采用上角标单独标记接口的起始版本。 > > 本模块接口仅可在Stage模型下使用。 > > 本模块接口仅对[设备管理应用](../../mdm/mdm-kit-guide.md#功能介绍)开放,需将设备管理应用激活后调用,实现相应功能。 > ## 导入模块 ```ts import { networkManager } from '@kit.MDMKit'; ``` ## networkManager.getAllNetworkInterfacesSync getAllNetworkInterfacesSync(admin: Want): Array<string> 指定设备管理应用获取所有激活的网络接口。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ------ | ------------------------------------------------------- | ---- | -------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | **返回值:** | 类型 | 说明 | | ------------------- | ---------------------- | | Array<string> | 返回网络接口名称数组。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let result: Array = networkManager.getAllNetworkInterfacesSync(wantTemp); console.info(`Succeeded in getting all network interfaces, result : ${JSON.stringify(result)}`); } catch (err) { console.error(`Failed to get all network interfaces. Code: ${err.code}, message: ${err.message}`); } ``` ## networkManager.getIpAddressSync getIpAddressSync(admin: Want, networkInterface: string): string 指定设备管理应用根据网络接口获取设备IP地址。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ---------------- | ------------------------------------------------------- | ---- | -------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | | networkInterface | string | 是 | 指定网络接口。 | **返回值:** | 类型 | 说明 | | ------ | ---------------- | | string | 返回设备IP地址。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let result: string = networkManager.getIpAddressSync(wantTemp, 'eth0'); console.info(`Succeeded in getting ip address, result : ${result}`); } catch (err) { console.error(`Failed to get ip address. Code: ${err.code}, message: ${err.message}`); } ``` ## networkManager.getMacSync getMacSync(admin: Want, networkInterface: string): string 指定设备管理应用根据网络接口获取设备MAC地址。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ---------------- | ------------------------------------------------------- | ---- | -------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | | networkInterface | string | 是 | 指定网络接口。 | **返回值:** | 类型 | 说明 | | ------ | ----------------- | | string | 返回设备MAC地址。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let result: string = networkManager.getMacSync(wantTemp, 'eth0'); console.info(`Succeeded in getting mac, result : ${result}`); } catch (err) { console.error(`Failed to get mac. Code: ${err.code}, message: ${err.message}`); } ``` ## networkManager.isNetworkInterfaceDisabledSync isNetworkInterfaceDisabledSync(admin: Want, networkInterface: string): boolean 指定设备管理应用查询指定网络接口是否被禁用。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ---------------- | ------------------------------------------------------- | ---- | -------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | | networkInterface | string | 是 | 指定网络接口。 | **返回值:** | 类型 | 说明 | | ------- | ------------------------------------------------------------ | | boolean | 返回指定网络接口是否被禁用,true表示该网络接口被禁用,false表示该网络接口未被禁用。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let result: boolean = networkManager.isNetworkInterfaceDisabledSync(wantTemp, 'eth0'); console.info(`Succeeded in querying network interface is disabled or not, result : ${result}`); } catch (err) { console.error(`Failed to query network interface is disabled or not. Code: ${err.code}, message: ${err.message}`); } ``` ## networkManager.setNetworkInterfaceDisabledSync setNetworkInterfaceDisabledSync(admin: Want, networkInterface: string, isDisabled: boolean): void 指定设备管理应用禁止设备使用指定网络。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ---------------- | ------------------------------------------------------- | ---- | ------------------------------------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | | networkInterface | string | 是 | 指定网络接口。 | | isDisabled | boolean | 是 | true表示禁用该网络接口,false表示开启该网络接口。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; import { BusinessError } from '@kit.BasicServicesKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { networkManager.setNetworkInterfaceDisabledSync(wantTemp, 'eth0', true); console.info(`Succeeded in setting network interface disabled`); } catch (err) { console.error(`Failed to set network interface disabled. Code: ${err.code}, message: ${err.message}`); } ``` ## networkManager.setGlobalProxySync setGlobalProxySync(admin: Want, httpProxy: connection.HttpProxy): void 指定设备管理应用设置网络全局代理。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | --------- | ------------------------------------------------------------ | ---- | -------------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | | httpProxy | [connection.HttpProxy](../apis-network-kit/js-apis-net-connection.md#httpproxy10) | 是 | 网络全局Http代理配置信息。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; import { connection } from '@kit.NetworkKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; let exclusionStr: string = "192.168,baidu.com" let exclusionArray: Array = exclusionStr.split(','); let httpProxy: connection.HttpProxy = { host: "192.168.xx.xxx", port: 8080, exclusionList: exclusionArray }; try { networkManager.setGlobalProxySync(wantTemp, httpProxy); console.info(`Succeeded in setting network global proxy.`); } catch (err) { console.error(`Failed to set network global proxy. Code: ${err.code}, message: ${err.message}`); } ``` ## networkManager.getGlobalProxySync getGlobalProxySync(admin: Want): connection.HttpProxy 指定设备管理应用获取网络全局代理。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ------ | ------------------------------------------------------- | ---- | -------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | **返回值:** | 类型 | 说明 | | ------------------------------------------------------------ | ------------------------------ | | [connection.HttpProxy](../apis-network-kit/js-apis-net-connection.md#httpproxy10) | 返回网络全局Http代理配置信息。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; import { BusinessError } from '@kit.BasicServicesKit'; import { connection } from '@kit.NetworkKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; try { let result: connection.HttpProxy = networkManager.getGlobalProxySync(wantTemp); console.info(`Succeeded in getting network global proxy, result : ${JSON.stringify(result)}`); } catch (err) { console.error(`Failed to get network global proxy. Code: ${err.code}, message: ${err.message}`); } ``` ## networkManager.addFirewallRule addFirewallRule(admin: Want, firewallRule: FirewallRule): void 指定设备管理应用为设备添加防火墙过滤规则。
添加了[Action](#action)为ALLOW规则后,将会默认添加DENY规则,不在ALLOW规则之内的网络数据包将会被丢弃或拦截。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ------------ | ------------------------------------------------------- | ---- | -------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | | firewallRule | [FirewallRule](#firewallrule) | 是 | 添加防火墙过滤规则。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; let firewallRule: networkManager.FirewallRule = { "srcAddr": "192.168.1.1-192.188.22.66", "destAddr": "10.1.1.1", "srcPort": "8080", "destPort": "8080", "appUid": "9696", "direction": networkManager.Direction.OUTPUT, "action": networkManager.Action.DENY, "protocol": networkManager.Protocol.UDP, } networkManager.addFirewallRule(wantTemp, firewallRule); ``` ## networkManager.removeFirewallRule removeFirewallRule(admin: Want, firewallRule?: FirewallRule): void 指定设备管理应用移除设备防火墙过滤规则。
移除规则后如果不存在[Action](#action)为ALLOW规则后,会将[addFirewallRule](#networkmanageraddfirewallrule)添加的默认DENY规则清空。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ------------ | ------------------------------------------------------- | ---- | ---------------------------------------------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | | firewallRule | [FirewallRule](#firewallrule) | 否 | 移除防火墙过滤规则。值为空时,清空所有的防火墙规则。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; // 移除指定的规则 let firewallRule: networkManager.FirewallRule = { "srcAddr": "192.168.1.1-192.188.22.66", "destAddr": "10.1.1.1", "srcPort": "8080", "destPort": "8080", "appUid": "9696", "direction": networkManager.Direction.OUTPUT, "action": networkManager.Action.DENY, "protocol": networkManager.Protocol.UDP, } networkManager.removeFirewallRule(wantTemp, firewallRule); // 清空所有规则 networkManager.removeFirewallRule(wantTemp); ``` ## networkManager.getFirewallRules getFirewallRules(admin: Want): Array\ 指定设备管理应用查询防火墙过滤规则。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ------ | ------------------------------------------------------- | ---- | -------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | **返回值:** | 类型 | 说明 | | ------------------------------------- | ------------------------------------------------------------ | | Array\<[FirewallRule](#firewallrule)> | 返回当前设备配置的防火墙过滤规则列表,当方法调用错误时会抛出异常。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; let firewallRule: Array; firewallRule = networkManager.getFirewallRules(wantTemp); ``` ## networkManager.addDomainFilterRule addDomainFilterRule(admin: Want, domainFilterRule: DomainFilterRule): void 指定设备管理应用为设备添加域名过滤规则。
添加了[Action](#action)为ALLOW规则后,将会默认添加DENY规则,不在ALLOW规则之内的域名解析数据包将会被丢弃或拦截。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ---------------- | ------------------------------------------------------- | ---- | ------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | | domainFilterRule | [DomainFilterRule](#domainfilterrule) | 是 | 添加域名过滤规则。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; let domainFilterRule: networkManager.DomainFilterRule = { "domainName": "www.example.com", "appUid": "9696", "action": networkManager.Action.DENY, } networkManager.addDomainFilterRule(wantTemp, domainFilterRule); ``` ## networkManager.removeDomainFilterRule removeDomainFilterRule(admin: Want, domainFilterRule?: DomainFilterRule): void 指定设备管理应用移除设备域名过滤规则。
移除规则后如果不存在[Action](#action)为ALLOW规则后,会将[addDomainFilterRule](#networkmanageradddomainfilterrule)添加的默认DENY规则清空。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ---------------- | ------------------------------------------------------- | ---- | ------------------------------------------------ | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | | domainFilterRule | [DomainFilterRule](#domainfilterrule) | 否 | 移除域名过滤规则。值为空时,清空所有的域名规则。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; // 移除指定的规则 let domainFilterRule: networkManager.DomainFilterRule = { "domainName": "www.example.com", "appUid": "9696", "action": networkManager.Action.DENY, } networkManager.removeDomainFilterRule(wantTemp, domainFilterRule); // 清空所有规则 networkManager.removeDomainFilterRule(wantTemp); ``` ## networkManager.getDomainFilterRules getDomainFilterRules(admin: Want): Array\ 指定设备管理应用查询域名过滤规则。 **需要权限:** ohos.permission.ENTERPRISE_MANAGE_NETWORK **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager **参数:** | 参数名 | 类型 | 必填 | 说明 | | ------ | ------------------------------------------------------- | ---- | -------------- | | admin | [Want](../apis-ability-kit/js-apis-app-ability-want.md) | 是 | 设备管理应用。 | **返回值:** | 类型 | 说明 | | --------------------------------------------- | ------------------------------------------------------------ | | Array\<[DomainFilterRule](#domainfilterrule)> | 返回当前设备配置的域名过滤规则列表,当方法调用错误时会抛出异常。 | **错误码**: 以下错误码的详细介绍请参见[企业设备管理错误码](errorcode-enterpriseDeviceManager.md)和[通用错误码](../errorcode-universal.md)。 | 错误码ID | 错误信息 | | -------- | ------------------------------------------------------------ | | 9200001 | The application is not an administrator application of the device. | | 9200002 | The administrator application does not have permission to manage the device. | | 201 | Permission verification failed. The application does not have the permission required to call the API. | | 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | **示例:** ```ts import { Want } from '@kit.AbilityKit'; let wantTemp: Want = { bundleName: 'com.example.myapplication', abilityName: 'EntryAbility', }; let domainFilterRule: Array; domainFilterRule = networkManager.getDomainFilterRules(wantTemp); ``` ## FirewallRule 防火墙过滤规则。 **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager | 名称 | 类型 | 必填 | 说明 | | --------- | ----------------------- | ---- | ------------------------------------------------------------ | | srcAddr | string | 否 | ip源地址。支持IP段,例如:192.168.0.0/22或者192.168.1.100-192.168.1.200 | | destAddr | string | 否 | ip目标地址。支持IP段,例如:192.168.0.0/22或者192.168.1.100-192.168.1.200 | | srcPort | string | 否 | 源端口。 | | destPort | string | 否 | 目标端口。 | | appUid | string | 否 | 应用uid。 | | direction | [Direction](#direction) | 否 | 规则链。
添加防护墙过滤规则时必填;移除防火墙时非必填,表示清空所有的[Direction](#direction)链。
当值为空时srcAddr,destAddr,srcPort,destPort,appUid也必须传入空值。 | | action | [Action](#action) | 否 | 接收或者丢弃数据包。
添加防护墙过滤规则时必填;移除防火墙时非必填,表示清空所有的匹配[Action](#action)规则的链。
当值为空时srcAddr,destAddr,srcPort,destPort,appUid也必须传入空值。 | | protocol | [Protocol](#protocol) | 否 | 网络协议。当值为ALL或者ICMP时,不允许设置srcPort与destPort。 | ## DomainFilterRule 域名过滤规则。 **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager | 名称 | 类型 | 必填 | 说明 | | ---------- | ----------------- | ---- | ------------------------------------------------------------ | | domainName | string | 否 | 域名。添加域名过滤规则时必填。 | | appUid | string | 否 | 应用uid。 | | action | [Action](#action) | 否 | 接收或者丢弃数据包。
添加域名过滤规则时必填;移除域名过滤规则时非必填,表示清空所有的匹配[Action](#action)规则的链。
当值为空时,domainName,appUid也必须传入空值。 | ## Direction 规则链。 **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager | 名称 | 值 | 说明 | | ------ | ---- | -------- | | INPUT | 0 | 输入链。 | | OUTPUT | 1 | 输出链。 | ## Action 数据包的行为。 **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager | 名称 | 值 | 说明 | | ----- | ---- | ------------ | | ALLOW | 0 | 接收数据包。 | | DENY | 1 | 丢弃数据包。 | ## Protocol 网络协议。 **系统能力:** SystemCapability.Customization.EnterpriseDeviceManager | 名称 | 值 | 说明 | | ---- | ---- | -------------- | | ALL | 0 | 全部网络协议。 | | TCP | 1 | 网络协议TCP。 | | UDP | 2 | 网络协议UDP。 | | ICMP | 3 | 网络协议ICMP。 |