1# @ohos.net.netFirewall (Network Firewall) (System API) 2 3This module provides the firewall configuration and query functions for applications. You can configure firewall policies to implement access control for devices based on IP addresses, domain names, and DNS servers. In addition to adding, modifying, removing, and querying firewall policies, you can query firewall interception records. 4 5> **NOTE** 6> The initial APIs of this module are supported since API version 12. Newly added APIs will be marked with a superscript to indicate their earliest API version. 7> The APIs provided by this module are system APIs. 8 9## Modules to Import 10 11```ts 12import netfirewall from '@ohos.net.netFirewall'; 13``` 14 15## netFirewall.setNetFirewallPolicy 16 17setNetFirewallPolicy(userId: number, policy: NetFirewallPolicy): Promise\<void> 18 19Sets a firewall policy. 20 21**System API**: This is a system API. 22 23**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 24 25**System capability**: SystemCapability.Communication.NetManager.netfirewall 26 27**Parameters** 28 29| Name| Type | Mandatory| Description | 30| ------ | ----------------------------------------| ---- | -------------------------------------------- | 31| userId | number | Yes | User ID. It must be unique in the system.| 32| policy | [NetFirewallPolicy](#netfirewallpolicy) | Yes | Firewall policy. | 33 34**Return value** 35 36| Type | Description | 37| ------------------- | ---------------------------------------- | 38| Promise\<void> | Promise that returns no value. | 39 40**Error codes** 41 42| ID| Error Message | 43| ------- | ----------------------------------------------------| 44| 201 | Permission denied. | 45| 202 | Non-system applications use system APIs. | 46| 401 | Parameter error. | 47| 2100001 | Invalid parameter value. | 48| 2100002 | Operation failed. Cannot connect to service. | 49| 2100003 | System internal error. | 50| 29400000 | The specified user does not exist. | 51 52**Example** 53 54```ts 55import { netFirewall } '@kit.NetworkKit'; 56import { BusinessError } from '@kit.BasicServicesKit'; 57 58let policy: netFirewall.NetFirewallPolicy = { 59 isOpen: true, 60 inAction: netFirewall.FirewallRuleAction.RULE_DENY, 61 outAction: netFirewall.FirewallRuleAction.RULE_ALLOW 62}; 63netFirewall.setNetFirewallPolicy(100, policy).then(() => { 64 console.info("set firewall policy success."); 65}).catch((error : BusinessError) => { 66 console.error("set firewall policy failed: " + JSON.stringify(error)); 67}); 68``` 69 70## netFirewall.getNetFirewallPolicy 71 72getNetFirewallPolicy(userId: number): Promise\<NetFirewallPolicy> 73 74Obtains a firewall policy. 75 76**System API**: This is a system API. 77 78**Required permission**: ohos.permission.GET_NET_FIREWALL 79 80**System capability**: SystemCapability.Communication.NetManager.NetFirewall 81 82**Parameters** 83 84| Name | Type | Mandatory| Description | 85| -------- | ---------------------- | ---- | ---------------------------------------------- | 86| userId | number | Yes | User ID. It must be unique in the system. | 87 88**Return value** 89 90| Type | Description | 91| ------------------------------------------------- | ------------------------------------- | 92| Promise\<[NetFirewallPolicy](#netfirewallpolicy)> | Promise used to return the result, which is a firewall policy.| 93 94 95**Error codes** 96 97| ID| Error Message | 98| ------- | ----------------------------------------------------| 99| 201 | Permission denied. | 100| 202 | Non-system applications use system APIs. | 101| 401 | Parameter error. | 102| 2100001 | Invalid parameter value. | 103| 2100002 | Operation failed. Cannot connect to service. | 104| 2100003 | System internal error. | 105| 29400000 | The specified user does not exist. | 106 107**Example** 108 109```ts 110import { netFirewall } '@kit.NetworkKit'; 111import { BusinessError } from '@kit.BasicServicesKit'; 112 113netFirewall.getNetFirewallPolicy(100).then((result: netFirewall.NetFirewallPolicy) => { 114 console.info('firewall policy: ', JSON.stringify(result)); 115}, (reason: BusinessError) => { 116 console.error('get firewall policy failed: ', JSON.stringify(reason)); 117}); 118``` 119 120## netFirewall.addNetFirewallRule 121 122addNetFirewallRule(rule: NetFirewallRule): Promise\<number> 123 124Adds a firewall rule. 125 126**System API**: This is a system API. 127 128**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 129 130**System capability**: SystemCapability.Communication.NetManager.NetFirewall 131 132**Parameters** 133 134| Name | Type | Mandatory| Description | 135| -------- | ------------------------------------------------- | ---- | ------------ | 136| rule | [NetFirewallRule](#netfirewallrule) | Yes | Firewall rule.| 137 138**Return value** 139 140| Type | Description | 141| ------------------------- | ----------------------------------------------------------- | 142| Promise\<number> | Promise used to return the result, which is the firewall rule ID automatically generated by the system.| 143 144**Error codes** 145 146| ID| Error Message | 147| ------- | ------------------------------------------------------------------------ | 148| 201 | Permission denied. | 149| 202 | Non-system applications use system APIs. | 150| 401 | Parameter error. | 151| 2100001 | Invalid parameter value. | 152| 2100002 | Operation failed. Cannot connect to service. | 153| 2100003 | System internal error. | 154| 29400000 | The specified user does not exist. | 155| 29400001 | The number of firewall rules exceeds the maximum. | 156| 29400002 | The number of IP address rules in the firewall rule exceeds the maximum. | 157| 29400003 | The number of port rules in the firewall rule exceeds the maximum. | 158| 29400004 | The number of domain rules in the firewall rule exceeds the maximum. | 159| 29400005 | The number of domain rules exceeds the maximum. | 160| 29400007 | The dns rule is duplication. | 161 162**Example** 163 164```ts 165import { netFirewall } '@kit.NetworkKit'; 166import { BusinessError } from '@kit.BasicServicesKit'; 167 168let ipRule: netFirewall.NetFirewallRule = { 169 name: "rule1", 170 description: "rule1 description", 171 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 172 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 173 type: netFirewall.NetFirewallRuleType.RULE_IP, 174 isEnabled: true, 175 appUid: 20001, 176 localIps: [ 177 { 178 family: 1, 179 type: 1, 180 address: "10.10.1.1", 181 mask: 24 182 },{ 183 family: 1, 184 type: 2, 185 startIp: "10.20.1.1", 186 endIp: "10.20.1.10" 187 }], 188 remoteIps:[ 189 { 190 family: 1, 191 type: 1, 192 address: "20.10.1.1", 193 mask: 24 194 },{ 195 family: 1, 196 type: 2, 197 startIp: "20.20.1.1", 198 endIp: "20.20.1.10" 199 }], 200 protocol: 6, 201 localPorts: [ 202 { 203 startPort: 1000, 204 endPort: 1000 205 },{ 206 startPort: 2000, 207 endPort: 2001 208 }], 209 remotePorts: [ 210 { 211 startPort: 443, 212 endPort: 443 213 }], 214 userId: 100 215}; 216netFirewall.addNetFirewallRule(ipRule).then((result: number) => { 217 console.info('rule Id: ', result); 218}, (reason: BusinessError) => { 219 console.error('add firewall rule failed: ', JSON.stringify(reason)); 220}); 221 222let domainRule: netFirewall.NetFirewallRule = { 223 name: "rule2", 224 description: "rule2 description", 225 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 226 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 227 type: netFirewall.NetFirewallRuleType.RULE_DOMAIN, 228 isEnabled: true, 229 appUid: 20002, 230 domains: [ 231 { 232 isWildcard: false, 233 domain: "www.example.cn" 234 },{ 235 isWildcard: true, 236 domain: "*.example.cn" 237 }], 238 userId: 100 239}; 240netFirewall.addNetFirewallRule(domainRule).then((result: number) => { 241 console.info('rule Id: ', result); 242}, (reason: BusinessError) => { 243 console.error('add firewall rule failed: ', JSON.stringify(reason)); 244}); 245 246let dnsRule: netFirewall.NetFirewallRule = { 247 name: "rule3", 248 description: "rule3 description", 249 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 250 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 251 type: netFirewall.NetFirewallRuleType.RULE_DNS, 252 isEnabled: true, 253 appUid: 20003, 254 primaryDns: "4.4.4.4", 255 standbyDns: "8.8.8.8", 256 userId: 100 257}; 258netFirewall.addNetFirewallRule(dnsRule).then((result: number) => { 259 console.info('rule Id: ', result); 260}, (reason: BusinessError) => { 261 console.error('add firewall rule failed: ', JSON.stringify(reason)); 262}); 263``` 264 265## netFirewall.updateNetFirewallRule 266 267updateNetFirewallRule(rule: NetFirewallRule): Promise\<void> 268 269Updates a firewall rule. 270 271**System API**: This is a system API. 272 273**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 274 275**System capability**: SystemCapability.Communication.NetManager.NetFirewall 276 277**Parameters** 278 279| Name | Type | Mandatory| Description | 280| ------- | -------------------------------------- | ---- | -------------------------------- | 281| rule | [NetFirewallRule](#netfirewallrule) | Yes | Firewall rule. | 282 283**Return value** 284 285| Type | Description | 286| ------------------- | ------------------------------------------------------------------- | 287| Promise\<void> | Promise that returns no value. | 288 289**Error codes** 290 291| ID| Error Message | 292| ------- | ------------------------------------------------------------------------------- | 293| 201 | Permission denied. | 294| 202 | Non-system applications use system APIs. | 295| 401 | Parameter error. | 296| 2100001 | Invalid parameter value. | 297| 2100002 | Operation failed. Cannot connect to service. | 298| 2100003 | System internal error. | 299| 29400000 | The specified user does not exist. | 300| 29400002 | The number of IP address rules in the firewall rule exceeds the maximum. | 301| 29400003 | The number of port rules in the firewall rule exceeds the maximum. | 302| 29400004 | The number of domain rules in the firewall rule exceeds the maximum. | 303| 29400005 | The number of domain rules exceeds the maximum. | 304| 29400006 | The specified rule does not exist. | 305| 29400007 | The dns rule is duplication. | 306 307**Example** 308 309```ts 310import { netFirewall } '@kit.NetworkKit'; 311import { BusinessError } from '@kit.BasicServicesKit'; 312 313let ipRuleUpd: netFirewall.NetFirewallRule = { 314 id: 1, 315 name: "rule1", 316 description: "rule1 description update", 317 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 318 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 319 type: netFirewall.NetFirewallRuleType.RULE_IP, 320 isEnabled: false, 321 appUid: 20001, 322 localIps: [ 323 { 324 family: 1, 325 type: 1, 326 address: "10.10.1.1", 327 mask: 24 328 },{ 329 family: 1, 330 type: 2, 331 startIp: "10.20.1.1", 332 endIp: "10.20.1.10" 333 }], 334 userId: 100 335}; 336netFirewall.updateNetFirewallRule(ipRuleUpd).then(() => { 337 console.info('update firewall rule success.'); 338}, (reason: BusinessError) => { 339 console.error('update firewall rule failed: ', JSON.stringify(reason)); 340}); 341``` 342 343## netFirewall.removeNetFirewallRule 344 345removeNetFirewallRule(userId: number, ruleId: number): Promise\<void> 346 347Removes a firewall rule. 348 349**System API**: This is a system API. 350 351**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 352 353**System capability**: SystemCapability.Communication.NetManager.NetFirewall 354 355**Parameters** 356 357| Name | Type | Mandatory| Description | 358| -------- | -------------------------------- | ---- | -------------------------------------------- | 359| rule | NetFirewallRule | Yes | Firewall rule. | 360| userId | number | Yes | User ID. It must be unique in the system.| 361| ruleId | number | Yes | ID of the firewall rule. | 362 363**Return value** 364 365| Type | Description | 366| ------------------- | ---------------------------------------------------------------------| 367| Promise\<void> | Promise that returns no value. | 368 369**Error codes** 370 371| ID| Error Message | 372| ------- | ------------------------------------------------------------------------------- | 373| 201 | Permission denied. | 374| 202 | Non-system applications use system APIs. | 375| 401 | Parameter error. | 376| 2100001 | Invalid parameter value. | 377| 2100002 | Operation failed. Cannot connect to service. | 378| 2100003 | System internal error. | 379| 29400000 | The specified user does not exist. | 380| 29400006 | The specified rule does not exist. | 381 382**Example** 383 384```ts 385import { netFirewall } '@kit.NetworkKit'; 386import { BusinessError } from '@kit.BasicServicesKit'; 387 388netFirewall.removeNetFirewallRule(100, 1).then(() => { 389 console.info("delete firewall rule success."); 390}).catch((error : BusinessError) => { 391 console.error("delete firewall rule failed: " + JSON.stringify(error)); 392}); 393``` 394 395## netFirewall.getNetFirewallRules 396 397getNetFirewallRules(userId: number, requestParam: RequestParam): Promise\<FirewallRulePage> 398 399Obtains firewall rules by user ID. You need to specify the pagination query parameter when calling this API. 400 401**System API**: This is a system API. 402 403**Required permission**: ohos.permission.GET_NET_FIREWALL 404 405**System capability**: SystemCapability.Communication.NetManager.NetFirewall 406 407**Parameters** 408 409| Name | Type | Mandatory| Description | 410| --------------- | ----------------------------- | ---- | -------------------------------------------- | 411| userId | number | Yes | User ID. It must be unique in the system.| 412| requestParam | [RequestParam](#requestparam) | Yes | Pagination query parameter. | 413 414**Return value** 415 416| Type | Description | 417| ----------------------------------------------- | ---------------------------------------- | 418| Promise\<[FirewallRulePage](#firewallrulepage)> | Promise used to return the result, which is list of firewall rules. | 419 420**Error codes** 421 422| ID| Error Message | 423| ------- | --------------------------------------------------------------------------------| 424| 201 | Permission denied. | 425| 202 | Non-system applications use system APIs. | 426| 401 | Parameter error. | 427| 2100001 | Invalid parameter value. | 428| 2100002 | Operation failed. Cannot connect to service. | 429| 2100003 | System internal error. | 430| 29400000 | The specified user does not exist. | 431 432**Example** 433 434```ts 435import { netFirewall } '@kit.NetworkKit'; 436import { BusinessError } from '@kit.BasicServicesKit'; 437 438let ruleParam: netFirewall.RequestParam = { 439 page: 1, 440 pageSize: 10, 441 orderField: netFirewall.NetFirewallOrderField.ORDER_BY_RULE_NAME, 442 orderType: netFirewall.NetFirewallOrderType.ORDER_ASC 443}; 444netFirewall.getNetFirewallRules(100, ruleParam).then((result: netfirewall.FirewallRulePage) => { 445 console.info("result:", JSON.stringify(result)); 446}, (error: BusinessError) => { 447 console.error("get firewall rules failed: " + JSON.stringify(error)); 448}); 449``` 450 451## netFirewall.getNetFirewallRule 452 453getNetFirewallRule(userId: number, ruleId: number): Promise\<NetFirewallRule> 454 455Obtains a firewall rule based on the specified user ID and rule ID. 456 457**System API**: This is a system API. 458 459**Required permission**: ohos.permission.GET_NET_FIREWALL 460 461**System capability**: SystemCapability.Communication.NetManager.NetFirewall 462 463**Parameters** 464 465| Name | Type | Mandatory| Description | 466| -------- | ------------------------- | ---- | -------------------------------------------- | 467| userId | number | Yes | User ID. It must be unique in the system.| 468| ruleId | number | Yes | ID of the firewall rule. | 469 470**Return value** 471 472| Type | Description | 473| ----------------------------------------------- | ---------------------------------------- | 474| Promise\<[NetFirewallRule](#netfirewallrule)> | Promise used to return the result, which is a firewall rule. | 475 476**Error codes** 477 478| ID| Error Message | 479| ------- | ------------------------------------------------------------------------------- | 480| 201 | Permission denied. | 481| 202 | Non-system applications use system APIs. | 482| 401 | Parameter error. | 483| 2100001 | Invalid parameter value. | 484| 2100002 | Operation failed. Cannot connect to service. | 485| 2100003 | System internal error. | 486| 29400000 | The specified user does not exist. | 487| 29400006 | The specified rule does not exist. | 488 489**Example** 490 491```ts 492import { netFirewall } '@kit.NetworkKit'; 493import { BusinessError } from '@kit.BasicServicesKit'; 494 495netFirewall.getNetFirewallRule(100, 1).then((rule: netFirewall.NetFirewallRule) => { 496 console.info("result:", JSON.stringify(rule)); 497}).catch((error : BusinessError) => { 498 console.error(" get firewall rules failed: " + JSON.stringify(error)); 499}); 500``` 501 502## netFirewall.getInterceptedRecords 503 504getInterceptedRecords(userId: number, requestParam: RequestParam): Promise<\InterceptedRecordPage> 505 506Obtains interception records based on the specified user ID. You need to specify the pagination query parameter when calling this API. 507 508**System API**: This is a system API. 509 510**Required permission**: ohos.permission.GET_NET_FIREWALL 511 512**System capability**: SystemCapability.Communication.NetManager.NetFirewall 513 514**Parameters** 515 516| Name | Type | Mandatory| Description | 517| ------------ | --------------------------- | ---- | -------------------------------------------- | 518| userId | number | Yes | User ID. It must be unique in the system.| 519| requestParam | [RequestParam](#requestparam) | Yes | Query parameter. | 520 521**Return value** 522 523| Type | Description | 524| --------------------------------------------------------- | ------------------------------- | 525| Promise\<[InterceptedRecordPage](#interceptedrecordpage)> | Promise used to return the result, which is a list of interception records.| 526 527**Error codes** 528 529| ID| Error Message | 530| ------- | --------------------------------------------------------------------------------| 531| 201 | Permission denied. | 532| 202 | Non-system applications use system APIs. | 533| 401 | Parameter error. | 534| 2100001 | Invalid parameter value. | 535| 2100002 | Operation failed. Cannot connect to service. | 536| 2100003 | System internal error. | 537| 29400000 | The specified user does not exist. | 538 539**Example** 540 541```ts 542import { netFirewall } '@kit.NetworkKit'; 543import { BusinessError } from '@kit.BasicServicesKit'; 544 545let interceptRecordParam: netFirewall.RequestParam = { 546 page: 1, 547 pageSize: 10, 548 orderField: netFirewall.NetFirewallOrderField.ORDER_BY_RECORD_TIME, 549 orderType: netFirewall.NetFirewallOrderType.ORDER_DESC 550}; 551netFirewall.getInterceptedRecords(100, interceptRecordParam).then((result: netFirewall.InterceptedRecordPage) => { 552 console.info("result:", JSON.stringify(result)); 553}, (error: BusinessError) => { 554 console.error("get intercept records failed: " + JSON.stringify(error)); 555}); 556``` 557 558## NetFirewallRuleDirection 559 560Enumerates interception directions for firewall rules. 561 562**System API**: This is a system API. 563 564**System capability**: SystemCapability.Communication.NetManager.NetFirewall 565 566| Name | Value | Description | 567|--------------|------|--------| 568| RULE_IN | 1 | Inbound direction.| 569| RULE_OUT | 2 | Outbound direction.| 570 571## FirewallRuleAction 572 573Enumerates actions for firewall rules. 574 575**System API**: This is a system API. 576 577**System capability**: SystemCapability.Communication.NetManager.NetFirewall 578 579| Name | Value | Description | 580|----------------|------|------- | 581| RULE_ALLOW | 0 | Allowing network connection.| 582| RULE_DENY | 1 | Denying network connection.| 583 584## NetFirewallRuleType 585 586Enumerates firewall rule types. 587 588**System API**: This is a system API. 589 590**System capability**: SystemCapability.Communication.NetManager.NetFirewall 591 592| Name | Value | Description | 593|----------------| ---- | ------------ | 594| RULE_IP | 1 | IP address-based firewall rule. | 595| RULE_DOMAIN | 2 | Domain name-based rule.| 596| RULE_DNS | 3 | DNS-based firewall rule. | 597 598## NetFirewallOrderField 599 600Enumerates firewall rule sorting types. 601 602**System API**: This is a system API. 603 604**System capability**: SystemCapability.Communication.NetManager.NetFirewall 605 606| Name | Value | Description | 607| --------------------- | ---- | ---------- ----------- | 608| ORDER_BY_RULE_NAME | 1 | Sorting of firewall rules by name.| 609| ORDER_BY_RECORD_TIME | 100 | Sorting of firewall rules by time. | 610 611## NetFirewallOrderType 612 613Enumerates firewall rule sorting orders. 614 615**System API**: This is a system API. 616 617**System capability**: SystemCapability.Communication.NetManager.NetFirewall 618 619| Name | Value | Description | 620| ---------- | ---- | ------------------------------ | 621| ORDER_ASC | 1 | Sorting in ascending order.| 622| ORDER_DESC | 100 | Sorting in descending order.| 623 624## NetFirewallPolicy 625 626Defines a firewall policy. 627 628**System API**: This is a system API. 629 630**System capability**: SystemCapability.Communication.NetManager.NetFirewall 631 632| Name | Type | Mandatory| Description | 633| -----------| -------------------------------------------|------|-------------- | 634| isOpen | boolean | Yes | Whether to enable or disable the firewall.| 635| inAction | [FirewallRuleAction](#firewallruleaction) | Yes | Inbound action. | 636| outAction | [FirewallRuleAction](#firewallruleaction) | Yes | Outbound action. | 637 638## NetFirewallIpParams 639 640Defines the IP address information of a firewall rule. 641 642**System API**: This is a system API. 643 644**System capability**: SystemCapability.Communication.NetManager.NetFirewall 645 646| Name | Type |Mandatory| Description | 647| ----------- | -------|----|------------------------------------------------------------ | 648| type | number | Yes| IP address type. The value **1** indicates an IP address or subnet. When a single IP address is used, the mask is 32. The value **2** indicates an IP address segment. | 649| family | number | No| IP address family. The value **1** indicates IPv4 and value **2** indicates IPv6. The default value is IPv4. Other values are not supported. | 650| address | string | No| IP address. This parameter is valid only when **type** is set to **1**. | 651| mask | number | No| Subnet mask for an IPv4 address and prefix for an IPv6 address. This parameter is valid only when **type** is set to **1**.| 652| startIp | string | No| Start IP address: This parameter is valid only when **type** is set to **2**. | 653| endIp | string | No| End IP address: This parameter is valid only when **type** is set to **2**. | 654 655## NetFirewallPortParams 656 657Defines the port parameters of a firewall rule. 658 659**System API**: This is a system API. 660 661**System capability**: SystemCapability.Communication.NetManager.NetFirewall 662 663| Name | Type | Mandatory| Description | 664| ------------ | -------|------|----------- | 665| startPort | number | Yes | Start port number.| 666| endPort | number | Yes | End port number.| 667 668## NetFirewallDomainParams 669 670Defines the domain information of a firewall rule. 671 672**System API**: This is a system API. 673 674**System capability**: SystemCapability.Communication.NetManager.NetFirewall 675 676| Name | Type | Mandatory| Description | 677| ------------ | --------|------|------------------------------------------ | 678| isWildcard | boolean | Yes | Whether to contain wildcards. | 679| domain | string | Yes | DNS domain. If **isWildcard** is **false**, you need to specify the complete domain name.| 680 681## NetFirewallDnsParams 682 683Defines the DNS information of a firewall rule. 684 685**System API**: This is a system API. 686 687**System capability**: SystemCapability.Communication.NetManager.NetFirewall 688 689| Name | Type | Mandatory| Description | 690| ------------ | --------|------|--------------- | 691| primaryDns | string | Yes | Active DNS server.| 692| standbyDns | string | No | Standby DNS server. | 693 694 695## NetFirewallRule 696 697Defines a firewall rule. 698 699**System API**: This is a system API. 700 701**System capability**: SystemCapability.Communication.NetManager.NetFirewall 702 703| Name | Type |Mandatory| Description | 704| ------------|-------------------------------------------------------------|----|-------------------------------------------------------------- | 705| userId | number | Yes| User ID. It must be unique in the system. | 706| name | string | Yes| Rule name. This parameter is mandatory and can contain a maximum of 128 characters. | 707| direction | [NetFirewallRuleDirection](#netfirewallruledirection) | Yes| Interception direction, which can be inbound or outbound. | 708| action | [FirewallRuleAction](#firewallruleaction) | Yes| Action. | 709| type | [NetFirewallRuleType](#netfirewallruletype) | Yes| Rule type. | 710| isEnabled | boolean | Yes| Whether to enable the firewall rule. | 711| id | number | No| Firewall rule ID. | 712| description | string | No| Firewall rule description. This parameter is optional and can contain a maximum of 256 characters. | 713| appUid | number | No| Application or service UID. | 714| localIps | Array\<[NetFirewallIpParams](#netfirewallipparams)> | No| List of local IP addresses. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 local IP addresses are supported. | 715| remoteIps | Array\<[NetFirewallIpParams](#netfirewallipparams)> | No| List of remote IP addresses. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 local IP addresses are supported.| 716| protocol | number | No| Protocol. The value **6** indicates TCP and value **17** indicates UDP. This parameter is valid only when **ruleType** is set to **RULE_IP**. | 717| localPorts | Array\<[NetFirewallPortParams](#netfirewallportparams)> | No| List of local ports. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 local ports are supported. | 718| remotePorts | Array\<[NetFirewallPortParams](#netfirewallportparams)> | No| List of remote ports. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 remote ports are supported. | 719| domains | Array\<[NetFirewallDomainParams](#netfirewalldomainparams)> | No| List of domain names. This parameter is valid only when **ruleType** is set to **RULE_DOMAIN**. | 720| dns | [NetFirewallDnsParams](#netfirewalldnsparams) | No| List of DNS server names. This parameter is valid only when **ruleType** is set to **RULE_DNS**. | 721 722## InterceptedRecord 723 724Defines an interception record. 725 726**System API**: This is a system API. 727 728**System capability**: SystemCapability.Communication.NetManager.NetFirewall 729 730| Name | Type | Mandatory| Description | 731|------------| -------|------|-------------------- | 732| time | number | Yes | Timestamp. | 733| localIp | string | No | Local IP address. | 734| remoteIp | string | No | Remote IP address. | 735| localPort | number | No | Local port. | 736| remotePort | number | No | Remote port. | 737| protocol | number | No | Transport layer protocol. | 738| appUid | number | No | Application or service UID.| 739| domain | string | No | Domain name. | 740 741 742## RequestParam 743 744Defines query parameters. 745 746**System API**: This is a system API. 747 748**System capability**: SystemCapability.Communication.NetManager.NetFirewall 749 750| Name | Type | Mandatory| Description | 751|------------|--------------------------------------------------|------|---------------------------- | 752| page | number | Yes | Page number. The value range is [1,1000]. | 753| pageSize | number | Yes | Page size. The value range is [1,50]. | 754| orderField | [NetFirewallOrderField](#netfirewallorderfield) | Yes | Sorting order field. | 755| orderType | [NetFirewallOrderType](#netfirewallordertype) | Yes | Sorting order type. | 756## FirewallRulePage 757 758Defines the pagination structure for firewall rules. 759 760**System API**: This is a system API. 761 762**System capability**: SystemCapability.Communication.NetManager.NetFirewall 763 764| Name | Type | Mandatory| Description | 765|------------|-------------------------------------------- |------|---------------| 766| page | number | Yes | Current page. | 767| pageSize | number | Yes | Page size. | 768| totalPage | number | Yes | Total number of pages. | 769| data | Array\<[NetFirewallRule](#netfirewallrule)> | Yes | Page data. | 770 771## InterceptedRecordPage 772 773Defines the pagination structure for interception records. 774 775**System API**: This is a system API. 776 777**System capability**: SystemCapability.Communication.NetManager.NetFirewall 778 779| Name | Type | Mandatory| Description | 780|------------| ----------------------------------------------- |------|---------- | 781| page | number | Yes | Current page.| 782| pageSize | number | Yes | Page size.| 783| totalPage | number | Yes | Total number of pages. | 784| data | Array\<[InterceptedRecord](#interceptedrecord)> | Yes | Page data.| 785