1# @ohos.net.netFirewall (Network Firewall) 2 3The **netFirewall** module implements the firewall query functionality. It allows applications to query the firewall interception records of the device. 4 5 6> **NOTE** 7> 8> The initial APIs of this module are supported since API version 15. Newly added APIs will be marked with a superscript to indicate their earliest API version. 9 10## Modules to Import 11 12```ts 13import { netfirewall } from '@kit.NetworkKit'; 14``` 15 16 17## netFirewall.getNetFirewallPolicy 18 19getNetFirewallPolicy(userId: number): Promise\<NetFirewallPolicy> 20 21Obtains a firewall policy. 22 23**Required permission**: ohos.permission.GET_NET_FIREWALL 24 25**System capability**: SystemCapability.Communication.NetManager.NetFirewall 26 27**Parameters** 28 29| Name | Type | Mandatory| Description | 30| -------- | ---------------------- | ---- | ---------------------------------------------- | 31| userId | number | Yes | Existing user ID. | 32 33**Return value** 34 35| Type | Description | 36| ------------------------------------------------- | ------------------------------------- | 37| Promise\<[NetFirewallPolicy](#netfirewallpolicy)> | Promise used to return the result, which is a firewall policy.| 38 39 40**Error codes** 41 42For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 43 44| ID| Error Message | 45| ------- | ----------------------------------------------------| 46| 201 | Permission denied. | 47| 401 | Parameter error. | 48| 2100001 | Invalid parameter value. | 49| 2100002 | Operation failed. Cannot connect to service. | 50| 2100003 | System internal error. | 51| 29400000 | The specified user does not exist. | 52 53**Example** 54 55```ts 56import { netFirewall } '@kit.NetworkKit'; 57import { BusinessError } from '@kit.BasicServicesKit'; 58 59netFirewall.getNetFirewallPolicy(100).then((result: netFirewall.NetFirewallPolicy) => { 60 console.info('firewall policy: ', JSON.stringify(result)); 61}, (reason: BusinessError) => { 62 console.error('get firewall policy failed: ', JSON.stringify(reason)); 63}); 64``` 65 66 67## netFirewall.updateNetFirewallRule 68 69updateNetFirewallRule(rule: NetFirewallRule): Promise\<void> 70 71Updates a firewall rule. 72 73**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 74 75**System capability**: SystemCapability.Communication.NetManager.NetFirewall 76 77**Parameters** 78 79| Name | Type | Mandatory| Description | 80| ------- | -------------------------------------- | ---- | -------------------------------- | 81| rule | [NetFirewallRule](#netfirewallrule) | Yes | Firewall rule. | 82 83**Return value** 84 85| Type | Description | 86| ------------------- | ------------------------------------------------------------------- | 87| Promise\<void> | Promise that returns no value. | 88 89**Error codes** 90 91For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 92 93| ID| Error Message | 94| ------- | ------------------------------------------------------------------------------- | 95| 201 | Permission denied. | 96| 401 | Parameter error. | 97| 2100001 | Invalid parameter value. | 98| 2100002 | Operation failed. Cannot connect to service. | 99| 2100003 | System internal error. | 100| 29400000 | The specified user does not exist. | 101| 29400002 | The number of IP address rules in the firewall rule exceeds the maximum. | 102| 29400003 | The number of port rules in the firewall rule exceeds the maximum. | 103| 29400004 | The number of domain rules in the firewall rule exceeds the maximum. | 104| 29400005 | The number of domain rules exceeds the maximum. | 105| 29400006 | The specified rule does not exist. | 106| 29400007 | The dns rule is duplication. | 107 108**Example** 109 110```ts 111import { netFirewall } '@kit.NetworkKit'; 112import { BusinessError } from '@kit.BasicServicesKit'; 113 114let ipRuleUpd: netFirewall.NetFirewallRule = { 115 id: 1, 116 name: "rule1", 117 description: "rule1 description update", 118 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 119 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 120 type: netFirewall.NetFirewallRuleType.RULE_IP, 121 isEnabled: false, 122 appUid: 20001, 123 localIps: [ 124 { 125 family: 1, 126 type: 1, 127 address: "10.10.1.1", 128 mask: 24 129 },{ 130 family: 1, 131 type: 2, 132 startIp: "10.20.1.1", 133 endIp: "10.20.1.10" 134 }], 135 userId: 100 136}; 137netFirewall.updateNetFirewallRule(ipRuleUpd).then(() => { 138 console.info('update firewall rule success.'); 139}, (reason: BusinessError) => { 140 console.error('update firewall rule failed: ', JSON.stringify(reason)); 141}); 142``` 143 144## netFirewall.removeNetFirewallRule 145 146removeNetFirewallRule(userId: number, ruleId: number): Promise\<void> 147 148Removes a firewall rule. 149 150**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 151 152**System capability**: SystemCapability.Communication.NetManager.NetFirewall 153 154**Parameters** 155 156| Name | Type | Mandatory| Description | 157| -------- | ----------------------------------- | ---- | -------------------------------------------- | 158| userId | number | Yes | Existing user ID. | 159| ruleId | number | Yes | ID of the firewall rule. | 160 161**Return value** 162 163| Type | Description | 164| ------------------- | ---------------------------------------------------------------------| 165| Promise\<void> | Promise that returns no value. | 166 167**Error codes** 168 169For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 170 171| ID| Error Message | 172| ------- | ------------------------------------------------------------------------------- | 173| 201 | Permission denied. | 174| 401 | Parameter error. | 175| 2100001 | Invalid parameter value. | 176| 2100002 | Operation failed. Cannot connect to service. | 177| 2100003 | System internal error. | 178| 29400000 | The specified user does not exist. | 179| 29400006 | The specified rule does not exist. | 180 181**Example** 182 183```ts 184import { netFirewall } '@kit.NetworkKit'; 185import { BusinessError } from '@kit.BasicServicesKit'; 186 187netFirewall.removeNetFirewallRule(100, 1).then(() => { 188 console.info("delete firewall rule success."); 189}).catch((error : BusinessError) => { 190 console.error("delete firewall rule failed: " + JSON.stringify(error)); 191}); 192``` 193 194## netFirewall.getNetFirewallRules 195 196getNetFirewallRules(userId: number, requestParam: RequestParam): Promise\<FirewallRulePage> 197 198Obtains firewall rules by user ID. You need to specify the pagination query parameter when calling this API. 199 200**Required permission**: ohos.permission.GET_NET_FIREWALL 201 202**System capability**: SystemCapability.Communication.NetManager.NetFirewall 203 204**Parameters** 205 206| Name | Type | Mandatory| Description | 207| --------------- | ----------------------------- | ---- | -------------------------------------------- | 208| userId | number | Yes | Existing user ID. | 209| requestParam | [RequestParam](#requestparam) | Yes | Pagination query parameter. | 210 211**Return value** 212 213| Type | Description | 214| ----------------------------------------------- | ---------------------------------------- | 215| Promise\<[FirewallRulePage](#firewallrulepage)> | Promise used to return the result, which is list of firewall rules. | 216 217**Error codes** 218 219For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 220 221| ID| Error Message | 222| ------- | --------------------------------------------------------------------------------| 223| 201 | Permission denied. | 224| 401 | Parameter error. | 225| 2100001 | Invalid parameter value. | 226| 2100002 | Operation failed. Cannot connect to service. | 227| 2100003 | System internal error. | 228| 29400000 | The specified user does not exist. | 229 230**Example** 231 232```ts 233import { netFirewall } '@kit.NetworkKit'; 234import { BusinessError } from '@kit.BasicServicesKit'; 235 236let ruleParam: netFirewall.RequestParam = { 237 page: 1, 238 pageSize: 10, 239 orderField: netFirewall.NetFirewallOrderField.ORDER_BY_RULE_NAME, 240 orderType: netFirewall.NetFirewallOrderType.ORDER_ASC 241}; 242netFirewall.getNetFirewallRules(100, ruleParam).then((result: netfirewall.FirewallRulePage) => { 243 console.info("result:", JSON.stringify(result)); 244}, (error: BusinessError) => { 245 console.error("get firewall rules failed: " + JSON.stringify(error)); 246}); 247``` 248 249## netFirewall.getNetFirewallRule 250 251getNetFirewallRule(userId: number, ruleId: number): Promise\<NetFirewallRule> 252 253Obtains a firewall rule based on the specified user ID and rule ID. 254 255**Required permission**: ohos.permission.GET_NET_FIREWALL 256 257**System capability**: SystemCapability.Communication.NetManager.NetFirewall 258 259**Parameters** 260 261| Name | Type | Mandatory| Description | 262| -------- | ------------------------- | ---- | -------------------------------------------- | 263| userId | number | Yes | Existing user ID.| 264| ruleId | number | Yes | ID of the firewall rule. | 265 266**Return value** 267 268| Type | Description | 269| ----------------------------------------------- | ---------------------------------------- | 270| Promise\<[NetFirewallRule](#netfirewallrule)> | Promise used to return the result, which is a firewall rule. | 271 272**Error codes** 273 274For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 275 276| ID| Error Message | 277| ------- | ------------------------------------------------------------------------------- | 278| 201 | Permission denied. | 279| 401 | Parameter error. | 280| 2100001 | Invalid parameter value. | 281| 2100002 | Operation failed. Cannot connect to service. | 282| 2100003 | System internal error. | 283| 29400000 | The specified user does not exist. | 284| 29400006 | The specified rule does not exist. | 285 286**Example** 287 288```ts 289import { netFirewall } '@kit.NetworkKit'; 290import { BusinessError } from '@kit.BasicServicesKit'; 291 292netFirewall.getNetFirewallRule(100, 1).then((rule: netFirewall.NetFirewallRule) => { 293 console.info("result:", JSON.stringify(rule)); 294}).catch((error : BusinessError) => { 295 console.error(" get firewall rules failed: " + JSON.stringify(error)); 296}); 297``` 298 299## netFirewall.setNetFirewallPolicy 300 301setNetFirewallPolicy(userId: number, policy: NetFirewallPolicy): Promise\<void> 302 303Sets a firewall policy. 304 305**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 306 307**System capability**: SystemCapability.Communication.NetManager.NetFirewall 308 309**Parameters** 310 311| Name| Type | Mandatory| Description | 312| ------ | ----------------------------------------| ---- | -------------------------------------------- | 313| userId | number | Yes | Existing user ID.| 314| policy | [NetFirewallPolicy](#netfirewallpolicy) | Yes | Firewall policy. | 315 316**Return value** 317 318| Type | Description | 319| ------------------- | ---------------------------------------- | 320| Promise\<void> | Promise that returns no value. | 321 322**Error codes** 323 324For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 325 326| ID| Error Message | 327| ------- | ----------------------------------------------------| 328| 201 | Permission denied. | 329| 401 | Parameter error. | 330| 2100001 | Invalid parameter value. | 331| 2100002 | Operation failed. Cannot connect to service. | 332| 2100003 | System internal error. | 333| 29400000 | The specified user does not exist. | 334 335**Example** 336 337```ts 338import { netFirewall } '@kit.NetworkKit'; 339import { BusinessError } from '@kit.BasicServicesKit'; 340 341let policy: netFirewall.NetFirewallPolicy = { 342 isOpen: true, 343 inAction: netFirewall.FirewallRuleAction.RULE_DENY, 344 outAction: netFirewall.FirewallRuleAction.RULE_ALLOW 345}; 346netFirewall.setNetFirewallPolicy(100, policy).then(() => { 347 console.info("set firewall policy success."); 348}).catch((error : BusinessError) => { 349 console.error("set firewall policy failed: " + JSON.stringify(error)); 350}); 351``` 352 353## netFirewall.addNetFirewallRule 354 355addNetFirewallRule(rule: NetFirewallRule): Promise\<number> 356 357Adds a firewall rule. 358 359**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 360 361**System capability**: SystemCapability.Communication.NetManager.NetFirewall 362 363**Parameters** 364 365| Name | Type | Mandatory| Description | 366| -------- | ------------------------------------------------- | ---- | ------------ | 367| rule | [NetFirewallRule](#netfirewallrule) | Yes | Firewall rule.| 368 369**Return value** 370 371| Type | Description | 372| ------------------------- | ----------------------------------------------------------- | 373| Promise\<number> | Promise used to return the result, which is the firewall rule ID automatically generated by the system.| 374 375**Error codes** 376 377For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 378 379| ID| Error Message | 380| ------- | ------------------------------------------------------------------------ | 381| 201 | Permission denied. | 382| 401 | Parameter error. | 383| 2100001 | Invalid parameter value. | 384| 2100002 | Operation failed. Cannot connect to service. | 385| 2100003 | System internal error. | 386| 29400000 | The specified user does not exist. | 387| 29400001 | The number of firewall rules exceeds the maximum. | 388| 29400002 | The number of IP address rules in the firewall rule exceeds the maximum. | 389| 29400003 | The number of port rules in the firewall rule exceeds the maximum. | 390| 29400004 | The number of domain rules in the firewall rule exceeds the maximum. | 391| 29400005 | The number of domain rules exceeds the maximum. | 392| 29400007 | The dns rule is duplication. | 393 394**Example** 395 396```ts 397import { netFirewall } '@kit.NetworkKit'; 398import { BusinessError } from '@kit.BasicServicesKit'; 399 400let ipRule: netFirewall.NetFirewallRule = { 401 name: "rule1", 402 description: "rule1 description", 403 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 404 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 405 type: netFirewall.NetFirewallRuleType.RULE_IP, 406 isEnabled: true, 407 appUid: 20001, 408 localIps: [ 409 { 410 family: 1, 411 type: 1, 412 address: "10.10.1.1", 413 mask: 24 414 },{ 415 family: 1, 416 type: 2, 417 startIp: "10.20.1.1", 418 endIp: "10.20.1.10" 419 }], 420 remoteIps:[ 421 { 422 family: 1, 423 type: 1, 424 address: "20.10.1.1", 425 mask: 24 426 },{ 427 family: 1, 428 type: 2, 429 startIp: "20.20.1.1", 430 endIp: "20.20.1.10" 431 }], 432 protocol: 6, 433 localPorts: [ 434 { 435 startPort: 1000, 436 endPort: 1000 437 },{ 438 startPort: 2000, 439 endPort: 2001 440 }], 441 remotePorts: [ 442 { 443 startPort: 443, 444 endPort: 443 445 }], 446 userId: 100 447}; 448netFirewall.addNetFirewallRule(ipRule).then((result: number) => { 449 console.info('rule Id: ', result); 450}, (reason: BusinessError) => { 451 console.error('add firewall rule failed: ', JSON.stringify(reason)); 452}); 453 454let domainRule: netFirewall.NetFirewallRule = { 455 name: "rule2", 456 description: "rule2 description", 457 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 458 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 459 type: netFirewall.NetFirewallRuleType.RULE_DOMAIN, 460 isEnabled: true, 461 appUid: 20002, 462 domains: [ 463 { 464 isWildcard: false, 465 domain: "www.example.cn" 466 },{ 467 isWildcard: true, 468 domain: "*.example.cn" 469 }], 470 userId: 100 471}; 472netFirewall.addNetFirewallRule(domainRule).then((result: number) => { 473 console.info('rule Id: ', result); 474}, (reason: BusinessError) => { 475 console.error('add firewall rule failed: ', JSON.stringify(reason)); 476}); 477 478let dnsRule: netFirewall.NetFirewallRule = { 479 name: "rule3", 480 description: "rule3 description", 481 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 482 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 483 type: netFirewall.NetFirewallRuleType.RULE_DNS, 484 isEnabled: true, 485 appUid: 20003, 486 primaryDns: "4.4.4.4", 487 standbyDns: "8.8.8.8", 488 userId: 100 489}; 490netFirewall.addNetFirewallRule(dnsRule).then((result: number) => { 491 console.info('rule Id: ', result); 492}, (reason: BusinessError) => { 493 console.error('add firewall rule failed: ', JSON.stringify(reason)); 494}); 495``` 496 497## NetFirewallRule 498 499Defines a firewall rule. 500 501**System capability**: SystemCapability.Communication.NetManager.NetFirewall 502 503| Name | Type |Mandatory| Description | 504| ------------|-------------------------------------------------------------|----|-------------------------------------------------------------- | 505| userId | number | Yes| Existing user ID. | 506| name | string | Yes| Rule name. This parameter is mandatory and can contain a maximum of 128 characters. | 507| direction | [NetFirewallRuleDirection](#netfirewallruledirection) | Yes| Interception direction, which can be inbound or outbound. | 508| action | [FirewallRuleAction](#firewallruleaction) | Yes| Action. | 509| type | [NetFirewallRuleType](#netfirewallruletype) | Yes| Rule type. | 510| isEnabled | boolean | Yes| Whether to enable the firewall rule. The value **true** means to enable the firewall rule, and the value **false** means the opposite. | 511| id | number | No| Firewall rule ID. | 512| description | string | No| Firewall rule description. This parameter is optional and can contain a maximum of 256 characters. | 513| appUid | number | No| Application or service UID. | 514| localIps | Array\<[NetFirewallIpParams](#netfirewallipparams)> | No| List of local IP addresses. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 local IP addresses are supported. | 515| remoteIps | Array\<[NetFirewallIpParams](#netfirewallipparams)> | No| List of remote IP addresses. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 local IP addresses are supported.| 516| protocol | number | No| Protocol. The value **6** indicates TCP and value **17** indicates UDP. This parameter is valid only when **ruleType** is set to **RULE_IP**. | 517| localPorts | Array\<[NetFirewallPortParams](#netfirewallportparams)> | No| List of local ports. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 local ports are supported. | 518| remotePorts | Array\<[NetFirewallPortParams](#netfirewallportparams)> | No| List of remote ports. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 remote ports are supported. | 519| domains | Array\<[NetFirewallDomainParams](#netfirewalldomainparams)> | No| List of domain names. This parameter is valid only when **ruleType** is set to **RULE_DOMAIN**. | 520| dns | [NetFirewallDnsParams](#netfirewalldnsparams) | No| List of DNS server names. This parameter is valid only when **ruleType** is set to **RULE_DNS**. | 521 522## RequestParam 523 524Defines query parameters. 525 526**System capability**: SystemCapability.Communication.NetManager.NetFirewall 527 528| Name | Type | Mandatory| Description | 529|------------|--------------------------------------------------|------|---------------------------- | 530| page | number | Yes | Page number. The value range is [1,1000]. | 531| pageSize | number | Yes | Page size. The value range is [1,50]. | 532| orderField | [NetFirewallOrderField](#netfirewallorderfield) | Yes | Sorting order field. | 533| orderType | [NetFirewallOrderType](#netfirewallordertype) | Yes | Sorting order type. | 534 535 536## FirewallRulePage 537 538Defines the pagination structure for firewall rules. 539 540**System capability**: SystemCapability.Communication.NetManager.NetFirewall 541 542| Name | Type | Mandatory| Description | 543|------------|-------------------------------------------- |------|---------------| 544| page | number | Yes | Current page number. The value range is [1,1000]. | 545| pageSize | number | Yes | Page size. The value range is [1,50]. | 546| totalPage | number | Yes | Total number of pages. The value range is [1,1000]. | 547| data | Array\<[NetFirewallRule](#netfirewallrule)> | Yes | Page data. | 548 549## NetFirewallPolicy 550 551Defines a firewall policy. 552 553**System capability**: SystemCapability.Communication.NetManager.NetFirewall 554 555| Name | Type | Mandatory| Description | 556| -----------| -------------------------------------------|------|-------------- | 557| isOpen | boolean | Yes | Whether to enable the firewall. The value **true** means to enable the firewall, and the value **false** means the opposite.| 558| inAction | [FirewallRuleAction](#firewallruleaction) | Yes | Inbound action. | 559| outAction | [FirewallRuleAction](#firewallruleaction) | Yes | Outbound action. | 560 561 562## NetFirewallRuleDirection 563 564Enumerates interception directions for firewall rules. 565 566**System capability**: SystemCapability.Communication.NetManager.NetFirewall 567 568| Name | Value | Description | 569|--------------|------|--------| 570| RULE_IN | 1 | Inbound direction.| 571| RULE_OUT | 2 | Outbound direction.| 572 573 574## FirewallRuleAction 575 576Enumerates actions for firewall rules. 577 578**System capability**: SystemCapability.Communication.NetManager.NetFirewall 579 580| Name | Value | Description | 581|----------------|------|------- | 582| RULE_ALLOW | 0 | Allowing network connection.| 583| RULE_DENY | 1 | Denying network connection.| 584 585## NetFirewallRuleType 586 587Enumerates firewall rule types. 588 589**System capability**: SystemCapability.Communication.NetManager.NetFirewall 590 591| Name | Value | Description | 592|----------------| ---- | ------------ | 593| RULE_IP | 1 | IP address-based firewall rule. | 594| RULE_DOMAIN | 2 | Domain name-based rule.| 595| RULE_DNS | 3 | DNS-based firewall rule. | 596 597## NetFirewallOrderField 598 599Enumerates firewall rule sorting types. 600 601**System capability**: SystemCapability.Communication.NetManager.NetFirewall 602 603| Name | Value | Description | 604| --------------------- | ---- | --------------------- | 605| ORDER_BY_RULE_NAME | 1 | Sorting of firewall rules by name.| 606| ORDER_BY_RECORD_TIME | 100 | Sorting of firewall rules by time. | 607 608## NetFirewallOrderType 609 610Enumerates firewall rule sorting orders. 611 612**System capability**: SystemCapability.Communication.NetManager.NetFirewall 613 614| Name | Value | Description | 615| ---------- | ---- | ------------------------------ | 616| ORDER_ASC | 1 | Sorting in ascending order.| 617| ORDER_DESC | 100 | Sorting in descending order.| 618 619 620## NetFirewallIpParams 621 622**System capability**: SystemCapability.Communication.NetManager.NetFirewall 623 624| Name | Type |Mandatory| Description | 625| ----------- | -------|----|------------------------------------------------------------ | 626| type | number | Yes| IP address type. The value **1** indicates an IP address or subnet. When a single IP address is used, the mask is 32. The value **2** indicates an IP address segment. | 627| family | number | No| IP address family. The value **1** indicates IPv4 and value **2** indicates IPv6. The default value is IPv4. Other values are not supported. | 628| address | string | No| IP address. This parameter is valid only when **type** is set to **1**. | 629| mask | number | No| Subnet mask for an IPv4 address and prefix for an IPv6 address. This parameter is valid only when **type** is set to **1**.| 630| startIp | string | No| Start IP address: This parameter is valid only when **type** is set to **2**. | 631| endIp | string | No| End IP address: This parameter is valid only when **type** is set to **2**. | 632 633## NetFirewallPortParams 634 635Defines the port parameters of a firewall rule. 636 637**System capability**: SystemCapability.Communication.NetManager.NetFirewall 638 639| Name | Type | Mandatory| Description | 640| ------------ | -------|------|----------- | 641| startPort | number | Yes | Start port number.| 642| endPort | number | Yes | End port number.| 643 644## NetFirewallDomainParams 645 646Defines the domain information of a firewall rule. 647 648**System capability**: SystemCapability.Communication.NetManager.NetFirewall 649 650| Name | Type | Mandatory| Description | 651| ------------ | --------|------|------------------------------------------ | 652| isWildcard | boolean | Yes | Whether to contain wildcards. The value **true** means to contain wildcards, and the value **false** means the opposite. | 653| domain | string | Yes | DNS domain. If **isWildcard** is **false**, you need to specify the complete domain name.| 654 655## NetFirewallDnsParams 656 657Defines the DNS information of a firewall rule. 658 659**System capability**: SystemCapability.Communication.NetManager.NetFirewall 660 661| Name | Type | Mandatory| Description | 662| ------------ | --------|------|--------------- | 663| primaryDns | string | Yes | Active DNS server.| 664| standbyDns | string | No | Standby DNS server. | 665