1# @ohos.net.netFirewall (Network Firewall) 2 3The **netFirewall** module implements the firewall query functionality. It allows applications to query the firewall interception records of the device. 4 5 6> **NOTE** 7> 8> The initial APIs of this module are supported since API version 15. Newly added APIs will be marked with a superscript to indicate their earliest API version. 9 10## Modules to Import 11 12```ts 13import { netfirewall } from '@kit.NetworkKit'; 14``` 15 16 17## netFirewall.getNetFirewallPolicy 18 19getNetFirewallPolicy(userId: number): Promise\<NetFirewallPolicy> 20 21Obtains a firewall policy. 22 23**Required permission**: ohos.permission.GET_NET_FIREWALL 24 25**System capability**: SystemCapability.Communication.NetManager.NetFirewall 26 27**Parameters** 28 29| Name | Type | Mandatory| Description | 30| -------- | ---------------------- | ---- | ---------------------------------------------- | 31| userId | number | Yes | Existing user ID. | 32 33**Return value** 34 35| Type | Description | 36| ------------------------------------------------- | ------------------------------------- | 37| Promise\<[NetFirewallPolicy](#netfirewallpolicy)> | Promise used to return the result, which is a firewall policy.| 38 39 40**Error codes** 41 42For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 43 44| ID| Error Message | 45| ------- | ----------------------------------------------------| 46| 201 | Permission denied. | 47| 401 | Parameter error. | 48| 2100001 | Invalid parameter value. | 49| 2100002 | Operation failed. Cannot connect to service. | 50| 2100003 | System internal error. | 51| 29400000 | The specified user does not exist. | 52 53**Example** 54 55```ts 56import { netFirewall } '@kit.NetworkKit'; 57import { BusinessError } from '@kit.BasicServicesKit'; 58 59netFirewall.getNetFirewallPolicy(100).then((result: netFirewall.NetFirewallPolicy) => { 60 console.info('firewall policy: ', JSON.stringify(result)); 61}, (reason: BusinessError) => { 62 console.error('get firewall policy failed: ', JSON.stringify(reason)); 63}); 64``` 65 66 67## netFirewall.updateNetFirewallRule 68 69updateNetFirewallRule(rule: NetFirewallRule): Promise\<void> 70 71Updates a firewall rule. 72 73**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 74 75**System capability**: SystemCapability.Communication.NetManager.NetFirewall 76 77**Parameters** 78 79| Name | Type | Mandatory| Description | 80| ------- | -------------------------------------- | ---- | -------------------------------- | 81| rule | [NetFirewallRule](#netfirewallrule) | Yes | Firewall rule. | 82 83**Return value** 84 85| Type | Description | 86| ------------------- | ------------------------------------------------------------------- | 87| Promise\<void> | Promise that returns no value. | 88 89**Error codes** 90 91For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 92 93| ID| Error Message | 94| ------- | ------------------------------------------------------------------------------- | 95| 201 | Permission denied. | 96| 401 | Parameter error. | 97| 2100001 | Invalid parameter value. | 98| 2100002 | Operation failed. Cannot connect to service. | 99| 2100003 | System internal error. | 100| 29400000 | The specified user does not exist. | 101| 29400002 | The number of IP address rules in the firewall rule exceeds the maximum. | 102| 29400003 | The number of port rules in the firewall rule exceeds the maximum. | 103| 29400004 | The number of domain rules in the firewall rule exceeds the maximum. | 104| 29400005 | The number of domain rules exceeds the maximum. | 105| 29400006 | The specified rule does not exist. | 106| 29400007 | The dns rule is duplication. | 107 108**Example** 109 110```ts 111import { netFirewall } '@kit.NetworkKit'; 112import { BusinessError } from '@kit.BasicServicesKit'; 113 114let ipRuleUpd: netFirewall.NetFirewallRule = { 115 id: 1, 116 name: "rule1", 117 description: "rule1 description update", 118 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 119 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 120 type: netFirewall.NetFirewallRuleType.RULE_IP, 121 isEnabled: false, 122 appUid: 20001, 123 localIps: [ 124 { 125 family: 1, 126 type: 1, 127 address: "10.10.1.1", 128 mask: 24 129 },{ 130 family: 1, 131 type: 2, 132 startIp: "10.20.1.1", 133 endIp: "10.20.1.10" 134 }], 135 userId: 100 136}; 137netFirewall.updateNetFirewallRule(ipRuleUpd).then(() => { 138 console.info('update firewall rule success.'); 139}, (reason: BusinessError) => { 140 console.error('update firewall rule failed: ', JSON.stringify(reason)); 141}); 142``` 143 144## netFirewall.removeNetFirewallRule 145 146removeNetFirewallRule(userId: number, ruleId: number): Promise\<void> 147 148Removes a firewall rule. 149 150**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 151 152**System capability**: SystemCapability.Communication.NetManager.NetFirewall 153 154**Parameters** 155 156| Name | Type | Mandatory| Description | 157| -------- | ----------------------------------- | ---- | -------------------------------------------- | 158| rule | [NetFirewallRule](#netfirewallrule) | Yes | Firewall rule. | 159| userId | number | Yes | Existing user ID. | 160| ruleId | number | Yes | ID of the firewall rule. | 161 162**Return value** 163 164| Type | Description | 165| ------------------- | ---------------------------------------------------------------------| 166| Promise\<void> | Promise that returns no value. | 167 168**Error codes** 169 170For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 171 172| ID| Error Message | 173| ------- | ------------------------------------------------------------------------------- | 174| 201 | Permission denied. | 175| 401 | Parameter error. | 176| 2100001 | Invalid parameter value. | 177| 2100002 | Operation failed. Cannot connect to service. | 178| 2100003 | System internal error. | 179| 29400000 | The specified user does not exist. | 180| 29400006 | The specified rule does not exist. | 181 182**Example** 183 184```ts 185import { netFirewall } '@kit.NetworkKit'; 186import { BusinessError } from '@kit.BasicServicesKit'; 187 188netFirewall.removeNetFirewallRule(100, 1).then(() => { 189 console.info("delete firewall rule success."); 190}).catch((error : BusinessError) => { 191 console.error("delete firewall rule failed: " + JSON.stringify(error)); 192}); 193``` 194 195## netFirewall.getNetFirewallRules 196 197getNetFirewallRules(userId: number, requestParam: RequestParam): Promise\<FirewallRulePage> 198 199Obtains firewall rules by user ID. You need to specify the pagination query parameter when calling this API. 200 201**Required permission**: ohos.permission.GET_NET_FIREWALL 202 203**System capability**: SystemCapability.Communication.NetManager.NetFirewall 204 205**Parameters** 206 207| Name | Type | Mandatory| Description | 208| --------------- | ----------------------------- | ---- | -------------------------------------------- | 209| userId | number | Yes | Existing user ID. | 210| requestParam | [RequestParam](#requestparam) | Yes | Pagination query parameter. | 211 212**Return value** 213 214| Type | Description | 215| ----------------------------------------------- | ---------------------------------------- | 216| Promise\<[FirewallRulePage](#firewallrulepage)> | Promise used to return the result, which is list of firewall rules. | 217 218**Error codes** 219 220For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 221 222| ID| Error Message | 223| ------- | --------------------------------------------------------------------------------| 224| 201 | Permission denied. | 225| 401 | Parameter error. | 226| 2100001 | Invalid parameter value. | 227| 2100002 | Operation failed. Cannot connect to service. | 228| 2100003 | System internal error. | 229| 29400000 | The specified user does not exist. | 230 231**Example** 232 233```ts 234import { netFirewall } '@kit.NetworkKit'; 235import { BusinessError } from '@kit.BasicServicesKit'; 236 237let ruleParam: netFirewall.RequestParam = { 238 page: 1, 239 pageSize: 10, 240 orderField: netFirewall.NetFirewallOrderField.ORDER_BY_RULE_NAME, 241 orderType: netFirewall.NetFirewallOrderType.ORDER_ASC 242}; 243netFirewall.getNetFirewallRules(100, ruleParam).then((result: netfirewall.FirewallRulePage) => { 244 console.info("result:", JSON.stringify(result)); 245}, (error: BusinessError) => { 246 console.error("get firewall rules failed: " + JSON.stringify(error)); 247}); 248``` 249 250## netFirewall.getNetFirewallRule 251 252getNetFirewallRule(userId: number, ruleId: number): Promise\<NetFirewallRule> 253 254Obtains a firewall rule based on the specified user ID and rule ID. 255 256**Required permission**: ohos.permission.GET_NET_FIREWALL 257 258**System capability**: SystemCapability.Communication.NetManager.NetFirewall 259 260**Parameters** 261 262| Name | Type | Mandatory| Description | 263| -------- | ------------------------- | ---- | -------------------------------------------- | 264| userId | number | Yes | Existing user ID.| 265| ruleId | number | Yes | ID of the firewall rule. | 266 267**Return value** 268 269| Type | Description | 270| ----------------------------------------------- | ---------------------------------------- | 271| Promise\<[NetFirewallRule](#netfirewallrule)> | Promise used to return the result, which is a firewall rule. | 272 273**Error codes** 274 275For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 276 277| ID| Error Message | 278| ------- | ------------------------------------------------------------------------------- | 279| 201 | Permission denied. | 280| 401 | Parameter error. | 281| 2100001 | Invalid parameter value. | 282| 2100002 | Operation failed. Cannot connect to service. | 283| 2100003 | System internal error. | 284| 29400000 | The specified user does not exist. | 285| 29400006 | The specified rule does not exist. | 286 287**Example** 288 289```ts 290import { netFirewall } '@kit.NetworkKit'; 291import { BusinessError } from '@kit.BasicServicesKit'; 292 293netFirewall.getNetFirewallRule(100, 1).then((rule: netFirewall.NetFirewallRule) => { 294 console.info("result:", JSON.stringify(rule)); 295}).catch((error : BusinessError) => { 296 console.error(" get firewall rules failed: " + JSON.stringify(error)); 297}); 298``` 299 300## netFirewall.setNetFirewallPolicy 301 302setNetFirewallPolicy(userId: number, policy: NetFirewallPolicy): Promise\<void> 303 304Sets a firewall policy. 305 306**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 307 308**System capability**: SystemCapability.Communication.NetManager.NetFirewall 309 310**Parameters** 311 312| Name| Type | Mandatory| Description | 313| ------ | ----------------------------------------| ---- | -------------------------------------------- | 314| userId | number | Yes | Existing user ID.| 315| policy | [NetFirewallPolicy](#netfirewallpolicy) | Yes | Firewall policy. | 316 317**Return value** 318 319| Type | Description | 320| ------------------- | ---------------------------------------- | 321| Promise\<void> | Promise that returns no value. | 322 323**Error codes** 324 325For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 326 327| ID| Error Message | 328| ------- | ----------------------------------------------------| 329| 201 | Permission denied. | 330| 401 | Parameter error. | 331| 2100001 | Invalid parameter value. | 332| 2100002 | Operation failed. Cannot connect to service. | 333| 2100003 | System internal error. | 334| 29400000 | The specified user does not exist. | 335 336**Example** 337 338```ts 339import { netFirewall } '@kit.NetworkKit'; 340import { BusinessError } from '@kit.BasicServicesKit'; 341 342let policy: netFirewall.NetFirewallPolicy = { 343 isOpen: true, 344 inAction: netFirewall.FirewallRuleAction.RULE_DENY, 345 outAction: netFirewall.FirewallRuleAction.RULE_ALLOW 346}; 347netFirewall.setNetFirewallPolicy(100, policy).then(() => { 348 console.info("set firewall policy success."); 349}).catch((error : BusinessError) => { 350 console.error("set firewall policy failed: " + JSON.stringify(error)); 351}); 352``` 353 354## netFirewall.addNetFirewallRule 355 356addNetFirewallRule(rule: NetFirewallRule): Promise\<number> 357 358Adds a firewall rule. 359 360**Required permission**: ohos.permission.MANAGE_NET_FIREWALL 361 362**System capability**: SystemCapability.Communication.NetManager.NetFirewall 363 364**Parameters** 365 366| Name | Type | Mandatory| Description | 367| -------- | ------------------------------------------------- | ---- | ------------ | 368| rule | [NetFirewallRule](#netfirewallrule) | Yes | Firewall rule.| 369 370**Return value** 371 372| Type | Description | 373| ------------------------- | ----------------------------------------------------------- | 374| Promise\<number> | Promise used to return the result, which is the firewall rule ID automatically generated by the system.| 375 376**Error codes** 377 378For details about the error codes, see [Network Connection Management Error Codes](errorcode-net-connection.md) and [Universal Error Codes](../errorcode-universal.md). 379 380| ID| Error Message | 381| ------- | ------------------------------------------------------------------------ | 382| 201 | Permission denied. | 383| 401 | Parameter error. | 384| 2100001 | Invalid parameter value. | 385| 2100002 | Operation failed. Cannot connect to service. | 386| 2100003 | System internal error. | 387| 29400000 | The specified user does not exist. | 388| 29400001 | The number of firewall rules exceeds the maximum. | 389| 29400002 | The number of IP address rules in the firewall rule exceeds the maximum. | 390| 29400003 | The number of port rules in the firewall rule exceeds the maximum. | 391| 29400004 | The number of domain rules in the firewall rule exceeds the maximum. | 392| 29400005 | The number of domain rules exceeds the maximum. | 393| 29400007 | The dns rule is duplication. | 394 395**Example** 396 397```ts 398import { netFirewall } '@kit.NetworkKit'; 399import { BusinessError } from '@kit.BasicServicesKit'; 400 401let ipRule: netFirewall.NetFirewallRule = { 402 name: "rule1", 403 description: "rule1 description", 404 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 405 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 406 type: netFirewall.NetFirewallRuleType.RULE_IP, 407 isEnabled: true, 408 appUid: 20001, 409 localIps: [ 410 { 411 family: 1, 412 type: 1, 413 address: "10.10.1.1", 414 mask: 24 415 },{ 416 family: 1, 417 type: 2, 418 startIp: "10.20.1.1", 419 endIp: "10.20.1.10" 420 }], 421 remoteIps:[ 422 { 423 family: 1, 424 type: 1, 425 address: "20.10.1.1", 426 mask: 24 427 },{ 428 family: 1, 429 type: 2, 430 startIp: "20.20.1.1", 431 endIp: "20.20.1.10" 432 }], 433 protocol: 6, 434 localPorts: [ 435 { 436 startPort: 1000, 437 endPort: 1000 438 },{ 439 startPort: 2000, 440 endPort: 2001 441 }], 442 remotePorts: [ 443 { 444 startPort: 443, 445 endPort: 443 446 }], 447 userId: 100 448}; 449netFirewall.addNetFirewallRule(ipRule).then((result: number) => { 450 console.info('rule Id: ', result); 451}, (reason: BusinessError) => { 452 console.error('add firewall rule failed: ', JSON.stringify(reason)); 453}); 454 455let domainRule: netFirewall.NetFirewallRule = { 456 name: "rule2", 457 description: "rule2 description", 458 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 459 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 460 type: netFirewall.NetFirewallRuleType.RULE_DOMAIN, 461 isEnabled: true, 462 appUid: 20002, 463 domains: [ 464 { 465 isWildcard: false, 466 domain: "www.example.cn" 467 },{ 468 isWildcard: true, 469 domain: "*.example.cn" 470 }], 471 userId: 100 472}; 473netFirewall.addNetFirewallRule(domainRule).then((result: number) => { 474 console.info('rule Id: ', result); 475}, (reason: BusinessError) => { 476 console.error('add firewall rule failed: ', JSON.stringify(reason)); 477}); 478 479let dnsRule: netFirewall.NetFirewallRule = { 480 name: "rule3", 481 description: "rule3 description", 482 direction: netFirewall.NetFirewallRuleDirection.RULE_IN, 483 action:netFirewall.NetFirewallRuleDirection.RULE_DENY, 484 type: netFirewall.NetFirewallRuleType.RULE_DNS, 485 isEnabled: true, 486 appUid: 20003, 487 primaryDns: "4.4.4.4", 488 standbyDns: "8.8.8.8", 489 userId: 100 490}; 491netFirewall.addNetFirewallRule(dnsRule).then((result: number) => { 492 console.info('rule Id: ', result); 493}, (reason: BusinessError) => { 494 console.error('add firewall rule failed: ', JSON.stringify(reason)); 495}); 496``` 497 498## NetFirewallRule 499 500Defines a firewall rule. 501 502**System capability**: SystemCapability.Communication.NetManager.NetFirewall 503 504| Name | Type |Mandatory| Description | 505| ------------|-------------------------------------------------------------|----|-------------------------------------------------------------- | 506| userId | number | Yes| Existing user ID. | 507| name | string | Yes| Rule name. This parameter is mandatory and can contain a maximum of 128 characters. | 508| direction | [NetFirewallRuleDirection](#netfirewallruledirection) | Yes| Interception direction, which can be inbound or outbound. | 509| action | [FirewallRuleAction](#firewallruleaction) | Yes| Action. | 510| type | [NetFirewallRuleType](#netfirewallruletype) | Yes| Rule type. | 511| isEnabled | boolean | Yes| Whether to enable the firewall rule. The value **true** means to enable the firewall rule, and the value **false** means the opposite. | 512| id | number | No| Firewall rule ID. | 513| description | string | No| Firewall rule description. This parameter is optional and can contain a maximum of 256 characters. | 514| appUid | number | No| Application or service UID. | 515| localIps | Array\<[NetFirewallIpParams](#netfirewallipparams)> | No| List of local IP addresses. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 local IP addresses are supported. | 516| remoteIps | Array\<[NetFirewallIpParams](#netfirewallipparams)> | No| List of remote IP addresses. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 local IP addresses are supported.| 517| protocol | number | No| Protocol. The value **6** indicates TCP and value **17** indicates UDP. This parameter is valid only when **ruleType** is set to **RULE_IP**. | 518| localPorts | Array\<[NetFirewallPortParams](#netfirewallportparams)> | No| List of local ports. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 local ports are supported. | 519| remotePorts | Array\<[NetFirewallPortParams](#netfirewallportparams)> | No| List of remote ports. This parameter is valid when **ruleType** is set to **RULE_IP**. A maximum of 10 remote ports are supported. | 520| domains | Array\<[NetFirewallDomainParams](#netfirewalldomainparams)> | No| List of domain names. This parameter is valid only when **ruleType** is set to **RULE_DOMAIN**. | 521| dns | [NetFirewallDnsParams](#netfirewalldnsparams) | No| List of DNS server names. This parameter is valid only when **ruleType** is set to **RULE_DNS**. | 522 523## RequestParam 524 525Defines query parameters. 526 527**System capability**: SystemCapability.Communication.NetManager.NetFirewall 528 529| Name | Type | Mandatory| Description | 530|------------|--------------------------------------------------|------|---------------------------- | 531| page | number | Yes | Page number. The value range is [1,1000]. | 532| pageSize | number | Yes | Page size. The value range is [1,50]. | 533| orderField | [NetFirewallOrderField](#netfirewallorderfield) | Yes | Sorting order field. | 534| orderType | [NetFirewallOrderType](#netfirewallordertype) | Yes | Sorting order type. | 535 536 537## FirewallRulePage 538 539Defines the pagination structure for firewall rules. 540 541**System capability**: SystemCapability.Communication.NetManager.NetFirewall 542 543| Name | Type | Mandatory| Description | 544|------------|-------------------------------------------- |------|---------------| 545| page | number | Yes | Current page number. The value range is [1,1000]. | 546| pageSize | number | Yes | Page size. The value range is [1,50]. | 547| totalPage | number | Yes | Total number of pages. The value range is [1,1000]. | 548| data | Array\<[NetFirewallRule](#netfirewallrule)> | Yes | Page data. | 549 550## NetFirewallPolicy 551 552Defines a firewall policy. 553 554**System capability**: SystemCapability.Communication.NetManager.NetFirewall 555 556| Name | Type | Mandatory| Description | 557| -----------| -------------------------------------------|------|-------------- | 558| isOpen | boolean | Yes | Whether to enable or disable the firewall. The value **true** means to enable the firewall, and the value **false** means the opposite.| 559| inAction | [FirewallRuleAction](#firewallruleaction) | Yes | Inbound action. | 560| outAction | [FirewallRuleAction](#firewallruleaction) | Yes | Outbound action. | 561 562 563## NetFirewallRuleDirection 564 565Enumerates interception directions for firewall rules. 566 567**System capability**: SystemCapability.Communication.NetManager.NetFirewall 568 569| Name | Value | Description | 570|--------------|------|--------| 571| RULE_IN | 1 | Inbound direction.| 572| RULE_OUT | 2 | Outbound direction.| 573 574 575## FirewallRuleAction 576 577Enumerates actions for firewall rules. 578 579**System capability**: SystemCapability.Communication.NetManager.NetFirewall 580 581| Name | Value | Description | 582|----------------|------|------- | 583| RULE_ALLOW | 0 | Allowing network connection.| 584| RULE_DENY | 1 | Denying network connection.| 585 586## NetFirewallRuleType 587 588Enumerates firewall rule types. 589 590**System capability**: SystemCapability.Communication.NetManager.NetFirewall 591 592| Name | Value | Description | 593|----------------| ---- | ------------ | 594| RULE_IP | 1 | IP address-based firewall rule. | 595| RULE_DOMAIN | 2 | Domain name-based rule.| 596| RULE_DNS | 3 | DNS-based firewall rule. | 597 598## NetFirewallOrderField 599 600Enumerates firewall rule sorting types. 601 602**System capability**: SystemCapability.Communication.NetManager.NetFirewall 603 604| Name | Value | Description | 605| --------------------- | ---- | --------------------- | 606| ORDER_BY_RULE_NAME | 1 | Sorting of firewall rules by name.| 607| ORDER_BY_RECORD_TIME | 100 | Sorting of firewall rules by time. | 608 609## NetFirewallOrderType 610 611Enumerates firewall rule sorting orders. 612 613**System capability**: SystemCapability.Communication.NetManager.NetFirewall 614 615| Name | Value | Description | 616| ---------- | ---- | ------------------------------ | 617| ORDER_ASC | 1 | Sorting in ascending order.| 618| ORDER_DESC | 100 | Sorting in descending order.| 619 620 621## NetFirewallIpParams 622 623**System capability**: SystemCapability.Communication.NetManager.NetFirewall 624 625| Name | Type |Mandatory| Description | 626| ----------- | -------|----|------------------------------------------------------------ | 627| type | number | Yes| IP address type. The value **1** indicates an IP address or subnet. When a single IP address is used, the mask is 32. The value **2** indicates an IP address segment. | 628| family | number | No| IP address family. The value **1** indicates IPv4 and value **2** indicates IPv6. The default value is IPv4. Other values are not supported. | 629| address | string | No| IP address. This parameter is valid only when **type** is set to **1**. | 630| mask | number | No| Subnet mask for an IPv4 address and prefix for an IPv6 address. This parameter is valid only when **type** is set to **1**.| 631| startIp | string | No| Start IP address: This parameter is valid only when **type** is set to **2**. | 632| endIp | string | No| End IP address: This parameter is valid only when **type** is set to **2**. | 633 634## NetFirewallPortParams 635 636Defines the port parameters of a firewall rule. 637 638**System capability**: SystemCapability.Communication.NetManager.NetFirewall 639 640| Name | Type | Mandatory| Description | 641| ------------ | -------|------|----------- | 642| startPort | number | Yes | Start port number.| 643| endPort | number | Yes | End port number.| 644 645## NetFirewallDomainParams 646 647Defines the domain information of a firewall rule. 648 649**System capability**: SystemCapability.Communication.NetManager.NetFirewall 650 651| Name | Type | Mandatory| Description | 652| ------------ | --------|------|------------------------------------------ | 653| isWildcard | boolean | Yes | Whether to contain wildcards. The value **true** means to contain wildcards, and the value **false** means the opposite. | 654| domain | string | Yes | DNS domain. If **isWildcard** is **false**, you need to specify the complete domain name.| 655 656## NetFirewallDnsParams 657 658Defines the DNS information of a firewall rule. 659 660**System capability**: SystemCapability.Communication.NetManager.NetFirewall 661 662| Name | Type | Mandatory| Description | 663| ------------ | --------|------|--------------- | 664| primaryDns | string | Yes | Active DNS server.| 665| standbyDns | string | No | Standby DNS server. | 666