salt.modules.firewalld

Support for firewalld.

New in version 2015.2.0.

salt.modules.firewalld.add_interface(zone, interface, permanent=True)

Bind an interface to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.add_interface zone eth0
salt.modules.firewalld.add_masquerade(zone=None, permanent=True)

Enable masquerade on a zone. If zone is omitted, default zone will be used.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.add_masquerade

To enable masquerade on a specific zone

salt '*' firewalld.add_masquerade dmz
salt.modules.firewalld.add_port(zone, port, permanent=True, force_masquerade=False)

Allow specific ports in a zone.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.add_port internal 443/tcp
force_masquerade

when a zone is created ensure masquerade is also enabled on that zone.

salt.modules.firewalld.add_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True, force_masquerade=False)

Add port forwarding.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.add_port_fwd public 80 443 tcp
force_masquerade

when a zone is created ensure masquerade is also enabled on that zone.

salt.modules.firewalld.add_rich_rule(zone, rule, permanent=True)

Add a rich rule to a zone

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.add_rich_rule zone 'rule'
salt.modules.firewalld.add_service(service, zone=None, permanent=True)

Add a service for zone. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.add_service ssh

To assign a service to a specific zone:

salt '*' firewalld.add_service ssh my_zone
salt.modules.firewalld.add_service_port(service, port)

Add a new port to the specified service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.add_service_port zone 80
salt.modules.firewalld.add_service_protocol(service, protocol)

Add a new protocol to the specified service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.add_service_protocol zone ssh
salt.modules.firewalld.add_source(zone, source, permanent=True)

Bind a source to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.add_source zone 192.168.1.0/24
salt.modules.firewalld.allow_icmp(zone, icmp, permanent=True)

Allow a specific ICMP type on a zone

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.allow_icmp zone echo-reply
salt.modules.firewalld.block_icmp(zone, icmp, permanent=True)

Block a specific ICMP type on a zone

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.block_icmp zone echo-reply
salt.modules.firewalld.default_zone()

Print default zone for connections and interfaces

CLI Example:

salt '*' firewalld.default_zone
salt.modules.firewalld.delete_service(name, restart=True)

Delete an existing service

CLI Example:

salt '*' firewalld.delete_service my_service

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.delete_service my_service False
salt.modules.firewalld.delete_zone(zone, restart=True)

Delete an existing zone

CLI Example:

salt '*' firewalld.delete_zone my_zone

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.delete_zone my_zone False
salt.modules.firewalld.get_icmp_types(permanent=True)

Print predefined icmptypes

CLI Example:

salt '*' firewalld.get_icmp_types
salt.modules.firewalld.get_interfaces(zone, permanent=True)

List interfaces bound to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.get_interfaces zone
salt.modules.firewalld.get_masquerade(zone=None, permanent=True)

Show if masquerading is enabled on a zone. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.get_masquerade zone
salt.modules.firewalld.get_rich_rules(zone, permanent=True)

List rich rules bound to a zone

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.get_rich_rules zone
salt.modules.firewalld.get_service_ports(service)

List ports of a service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.get_service_ports zone
salt.modules.firewalld.get_service_protocols(service)

List protocols of a service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.get_service_protocols zone
salt.modules.firewalld.get_services(permanent=True)

Print predefined services

CLI Example:

salt '*' firewalld.get_services
salt.modules.firewalld.get_sources(zone, permanent=True)

List sources bound to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.get_sources zone
salt.modules.firewalld.get_zones(permanent=True)

Print predefined zones

CLI Example:

salt '*' firewalld.get_zones
salt.modules.firewalld.list_all(zone=None, permanent=True)

List everything added for or enabled in a zone

CLI Example:

salt '*' firewalld.list_all

List a specific zone

salt '*' firewalld.list_all my_zone
salt.modules.firewalld.list_icmp_block(zone, permanent=True)

List ICMP blocks on a zone

New in version 2015.8.0.

CLI Example:

salt '*' firewlld.list_icmp_block zone
salt.modules.firewalld.list_port_fwd(zone, permanent=True)

List port forwarding

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.list_port_fwd public
salt.modules.firewalld.list_ports(zone, permanent=True)

List all ports in a zone.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.list_ports
salt.modules.firewalld.list_services(zone=None, permanent=True)

List services added for zone as a space separated list. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.list_services

List a specific zone

salt '*' firewalld.list_services my_zone
salt.modules.firewalld.list_zones(permanent=True)

List everything added for or enabled in all zones

CLI Example:

salt '*' firewalld.list_zones
salt.modules.firewalld.make_permanent()

Make current runtime configuration permanent.

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.make_permanent
salt.modules.firewalld.new_service(name, restart=True)

Add a new service

CLI Example:

salt '*' firewalld.new_service my_service

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.new_service my_service False
salt.modules.firewalld.new_zone(zone, restart=True)

Add a new zone

CLI Example:

salt '*' firewalld.new_zone my_zone

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.new_zone my_zone False
salt.modules.firewalld.reload_rules()

Reload the firewall rules, which makes the permanent configuration the new runtime configuration without losing state information.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.reload_rules
salt.modules.firewalld.remove_interface(zone, interface, permanent=True)

Remove an interface bound to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.remove_interface zone eth0
salt.modules.firewalld.remove_masquerade(zone=None, permanent=True)

Remove masquerade on a zone. If zone is omitted, default zone will be used.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.remove_masquerade

To remove masquerade on a specific zone

salt '*' firewalld.remove_masquerade dmz
salt.modules.firewalld.remove_port(zone, port, permanent=True)

Remove a specific port from a zone.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.remove_port internal 443/tcp
salt.modules.firewalld.remove_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True)

Remove Port Forwarding.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.remove_port_fwd public 80 443 tcp
salt.modules.firewalld.remove_rich_rule(zone, rule, permanent=True)

Add a rich rule to a zone

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.remove_rich_rule zone 'rule'
salt.modules.firewalld.remove_service(service, zone=None, permanent=True)

Remove a service from zone. This option can be specified multiple times. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.remove_service ssh

To remove a service from a specific zone

salt '*' firewalld.remove_service ssh dmz
salt.modules.firewalld.remove_service_port(service, port)

Remove a port from the specified service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.remove_service_port zone 80
salt.modules.firewalld.remove_service_protocol(service, protocol)

Remove a protocol from the specified service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.remove_service_protocol zone ssh
salt.modules.firewalld.remove_source(zone, source, permanent=True)

Remove a source bound to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.remove_source zone 192.168.1.0/24
salt.modules.firewalld.set_default_zone(zone)

Set default zone

CLI Example:

salt '*' firewalld.set_default_zone damian
salt.modules.firewalld.version()

Return version from firewall-cmd

CLI Example:

salt '*' firewalld.version

Generated on June 18, 2020 at 04:09:58 UTC.

You are viewing docs for the latest stable release, 3001. Switch to docs for the previous stable release, 3000.3, or to a recent doc build from the master branch.


saltstack.com

© 2020 SaltStack. All Rights Reserved, SaltStack Inc. | Privacy Policy