salt.states.csf
CSF Ip tables management
- depends
-
csf utility
- configuration
-
See http://download.configserver.com/csf/install.txt for setup instructions.
Simply allow/deny rules: csf.rule_present: ip: 1.2.3.4 method: allow
-
Alias for
csf.nics_skipped
salt.states.csf.nics_skip(name, nics, ipv6)
-
- name
-
Meaningless arg, but required for state.
- nics
-
A list of nics to skip.
- ipv6
-
Boolean. Set to true if you want to skip the ipv6 interface. Default false (ipv4).
salt.states.csf.nics_skipped(name, nics, ipv6=False)
-
Ensure the state of a particular option/setting in csf.
- name
-
The option name in csf.conf
- value
-
The value it should be set to.
- reload
-
Boolean. If set to true, csf will be reloaded after.
salt.states.csf.option_present(name, value, reload=False)
-
Ensure ports are open for a protocol, in a direction. e.g. - proto='tcp', direction='in' would set the values for TCP_IN in the csf.conf file.
- ports
-
A list of ports that should be open.
- proto
-
The protocol. May be one of 'tcp', 'udp', 'tcp6', or 'udp6'.
- direction
-
Choose 'in', 'out', or both to indicate the port should be opened for inbound traffic, outbound traffic, or both.
salt.states.csf.ports_open(name, ports, proto='tcp', direction='in')
-
Ensure iptable is not present.
- name
-
The ip address or CIDR for the rule.
- method
-
The type of rule. Either 'allow' or 'deny'.
- port
-
Optional port to be open or closed for the iptables rule.
- proto
-
The protocol. Either 'tcp', 'udp'. Only applicable if port is specified.
- direction
-
The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.
- port_origin
-
Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.
- ip_origin
-
Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.
- ttl
-
How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.
- reload
-
Reload the csf service after applying this rule. Default false.
salt.states.csf.rule_absent(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, reload=False)
-
Ensure iptable rule exists.
- name
-
The ip address or CIDR for the rule.
- method
-
The type of rule. Either 'allow' or 'deny'.
- port
-
Optional port to be open or closed for the iptables rule.
- proto
-
The protocol. Either 'tcp', or 'udp'. Only applicable if port is specified.
- direction
-
The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.
- port_origin
-
Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.
- ip_origin
-
Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.
- ttl
-
How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.
- comment
-
An optional comment to appear after the rule as a #comment .
- reload
-
Reload the csf service after applying this rule. Default false.
salt.states.csf.rule_present(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, comment='', reload=False)
-
Ensure testing mode is enabled in csf.
- reload
-
Reload CSF after changing the testing status. Default false.
salt.states.csf.testing_off(name, reload=False)
-
Ensure testing mode is enabled in csf.
- reload
-
Reload CSF after changing the testing status. Default false.
salt.states.csf.testing_on(name, reload=False)
© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/states/all/salt.states.csf.html