Mostafa Hussein <mostafa.hussein91@gmail.com>
new
Linux
salt.modules.csf.
allow
(ip, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, comment='')¶Add an rule to csf allowed hosts
See _access_rule()
.
1- Add an IP:
CLI Example:
salt '*' csf.allow 127.0.0.1
salt '*' csf.allow 127.0.0.1 comment="Allow localhost"
salt.modules.csf.
allow_port
(port, proto='tcp', direction='both')¶Like allow_ports, but it will append to the existing entry instead of replacing it. Takes a single port instead of a list of ports.
CLI Example:
salt '*' csf.allow_port 22 proto='tcp' direction='in'
salt.modules.csf.
allow_ports
(ports, proto='tcp', direction='in')¶Fully replace the incoming or outgoing ports line in the csf.conf file - e.g. TCP_IN, TCP_OUT, UDP_IN, UDP_OUT, etc.
CLI Example:
salt '*' csf.allow_ports ports="[22,80,443,4505,4506]" proto='tcp' direction='in'
salt.modules.csf.
build_directions
(direction)¶salt.modules.csf.
deny
(ip, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='d', ttl=None, comment='')¶Add an rule to csf denied hosts
See _access_rule()
.
1- Deny an IP:
CLI Example:
salt '*' csf.deny 127.0.0.1
salt '*' csf.deny 127.0.0.1 comment="Too localhosty"
salt.modules.csf.
disable
()¶Disable csf permanently CLI Example:
salt '*' csf.disable
salt.modules.csf.
disable_testing_mode
()¶salt.modules.csf.
enable
()¶Activate csf if not running CLI Example:
salt '*' csf.enable
salt.modules.csf.
enable_testing_mode
()¶salt.modules.csf.
exists
(method, ip, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='d', ttl=None, comment='')¶Returns true a rule for the ip already exists based on the method supplied. Returns false if not found. CLI Example:
salt '*' csf.exists allow 1.2.3.4
salt '*' csf.exists tempdeny 1.2.3.4
salt.modules.csf.
get_option
(option)¶salt.modules.csf.
get_ports
(proto='tcp', direction='in')¶Lists ports from csf.conf based on direction and protocol. e.g. - TCP_IN, TCP_OUT, UDP_IN, UDP_OUT, etc..
CLI Example:
salt '*' csf.allow_port 22 proto='tcp' direction='in'
salt.modules.csf.
get_skipped_nics
(ipv6=False)¶salt.modules.csf.
get_testing_status
()¶salt.modules.csf.
reload
()¶Restart csf CLI Example:
salt '*' csf.reload
salt.modules.csf.
remove_rule
(method, ip, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, comment='')¶salt.modules.csf.
remove_temp_rule
(ip)¶salt.modules.csf.
running
()¶Check csf status CLI Example:
salt '*' csf.running
salt.modules.csf.
set_option
(option, value)¶salt.modules.csf.
skip_nic
(nic, ipv6=False)¶salt.modules.csf.
skip_nics
(nics, ipv6=False)¶salt.modules.csf.
split_option
(option)¶salt.modules.csf.
tempallow
(ip=None, ttl=None, port=None, direction=None, comment='')¶Add an rule to the temporary ip allow list.
See _access_rule()
.
1- Add an IP:
CLI Example:
salt '*' csf.tempallow 127.0.0.1 3600 port=22 direction='in' comment='# Temp dev ssh access'
salt.modules.csf.
tempdeny
(ip=None, ttl=None, port=None, direction=None, comment='')¶Add a rule to the temporary ip deny list.
See _access_rule()
.
1- Add an IP:
CLI Example:
salt '*' csf.tempdeny 127.0.0.1 300 port=22 direction='in' comment='# Brute force attempt'
salt.modules.csf.
unallow
(ip)¶Remove a rule from the csf denied hosts
See _access_rule()
.
1- Deny an IP:
CLI Example:
salt '*' csf.unallow 127.0.0.1
salt.modules.csf.
undeny
(ip)¶Remove a rule from the csf denied hosts
See _access_rule()
.
1- Deny an IP:
CLI Example:
salt '*' csf.undeny 127.0.0.1