salt.modules.csf¶
Support for Config Server Firewall (CSF)¶
- maintainer:
Mostafa Hussein <mostafa.hussein91@gmail.com>
- maturity:
new
- platform:
Linux
- salt.modules.csf.allow(ip, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, comment='')¶
Add an rule to csf allowed hosts See
_access_rule(). 1- Add an IP:CLI Example:
salt '*' csf.allow 127.0.0.1 salt '*' csf.allow 127.0.0.1 comment="Allow localhost"
- salt.modules.csf.allow_port(port, proto='tcp', direction='both')¶
Like allow_ports, but it will append to the existing entry instead of replacing it. Takes a single port instead of a list of ports.
CLI Example:
salt '*' csf.allow_port 22 proto='tcp' direction='in'
- salt.modules.csf.allow_ports(ports, proto='tcp', direction='in')¶
Fully replace the incoming or outgoing ports line in the csf.conf file - e.g. TCP_IN, TCP_OUT, UDP_IN, UDP_OUT, etc.
CLI Example:
salt '*' csf.allow_ports ports="[22,80,443,4505,4506]" proto='tcp' direction='in'
- salt.modules.csf.build_directions(direction)¶
- salt.modules.csf.deny(ip, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='d', ttl=None, comment='')¶
Add an rule to csf denied hosts See
_access_rule(). 1- Deny an IP:CLI Example:
salt '*' csf.deny 127.0.0.1 salt '*' csf.deny 127.0.0.1 comment="Too localhosty"
- salt.modules.csf.disable()¶
Disable csf permanently
CLI Example:
salt '*' csf.disable
- salt.modules.csf.disable_testing_mode()¶
- salt.modules.csf.enable()¶
Activate csf if not running
CLI Example:
salt '*' csf.enable
- salt.modules.csf.enable_testing_mode()¶
- salt.modules.csf.exists(method, ip, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='d', ttl=None, comment='')¶
Returns true a rule for the ip already exists based on the method supplied. Returns false if not found.
CLI Example:
salt '*' csf.exists allow 1.2.3.4 salt '*' csf.exists tempdeny 1.2.3.4
- salt.modules.csf.get_option(option)¶
- salt.modules.csf.get_ports(proto='tcp', direction='in')¶
Lists ports from csf.conf based on direction and protocol. e.g. - TCP_IN, TCP_OUT, UDP_IN, UDP_OUT, etc..
CLI Example:
salt '*' csf.allow_port 22 proto='tcp' direction='in'
- salt.modules.csf.get_skipped_nics(ipv6=False)¶
- salt.modules.csf.get_testing_status()¶
- salt.modules.csf.reload()¶
Restart csf
CLI Example:
salt '*' csf.reload
- salt.modules.csf.remove_rule(method, ip, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, comment='')¶
- salt.modules.csf.remove_temp_rule(ip)¶
- salt.modules.csf.running()¶
Check csf status
CLI Example:
salt '*' csf.running
- salt.modules.csf.set_option(option, value)¶
- salt.modules.csf.skip_nic(nic, ipv6=False)¶
- salt.modules.csf.skip_nics(nics, ipv6=False)¶
- salt.modules.csf.split_option(option)¶
- salt.modules.csf.tempallow(ip=None, ttl=None, port=None, direction=None, comment='')¶
Add an rule to the temporary ip allow list. See
_access_rule(). 1- Add an IP:CLI Example:
salt '*' csf.tempallow 127.0.0.1 3600 port=22 direction='in' comment='# Temp dev ssh access'
- salt.modules.csf.tempdeny(ip=None, ttl=None, port=None, direction=None, comment='')¶
Add a rule to the temporary ip deny list. See
_access_rule(). 1- Add an IP:CLI Example:
salt '*' csf.tempdeny 127.0.0.1 300 port=22 direction='in' comment='# Brute force attempt'
- salt.modules.csf.unallow(ip)¶
Remove a rule from the csf denied hosts See
_access_rule(). 1- Deny an IP:CLI Example:
salt '*' csf.unallow 127.0.0.1
- salt.modules.csf.undeny(ip)¶
Remove a rule from the csf denied hosts See
_access_rule(). 1- Deny an IP:CLI Example:
salt '*' csf.undeny 127.0.0.1
