salt.modules.firewalld#

Support for firewalld.

New in version 2015.2.0.

salt.modules.firewalld.add_interface(zone, interface, permanent=True)#

Bind an interface to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.add_interface zone eth0

salt.modules.firewalld.add_masquerade(zone=None, permanent=True)#

Enable masquerade on a zone. If zone is omitted, default zone will be used.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.add_masquerade

To enable masquerade on a specific zone

salt '*' firewalld.add_masquerade dmz

salt.modules.firewalld.add_port(zone, port, permanent=True, force_masquerade=False)#

Allow specific ports in a zone.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.add_port internal 443/tcp

force_masquerade: when a zone is created ensure masquerade is also enabled on that zone.

salt.modules.firewalld.add_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True, force_masquerade=False)#

Add port forwarding.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.add_port_fwd public 80 443 tcp

force_masquerade: when a zone is created ensure masquerade is also enabled on that zone.

salt.modules.firewalld.add_rich_rule(zone, rule, permanent=True)#

Add a rich rule to a zone

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.add_rich_rule zone 'rule'

salt.modules.firewalld.add_service(service, zone=None, permanent=True)#

Add a service for zone. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.add_service ssh

To assign a service to a specific zone:

salt '*' firewalld.add_service ssh my_zone

salt.modules.firewalld.add_service_port(service, port)#

Add a new port to the specified service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.add_service_port zone 80

salt.modules.firewalld.add_service_protocol(service, protocol)#

Add a new protocol to the specified service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.add_service_protocol zone ssh

salt.modules.firewalld.add_source(zone, source, permanent=True)#

Bind a source to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.add_source zone 192.168.1.0/24

salt.modules.firewalld.allow_icmp(zone, icmp, permanent=True)#

Allow a specific ICMP type on a zone

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.allow_icmp zone echo-reply

salt.modules.firewalld.block_icmp(zone, icmp, permanent=True)#

Block a specific ICMP type on a zone

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.block_icmp zone echo-reply

salt.modules.firewalld.default_zone()#

Print default zone for connections and interfaces

CLI Example:

salt '*' firewalld.default_zone

salt.modules.firewalld.delete_service(name, restart=True)#

Delete an existing service

CLI Example:

salt '*' firewalld.delete_service my_service

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.delete_service my_service False

salt.modules.firewalld.delete_zone(zone, restart=True)#

Delete an existing zone

CLI Example:

salt '*' firewalld.delete_zone my_zone

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.delete_zone my_zone False

salt.modules.firewalld.get_icmp_types(permanent=True)#

Print predefined icmptypes

CLI Example:

salt '*' firewalld.get_icmp_types

salt.modules.firewalld.get_interfaces(zone, permanent=True)#

List interfaces bound to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.get_interfaces zone

salt.modules.firewalld.get_masquerade(zone=None, permanent=True)#

Show if masquerading is enabled on a zone. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.get_masquerade zone

salt.modules.firewalld.get_rich_rules(zone, permanent=True)#

List rich rules bound to a zone

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.get_rich_rules zone

salt.modules.firewalld.get_service_ports(service)#

List ports of a service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.get_service_ports zone

salt.modules.firewalld.get_service_protocols(service)#

List protocols of a service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.get_service_protocols zone

salt.modules.firewalld.get_services(permanent=True)#

Print predefined services

CLI Example:

salt '*' firewalld.get_services

salt.modules.firewalld.get_sources(zone, permanent=True)#

List sources bound to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.get_sources zone

salt.modules.firewalld.get_zones(permanent=True)#

Print predefined zones

CLI Example:

salt '*' firewalld.get_zones

salt.modules.firewalld.list_all(zone=None, permanent=True)#

List everything added for or enabled in a zone

CLI Example:

salt '*' firewalld.list_all

List a specific zone

salt '*' firewalld.list_all my_zone

salt.modules.firewalld.list_icmp_block(zone, permanent=True)#

List ICMP blocks on a zone

New in version 2015.8.0.

CLI Example:

salt '*' firewlld.list_icmp_block zone

salt.modules.firewalld.list_port_fwd(zone, permanent=True)#

List port forwarding

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.list_port_fwd public

salt.modules.firewalld.list_ports(zone, permanent=True)#

List all ports in a zone.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.list_ports

salt.modules.firewalld.list_services(zone=None, permanent=True)#

List services added for zone as a space separated list. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.list_services

List a specific zone

salt '*' firewalld.list_services my_zone

salt.modules.firewalld.list_zones(permanent=True)#

List everything added for or enabled in all zones

CLI Example:

salt '*' firewalld.list_zones

salt.modules.firewalld.make_permanent()#

Make current runtime configuration permanent.

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.make_permanent

salt.modules.firewalld.new_service(name, restart=True)#

Add a new service

CLI Example:

salt '*' firewalld.new_service my_service

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.new_service my_service False

salt.modules.firewalld.new_zone(zone, restart=True)#

Add a new zone

CLI Example:

salt '*' firewalld.new_zone my_zone

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.new_zone my_zone False

salt.modules.firewalld.reload_rules()#

Reload the firewall rules, which makes the permanent configuration the new runtime configuration without losing state information.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.reload_rules

salt.modules.firewalld.remove_interface(zone, interface, permanent=True)#

Remove an interface bound to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.remove_interface zone eth0

salt.modules.firewalld.remove_masquerade(zone=None, permanent=True)#

Remove masquerade on a zone. If zone is omitted, default zone will be used.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.remove_masquerade

To remove masquerade on a specific zone

salt '*' firewalld.remove_masquerade dmz

salt.modules.firewalld.remove_port(zone, port, permanent=True)#

Remove a specific port from a zone.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.remove_port internal 443/tcp

salt.modules.firewalld.remove_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True)#

Remove Port Forwarding.

New in version 2015.8.0.

CLI Example:

salt '*' firewalld.remove_port_fwd public 80 443 tcp

salt.modules.firewalld.remove_rich_rule(zone, rule, permanent=True)#

Add a rich rule to a zone

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.remove_rich_rule zone 'rule'

salt.modules.firewalld.remove_service(service, zone=None, permanent=True)#

Remove a service from zone. This option can be specified multiple times. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.remove_service ssh

To remove a service from a specific zone

salt '*' firewalld.remove_service ssh dmz

salt.modules.firewalld.remove_service_port(service, port)#

Remove a port from the specified service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.remove_service_port zone 80

salt.modules.firewalld.remove_service_protocol(service, protocol)#

Remove a protocol from the specified service.

New in version 2016.11.0.

CLI Example:

salt '*' firewalld.remove_service_protocol zone ssh

salt.modules.firewalld.remove_source(zone, source, permanent=True)#

Remove a source bound to a zone

New in version 2016.3.0.

CLI Example:

salt '*' firewalld.remove_source zone 192.168.1.0/24

salt.modules.firewalld.set_default_zone(zone)#

Set default zone

CLI Example:

salt '*' firewalld.set_default_zone damian

salt.modules.firewalld.version()#

Return version from firewall-cmd

CLI Example:

salt '*' firewalld.version

Table of Contents

salt.modules.firewalld#