salt.states.csf¶
CSF Ip tables management¶
- depends:
csf utility
- configuration:
See http://download.configserver.com/csf/install.txt for setup instructions.
Simply allow/deny rules:
csf.rule_present:
ip: 1.2.3.4
method: allow
- salt.states.csf.nics_skip(name, nics, ipv6)¶
Alias for
csf.nics_skipped
- salt.states.csf.nics_skipped(name, nics, ipv6=False)¶
- name
Meaningless arg, but required for state.
- nics
A list of nics to skip.
- ipv6
Boolean. Set to true if you want to skip the ipv6 interface. Default false (ipv4).
- salt.states.csf.option_present(name, value, reload=False)¶
Ensure the state of a particular option/setting in csf.
- name
The option name in csf.conf
- value
The value it should be set to.
- reload
Boolean. If set to true, csf will be reloaded after.
- salt.states.csf.ports_open(name, ports, proto='tcp', direction='in')¶
Ensure ports are open for a protocol, in a direction. e.g. - proto='tcp', direction='in' would set the values for TCP_IN in the csf.conf file.
- ports
A list of ports that should be open.
- proto
The protocol. May be one of 'tcp', 'udp', 'tcp6', or 'udp6'.
- direction
Choose 'in', 'out', or both to indicate the port should be opened for inbound traffic, outbound traffic, or both.
- salt.states.csf.rule_absent(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, reload=False)¶
Ensure iptable is not present.
- name
The ip address or CIDR for the rule.
- method
The type of rule. Either 'allow' or 'deny'.
- port
Optional port to be open or closed for the iptables rule.
- proto
The protocol. Either 'tcp', 'udp'. Only applicable if port is specified.
- direction
The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.
- port_origin
Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.
- ip_origin
Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.
- ttl
How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.
- reload
Reload the csf service after applying this rule. Default false.
- salt.states.csf.rule_present(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, comment='', reload=False)¶
Ensure iptable rule exists.
- name
The ip address or CIDR for the rule.
- method
The type of rule. Either 'allow' or 'deny'.
- port
Optional port to be open or closed for the iptables rule.
- proto
The protocol. Either 'tcp', or 'udp'. Only applicable if port is specified.
- direction
The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.
- port_origin
Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.
- ip_origin
Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.
- ttl
How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.
- comment
An optional comment to appear after the rule as a #comment .
- reload
Reload the csf service after applying this rule. Default false.
- salt.states.csf.testing_off(name, reload=False)¶
Ensure testing mode is enabled in csf.
- reload
Reload CSF after changing the testing status. Default false.
- salt.states.csf.testing_on(name, reload=False)¶
Ensure testing mode is enabled in csf.
- reload
Reload CSF after changing the testing status. Default false.
