salt.modules.win_firewall

Module for configuring Windows Firewall using netsh

salt.modules.win_firewall.add_rule(name, localport, protocol='tcp', action='allow', dir='in', remoteip='any')

New in version 2015.5.0.

Add a new inbound or outbound rule to the firewall policy

Parameters:
  • name (str) -- The name of the rule. Must be unique and cannot be "all". Required.
  • localport (int) -- The port the rule applies to. Must be a number between 0 and 65535. Can be a range. Can specify multiple ports separated by commas. Required.
  • protocol (Optional[str]) --

    The protocol. Can be any of the following:

    • A number between 0 and 255
    • icmpv4
    • icmpv6
    • tcp
    • udp
    • any
  • action (Optional[str]) --

    The action the rule performs. Can be any of the following:

    • allow
    • block
    • bypass
  • dir (Optional[str]) -- The direction. Can be in or out.
  • remoteip (Optional [str]) --

    The remote IP. Can be any of the following:

    • any
    • localsubnet
    • dns
    • dhcp
    • wins
    • defaultgateway
    • Any valid IPv4 address (192.168.0.12)
    • Any valid IPv6 address (2002:9b3b:1a31:4:208:74ff:fe39:6c43)
    • Any valid subnet (192.168.1.0/24)
    • Any valid range of IP addresses (192.168.0.1-192.168.0.12)
    • A list of valid IP addresses

    Can be combinations of the above separated by commas.
Returns:

True if successful
Return type:

bool
Raises:

CommandExecutionError -- If the command fails

CLI Example:

salt '*' firewall.add_rule 'test' '8080' 'tcp'
salt '*' firewall.add_rule 'test' '1' 'icmpv4'
salt '*' firewall.add_rule 'test_remote_ip' '8000' 'tcp' 'allow' 'in' '192.168.0.1'
salt.modules.win_firewall.delete_rule(name=None, localport=None, protocol=None, dir=None, remoteip=None)

New in version 2015.8.0.

Delete an existing firewall rule identified by name and optionally by ports, protocols, direction, and remote IP.

Parameters:
  • name (str) -- The name of the rule to delete. If the name all is used you must specify additional parameters.
  • localport (Optional[str]) -- The port of the rule. If protocol is not specified, protocol will be set to tcp
  • protocol (Optional[str]) -- The protocol of the rule. Default is tcp when localport is specified
  • dir (Optional[str]) -- The direction of the rule.
  • remoteip (Optional[str]) -- The remote IP of the rule.
Returns:

True if successful
Return type:

bool
Raises:

CommandExecutionError -- If the command fails

CLI Example:

# Delete incoming tcp port 8080 in the rule named 'test'
salt '*' firewall.delete_rule 'test' '8080' 'tcp' 'in'

# Delete the incoming tcp port 8000 from 192.168.0.1 in the rule named
# 'test_remote_ip`
salt '*' firewall.delete_rule 'test_remote_ip' '8000' 'tcp' 'in' '192.168.0.1'

# Delete all rules for local port 80:
salt '*' firewall.delete_rule all 80 tcp

# Delete a rule called 'allow80':
salt '*' firewall.delete_rule allow80
salt.modules.win_firewall.disable(profile='allprofiles')

Disable firewall profile

Parameters:profile (Optional[str]) --

The name of the profile to disable. Default is allprofiles. Valid options are:

  • allprofiles
  • domainprofile
  • privateprofile
  • publicprofile
Returns:True if successful
Return type:bool
Raises:CommandExecutionError -- If the command fails

CLI Example:

salt '*' firewall.disable
salt.modules.win_firewall.enable(profile='allprofiles')

New in version 2015.5.0.

Enable firewall profile

Parameters:profile (Optional[str]) --

The name of the profile to enable. Default is allprofiles. Valid options are:

  • allprofiles
  • domainprofile
  • privateprofile
  • publicprofile
Returns:True if successful
Return type:bool
Raises:CommandExecutionError -- If the command fails

CLI Example:

salt '*' firewall.enable
salt.modules.win_firewall.get_config()

Get the status of all the firewall profiles

Returns:A dictionary of all profiles on the system
Return type:dict
Raises:CommandExecutionError -- If the command fails

CLI Example:

salt '*' firewall.get_config
salt.modules.win_firewall.get_rule(name='all')

New in version 2015.5.0.

Display all matching rules as specified by name

Parameters:name (Optional[str]) -- The full name of the rule. all will return all rules. Default is all
Returns:A dictionary of all rules or rules that match the name exactly
Return type:dict
Raises:CommandExecutionError -- If the command fails

CLI Example:

salt '*' firewall.get_rule 'MyAppPort'
salt.modules.win_firewall.rule_exists(name)

New in version 2016.11.6.

Checks if a firewall rule exists in the firewall policy

Parameters:name (str) -- The name of the rule
Returns:True if exists, otherwise False
Return type:bool

CLI Example:

# Is there a rule named RemoteDesktop
salt '*' firewall.rule_exists RemoteDesktop

Generated on April 03, 2018 at 06:37:10 MDT.

You are viewing docs for the previous stable release, 2016.11.9. Switch to docs for the latest stable release, 2017.7.4, or to a recent doc build from the develop branch.


saltstack.com

© 2018 SaltStack. All Rights Reserved, SaltStack Inc. | Privacy Policy