salt.modules.firewalld

Support for firewalld.

2015.2.0 新版功能.

salt.modules.firewalld.add_interface(zone, interface)

Bind an interface to a zone

2016.3.0 新版功能.

CLI Example:

salt '*' firewalld.add_interface zone eth0
salt.modules.firewalld.add_masquerade(zone)

Enable masquerade on a zone.

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.add_masquerade
salt.modules.firewalld.add_port(zone, port, permanent=True)

Allow specific ports in a zone.

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.add_port internal 443/tcp
salt.modules.firewalld.add_port_fwd(zone, src, dest, proto='tcp', dstaddr='')

Add port forwarding.

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.add_port_fwd public 80 443 tcp
salt.modules.firewalld.add_service(name, zone=None, permanent=True)

Add a service for zone. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.add_service ssh

To assign a service to a specific zone:

salt '*' firewalld.add_service ssh my_zone
salt.modules.firewalld.add_source(zone, source)

Bind a source to a zone

2016.3.0 新版功能.

CLI Example:

salt '*' firewalld.add_source zone 192.168.1.0/24
salt.modules.firewalld.allow_icmp(zone, icmp)

Allow a specific ICMP type on a zone

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.allow_icmp zone echo-reply
salt.modules.firewalld.block_icmp(zone, icmp)

Block a specific ICMP type on a zone

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.block_icmp zone echo-reply
salt.modules.firewalld.default_zone()

Print default zone for connections and interfaces

CLI Example:

salt '*' firewalld.default_zone
salt.modules.firewalld.delete_service(name, restart=True)

Delete an existing service

CLI Example:

salt '*' firewalld.delete_service my_service

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.delete_service my_service False
salt.modules.firewalld.delete_zone(zone, restart=True)

Delete an existing zone

CLI Example:

salt '*' firewalld.delete_zone my_zone

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.delete_zone my_zone False
salt.modules.firewalld.get_icmp_types()

Print predefined icmptypes

CLI Example:

salt '*' firewalld.get_icmp_types
salt.modules.firewalld.get_interfaces(zone)

List interfaces bound to a zone

2016.3.0 新版功能.

CLI Example:

salt '*' firewalld.get_interfaces zone
salt.modules.firewalld.get_masquerade(zone)

Show if masquerading is enabled on a zone

CLI Example:

salt '*' firewalld.get_masquerade zone
salt.modules.firewalld.get_services()

Print predefined services

CLI Example:

salt '*' firewalld.get_services
salt.modules.firewalld.get_sources(zone)

List sources bound to a zone

2016.3.0 新版功能.

CLI Example:

salt '*' firewalld.get_sources zone
salt.modules.firewalld.get_zones()

Print predefined zones

CLI Example:

salt '*' firewalld.get_zones
salt.modules.firewalld.list_all(zone=None)

List everything added for or enabled in a zone

CLI Example:

salt '*' firewalld.list_all

List a specific zone

salt '*' firewalld.list_all my_zone
salt.modules.firewalld.list_icmp_block(zone)

List ICMP blocks on a zone

2015.8.0 新版功能.

CLI Example:

salt '*' firewlld.list_icmp_block zone
salt.modules.firewalld.list_port_fwd(zone)

List port forwarding

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.list_port_fwd public
salt.modules.firewalld.list_ports(zone)

List all ports in a zone.

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.list_ports
salt.modules.firewalld.list_services(zone=None)

List services added for zone as a space separated list. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.list_services

List a specific zone

salt '*' firewalld.list_services my_zone
salt.modules.firewalld.list_zones()

List everything added for or enabled in all zones

CLI Example:

salt '*' firewalld.list_zones
salt.modules.firewalld.make_permanent()

Make current runtime configuration permanent.

2016.3.0 新版功能.

CLI Example:

salt '*' firewalld.make_permanent
salt.modules.firewalld.new_service(name, restart=True)

Add a new service

CLI Example:

salt '*' firewalld.new_service my_service

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.new_service my_service False
salt.modules.firewalld.new_zone(zone, restart=True)

Add a new zone

CLI Example:

salt '*' firewalld.new_zone my_zone

By default firewalld will be reloaded. However, to avoid reloading you need to specify the restart as False

salt '*' firewalld.new_zone my_zone False
salt.modules.firewalld.remove_interface(zone, interface)

Remove an interface bound to a zone

2016.3.0 新版功能.

CLI Example:

salt '*' firewalld.remove_interface zone eth0
salt.modules.firewalld.remove_masquerade(zone)

Remove masquerade on a zone.

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.remove_masquerade
salt.modules.firewalld.remove_port(zone, port, permanent=True)

Remove a specific port from a zone.

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.remove_port internal 443/tcp
salt.modules.firewalld.remove_port_fwd(zone, src, dest, proto='tcp')

Remove Port Forwarding.

2015.8.0 新版功能.

CLI Example:

salt '*' firewalld.remove_port_fwd public 80 443 tcp
salt.modules.firewalld.remove_service(name, zone=None, permanent=True)

Remove a service from zone. This option can be specified multiple times. If zone is omitted, default zone will be used.

CLI Example:

salt '*' firewalld.remove_service ssh

To remove a service from a specific zone

salt '*' firewalld.remove_service ssh dmz
salt.modules.firewalld.remove_source(zone, source)

Remove a source bound to a zone

2016.3.0 新版功能.

CLI Example:

salt '*' firewalld.remove_source zone 192.168.1.0/24
salt.modules.firewalld.set_default_zone(zone)

Set default zone

CLI Example:

salt '*' firewalld.set_default_zone damian
salt.modules.firewalld.version()

Return version from firewall-cmd

CLI Example:

salt '*' firewalld.version