salt.states.firewalld

Management of firewalld

2015.8.0 新版功能.

The following example applies changes to the public zone, blocks echo-reply and echo-request packets, does not set the zone to be the default, enables masquerading, and allows ports 22/tcp and 25/tcp.

public:
  firewalld.present:
    - name: public
    - block_icmp:
      - echo-reply
      - echo-request
    - default: False
    - masquerade: True
    - ports:
      - 22/tcp
      - 25/tcp

The following example applies changes to the public zone, enables masquerading and configures port forwarding TCP traffic from port 22 to 2222, and forwards TCP traffic from port 80 to 443 at 192.168.0.1.

my_zone:
  firewalld.present:
    - name: public
    - masquerade: True
    - port_fwd:
      - 22:2222:tcp
      - 80:443:tcp:192.168.0.1

The following example binds the public zone to interface eth0 and to all packets coming from the 192.168.1.0/24 subnet. It also removes the zone from all other interfaces or sources.

public:
  firewalld.bind:
    - name: public
    - interfaces:
      - eth0
    - sources:
      - 192.168.1.0/24
salt.states.firewalld.bind(name, interfaces=None, sources=None)

Ensure a zone is bound to specific interfaces or sources.

2016.3.0 新版功能.

注解

This state does not enforce the existence of the zone. To ensure that the zone exists, use firewalld.present.

salt.states.firewalld.present(name, block_icmp=None, default=None, masquerade=False, ports=None, port_fwd=None, services=None)

Ensure a zone has specific attributes.