Module for configuring Windows Firewall using netsh
New in version 2015.5.0.
Add a new inbound or outbound rule to the firewall policy
Parameters: |
|
---|---|
Returns: |
True if successful |
Return type: | |
Raises: |
|
CLI Example:
salt '*' firewall.add_rule 'test' '8080' 'tcp' salt '*' firewall.add_rule 'test' '1' 'icmpv4' salt '*' firewall.add_rule 'test_remote_ip' '8000' 'tcp' 'allow' 'in' '192.168.0.1'
New in version 2015.8.0.
Delete an existing firewall rule identified by name and optionally by ports, protocols, direction, and remote IP.
Parameters: |
|
---|---|
Returns: |
True if successful |
Return type: | |
Raises: |
|
CLI Example:
# Delete incoming tcp port 8080 in the rule named 'test' salt '*' firewall.delete_rule 'test' '8080' 'tcp' 'in' # Delete the incoming tcp port 8000 from 192.168.0.1 in the rule named # 'test_remote_ip' salt '*' firewall.delete_rule 'test_remote_ip' '8000' 'tcp' 'in' '192.168.0.1' # Delete all rules for local port 80: salt '*' firewall.delete_rule all 80 tcp # Delete a rule called 'allow80': salt '*' firewall.delete_rule allow80
Disable firewall profile
Parameters: |
profile (Optional[str]) -- The name of the profile to disable. Default is
|
---|---|
Returns: | True if successful |
Return type: | bool |
Raises: |
CommandExecutionError -- If the command fails |
CLI Example:
salt '*' firewall.disable
New in version 2015.5.0.
Enable firewall profile
Parameters: |
profile (Optional[str]) -- The name of the profile to enable. Default is
|
---|---|
Returns: | True if successful |
Return type: | bool |
Raises: |
CommandExecutionError -- If the command fails |
CLI Example:
salt '*' firewall.enable
Gets all properties for all profiles in the specified store
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
store (str) -- The store to use. This is either the local firewall policy or the policy defined by local group policy. Valid options are:
Default is |
---|---|
Returns: | A dictionary containing the specified settings for each profile |
Return type: | dict |
CLI Example:
# Get all firewall settings for all profiles salt * firewall.get_all_settings # Get all firewall settings for all profiles as defined by local group # policy salt * firewall.get_all_settings lgpo
Gets all the properties for the specified profile in the specified store
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: | |
---|---|
Returns: |
A dictionary containing the specified settings |
Return type: |
CLI Example:
# Get all firewall settings for connections on the domain profile salt * win_firewall.get_all_settings domain # Get all firewall settings for connections on the domain profile as # defined by local group policy salt * win_firewall.get_all_settings domain lgpo
Get the status of all the firewall profiles
Returns: | A dictionary of all profiles on the system |
---|---|
Return type: | dict |
Raises: |
CommandExecutionError -- If the command fails |
CLI Example:
salt '*' firewall.get_config
New in version 2015.5.0.
Display all matching rules as specified by name
Parameters: |
name (Optional[str]) -- The full name of the rule. all will return all rules. Default is all
|
---|---|
Returns: | A dictionary of all rules or rules that match the name exactly |
Return type: | dict |
Raises: |
CommandExecutionError -- If the command fails |
CLI Example:
salt '*' firewall.get_rule 'MyAppPort'
Get the firewall property from the specified profile in the specified store as returned by netsh advfirewall
.
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: |
A dictionary containing the properties for the specified profile |
Return type: | |
Raises: |
|
CLI Example:
# Get the inbound/outbound firewall settings for connections on the # local domain profile salt * win_firewall.get_settings domain firewallpolicy # Get the inbound/outbound firewall settings for connections on the # domain profile as defined by local group policy salt * win_firewall.get_settings domain firewallpolicy lgpo
New in version 2016.11.6.
Checks if a firewall rule exists in the firewall policy
Parameters: | name (str) -- The name of the rule |
---|---|
Returns: | True if exists, otherwise False |
Return type: | bool |
CLI Example:
# Is there a rule named RemoteDesktop salt '*' firewall.rule_exists RemoteDesktop
Set the firewall inbound/outbound settings for the specified profile and store
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: |
|
Return type: | |
Raises: |
|
CLI Example:
# Set the inbound setting for the domain profile to block inbound # connections salt * firewall.set_firewall_settings domain='domain' inbound='blockinbound' # Set the outbound setting for the domain profile to allow outbound # connections salt * firewall.set_firewall_settings domain='domain' outbound='allowoutbound' # Set inbound/outbound settings for the domain profile in the group # policy to block inbound and allow outbound salt * firewall.set_firewall_settings domain='domain' inbound='blockinbound' outbound='allowoutbound' store='lgpo'
Configure logging settings for the Windows firewall.
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: |
|
Return type: | |
Raises: |
|
CLI Example:
# Log allowed connections and set that in local group policy salt * firewall.set_logging_settings domain allowedconnections enable lgpo # Don't log dropped connections salt * firewall.set_logging_settings profile=private setting=droppedconnections value=disable # Set the location of the log file salt * firewall.set_logging_settings domain filename C:\windows\logs\firewall.log # You can also use environment variables salt * firewall.set_logging_settings domain filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log # Set the max file size of the log to 2048 Kb salt * firewall.set_logging_settings domain maxfilesize 2048
Configure firewall settings.
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: |
|
Return type: | |
Raises: |
|
CLI Example:
# Merge local rules with those distributed through group policy salt * firewall.set_settings domain localfirewallrules enable # Allow remote management of Windows Firewall salt * firewall.set_settings domain remotemanagement enable
Configure the firewall state.
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: |
|
Return type: | |
Raises: |
|
CLI Example:
# Turn the firewall off when the domain profile is active salt * firewall.set_state domain off # Turn the firewall on when the public profile is active and set that in # the local group policy salt * firewall.set_state public on lgpo
© 2019 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_firewall.html