W3cubDocs

/SaltStack

salt.states.win_firewall

State for configuring Windows Firewall

salt.states.win_firewall.add_rule(name, localport, protocol='tcp', action='allow', dir='in', remoteip='any')

Add a new inbound or outbound rule to the firewall policy

Parameters:

Parameters:	name (str) -- The name of the rule. Must be unique and cannot be "all". Required. localport (int) -- The port the rule applies to. Must be a number between 0 and 65535. Can be a range. Can specify multiple ports separated by commas. Required. protocol (Optional[str]) -- The protocol. Can be any of the following: A number between 0 and 255 icmpv4 icmpv6 tcp udp any action (Optional[str]) -- The action the rule performs. Can be any of the following: allow block bypass dir (Optional[str]) -- The direction. Can be `in` or `out`. remoteip (Optional [str]) -- The remote IP. Can be any of the following: any localsubnet dns dhcp wins defaultgateway Any valid IPv4 address (192.168.0.12) Any valid IPv6 address (2002:9b3b:1a31:4:208:74ff:fe39:6c43) Any valid subnet (192.168.1.0/24) Any valid range of IP addresses (192.168.0.1-192.168.0.12) A list of valid IP addresses Can be combinations of the above separated by commas. New in version 2016.11.6.

name (str) -- The name of the rule. Must be unique and cannot be "all". Required.
localport (int) -- The port the rule applies to. Must be a number between 0 and 65535. Can be a range. Can specify multiple ports separated by commas. Required.
protocol (Optional[str]) --
The protocol. Can be any of the following:
- A number between 0 and 255
- icmpv4
- icmpv6
- tcp
- udp
- any
action (Optional[str]) --
The action the rule performs. Can be any of the following:
- allow
- block
- bypass
dir (Optional[str]) -- The direction. Can be in or out.
remoteip (Optional [str]) --
The remote IP. Can be any of the following:
- any
- localsubnet
- dns
- dhcp
- wins
- defaultgateway
- Any valid IPv4 address (192.168.0.12)
- Any valid IPv6 address (2002:9b3b:1a31:4:208:74ff:fe39:6c43)
- Any valid subnet (192.168.1.0/24)
- Any valid range of IP addresses (192.168.0.1-192.168.0.12)
- A list of valid IP addresses
Can be combinations of the above separated by commas.

New in version 2016.11.6.

Example:

open_smb_port:
  win_firewall.add_rule:
    - name: SMB (445)
    - localport: 445
    - protocol: tcp
    - action: allow

salt.states.win_firewall.disabled(name='allprofiles')

Disable all the firewall profiles (Windows only)

Parameters:

Parameters:	profile (Optional[str]) -- The name of the profile to disable. Default is `allprofiles`. Valid options are: allprofiles domainprofile privateprofile publicprofile

profile (Optional[str]) --

The name of the profile to disable. Default is allprofiles. Valid options are:

allprofiles
domainprofile
privateprofile
publicprofile

Example:

# To disable the domain profile
disable_domain:
  win_firewall.disabled:
    - name: domainprofile

# To disable all profiles
disable_all:
  win_firewall.disabled:
    - name: allprofiles

salt.states.win_firewall.enabled(name='allprofiles')

Enable all the firewall profiles (Windows only)

Parameters:

Parameters:	profile (Optional[str]) -- The name of the profile to enable. Default is `allprofiles`. Valid options are: allprofiles domainprofile privateprofile publicprofile

profile (Optional[str]) --

The name of the profile to enable. Default is allprofiles. Valid options are:

allprofiles
domainprofile
privateprofile
publicprofile

Example:

# To enable the domain profile
enable_domain:
  win_firewall.enabled:
    - name: domainprofile

# To enable all profiles
enable_all:
  win_firewall.enabled:
    - name: allprofiles

© 2019 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.win_firewall.html