salt.states.csf module

CSF Ip tables management

depends:
  • csf utility
configuration:

See http://download.configserver.com/csf/install.txt for setup instructions.

Simply allow/deny rules:
  csf.rule_present:
    ip: 1.2.3.4
    method: allow
salt.states.csf.nics_skip(name, nics, ipv6)

Alias for csf.nics_skipped

salt.states.csf.nics_skipped(name, nics, ipv6=False)
name
Meaningless arg, but required for state.
nics
A list of nics to skip.
ipv6
Boolean. Set to true if you want to skip the ipv6 interface. Default false (ipv4).
salt.states.csf.option_present(name, value, reload=False)

Ensure the state of a particular option/setting in csf.

name
The option name in csf.conf
value
The value it should be set to.
reload
Boolean. If set to true, csf will be reloaded after.
salt.states.csf.ports_open(name, ports, proto='tcp', direction='in')

Ensure ports are open for a protocol, in a direction. e.g. - proto='tcp', direction='in' would set the values for TCP_IN in the csf.conf file.

ports
A list of ports that should be open.
proto
The protocol. May be one of 'tcp', 'udp', 'tcp6', or 'udp6'.
direction
Choose 'in', 'out', or both to indicate the port should be opened for inbound traffic, outbound traffic, or both.
salt.states.csf.rule_absent(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, reload=False)

Ensure iptable is not present.

name
The ip address or CIDR for the rule.
method
The type of rule. Either 'allow' or 'deny'.
port
Optional port to be open or closed for the iptables rule.
proto
The protocol. Either 'tcp', 'udp'. Only applicable if port is specified.
direction
The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.
port_origin
Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.
ip_origin
Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.
ttl
How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.
reload
Reload the csf service after applying this rule. Default false.
salt.states.csf.rule_present(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, comment='', reload=False)

Ensure iptable rule exists.

name
The ip address or CIDR for the rule.
method
The type of rule. Either 'allow' or 'deny'.
port
Optional port to be open or closed for the iptables rule.
proto
The protocol. Either 'tcp', or 'udp'. Only applicable if port is specified.
direction
The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.
port_origin
Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.
ip_origin
Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.
ttl
How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.
comment
An optional comment to appear after the rule as a #comment .
reload
Reload the csf service after applying this rule. Default false.
salt.states.csf.testing_off(name, reload=False)

Ensure testing mode is enabled in csf.

reload
Reload CSF after changing the testing status. Default false.
salt.states.csf.testing_on(name, reload=False)

Ensure testing mode is enabled in csf.

reload
Reload CSF after changing the testing status. Default false.