salt.states.win_firewall

State for configuring Windows Firewall

salt.states.win_firewall.add_rule(name, localport, protocol='tcp', action='allow', dir='in', remoteip='any')

Add a new inbound or outbound rule to the firewall policy

Parameters
  • name (str) -- The name of the rule. Must be unique and cannot be "all". Required.

  • localport (int) -- The port the rule applies to. Must be a number between 0 and 65535. Can be a range. Can specify multiple ports separated by commas. Required.

  • protocol (Optional[str]) --

    The protocol. Can be any of the following:

    • A number between 0 and 255

    • icmpv4

    • icmpv6

    • tcp

    • udp

    • any

  • action (Optional[str]) --

    The action the rule performs. Can be any of the following:

    • allow

    • block

    • bypass

  • dir (Optional[str]) -- The direction. Can be in or out.

  • remoteip (Optional [str]) --

    The remote IP. Can be any of the following:

    • any

    • localsubnet

    • dns

    • dhcp

    • wins

    • defaultgateway

    • Any valid IPv4 address (192.168.0.12)

    • Any valid IPv6 address (2002:9b3b:1a31:4:208:74ff:fe39:6c43)

    • Any valid subnet (192.168.1.0/24)

    • Any valid range of IP addresses (192.168.0.1-192.168.0.12)

    • A list of valid IP addresses

    Can be combinations of the above separated by commas.

    New in version 2016.11.6.

Example:

open_smb_port:
  win_firewall.add_rule:
    - name: SMB (445)
    - localport: 445
    - protocol: tcp
    - action: allow
salt.states.win_firewall.delete_rule(name, localport=None, protocol=None, dir=None, remoteip=None)

Delete an existing firewall rule identified by name and optionally by ports, protocols, direction, and remote IP.

New in version Neon.

Parameters
  • name (str) -- The name of the rule to delete. If the name all is used you must specify additional parameters.

  • localport (Optional[str]) -- The port of the rule. If protocol is not specified, protocol will be set to tcp

  • protocol (Optional[str]) -- The protocol of the rule. Default is tcp when localport is specified

  • dir (Optional[str]) -- The direction of the rule.

  • remoteip (Optional[str]) -- The remote IP of the rule.

Example:

delete_smb_port_rule:
  win_firewall.delete_rule:
    - name: SMB (445)
salt.states.win_firewall.disabled(name='allprofiles')

Disable all the firewall profiles (Windows only)

Parameters

profile (Optional[str]) --

The name of the profile to disable. Default is allprofiles. Valid options are:

  • allprofiles

  • domainprofile

  • privateprofile

  • publicprofile

Example:

# To disable the domain profile
disable_domain:
  win_firewall.disabled:
    - name: domainprofile

# To disable all profiles
disable_all:
  win_firewall.disabled:
    - name: allprofiles
salt.states.win_firewall.enabled(name='allprofiles')

Enable all the firewall profiles (Windows only)

Parameters

profile (Optional[str]) --

The name of the profile to enable. Default is allprofiles. Valid options are:

  • allprofiles

  • domainprofile

  • privateprofile

  • publicprofile

Example:

# To enable the domain profile
enable_domain:
  win_firewall.enabled:
    - name: domainprofile

# To enable all profiles
enable_all:
  win_firewall.enabled:
    - name: allprofiles