salt.states.win_firewall

State for configuring Windows Firewall

salt.states.win_firewall.add_rule(name, localport, protocol=u'tcp', action=u'allow', dir=u'in', remoteip=u'any')

Add a new inbound or outbound rule to the firewall policy

Parameters:
  • name (str) -- The name of the rule. Must be unique and cannot be "all". Required.
  • localport (int) -- The port the rule applies to. Must be a number between 0 and 65535. Can be a range. Can specify multiple ports separated by commas. Required.
  • protocol (Optional[str]) --

    The protocol. Can be any of the following:

    • A number between 0 and 255
    • icmpv4
    • icmpv6
    • tcp
    • udp
    • any
  • action (Optional[str]) --

    The action the rule performs. Can be any of the following:

    • allow
    • block
    • bypass
  • dir (Optional[str]) -- The direction. Can be in or out.
  • remoteip (Optional [str]) --

    The remote IP. Can be any of the following:

    • any
    • localsubnet
    • dns
    • dhcp
    • wins
    • defaultgateway
    • Any valid IPv4 address (192.168.0.12)
    • Any valid IPv6 address (2002:9b3b:1a31:4:208:74ff:fe39:6c43)
    • Any valid subnet (192.168.1.0/24)
    • Any valid range of IP addresses (192.168.0.1-192.168.0.12)
    • A list of valid IP addresses

    Can be combinations of the above separated by commas.

    New in version 2016.11.6.

Example:

open_smb_port:
  win_firewall.add_rule:
    - name: SMB (445)
    - localport: 445
    - protocol: tcp
    - action: allow
salt.states.win_firewall.disabled(name=u'allprofiles')

Disable all the firewall profiles (Windows only)

Parameters:profile (Optional[str]) --

The name of the profile to disable. Default is allprofiles. Valid options are:

  • allprofiles
  • domainprofile
  • privateprofile
  • publicprofile

Example:

# To disable the domain profile
disable_domain:
  win_firewall.disabled:
    - name: domainprofile

# To disable all profiles
disable_all:
  win_firewall.disabled:
    - name: allprofiles
salt.states.win_firewall.enabled(name=u'allprofiles')

Enable all the firewall profiles (Windows only)

Parameters:profile (Optional[str]) --

The name of the profile to enable. Default is allprofiles. Valid options are:

  • allprofiles
  • domainprofile
  • privateprofile
  • publicprofile

Example:

# To enable the domain profile
enable_domain:
  win_firewall.enabled:
    - name: domainprofile

# To enable all profiles
enable_all:
  win_firewall.enabled:
    - name: allprofiles