salt.modules.csf

Support for Config Server Firewall (CSF)

maintainer:Mostafa Hussein <mostafa.hussein91@gmail.com>
maturity:new
platform:Linux
salt.modules.csf.allow(ip, port=None, proto=u'tcp', direction=u'in', port_origin=u'd', ip_origin=u's', ttl=None, comment=u'')

Add an rule to csf allowed hosts See _access_rule(). 1- Add an IP: CLI Example:

salt '*' csf.allow 127.0.0.1
salt '*' csf.allow 127.0.0.1 comment="Allow localhost"
salt.modules.csf.allow_port(port, proto=u'tcp', direction=u'both')

Like allow_ports, but it will append to the existing entry instead of replacing it. Takes a single port instead of a list of ports.

CLI Example:

salt '*' csf.allow_port 22 proto='tcp' direction='in'
salt.modules.csf.allow_ports(ports, proto=u'tcp', direction=u'in')

Fully replace the incoming or outgoing ports line in the csf.conf file - e.g. TCP_IN, TCP_OUT, UDP_IN, UDP_OUT, etc.

CLI Example:

salt '*' csf.allow_ports ports="[22,80,443,4505,4506]" proto='tcp' direction='in'
salt.modules.csf.deny(ip, port=None, proto=u'tcp', direction=u'in', port_origin=u'd', ip_origin=u'd', ttl=None, comment=u'')

Add an rule to csf denied hosts See _access_rule(). 1- Deny an IP: CLI Example:

salt '*' csf.deny 127.0.0.1
salt '*' csf.deny 127.0.0.1 comment="Too localhosty"
salt.modules.csf.disable()

Disable csf permanently CLI Example:

salt '*' csf.disable
salt.modules.csf.enable()

Activate csf if not running CLI Example:

salt '*' csf.enable
salt.modules.csf.exists(method, ip, port=None, proto=u'tcp', direction=u'in', port_origin=u'd', ip_origin=u'd', ttl=None, comment=u'')

Returns true a rule for the ip already exists based on the method supplied. Returns false if not found. CLI Example:

salt '*' csf.exists allow 1.2.3.4
salt '*' csf.exists tempdeny 1.2.3.4
salt.modules.csf.get_ports(proto=u'tcp', direction=u'in')

Lists ports from csf.conf based on direction and protocol. e.g. - TCP_IN, TCP_OUT, UDP_IN, UDP_OUT, etc..

CLI Example:

salt '*' csf.allow_port 22 proto='tcp' direction='in'
salt.modules.csf.reload()

Restart csf CLI Example:

salt '*' csf.reload
salt.modules.csf.running()

Check csf status CLI Example:

salt '*' csf.running
salt.modules.csf.tempallow(ip=None, ttl=None, port=None, direction=None, comment=u'')

Add an rule to the temporary ip allow list. See _access_rule(). 1- Add an IP: CLI Example:

salt '*' csf.tempallow 127.0.0.1 3600 port=22 direction='in' comment='# Temp dev ssh access'
salt.modules.csf.tempdeny(ip=None, ttl=None, port=None, direction=None, comment=u'')

Add a rule to the temporary ip deny list. See _access_rule(). 1- Add an IP: CLI Example:

salt '*' csf.tempdeny 127.0.0.1 300 port=22 direction='in' comment='# Brute force attempt'
salt.modules.csf.unallow(ip)

Remove a rule from the csf denied hosts See _access_rule(). 1- Deny an IP: CLI Example:

salt '*' csf.unallow 127.0.0.1
salt.modules.csf.undeny(ip)

Remove a rule from the csf denied hosts See _access_rule(). 1- Deny an IP: CLI Example:

salt '*' csf.undeny 127.0.0.1