salt.states.csf

CSF Ip tables management

depends:
  • csf utility

configuration:

See http://download.configserver.com/csf/install.txt for setup instructions.

Simply allow/deny rules:
  csf.rule_present:
    ip: 1.2.3.4
    method: allow
salt.states.csf.nics_skip(name, nics, ipv6)

Alias for csf.nics_skipped

salt.states.csf.nics_skipped(name, nics, ipv6=False)
name

Meaningless arg, but required for state.

nics

A list of nics to skip.

ipv6

Boolean. Set to true if you want to skip the ipv6 interface. Default false (ipv4).

salt.states.csf.option_present(name, value, reload=False)

Ensure the state of a particular option/setting in csf.

name

The option name in csf.conf

value

The value it should be set to.

reload

Boolean. If set to true, csf will be reloaded after.

salt.states.csf.ports_open(name, ports, proto='tcp', direction='in')

Ensure ports are open for a protocol, in a direction. e.g. - proto='tcp', direction='in' would set the values for TCP_IN in the csf.conf file.

ports

A list of ports that should be open.

proto

The protocol. May be one of 'tcp', 'udp', 'tcp6', or 'udp6'.

direction

Choose 'in', 'out', or both to indicate the port should be opened for inbound traffic, outbound traffic, or both.

salt.states.csf.rule_absent(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, reload=False)

Ensure iptable is not present.

name

The ip address or CIDR for the rule.

method

The type of rule. Either 'allow' or 'deny'.

port

Optional port to be open or closed for the iptables rule.

proto

The protocol. Either 'tcp', 'udp'. Only applicable if port is specified.

direction

The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.

port_origin

Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.

ip_origin

Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.

ttl

How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.

reload

Reload the csf service after applying this rule. Default false.

salt.states.csf.rule_present(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, comment='', reload=False)

Ensure iptable rule exists.

name

The ip address or CIDR for the rule.

method

The type of rule. Either 'allow' or 'deny'.

port

Optional port to be open or closed for the iptables rule.

proto

The protocol. Either 'tcp', or 'udp'. Only applicable if port is specified.

direction

The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.

port_origin

Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.

ip_origin

Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.

ttl

How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.

comment

An optional comment to appear after the rule as a #comment .

reload

Reload the csf service after applying this rule. Default false.

salt.states.csf.testing_off(name, reload=False)

Ensure testing mode is enabled in csf.

reload

Reload CSF after changing the testing status. Default false.

salt.states.csf.testing_on(name, reload=False)

Ensure testing mode is enabled in csf.

reload

Reload CSF after changing the testing status. Default false.