salt.states.csf module
-
salt.states.csf.nics_skip(name, nics, ipv6) Alias for
csf.nics_skipped
-
salt.states.csf.nics_skipped(name, nics, ipv6=False) - name
- Meaningless arg, but required for state.
- nics
- A list of nics to skip.
- ipv6
- Boolean. Set to true if you want to skip the ipv6 interface. Default false (ipv4).
-
salt.states.csf.option_present(name, value, reload=False) Ensure the state of a particular option/setting in csf.
- name
- The option name in csf.conf
- value
- The value it should be set to.
- reload
- Boolean. If set to true, csf will be reloaded after.
-
salt.states.csf.ports_open(name, ports, proto='tcp', direction='in') Ensure ports are open for a protocol, in a direction. e.g. - proto='tcp', direction='in' would set the values for TCP_IN in the csf.conf file.
- ports
- A list of ports that should be open.
- proto
- The protocol. May be one of 'tcp', 'udp', 'tcp6', or 'udp6'.
- direction
- Choose 'in', 'out', or both to indicate the port should be opened for inbound traffic, outbound traffic, or both.
-
salt.states.csf.rule_absent(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, reload=False) Ensure iptable is not present.
- name
- The ip address or CIDR for the rule.
- method
- The type of rule. Either 'allow' or 'deny'.
- port
- Optional port to be open or closed for the iptables rule.
- proto
- The protocol. Either 'tcp', 'udp'. Only applicable if port is specified.
- direction
- The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.
- port_origin
- Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.
- ip_origin
- Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.
- ttl
- How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.
- reload
- Reload the csf service after applying this rule. Default false.
-
salt.states.csf.rule_present(name, method, port=None, proto='tcp', direction='in', port_origin='d', ip_origin='s', ttl=None, comment='', reload=False) Ensure iptable rule exists.
- name
- The ip address or CIDR for the rule.
- method
- The type of rule. Either 'allow' or 'deny'.
- port
- Optional port to be open or closed for the iptables rule.
- proto
- The protocol. Either 'tcp', or 'udp'. Only applicable if port is specified.
- direction
- The diretion of traffic to apply the rule to. Either 'in', or 'out'. Only applicable if port is specified.
- port_origin
- Specifies either the source or destination port is relevant for this rule. Only applicable if port is specified. Either 's', or 'd'.
- ip_origin
- Specifies whether the ip in this rule refers to the source or destination ip. Either 's', or 'd'. Only applicable if port is specified.
- ttl
- How long the rule should exist. If supplied, csf.tempallow() or csf.tempdeny()` are used.
- comment
- An optional comment to appear after the rule as a #comment .
- reload
- Reload the csf service after applying this rule. Default false.
