Saltstack module firewalld 详解

2024-04-02 16:16:16

firewalld.remove_interface

Remove an interface bound to a zone

New in version 2016.3.0

CLI Example:

    salt '*' firewalld.remove_interface zone eth0

firewalld.add_port

Allow specific ports in a zone.

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.add_port internal 443/tcp

force_masquerade
    when a zone is created ensure masquerade is also enabled
    on that zone.

firewalld.make_permanent

Make current runtime configuration permanent.

New in version 2016.3.0

CLI Example:

    salt '*' firewalld.make_permanent

firewalld.get_services

Print predefined services

CLI Example:

    salt '*' firewalld.get_services

firewalld.add_rich_rule

Add a rich rule to a zone

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.add_rich_rule zone 'rule'

firewalld.get_sources

List sources bound to a zone

New in version 2016.3.0

CLI Example:

    salt '*' firewalld.get_sources zone

firewalld.add_masquerade

Enable masquerade on a zone.
If zone is omitted, default zone will be used.

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.add_masquerade

To enable masquerade on a specific zone

    salt '*' firewalld.add_masquerade dmz

firewalld.get_interfaces

List interfaces bound to a zone

New in version 2016.3.0

CLI Example:

    salt '*' firewalld.get_interfaces zone

firewalld.remove_rich_rule

Add a rich rule to a zone

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.remove_rich_rule zone 'rule'

firewalld.get_zones

Print predefined zones

CLI Example:

    salt '*' firewalld.get_zones

firewalld.default_zone

Print default zone for connections and interfaces

CLI Example:

    salt '*' firewalld.default_zone

firewalld.version

Return version from firewall-cmd

CLI Example:

    salt '*' firewalld.version

firewalld.get_service_ports

List ports of a service.

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.get_service_ports zone

firewalld.remove_source

Remove a source bound to a zone

New in version 2016.3.0

CLI Example:

    salt '*' firewalld.remove_source zone 192.168.1.0/24

firewalld.set_default_zone

Set default zone

CLI Example:

    salt '*' firewalld.set_default_zone damian

firewalld.add_source

Bind a source to a zone

New in version 2016.3.0

CLI Example:

    salt '*' firewalld.add_source zone 192.168.1.0/24

firewalld.new_zone

Add a new zone

CLI Example:

    salt '*' firewalld.new_zone my_zone

By default firewalld will be reloaded. However, to avoid reloading
you need to specify the restart as False

    salt '*' firewalld.new_zone my_zone False

firewalld.remove_service_protocol

Remove a protocol from the specified service.

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.remove_service_protocol zone ssh

firewalld.remove_port_fwd

Remove Port Forwarding.

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.remove_port_fwd public 80 443 tcp

firewalld.new_service

Add a new service

CLI Example:

    salt '*' firewalld.new_service my_service

By default firewalld will be reloaded. However, to avoid reloading
you need to specify the restart as False

    salt '*' firewalld.new_service my_service False

firewalld.get_icmp_types

Print predefined icmptypes

CLI Example:

    salt '*' firewalld.get_icmp_types

firewalld.add_interface

Bind an interface to a zone

New in version 2016.3.0

CLI Example:

    salt '*' firewalld.add_interface zone eth0

firewalld.add_service

Add a service for zone. If zone is omitted, default zone will be used.

CLI Example:

    salt '*' firewalld.add_service ssh

To assign a service to a specific zone:

    salt '*' firewalld.add_service ssh my_zone

firewalld.add_port_fwd

Add port forwarding.

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.add_port_fwd public 80 443 tcp

force_masquerade
    when a zone is created ensure masquerade is also enabled
    on that zone.

firewalld.remove_service_port

Remove a port from the specified service.

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.remove_service_port zone 80

firewalld.remove_service

Remove a service from zone. This option can be specified multiple times.
If zone is omitted, default zone will be used.

CLI Example:

    salt '*' firewalld.remove_service ssh

To remove a service from a specific zone

    salt '*' firewalld.remove_service ssh dmz

firewalld.reload_rules

Reload the firewall rules, which makes the permanent configuration the new
runtime configuration without losing state information.

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.reload

firewalld.add_service_protocol

Add a new protocol to the specified service.

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.add_service_protocol zone ssh

firewalld.list_services

List services added for zone as a space separated list.
If zone is omitted, default zone will be used.

CLI Example:

    salt '*' firewalld.list_services

List a specific zone

    salt '*' firewalld.list_services my_zone

firewalld.remove_port

Remove a specific port from a zone.

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.remove_port internal 443/tcp

firewalld.remove_masquerade

Remove masquerade on a zone.
If zone is omitted, default zone will be used.

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.remove_masquerade

To remove masquerade on a specific zone

    salt '*' firewalld.remove_masquerade dmz

firewalld.list_port_fwd

List port forwarding

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.list_port_fwd public

firewalld.get_masquerade

Show if masquerading is enabled on a zone.
If zone is omitted, default zone will be used.

CLI Example:

    salt '*' firewalld.get_masquerade zone

firewalld.list_icmp_block

List ICMP blocks on a zone

New in version 2015.8.0

CLI Example:

    salt '*' firewlld.list_icmp_block zone

firewalld.get_service_protocols

List protocols of a service.

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.get_service_protocols zone

firewalld.delete_zone

Delete an existing zone

CLI Example:

    salt '*' firewalld.delete_zone my_zone

By default firewalld will be reloaded. However, to avoid reloading
you need to specify the restart as False

    salt '*' firewalld.delete_zone my_zone False

firewalld.list_ports

List all ports in a zone.

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.list_ports

firewalld.list_zones

List everything added for or enabled in all zones

CLI Example:

    salt '*' firewalld.list_zones

firewalld.allow_icmp

Allow a specific ICMP type on a zone

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.allow_icmp zone echo-reply

firewalld.delete_service

Delete an existing service

CLI Example:

    salt '*' firewalld.delete_service my_service

By default firewalld will be reloaded. However, to avoid reloading
you need to specify the restart as False

    salt '*' firewalld.delete_service my_service False

firewalld.block_icmp

Block a specific ICMP type on a zone

New in version 2015.8.0

CLI Example:

    salt '*' firewalld.block_icmp zone echo-reply

firewalld.add_service_port

Add a new port to the specified service.

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.add_service_port zone 80

firewalld.list_all

List everything added for or enabled in a zone

CLI Example:

    salt '*' firewalld.list_all

List a specific zone

    salt '*' firewalld.list_all my_zone

firewalld.get_rich_rules

List rich rules bound to a zone

New in version 2016.11.0

CLI Example:

    salt '*' firewalld.get_rich_rules zone
上一篇:Saltstack module environ 详解


下一篇:Saltstack批量部署apache