Module for configuring Windows Firewall using netsh
salt.modules.win_firewall.
add_rule
(name, localport, protocol='tcp', action='allow', dir='in', remoteip='any')¶New in version 2015.5.0.
Add a new inbound or outbound rule to the firewall policy
Parameters: |
|
---|---|
Returns: | True if successful |
Return type: | |
Raises: |
|
CLI Example:
salt '*' firewall.add_rule 'test' '8080' 'tcp'
salt '*' firewall.add_rule 'test' '1' 'icmpv4'
salt '*' firewall.add_rule 'test_remote_ip' '8000' 'tcp' 'allow' 'in' '192.168.0.1'
salt.modules.win_firewall.
delete_rule
(name=None, localport=None, protocol=None, dir=None, remoteip=None)¶New in version 2015.8.0.
Delete an existing firewall rule identified by name and optionally by ports, protocols, direction, and remote IP.
Parameters: |
|
---|---|
Returns: | True if successful |
Return type: | |
Raises: |
|
CLI Example:
# Delete incoming tcp port 8080 in the rule named 'test'
salt '*' firewall.delete_rule 'test' '8080' 'tcp' 'in'
# Delete the incoming tcp port 8000 from 192.168.0.1 in the rule named
# 'test_remote_ip'
salt '*' firewall.delete_rule 'test_remote_ip' '8000' 'tcp' 'in' '192.168.0.1'
# Delete all rules for local port 80:
salt '*' firewall.delete_rule all 80 tcp
# Delete a rule called 'allow80':
salt '*' firewall.delete_rule allow80
salt.modules.win_firewall.
disable
(profile='allprofiles')¶Disable firewall profile
Parameters: | profile (Optional[str]) -- The name of the profile to disable. Default is
|
---|---|
Returns: | True if successful |
Return type: | bool |
Raises: | CommandExecutionError -- If the command fails |
CLI Example:
salt '*' firewall.disable
salt.modules.win_firewall.
enable
(profile='allprofiles')¶New in version 2015.5.0.
Enable firewall profile
Parameters: | profile (Optional[str]) -- The name of the profile to enable. Default is
|
---|---|
Returns: | True if successful |
Return type: | bool |
Raises: | CommandExecutionError -- If the command fails |
CLI Example:
salt '*' firewall.enable
salt.modules.win_firewall.
get_all_profiles
(store='local')¶Gets all properties for all profiles in the specified store
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: | store (str) -- The store to use. This is either the local firewall policy or the policy defined by local group policy. Valid options are:
Default is |
---|---|
Returns: | A dictionary containing the specified settings for each profile |
Return type: | dict |
CLI Example:
# Get all firewall settings for all profiles
salt * firewall.get_all_settings
# Get all firewall settings for all profiles as defined by local group
# policy
salt * firewall.get_all_settings lgpo
salt.modules.win_firewall.
get_all_settings
(domain, store='local')¶Gets all the properties for the specified profile in the specified store
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: | |
---|---|
Returns: | A dictionary containing the specified settings |
Return type: |
CLI Example:
# Get all firewall settings for connections on the domain profile
salt * win_firewall.get_all_settings domain
# Get all firewall settings for connections on the domain profile as
# defined by local group policy
salt * win_firewall.get_all_settings domain lgpo
salt.modules.win_firewall.
get_config
()¶Get the status of all the firewall profiles
Returns: | A dictionary of all profiles on the system |
---|---|
Return type: | dict |
Raises: | CommandExecutionError -- If the command fails |
CLI Example:
salt '*' firewall.get_config
salt.modules.win_firewall.
get_rule
(name='all')¶New in version 2015.5.0.
Display all matching rules as specified by name
Parameters: | name (Optional[str]) -- The full name of the rule. all will return all
rules. Default is all |
---|---|
Returns: | A dictionary of all rules or rules that match the name exactly |
Return type: | dict |
Raises: | CommandExecutionError -- If the command fails |
CLI Example:
salt '*' firewall.get_rule 'MyAppPort'
salt.modules.win_firewall.
get_settings
(profile, section, store='local')¶Get the firewall property from the specified profile in the specified store
as returned by netsh advfirewall
.
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: | A dictionary containing the properties for the specified profile |
Return type: | |
Raises: |
|
CLI Example:
# Get the inbound/outbound firewall settings for connections on the
# local domain profile
salt * win_firewall.get_settings domain firewallpolicy
# Get the inbound/outbound firewall settings for connections on the
# domain profile as defined by local group policy
salt * win_firewall.get_settings domain firewallpolicy lgpo
salt.modules.win_firewall.
rule_exists
(name)¶New in version 2016.11.6.
Checks if a firewall rule exists in the firewall policy
Parameters: | name (str) -- The name of the rule |
---|---|
Returns: | True if exists, otherwise False |
Return type: | bool |
CLI Example:
# Is there a rule named RemoteDesktop
salt '*' firewall.rule_exists RemoteDesktop
salt.modules.win_firewall.
set_firewall_settings
(profile, inbound=None, outbound=None, store='local')¶Set the firewall inbound/outbound settings for the specified profile and store
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: |
|
Return type: | |
Raises: |
|
CLI Example:
# Set the inbound setting for the domain profile to block inbound
# connections
salt * firewall.set_firewall_settings domain='domain' inbound='blockinbound'
# Set the outbound setting for the domain profile to allow outbound
# connections
salt * firewall.set_firewall_settings domain='domain' outbound='allowoutbound'
# Set inbound/outbound settings for the domain profile in the group
# policy to block inbound and allow outbound
salt * firewall.set_firewall_settings domain='domain' inbound='blockinbound' outbound='allowoutbound' store='lgpo'
salt.modules.win_firewall.
set_logging_settings
(profile, setting, value, store='local')¶Configure logging settings for the Windows firewall.
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: |
|
Return type: | |
Raises: |
|
CLI Example:
# Log allowed connections and set that in local group policy
salt * firewall.set_logging_settings domain allowedconnections enable lgpo
# Don't log dropped connections
salt * firewall.set_logging_settings profile=private setting=droppedconnections value=disable
# Set the location of the log file
salt * firewall.set_logging_settings domain filename C:\windows\logs\firewall.log
# You can also use environment variables
salt * firewall.set_logging_settings domain filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log
# Set the max file size of the log to 2048 Kb
salt * firewall.set_logging_settings domain maxfilesize 2048
salt.modules.win_firewall.
set_settings
(profile, setting, value, store='local')¶Configure firewall settings.
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: |
|
Return type: | |
Raises: |
|
CLI Example:
# Merge local rules with those distributed through group policy
salt * firewall.set_settings domain localfirewallrules enable
# Allow remote management of Windows Firewall
salt * firewall.set_settings domain remotemanagement enable
salt.modules.win_firewall.
set_state
(profile, state, store='local')¶Configure the firewall state.
New in version 2018.3.4.
New in version 2019.2.0.
Parameters: |
|
---|---|
Returns: |
|
Return type: | |
Raises: |
|
CLI Example:
# Turn the firewall off when the domain profile is active
salt * firewall.set_state domain off
# Turn the firewall on when the public profile is active and set that in
# the local group policy
salt * firewall.set_state public on lgpo
Docs for previous releases are available on readthedocs.org.
Latest Salt release: latest_release