Merge pull request #12841 from rogst/develop

Added module and state for adding new firewall rules
2024-11-07 17:09:03 +00:00 · 2014-05-17 11:52:12 -05:00 · 2014-05-17 11:52:12 -05:00 · 438e69e5ba
commit 438e69e5ba
parent c295a988cf 10a69dfa7d
2 changed files with 65 additions and 0 deletions
--- a/salt/modules/win_firewall.py
+++ b/salt/modules/win_firewall.py
@ -61,3 +61,37 @@ def disable():
    return __salt__['cmd.run'](
            'netsh advfirewall set allprofiles state off'
            ) == 'Ok.'
+
+
+def get_rule(name="all"):
+    '''
+    Get firewall rule(s) info
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' firewall.get_rule "MyAppPort"
+    '''
+    ret = {}
+    cmd = 'netsh advfirewall firewall show rule name="{0}"'.format(name)
+    ret[name] = __salt__['cmd.run'](cmd)
+
+    if ret[name].strip() == "No rules match the specified criteria.":
+        ret = False
+
+    return ret
+
+
+def add_rule(name, localport, protocol="tcp", action="allow", dir="in"):
+    '''
+    Add a new firewall rule
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' firewall.add_rule "test" "tcp" "8080"
+    '''
+    cmd = 'netsh advfirewall firewall add rule name="{0}" protocol={1} dir={2} localport={3} action={4}'.format(name, protocol, dir, localport, action)
+    return __salt__['cmd.run'](cmd) == 'Ok.'
--- a/salt/states/win_firewall.py
+++ b/salt/states/win_firewall.py
@ -42,3 +42,34 @@ def disabled(name):
        ret['comment'] = 'All the firewall profiles are disabled'

    return ret
+
+
+def add_rule(name, localport, protocol="tcp", action="allow", dir="in"):
+    '''
+    Add a new firewall rule (Windows only)
+    '''
+    ret = {'name': name,
+           'result': True,
+           'changes': {},
+           'comment': ''}
+
+    # Check if rule exists
+    commit = False
+    current_rules = __salt__['firewall.get_rule'](name)
+    if not current_rules:
+        commit = True
+        ret['changes'] = {'new rule': name}
+
+    if __opts__['test']:
+        ret['result'] = None
+        return ret
+
+    # Add rule
+    if commit:
+        ret['result'] = __salt__['firewall.add_rule'](name, localport, protocol, action, dir)
+        if not ret['result']:
+            ret['comment'] = 'Could not add rule'
+    else:
+        ret['comment'] = 'A rule with that name already exists'
+
+    return ret