search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
https://repo.saltproject.io/
Apache License 2.0
14.09k stars 5.47k forks source link

windows minion firewall #53143

Open Dtengfei opened 5 years ago

Dtengfei commented 5 years ago

Description of Issue/Question

Why haven't we updated the salt. states. win_firewall. add_rule module all the time? We only have local ports that can't be set remotely.

Setup

(Please provide relevant configs and/or SLS files (Be sure to remove sensitive info).)

Steps to Reproduce Issue

(Include debug logs if possible and relevant.)

Versions Report

master and minion version 2019.2.0

twangboy commented 5 years ago

@Dtengfei Could you clarify this request? Are you talking about the state module here? Or the execution module? What is not supported and where? Please provide a full Versions Report.

Dtengfei commented 5 years ago

很抱歉上次没有表达清楚我的意思,咱们现在的模块只是支持localport,但是我想要remoteport,请问一下咱们有其他方法满足我的需求嘛?我想要限制本地访问目标的指定端口。我用的是咱们的执行模块:salt.modules.win_firewall.add_rule(name, localport, protocol='tcp', action='allow', dir='in', remoteip='any') https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_firewall.html#salt.modules.win_firewall.add_rule

Dtengfei commented 5 years ago

I am sorry that I didn't express my meaning last time. Our current module only supports localport, but I want remoteport. Do you have other methods to meet my needs? I want to limit the specified port of the local access target. I use our execution module: salt.modules.win_firewall.add_rule(name, localport, protocol='tcp', action='allow', dir='in', remoteip='any') modules url:https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_firewall.html#salt.modules.win_firewall.add_rule

twangboy commented 5 years ago

OK. I have marked this as a Feature request. It should be a pretty easy add so I also marked it as Low Hanging Fruit.

Dtengfei commented 5 years ago

ok.thanks

------------------ Original ------------------ From: Shane Lee notifications@github.com Date: Thu,May 23,2019 0:12 AM To: saltstack/salt salt@noreply.github.com Cc: Dtengfei 425531910@qq.com, Mention mention@noreply.github.com Subject: Re: [saltstack/salt] windows minion firewall (#53143)

OK. I have marked this as a Feature request. It should be a pretty easy add so I also marked it as Low Hanging Fruit.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

stale[bot] commented 4 years ago

Thank you for updating this issue. It is no longer marked as stale.

pssnyman commented 4 years ago

Has there been any development regarding adding a 'remoteport' parameter? This would allow us to correctly configure outgoing firewall rules. As it stands that's not currently possible from what I can see.

mrosstech commented 3 years ago

I can tackle this issue. I reviewed the code in the module and think I know what needs to be changed. My question is around testing. Since this is adding a new command line parameter to the module, would I: