salt.modules.pf

Control the OpenBSD packet filter (PF).

codeauthor:	Jasper Lievisse Adriaanse <j@jasper.la>

salt.modules.pf.disable()

Disable the Packet Filter.

CLI example:

salt '*' pf.disable

salt.modules.pf.enable()

Enable the Packet Filter.

CLI example:

salt '*' pf.enable

salt.modules.pf.flush(modifier)

Flush the specified packet filter parameters.

modifier:

Should be one of the following:

• all
• info
• osfp
• rules
• sources
• states
• tables

Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.

CLI example:

salt '*' pf.flush states

salt.modules.pf.load(file='/etc/pf.conf', noop=False)

Load a ruleset from the specific file, overwriting the currently loaded ruleset.

file:

Full path to the file containing the ruleset.

noop:

Don't actually load the rules, just parse them.

CLI example:

salt '*' pf.load /etc/pf.conf.d/lockdown.conf

salt.modules.pf.loglevel(level)

Set the debug level which limits the severity of log messages printed by pf(4).

level:

Log level. Should be one of the following: emerg, alert, crit, err, warning, notice, info or debug.

CLI example:

salt '*' pf.loglevel emerg

salt.modules.pf.show(modifier)

Show filter parameters.

modifier:

Modifier to apply for filtering. Only a useful subset of what pfctl supports can be used with Salt.

• rules
• states
• tables

CLI example:

salt '*' pf.show rules

salt.modules.pf.table(command, table, **kwargs)

Apply a command on the specified table.

table:

Name of the table.

command:

Command to apply to the table. Supported commands are:

• add
• delete
• expire
• flush
• kill
• replace
• show
• test
• zero

Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.

CLI example:

salt '*' pf.table expire table=spam_hosts number=300
salt '*' pf.table add table=local_hosts addresses='["127.0.0.1", "::1"]'