salt.modules.pf

Control the OpenBSD packet filter (PF).

codeauthor:Jasper Lievisse Adriaanse <j@jasper.la>

New in version 2019.2.0.

salt.modules.pf.disable()

Disable the Packet Filter.

CLI example:

salt '*' pf.disable
salt.modules.pf.enable()

Enable the Packet Filter.

CLI example:

salt '*' pf.enable
salt.modules.pf.flush(modifier)

Flush the specified packet filter parameters.

modifier:

Should be one of the following:

  • all
  • info
  • osfp
  • rules
  • sources
  • states
  • tables

Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.

CLI example:

salt '*' pf.flush states
salt.modules.pf.load(file=u'/etc/pf.conf', noop=False)

Load a ruleset from the specific file, overwriting the currently loaded ruleset.

file:
Full path to the file containing the ruleset.
noop:
Don't actually load the rules, just parse them.

CLI example:

salt '*' pf.load /etc/pf.conf.d/lockdown.conf
salt.modules.pf.loglevel(level)

Set the debug level which limits the severity of log messages printed by pf(4).

level:
Log level. Should be one of the following: emerg, alert, crit, err, warning, notice, info or debug (OpenBSD); or none, urgent, misc, loud (FreeBSD).

CLI example:

salt '*' pf.loglevel emerg
salt.modules.pf.show(modifier)

Show filter parameters.

modifier:

Modifier to apply for filtering. Only a useful subset of what pfctl supports can be used with Salt.

  • rules
  • states
  • tables

CLI example:

salt '*' pf.show rules
salt.modules.pf.table(command, table, **kwargs)

Apply a command on the specified table.

table:
Name of the table.
command:

Command to apply to the table. Supported commands are:

  • add
  • delete
  • expire
  • flush
  • kill
  • replace
  • show
  • test
  • zero

Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.

CLI example:

salt '*' pf.table expire table=spam_hosts number=300
salt '*' pf.table add table=local_hosts addresses='["127.0.0.1", "::1"]'