Control the OpenBSD packet filter (PF).
Jasper Lievisse Adriaanse <j@jasper.la>
New in version 2019.2.0.
salt.modules.pf.
disable
()¶Disable the Packet Filter.
CLI example:
salt '*' pf.disable
salt.modules.pf.
enable
()¶Enable the Packet Filter.
CLI example:
salt '*' pf.enable
salt.modules.pf.
flush
(modifier)¶Flush the specified packet filter parameters.
Should be one of the following:
all
info
osfp
rules
sources
states
tables
Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.
CLI example:
salt '*' pf.flush states
salt.modules.pf.
load
(file='/etc/pf.conf', noop=False)¶Load a ruleset from the specific file, overwriting the currently loaded ruleset.
Full path to the file containing the ruleset.
Don't actually load the rules, just parse them.
CLI example:
salt '*' pf.load /etc/pf.conf.d/lockdown.conf
salt.modules.pf.
loglevel
(level)¶Set the debug level which limits the severity of log messages printed by pf(4)
.
Log level. Should be one of the following: emerg, alert, crit, err, warning, notice, info or debug.
CLI example:
salt '*' pf.loglevel emerg
salt.modules.pf.
show
(modifier)¶Show filter parameters.
Modifier to apply for filtering. Only a useful subset of what pfctl supports can be used with Salt.
rules
states
tables
CLI example:
salt '*' pf.show rules
salt.modules.pf.
table
(command, table, **kwargs)¶Apply a command on the specified table.
Name of the table.
Command to apply to the table. Supported commands are:
add
delete
expire
flush
kill
replace
show
test
zero
Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.
CLI example:
salt '*' pf.table expire table=spam_hosts number=300
salt '*' pf.table add table=local_hosts addresses='["127.0.0.1", "::1"]'