salt.modules.pf

Control the OpenBSD packet filter (PF).

codeauthor:

Jasper Lievisse Adriaanse <j@jasper.la>

New in version 2019.2.0.

salt.modules.pf.disable()

Disable the Packet Filter.

CLI Example:

salt '*' pf.disable
salt.modules.pf.enable()

Enable the Packet Filter.

CLI Example:

salt '*' pf.enable
salt.modules.pf.flush(modifier)

Flush the specified packet filter parameters.

modifier:

Should be one of the following:

  • all

  • info

  • osfp

  • rules

  • sources

  • states

  • tables

Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.

CLI Example:

salt '*' pf.flush states
salt.modules.pf.load(file='/etc/pf.conf', noop=False)

Load a ruleset from the specific file, overwriting the currently loaded ruleset.

file:

Full path to the file containing the ruleset.

noop:

Don't actually load the rules, just parse them.

CLI Example:

salt '*' pf.load /etc/pf.conf.d/lockdown.conf
salt.modules.pf.loglevel(level)

Set the debug level which limits the severity of log messages printed by pf(4).

level:

Log level. Should be one of the following: emerg, alert, crit, err, warning, notice, info or debug (OpenBSD); or none, urgent, misc, loud (FreeBSD).

CLI Example:

salt '*' pf.loglevel emerg
salt.modules.pf.show(modifier)

Show filter parameters.

modifier:

Modifier to apply for filtering. Only a useful subset of what pfctl supports can be used with Salt.

  • rules

  • states

  • tables

CLI Example:

salt '*' pf.show rules
salt.modules.pf.table(command, table, **kwargs)

Apply a command on the specified table.

table:

Name of the table.

command:

Command to apply to the table. Supported commands are:

  • add

  • delete

  • expire

  • flush

  • kill

  • replace

  • show

  • test

  • zero

Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.

CLI Example:

salt '*' pf.table expire table=spam_hosts number=300
salt '*' pf.table add table=local_hosts addresses='["127.0.0.1", "::1"]'