salt.modules.pf¶
Control the OpenBSD packet filter (PF).
- codeauthor:
Jasper Lievisse Adriaanse <j@jasper.la>
New in version 2019.2.0.
- salt.modules.pf.disable()¶
Disable the Packet Filter.
CLI Example:
salt '*' pf.disable
- salt.modules.pf.enable()¶
Enable the Packet Filter.
CLI Example:
salt '*' pf.enable
- salt.modules.pf.flush(modifier)¶
Flush the specified packet filter parameters.
- modifier:
Should be one of the following:
all
info
osfp
rules
sources
states
tables
Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.
CLI Example:
salt '*' pf.flush states
- salt.modules.pf.load(file='/etc/pf.conf', noop=False)¶
Load a ruleset from the specific file, overwriting the currently loaded ruleset.
- file:
Full path to the file containing the ruleset.
- noop:
Don't actually load the rules, just parse them.
CLI Example:
salt '*' pf.load /etc/pf.conf.d/lockdown.conf
- salt.modules.pf.loglevel(level)¶
Set the debug level which limits the severity of log messages printed by
pf(4).- level:
Log level. Should be one of the following: emerg, alert, crit, err, warning, notice, info or debug (OpenBSD); or none, urgent, misc, loud (FreeBSD).
CLI Example:
salt '*' pf.loglevel emerg
- salt.modules.pf.show(modifier)¶
Show filter parameters.
- modifier:
Modifier to apply for filtering. Only a useful subset of what pfctl supports can be used with Salt.
rules
states
tables
CLI Example:
salt '*' pf.show rules
- salt.modules.pf.table(command, table, **kwargs)¶
Apply a command on the specified table.
- table:
Name of the table.
- command:
Command to apply to the table. Supported commands are:
add
delete
expire
flush
kill
replace
show
test
zero
Please refer to the OpenBSD pfctl(8) documentation for a detailed explanation of each command.
CLI Example:
salt '*' pf.table expire table=spam_hosts number=300 salt '*' pf.table add table=local_hosts addresses='["127.0.0.1", "::1"]'
