Use Salt to generate firewall rules for Open/Free-BSD
Google Capirca
Salt capirca_acl
This is not tested yet.
Since the syntax of pf.conf is not exactly the same between Free/Open-BSD some functions/attributes may not work(?)
Pillar-data:
acl:
- my-filter:
terms:
- my-term:
source_port: [1234, 1235]
action: reject
- my-other-term:
source_port:
- [5678, 5680]
protocol: tcp
action: accept
sudo salt freebsd* capirca.get_policy_config packetfilter
freebsd-lab:
# Packetfilter my-filter Policy
# $Date: 2020/08/19 $
# inet
# term my-term
block return quick inet from { any } port { 1235 1234 } to { any } flags S/SA
# term my-other-term
pass quick inet proto { tcp } from { any } port { 5678:5680 } to { any } flags S/SA keep state
How to apply to pf.conf
/etc/pf.conf: file.managed: - contents: {{ salt.capirca.get_policy_config('packetfilter') }}