diff --git a/jail2ban/pfctl.py b/jail2ban/pfctl.py
index 65bf6b3..d716341 100644
--- a/jail2ban/pfctl.py
+++ b/jail2ban/pfctl.py
@@ -1,3 +1,6 @@
+'''
+Lowlevel routines for calling the pf binary with passwordless sudo
+'''
 import logging
 from subprocess import run
 
@@ -12,6 +15,9 @@ _PFCTL_TABLE_PAT = r'''\s+(?P<addr>\S+)\n
 \s+Out/Pass:\s+\[\s+Packets:\s+(?P<out_pckt_pass>\d+)\s+Bytes:\s+(?P<out_bytes_pass>\d+)\s+\]'''
 
 def pfctl_cfg_read(anchor):
+    '''
+    Read pf rules stored under a certain anchor
+    '''
     cmd = [_SUDO, _PFCTL, '-a', anchor, '-sr']
     logging.info('Running %s', cmd)
 
@@ -22,6 +28,9 @@ def pfctl_cfg_read(anchor):
 
 
 def pfctl_cfg_write(anchor, cfg):
+    '''
+    Write pf rules under a certain anchor
+    '''
     cmd = [_SUDO, _PFCTL, '-a', anchor, '-f-']
     logging.info('Running %s', cmd)
     logging.info('Config %s', cfg)
@@ -36,6 +45,9 @@ def pfctl_cfg_write(anchor, cfg):
 
 
 def pfctl_table_op(anchor, **kwargs):
+    '''
+    pf table operation
+    '''
     table = kwargs['table']
     operation = kwargs['operation']
     value = kwargs['value'] if 'value' in kwargs else None