diff --git a/README.rst b/README.rst
index 4fed9cb..bea57cb 100644
--- a/README.rst
+++ b/README.rst
@@ -93,6 +93,11 @@ using data from Pillar. (Debian and RedHat Only)
 
 Allows you to install the basic Core Rules (CRS) and some basic configuration for mod_security2
 
+``apache.mod_security.rules``
+
+This state can create symlinks based on basic Core Rules package. (Debian only)
+Or it can distribute a mod_security rule file and place it /etc/modsecurity/
+
 ``apache.mod_ssl``
 ----------------------
 
diff --git a/apache/mod_security.sls b/apache/mod_security/init.sls
similarity index 100%
rename from apache/mod_security.sls
rename to apache/mod_security/init.sls
diff --git a/apache/mod_security/rules.sls b/apache/mod_security/rules.sls
new file mode 100644
index 0000000..966a934
--- /dev/null
+++ b/apache/mod_security/rules.sls
@@ -0,0 +1,45 @@
+{%- set apache = pillar.get('apache', {}) %}
+{%- set mod_security = apache.get('mod_security', {}) %}
+{%- if mod_security.get('manage_config', False) %}
+
+include:
+  - apache.mod_security
+
+{%- for rule_name, rule_details in mod_security.get('rules', {}).items() %}
+  {% set rule_set = rule_details.get('rule_set', '') %}
+  {% set enabled = rule_details.get('enabled', False ) %}
+  {%- if enabled %}
+/etc/modsecurity/{{ rule_name }}:
+  file.symlink:
+    - target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }}
+    - user: root
+    - group: root
+    - mode: 755
+  {%- else %}
+/etc/modsecurity/{{ rule_name }}:
+  file.absent:
+    - name: /etc/modsecurity/{{ rule_name }}
+  {%- endif %}
+
+{%- endfor %}
+
+{%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %}
+  {% set file = custom_rule_details.get('file', None) %}
+  {% set path = custom_rule_details.get('path', None) %}
+  {% set enabled = custom_rule_details.get('enabled', False ) %}
+
+  {%- if enabled %}
+/etc/modsecurity/{{ file }}:
+  file.managed:
+    - source: {{ path }}
+    - user: root
+    - group: root
+    - mode: 755
+  {%- else %}
+/etc/modsecurity/{{ file }}:
+  file.absent:
+    - name: /etc/modsecurity/{{ file }}
+  {%- endif %}
+{%- endfor %}
+
+{% endif %}
diff --git a/pillar.example b/pillar.example
index 43e6d4a..2dd1515 100644
--- a/pillar.example
+++ b/pillar.example
@@ -165,3 +165,19 @@ apache:
     sec_pcre_match_limit_recursion: '15000'
     sec_debug_log_level: '3'
 
+    rules:
+      enabled:
+      modsecurity_crs_10_setup.conf:
+        rule_set: ''
+        enabled: True
+      modsecurity_crs_20_protocol_violations.conf:
+        rule_set: 'base_rules'
+        enabled: False
+
+    custom_rule_files:
+      # any name as an array index, and you can duplicate this section
+      UNIQUE_VALUE_HERE:
+        file: 'my name'
+        path: 'salt://path/to/modsecurity/custom/file'
+        enabled: True
+