My new module pf (packet filter) allows managing the BSD’s packet filter (pf – as a firewall) which is compatible with FreeBSD, OpenBSD etc. When running in dry_run mode a generated rule set file will be validated and printed within Ansible’s meta output (json). Rulesets can be loaded by filters (e.g. filter, options or nat) and tested in dry_run mode. Next to this, basic service management can be done by this module for starting, stopping and restarting pf.
- name: Test a rule set pf: action: reload config: /etc/pf.conf dry_run: True - name: Load only NAT rules set pf: action: reload config: /etc/pf.conf filter: nat - name: Flush PF rules pf: action: reload config: /etc/pf.conf - name: Start PF pf: action: restart config: /etc/pf.confResources:
Initial upload: initial upload of pf (packet filter)