My new module pf (packet filter) allows managing the BSD’s packet filter (pf – as a firewall) which is compatible with FreeBSD, OpenBSD etc. When running in dry_run mode a generated rule set file will be validated and printed within Ansible’s meta output (json). Rulesets can be loaded by filters (e.g. filter, options or nat) and tested in dry_run mode. Next to this, basic service management can be done by this module for starting, stopping and restarting pf.
- name: Test a rule set
pf:
action: reload
config: /etc/pf.conf
dry_run: True
- name: Load only NAT rules set
pf:
action: reload
config: /etc/pf.conf
filter: nat
- name: Flush PF rules
pf:
action: reload
config: /etc/pf.conf
- name: Start PF
pf:
action: restart
config: /etc/pf.conf
Resources:Initial upload: initial upload of pf (packet filter)
PR: PR#5857