# pf ~~ tasks/main.yml --- - name: generate pf configuration template: src: templates/pf.conf.j2 dest: /etc/pf.conf owner: "{{ user_root }}" group: "{{ group_root }}" mode: 0600 - name: enable pf shell: /sbin/pfctl -e register: result failed_when: result.rc != 0 and "already enabled" not in result.stderr - name: restart pf shell: /sbin/pfctl -f /etc/pf.conf - name: test ssh connection on new pf rule wait_for: port: 22 delay: 2 state: started