aboutsummaryrefslogblamecommitdiffstats
path: root/roles/pf/tasks/main.yml
blob: 9737315000b80ffa4f09b3cb735d958f14a4e530 (plain) (tree)
1
2
3
4
5
6
7
8
9

   
                                 
                           
                   
                                        

            
                
                                             

                                                 

                                                                   
               

                                               

                                      

                                                                  
 
                     
                           
                      
                                 
                  
                              


                                   
                             
               
                                                         
              

                                                         
---

- name: generate pf configuration
  ansible.builtin.template:
    src: pf.conf.j2
    dest: "{{ pf__configuration_file }}"
    owner: 0
    group: 0
    mode: "0600"
  register: pf__result_generate_configuration

- name: lint pf configuration  # noqa: no-handler
  ansible.builtin.command: "pfctl -nf {{ pf__configuration_file }}"
  register: pf__result_lint_configuration
  changed_when:
    - pf__result_generate_configuration.changed
    - pf__result_lint_configuration.rc != 0

- name: restart pf  # noqa: no-handler
  ansible.builtin.command: pfctl -f "{{ pf__configuration_file }}"
  when: pf__result_generate_configuration.changed

- name: test pf rules
  ansible.builtin.wait_for:
    port: "{{ item }}"
    delay: "{{ pf__test_delay }}"
    state: started
  loop: "{{ pf__test_ports }}"

- name: enable pf
  ansible.builtin.command: pfctl -e
  register: pf__result_enable
  changed_when:
    - "'already enabled' not in pf__result_enable.stderr"
  failed_when:
    - pf__result_enable.rc != 0
    - "'already enabled' not in pf__result_enable.stderr"
remember that computers suck.