aboutsummaryrefslogtreecommitdiffstats
path: root/roles/pf/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/pf/tasks/main.yml')
-rw-r--r--roles/pf/tasks/main.yml27
1 files changed, 22 insertions, 5 deletions
diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml
index 8e81e1c..4fba69e 100644
--- a/roles/pf/tasks/main.yml
+++ b/roles/pf/tasks/main.yml
@@ -7,14 +7,31 @@
owner: 0
group: 0
mode: "0600"
- notify:
- - lint pf configuration
- - enable pf
- - restart pf
+ register: pf_result_generate_configuration
+
+- name: lint pf configuration # noqa: no-handler
+ ansible.builtin.command: "pfctl -nf {{ pf_configuration_file }}"
+ register: pf_result_lint_configuration
+ changed_when:
+ - pf_result_generate_configuration.changed
+ - pf_result_lint_configuration.rc != 0
+
+- name: restart pf # noqa: no-handler
+ ansible.builtin.command: pfctl -f "{{ pf_configuration_file }}"
+ when: pf_result_generate_configuration.changed
- name: test pf rules
ansible.builtin.wait_for:
port: "{{ item }}"
- delay: 2
+ delay: "{{ pf_test_delay }}"
state: started
loop: "{{ pf_test_ports }}"
+
+- name: enable pf
+ ansible.builtin.command: pfctl -e
+ register: pf_result_enable
+ changed_when:
+ - "'already enabled' not in pf_result_enable.stderr"
+ failed_when:
+ - pf_result_enable.rc != 0
+ - "'already enabled' not in pf_result_enable.stderr"
remember that computers suck.