---

- name: lint pf configuration
  ansible.builtin.command: "pfctl -nf {{ pf_configuration_file }}"

- name: enable pf
  ansible.builtin.command: pfctl -e
  register: pf_result_enable
  failed_when:
    - pf_result_enable.result.rc != 0
    - "'already enabled' not in pf_result_enabled.result.stderr"

- name: restart pf
  ansible.builtin.command: pfctl -f "{{ pf_configuration_file }}"