blob: 4fba69e9ab30cb3e369edb26ddee97e8c0d3a6ec (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
---
- name: generate pf configuration
ansible.builtin.template:
src: pf.conf.j2
dest: "{{ pf_configuration_file }}"
owner: 0
group: 0
mode: "0600"
register: pf_result_generate_configuration
- name: lint pf configuration # noqa: no-handler
ansible.builtin.command: "pfctl -nf {{ pf_configuration_file }}"
register: pf_result_lint_configuration
changed_when:
- pf_result_generate_configuration.changed
- pf_result_lint_configuration.rc != 0
- name: restart pf # noqa: no-handler
ansible.builtin.command: pfctl -f "{{ pf_configuration_file }}"
when: pf_result_generate_configuration.changed
- name: test pf rules
ansible.builtin.wait_for:
port: "{{ item }}"
delay: "{{ pf_test_delay }}"
state: started
loop: "{{ pf_test_ports }}"
- name: enable pf
ansible.builtin.command: pfctl -e
register: pf_result_enable
changed_when:
- "'already enabled' not in pf_result_enable.stderr"
failed_when:
- pf_result_enable.rc != 0
- "'already enabled' not in pf_result_enable.stderr"
|
