Request: New module pf (packet filter) for BSD based systems
General
While Ansible is often used for orchestrating and administrating Linux based systems it may also be used for other systems. Especially BSD based systems (e.g. FreeBSD, OpenBSD,...) may also benefit from a better module support of BSD's most used tools and applications instead of writing workarounds with roles, tasks and notifiers.
Issue
When running a CARP and pfsync based firewall cluster it may often be needed to adjust the rule set. However, you may still want to test the rules within a dry-run or just or test a subset of filter types (e.g. filter, options or nat). Afterwards, you may want to apply this ones. Currently, you need workarounds based on roles, notifiers etc. to solve this. If would be great to have an Ansible module to solve this.
Examples
Test config
Test a config within a dry-run and provide the loaded rule set within Ansible's json meta output:
- name: Test a rule set
pf:
action: reload
config: /etc/pf.conf
dry_run: True
Load a subset of rules for testing:
- name: Load only NAT rule set
pf:
action: reload
config: /etc/pf.conf
filter: nat
Flush the rules and reload the new rule set:
- name: Flush and load a rule set
pf:
action: reload
config: /etc/pf.conf
Module
While this module makes sense for me I can not judge the BSD based user base of Ansible. If you think Ansible could benefit from this contribution feel free to ping me and I may attach a PR (the module is already finish and ready for review). For my last contribution to community.general see also yum_versionlock.
Issue Type
Feature Idea
Component Name
pf
Additional Information
- name: Load only NAT rule set
pf:
action: reload
config: /etc/pf.conf
filter: nat
Summary
Request: New module
pf
(packet filter) for BSD based systemsGeneral
While Ansible is often used for orchestrating and administrating Linux based systems it may also be used for other systems. Especially BSD based systems (e.g.
FreeBSD
,OpenBSD
,...) may also benefit from a better module support of BSD's most used tools and applications instead of writing workarounds with roles, tasks and notifiers.Issue
When running a
CARP
andpfsync
based firewall cluster it may often be needed to adjust the rule set. However, you may still want to test the rules within a dry-run or just or test a subset of filter types (e.g.filter
,options
ornat
). Afterwards, you may want to apply this ones. Currently, you need workarounds based on roles, notifiers etc. to solve this. If would be great to have an Ansible module to solve this.Examples
Test config
Test a config within a dry-run and provide the loaded rule set within Ansible's json meta output:
Load a subset of rules for testing:
Flush the rules and reload the new rule set:
Module
While this module makes sense for me I can not judge the BSD based user base of Ansible. If you think Ansible could benefit from this contribution feel free to ping me and I may attach a PR (the module is already finish and ready for review). For my last contribution to community.general see also yum_versionlock.
Issue Type
Feature Idea
Component Name
pf
Additional Information
Code of Conduct