33 lines
747 B
YAML
33 lines
747 B
YAML
|
---
|
||
|
- name: provision eap-adp-jump01
|
||
|
hosts: eae-adp-jump01
|
||
|
tasks:
|
||
|
- name: create /etc/pf.include.conf
|
||
|
file:
|
||
|
path: /etc/pf.include.conf
|
||
|
state: touch
|
||
|
mode: 0600
|
||
|
access_time: preserve
|
||
|
|
||
|
- name: basic firewall configuration
|
||
|
copy:
|
||
|
src: files/pf.conf
|
||
|
dest: /etc/pf.conf
|
||
|
validate: "/sbin/pfctl -vnf %s"
|
||
|
notify:
|
||
|
- reload firewall
|
||
|
|
||
|
# TODO: only activates after reboot :(
|
||
|
- name: activate routing
|
||
|
blockinfile:
|
||
|
content: |
|
||
|
net.inet.ip.forwarding=1
|
||
|
net.inet6.ip6.forwarding=1
|
||
|
path: /etc/sysctl.conf
|
||
|
mode: 0600
|
||
|
create: yes
|
||
|
|
||
|
handlers:
|
||
|
- name: reload firewall
|
||
|
command: pfctl -vf /etc/pf.conf
|