33 lines
747 B
YAML
33 lines
747 B
YAML
---
|
|
- name: provision eap-adp-jump01
|
|
hosts: eae-adp-jump01
|
|
tasks:
|
|
- name: create /etc/pf.include.conf
|
|
file:
|
|
path: /etc/pf.include.conf
|
|
state: touch
|
|
mode: 0600
|
|
access_time: preserve
|
|
|
|
- name: basic firewall configuration
|
|
copy:
|
|
src: files/pf.conf
|
|
dest: /etc/pf.conf
|
|
validate: "/sbin/pfctl -vnf %s"
|
|
notify:
|
|
- reload firewall
|
|
|
|
# TODO: only activates after reboot :(
|
|
- name: activate routing
|
|
blockinfile:
|
|
content: |
|
|
net.inet.ip.forwarding=1
|
|
net.inet6.ip6.forwarding=1
|
|
path: /etc/sysctl.conf
|
|
mode: 0600
|
|
create: yes
|
|
|
|
handlers:
|
|
- name: reload firewall
|
|
command: pfctl -vf /etc/pf.conf
|