[Ansible Galaxy] Use Ansible bjoernalbers.macos_pf to install Packet Filter (PF) Firewall
Ansible Role: macos_pf
An Ansible Role to manage the Packet Filter (pf) Firewall of macOS.
First, Install Ansible.
Mac OS X
Then, install it use:
ansible-galaxy install bjoernalbers.macos_pf
These target host(s) must meet these requirements:
It should be a Mac, ideally with a recent version of macOS (Snow Leopard won’t work).
System Integrity Protection (SIP) must temporarily be disabled. Otherwise the Packet Filter can’t be enabled permanently across reboots.
You need to have access as an admin user and become “root” via become: yes - see example playbook below.
Define your firewall rules with
Please use IP addresses instead FQDN’s in your firewall rules! Because the Mac might not be able to resolve those hostnames during boot and so the packet filter fails to start.
 bjoernalbers/ansible-role-macos-pf: Ansible Role to manage Packet Filter (pf) firewall on macOS - https://github.com/bjoernalbers/ansible-role-macos-pf
 bjoernalbers/macos_pf | Ansible Galaxy - https://galaxy.ansible.com/bjoernalbers/macos_pf
 OpenBSD PF: Packet Filtering - https://www.openbsd.org/faq/pf/filter.html
 Ansible is Simple IT Automation - https://www.ansible.com/
 Installing Ansible — Ansible Documentation - https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html