[Ansible Galaxy] Use Ansible bjoernalbers.macos_pf to install Packet Filter (PF) Firewall
Ansible Role: macos_pf
An Ansible Role to manage the Packet Filter (pf) Firewall of macOS.
Installation
First, Install Ansible.
1 | Mac OS X |
Then, install it use:
1 | ansible-galaxy install bjoernalbers.macos_pf |
Requirements
These target host(s) must meet these requirements:
-
It should be a Mac, ideally with a recent version of macOS (Snow Leopard won’t work).
System Integrity Protection (SIP) must temporarily be disabled. Otherwise the Packet Filter can’t be enabled permanently across reboots. -
You need to have access as an admin user and become “root” via become: yes - see example playbook below.
Role Variables
Define your firewall rules with macos_pf_rules
.
Please use IP addresses instead FQDN’s in your firewall rules! Because the Mac might not be able to resolve those hostnames during boot and so the packet filter fails to start.
Dependencies
None.
Example Playbook
1 |
|
References
[2] bjoernalbers/macos_pf | Ansible Galaxy - https://galaxy.ansible.com/bjoernalbers/macos_pf
[3] OpenBSD PF: Packet Filtering - https://www.openbsd.org/faq/pf/filter.html
[4] Ansible is Simple IT Automation - https://www.ansible.com/