Ansible Role: macos_pf
An Ansible Role to manage the Packet Filter (pf) Firewall of macOS.
First, Install Ansible.
Mac OS X
Then, install it use:
ansible-galaxy install bjoernalbers.macos_pf
These target host(s) must meet these requirements:
It should be a Mac, ideally with a recent version of macOS (Snow Leopard won’t work).
System Integrity Protection (SIP) must temporarily be disabled. Otherwise the Packet Filter can’t be enabled permanently across reboots.
You need to have access as an admin user and become “root” via become: yes - see example playbook below.
Define your firewall rules with
Please use IP addresses instead FQDN’s in your firewall rules! Because the Mac might not be able to resolve those hostnames during boot and so the packet filter fails to start.