Need help with ansible-pfsense?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

opoplawski
173 Stars 34 Forks GNU General Public License v3.0 386 Commits 18 Opened issues

Description

Ansible modules for managing pfSense firewalls

Services available

!
?

Need anything else?

Contributors list

# 306,514
Shell
pfsense
PHP
CSS
201 commits
# 64,256
elastic
wikiped...
fail2ba...
squid
165 commits
# 78,977
Perl
Common ...
session...
pypi
2 commits
# 149,507
jsonnet
SQL
Scala
reusabl...
1 commit
# 413,148
Python
slack-a...
slack
pfsense
1 commit

Ansible-pfsense / pfsensible.core

This is a set of modules to allow you to configure pfSense firewalls with ansible.

Installation using ansible galaxy

Ansible Galaxy (as of version 2.9) now has an option for collections. A collection is a distribution format for delivering all type of Ansible content (not just roles as it was before). We have renamed the collection 'pfsensible.core' for galaxy distribution. To install:

ansible-galaxy collection install pfsensible.core

Optionally, you can specify the path of the collection installation with the

-p
option.
ansible-galaxy collection install pfsensible.core -p ./collections

Additionally, you can set the

collections_paths
option in your
ansible.cfg
file to automatically designate install locations.
# ansible.cfg
[defaults]
collections_paths=collections

NOTE: Changes with pfsensible.core 0.4.0

With pfsensible.core 0.4.0 we have stopped stripping the pfsense_ prefix from the module names. This caused conflicts with other modules (like the ansible core 'setup' module). You can use the 'collections' keyword in your playbooks and roles to simplify the module names instead.

Installing using ansible pre-2.9 (not galaxy)

Just checkout the repository and run your playbooks from the ansible-pfsense directory.

Configuration

Current ansible (2.9) python discovery should detect the installed python. If not, you can set in your playbook or hosts vars:

pfSense >= 2.4.5:

ansible_python_interpreter: /usr/local/bin/python3.7
pfSense < 2.4.5:
ansible_python_interpreter: /usr/local/bin/python2.7

Modules must run as root in order to make changes to the system. By default pfSense does not have sudo capability so

become
will not work. You can install it with:
  - name: "Install packages"
    package:
      name:
        - pfSense-pkg-sudo
      state: present
and then configure sudo so that your user has permission to use sudo.

Modules

The following modules are currently available:

Bulk modules

These modules allow you to make important changes at once and, using the purge parameters, to keep the targets configuration strictly synchronized with your playbooks:

Third party modules

These modules allow you to manage installed packages:

Operation

Modules in the collection work by editing

/cf/conf/config.xml
using xml.etree.ElementTree, then calling the appropriate php update function via the pfsense php developer shell.

Some formatting is lost, and CDATA items are converted to normal entries, but so far no problems with that have been noted.

License

GPLv3.0 or later

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.