Ansible modules for managing pfsense firewalls.
This is a set of modules to allow you to configure pfsense firewalls with ansible.
Just checkout the repository and run your playbooks from the ansible-pfsense directory.
The python interpreter is in a non-standard location on pfSense, so you will need to set:
ansible_python_interpreter: /usr/local/bin/python2.7
There are currently the following modules:
- pfsense_alias for managing aliases
- pfsense_authserver_ldap for managing LDAP authentication servers
- pfsense_ca for managing Certificate Authorities
- pfsense_group for managing groups
- pfsense_interface for managing interfaces (EXPERIMENTAL)
- pfsense_ipsec for managing ipsec tunnels and phase 1 options
- pfsense_ipsec_proposal for managing ipsec proposals
- pfsense_ipsec_p2 for managing ipsec tunnels phase 2 options
- pfsense_rule for managing rules
- pfsense_rule_separator for managing rule separators
- pfsense_user for managing users
- pfsense_vlan for managing vlans
These modules allow you to make important changes at once and, using the purge parameters, to keep the targets configuration strictly synchronized with your playbooks:
- pfsense_aggregate for aliases, rules, rule separators, interfaces and vlans
- pfsense_ipsec_aggregate for ipsec tunnels, phases 1, phases 2 and proposals
It works by editing /cf/conf/config.xml using xml.etree.ElementTree, then calling the appropriate php update function via the pfsense php developer shell.
Some formatting is lost, and CDATA items are converted to normal entries, but so far no problems with that have been noted.
GPLv3.0 or later