diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml
index c7bbb32..d5e8d7d 100644
--- a/roles/pf/tasks/main.yml
+++ b/roles/pf/tasks/main.yml
@@ -7,6 +7,7 @@
     mode: 0600
     owner: root
     group: "{{ ansible_wheel }}"
+    validate: pfctl -N -f %s
   notify: reload pf
   when: firewall_src is defined
 
@@ -17,5 +18,6 @@
     mode: 0600
     owner: root
     group: "{{ ansible_wheel }}"
+    validate: pfctl -N -f %s
   notify: reload pf
   when: firewall_src is not defined