From 613f2b2d240268c75940b65a5a4f1cb6e26316f2 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 7 Oct 2021 18:13:04 +0000
Subject: [PATCH] pf: Add validation to pf rules

---
 roles/pf/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml
index c7bbb32..d5e8d7d 100644
--- a/roles/pf/tasks/main.yml
+++ b/roles/pf/tasks/main.yml
@@ -7,6 +7,7 @@
     mode: 0600
     owner: root
     group: "{{ ansible_wheel }}"
+    validate: pfctl -N -f %s
   notify: reload pf
   when: firewall_src is defined
 
@@ -17,5 +18,6 @@
     mode: 0600
     owner: root
     group: "{{ ansible_wheel }}"
+    validate: pfctl -N -f %s
   notify: reload pf
   when: firewall_src is not defined