From 6acefc917823e7dafe8749f00be0c7e14b82875b Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 19 Mar 2021 18:35:58 +0000
Subject: [PATCH] pf: Don't set empty defaults, check if var is defined

---
 roles/pf/defaults/main.yml    | 3 ---
 roles/pf/templates/pf.conf.j2 | 6 ++++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/roles/pf/defaults/main.yml b/roles/pf/defaults/main.yml
index 51dcfc3..d50d859 100644
--- a/roles/pf/defaults/main.yml
+++ b/roles/pf/defaults/main.yml
@@ -1,6 +1,3 @@
 ---
-
 firewall_in:
   - {proto: tcp, port: 22}
-
-firewall_raw: []
diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2
index 40ab1be..db8454b 100644
--- a/roles/pf/templates/pf.conf.j2
+++ b/roles/pf/templates/pf.conf.j2
@@ -8,9 +8,11 @@ pass out
 pass in quick proto icmp
 pass in quick proto icmp6
 
-{% for rule in firewall_raw %}
+{% if firewall_raw is defined %}
+{%   for rule in firewall_raw %}
 {{ rule }}
-{% endfor %}
+{%   endfor %}
+{% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
 {%     for from in rule.from | ipaddr %}