Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New! Ansible Module for pfSense that uses developer shell pfSsh.php

    Off-Topic & Non-Support Discussion
    4
    5
    11.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bevhost
      last edited by

      Re: Pfsense Installation using Ansible??

      I have just released some ansible modules I built for deploying pfsense firewall configurations.
      One design goal was the ability to export the XML config and convert parts of it to YAML for Ansible.
      Especially handy for having default firewall aliases and rules across many firewalls.
      see
      https://github.com/bevhost/ansible-module-pfsense

      Modules completed so far :-
      Basic system configuration module, DNS, timezone, NTP, snmp, etc plus modules for Interfaces, Aliases, Filter Rules, Auth Servers, Certificates, Groups, Password & SSH Keys, Virtual IPs, High Availability Sync, FRR RAW with BGP, Applying Settings

      1 Reply Last reply Reply Quote 1
      • O
        opoplawski
        last edited by

        I'd be interested in your comparison to the approach taken here: https://github.com/opoplawski/ansible-pfsense

        1 Reply Last reply Reply Quote 0
        • B
          bevhost
          last edited by

          I think the main difference is that my modules only calls the PHP shell on pfSense and doesn't use XML in any way.
          I also wanted to use a XML to YAML converter to download an existing configuration and create playbooks data.
          Back in 2018 when I started, I could not find anything online that was anywhere close to everything I needed.

          As for whether it's best to use the PHP Shell or write XML on the firewall, is not for me to say.
          Better to ask the pfSense developers about that.

          It was imperative that as much of firewall configuration could be setup from ansible.
          I still find I have to go into the WebUI and step through the wizard to complete the basic install after ansible is done with it.

          I'd also love to have cloud-init working with it to save the initial console setup.

          1 Reply Last reply Reply Quote 1
          • M
            maglub
            last edited by

            Regardless of approach, I think this is something that is extremely important for me as a systems designer and systems integrator.

            It would be awesome if there would be some "official" momentum from pfSense/Netgate side to support such initiative.

            What I have been looking for since a couple of years is some sort of automated fleet management of firewalls. My preferred orchestration is Ansible.

            I agree with your requirements, as such I have understood them:

            • Bootstrapping per API or Ansible
            • Idempotent maintenance per Ansible
            • Using the WebGui for particularities (which will later on be overwritten by Ansible), for easy troubleshooting

            Thanks for your efforts, I wish you a great day!

            //magnus

            JeGrJ 1 Reply Last reply Reply Quote 1
            • JeGrJ
              JeGr LAYER 8 Moderator @maglub
              last edited by

              @maglub If your main focus is automation and later on managing only/primarily through automated processes (as you write: later overwritten by ansible...), then perhaps you're looking at the wrong product and should take a look into TNSR?

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.