allow pf to actually start on first time

by giving it an empty config
ployground · Nov 1, 2016 · a4c6bc0 · a4c6bc0
1 parent 62f38c0
commit a4c6bc0
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/bsdploy/fabfile_digitalocean.py b/bsdploy/fabfile_digitalocean.py
@@ -1,6 +1,6 @@
 # coding: utf-8
 from bsdploy.bootstrap_utils import BootstrapUtils
-from fabric.api import env, run, sudo
+from fabric.api import env, sudo
 from time import sleep
 
 # a plain, default fabfile for jailhosts on digital ocean
@@ -13,12 +13,15 @@ def bootstrap(**kwargs):
     """Digital Oceans FreeBSD droplets are pretty much already pre-bootstrapped,
     including having python2.7 and sudo etc. pre-installed.
     the only thing we need to change is to allow root to login (without a password)
+    enable pf and ensure it is running
     """
     original_host = env.host_string
     env.host_string = 'freebsd@%s' % env.instance.uid
     sudo("""sysrc pf_enable=YES""")
     sudo("""sysrc -f /boot/loader.conf pfload=YES""")
     sudo('kldload pf', warn_only=True)
+    sudo('''touch /etc/pf.conf''')
+    sudo('''chmod 644 /etc/pf.conf''')
     sudo('service pf start')
     sudo("""echo 'PermitRootLogin without-password' > /etc/ssh/sshd_config""")
     sudo("""service sshd fastreload""")