diff --git a/ansible/environments/laptop/host_vars/odofreebsd b/ansible/environments/laptop/host_vars/odofreebsd
new file mode 100644
index 0000000..52ff47f
--- /dev/null
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@@ -0,0 +1,12 @@
+os_flavor: "freebsd"
+zfs_snapshot_datasets:
+  - zroot/freebsd/release/be/default
+sshd_enabled: true
+sshd_conf: "sshd_config"
+pf_config: "odofreebsd_pf.conf"
+pflog_conf:
+  - name: 0
+    dev: pflog0
+network_rc: "odofreebsd_network.conf"
+rc_conf: "odofreebsd_rc.conf"
+loader_conf: "odofreebsd_loader.conf"
diff --git a/ansible/environments/laptop/hosts b/ansible/environments/laptop/hosts
index 7346785..604e8ec 100644
--- a/ansible/environments/laptop/hosts
+++ b/ansible/environments/laptop/hosts
@@ -1,2 +1,3 @@
 [gui]
 odolinux ansible_connection=local ansible_host=127.0.0.1
+odofreebsd ansible_connection=local ansible_host=127.0.0.1
diff --git a/ansible/roles/base/files/odofreebsd_loader.conf b/ansible/roles/base/files/odofreebsd_loader.conf
new file mode 100644
index 0000000..31483ff
--- /dev/null
+++ b/ansible/roles/base/files/odofreebsd_loader.conf
@@ -0,0 +1,6 @@
+security.bsd.allow_destructive_dtrace=0
+kern.geom.label.disk_ident.enable="0"
+kern.geom.label.gptid.enable="0"
+cryptodev_load="YES"
+zfs_load="YES"
+
diff --git a/ansible/roles/base/files/odofreebsd_rc.conf b/ansible/roles/base/files/odofreebsd_rc.conf
new file mode 100644
index 0000000..b630113
--- /dev/null
+++ b/ansible/roles/base/files/odofreebsd_rc.conf
@@ -0,0 +1,15 @@
+clear_tmp_enable="YES"
+syslogd_flags="-ss"
+sendmail_enable="NONE"
+hostname="odo"
+wlans_ath0="wlan0"
+ifconfig_wlan0="WPA DHCP"
+ifconfig_wlan0_ipv6="inet6 accept_rtadv"
+local_unbound_enable="YES"
+sshd_enable="YES"
+ntpd_enable="YES"
+powerd_enable="YES"
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+zfs_enable="YES"
+
diff --git a/ansible/roles/firewall/files/odofreebsd_pf.conf b/ansible/roles/firewall/files/odofreebsd_pf.conf
new file mode 100644
index 0000000..fa5f23c
--- /dev/null
+++ b/ansible/roles/firewall/files/odofreebsd_pf.conf
@@ -0,0 +1,33 @@
+ext_if = "{ igb0 igb1 ix0 ix1 wlan0 }"
+
+dhcp = "{ bootpc, bootps }"
+# allow = "{ }"
+
+tcp_pass_in = "{ 22 }"
+udp_pass_in = "{ 53 51820 }"
+
+# Rules must be in order: options, normalization, queueing, translation, filtering
+
+# options
+set skip on lo
+
+# redirections
+
+# filtering
+block log all
+pass out on $ext_if
+
+# We pass on the interfaces listed in allow rather than skipping on
+# them because changes to pass rules will update when running a
+# `service pf reload` but interfaces that we `skip` will not update (I
+# forget if its from adding, removing, or both. TODO: test to figure
+# it out)
+# pass quick on $allow
+
+pass on $ext_if proto icmp all
+pass on $ext_if proto icmp6 all
+
+pass in on $ext_if proto tcp to any port $tcp_pass_in
+pass in on $ext_if proto udp to any port $udp_pass_in
+
+pass quick on $ext_if proto udp from any port $dhcp to any port $dhcp
diff --git a/ansible/run.bash b/ansible/run.bash
index 61813b0..39403f3 100755
--- a/ansible/run.bash
+++ b/ansible/run.bash
@@ -20,6 +20,8 @@ if [ "$target" = "homeserver" ]; then
     ansible-playbook -v -i environments/home playbook.yaml --diff --limit homeserver "${@}"
 elif [ "$target" = "odolinux" ]; then
     ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odolinux "${@}"
+elif [ "$target" = "odofreebsd" ]; then
+    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odofreebsd "${@}"
 else
     die 1 "Unrecognized target"
 fi