| Parameter |
Choices/Defaults |
Comments |
|
config
dictionary
|
|
A dictionary of Firewall global configuration options.
|
|
config_trap
boolean
|
|
SNMP trap generation on firewall configuration changes.
|
|
group
dictionary
|
|
Defines a group of objects for referencing in firewall rules.
|
|
|
address_group
list
/ elements=dictionary
|
|
Defines a group of IP addresses for referencing in firewall rules.
|
|
|
|
afi
string
|
|
Specifies IP address type
|
|
|
|
description
string
|
|
Allows you to specify a brief description for the address group.
|
|
|
|
members
list
/ elements=dictionary
|
|
Address-group members.
IPv4 address to match.
IPv4 range to match.
|
|
|
|
|
address
string
|
|
IP address.
|
|
|
|
name
string
/ required
|
|
Name of the firewall address group.
|
|
|
network_group
list
/ elements=dictionary
|
|
Defines a group of networks for referencing in firewall rules.
|
|
|
|
afi
string
|
|
Specifies network address type
|
|
|
|
description
string
|
|
Allows you to specify a brief description for the network group.
|
|
|
|
members
list
/ elements=dictionary
|
|
Adds an IPv4 network to the specified network group.
The format is ip-address/prefix.
|
|
|
|
|
address
string
|
|
IP address.
|
|
|
|
name
string
/ required
|
|
Name of the firewall network group.
|
|
|
port_group
list
/ elements=dictionary
|
|
Defines a group of ports for referencing in firewall rules.
|
|
|
|
description
string
|
|
Allows you to specify a brief description for the port group.
|
|
|
|
members
list
/ elements=dictionary
|
|
Port-group member.
|
|
|
|
|
port
string
|
|
Defines the number.
|
|
|
|
name
string
/ required
|
|
Name of the firewall port group.
|
|
log_martians
boolean
|
|
Specifies whether or not to record packets with invalid addresses in the log.
(True) Logs packets with invalid addresses.
(False) Does not log packets with invalid addresses.
|
|
ping
dictionary
|
|
Policy for handling of all IPv4 ICMP echo requests.
|
|
|
all
boolean
|
|
Enables or disables response to all IPv4 ICMP Echo Request (ping) messages.
The system responds to IPv4 ICMP Echo Request messages.
|
|
|
broadcast
boolean
|
|
Enables or disables response to broadcast IPv4 ICMP Echo Request and Timestamp Request messages.
IPv4 ICMP Echo and Timestamp Request messages are not processed.
|
|
route_redirects
list
/ elements=dictionary
|
|
-A dictionary of Firewall icmp redirect and source route global configuration options.
|
|
|
afi
string
/ required
|
|
Specifies IP address type
|
|
|
icmp_redirects
dictionary
|
|
Specifies whether to allow sending/receiving of IPv4/v6 ICMP redirect messages.
|
|
|
|
receive
boolean
|
|
Permits or denies receiving packets ICMP redirect messages.
|
|
|
|
send
boolean
|
|
Permits or denies transmitting packets ICMP redirect messages.
|
|
|
ip_src_route
boolean
|
|
Specifies whether or not to process source route IP options.
|
|
state_policy
list
/ elements=dictionary
|
|
Specifies global firewall state-policy.
|
|
|
action
string
|
Choices:
- accept
- drop
- reject
|
Action for packets part of an established connection.
|
|
|
connection_type
string
|
Choices:
- established
- invalid
- related
|
Specifies connection type.
|
|
|
log
boolean
|
|
Enable logging of packets part of an established connection.
|
|
syn_cookies
boolean
|
|
Specifies policy for using TCP SYN cookies with IPv4.
(True) Enables TCP SYN cookies with IPv4.
(False) Disables TCP SYN cookies with IPv4.
|
|
twa_hazards_protection
boolean
|
|
RFC1337 TCP TIME-WAIT assassination hazards protection.
|
|
validation
string
|
Choices:
- strict
- loose
- disable
|
Specifies a policy for source validation by reversed path, as defined in RFC 3704.
(disable) No source validation is performed.
(loose) Enable Loose Reverse Path Forwarding as defined in RFC3704.
(strict) Enable Strict Reverse Path Forwarding as defined in RFC3704.
|
|
running_config
string
|
|
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command show configuration commands | grep 'firewall'
|
|
state
string
|
Choices:
merged ← - replaced
- deleted
- gathered
- rendered
- parsed
|
The state the configuration should be left in.
|