summaryrefslogtreecommitdiff
path: root/plugins/modules/vyos_firewall_rules.py
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/modules/vyos_firewall_rules.py')
-rw-r--r--plugins/modules/vyos_firewall_rules.py261
1 files changed, 129 insertions, 132 deletions
diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py
index 9c2e832..3bd6451 100644
--- a/plugins/modules/vyos_firewall_rules.py
+++ b/plugins/modules/vyos_firewall_rules.py
@@ -30,16 +30,12 @@ from __future__ import absolute_import, division, print_function
__metaclass__ = type
-ANSIBLE_METADATA = {
- "metadata_version": "1.1",
- "status": ["preview"],
- "supported_by": "network",
-}
-DOCUMENTATION = """module: vyos_firewall_rules
-short_description: Firewall rules resource module
+DOCUMENTATION = """
+module: vyos_firewall_rules
+short_description: FIREWALL rules resource module
description: This module manages firewall rule-set attributes on VyOS devices
-version_added: "1.0.0"
+version_added: 1.0.0
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
@@ -398,12 +394,12 @@ options:
type: str
running_config:
description:
- - This option is used only with state I(parsed).
- - The value of this option should be the output received from the VyOS device by executing
- the command B(show configuration commands | grep firewall).
- - The state I(parsed) reads the configuration from C(running_config) option and transforms
- it into Ansible structured data as per the resource module's argspec and the value is then
- returned in the I(parsed) key within the result.
+ - This option is used only with state I(parsed).
+ - The value of this option should be the output received from the VyOS device
+ by executing the command B(show configuration commands | grep firewall).
+ - The state I(parsed) reads the configuration from C(running_config) option and
+ transforms it into Ansible structured data as per the resource module's argspec
+ and the value is then returned in the I(parsed) key within the result.
type: str
state:
description:
@@ -418,6 +414,7 @@ options:
- rendered
- parsed
default: merged
+
"""
EXAMPLES = """
# Using deleted to delete firewall rules based on rule-set name
@@ -439,9 +436,9 @@ EXAMPLES = """
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv4
- rule_sets:
- - name: 'Downlink'
+ - afi: ipv4
+ rule_sets:
+ - name: Downlink
state: deleted
#
#
@@ -516,7 +513,7 @@ EXAMPLES = """
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv4
+ - afi: ipv4
state: deleted
#
#
@@ -668,48 +665,48 @@ EXAMPLES = """
- name: Merge the provided configuration with the exisiting running configuration
vyos.vyos.vyos_firewall_rules:
config:
- - afi: 'ipv6'
- rule_sets:
- - name: 'UPLINK'
- description: 'This is ipv6 specific rule-set'
- default_action: 'accept'
- rules:
- - number: 1
- action: 'accept'
- description: 'Fwipv6-Rule 1 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 2
- action: 'accept'
- description: 'Fwipv6-Rule 2 is configured by Ansible'
- ipsec: 'match-ipsec'
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ rules:
+ - number: 1
+ action: accept
+ description: Fwipv6-Rule 1 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 2
+ action: accept
+ description: Fwipv6-Rule 2 is configured by Ansible
+ ipsec: match-ipsec
- - afi: 'ipv4'
- rule_sets:
- - name: 'INBOUND'
- description: 'IPv4 INBOUND rule set'
- default_action: 'accept'
- rules:
- - number: 101
- action: 'accept'
- description: 'Rule 101 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 102
- action: 'reject'
- description: 'Rule 102 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 103
- action: 'accept'
- description: 'Rule 103 is configured by Ansible'
- destination:
- group:
- address_group: 'inbound'
- source:
- address: '192.0.2.0'
- state:
- established: true
- new: false
- invalid: false
- related: true
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: accept
+ description: Rule 101 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 102
+ action: reject
+ description: Rule 102 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state:
+ established: true
+ new: false
+ invalid: false
+ related: true
state: merged
#
#
@@ -887,25 +884,25 @@ EXAMPLES = """
- name: Replace device configurations of listed firewall rules with provided configurations
vyos.vyos.vyos_firewall_rules:
config:
- - afi: 'ipv6'
- rule_sets:
- - name: 'UPLINK'
- description: 'This is ipv6 specific rule-set'
- default_action: 'accept'
- - afi: 'ipv4'
- rule_sets:
- - name: 'INBOUND'
- description: 'IPv4 INBOUND rule set'
- default_action: 'accept'
- rules:
- - number: 101
- action: 'accept'
- description: 'Rule 101 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 104
- action: 'reject'
- description: 'Rule 104 is configured by Ansible'
- ipsec: 'match-none'
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: accept
+ description: Rule 101 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 104
+ action: reject
+ description: Rule 104 is configured by Ansible
+ ipsec: match-none
state: replaced
#
#
@@ -1069,20 +1066,20 @@ EXAMPLES = """
- name: Overrides all device configuration with provided configuration
vyos.vyos.vyos_firewall_rules:
config:
- - afi: 'ipv4'
- rule_sets:
- - name: 'Downlink'
- description: 'IPv4 INBOUND rule set'
- default_action: 'accept'
- rules:
- - number: 501
- action: 'accept'
- description: 'Rule 501 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 502
- action: 'reject'
- description: 'Rule 502 is configured by Ansible'
- ipsec: 'match-ipsec'
+ - afi: ipv4
+ rule_sets:
+ - name: Downlink
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 501
+ action: accept
+ description: Rule 501 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 502
+ action: reject
+ description: Rule 502 is configured by Ansible
+ ipsec: match-ipsec
state: overridden
#
#
@@ -1335,38 +1332,38 @@ EXAMPLES = """
- name: Render the commands for provided configuration
vyos.vyos.vyos_firewall_rules:
config:
- - afi: 'ipv6'
- rule_sets:
- - name: 'UPLINK'
- description: 'This is ipv6 specific rule-set'
- default_action: 'accept'
- - afi: 'ipv4'
- rule_sets:
- - name: 'INBOUND'
- description: 'IPv4 INBOUND rule set'
- default_action: 'accept'
- rules:
- - number: 101
- action: 'accept'
- description: 'Rule 101 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 102
- action: 'reject'
- description: 'Rule 102 is configured by Ansible'
- ipsec: 'match-ipsec'
- - number: 103
- action: 'accept'
- description: 'Rule 103 is configured by Ansible'
- destination:
- group:
- address_group: 'inbound'
- source:
- address: '192.0.2.0'
- state:
- established: true
- new: false
- invalid: false
- related: true
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: accept
+ description: Rule 101 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 102
+ action: reject
+ description: Rule 102 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state:
+ established: true
+ new: false
+ invalid: false
+ related: true
state: rendered
#
#
@@ -1407,14 +1404,14 @@ EXAMPLES = """
vyos.vyos.vyos_firewall_rules:
running_config:
"set firewall group address-group 'inbound'
- set firewall name Downlink default-action 'accept'
- set firewall name Downlink description 'IPv4 INBOUND rule set'
- set firewall name Downlink rule 501 action 'accept'
- set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
- set firewall name Downlink rule 501 ipsec 'match-ipsec'
- set firewall name Downlink rule 502 action 'reject'
- set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
- set firewall name Downlink rule 502 ipsec 'match-ipsec'"
+ set firewall name Downlink default-action 'accept'
+ set firewall name Downlink description 'IPv4 INBOUND rule set'
+ set firewall name Downlink rule 501 action 'accept'
+ set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+ set firewall name Downlink rule 501 ipsec 'match-ipsec'
+ set firewall name Downlink rule 502 action 'reject'
+ set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+ set firewall name Downlink rule 502 ipsec 'match-ipsec'"
state: parsed
#
#
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 03:52:56 +0000