summaryrefslogtreecommitdiff
path: root/plugins/modules/vyos_firewall_interfaces.py
diff options
context:
space:
mode:
authorCaptTrews <capttrews@gmail.com>2020-03-02 00:11:37 +0000
committerCaptTrews <capttrews@gmail.com>2020-03-02 00:11:37 +0000
commita38aeadb72d2a6aef8510ca535060add98fccc3b (patch)
tree2cd790e3470c8cd13502e5dbff47c9b3dfb2cf8c /plugins/modules/vyos_firewall_interfaces.py
parent4313b070205766e68d30cea4f49a6bad83007bb0 (diff)
downloadvyos.vyos-a38aeadb72d2a6aef8510ca535060add98fccc3b.tar.gz
vyos.vyos-a38aeadb72d2a6aef8510ca535060add98fccc3b.zip
Updated from network content collector
Signed-off-by: CaptTrews <capttrews@gmail.com>
Diffstat (limited to 'plugins/modules/vyos_firewall_interfaces.py')
-rw-r--r--plugins/modules/vyos_firewall_interfaces.py1289
1 files changed, 1289 insertions, 0 deletions
diff --git a/plugins/modules/vyos_firewall_interfaces.py b/plugins/modules/vyos_firewall_interfaces.py
new file mode 100644
index 0000000..1c2ce98
--- /dev/null
+++ b/plugins/modules/vyos_firewall_interfaces.py
@@ -0,0 +1,1289 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Copyright 2019 Red Hat
+# GNU General Public License v3.0+
+# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+#############################################
+# WARNING #
+#############################################
+#
+# This file is auto generated by the resource
+# module builder playbook.
+#
+# Do not edit this file manually.
+#
+# Changes to this file will be over written
+# by the resource module builder.
+#
+# Changes should be made in the model used to
+# generate this file or in the resource module
+# builder template.
+#
+#############################################
+
+"""
+The module file for vyos_firewall_interfaces
+"""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "network",
+}
+
+DOCUMENTATION = """module: vyos_firewall_interfaces
+short_description: Manage firewall rules attributes of interfaces on VyOS devices
+description: Manage firewall rules of interfaces on VyOS network devices.
+author:
+- Rohit Thakur (@rohitthakur2590)
+options:
+ config:
+ description: A list of firewall rules options for interfaces.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Name/Identifier for the interface.
+ type: str
+ required: true
+ access_rules:
+ description:
+ - Specifies firewall rules attached to the interfaces.
+ type: list
+ elements: dict
+ suboptions:
+ afi:
+ description:
+ - Specifies the AFI for the Firewall rules to be configured on this interface.
+ type: str
+ choices:
+ - ipv4
+ - ipv6
+ required: true
+ rules:
+ description:
+ - Specifies the firewall rules for the provided AFI.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Specifies the name of the IPv4/IPv6 Firewall rule for the interface.
+ type: str
+ direction:
+ description:
+ - Specifies the direction of packets that the firewall rule will be
+ applied on.
+ type: str
+ choices:
+ - in
+ - local
+ - out
+ required: true
+ running_config:
+ description:
+ - The module, by default, will connect to the remote device and retrieve the current
+ running-config to use as a base for comparing against the contents of source.
+ There are times when it is not desirable to have the task get the current running-config
+ for every task in a playbook. The I(running_config) argument allows the implementer
+ to pass in the configuration to use as the base config for comparison. This
+ value of this option should be the output received from device by executing
+ command C(show configuration commands | grep 'firewall'
+ type: str
+ state:
+ description:
+ - The state the configuration should be left in.
+ type: str
+ choices:
+ - merged
+ - replaced
+ - overridden
+ - deleted
+ - parsed
+ - rendered
+ - gathered
+ default: merged
+"""
+EXAMPLES = """
+# Using merged
+#
+# Before state:
+# -------------
+#
+# vyos@192# run show configuration commands | grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+#
+- name: Merge the provided configuration with the existing running configuration
+ vyos_firewall_interfaces:
+ config:
+ - access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'in'
+ - name: 'OUTBOUND'
+ direction: 'out'
+ - name: 'LOCAL'
+ direction: 'local'
+ - afi: 'ipv6'
+ rules:
+ - name: 'V6-LOCAL'
+ direction: 'local'
+ name: 'eth1'
+ - access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'in'
+ - name: 'OUTBOUND'
+ direction: 'out'
+ - name: 'LOCAL'
+ direction: 'local'
+ - afi: 'ipv6'
+ rules:
+ - name: 'V6-LOCAL'
+ direction: 'local'
+ name: 'eth3'
+ state: merged
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# before": [
+# {
+# "name": "eth0"
+# },
+# {
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "name": "eth3"
+# }
+# ]
+#
+# "commands": [
+# "set interfaces ethernet eth1 firewall in name 'INBOUND'",
+# "set interfaces ethernet eth1 firewall out name 'OUTBOUND'",
+# "set interfaces ethernet eth1 firewall local name 'LOCAL'",
+# "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'",
+# "set interfaces ethernet eth3 firewall in name 'INBOUND'",
+# "set interfaces ethernet eth3 firewall out name 'OUTBOUND'",
+# "set interfaces ethernet eth3 firewall local name 'LOCAL'",
+# "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'"
+# ]
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+
+
+# Using merged
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Merge the provided configuration with the existing running configuration
+ vyos_firewall_interfaces:
+ config:
+ - access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'OUTBOUND'
+ direction: 'in'
+ - name: 'INBOUND'
+ direction: 'out'
+ name: 'eth1'
+ state: merged
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# "commands": [
+# "set interfaces ethernet eth1 firewall in name 'OUTBOUND'",
+# "set interfaces ethernet eth1 firewall out name 'INBOUND'"
+# ]
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "OUTBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "INBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'INBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+
+
+# Using replaced
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Replace device configurations of listed firewall interfaces with provided configurations
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth1'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'OUTBOUND'
+ direction: 'out'
+ - afi: 'ipv6'
+ rules:
+ - name: 'V6-LOCAL'
+ direction: 'local'
+ - name: 'eth3'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'in'
+ state: replaced
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# "commands": [
+# "delete interfaces ethernet eth1 firewall in name",
+# "delete interfaces ethernet eth1 firewall local name",
+# "delete interfaces ethernet eth3 firewall local name",
+# "delete interfaces ethernet eth3 firewall out name",
+# "delete interfaces ethernet eth3 firewall local ipv6-name"
+# ]
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall 'in'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall 'out'
+
+
+# Using overridden
+#
+# Before state
+# --------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall 'in'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall 'out'
+#
+- name: Overrides all device configuration with provided configuration
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth3'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'out'
+ state: overridden
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before":[
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# "commands": [
+# "delete interfaces ethernet eth1 firewall",
+# "delete interfaces ethernet eth3 firewall in name",
+# "set interfaces ethernet eth3 firewall out name 'INBOUND'"
+#
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "out",
+# "name": "INBOUND"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+#
+# After state
+# ------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall 'in'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall out name 'INBOUND'
+
+
+# Using deleted per interface name
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Delete firewall interfaces based on interface name.
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth1'
+ - name: 'eth3'
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+# "commands": [
+# "delete interfaces ethernet eth1 firewall",
+# "delete interfaces ethernet eth3 firewall"
+# ]
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "name": "eth3"
+# }
+# ]
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+
+
+# Using deleted per afi
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Delete firewall interfaces config per afi.
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth1'
+ access_rules:
+ - afi: 'ipv4'
+ - afi: 'ipv6'
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "commands": [
+# "delete interfaces ethernet eth1 firewall in name",
+# "delete interfaces ethernet eth1 firewall out name",
+# "delete interfaces ethernet eth1 firewall local name",
+# "delete interfaces ethernet eth1 firewall local ipv6-name"
+# ]
+#
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+
+
+# Using deleted without config
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Delete firewall interfaces config when empty config provided.
+ vyos_firewall_interfaces:
+ config:
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "commands": [
+# "delete interfaces ethernet eth1 firewall",
+# "delete interfaces ethernet eth1 firewall"
+# ]
+#
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+
+
+# Using parsed
+#
+#
+- name: Parse the provided configuration
+ vyos_firewall_interfaces:
+ running_config:
+ "set interfaces ethernet eth1 firewall in name 'INBOUND'
+ set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+ set interfaces ethernet eth1 firewall local name 'LOCAL'
+ set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+ set interfaces ethernet eth2 firewall in name 'INBOUND'
+ set interfaces ethernet eth2 firewall out name 'OUTBOUND'
+ set interfaces ethernet eth2 firewall local name 'LOCAL'
+ set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'"
+ state: parsed
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+#
+# "parsed": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth2"
+# },
+# {
+# "name": "eth3"
+# }
+# ]
+
+
+# Using gathered
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall 'in'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall 'out'
+#
+- name: Gather listed firewall interfaces.
+ vyos_firewall_interfaces:
+ config:
+ state: gathered
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "gathered": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall 'in'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall 'out'
+
+
+# Using rendered
+#
+#
+- name: Render the commands for provided configuration
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth2'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - direction: 'in'
+ name: 'INGRESS'
+ - direction: 'out'
+ name: 'OUTGRESS'
+ - direction: 'local'
+ name: 'DROP'
+ state: rendered
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+#
+# "rendered": [
+# "set interfaces ethernet eth2 firewall in name 'INGRESS'",
+# "set interfaces ethernet eth2 firewall out name 'OUTGRESS'",
+# "set interfaces ethernet eth2 firewall local name 'DROP'",
+# "set interfaces ethernet eth2 firewall local ipv6-name 'LOCAL'"
+# ]
+
+
+"""
+RETURN = """
+before:
+ description: The configuration prior to the model invocation.
+ returned: always
+ type: list
+ sample: >
+ The configuration returned will always be in the same format
+ of the parameters above.
+after:
+ description: The resulting configuration model invocation.
+ returned: when changed
+ type: list
+ sample: >
+ The configuration returned will always be in the same format
+ of the parameters above.
+commands:
+ description: The set of commands pushed to the remote device.
+ returned: always
+ type: list
+ sample:
+ - "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'"
+ - "set interfaces ethernet eth3 firewall in name 'INBOUND'"
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.firewall_interfaces.firewall_interfaces import (
+ Firewall_interfacesArgs,
+)
+from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_interfaces.firewall_interfaces import (
+ Firewall_interfaces,
+)
+
+
+def main():
+ """
+ Main entry point for module execution
+
+ :returns: the result form module invocation
+ """
+ required_if = [
+ ("state", "merged", ("config",)),
+ ("state", "replaced", ("config",)),
+ ("state", "overridden", ("config",)),
+ ("state", "parsed", ("running_config",)),
+ ]
+ mutually_exclusive = [("config", "running_config")]
+
+ module = AnsibleModule(
+ argument_spec=Firewall_interfacesArgs.argument_spec,
+ required_if=required_if,
+ supports_check_mode=True,
+ mutually_exclusive=mutually_exclusive,
+ )
+
+ result = Firewall_interfaces(module).execute_module()
+ module.exit_json(**result)
+
+
+if __name__ == "__main__":
+ main()
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 22:12:15 +0000