diff options
| author | Rohit Thakur <rohitthakur2590@outlook.com> | 2020-04-28 20:06:16 +0530 |
|---|---|---|
| committer | Rohit Thakur <rohitthakur2590@outlook.com> | 2020-04-28 20:06:16 +0530 |
| commit | bf9a91b4859e07c40b0a6aeb64b8ef6096af41b1 (patch) | |
| tree | 69fdf2ce5a15e1505290e850e41341cdead88895 /plugins/modules/vyos_firewall_rules.py | |
| parent | 3f112a81a78f499d105632b4634d7feec0401161 (diff) | |
| download | vyos.vyos-bf9a91b4859e07c40b0a6aeb64b8ef6096af41b1.tar.gz vyos.vyos-bf9a91b4859e07c40b0a6aeb64b8ef6096af41b1.zip | |
firewall_rules delete enhanced
Signed-off-by: Rohit Thakur <rohitthakur2590@outlook.com>
Diffstat (limited to 'plugins/modules/vyos_firewall_rules.py')
| -rw-r--r-- | plugins/modules/vyos_firewall_rules.py | 130 |
1 files changed, 41 insertions, 89 deletions
diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py index a9e676b6..687eb03c 100644 --- a/plugins/modules/vyos_firewall_rules.py +++ b/plugins/modules/vyos_firewall_rules.py @@ -37,7 +37,7 @@ ANSIBLE_METADATA = { } DOCUMENTATION = """module: vyos_firewall_rules -short_description: Manage firewall rule-set attributes on VyOS devices +short_description: This configures and manages attributes of firewall_rules resorce module description: This module manages firewall rule-set attributes on VyOS devices notes: - Tested against VyOS 1.1.8 (helium). @@ -486,12 +486,22 @@ EXAMPLES = """ # set firewall group address-group 'inbound' -# Using deleted to delete all the the firewall rules when provided config is empty +# Using deleted to delete firewall rules based on afi # # Before state # ------------- # # vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name UPLINK default-action 'accept' +# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6-name UPLINK rule 1 action 'accept' +# set firewall ipv6-name UPLINK rule 1 +# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6-name UPLINK rule 2 action 'accept' +# set firewall ipv6-name UPLINK rule 2 +# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' # set firewall group address-group 'inbound' # set firewall name Downlink default-action 'accept' # set firewall name Downlink description 'IPv4 INBOUND rule set' @@ -501,10 +511,12 @@ EXAMPLES = """ # set firewall name Downlink rule 502 action 'reject' # set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' # set firewall name Downlink rule 502 ipsec 'match-ipsec' + # - name: Delete attributes of given firewall rules. vyos_firewall_rules: config: + - afi: ipv4 state: deleted # # @@ -514,69 +526,29 @@ EXAMPLES = """ # # "before": [ # { -# "afi": "ipv4", +# "afi": "ipv6", # "rule_sets": [ # { # "default_action": "accept", -# "description": "IPv4 INBOUND rule set", -# "name": "Downlink", +# "description": "This is ipv6 specific rule-set", +# "name": "UPLINK", # "rules": [ # { # "action": "accept", -# "description": "Rule 501 is configured by Ansible", +# "description": "Fwipv6-Rule 1 is configured by Ansible", # "ipsec": "match-ipsec", -# "number": 501 +# "number": 1 # }, # { -# "action": "reject", -# "description": "Rule 502 is configured by Ansible", +# "action": "accept", +# "description": "Fwipv6-Rule 2 is configured by Ansible", # "ipsec": "match-ipsec", -# "number": 502 +# "number": 2 # } # ] -# } +# } # ] -# } -# ] -# "commands": [ -# "delete firewall name" -# ] -# -# "after": [] -# After state -# ------------ -# vyos@vyos# run show configuration commands | grep firewall -# set firewall group address-group 'inbound' - - -# Using deleted to delete the the firewall rules based on afi -# -# Before state -# ------------- -# -# vyos@vyos:~$ show configuration commands| grep firewall -# set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 501 action 'accept' -# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' -# set firewall name Downlink rule 501 ipsec 'match-ipsec' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' -# -- name: Delete attributes of given firewall rules. - vyos_firewall_rules: - config: - - afi: ipv4 - state: deleted -# -# -# ------------------------ -# Module Execution Results -# ------------------------ -# -# "before": [ +# }, # { # "afi": "ipv4", # "rule_sets": [ @@ -603,18 +575,26 @@ EXAMPLES = """ # } # ] # "commands": [ -# "delete firewall name", +# "delete firewall name" # ] # # "after": [] # After state # ------------ -# vyos@vyos# run show configuration commands | grep firewall -# set firewall group address-group 'inbound' - +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name UPLINK default-action 'accept' +# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' +# set firewall ipv6-name UPLINK rule 1 action 'accept' +# set firewall ipv6-name UPLINK rule 1 +# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' +# set firewall ipv6-name UPLINK rule 2 action 'accept' +# set firewall ipv6-name UPLINK rule 2 +# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -# Using deleted to delete the the firewall rules based on rule number/id +# Using deleted to delete all the the firewall rules when provided config is empty # # Before state # ------------- @@ -633,11 +613,6 @@ EXAMPLES = """ - name: Delete attributes of given firewall rules. vyos_firewall_rules: config: - - afi: ipv4 - rule_sets: - - name: 'Downlink' - rules: - - number: 501 state: deleted # # @@ -672,38 +647,14 @@ EXAMPLES = """ # } # ] # "commands": [ -# "delete firewall ipv6-name Downlink rule 501" +# "delete firewall name" # ] # -# "after": [ -# { -# "afi": "ipv4", -# "rule_sets": [ -# { -# "default_action": "accept", -# "description": "IPv4 INBOUND rule set", -# "name": "Downlink", -# "rules": [ -# { -# "action": "reject", -# "description": "Rule 502 is configured by Ansible", -# "ipsec": "match-ipsec", -# "number": 502 -# } -# ] -# } -# ] -# } -# ] +# "after": [] # After state # ------------ -# vyos@vyos:~$ show configuration commands| grep firewall +# vyos@vyos# run show configuration commands | grep firewall # set firewall group address-group 'inbound' -# set firewall name Downlink default-action 'accept' -# set firewall name Downlink description 'IPv4 INBOUND rule set' -# set firewall name Downlink rule 502 action 'reject' -# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' -# set firewall name Downlink rule 502 ipsec 'match-ipsec' # Using merged @@ -1546,6 +1497,7 @@ def main(): required_if = [ ("state", "merged", ("config",)), ("state", "replaced", ("config",)), + ("state", "rendered", ("config",)), ("state", "overridden", ("config",)), ("state", "parsed", ("running_config",)), ] |