summaryrefslogtreecommitdiff
path: root/plugins/modules/vyos_firewall_rules.py
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/modules/vyos_firewall_rules.py')
-rw-r--r--plugins/modules/vyos_firewall_rules.py235
1 files changed, 117 insertions, 118 deletions
diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py
index c219f54a..06a300f5 100644
--- a/plugins/modules/vyos_firewall_rules.py
+++ b/plugins/modules/vyos_firewall_rules.py
@@ -28,6 +28,7 @@ The module file for vyos_firewall_rules
from __future__ import absolute_import, division, print_function
+
__metaclass__ = type
@@ -440,13 +441,13 @@ EXAMPLES = """
# set firewall name Downlink rule 502 action 'reject'
# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
# set firewall name Downlink rule 502 ipsec 'match-ipsec'
-#
+
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv4
- rule_sets:
- - name: Downlink
+ - afi: ipv4
+ rule_sets:
+ - name: Downlink
state: deleted
#
#
@@ -517,11 +518,10 @@ EXAMPLES = """
# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
# set firewall name Downlink rule 502 ipsec 'match-ipsec'
-#
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv4
+ - afi: ipv4
state: deleted
#
#
@@ -617,7 +617,6 @@ EXAMPLES = """
#
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
- config:
state: deleted
#
#
@@ -673,48 +672,47 @@ EXAMPLES = """
- name: Merge the provided configuration with the existing running configuration
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv6
- rule_sets:
- - name: UPLINK
- description: This is ipv6 specific rule-set
- default_action: accept
- rules:
- - number: 1
- action: accept
- description: Fwipv6-Rule 1 is configured by Ansible
- ipsec: match-ipsec
- - number: 2
- action: accept
- description: Fwipv6-Rule 2 is configured by Ansible
- ipsec: match-ipsec
-
- - afi: ipv4
- rule_sets:
- - name: INBOUND
- description: IPv4 INBOUND rule set
- default_action: accept
- rules:
- - number: 101
- action: accept
- description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
- - number: 102
- action: reject
- description: Rule 102 is configured by Ansible
- ipsec: match-ipsec
- - number: 103
- action: accept
- description: Rule 103 is configured by Ansible
- destination:
- group:
- address_group: inbound
- source:
- address: 192.0.2.0
- state:
- established: true
- new: false
- invalid: false
- related: true
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ rules:
+ - number: 1
+ action: accept
+ description: Fwipv6-Rule 1 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 2
+ action: accept
+ description: Fwipv6-Rule 2 is configured by Ansible
+ ipsec: match-ipsec
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: accept
+ description: Rule 101 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 102
+ action: reject
+ description: Rule 102 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state:
+ established: true
+ new: false
+ invalid: false
+ related: true
state: merged
#
#
@@ -889,28 +887,30 @@ EXAMPLES = """
# set firewall name INBOUND rule 103 state new 'disable'
# set firewall name INBOUND rule 103 state related 'enable'
#
-- name: Replace device configurations of listed firewall rules with provided configurations
+- name: >-
+ Replace device configurations of listed firewall rules with provided
+ configurations
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv6
- rule_sets:
- - name: UPLINK
- description: This is ipv6 specific rule-set
- default_action: accept
- - afi: ipv4
- rule_sets:
- - name: INBOUND
- description: IPv4 INBOUND rule set
- default_action: accept
- rules:
- - number: 101
- action: accept
- description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
- - number: 104
- action: reject
- description: Rule 104 is configured by Ansible
- ipsec: match-none
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: accept
+ description: Rule 101 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 104
+ action: reject
+ description: Rule 104 is configured by Ansible
+ ipsec: match-none
state: replaced
#
#
@@ -1074,21 +1074,22 @@ EXAMPLES = """
- name: Overrides all device configuration with provided configuration
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv4
- rule_sets:
- - name: Downlink
- description: IPv4 INBOUND rule set
- default_action: accept
- rules:
- - number: 501
- action: accept
- description: Rule 501 is configured by Ansible
- ipsec: match-ipsec
- - number: 502
- action: reject
- description: Rule 502 is configured by Ansible
- ipsec: match-ipsec
+ - afi: ipv4
+ rule_sets:
+ - name: Downlink
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 501
+ action: accept
+ description: Rule 501 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 502
+ action: reject
+ description: Rule 502 is configured by Ansible
+ ipsec: match-ipsec
state: overridden
+
#
#
# -------------------------
@@ -1224,7 +1225,6 @@ EXAMPLES = """
#
- name: Gather listed firewall rules with provided configurations
vyos.vyos.vyos_firewall_rules:
- config:
state: gathered
#
#
@@ -1340,39 +1340,40 @@ EXAMPLES = """
- name: Render the commands for provided configuration
vyos.vyos.vyos_firewall_rules:
config:
- - afi: ipv6
- rule_sets:
- - name: UPLINK
- description: This is ipv6 specific rule-set
- default_action: accept
- - afi: ipv4
- rule_sets:
- - name: INBOUND
- description: IPv4 INBOUND rule set
- default_action: accept
- rules:
- - number: 101
- action: accept
- description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
- - number: 102
- action: reject
- description: Rule 102 is configured by Ansible
- ipsec: match-ipsec
- - number: 103
- action: accept
- description: Rule 103 is configured by Ansible
- destination:
- group:
- address_group: inbound
- source:
- address: 192.0.2.0
- state:
- established: true
- new: false
- invalid: false
- related: true
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: accept
+ description: Rule 101 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 102
+ action: reject
+ description: Rule 102 is configured by Ansible
+ ipsec: match-ipsec
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state:
+ established: true
+ new: false
+ invalid: false
+ related: true
state: rendered
+
#
#
# -------------------------
@@ -1454,8 +1455,6 @@ EXAMPLES = """
# ]
# }
# ]
-
-
"""
RETURN = """
before:
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-25 06:43:15 +0000