summaryrefslogtreecommitdiff
path: root/plugins/modules/vyos_firewall_rules.py
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/modules/vyos_firewall_rules.py')
-rw-r--r--plugins/modules/vyos_firewall_rules.py509
1 files changed, 249 insertions, 260 deletions
diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py
index 850299ff..a7e58e23 100644
--- a/plugins/modules/vyos_firewall_rules.py
+++ b/plugins/modules/vyos_firewall_rules.py
@@ -47,7 +47,8 @@ author:
- Rohit Thakur (@rohitthakur2590)
- Gaige B. Paulsen (@gaige)
notes:
-- Tested against VyOS 1.3.8.
+- Tested against VyOS 1.3.8, 1.4.2, the upcoming 1.5, and the rolling release of spring 2025.
+- The provided examples of commands are valid for VyOS 1.4+
- This module works with connection C(ansible.netcommon.network_cli).
See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
@@ -570,14 +571,14 @@ EXAMPLES = """
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
-# set firewall name Downlink default-action 'accept'
-# set firewall name Downlink description 'IPv4 INBOUND rule set'
-# set firewall name Downlink rule 501 action 'accept'
-# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
-# set firewall name Downlink rule 501 ipsec 'match-ipsec'
-# set firewall name Downlink rule 502 action 'reject'
-# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
-# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+# set firewall ipv4 name Downlink default-action 'accept'
+# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name Downlink rule 501 action 'accept'
+# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec'
+# set firewall ipv4 name Downlink rule 502 action 'reject'
+# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
@@ -619,7 +620,7 @@ EXAMPLES = """
# }
# ]
# "commands": [
-# "delete firewall name Downlink"
+# "delete firewall ipv4 name Downlink"
# ]
#
# "after": []
@@ -635,25 +636,25 @@ EXAMPLES = """
# -------------
#
# vyos@vyos:~$ show configuration commands| grep firewall
-# set firewall ipv6-name UPLINK default-action 'accept'
-# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
-# set firewall ipv6-name UPLINK rule 1 action 'accept'
-# set firewall ipv6-name UPLINK rule 1
-# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
-# set firewall ipv6-name UPLINK rule 2 action 'accept'
-# set firewall ipv6-name UPLINK rule 2
-# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall ipv6 name UPLINK default-action 'accept'
+# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6 name UPLINK rule 1 action 'accept'
+# set firewall ipv6 name UPLINK rule 1
+# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6 name UPLINK rule 2 action 'accept'
+# set firewall ipv6 name UPLINK rule 2
+# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'
# set firewall group address-group 'inbound'
-# set firewall name Downlink default-action 'accept'
-# set firewall name Downlink description 'IPv4 INBOUND rule set'
-# set firewall name Downlink rule 501 action 'accept'
-# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
-# set firewall name Downlink rule 501 ipsec 'match-ipsec'
-# set firewall name Downlink rule 502 action 'reject'
-# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
-# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+# set firewall ipv4 name Downlink default-action 'accept'
+# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name Downlink rule 501 action 'accept'
+# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec'
+# set firewall ipv4 name Downlink rule 502 action 'reject'
+# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
@@ -717,23 +718,23 @@ EXAMPLES = """
# }
# ]
# "commands": [
-# "delete firewall name"
+# "delete firewall ipv4 name"
# ]
#
# "after": []
# After state
# ------------
# vyos@vyos:~$ show configuration commands| grep firewall
-# set firewall ipv6-name UPLINK default-action 'accept'
-# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
-# set firewall ipv6-name UPLINK rule 1 action 'accept'
-# set firewall ipv6-name UPLINK rule 1
-# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
-# set firewall ipv6-name UPLINK rule 2 action 'accept'
-# set firewall ipv6-name UPLINK rule 2
-# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall ipv6 name UPLINK default-action 'accept'
+# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6 name UPLINK rule 1 action 'accept'
+# set firewall ipv6 name UPLINK rule 1
+# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6 name UPLINK rule 2 action 'accept'
+# set firewall ipv6 name UPLINK rule 2
+# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'
# Using deleted to delete all the the firewall rules when provided config is empty
@@ -743,14 +744,14 @@ EXAMPLES = """
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
-# set firewall name Downlink default-action 'accept'
-# set firewall name Downlink description 'IPv4 INBOUND rule set'
-# set firewall name Downlink rule 501 action 'accept'
-# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
-# set firewall name Downlink rule 501 ipsec 'match-ipsec'
-# set firewall name Downlink rule 502 action 'reject'
-# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
-# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+# set firewall ipv4 name Downlink default-action 'accept'
+# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name Downlink rule 501 action 'accept'
+# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec'
+# set firewall ipv4 name Downlink rule 502 action 'reject'
+# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'
#
- name: Delete attributes of given firewall rules.
vyos.vyos.vyos_firewall_rules:
@@ -788,7 +789,7 @@ EXAMPLES = """
# }
# ]
# "commands": [
-# "delete firewall name"
+# "delete firewall ipv4 name"
# ]
#
# "after": []
@@ -860,35 +861,33 @@ EXAMPLES = """
# before": []
#
# "commands": [
-# "set firewall ipv6-name UPLINK default-action 'accept'",
-# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'",
-# "set firewall ipv6-name UPLINK rule 1 action 'accept'",
-# "set firewall ipv6-name UPLINK rule 1",
-# "set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'",
-# "set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'",
-# "set firewall ipv6-name UPLINK rule 2 action 'accept'",
-# "set firewall ipv6-name UPLINK rule 2",
-# "set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'",
-# "set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'",
-# "set firewall name INBOUND default-action 'accept'",
-# "set firewall name INBOUND description 'IPv4 INBOUND rule set'",
-# "set firewall name INBOUND rule 101 action 'accept'",
-# "set firewall name INBOUND rule 101",
-# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
-# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'",
-# "set firewall name INBOUND rule 102 action 'reject'",
-# "set firewall name INBOUND rule 102",
-# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'",
-# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'",
-# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'",
-# "set firewall name INBOUND rule 103 destination group address-group inbound",
-# "set firewall name INBOUND rule 103",
-# "set firewall name INBOUND rule 103 source address 192.0.2.0",
-# "set firewall name INBOUND rule 103 state established enable",
-# "set firewall name INBOUND rule 103 state related enable",
-# "set firewall name INBOUND rule 103 state invalid disable",
-# "set firewall name INBOUND rule 103 state new disable",
-# "set firewall name INBOUND rule 103 action 'accept'"
+# "set firewall ipv6 name UPLINK default-action 'accept'",
+# "set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'",
+# "set firewall ipv6 name UPLINK rule 1 action 'accept'",
+# "set firewall ipv6 name UPLINK rule 1",
+# "set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'",
+# "set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'",
+# "set firewall ipv6 name UPLINK rule 2 action 'accept'",
+# "set firewall ipv6 name UPLINK rule 2",
+# "set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'",
+# "set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'",
+# "set firewall ipv4 name INBOUND default-action 'accept'",
+# "set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'",
+# "set firewall ipv4 name INBOUND rule 101 action 'accept'",
+# "set firewall ipv4 name INBOUND rule 101",
+# "set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
+# "set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'",
+# "set firewall ipv4 name INBOUND rule 102 action 'reject'",
+# "set firewall ipv4 name INBOUND rule 102",
+# "set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'",
+# "set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'",
+# "set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'",
+# "set firewall ipv4 name INBOUND rule 103 destination group address-group inbound",
+# "set firewall ipv4 name INBOUND rule 103",
+# "set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0",
+# "set firewall ipv4 name INBOUND rule 103 state established",
+# "set firewall ipv4 name INBOUND rule 103 state related",
+# "set firewall ipv4 name INBOUND rule 103 action 'accept'"
# ]
#
# "after": [
@@ -966,30 +965,28 @@ EXAMPLES = """
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
-# set firewall ipv6-name UPLINK default-action 'accept'
-# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
-# set firewall ipv6-name UPLINK rule 1 action 'accept'
-# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
-# set firewall ipv6-name UPLINK rule 2 action 'accept'
-# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
-# set firewall name INBOUND default-action 'accept'
-# set firewall name INBOUND description 'IPv4 INBOUND rule set'
-# set firewall name INBOUND rule 101 action 'accept'
-# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
-# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 102 action 'reject'
-# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
-# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 103 action 'accept'
-# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
-# set firewall name INBOUND rule 103 destination group address-group 'inbound'
-# set firewall name INBOUND rule 103 source address '192.0.2.0'
-# set firewall name INBOUND rule 103 state established 'enable'
-# set firewall name INBOUND rule 103 state invalid 'disable'
-# set firewall name INBOUND rule 103 state new 'disable'
-# set firewall name INBOUND rule 103 state related 'enable'
+# set firewall ipv6 name UPLINK default-action 'accept'
+# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6 name UPLINK rule 1 action 'accept'
+# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6 name UPLINK rule 2 action 'accept'
+# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND default-action 'accept'
+# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name INBOUND rule 101 action 'accept'
+# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 102 action 'reject'
+# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 103 action 'accept'
+# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound'
+# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0'
+# set firewall ipv4 name INBOUND rule 103 state established
+# set firewall ipv4 name INBOUND rule 103 state related
# Using replaced
@@ -999,30 +996,28 @@ EXAMPLES = """
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
-# set firewall ipv6-name UPLINK default-action 'accept'
-# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
-# set firewall ipv6-name UPLINK rule 1 action 'accept'
-# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
-# set firewall ipv6-name UPLINK rule 2 action 'accept'
-# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
-# set firewall name INBOUND default-action 'accept'
-# set firewall name INBOUND description 'IPv4 INBOUND rule set'
-# set firewall name INBOUND rule 101 action 'accept'
-# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
-# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 102 action 'reject'
-# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
-# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 103 action 'accept'
-# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
-# set firewall name INBOUND rule 103 destination group address-group 'inbound'
-# set firewall name INBOUND rule 103 source address '192.0.2.0'
-# set firewall name INBOUND rule 103 state established 'enable'
-# set firewall name INBOUND rule 103 state invalid 'disable'
-# set firewall name INBOUND rule 103 state new 'disable'
-# set firewall name INBOUND rule 103 state related 'enable'
+# set firewall ipv6 name UPLINK default-action 'accept'
+# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6 name UPLINK rule 1 action 'accept'
+# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6 name UPLINK rule 2 action 'accept'
+# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND default-action 'accept'
+# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name INBOUND rule 101 action 'accept'
+# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 102 action 'reject'
+# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 103 action 'accept'
+# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound'
+# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0'
+# set firewall ipv4 name INBOUND rule 103 state established
+# set firewall ipv4 name INBOUND rule 103 state related
#
- name: >-
Replace device configurations of listed firewall rules with provided
@@ -1126,14 +1121,14 @@ EXAMPLES = """
# ]
#
# "commands": [
-# "delete firewall ipv6-name UPLINK rule 1",
-# "delete firewall ipv6-name UPLINK rule 2",
-# "delete firewall name INBOUND rule 102",
-# "delete firewall name INBOUND rule 103",
-# "set firewall name INBOUND rule 104 action 'reject'",
-# "set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'",
-# "set firewall name INBOUND rule 104",
-# "set firewall name INBOUND rule 104 ipsec 'match-none'"
+# "delete firewall ipv6 name UPLINK rule 1",
+# "delete firewall ipv6 name UPLINK rule 2",
+# "delete firewall ipv4 name INBOUND rule 102",
+# "delete firewall ipv4 name INBOUND rule 103",
+# "set firewall ipv4 name INBOUND rule 104 action 'reject'",
+# "set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible'",
+# "set firewall ipv4 name INBOUND rule 104",
+# "set firewall ipv4 name INBOUND rule 104 ipsec 'match-none'"
# ]
#
# "after": [
@@ -1178,16 +1173,16 @@ EXAMPLES = """
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
-# set firewall ipv6-name UPLINK default-action 'accept'
-# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
-# set firewall name INBOUND default-action 'accept'
-# set firewall name INBOUND description 'IPv4 INBOUND rule set'
-# set firewall name INBOUND rule 101 action 'accept'
-# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
-# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 104 action 'reject'
-# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
-# set firewall name INBOUND rule 104 ipsec 'match-none'
+# set firewall ipv6 name UPLINK default-action 'accept'
+# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv4 name INBOUND default-action 'accept'
+# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name INBOUND rule 101 action 'accept'
+# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 104 action 'reject'
+# set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 104 ipsec 'match-none'
# Using overridden
@@ -1197,16 +1192,16 @@ EXAMPLES = """
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
-# set firewall ipv6-name UPLINK default-action 'accept'
-# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
-# set firewall name INBOUND default-action 'accept'
-# set firewall name INBOUND description 'IPv4 INBOUND rule set'
-# set firewall name INBOUND rule 101 action 'accept'
-# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
-# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 104 action 'reject'
-# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
-# set firewall name INBOUND rule 104 ipsec 'match-none'
+# set firewall ipv6 name UPLINK default-action 'accept'
+# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv4 name INBOUND default-action 'accept'
+# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name INBOUND rule 101 action 'accept'
+# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 104 action 'reject'
+# set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 104 ipsec 'match-none'
#
- name: Overrides all device configuration with provided configuration
vyos.vyos.vyos_firewall_rules:
@@ -1270,18 +1265,18 @@ EXAMPLES = """
# ]
#
# "commands": [
-# "delete firewall ipv6-name UPLINK",
-# "delete firewall name INBOUND",
-# "set firewall name Downlink default-action 'accept'",
-# "set firewall name Downlink description 'IPv4 INBOUND rule set'",
-# "set firewall name Downlink rule 501 action 'accept'",
-# "set firewall name Downlink rule 501",
-# "set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'",
-# "set firewall name Downlink rule 501 ipsec 'match-ipsec'",
-# "set firewall name Downlink rule 502 action 'reject'",
-# "set firewall name Downlink rule 502",
-# "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'",
-# "set firewall name Downlink rule 502 ipsec 'match-ipsec'"
+# "delete firewall ipv6 name UPLINK",
+# "delete firewall ipv4 name INBOUND",
+# "set firewall ipv4 name Downlink default-action 'accept'",
+# "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'",
+# "set firewall ipv4 name Downlink rule 501 action 'accept'",
+# "set firewall ipv4 name Downlink rule 501",
+# "set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'",
+# "set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec'",
+# "set firewall ipv4 name Downlink rule 502 action 'reject'",
+# "set firewall ipv4 name Downlink rule 502",
+# "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'",
+# "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'"
#
#
# "after": [
@@ -1317,14 +1312,14 @@ EXAMPLES = """
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
-# set firewall name Downlink default-action 'accept'
-# set firewall name Downlink description 'IPv4 INBOUND rule set'
-# set firewall name Downlink rule 501 action 'accept'
-# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
-# set firewall name Downlink rule 501 ipsec 'match-ipsec'
-# set firewall name Downlink rule 502 action 'reject'
-# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
-# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+# set firewall ipv4 name Downlink default-action 'accept'
+# set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name Downlink rule 501 action 'accept'
+# set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+# set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec'
+# set firewall ipv4 name Downlink rule 502 action 'reject'
+# set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'
# Using gathered
@@ -1334,30 +1329,28 @@ EXAMPLES = """
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
-# set firewall ipv6-name UPLINK default-action 'accept'
-# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
-# set firewall ipv6-name UPLINK rule 1 action 'accept'
-# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
-# set firewall ipv6-name UPLINK rule 2 action 'accept'
-# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
-# set firewall name INBOUND default-action 'accept'
-# set firewall name INBOUND description 'IPv4 INBOUND rule set'
-# set firewall name INBOUND rule 101 action 'accept'
-# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
-# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 102 action 'reject'
-# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
-# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 103 action 'accept'
-# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
-# set firewall name INBOUND rule 103 destination group address-group 'inbound'
-# set firewall name INBOUND rule 103 source address '192.0.2.0'
-# set firewall name INBOUND rule 103 state established 'enable'
-# set firewall name INBOUND rule 103 state invalid 'disable'
-# set firewall name INBOUND rule 103 state new 'disable'
-# set firewall name INBOUND rule 103 state related 'enable'
+# set firewall ipv6 name UPLINK default-action 'accept'
+# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6 name UPLINK rule 1 action 'accept'
+# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6 name UPLINK rule 2 action 'accept'
+# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND default-action 'accept'
+# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name INBOUND rule 101 action 'accept'
+# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 102 action 'reject'
+# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 103 action 'accept'
+# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound'
+# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0'
+# set firewall ipv4 name INBOUND rule 103 state established
+# set firewall ipv4 name INBOUND rule 103 state related
#
- name: Gather listed firewall rules with provided configurations
vyos.vyos.vyos_firewall_rules:
@@ -1445,30 +1438,28 @@ EXAMPLES = """
#
# vyos@vyos:~$ show configuration commands| grep firewall
# set firewall group address-group 'inbound'
-# set firewall ipv6-name UPLINK default-action 'accept'
-# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
-# set firewall ipv6-name UPLINK rule 1 action 'accept'
-# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
-# set firewall ipv6-name UPLINK rule 2 action 'accept'
-# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
-# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
-# set firewall name INBOUND default-action 'accept'
-# set firewall name INBOUND description 'IPv4 INBOUND rule set'
-# set firewall name INBOUND rule 101 action 'accept'
-# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
-# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 102 action 'reject'
-# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
-# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
-# set firewall name INBOUND rule 103 action 'accept'
-# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
-# set firewall name INBOUND rule 103 destination group address-group 'inbound'
-# set firewall name INBOUND rule 103 source address '192.0.2.0'
-# set firewall name INBOUND rule 103 state established 'enable'
-# set firewall name INBOUND rule 103 state invalid 'disable'
-# set firewall name INBOUND rule 103 state new 'disable'
-# set firewall name INBOUND rule 103 state related 'enable'
+# set firewall ipv6 name UPLINK default-action 'accept'
+# set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6 name UPLINK rule 1 action 'accept'
+# set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6 name UPLINK rule 2 action 'accept'
+# set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6 name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND default-action 'accept'
+# set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall ipv4 name INBOUND rule 101 action 'accept'
+# set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 102 action 'reject'
+# set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'
+# set firewall ipv4 name INBOUND rule 103 action 'accept'
+# set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+# set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound'
+# set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0'
+# set firewall ipv4 name INBOUND rule 103 state established
+# set firewall ipv4 name INBOUND rule 103 state related
# Using rendered
@@ -1518,27 +1509,25 @@ EXAMPLES = """
#
#
# "rendered": [
-# "set firewall ipv6-name UPLINK default-action 'accept'",
-# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'",
-# "set firewall name INBOUND default-action 'accept'",
-# "set firewall name INBOUND description 'IPv4 INBOUND rule set'",
-# "set firewall name INBOUND rule 101 action 'accept'",
-# "set firewall name INBOUND rule 101",
-# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
-# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'",
-# "set firewall name INBOUND rule 102 action 'reject'",
-# "set firewall name INBOUND rule 102",
-# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'",
-# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'",
-# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'",
-# "set firewall name INBOUND rule 103 destination group address-group inbound",
-# "set firewall name INBOUND rule 103",
-# "set firewall name INBOUND rule 103 source address 192.0.2.0",
-# "set firewall name INBOUND rule 103 state established enable",
-# "set firewall name INBOUND rule 103 state related enable",
-# "set firewall name INBOUND rule 103 state invalid disable",
-# "set firewall name INBOUND rule 103 state new disable",
-# "set firewall name INBOUND rule 103 action 'accept'"
+# "set firewall ipv6 name UPLINK default-action 'accept'",
+# "set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'",
+# "set firewall ipv4 name INBOUND default-action 'accept'",
+# "set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'",
+# "set firewall ipv4 name INBOUND rule 101 action 'accept'",
+# "set firewall ipv4 name INBOUND rule 101",
+# "set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
+# "set firewall ipv4 name INBOUND rule 101 ipsec 'match-ipsec'",
+# "set firewall ipv4 name INBOUND rule 102 action 'reject'",
+# "set firewall ipv4 name INBOUND rule 102",
+# "set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'",
+# "set firewall ipv4 name INBOUND rule 102 ipsec 'match-ipsec'",
+# "set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'",
+# "set firewall ipv4 name INBOUND rule 103 destination group address-group inbound",
+# "set firewall ipv4 name INBOUND rule 103",
+# "set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0",
+# "set firewall ipv4 name INBOUND rule 103 state established",
+# "set firewall ipv4 name INBOUND rule 103 state related",
+# "set firewall ipv4 name INBOUND rule 103 action 'accept'"
# ]
@@ -1549,14 +1538,14 @@ EXAMPLES = """
vyos.vyos.vyos_firewall_rules:
running_config:
"set firewall group address-group 'inbound'
- set firewall name Downlink default-action 'accept'
- set firewall name Downlink description 'IPv4 INBOUND rule set'
- set firewall name Downlink rule 501 action 'accept'
- set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
- set firewall name Downlink rule 501 ipsec 'match-ipsec'
- set firewall name Downlink rule 502 action 'reject'
- set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
- set firewall name Downlink rule 502 ipsec 'match-ipsec'"
+ set firewall ipv4 name Downlink default-action 'accept'
+ set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'
+ set firewall ipv4 name Downlink rule 501 action 'accept'
+ set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+ set firewall ipv4 name Downlink rule 501 ipsec 'match-ipsec'
+ set firewall ipv4 name Downlink rule 502 action 'reject'
+ set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+ set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'"
state: parsed
#
#
@@ -1612,21 +1601,21 @@ commands:
returned: always
type: list
sample:
- - "set firewall name Downlink default-action 'accept'"
- - "set firewall name Downlink description 'IPv4 INBOUND rule set'"
- - "set firewall name Downlink rule 501 action 'accept'"
- - "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'"
- - "set firewall name Downlink rule 502 ipsec 'match-ipsec'"
+ - "set firewall ipv4 name Downlink default-action 'accept'"
+ - "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'"
+ - "set firewall ipv4 name Downlink rule 501 action 'accept'"
+ - "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'"
+ - "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'"
rendered:
description: The provided configuration in the task rendered in device-native format (offline).
returned: when I(state) is C(rendered)
type: list
sample:
- - "set firewall name Downlink default-action 'accept'"
- - "set firewall name Downlink description 'IPv4 INBOUND rule set'"
- - "set firewall name Downlink rule 501 action 'accept'"
- - "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'"
- - "set firewall name Downlink rule 502 ipsec 'match-ipsec'"
+ - "set firewall ipv4 name Downlink default-action 'accept'"
+ - "set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'"
+ - "set firewall ipv4 name Downlink rule 501 action 'accept'"
+ - "set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'"
+ - "set firewall ipv4 name Downlink rule 502 ipsec 'match-ipsec'"
gathered:
description: Facts about the network resource gathered from the remote device as structured data.
returned: when I(state) is C(gathered)
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-12 17:19:35 +0000