From 37ba454f746ab6c4b05fef520ced523e2ad032cb Mon Sep 17 00:00:00 2001
From: Gaige B Paulsen <gaige@cluetrust.net>
Date: Mon, 18 Nov 2024 07:33:49 -0500
Subject: T6882: fix: firewall global-options (#359)

* T6882: fix: firewall global-options

Updated a couple of RST files due to pre-commit

* T6882: chore: update changelog

* T6882: chore: update changelog

* T6882: test: update tests to cover change
---
 docs/vyos.vyos.vyos_firewall_global_module.rst |  29 +-
 docs/vyos.vyos.vyos_firewall_rules_module.rst  | 495 ++++++++++++++++++++++++-
 2 files changed, 514 insertions(+), 10 deletions(-)

(limited to 'docs')

diff --git a/docs/vyos.vyos.vyos_firewall_global_module.rst b/docs/vyos.vyos.vyos_firewall_global_module.rst
index a77ce80f..8c234afb 100644
--- a/docs/vyos.vyos.vyos_firewall_global_module.rst
+++ b/docs/vyos.vyos.vyos_firewall_global_module.rst
@@ -705,6 +705,33 @@ Parameters
                         <div>Enable logging of packets part of an established connection.</div>
                 </td>
             </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>log_level</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>emerg</li>
+                                    <li>alert</li>
+                                    <li>crit</li>
+                                    <li>err</li>
+                                    <li>warn</li>
+                                    <li>notice</li>
+                                    <li>info</li>
+                                    <li>debug</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Only available in 1.4+</div>
+                </td>
+            </tr>
 
             <tr>
                     <td class="elbow-placeholder"></td>
@@ -852,7 +879,6 @@ Examples
             - connection_type: established
               action: accept
               log: true
-              log_level: emer
             - connection_type: invalid
               action: reject
           route_redirects:
@@ -898,7 +924,6 @@ Examples
     #        "set firewall config-trap 'enable'",
     #        "set firewall state-policy established action 'accept'",
     #        "set firewall state-policy established log 'enable'",
-    #        "set firewall state-policy established log-level 'emer'",
     #        "set firewall state-policy invalid action 'reject'",
     #        "set firewall broadcast-ping 'enable'",
     #        "set firewall all-ping 'enable'",
diff --git a/docs/vyos.vyos.vyos_firewall_rules_module.rst b/docs/vyos.vyos.vyos_firewall_rules_module.rst
index b3d619be..ad363b4e 100644
--- a/docs/vyos.vyos.vyos_firewall_rules_module.rst
+++ b/docs/vyos.vyos.vyos_firewall_rules_module.rst
@@ -103,13 +103,33 @@ Parameters
                                     <li>drop</li>
                                     <li>reject</li>
                                     <li>accept</li>
+                                    <li>jump</li>
                         </ul>
                 </td>
                 <td>
                         <div>Default action for rule-set.</div>
                         <div>drop (Drop if no prior rules are hit (default))</div>
                         <div>reject (Drop and notify source if no prior rules are hit)</div>
-                        <div>accept (Accept if no prior rules are hit)</div>
+                        <div>accept (Accept if no prior rules are hit) - jump (Jump to another rule-set, 1.4+)</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="4">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>default_jump_target</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Default jump target if the default action is jump.</div>
+                        <div>Only valid in 1.4 and later.</div>
+                        <div>Only valid when default_action = jump.</div>
                 </td>
             </tr>
             <tr>
@@ -150,6 +170,29 @@ Parameters
                         <div>Option to log packets hitting default-action.</div>
                 </td>
             </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="4">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>filter</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>input</li>
+                                    <li>output</li>
+                                    <li>forward</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Filter type (exclusive to &quot;name&quot;).</div>
+                        <div>Supported in 1.4 and later.</div>
+                </td>
+            </tr>
             <tr>
                     <td class="elbow-placeholder"></td>
                     <td class="elbow-placeholder"></td>
@@ -165,6 +208,7 @@ Parameters
                 </td>
                 <td>
                         <div>Firewall rule set name.</div>
+                        <div>Required for 1.3- and optional for 1.4+.</div>
                 </td>
             </tr>
             <tr>
@@ -203,10 +247,17 @@ Parameters
                                     <li>reject</li>
                                     <li>accept</li>
                                     <li>inspect</li>
+                                    <li>continue</li>
+                                    <li>return</li>
+                                    <li>jump</li>
+                                    <li>queue</li>
+                                    <li>synproxy</li>
                         </ul>
                 </td>
                 <td>
                         <div>Specifying the action.</div>
+                        <div>inspect is available  &lt; 1.4</div>
+                        <div>continue, return, jump, queue, synproxy are available &gt;= 1.4</div>
                 </td>
             </tr>
             <tr>
@@ -389,6 +440,7 @@ Parameters
                 </td>
                 <td>
                         <div>Option to disable firewall rule.</div>
+                        <div>aliased to disabled</div>
                         <div style="font-size: small; color: darkgreen"><br/>aliases: disabled</div>
                 </td>
             </tr>
@@ -532,6 +584,65 @@ Parameters
                 </td>
             </tr>
 
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>inbound_interface</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">dictionary</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Inbound interface.</div>
+                        <div>Only valid in 1.4 and later.</div>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>group</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Interface group.</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>name</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Interface name.</div>
+                        <div>Can have wildcards</div>
+                </td>
+            </tr>
+
             <tr>
                     <td class="elbow-placeholder"></td>
                     <td class="elbow-placeholder"></td>
@@ -546,10 +657,8 @@ Parameters
                 </td>
                 <td>
                         <ul style="margin: 0; padding: 0"><b>Choices:</b>
-                                <br><i>VyOS 1.4 & older:</i><br>
                                     <li>match-ipsec</li>
                                     <li>match-none</li>
-                                <br><i>VyOS 1.5+ :</i><br>
                                     <li>match-ipsec-in</li>
                                     <li>match-ipsec-out</li>
                                     <li>match-none-in</li>
@@ -560,6 +669,26 @@ Parameters
                         <div>Inbound ip sec packets.</div>
                 </td>
             </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>jump_target</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Jump target if the action is jump.</div>
+                        <div>Only valid in 1.4 and later.</div>
+                        <div>Only valid when action = jump.</div>
+                </td>
+            </tr>
             <tr>
                     <td class="elbow-placeholder"></td>
                     <td class="elbow-placeholder"></td>
@@ -679,7 +808,7 @@ Parameters
                         </ul>
                 </td>
                 <td>
-                        <div>Option to log packets matching rule</div>
+                        <div>Log matching packets.</div>
                 </td>
             </tr>
             <tr>
@@ -701,6 +830,65 @@ Parameters
                         <div>Rule number.</div>
                 </td>
             </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>outbound_interface</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">dictionary</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Match outbound interface.</div>
+                        <div>Only valid in 1.4 and later.</div>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>group</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Interface group.</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>name</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Interface name.</div>
+                        <div>Can have wildcards</div>
+                </td>
+            </tr>
+
             <tr>
                     <td class="elbow-placeholder"></td>
                     <td class="elbow-placeholder"></td>
@@ -749,6 +937,112 @@ Parameters
                 </td>
             </tr>
 
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>packet_length</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">list</span>
+                         / <span style="color: purple">elements=dictionary</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Packet length match.</div>
+                        <div>Only valid in 1.4 and later.</div>
+                        <div>Multiple values from 1 to 65535 and ranges are supported</div>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>length</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Packet length or range.</div>
+                </td>
+            </tr>
+
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>packet_length_exclude</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">list</span>
+                         / <span style="color: purple">elements=dictionary</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Packet length match.</div>
+                        <div>Only valid in 1.4 and later.</div>
+                        <div>Multiple values from 1 to 65535 and ranges are supported</div>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>length</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Packet length or range.</div>
+                </td>
+            </tr>
+
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>packet_type</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>broadcast</li>
+                                    <li>multicast</li>
+                                    <li>host</li>
+                                    <li>other</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Packet type match.</div>
+                </td>
+            </tr>
             <tr>
                     <td class="elbow-placeholder"></td>
                     <td class="elbow-placeholder"></td>
@@ -772,6 +1066,51 @@ Parameters
                         <div>(!)All IP protocols except for the specified name or number.</div>
                 </td>
             </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>queue</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Queue options.</div>
+                        <div>Only valid in 1.4 and later.</div>
+                        <div>Only valid when action = queue.</div>
+                        <div>Can be a queue number or range.</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>queue_options</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>bypass</li>
+                                    <li>fanout</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Queue options.</div>
+                        <div>Only valid in 1.4 and later.</div>
+                        <div>Only valid when action = queue.</div>
+                </td>
+            </tr>
             <tr>
                     <td class="elbow-placeholder"></td>
                     <td class="elbow-placeholder"></td>
@@ -819,13 +1158,14 @@ Parameters
                     <b>time</b>
                     <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
                     <div style="font-size: small">
-                        <span style="color: purple">integer</span>
+                        <span style="color: purple">string</span>
                     </div>
                 </td>
                 <td>
                 </td>
                 <td>
                         <div>Source addresses seen in the last N seconds.</div>
+                        <div>Since 1.4, this is a string of second/minute/hour</div>
                 </td>
             </tr>
 
@@ -869,6 +1209,26 @@ Parameters
                         <div>Source ip address subnet or range.</div>
                 </td>
             </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>fqdn</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Fully qualified domain name.</div>
+                        <div>Available in 1.4 and later.</div>
+                </td>
+            </tr>
             <tr>
                     <td class="elbow-placeholder"></td>
                     <td class="elbow-placeholder"></td>
@@ -1102,6 +1462,65 @@ Parameters
                 </td>
             </tr>
 
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>synproxy</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">dictionary</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>SYN proxy options.</div>
+                        <div>Only valid in 1.4 and later.</div>
+                        <div>Only valid when action = synproxy.</div>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>mss</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">integer</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Adjust MSS (501-65535)</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>window_scale</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">integer</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Window scale (1-14).</div>
+                </td>
+            </tr>
+
             <tr>
                     <td class="elbow-placeholder"></td>
                     <td class="elbow-placeholder"></td>
@@ -1129,17 +1548,77 @@ Parameters
                     <div class="ansibleOptionAnchor" id="parameter-"></div>
                     <b>flags</b>
                     <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">list</span>
+                         / <span style="color: purple">elements=dictionary</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>list of tcp flags to be matched</div>
+                        <div>5.0 breaking change to support 1.4+ and 1.3-</div>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>flag</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
                     <div style="font-size: small">
                         <span style="color: purple">string</span>
                     </div>
                 </td>
                 <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>ack</li>
+                                    <li>cwr</li>
+                                    <li>ecn</li>
+                                    <li>fin</li>
+                                    <li>psh</li>
+                                    <li>rst</li>
+                                    <li>syn</li>
+                                    <li>urg</li>
+                                    <li>all</li>
+                        </ul>
                 </td>
                 <td>
-                        <div>TCP flags to be matched.</div>
+                        <div>TCP flag to be matched.</div>
+                        <div>syn, ack, fin, rst, urg, psh, all (1.3-)</div>
+                        <div>syn, ack, fin, rst, urg, psh, cwr, ecn (1.4+)</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>invert</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Invert the match.</div>
                 </td>
             </tr>
 
+
             <tr>
                     <td class="elbow-placeholder"></td>
                     <td class="elbow-placeholder"></td>
@@ -2408,7 +2887,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late
                     <b>after</b>
                     <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
                     <div style="font-size: small">
-                      <span style="color: purple">list</span>
+                      <span style="color: purple">dictionary</span>
                     </div>
                 </td>
                 <td>when changed</td>
@@ -2426,7 +2905,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late
                     <b>before</b>
                     <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
                     <div style="font-size: small">
-                      <span style="color: purple">list</span>
+                      <span style="color: purple">dictionary</span>
                     </div>
                 </td>
                 <td>always</td>
-- 
cgit v1.2.3