summaryrefslogtreecommitdiff
path: root/lib/ansible/modules
diff options
context:
space:
mode:
authorRohit <rohitthakur2590@outlook.com>2020-03-01 11:02:22 +0530
committerGitHub <noreply@github.com>2020-03-01 11:02:22 +0530
commit8f9f8ec594d471f00750d1dc8c7d78bbb46b8081 (patch)
tree06a74f78ccee2cf81f4686cb65fd1ecb27ff6fe3 /lib/ansible/modules
parent77658704217d5f166404fc67997203c25381cb6e (diff)
downloadansible-8f9f8ec594d471f00750d1dc8c7d78bbb46b8081.tar.gz
VyOS: firewall_interfaces module added (#67254)
* firewall_interfaces module added Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * sanity fixes Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * sanity fixes Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * delete opr updated Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * tests updated Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * comments incorporated Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * ci failure fix Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com>
Diffstat (limited to 'lib/ansible/modules')
-rw-r--r--lib/ansible/modules/network/vyos/vyos_facts.py2
-rw-r--r--lib/ansible/modules/network/vyos/vyos_firewall_interfaces.py1279
2 files changed, 1280 insertions, 1 deletions
diff --git a/lib/ansible/modules/network/vyos/vyos_facts.py b/lib/ansible/modules/network/vyos/vyos_facts.py
index 82a207d11e..944382526c 100644
--- a/lib/ansible/modules/network/vyos/vyos_facts.py
+++ b/lib/ansible/modules/network/vyos/vyos_facts.py
@@ -52,7 +52,7 @@ options:
can also be used with an initial C(M(!)) to specify that a
specific subset should not be collected.
Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces',
- 'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global'.
+ 'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global', 'firewall_interfaces'.
required: false
version_added: "2.9"
"""
diff --git a/lib/ansible/modules/network/vyos/vyos_firewall_interfaces.py b/lib/ansible/modules/network/vyos/vyos_firewall_interfaces.py
new file mode 100644
index 0000000000..8655744ff7
--- /dev/null
+++ b/lib/ansible/modules/network/vyos/vyos_firewall_interfaces.py
@@ -0,0 +1,1279 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Copyright 2019 Red Hat
+# GNU General Public License v3.0+
+# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+#############################################
+# WARNING #
+#############################################
+#
+# This file is auto generated by the resource
+# module builder playbook.
+#
+# Do not edit this file manually.
+#
+# Changes to this file will be over written
+# by the resource module builder.
+#
+# Changes should be made in the model used to
+# generate this file or in the resource module
+# builder template.
+#
+#############################################
+
+"""
+The module file for vyos_firewall_interfaces
+"""
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ 'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'network'
+}
+
+DOCUMENTATION = """
+---
+module: vyos_firewall_interfaces
+version_added: '2.10'
+short_description: Manage firewall rules attributes of interfaces on VyOS devices
+description: Manage firewall rules of interfaces on VyOS network devices.
+author:
+ - Rohit Thakur (@rohitthakur2590)
+options:
+ config:
+ description: A list of firewall rules options for interfaces.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Name/Identifier for the interface.
+ type: str
+ required: True
+ access_rules:
+ description:
+ - Specifies firewall rules attached to the interfaces.
+ type: list
+ elements: dict
+ suboptions:
+ afi:
+ description:
+ - Specifies the AFI for the Firewall rules to be configured on this interface.
+ type: str
+ choices: ['ipv4', 'ipv6']
+ required: True
+ rules:
+ description:
+ - Specifies the firewall rules for the provided AFI.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Specifies the name of the IPv4/IPv6 Firewall rule for the interface.
+ type: str
+ direction:
+ description:
+ - Specifies the direction of packets that the firewall rule will be applied on.
+ type: str
+ choices: ['in', 'local', 'out']
+ required: True
+ running_config:
+ description:
+ - The module, by default, will connect to the remote device and
+ retrieve the current running-config to use as a base for comparing
+ against the contents of source. There are times when it is not
+ desirable to have the task get the current running-config for
+ every task in a playbook. The I(running_config) argument allows the
+ implementer to pass in the configuration to use as the base
+ config for comparison. This value of this option should be the
+ output received from device by executing command
+ C(show configuration commands | grep 'firewall'
+ type: str
+ state:
+ description:
+ - The state the configuration should be left in.
+ type: str
+ choices:
+ - merged
+ - replaced
+ - overridden
+ - deleted
+ - parsed
+ - rendered
+ - gathered
+ default: merged
+"""
+EXAMPLES = """
+# Using merged
+#
+# Before state:
+# -------------
+#
+# vyos@192# run show configuration commands | grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+#
+- name: Merge the provided configuration with the existing running configuration
+ vyos_firewall_interfaces:
+ config:
+ - access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'in'
+ - name: 'OUTBOUND'
+ direction: 'out'
+ - name: 'LOCAL'
+ direction: 'local'
+ - afi: 'ipv6'
+ rules:
+ - name: 'V6-LOCAL'
+ direction: 'local'
+ name: 'eth1'
+ - access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'in'
+ - name: 'OUTBOUND'
+ direction: 'out'
+ - name: 'LOCAL'
+ direction: 'local'
+ - afi: 'ipv6'
+ rules:
+ - name: 'V6-LOCAL'
+ direction: 'local'
+ name: 'eth3'
+ state: merged
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# before": [
+# {
+# "name": "eth0"
+# },
+# {
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "name": "eth3"
+# }
+# ]
+#
+# "commands": [
+# "set interfaces ethernet eth1 firewall in name 'INBOUND'",
+# "set interfaces ethernet eth1 firewall out name 'OUTBOUND'",
+# "set interfaces ethernet eth1 firewall local name 'LOCAL'",
+# "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'",
+# "set interfaces ethernet eth3 firewall in name 'INBOUND'",
+# "set interfaces ethernet eth3 firewall out name 'OUTBOUND'",
+# "set interfaces ethernet eth3 firewall local name 'LOCAL'",
+# "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'"
+# ]
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+
+
+# Using merged
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Merge the provided configuration with the existing running configuration
+ vyos_firewall_interfaces:
+ config:
+ - access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'OUTBOUND'
+ direction: 'in'
+ - name: 'INBOUND'
+ direction: 'out'
+ name: 'eth1'
+ state: merged
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# "commands": [
+# "set interfaces ethernet eth1 firewall in name 'OUTBOUND'",
+# "set interfaces ethernet eth1 firewall out name 'INBOUND'"
+# ]
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "OUTBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "INBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'INBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+
+
+# Using replaced
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Replace device configurations of listed firewall interfaces with provided configurations
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth1'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'OUTBOUND'
+ direction: 'out'
+ - afi: 'ipv6'
+ rules:
+ - name: 'V6-LOCAL'
+ direction: 'local'
+ - name: 'eth3'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'in'
+ state: replaced
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# "commands": [
+# "delete interfaces ethernet eth1 firewall in name",
+# "delete interfaces ethernet eth1 firewall local name",
+# "delete interfaces ethernet eth3 firewall local name",
+# "delete interfaces ethernet eth3 firewall out name",
+# "delete interfaces ethernet eth3 firewall local ipv6-name"
+# ]
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall 'in'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall 'out'
+
+
+# Using overridden
+#
+# Before state
+# --------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall 'in'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall 'out'
+#
+- name: Overrides all device configuration with provided configuration
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth3'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'out'
+ state: overridden
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before":[
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+# "commands": [
+# "delete interfaces ethernet eth1 firewall",
+# "delete interfaces ethernet eth3 firewall in name",
+# "set interfaces ethernet eth3 firewall out name 'INBOUND'"
+#
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "out",
+# "name": "INBOUND"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+#
+# After state
+# ------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall 'in'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall out name 'INBOUND'
+
+
+# Using deleted per interface name
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Delete firewall interfaces based on interface name.
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth1'
+ - name: 'eth3'
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+# "commands": [
+# "delete interfaces ethernet eth1 firewall",
+# "delete interfaces ethernet eth3 firewall"
+# ]
+#
+# "after": [
+# {
+# "name": "eth0"
+# },
+# {
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "name": "eth3"
+# }
+# ]
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+
+
+# Using deleted per afi
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Delete firewall interfaces config per afi.
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth1'
+ access_rules:
+ - afi: 'ipv4'
+ - afi: 'ipv6'
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "commands": [
+# "delete interfaces ethernet eth1 firewall in name",
+# "delete interfaces ethernet eth1 firewall out name",
+# "delete interfaces ethernet eth1 firewall local name",
+# "delete interfaces ethernet eth1 firewall local ipv6-name"
+# ]
+#
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+
+
+# Using deleted without config
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall in name 'INBOUND'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall local name 'LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth3 firewall local name 'LOCAL'
+# set interfaces ethernet eth3 firewall out name 'OUTBOUND'
+#
+- name: Delete firewall interfaces config when empty config provided.
+ vyos_firewall_interfaces:
+ config:
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "commands": [
+# "delete interfaces ethernet eth1 firewall",
+# "delete interfaces ethernet eth1 firewall"
+# ]
+#
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+
+
+# Using parsed
+#
+#
+- name: Parse the provided configuration
+ vyos_firewall_interfaces:
+ running_config:
+ "set interfaces ethernet eth1 firewall in name 'INBOUND'
+ set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+ set interfaces ethernet eth1 firewall local name 'LOCAL'
+ set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+ set interfaces ethernet eth2 firewall in name 'INBOUND'
+ set interfaces ethernet eth2 firewall out name 'OUTBOUND'
+ set interfaces ethernet eth2 firewall local name 'LOCAL'
+ set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'"
+ state: parsed
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+#
+# "parsed": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# },
+# {
+# "direction": "local",
+# "name": "LOCAL"
+# },
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth2"
+# },
+# {
+# "name": "eth3"
+# }
+# ]
+
+
+# Using gathered
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall 'in'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall 'out'
+#
+- name: Gather listed firewall interfaces.
+ vyos_firewall_interfaces:
+ config:
+ state: gathered
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "gathered": [
+# {
+# "name": "eth0"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "out",
+# "name": "OUTBOUND"
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "rules": [
+# {
+# "direction": "local",
+# "name": "V6-LOCAL"
+# }
+# ]
+# }
+# ],
+# "name": "eth1"
+# },
+# {
+# "name": "eth2"
+# },
+# {
+# "access_rules": [
+# {
+# "afi": "ipv4",
+# "rules": [
+# {
+# "direction": "in",
+# "name": "INBOUND"
+# }
+# ]
+# }
+# ],
+# "name": "eth3"
+# }
+# ]
+#
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall ipv6-name 'V6-LOCAL'
+# set firewall name 'INBOUND'
+# set firewall name 'LOCAL'
+# set firewall name 'OUTBOUND'
+# set interfaces ethernet eth1 firewall 'in'
+# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+# set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+# set interfaces ethernet eth3 firewall in name 'INBOUND'
+# set interfaces ethernet eth3 firewall 'local'
+# set interfaces ethernet eth3 firewall 'out'
+
+
+# Using rendered
+#
+#
+- name: Render the commands for provided configuration
+ vyos_firewall_interfaces:
+ config:
+ - name: 'eth2'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - direction: 'in'
+ name: 'INGRESS'
+ - direction: 'out'
+ name: 'OUTGRESS'
+ - direction: 'local'
+ name: 'DROP'
+ state: rendered
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+#
+# "rendered": [
+# "set interfaces ethernet eth2 firewall in name 'INGRESS'",
+# "set interfaces ethernet eth2 firewall out name 'OUTGRESS'",
+# "set interfaces ethernet eth2 firewall local name 'DROP'",
+# "set interfaces ethernet eth2 firewall local ipv6-name 'LOCAL'"
+# ]
+
+
+"""
+RETURN = """
+before:
+ description: The configuration prior to the model invocation.
+ returned: always
+ type: list
+ sample: >
+ The configuration returned will always be in the same format
+ of the parameters above.
+after:
+ description: The resulting configuration model invocation.
+ returned: when changed
+ type: list
+ sample: >
+ The configuration returned will always be in the same format
+ of the parameters above.
+commands:
+ description: The set of commands pushed to the remote device.
+ returned: always
+ type: list
+ sample:
+ - "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'"
+ - "set interfaces ethernet eth3 firewall in name 'INBOUND'"
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.network.vyos.argspec.firewall_interfaces.firewall_interfaces import Firewall_interfacesArgs
+from ansible.module_utils.network.vyos.config.firewall_interfaces.firewall_interfaces import Firewall_interfaces
+
+
+def main():
+ """
+ Main entry point for module execution
+
+ :returns: the result form module invocation
+ """
+ required_if = [('state', 'merged', ('config',)),
+ ('state', 'replaced', ('config',)),
+ ('state', 'overridden', ('config',)),
+ ('state', 'parsed', ('running_config',))]
+ mutually_exclusive = [('config', 'running_config')]
+
+ module = AnsibleModule(argument_spec=Firewall_interfacesArgs.argument_spec,
+ required_if=required_if,
+ supports_check_mode=True,
+ mutually_exclusive=mutually_exclusive)
+
+ result = Firewall_interfaces(module).execute_module()
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
View Lorry Controller Status