junipernetworks.junos.junos_acls module – ACLs resource module
Note
This module is part of the junipernetworks.junos collection (version 8.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install junipernetworks.junos
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: junipernetworks.junos.junos_acls
.
New in junipernetworks.junos 1.0.0
Synopsis
This module provides declarative management of acls/filters on Juniper JUNOS devices
Aliases: acls
Requirements
The below requirements are needed on the host that executes this module.
ncclient (>=v0.6.4)
xmltodict (>=0.12.0)
Parameters
Parameter |
Comments |
---|---|
A dictionary of acls options |
|
List of Access Control Lists (ACLs). |
|
List of Access Control Entries (ACEs) for this Access Control List (ACL). |
|
Specifies the destination for the filter |
|
Match IP destination address |
|
Specify the destination port or protocol. |
|
Match only packets on a given port number. |
|
Match only packets in the range of port numbers |
|
Specify the end of the port range |
|
Specify the start of the port range |
|
Match IP destination prefixes in named list |
|
Name of the list |
|
Action to take after matching condition (allow, discard/reject) Choices:
|
|
Filter term name |
|
Specify the protocol to match. Refer to vendor documentation for valid values. |
|
All possible suboptions for the protocol chosen. |
|
ICMP protocol options. |
|
Host prohibited Choices:
|
|
Net prohibited Choices:
|
|
Echo (ping) Choices:
|
|
Echo reply Choices:
|
|
Host redirect Choices:
|
|
Host redirect for TOS Choices:
|
|
Host unreachable for TOS Choices:
|
|
Host unknown Choices:
|
|
Host unreachable Choices:
|
|
Network redirect Choices:
|
|
Net redirect for TOS Choices:
|
|
Network unknown Choices:
|
|
Port unreachable Choices:
|
|
Protocol unreachable Choices:
|
|
Reassembly timeout Choices:
|
|
All redirects Choices:
|
|
Router discovery advertisements Choices:
|
|
Router discovery solicitations Choices:
|
|
Source route failed Choices:
|
|
All time exceeded. Choices:
|
|
TTL exceeded Choices:
|
|
Specifies the source for the filter |
|
IP source address to use for the filter |
|
Specify the source port or protocol. |
|
Match only packets on a given port number. |
|
Match only packets in the range of port numbers |
|
Specify the end of the port range |
|
Specify the start of the port range |
|
IP source prefix list to use for the filter |
|
Name of the list |
|
Name to use for the acl filter |
|
Protocol family to use by the acl filter Choices:
|
|
This option is used only with state parsed. The value of this option should be the output received from the Junos device by executing the command show firewall. The state parsed reads the configuration from |
|
The state the configuration should be left in Choices:
|
Notes
Note
This module requires the netconf system service be enabled on the device being managed
This module works with connection
netconf
Tested against JunOS v18.4R1
Examples
# Using merged
# Before state:
# -------------
#
# admin# show firewall
- name: Merge JUNOS acl
junipernetworks.junos.junos_acls:
config:
- afi: ipv4
acls:
- name: allow_ssh_acl
aces:
- name: ssh_rule
source:
port_protocol:
eq: ssh
protocol: tcp
state: merged
# After state:
# -------------
# admin# show firewall
# family inet {
# filter allow_ssh_acl {
# term ssh_rule {
# from {
# protocol tcp;
# source-port ssh;
# }
# }
# }
# }
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The resulting configuration model invocation. Returned: when changed Sample: |
|
The configuration prior to the model invocation. Returned: always Sample: |
|
The set of commands pushed to the remote device. Returned: always Sample: |