clc_firewall_policy – Create/delete/update firewall policies

New in version 2.0.

Synopsis

  • Create or delete or update firewall polices on Centurylink Cloud

Requirements

The below requirements are needed on the host that executes this module.

  • python = 2.7
  • requests >= 2.5.0
  • clc-sdk

Parameters

Parameter Choices/Defaults Comments
destination
-
The list of destination addresses for traffic on the terminating firewall. This is required when state is 'present'
destination_account_alias
-
CLC alias for the destination account
enabled
-
    Choices:
  • yes ←
  • no
Default:
"yes"
Whether the firewall policy is enabled or disabled
firewall_policy_id
-
Id of the firewall policy. This is required to update or delete an existing firewall policy
location
- / required
Target datacenter for the firewall policy
ports
-
    Choices:
  • any
  • icmp
  • TCP/123
  • UDP/123
  • TCP/123-456
  • UDP/123-456
The list of ports associated with the policy. TCP and UDP can take in single ports or port ranges.
source
-
The list of source addresses for traffic on the originating firewall. This is required when state is 'present'
source_account_alias
- / required
CLC alias for the source account
state
-
    Choices:
  • present ←
  • absent
Whether to create or delete the firewall policy
wait
boolean
    Choices:
  • no
  • yes ←
Whether to wait for the provisioning tasks to finish before returning.

Notes

Note

  • To use this module, it is required to set the below environment variables which enables access to the Centurylink Cloud - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - CLC_V2_API_PASSWORD, the account password for the centurylink cloud
  • Alternatively, the module accepts the API token and account alias. The API token can be generated using the CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud
  • Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment.

Examples

---
- name: Create Firewall Policy
  hosts: localhost
  gather_facts: False
  connection: local
  tasks:
    - name: Create / Verify an Firewall Policy at CenturyLink Cloud
      clc_firewall:
        source_account_alias: WFAD
        location: VA1
        state: present
        source: 10.128.216.0/24
        destination: 10.128.216.0/24
        ports: Any
        destination_account_alias: WFAD

---
- name: Delete Firewall Policy
  hosts: localhost
  gather_facts: False
  connection: local
  tasks:
    - name: Delete an Firewall Policy at CenturyLink Cloud
      clc_firewall:
        source_account_alias: WFAD
        location: VA1
        state: absent
        firewall_policy_id: c62105233d7a4231bd2e91b9c791e43e1

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
firewall_policy
dictionary
success
The fire wall policy information

Sample:
{'destination': ['10.1.1.0/24', '10.2.2.0/24'], 'destinationAccount': 'wfad', 'enabled': True, 'id': 'fc36f1bfd47242e488a9c44346438c05', 'links': [{'href': 'http://api.ctl.io/v2-experimental/firewallPolicies/wfad/uc1/fc36f1bfd47242e488a9c44346438c05', 'rel': 'self', 'verbs': ['GET', 'PUT', 'DELETE']}], 'ports': ['any'], 'source': ['10.1.1.0/24', '10.2.2.0/24'], 'status': 'active'}
firewall_policy_id
string
success
The fire wall policy id

Sample:
fc36f1bfd47242e488a9c44346438c05


Status

Authors

  • CLC Runner (@clc-runner)

Hint

If you notice any issues in this documentation you can edit this document to improve it.