vca_fw – add remove firewall rules in a gateway in a vca

Synopsis

  • Adds or removes firewall rules from a gateway in a vca environment

Parameters

Parameter Choices/Defaults Comments
api_version
string
Default:
"5.7"
The API version to be used with the vca.
fw_rules
- / required
Default:
"no"
A list of firewall rules to be added to the gateway, Please see examples on valid entries
gateway_name
string
Default:
"gateway"
The name of the gateway of the vdc where the rule should be added.
host
string
The authentication host to be used when service type is vcd.
instance_id
string
The instance ID in a vchs environment to be used for creating the vapp.
org
string
The org to login to for creating vapp.
This option is required when the service_type is vdc.
password
string
The vca password, if not set the environment variable VCA_PASS is checked for the password.

aliases: pass, passwd
service_type
string
    Choices:
  • vca ←
  • vcd
  • vchs
The type of service we are authenticating against.
state
string
    Choices:
  • absent
  • present ←
Whether the object should be added or removed.
username
string
The vca username or email address, if not set the environment variable VCA_USER is checked for the username.

aliases: user
validate_certs
boolean
    Choices:
  • no
  • yes ←
If the certificates of the authentication is to be verified.

aliases: verify_certs
vdc_name
string
The name of the vdc where the gateway is located.

Examples

#Add a set of firewall rules

- hosts: localhost
  connection: local
  tasks:
   - vca_fw:
       instance_id: 'b15ff1e5-1024-4f55-889f-ea0209726282'
       vdc_name: 'benz_ansible'
       state: 'absent'
       fw_rules:
         - description: "ben testing"
           source_ip: "Any"
           dest_ip: 192.0.2.23
         - description: "ben testing 2"
           source_ip: 192.0.2.50
           source_port: "Any"
           dest_port: "22"
           dest_ip: 192.0.2.101
           is_enable: "true"
           enable_logging: "false"
           protocol: "Tcp"
           policy: "allow"

Status

Authors

  • Peter Sprygada (@privateip)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.