junipernetworks.junos.junos_acls module – ACLs resource module
Note
This module is part of the junipernetworks.junos collection (version 2.10.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install junipernetworks.junos
.
To use it in a playbook, specify: junipernetworks.junos.junos_acls
.
New in version 1.0.0: of junipernetworks.junos
Synopsis
This module provides declarative management of acls/filters on Juniper JUNOS devices
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
ncclient (>=v0.6.4)
xmltodict (>=0.12.0)
Parameters
Parameter |
Comments |
---|---|
A dictionary of acls options |
|
List of Access Control Lists (ACLs). |
|
List of Access Control Entries (ACEs) for this Access Control List (ACL). |
|
Specifies the destination for the filter |
|
Match IP destination address |
|
Specify the destination port or protocol. |
|
Match only packets on a given port number. |
|
Match only packets in the range of port numbers |
|
Specify the end of the port range |
|
Specify the start of the port range |
|
Match IP destination prefixes in named list |
|
Name of the list |
|
Action to take after matching condition (allow, discard/reject) Choices:
|
|
Filter term name |
|
Specify the protocol to match. Refer to vendor documentation for valid values. |
|
All possible suboptions for the protocol chosen. |
|
ICMP protocol options. |
|
Host prohibited Choices:
|
|
Net prohibited Choices:
|
|
Echo (ping) Choices:
|
|
Echo reply Choices:
|
|
Host redirect Choices:
|
|
Host redirect for TOS Choices:
|
|
Host unreachable for TOS Choices:
|
|
Host unknown Choices:
|
|
Host unreachable Choices:
|
|
Network redirect Choices:
|
|
Net redirect for TOS Choices:
|
|
Network unknown Choices:
|
|
Port unreachable Choices:
|
|
Protocol unreachable Choices:
|
|
Reassembly timeout Choices:
|
|
All redirects Choices:
|
|
Router discovery advertisements Choices:
|
|
Router discovery solicitations Choices:
|
|
Source route failed Choices:
|
|
All time exceeded. Choices:
|
|
TTL exceeded Choices:
|
|
Specifies the source for the filter |
|
IP source address to use for the filter |
|
Specify the source port or protocol. |
|
Match only packets on a given port number. |
|
Match only packets in the range of port numbers |
|
Specify the end of the port range |
|
Specify the start of the port range |
|
IP source prefix list to use for the filter |
|
Name of the list |
|
Name to use for the acl filter |
|
Protocol family to use by the acl filter Choices:
|
|
The state the configuration should be left in Choices:
|
Notes
Note
This module requires the netconf system service be enabled on the device being managed.
This module works with connection
netconf
. See the Junos OS Platform Options.Tested against JunOS v18.4R1
Examples
# Using merged
# Before state:
# -------------
#
# admin# show firewall
- name: Merge JUNOS acl
junipernetworks.junos.junos_acls:
config:
- afi: ipv4
acls:
- name: allow_ssh_acl
aces:
- name: ssh_rule
source:
port_protocol:
eq: ssh
protocol: tcp
state: merged
# After state:
# -------------
# admin# show firewall
# family inet {
# filter allow_ssh_acl {
# term ssh_rule {
# from {
# protocol tcp;
# source-port ssh;
# }
# }
# }
# }
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The resulting configuration model invocation. Returned: when changed Sample: “The configuration returned will always be in the same format\n of the parameters above.\n” |
|
The configuration prior to the model invocation. Returned: always Sample: “The configuration returned will always be in the same format\n of the parameters above.\n” |
|
The set of commands pushed to the remote device. Returned: always Sample: [“command 1”, “command 2”, “command 3”] |
Authors
Daniel Mellado (@dmellado)