ngine_io.vultr.vultr_firewall_rule module – Manages firewall rules on Vultr.
Note
This module is part of the ngine_io.vultr collection (version 1.1.2).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install ngine_io.vultr.
To use it in a playbook, specify: ngine_io.vultr.vultr_firewall_rule.
New in version 0.1.0: of ngine_io.vultr
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.6
Parameters
Parameter |
Comments |
|---|---|
Name of the ini section in the The ENV variable Default: “default” |
|
URL to API endpint (without trailing slash). The ENV variable Fallback value is https://api.vultr.com if not specified. |
|
API key of the Vultr API. The ENV variable |
|
Amount of retries in case of the Vultr API retuns an HTTP 503 code. The ENV variable Fallback value is 5 retries if not specified. |
|
Retry backoff delay in seconds is exponential up to this max. value, in seconds. The ENV variable Fallback value is 12 seconds. |
|
HTTP timeout to Vultr API. The ENV variable Fallback value is 60 seconds if not specified. |
|
Network in CIDR format The CIDR format must match with the Required if Defaulted to 0.0.0.0/0 or ::/0 depending on |
|
End port for the firewall rule. Only considered if |
|
Name of the firewall group. |
|
IP address version Choices:
|
|
Protocol of the firewall rule. Choices:
|
|
Start port for the firewall rule. Required if |
|
State of the firewall rule. Choices:
|
|
Validate SSL certs of the Vultr API. Choices:
|
Notes
Note
Also see the API documentation on https://www.vultr.com/api/.
Examples
- name: ensure a firewall rule is present
ngine_io.vultr.vultr_firewall_rule:
group: application
protocol: tcp
start_port: 8000
end_port: 9000
cidr: 17.17.17.0/24
- name: open DNS port for all ipv4 and ipv6
ngine_io.vultr.vultr_firewall_rule:
group: dns
protocol: udp
port: 53
ip_version: "{{ item }}"
with_items: [ v4, v6 ]
- name: allow ping
ngine_io.vultr.vultr_firewall_rule:
group: web
protocol: icmp
- name: ensure a firewall rule is absent
ngine_io.vultr.vultr_firewall_rule:
group: application
protocol: tcp
start_port: 8000
end_port: 9000
cidr: 17.17.17.0/24
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Response from Vultr API with a few additions/modification Returned: success |
|
Account used in the ini file to select the key Returned: success Sample: “default” |
|
Amount of max retries for the API requests Returned: success Sample: 5 |
|
Exponential backoff delay in seconds between retries up to this max delay value. Returned: success Sample: 12 |
|
Timeout used for the API requests Returned: success Sample: 60 |
|
Response from Vultr API Returned: success |
|
Action of the firewall rule Returned: success Sample: “accept” |
|
CIDR of the firewall rule (IPv4 or IPv6) Returned: success and when port range Sample: “0.0.0.0/0” |
|
End port of the firewall rule Returned: success and when port range and protocol is tcp or udp Sample: 8080 |
|
Firewall group the rule is into. Returned: success Sample: “web” |
|
Protocol of the firewall rule Returned: success Sample: “tcp” |
|
Rule number of the firewall rule Returned: success Sample: 2 |
|
Start port of the firewall rule Returned: success and protocol is tcp or udp Sample: 80 |
Authors
René Moser (@resmo)