vmware.vmware_rest.appliance_networking_firewall_inbound module – Set the ordered list of firewall rules to allow or deny traffic from one or more incoming IP addresses
Note
This module is part of the vmware.vmware_rest collection (version 2.3.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install vmware.vmware\_rest
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: vmware.vmware_rest.appliance_networking_firewall_inbound
.
New in vmware.vmware_rest 2.0.0
Synopsis
Set the ordered list of firewall rules to allow or deny traffic from one or more incoming IP addresses. This overwrites the existing firewall rules and creates a new rule list. Within the list of traffic rules, rules are processed in order of appearance, from top to bottom. For example, the list of rules can be as follows: <table> <tr> <th>Address</th><th>Prefix</th><th>Interface Name</th><th>Policy</th> </tr> <tr> <td>10.112.0.1</td><td>0</td><td>*</td><td>REJECT</td> </tr> <tr> <td>10.112.0.1</td><td>0</td><td>nic0</td><td>ACCEPT</td> </tr> </table> In the above example, the first rule drops all packets originating from 10.112.0.1 and<br> the second rule accepts all packets originating from 10.112.0.1 only on nic0. In effect, the second rule is always ignored which is not desired, hence the order has to be swapped. When a connection matches a firewall rule, further processing for the connection stops, and the appliance ignores any additional firewall rules you have set.
Requirements
The below requirements are needed on the host that executes this module.
vSphere 7.0.2 or greater
python >= 3.6
aiohttp
Parameters
Parameter |
Comments |
---|---|
List of address-based firewall rules. This parameter is mandatory. Valid attributes are:
|
|
Timeout settings for client session. The maximal number of seconds for the whole operation including connection establishment, request sending and response. The default value is 300s. |
|
Choices:
|
|
The hostname or IP address of the vSphere vCenter If the value is not specified in the task, the value of environment variable |
|
The vSphere vCenter password If the value is not specified in the task, the value of environment variable |
|
You can use this optional parameter to set the location of a log file. This file will be used to record the HTTP REST interaction. The file will be stored on the host that run the module. If the value is not specified in the task, the value of environment variable |
|
The vSphere vCenter username If the value is not specified in the task, the value of environment variable |
|
Allows connection when SSL certificates are not valid. Set to If the value is not specified in the task, the value of environment variable Choices:
|
Notes
Note
Tested on vSphere 7.0.2
Examples
- name: Ensure the rules parameter is mandatory
vmware.vmware_rest.appliance_networking_firewall_inbound:
register: result
failed_when:
- not(result.failed)
- result.msg == 'missing required arguments: rules'
- name: Set a firewall rule
vmware.vmware_rest.appliance_networking_firewall_inbound:
rules:
- address: 1.2.3.4
prefix: 32
policy: ACCEPT
register: result
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Ensure the rules parameter is mandatory Returned: On success Sample: |
|
Ensure the rules parameter is mandatory Returned: On success Sample: |