junipernetworks.junos.junos_acl_interfaces module – ACL interfaces resource module
Note
This module is part of the junipernetworks.junos collection (version 8.0.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install junipernetworks.junos.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: junipernetworks.junos.junos_acl_interfaces.
New in junipernetworks.junos 1.0.0
Synopsis
This module manages adding and removing Access Control Lists (ACLs) from interfaces on devices running Juniper JUNOS.
Aliases: acl_interfaces
Requirements
The below requirements are needed on the host that executes this module.
ncclient (>=v0.6.4)
xmltodict (>=0.12.0)
Parameters
Parameter |
Comments |
|---|---|
A dictionary of ACL options for interfaces. |
|
Specifies ACLs attached to the interface. |
|
Specifies the ACLs for the provided AFI. |
|
Specifies the direction of packets that the ACL will be applied on. Choices:
|
|
Specifies the name of the IPv4/IPv4 ACL for the interface. |
|
Specifies the AFI for the ACL(s) to be configured on this interface. Choices:
|
|
Name/Identifier for the interface. |
|
This option is used only with state parsed. The value of this option should be the output received from the Junos device by executing the command show interfaces. The state parsed reads the configuration from |
|
The state the configuration should be left in. Choices:
|
Notes
Note
This module requires the netconf system service be enabled on the device being managed.
This module works with connection
netconf. See the Junos OS Platform Options.Tested against JunOS v18.4R1
Examples
# Using deleted
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Delete JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: deleted
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using merged
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Merge JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: merged
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using overridden
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# filter {
# input foo_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Override JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: overridden
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using replaced
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# filter {
# input foo_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Replace JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
state: replaced
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The resulting configuration model invocation. Returned: when changed Sample: |
|
The configuration prior to the model invocation. Returned: always Sample: |
|
The set of commands pushed to the remote device. Returned: always Sample: |