Try SpotterManages access list entries for ACLs.
| "added in version" 2.2 of ansible.builtin"
Authors: Jason Edelman (@jedelman8), Gabriele Gerbino (@GGabriele)
preview | supported by network
pipInstall with pip install ansible==2.5.10
Manages access list entries for ACLs.
# configure ACL ANSIBLE
- nxos_acl:
name: ANSIBLE
seq: 10
action: permit
proto: tcp
src: 1.1.1.1/24
dest: any
state: present
ack:
choices:
- enable
default: null
description:
- Match on the ACK bit.
required: false
fin:
choices:
- enable
default: null
description:
- Match on the FIN bit.
required: false
log:
choices:
- enable
default: null
description:
- Log matches against this entry.
required: false
psh:
choices:
- enable
default: null
description:
- Match on the PSH bit.
required: false
rst:
choices:
- enable
default: null
description:
- Match on the RST bit.
required: false
seq:
default: null
description:
- Sequence number of the entry (ACE).
required: false
src:
default: null
description:
- Source ip and mask using IP/MASK notation and supports keyword 'any'.
required: false
syn:
choices:
- enable
default: null
description:
- Match on the SYN bit.
required: false
urg:
choices:
- enable
default: null
description:
- Match on the URG bit.
required: false
dest:
default: null
description:
- Destination ip and mask using IP/MASK notation and supports the keyword 'any'.
required: false
dscp:
choices:
- af11
- af12
- af13
- af21
- af22
- af23
- af31
- af32
- af33
- af41
- af42
- af43
- cs1
- cs2
- cs3
- cs4
- cs5
- cs6
- cs7
- default
- ef
default: null
description:
- Match packets with given dscp value.
required: false
name:
description:
- Case sensitive name of the access list (ACL).
required: true
proto:
default: null
description:
- Port number or protocol (as supported by the switch).
required: false
state:
choices:
- present
- absent
- delete_acl
default: present
description:
- Specify desired state of the resource.
required: false
action:
choices:
- permit
- deny
- remark
default: null
description:
- Action of the ACE.
required: false
remark:
default: null
description:
- If action is set to remark, this is the description.
required: false
fragments:
choices:
- enable
default: null
description:
- Check non-initial fragments.
required: false
src_port1:
default: null
description:
- Port/protocol and also first (lower) port when using range operand.
required: false
src_port2:
default: null
description:
- Second (end) port when using range operand.
required: false
dest_port1:
default: null
description:
- Port/protocol and also first (lower) port when using range operand.
required: false
dest_port2:
default: null
description:
- Second (end) port when using range operand.
required: false
precedence:
choices:
- critical
- flash
- flash-override
- immediate
- internet
- network
- priority
- routine
default: null
description:
- Match packets with given precedence.
required: false
time_range:
default: null
description:
- Name of time-range to apply.
required: false
established:
choices:
- enable
default: null
description:
- Match established connections.
required: false
src_port_op:
choices:
- any
- eq
- gt
- lt
- neq
- range
default: null
description:
- Source port operands such as eq, neq, gt, lt, range.
required: false
dest_port_op:
choices:
- any
- eq
- gt
- lt
- neq
- range
default: null
description:
- Destination port operands such as eq, neq, gt, lt, range.
required: false
commands: description: commands sent to the device returned: always sample: - ip access-list ANSIBLE - 10 permit tcp 1.1.1.1/24 any type: list