ansible / ansible.builtin / v2.5.10 / module / nxos_acl Manages access list entries for ACLs. | "added in version" 2.2 of ansible.builtin" Authors: Jason Edelman (@jedelman8), Gabriele Gerbino (@GGabriele) preview | supported by networkansible.builtin.nxos_acl (v2.5.10) — module
pip
Install with pip install ansible==2.5.10
Manages access list entries for ACLs.
# configure ACL ANSIBLE - nxos_acl: name: ANSIBLE seq: 10 action: permit proto: tcp src: 1.1.1.1/24 dest: any state: present
ack: choices: - enable default: null description: - Match on the ACK bit. required: false fin: choices: - enable default: null description: - Match on the FIN bit. required: false log: choices: - enable default: null description: - Log matches against this entry. required: false psh: choices: - enable default: null description: - Match on the PSH bit. required: false rst: choices: - enable default: null description: - Match on the RST bit. required: false seq: default: null description: - Sequence number of the entry (ACE). required: false src: default: null description: - Source ip and mask using IP/MASK notation and supports keyword 'any'. required: false syn: choices: - enable default: null description: - Match on the SYN bit. required: false urg: choices: - enable default: null description: - Match on the URG bit. required: false dest: default: null description: - Destination ip and mask using IP/MASK notation and supports the keyword 'any'. required: false dscp: choices: - af11 - af12 - af13 - af21 - af22 - af23 - af31 - af32 - af33 - af41 - af42 - af43 - cs1 - cs2 - cs3 - cs4 - cs5 - cs6 - cs7 - default - ef default: null description: - Match packets with given dscp value. required: false name: description: - Case sensitive name of the access list (ACL). required: true proto: default: null description: - Port number or protocol (as supported by the switch). required: false state: choices: - present - absent - delete_acl default: present description: - Specify desired state of the resource. required: false action: choices: - permit - deny - remark default: null description: - Action of the ACE. required: false remark: default: null description: - If action is set to remark, this is the description. required: false fragments: choices: - enable default: null description: - Check non-initial fragments. required: false src_port1: default: null description: - Port/protocol and also first (lower) port when using range operand. required: false src_port2: default: null description: - Second (end) port when using range operand. required: false dest_port1: default: null description: - Port/protocol and also first (lower) port when using range operand. required: false dest_port2: default: null description: - Second (end) port when using range operand. required: false precedence: choices: - critical - flash - flash-override - immediate - internet - network - priority - routine default: null description: - Match packets with given precedence. required: false time_range: default: null description: - Name of time-range to apply. required: false established: choices: - enable default: null description: - Match established connections. required: false src_port_op: choices: - any - eq - gt - lt - neq - range default: null description: - Source port operands such as eq, neq, gt, lt, range. required: false dest_port_op: choices: - any - eq - gt - lt - neq - range default: null description: - Destination port operands such as eq, neq, gt, lt, range. required: false
commands: description: commands sent to the device returned: always sample: - ip access-list ANSIBLE - 10 permit tcp 1.1.1.1/24 any type: list