ansible / ansible.builtin / v2.6.0 / module / nxos_acl Manages access list entries for ACLs. | "added in version" 2.2 of ansible.builtin" Authors: Jason Edelman (@jedelman8), Gabriele Gerbino (@GGabriele) preview | supported by networkansible.builtin.nxos_acl (v2.6.0) — module
pip
Install with pip install ansible==2.6.0
Manages access list entries for ACLs.
# configure ACL ANSIBLE - nxos_acl: name: ANSIBLE seq: 10 action: permit proto: tcp src: 1.1.1.1/24 dest: any state: present
ack: choices: - enable description: - Match on the ACK bit. fin: choices: - enable description: - Match on the FIN bit. log: choices: - enable description: - Log matches against this entry. psh: choices: - enable description: - Match on the PSH bit. rst: choices: - enable description: - Match on the RST bit. seq: description: - Sequence number of the entry (ACE). src: description: - Source ip and mask using IP/MASK notation and supports keyword 'any'. syn: choices: - enable description: - Match on the SYN bit. urg: choices: - enable description: - Match on the URG bit. dest: description: - Destination ip and mask using IP/MASK notation and supports the keyword 'any'. dscp: choices: - af11 - af12 - af13 - af21 - af22 - af23 - af31 - af32 - af33 - af41 - af42 - af43 - cs1 - cs2 - cs3 - cs4 - cs5 - cs6 - cs7 - default - ef description: - Match packets with given dscp value. name: description: - Case sensitive name of the access list (ACL). required: true proto: description: - Port number or protocol (as supported by the switch). state: choices: - present - absent - delete_acl default: present description: - Specify desired state of the resource. action: choices: - permit - deny - remark description: - Action of the ACE. remark: description: - If action is set to remark, this is the description. fragments: choices: - enable description: - Check non-initial fragments. src_port1: description: - Port/protocol and also first (lower) port when using range operand. src_port2: description: - Second (end) port when using range operand. dest_port1: description: - Port/protocol and also first (lower) port when using range operand. dest_port2: description: - Second (end) port when using range operand. precedence: choices: - critical - flash - flash-override - immediate - internet - network - priority - routine description: - Match packets with given precedence. time_range: description: - Name of time-range to apply. established: choices: - enable description: - Match established connections. src_port_op: choices: - any - eq - gt - lt - neq - range description: - Source port operands such as eq, neq, gt, lt, range. dest_port_op: choices: - any - eq - gt - lt - neq - range description: - Destination port operands such as eq, neq, gt, lt, range.
commands: description: commands sent to the device returned: always sample: - ip access-list ANSIBLE - 10 permit tcp 1.1.1.1/24 any type: list