ansible.builtin.nxos_acl (v2.6.0) — module

Install Ansible via pip

Install with pip install ansible==2.6.0

Description

Manages access list entries for ACLs.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# configure ACL ANSIBLE
- nxos_acl:
    name: ANSIBLE
    seq: 10
    action: permit
    proto: tcp
    src: 1.1.1.1/24
    dest: any
    state: present

Inputs

    
ack:
    choices:
    - enable
    description:
    - Match on the ACK bit.

fin:
    choices:
    - enable
    description:
    - Match on the FIN bit.

log:
    choices:
    - enable
    description:
    - Log matches against this entry.

psh:
    choices:
    - enable
    description:
    - Match on the PSH bit.

rst:
    choices:
    - enable
    description:
    - Match on the RST bit.

seq:
    description:
    - Sequence number of the entry (ACE).

src:
    description:
    - Source ip and mask using IP/MASK notation and supports keyword 'any'.

syn:
    choices:
    - enable
    description:
    - Match on the SYN bit.

urg:
    choices:
    - enable
    description:
    - Match on the URG bit.

dest:
    description:
    - Destination ip and mask using IP/MASK notation and supports the keyword 'any'.

dscp:
    choices:
    - af11
    - af12
    - af13
    - af21
    - af22
    - af23
    - af31
    - af32
    - af33
    - af41
    - af42
    - af43
    - cs1
    - cs2
    - cs3
    - cs4
    - cs5
    - cs6
    - cs7
    - default
    - ef
    description:
    - Match packets with given dscp value.

name:
    description:
    - Case sensitive name of the access list (ACL).
    required: true

proto:
    description:
    - Port number or protocol (as supported by the switch).

state:
    choices:
    - present
    - absent
    - delete_acl
    default: present
    description:
    - Specify desired state of the resource.

action:
    choices:
    - permit
    - deny
    - remark
    description:
    - Action of the ACE.

remark:
    description:
    - If action is set to remark, this is the description.

fragments:
    choices:
    - enable
    description:
    - Check non-initial fragments.

src_port1:
    description:
    - Port/protocol and also first (lower) port when using range operand.

src_port2:
    description:
    - Second (end) port when using range operand.

dest_port1:
    description:
    - Port/protocol and also first (lower) port when using range operand.

dest_port2:
    description:
    - Second (end) port when using range operand.

precedence:
    choices:
    - critical
    - flash
    - flash-override
    - immediate
    - internet
    - network
    - priority
    - routine
    description:
    - Match packets with given precedence.

time_range:
    description:
    - Name of time-range to apply.

established:
    choices:
    - enable
    description:
    - Match established connections.

src_port_op:
    choices:
    - any
    - eq
    - gt
    - lt
    - neq
    - range
    description:
    - Source port operands such as eq, neq, gt, lt, range.

dest_port_op:
    choices:
    - any
    - eq
    - gt
    - lt
    - neq
    - range
    description:
    - Destination port operands such as eq, neq, gt, lt, range.

Outputs

commands:
  description: commands sent to the device
  returned: always
  sample:
  - ip access-list ANSIBLE
  - 10 permit tcp 1.1.1.1/24 any
  type: list