ansible / ansible.builtin / v2.8.11 / module / meraki_mx_l3_firewall Manage MX appliance layer 3 firewalls in the Meraki cloud | "added in version" 2.7 of ansible.builtin" Authors: Kevin Breit (@kbreit) preview | supported by communityansible.builtin.meraki_mx_l3_firewall (v2.8.11) — module
pip
Install with pip install ansible==2.8.11
Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MX firewalls.
- name: Query firewall rules meraki_mx_l3_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: query delegate_to: localhost
- name: Set two firewall rules meraki_mx_l3_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present rules: - comment: Block traffic to server src_cidr: 192.0.1.0/24 src_port: any dest_cidr: 192.0.2.2/32 dest_port: any protocol: any policy: deny - comment: Allow traffic to group of servers src_cidr: 192.0.1.0/24 src_port: any dest_cidr: 192.0.2.0/24 dest_port: any protocol: any policy: permit delegate_to: localhost
- name: Set one firewall rule and enable logging of the default rule meraki_mx_l3_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present rules: - comment: Block traffic to server src_cidr: 192.0.1.0/24 src_port: any dest_cidr: 192.0.2.2/32 dest_port: any protocol: any policy: deny syslog_default_rule: yes delegate_to: localhost
host: default: api.meraki.com description: - Hostname for Meraki dashboard. - Can be used to access regional Meraki environments, such as China. type: str rules: description: - List of firewall rules. suboptions: comment: description: - Optional comment to describe the firewall rule. dest_cidr: description: - Comma separated list of CIDR notation destination networks. dest_port: description: - Comma separated list of destination port numbers to match against. policy: choices: - allow - deny description: - Policy to apply if rule is hit. protocol: choices: - any - icmp - tcp - udp description: - Protocol to match against. src_cidr: description: - Comma separated list of CIDR notation source networks. src_port: description: - Comma separated list of source port numbers to match against. syslog_enabled: description: - Whether to log hints against the firewall rule. - Only applicable if a syslog server is specified against the network. state: choices: - present - query default: present description: - Create or modify an organization. net_id: description: - ID of network which MX firewall is in. org_id: description: - ID of organization. type: str timeout: default: 30 description: - Time to timeout for HTTP requests. type: int auth_key: description: - Authentication key provided by the dashboard. Required if environmental variable C(MERAKI_KEY) is not set. required: true type: str net_name: description: - Name of network which MX firewall is in. org_name: aliases: - organization description: - Name of organization. - If C(clone) is specified, C(org_name) is the name of the new organization. type: str use_https: default: true description: - If C(no), it will use HTTP. Otherwise it will use HTTPS. - Only useful for internal Meraki developers. type: bool use_proxy: default: false description: - If C(no), it will not use a proxy, even if one is defined in an environment variable on the target hosts. type: bool output_level: choices: - debug - normal default: normal description: - Set amount of debug output during module execution. type: str output_format: choices: - snakecase - camelcase default: snakecase description: - Instructs module whether response keys should be snake case (ex. C(net_id)) or camel case (ex. C(netId)). type: str validate_certs: default: true description: - Whether to validate HTTP certificates. type: bool syslog_default_rule: default: false description: - Whether to log hits against the default firewall rule. - Only applicable if a syslog server is specified against the network. - This is not shown in response from Meraki. Instead, refer to the C(syslog_enabled) value in the default rule. type: bool rate_limit_retry_time: default: 165 description: - Number of seconds to retry if rate limiter is triggered. type: int internal_error_retry_time: default: 60 description: - Number of seconds to retry if server returns an internal server error. type: int
data: contains: comment: description: Comment to describe the firewall rule. returned: always sample: Block traffic to server type: str dest_cidr: description: Comma separated list of CIDR notation destination networks. returned: always sample: 192.0.1.1/32,192.0.1.2/32 type: str dest_port: description: Comma separated list of destination ports. returned: always sample: 80,443 type: str policy: description: Action to take when rule is matched. returned: always type: str protocol: description: Network protocol for which to match against. returned: always sample: tcp type: str src_cidr: description: Comma separated list of CIDR notation source networks. returned: always sample: 192.0.1.1/32,192.0.1.2/32 type: str src_port: description: Comma separated list of source ports. returned: always sample: 80,443 type: str syslog_enabled: description: Whether to log to syslog when rule is matched. returned: always sample: true type: bool description: Firewall rules associated to network. returned: success type: complex