Try SpotterEdit firewall policies for administrative network services
| "added in version" 2.9 of ansible.builtin"
Authors: Kevin Breit (@kbreit)
preview | supported by community
pipInstall with pip install ansible==2.9.24
Allows for setting policy firewalled services for Meraki network devices.
- name: Set icmp service to blocked
meraki_firewalled_services:
auth_key: '{{ auth_key }}'
state: present
org_name: '{{test_org_name}}'
net_name: IntTestNetworkAppliance
service: ICMP
access: blocked
delegate_to: localhost
- name: Set icmp service to restricted
meraki_firewalled_services:
auth_key: abc123
state: present
org_name: YourOrg
net_name: YourNet
service: web
access: restricted
allowed_ips:
- 192.0.1.1
- 192.0.1.2
delegate_to: localhost
- name: Query appliance services
meraki_firewalled_services:
auth_key: abc123
state: query
org_name: YourOrg
net_name: YourNet
delegate_to: localhost
- name: Query services
meraki_firewalled_services:
auth_key: abc123
state: query
org_name: YourOrg
net_name: YourNet
service: ICMP
delegate_to: localhost
host:
default: api.meraki.com
description:
- Hostname for Meraki dashboard.
- Can be used to access regional Meraki environments, such as China.
type: str
state:
choices:
- present
- query
default: present
description:
- States that a policy should be created or modified.
type: str
access:
choices:
- blocked
- restricted
- unrestricted
description:
- Network service to query or modify.
type: str
net_id:
description:
- ID number of a network.
type: str
org_id:
description:
- ID of organization associated to a network.
type: str
service:
choices:
- ICMP
- SNMP
- web
description:
- Network service to query or modify.
type: str
timeout:
default: 30
description:
- Time to timeout for HTTP requests.
type: int
auth_key:
description:
- Authentication key provided by the dashboard. Required if environmental variable
MERAKI_KEY is not set.
required: true
type: str
net_name:
aliases:
- network
description:
- Name of a network.
type: str
org_name:
aliases:
- organization
description:
- Name of organization associated to a network.
type: str
use_https:
default: true
description:
- If C(no), it will use HTTP. Otherwise it will use HTTPS.
- Only useful for internal Meraki developers.
type: bool
use_proxy:
default: false
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
type: bool
allowed_ips:
description:
- List of IP addresses allowed to access a service.
- Only used when C(access) is set to restricted.
type: list
output_level:
choices:
- debug
- normal
default: normal
description:
- Set amount of debug output during module execution.
type: str
output_format:
choices:
- snakecase
- camelcase
default: snakecase
description:
- Instructs module whether response keys should be snake case (ex. C(net_id)) or camel
case (ex. C(netId)).
type: str
validate_certs:
default: true
description:
- Whether to validate HTTP certificates.
type: bool
rate_limit_retry_time:
default: 165
description:
- Number of seconds to retry if rate limiter is triggered.
type: int
internal_error_retry_time:
default: 60
description:
- Number of seconds to retry if server returns an internal server error.
type: int
data:
contains:
access:
description: Access assigned to a service type.
returned: success
sample: unrestricted
type: str
allowed_ips:
description: List of IP addresses to have access to service.
returned: success
sample: 192.0.1.0
type: str
service:
description: Service to apply policy to.
returned: success
sample: ICMP
type: str
description: List of network services.
returned: info
type: complex