/ home / ansible / ansible.builtin / v2.9.26 / module / na_ontap_firewall_policy

ansible.builtin.na_ontap_firewall_policy (v2.9.26) — module

NetApp ONTAP Manage a firewall policy

| "added in version" 2.7 of ansible.builtin"

Authors: NetApp Ansible Team (@carchi8py) <ng-ansibleteam@netapp.com>

preview | supported by certified

Install Ansible via `pip`

Install with pip install ansible==2.9.26

Description

Configure firewall on an ONTAP node and manage firewall policy for an ONTAP SVM

Requirements

A physical or virtual clustered Data ONTAP system. The modules support Data ONTAP 9.1 and onward.
Ansible 2.6
Ansible 2.9 or later is strongly recommended as it enables the new collection delivery system.
Python package ipaddress. Install using 'pip install ipaddress'
Python2 netapp-lib (2017.10.30) or later. Install using 'pip install netapp-lib'
Python3 netapp-lib (2018.11.13) or later. Install using 'pip install netapp-lib'
REST support requires ONTAP 9.6 or later.
To enable http on the cluster you must run the following commands 'set -privilege advanced;' 'system services web modify -http-enabled true;'
netapp-lib 2020.3.12 is strongly recommended as it provides better error reporting for connection issues.

Usage examples

Scanned by Steampunk Spotter

    - name: create firewall Policy
      na_ontap_firewall_policy:
        state: present
        allow_list: [1.2.3.0/24,1.3.0.0/16]
        policy: pizza
        service: http
        vserver: ci_dev
        hostname: "{{ netapp hostname }}"
        username: "{{ netapp username }}"
        password: "{{ netapp password }}"

Scanned by Steampunk Spotter

    - name: Modify firewall Policy
      na_ontap_firewall_policy:
        state: present
        allow_list: [1.5.3.0/24]
        policy: pizza
        service: http
        vserver: ci_dev
        hostname: "{{ netapp hostname }}"
        username: "{{ netapp username }}"
        password: "{{ netapp password }}"

Scanned by Steampunk Spotter

    - name: Destroy firewall Policy
      na_ontap_firewall_policy:
        state: absent
        policy: pizza
        service: http
        vserver: ci_dev
        hostname: "{{ netapp hostname }}"
        username: "{{ netapp username }}"
        password: "{{ netapp password }}"

Scanned by Steampunk Spotter

    - name: Enable firewall and logging on a node
      na_ontap_firewall_policy:
        node: test-vsim1
        enable: enable
        logging: enable
        hostname: "{{ netapp hostname }}"
        username: "{{ netapp username }}"
        password: "{{ netapp password }}"

Inputs

node:
description:
- The node to run the firewall configuration on

https:
default: false
description:
- Enable and disable https.
- Ignored when using REST as only https is supported.
- Ignored when using SSL certificate authentication as it requires SSL.
type: bool

state:
choices:
- present
- absent
default: present
description:
- Whether to set up a firewall policy or not

enable:
choices:
- enable
- disable
description:
- enable firewall on a node

ontapi:
description:
- The ontap api version to use
type: int

policy:
description:
- A policy name for the firewall policy

logging:
choices:
- enable
- disable
description:
- enable logging for firewall on a node

service:
choices:
- dns
- http
- https
- ndmp
- ndmps
- ntp
- rsh
- snmp
- ssh
- telnet
description:
- The service to apply the policy to

vserver:
description:
- The Vserver to apply the policy to.

hostname:
description:
- The hostname or IP address of the ONTAP instance.
required: true
type: str

password:
aliases:
- pass
description:
- Password for the specified user.
type: str

use_rest:
choices:
- Never
- Always
- Auto
default: Auto
description:
- REST API if supported by the target system for all the resources and attributes
the module requires. Otherwise will revert to ZAPI.
- Always -- will always use the REST API
- Never -- will always use the ZAPI
- Auto -- will try to use the REST Api
type: str

username:
aliases:
- user
description:
- This can be a Cluster-scoped or SVM-scoped account, depending on whether a Cluster-level
or SVM-level API is required.
- For more information, please read the documentation U(https://mysupport.netapp.com/NOW/download/software/nmsdk/9.4/).
- Two authentication methods are supported
- 1. basic authentication, using username and password,
- 2. SSL certificate authentication, using a ssl client cert file, and optionally
a private key file.
- To use a certificate, the certificate must have been installed in the ONTAP cluster,
and cert authentication must have been enabled.
type: str

http_port:
description:
- Override the default port (80 or 443) with this port
type: int

allow_list:
description:
- A list of IPs and masks to use.
- The host bits of the IP addresses used in this list must be set to 0.

key_filepath:
description:
- path to SSL client key file.
type: str
version_added: 20.6.0
version_added_collection: netapp.ontap

cert_filepath:
description:
- path to SSL client cert file (.pem).
- not supported with python 2.6.
type: str
version_added: 20.6.0
version_added_collection: netapp.ontap

feature_flags:
description:
- Enable or disable a new feature.
- This can be used to enable an experimental feature or disable a new feature that
breaks backward compatibility.
- Supported keys and values are subject to change without notice. Unknown keys are
ignored.
type: dict
version_added: 20.5.0
version_added_collection: netapp.ontap

validate_certs:
default: true
description:
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(False) used on personally controlled sites using self-signed
certificates.
type: bool

Install Ansible via pip

Description

Requirements

Usage examples

Inputs

Install Ansible via `pip`