Try SpotterManages firewall rules on Vultr.
Authors: René Moser (@resmo)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Create and remove firewall rules.
- name: ensure a firewall rule is present
local_action:
module: vultr_firewall_rule
group: application
protocol: tcp
start_port: 8000
end_port: 9000
cidr: 17.17.17.0/24
- name: open DNS port for all ipv4 and ipv6
local_action:
module: vultr_firewall_rule
group: dns
protocol: udp
port: 53
ip_version: "{{ item }}"
with_items: [ v4, v6 ]
- name: allow ping
local_action:
module: vultr_firewall_rule
group: web
protocol: icmp
- name: ensure a firewall rule is absent
local_action:
module: vultr_firewall_rule
group: application
protocol: tcp
start_port: 8000
end_port: 9000
cidr: 17.17.17.0/24
state: absent
cidr:
description:
- Network in CIDR format
- The CIDR format must match with the C(ip_version) value.
- Required if C(state=present).
- Defaulted to 0.0.0.0/0 or ::/0 depending on C(ip_version).
group:
description:
- Name of the firewall group.
required: true
state:
choices:
- present
- absent
default: present
description:
- State of the firewall rule.
api_key:
description:
- API key of the Vultr API.
- The ENV variable C(VULTR_API_KEY) is used as default, when defined.
type: str
end_port:
description:
- End port for the firewall rule.
- Only considered if C(protocol) is tcp or udp and I(state=present).
protocol:
choices:
- icmp
- tcp
- udp
- gre
default: tcp
description:
- Protocol of the firewall rule.
ip_version:
aliases:
- ip_type
choices:
- v4
- v6
default: v4
description:
- IP address version
start_port:
aliases:
- port
description:
- Start port for the firewall rule.
- Required if C(protocol) is tcp or udp and I(state=present).
api_account:
default: default
description:
- Name of the ini section in the C(vultr.ini) file.
- The ENV variable C(VULTR_API_ACCOUNT) is used as default, when defined.
type: str
api_retries:
description:
- Amount of retries in case of the Vultr API retuns an HTTP 503 code.
- The ENV variable C(VULTR_API_RETRIES) is used as default, when defined.
- Fallback value is 5 retries if not specified.
type: int
api_timeout:
description:
- HTTP timeout to Vultr API.
- The ENV variable C(VULTR_API_TIMEOUT) is used as default, when defined.
- Fallback value is 60 seconds if not specified.
type: int
api_endpoint:
description:
- URL to API endpint (without trailing slash).
- The ENV variable C(VULTR_API_ENDPOINT) is used as default, when defined.
- Fallback value is U(https://api.vultr.com) if not specified.
type: str
validate_certs:
default: true
description:
- Validate SSL certs of the Vultr API.
type: bool
api_retry_max_delay:
description:
- Retry backoff delay in seconds is exponential up to this max. value, in seconds.
- The ENV variable C(VULTR_API_RETRY_MAX_DELAY) is used as default, when defined.
- Fallback value is 12 seconds.
type: int
vultr_api:
contains:
api_account:
description: Account used in the ini file to select the key
returned: success
sample: default
type: str
api_endpoint:
description: Endpoint used for the API requests
returned: success
sample: https://api.vultr.com
type: str
api_retries:
description: Amount of max retries for the API requests
returned: success
sample: 5
type: int
api_retry_max_delay:
description: Exponential backoff delay in seconds between retries up to this
max delay value.
returned: success
sample: 12
type: int
version_added: '2.9'
version_added_collection: community.general
api_timeout:
description: Timeout used for the API requests
returned: success
sample: 60
type: int
description: Response from Vultr API with a few additions/modification
returned: success
type: complex
vultr_firewall_rule:
contains:
action:
description: Action of the firewall rule
returned: success
sample: accept
type: str
cidr:
description: CIDR of the firewall rule (IPv4 or IPv6)
returned: success and when port range
sample: 0.0.0.0/0
type: str
end_port:
description: End port of the firewall rule
returned: success and when port range and protocol is tcp or udp
sample: 8080
type: int
group:
description: Firewall group the rule is into.
returned: success
sample: web
type: str
protocol:
description: Protocol of the firewall rule
returned: success
sample: tcp
type: str
rule_number:
description: Rule number of the firewall rule
returned: success
sample: 2
type: int
start_port:
description: Start port of the firewall rule
returned: success and protocol is tcp or udp
sample: 80
type: int
description: Response from Vultr API
returned: success
type: complex