junipernetworks / junipernetworks.junos / 8.0.0 / module / junos_acls ACLs resource module | "added in version" 1.0.0 of junipernetworks.junos" Authors: Daniel Mellado (@dmellado)junipernetworks.junos.junos_acls (8.0.0) — module
Install with ansible-galaxy collection install junipernetworks.junos:==8.0.0
collections: - name: junipernetworks.junos version: 8.0.0
This module provides declarative management of acls/filters on Juniper JUNOS devices
# Using merged # Before state: # ------------- # # admin# show firewall - name: Merge JUNOS acl junipernetworks.junos.junos_acls: config: - afi: ipv4 acls: - name: allow_ssh_acl aces: - name: ssh_rule source: port_protocol: eq: ssh protocol: tcp state: merged
state: choices: - merged - replaced - overridden - deleted - gathered - rendered - parsed default: merged description: - The state the configuration should be left in type: str config: description: A dictionary of acls options elements: dict suboptions: acls: description: - List of Access Control Lists (ACLs). elements: dict suboptions: aces: description: - List of Access Control Entries (ACEs) for this Access Control List (ACL). elements: dict suboptions: destination: description: - Specifies the destination for the filter suboptions: address: description: - Match IP destination address type: raw port_protocol: description: - Specify the destination port or protocol. suboptions: eq: description: - Match only packets on a given port number. type: str range: description: - Match only packets in the range of port numbers suboptions: end: description: - Specify the end of the port range type: int start: description: - Specify the start of the port range type: int type: dict type: dict prefix_list: description: - Match IP destination prefixes in named list elements: dict suboptions: name: description: Name of the list type: str type: list type: dict grant: choices: - permit - deny description: - Action to take after matching condition (allow, discard/reject) type: str name: description: - Filter term name required: true type: str protocol: description: - Specify the protocol to match. - Refer to vendor documentation for valid values. type: str protocol_options: description: All possible suboptions for the protocol chosen. suboptions: icmp: description: ICMP protocol options. suboptions: dod_host_prohibited: description: Host prohibited type: bool dod_net_prohibited: description: Net prohibited type: bool echo: description: Echo (ping) type: bool echo_reply: description: Echo reply type: bool host_redirect: description: Host redirect type: bool host_tos_redirect: description: Host redirect for TOS type: bool host_tos_unreachable: description: Host unreachable for TOS type: bool host_unknown: description: Host unknown type: bool host_unreachable: description: Host unreachable type: bool net_redirect: description: Network redirect type: bool net_tos_redirect: description: Net redirect for TOS type: bool network_unknown: description: Network unknown type: bool port_unreachable: description: Port unreachable type: bool protocol_unreachable: description: Protocol unreachable type: bool reassembly_timeout: description: Reassembly timeout type: bool redirect: description: All redirects type: bool router_advertisement: description: Router discovery advertisements type: bool router_solicitation: description: Router discovery solicitations type: bool source_route_failed: description: Source route failed type: bool time_exceeded: description: All time exceeded. type: bool ttl_exceeded: description: TTL exceeded type: bool type: dict type: dict source: description: - Specifies the source for the filter suboptions: address: description: - IP source address to use for the filter type: raw port_protocol: description: - Specify the source port or protocol. suboptions: eq: description: - Match only packets on a given port number. type: str range: description: - Match only packets in the range of port numbers suboptions: end: description: - Specify the end of the port range type: int start: description: - Specify the start of the port range type: int type: dict type: dict prefix_list: description: - IP source prefix list to use for the filter elements: dict suboptions: name: description: Name of the list type: str type: list type: dict type: list name: description: - Name to use for the acl filter required: true type: str type: list afi: choices: - ipv4 - ipv6 description: - Protocol family to use by the acl filter required: true type: str type: list running_config: description: - This option is used only with state I(parsed). - The value of this option should be the output received from the Junos device by executing the command B(show firewall). - The state I(parsed) reads the configuration from C(running_config) option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the I(parsed) key within the result type: str
after: description: The resulting configuration model invocation. returned: when changed sample: "The configuration returned will always be in the same format\n of the parameters\ \ above.\n" type: list before: description: The configuration prior to the model invocation. returned: always sample: "The configuration returned will always be in the same format\n of the parameters\ \ above.\n" type: list commands: description: The set of commands pushed to the remote device. returned: always sample: - command 1 - command 2 - command 3 type: list