nvidia / nvidia.nvue / 1.1.7 / module / acl This is the Cumulus Linux ACL rules module | "added in version" 1.1.0 of nvidia.nvue" Authors: Nvidia NBU Team (@nvidia-nbu), Krishna Vasudevan (@krisvasudevan)nvidia.nvue.acl (1.1.7) — module
Install with ansible-galaxy collection install nvidia.nvue:==1.1.7
collections: - name: nvidia.nvue version: 1.1.7
This is a Cumulus Linux module to interact with the ACL rules object and the properties associated with an instance of an ACL rule.
- name: Display all the ACLs in the environment nvidia.nvue.acl: state: gathered
- name: Add ACL nvidia.nvue.acl: state: merged force: yes wait: 15 data: - id: 'acl1' rule: - id: '475' action: permit: match: ip: dest_ip: '10.115.28.0/32' dest_port: - id: 'ANY' source_ip: '10.110.0.11/32' source_port: - id: 'smtp' protocol: 'tcp' type: 'ipv4'
data: description: Provided configuration elements: dict suboptions: id: description: An ACL is used for matching packets and take actions. required: true type: str rule: description: ACL rule. elements: dict required: false suboptions: action: description: ACL action required: false suboptions: deny: description: Deny action. required: false type: dict log: description: Provides ACL logging facility. required: false suboptions: log_prefix: description: Log the matching packets with prefix. required: false type: str type: dict permit: description: Permit action. required: false type: dict type: dict id: description: ACL Matching criteria and action rule. required: false type: str match: description: ACL match criteria. required: false suboptions: ip: description: IPv4 and IPv6 match. required: false suboptions: dest_ip: description: Destination IP Address. required: false type: str dest_port: description: Destination port. elements: dict required: false suboptions: id: description: L4 port. required: false type: str type: list dscp: description: DSCP. required: false type: str icmp_type: description: ICMP message type. required: false type: str icmpv6_type: description: ICMPv6 message type. required: false type: str protocol: description: IP protocol. required: false type: str source_ip: description: Source IP Address. required: false type: str source_port: description: Source port. elements: dict required: false suboptions: id: description: L4 port. required: false type: str type: list ttl: description: ttl in ipv4 and hl in ipv6. required: false type: int type: dict mac: description: MAC match. required: false suboptions: dest_mac: description: Destination MAC Address. required: false type: str dest_mac_mask: description: Destination MAC Address mask. required: false type: str protocol: description: MAC protocol. required: false type: str source_mac: description: Source MAC Address. required: false type: str source_mac_mask: description: Source MAC Address mask. required: false type: str type: dict vlan: description: VLAN ID. required: false type: int type: dict remark: description: Rule remarks. required: false type: str type: list type: choices: - ipv4 - ipv6 - mac description: ACL type. required: false type: str type: list wait: default: 0 description: How long to poll for "merged/deleted" operation results. required: false type: int aclid: description: Specific ACL to query/modify. required: false type: str force: default: false description: When true, replies "yes" to NVUE prompts. required: false type: bool revid: description: Revision ID to query/to apply config to. required: false type: str state: choices: - gathered - deleted - merged description: Defines the action to be taken. required: true type: str filters: description: Filters used while fetching information about ACL rules. suboptions: include: description: Only include JSON properties matched by an include pattern in the response. elements: str required: false type: list omit: description: Drop any JSON properties matched by an omit pattern from the response. elements: str required: false type: list rev: default: operational description: The default is to query the operational state. However, this parameter can be used to query desired state on configuration branches, such as startup and applied. This could be a branch name, tag name or specific commit. required: false type: str type: dict
changed: description: whether a configuration was changed returned: always sample: true type: bool message: description: details of the ACL (for gathered) or whether the change was applied (for merged) returned: always sample: - acl1: rule: '475': action: {} match: ip: dest-ip: 10.115.28.0/32 dest-port: ANY: {} protocol: tcp source-ip: 10.110.0.11/32 source-port: smtp: {} type: ipv4 type: dict