Try SpotterThis is the Cumulus Linux ACL rules module
| "added in version" 1.1.0 of nvidia.nvue"
Authors: Nvidia NBU Team (@nvidia-nbu), Krishna Vasudevan (@krisvasudevan)
Install with ansible-galaxy collection install nvidia.nvue:==1.1.7
collections:
- name: nvidia.nvue
version: 1.1.7This is a Cumulus Linux module to interact with the ACL rules object and the properties associated with an instance of an ACL rule.
- name: Display all the ACLs in the environment
nvidia.nvue.acl:
state: gathered
- name: Add ACL
nvidia.nvue.acl:
state: merged
force: yes
wait: 15
data:
- id: 'acl1'
rule:
- id: '475'
action:
permit:
match:
ip:
dest_ip: '10.115.28.0/32'
dest_port:
- id: 'ANY'
source_ip: '10.110.0.11/32'
source_port:
- id: 'smtp'
protocol: 'tcp'
type: 'ipv4'
data:
description: Provided configuration
elements: dict
suboptions:
id:
description: An ACL is used for matching packets and take actions.
required: true
type: str
rule:
description: ACL rule.
elements: dict
required: false
suboptions:
action:
description: ACL action
required: false
suboptions:
deny:
description: Deny action.
required: false
type: dict
log:
description: Provides ACL logging facility.
required: false
suboptions:
log_prefix:
description: Log the matching packets with prefix.
required: false
type: str
type: dict
permit:
description: Permit action.
required: false
type: dict
type: dict
id:
description: ACL Matching criteria and action rule.
required: false
type: str
match:
description: ACL match criteria.
required: false
suboptions:
ip:
description: IPv4 and IPv6 match.
required: false
suboptions:
dest_ip:
description: Destination IP Address.
required: false
type: str
dest_port:
description: Destination port.
elements: dict
required: false
suboptions:
id:
description: L4 port.
required: false
type: str
type: list
dscp:
description: DSCP.
required: false
type: str
icmp_type:
description: ICMP message type.
required: false
type: str
icmpv6_type:
description: ICMPv6 message type.
required: false
type: str
protocol:
description: IP protocol.
required: false
type: str
source_ip:
description: Source IP Address.
required: false
type: str
source_port:
description: Source port.
elements: dict
required: false
suboptions:
id:
description: L4 port.
required: false
type: str
type: list
ttl:
description: ttl in ipv4 and hl in ipv6.
required: false
type: int
type: dict
mac:
description: MAC match.
required: false
suboptions:
dest_mac:
description: Destination MAC Address.
required: false
type: str
dest_mac_mask:
description: Destination MAC Address mask.
required: false
type: str
protocol:
description: MAC protocol.
required: false
type: str
source_mac:
description: Source MAC Address.
required: false
type: str
source_mac_mask:
description: Source MAC Address mask.
required: false
type: str
type: dict
vlan:
description: VLAN ID.
required: false
type: int
type: dict
remark:
description: Rule remarks.
required: false
type: str
type: list
type:
choices:
- ipv4
- ipv6
- mac
description: ACL type.
required: false
type: str
type: list
wait:
default: 0
description: How long to poll for "merged/deleted" operation results.
required: false
type: int
aclid:
description: Specific ACL to query/modify.
required: false
type: str
force:
default: false
description: When true, replies "yes" to NVUE prompts.
required: false
type: bool
revid:
description: Revision ID to query/to apply config to.
required: false
type: str
state:
choices:
- gathered
- deleted
- merged
description: Defines the action to be taken.
required: true
type: str
filters:
description: Filters used while fetching information about ACL rules.
suboptions:
include:
description: Only include JSON properties matched by an include pattern in the
response.
elements: str
required: false
type: list
omit:
description: Drop any JSON properties matched by an omit pattern from the response.
elements: str
required: false
type: list
rev:
default: operational
description: The default is to query the operational state. However, this parameter
can be used to query desired state on configuration branches, such as startup
and applied. This could be a branch name, tag name or specific commit.
required: false
type: str
type: dict
changed:
description: whether a configuration was changed
returned: always
sample: true
type: bool
message:
description: details of the ACL (for gathered) or whether the change was applied
(for merged)
returned: always
sample:
- acl1:
rule:
'475':
action: {}
match:
ip:
dest-ip: 10.115.28.0/32
dest-port:
ANY: {}
protocol: tcp
source-ip: 10.110.0.11/32
source-port:
smtp: {}
type: ipv4
type: dict