paloaltonetworks / paloaltonetworks.panos / 2.19.1 / module / panos_query_rules Test for match against a security rule on PAN-OS devices. | "added in version" 1.0.0 of paloaltonetworks.panos" Authors: Robert Hagen (@stealthllama)paloaltonetworks.panos.panos_query_rules (2.19.1) — module
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections: - name: paloaltonetworks.panos version: 2.19.1
Security policies allow you to enforce rules and take action, and can be as general or specific as needed.
- name: check security rules for Google DNS paloaltonetworks.panos.panos_match_rule: provider: '{{ provider }}' source_ip: '10.0.0.0' destination_ip: '8.8.8.8' application: 'dns' destination_port: '53' protocol: '17' register: result
- debug: msg='{{ result.rule }}'
- name: check security rules inbound SSH with user match paloaltonetworks.panos.panos_match_rule: provider: '{{ provider }}' source_ip: '0.0.0.0' source_user: 'mydomain\jsmith' destination_ip: '192.168.100.115' destination_port: '22' protocol: '6' register: result
- debug: msg='{{ result.rule }}'
- name: check NAT rules for source NAT paloaltonetworks.panos.panos_match_rule: provider: '{{ provider }}' rule_type: 'nat' source_zone: 'Prod-DMZ' source_ip: '10.10.118.50' to_interface: 'ethernet1/2' destination_zone: 'Internet' destination_ip: '0.0.0.0' protocol: '6' register: result
- debug: msg='{{ result.rule }}'
- name: check NAT rules for inbound web paloaltonetworks.panos.panos_match_rule: provider: '{{ provider }}' rule_type: 'nat' source_zone: 'Internet' source_ip: '0.0.0.0' to_interface: 'ethernet1/1' destination_zone: 'Prod DMZ' destination_ip: '192.168.118.50' destination_port: '80' protocol: '6' register: result
- debug: msg='{{ result.rule }}'
- name: check security rules for outbound POP3 in vsys4 paloaltonetworks.panos.panos_match_rule: provider: '{{ provider }}' vsys_id: 'vsys4' source_ip: '10.0.0.0' destination_ip: '4.3.2.1' application: 'pop3' destination_port: '110' protocol: '6' register: result
- debug: msg='{{ result.rule }}'
port: default: 443 description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The port number to connect to the PAN-OS device on. type: int vsys: default: vsys1 description: - The vsys this object belongs to. type: str api_key: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The API key to use instead of generating it using I(username) / I(password). type: str vsys_id: description: - B(Removed) - Use I(vsys) instead. type: str category: description: - URL category type: str password: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The password to use for authentication. This is ignored if I(api_key) is specified. type: str protocol: description: - The IP protocol number from 1 to 255. required: true type: int provider: description: - A dict object containing connection details. suboptions: api_key: description: - The API key to use instead of generating it using I(username) / I(password). type: str ip_address: description: - The IP address or hostname of the PAN-OS device being configured. type: str password: description: - The password to use for authentication. This is ignored if I(api_key) is specified. type: str port: default: 443 description: - The port number to connect to the PAN-OS device on. type: int serial_number: description: - The serial number of a firewall to use for targeted commands. If I(ip_address) is not a Panorama PAN-OS device, then this param is ignored. type: str username: default: admin description: - The username to use for authentication. This is ignored if I(api_key) is specified. type: str type: dict version_added: 1.0.0 version_added_collection: paloaltonetworks.panos rulebase: description: - B(DEPRECATED) - This is no longer used and may safely be removed from your playbook. type: str username: default: admin description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The username to use for authentication. This is ignored if I(api_key) is specified. type: str rule_type: choices: - security - nat default: security description: - Type of rule. type: str source_ip: description: - The source IP address. required: true type: str ip_address: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The IP address or hostname of the PAN-OS device being configured. type: str application: description: - The application. type: str source_port: description: - The source port. type: int source_user: description: - The source user or group. type: str source_zone: description: - The source zone. type: str to_interface: description: - The inbound interface in a NAT rule. type: str destination_ip: description: - The destination IP address. required: true type: str destination_port: description: - The destination port. required: true type: int destination_zone: description: - The destination zone. type: str
rule: description: The rule definition, either security rule or NAT rule returned: always type: dict rulebase: description: Rule location; panorama-pre-rulebase, firewall-rulebase, or panorama-post-rulebase returned: always type: str stdout_lines: description: B(DEPRECATED); use "rule" instead returned: always type: str