Class: Ansible::Ruby::Modules::Bigip_firewall_rule

Inherits:
Base show all
Defined in:
lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb

Overview

Manages firewall rules in an AFM firewall policy. New rules will always be added to the end of the policy. Rules can be re-ordered using the C(bigip_security_policy) module. Rules can also be pre-ordered using the C(bigip_security_policy) module and then later updated using the C(bigip_firewall_rule) module.

Instance Method Summary collapse

Methods inherited from Base

#ansible_name, #to_h

Methods inherited from Ansible::Ruby::Models::Base

attr_option, attr_options, attribute, #initialize, remove_existing_validations, #to_h, validates

Constructor Details

This class inherits a constructor from Ansible::Ruby::Models::Base

Instance Method Details

#action:accept, ...

Returns Specifies the action for the firewall rule.,When C(accept), allows packets with the specified source, destination, and protocol to pass through the firewall. Packets that match the rule, and are accepted, traverse the system as if the firewall is not present.,When C(drop), drops packets with the specified source, destination, and protocol. Dropping a packet is a silent action with no notification to the source or destination systems. Dropping the packet causes the connection to be retried until the retry threshold is reached.,When C(reject), rejects packets with the specified source, destination, and protocol. When a packet is rejected the firewall sends a destination unreachable message to the sender.,When C(accept-decisively), allows packets with the specified source, destination, and protocol to pass through the firewall, and does not require any further processing by any of the further firewalls. Packets that match the rule, and are accepted, traverse the system as if the firewall is not present. If the Rule List is applied to a virtual server, management IP, or self IP firewall rule, then Accept Decisively is equivalent to Accept.,When creating a new rule, if this parameter is not provided, the default is C(reject).

Returns:

  • (:accept, :drop, :reject, :"accept-decisively", nil)

    Specifies the action for the firewall rule.,When C(accept), allows packets with the specified source, destination, and protocol to pass through the firewall. Packets that match the rule, and are accepted, traverse the system as if the firewall is not present.,When C(drop), drops packets with the specified source, destination, and protocol. Dropping a packet is a silent action with no notification to the source or destination systems. Dropping the packet causes the connection to be retried until the retry threshold is reached.,When C(reject), rejects packets with the specified source, destination, and protocol. When a packet is rejected the firewall sends a destination unreachable message to the sender.,When C(accept-decisively), allows packets with the specified source, destination, and protocol to pass through the firewall, and does not require any further processing by any of the further firewalls. Packets that match the rule, and are accepted, traverse the system as if the firewall is not present. If the Rule List is applied to a virtual server, management IP, or self IP firewall rule, then Accept Decisively is equivalent to Accept.,When creating a new rule, if this parameter is not provided, the default is C(reject).



23
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 23

attribute :action

#descriptionObject?

Returns The rule description.

Returns:

  • (Object, nil)

    The rule description.



34
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 34

attribute :description

#destinationArray<Hash>, ...

Returns Specifies packet destinations to which the rule applies.,Leaving this field blank applies the rule to all addresses and all ports.,You can specify the following destination items. An IPv4 or IPv6 address, an IPv4 or IPv6 address range, geographic location, VLAN, address list, port, port range, port list or address list.,You can specify a mix of different types of items for the source address.

Returns:

  • (Array<Hash>, Hash, nil)

    Specifies packet destinations to which the rule applies.,Leaving this field blank applies the rule to all addresses and all ports.,You can specify the following destination items. An IPv4 or IPv6 address, an IPv4 or IPv6 address range, geographic location, VLAN, address list, port, port range, port list or address list.,You can specify a mix of different types of items for the source address.



49
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 49

attribute :destination

#icmp_messageHash?

Returns Specifies the Internet Control Message Protocol (ICMP) or ICMPv6 message C(type) and C(code) that the rule uses.,This parameter is only relevant when C(protocol) is either C(icmp)(1) or C(icmpv6)(58).

Returns:

  • (Hash, nil)

    Specifies the Internet Control Message Protocol (ICMP) or ICMPv6 message C(type) and C(code) that the rule uses.,This parameter is only relevant when C(protocol) is either C(icmp)(1) or C(icmpv6)(58).



61
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 61

attribute :icmp_message

#iruleString?

Returns Specifies an iRule that is applied to the rule.,An iRule can be started when the firewall rule matches traffic.

Returns:

  • (String, nil)

    Specifies an iRule that is applied to the rule.,An iRule can be started when the firewall rule matches traffic.



37
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 37

attribute :irule

#loggingSymbol?

Returns Specifies whether logging is enabled or disabled for the firewall rule.,When creating a new rule, if this parameter is not specified, the default if C(no).

Returns:

  • (Symbol, nil)

    Specifies whether logging is enabled or disabled for the firewall rule.,When creating a new rule, if this parameter is not specified, the default if C(no).



53
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 53

attribute :logging

#nameString

Returns Specifies the name of the rule.

Returns:

  • (String)

    Specifies the name of the rule.



12
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 12

attribute :name

#parent_policyString?

Returns The policy which contains the rule to be managed.,One of either C(parent_policy) or C(parent_rule_list) is required.

Returns:

  • (String, nil)

    The policy which contains the rule to be managed.,One of either C(parent_policy) or C(parent_rule_list) is required.



16
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 16

attribute :parent_policy

#parent_rule_listObject?

Returns The rule list which contains the rule to be managed.,One of either C(parent_policy) or C(parent_rule_list) is required.

Returns:

  • (Object, nil)

    The rule list which contains the rule to be managed.,One of either C(parent_policy) or C(parent_rule_list) is required.



20
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 20

attribute :parent_rule_list

#partitionString?

Returns Device partition to manage resources on.

Returns:

  • (String, nil)

    Device partition to manage resources on.



65
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 65

attribute :partition

#protocolString?

Returns Specifies the protocol to which the rule applies.,Protocols may be specified by either their name or numeric value.,A special protocol value C(any) can be specified to match any protocol. The numeric equivalent of this protocol is C(255).

Returns:

  • (String, nil)

    Specifies the protocol to which the rule applies.,Protocols may be specified by either their name or numeric value.,A special protocol value C(any) can be specified to match any protocol. The numeric equivalent of this protocol is C(255).



41
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 41

attribute :protocol

#rule_listString?

Returns Specifies an existing rule list to use in the rule.,This parameter is mutually exclusive with many of the other individual-rule specific settings. This includes C(logging), C(action), C(source), C(destination), C(irule’), C(protocol) and C(logging).

Returns:

  • (String, nil)

    Specifies an existing rule list to use in the rule.,This parameter is mutually exclusive with many of the other individual-rule specific settings. This includes C(logging), C(action), C(source), C(destination), C(irule’), C(protocol) and C(logging).



57
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 57

attribute :rule_list

#scheduleObject?

Returns Specifies a schedule for the firewall rule.,You configure schedules to define days and times when the firewall rule is made active.

Returns:

  • (Object, nil)

    Specifies a schedule for the firewall rule.,You configure schedules to define days and times when the firewall rule is made active.



31
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 31

attribute :schedule

#sourceArray<Hash>, ...

Returns Specifies packet sources to which the rule applies.,Leaving this field blank applies the rule to all addresses and all ports.,You can specify the following source items. An IPv4 or IPv6 address, an IPv4 or IPv6 address range, geographic location, VLAN, address list, port, port range, port list or address list.,You can specify a mix of different types of items for the source address.

Returns:

  • (Array<Hash>, Hash, nil)

    Specifies packet sources to which the rule applies.,Leaving this field blank applies the rule to all addresses and all ports.,You can specify the following source items. An IPv4 or IPv6 address, an IPv4 or IPv6 address range, geographic location, VLAN, address list, port, port range, port list or address list.,You can specify a mix of different types of items for the source address.



45
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 45

attribute :source

#state:present, ...

Returns When C(state) is C(present), ensures that the rule exists.,When C(state) is C(absent), ensures that the rule is removed.

Returns:

  • (:present, :absent, nil)

    When C(state) is C(present), ensures that the rule exists.,When C(state) is C(absent), ensures that the rule is removed.



69
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 69

attribute :state

#status:enabled, ...

Returns Indicates the activity state of the rule or rule list.,When C(disabled), specifies that the rule or rule list does not apply at all.,When C(enabled), specifies that the system applies the firewall rule or rule list to the given context and addresses.,When C(scheduled), specifies that the system applies the rule or rule list according to the specified schedule.,When creating a new rule, if this parameter is not provided, the default is C(enabled).

Returns:

  • (:enabled, :disabled, :scheduled, nil)

    Indicates the activity state of the rule or rule list.,When C(disabled), specifies that the rule or rule list does not apply at all.,When C(enabled), specifies that the system applies the firewall rule or rule list to the given context and addresses.,When C(scheduled), specifies that the system applies the rule or rule list according to the specified schedule.,When creating a new rule, if this parameter is not provided, the default is C(enabled).



27
 
# File 'lib/ansible/ruby/modules/generated/network/f5/bigip_firewall_rule.rb', line 27

attribute :status