ngine_io.vultr.vultr_firewall_rule – Manages firewall rules on Vultr.

Note

This plugin is part of the ngine_io.vultr collection (version 1.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ngine_io.vultr.

To use it in a playbook, specify: ngine_io.vultr.vultr_firewall_rule.

New in version 0.1.0: of ngine_io.vultr

Synopsis
Requirements
Parameters
Notes
Examples
Return Values

Synopsis

Create and remove firewall rules.

Requirements

The below requirements are needed on the host that executes this module.

python >= 2.6

Parameters

Parameter	Choices/Defaults	Comments
api_account string	Default: "default"	Name of the ini section in the `vultr.ini` file. The ENV variable `VULTR_API_ACCOUNT` is used as default, when defined.
api_endpoint string		URL to API endpint (without trailing slash). The ENV variable `VULTR_API_ENDPOINT` is used as default, when defined. Fallback value is https://api.vultr.com if not specified.
api_key string		API key of the Vultr API. The ENV variable `VULTR_API_KEY` is used as default, when defined.
api_retries integer		Amount of retries in case of the Vultr API retuns an HTTP 503 code. The ENV variable `VULTR_API_RETRIES` is used as default, when defined. Fallback value is 5 retries if not specified.
api_retry_max_delay integer		Retry backoff delay in seconds is exponential up to this max. value, in seconds. The ENV variable `VULTR_API_RETRY_MAX_DELAY` is used as default, when defined. Fallback value is 12 seconds.
api_timeout integer		HTTP timeout to Vultr API. The ENV variable `VULTR_API_TIMEOUT` is used as default, when defined. Fallback value is 60 seconds if not specified.
cidr string		Network in CIDR format The CIDR format must match with the `ip_version` value. Required if `state=present`. Defaulted to 0.0.0.0/0 or ::/0 depending on `ip_version`.
end_port integer		End port for the firewall rule. Only considered if `protocol` is tcp or udp and state=present.
group string / required		Name of the firewall group.
ip_version string	Choices: v4 ← v6	IP address version aliases: ip_type
protocol string	Choices: icmp tcp ← udp gre	Protocol of the firewall rule.
start_port integer		Start port for the firewall rule. Required if `protocol` is tcp or udp and state=present. aliases: port
state string	Choices: present ← absent	State of the firewall rule.
validate_certs boolean	Choices: no yes ←	Validate SSL certs of the Vultr API.

Notes

Note

Also see the API documentation on https://www.vultr.com/api/.

Examples

- name: ensure a firewall rule is present
  ngine_io.vultr.vultr_firewall_rule:
    group: application
    protocol: tcp
    start_port: 8000
    end_port: 9000
    cidr: 17.17.17.0/24

- name: open DNS port for all ipv4 and ipv6
  ngine_io.vultr.vultr_firewall_rule:
    group: dns
    protocol: udp
    port: 53
    ip_version: "{{ item }}"
  with_items: [ v4, v6 ]

- name: allow ping
  ngine_io.vultr.vultr_firewall_rule:
    group: web
    protocol: icmp

- name: ensure a firewall rule is absent
  ngine_io.vultr.vultr_firewall_rule:
    group: application
    protocol: tcp
    start_port: 8000
    end_port: 9000
    cidr: 17.17.17.0/24
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key		Returned	Description
vultr_api complex		success	Response from Vultr API with a few additions/modification
	api_account string	success	Account used in the ini file to select the key Sample: default
	api_endpoint string	success	Endpoint used for the API requests Sample: https://api.vultr.com
	api_retries integer	success	Amount of max retries for the API requests Sample: 5
	api_retry_max_delay integer	success	Exponential backoff delay in seconds between retries up to this max delay value. Sample: 12
	api_timeout integer	success	Timeout used for the API requests Sample: 60
vultr_firewall_rule complex		success	Response from Vultr API
	action string	success	Action of the firewall rule Sample: accept
	cidr string	success and when port range	CIDR of the firewall rule (IPv4 or IPv6) Sample: 0.0.0.0/0
	end_port integer	success and when port range and protocol is tcp or udp	End port of the firewall rule Sample: 8080
	group string	success	Firewall group the rule is into. Sample: web
	protocol string	success	Protocol of the firewall rule Sample: tcp
	rule_number integer	success	Rule number of the firewall rule Sample: 2
	start_port integer	success and protocol is tcp or udp	Start port of the firewall rule Sample: 80

Authors

René Moser (@resmo)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ngine_io/vultr/vultr_firewall_rule_module.html