junipernetworks.junos.junos_acl_interfaces – ACL interfaces resource module
Note
This plugin is part of the junipernetworks.junos collection (version 1.2.1).
To install it use: ansible-galaxy collection install junipernetworks.junos.
To use it in a playbook, specify: junipernetworks.junos.junos_acl_interfaces.
New in version 1.0.0: of junipernetworks.junos
Synopsis
- This module manages adding and removing Access Control Lists (ACLs) from interfaces on devices running Juniper JUNOS.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
- ncclient (>=v0.6.4)
- xmltodict (>=0.12.0)
Parameters
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
| config list / elements=dictionary | A dictionary of ACL options for interfaces. | ||||
| access_groups list / elements=dictionary | Specifies ACLs attached to the interface. | ||||
| acls list / elements=dictionary | Specifies the ACLs for the provided AFI. | ||||
| direction string |
| Specifies the direction of packets that the ACL will be applied on. | |||
| name string | Specifies the name of the IPv4/IPv4 ACL for the interface. | ||||
| afi string |
| Specifies the AFI for the ACL(s) to be configured on this interface. | |||
| name string | Name/Identifier for the interface. | ||||
| running_config string | This option is used only with state parsed. The value of this option should be the output received from the Junos device by executing the command show interfaces. The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result | ||||
| state string |
| The state the configuration should be left in. | |||
Notes
Note
- This module requires the netconf system service be enabled on the device being managed.
- This module works with connection
netconf. See the Junos OS Platform Options. - Tested against JunOS v18.4R1
Examples
# Using deleted
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Delete JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: deleted
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using merged
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Merge JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: merged
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using overridden
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# filter {
# input foo_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Override JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: overridden
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using replaced
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# filter {
# input foo_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Replace JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
state: replaced
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| after dictionary | when changed | The resulting configuration model invocation. Sample: The configuration returned will always be in the same format of the parameters above. |
| before dictionary | always | The configuration prior to the model invocation. Sample: The configuration returned will always be in the same format of the parameters above. |
| commands list / elements=string | always | The set of commands pushed to the remote device. Sample: ['command 1', 'command 2', 'command 3'] |
Authors
- Daniel Mellado (@dmellado)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/junipernetworks/junos/junos_acl_interfaces_module.html