vr_firewall_rule - Manages firewall rules on Vultr.
New in version 2.5.
Synopsis
- Create and remove firewall rules.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| api_account | Default: default | Name of the ini section in the vultr.ini file.The ENV variable VULTR_API_ACCOUNT is used as default, when defined. |
| api_endpoint | Default: https://api.vultr.com | URL to API endpint (without trailing slash). The ENV variable VULTR_API_ENDPOINT is used as default, when defined. |
| api_key | API key of the Vultr API. The ENV variable VULTR_API_KEY is used as default, when defined. | |
| api_retries | Default: 5 | Amount of retries in case of the Vultr API retuns an HTTP 503 code. The ENV variable VULTR_API_RETRIES is used as default, when defined. |
| api_timeout | Default: 60 | HTTP timeout to Vultr API. The ENV variable VULTR_API_TIMEOUT is used as default, when defined. |
| cidr | Default: 0.0.0.0/0 or ::/0 depending on C(ip_version) | Network in CIDR format The CIDR format must match with the ip_type value.Required if state=present. |
| end_port | End port for the firewall rule. Only considered if protocol is tcp or udp and state=present. | |
| group required | Name of the firewall group. | |
| ip_version |
| IP address version aliases: ip_type |
| protocol |
| Protocol of the firewall rule. |
| start_port | Start port for the firewall rule. Required if protocol is tcp or udp and state=present.aliases: port | |
| state |
| State of the firewall rule. |
| validate_certs |
| Validate SSL certs of the Vultr API. |
Notes
Note
- Also see the API documentation on https://www.vultr.com/api/.
Examples
- name: ensure a firewall rule is present
local_action:
module: vr_firewall_rule
group: application
protocol: tcp
start_port: 8000
end_port: 9000
cidr: 17.17.17.0/24
- name: open DNS port for all ipv4 and ipv6
local_action:
module: vr_firewall_rule
group: dns
protocol: udp
port: 53
ip_version: "{{ item }}"
with_items: [ v4, v6 ]
- name: allow ping
local_action:
module: vr_firewall_rule
group: web
protocol: icmp
- name: ensure a firewall rule is absent
local_action:
module: vr_firewall_rule
group: application
protocol: tcp
start_port: 8000
end_port: 9000
cidr: 17.17.17.0/24
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| vultr_api complex | success | Response from Vultr API with a few additions/modification | |
| api_endpoint string | success | Endpoint used for the API requests Sample: https://api.vultr.com | |
| api_timeout int | success | Timeout used for the API requests Sample: 60 | |
| api_retries int | success | Amount of max retries for the API requests Sample: 5 | |
| api_account string | success | Account used in the ini file to select the key Sample: default | |
| vultr_firewall_rule complex | success | Response from Vultr API | |
| start_port int | success and protocol is tcp or udp | Start port of the firewall rule Sample: 80 | |
| action string | success | Action of the firewall rule Sample: accept | |
| group string | success | Firewall group the rule is into. Sample: web | |
| cidr string | success and when port range | CIDR of the firewall rule (IPv4 or IPv6) Sample: 0.0.0.0/0 | |
| end_port int | success and when port range and protocol is tcp or udp | End port of the firewall rule Sample: 8080 | |
| rule_number int | success | Rule number of the firewall rule Sample: 2 | |
| protocol string | success | Protocol of the firewall rule Sample: tcp | |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Author
- René Moser (@resmo)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/vr_firewall_rule_module.html