vr_firewall_rule - Manages firewall rules on Vultr.
New in version 2.5.
Synopsis
- Create and remove firewall rules.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| api_account | Default:
"default"
|
Name of the ini section in the
vultr.ini file.
The ENV variable VULTR_API_ACCOUNT is used as default, when defined.
|
| api_endpoint | Default:
"https://api.vultr.com"
|
URL to API endpint (without trailing slash).
The ENV variable VULTR_API_ENDPOINT is used as default, when defined.
|
| api_key |
API key of the Vultr API.
The ENV variable VULTR_API_KEY is used as default, when defined.
|
|
| api_retries | Default:
5
|
Amount of retries in case of the Vultr API retuns an HTTP 503 code.
The ENV variable VULTR_API_RETRIES is used as default, when defined.
|
| api_timeout | Default:
60
|
HTTP timeout to Vultr API.
The ENV variable VULTR_API_TIMEOUT is used as default, when defined.
|
| cidr | Default:
"0.0.0.0/0 or ::/0 depending on C(ip_version)"
|
Network in CIDR format
The CIDR format must match with the
ip_type value.
Required if state=present.
|
| end_port |
End port for the firewall rule.
Only considered if protocol is tcp or udp and state=present.
|
|
| group
required
|
Name of the firewall group.
|
|
| ip_version |
|
IP address version
aliases: ip_type |
| protocol |
|
Protocol of the firewall rule.
|
| start_port |
Start port for the firewall rule.
Required if
protocol is tcp or udp and state=present.
aliases: port |
|
| state |
|
State of the firewall rule.
|
| validate_certs
bool
|
|
Validate SSL certs of the Vultr API.
|
Notes
Note
- Also see the API documentation on https://www.vultr.com/api/.
Examples
- name: ensure a firewall rule is present
local_action:
module: vr_firewall_rule
group: application
protocol: tcp
start_port: 8000
end_port: 9000
cidr: 17.17.17.0/24
- name: open DNS port for all ipv4 and ipv6
local_action:
module: vr_firewall_rule
group: dns
protocol: udp
port: 53
ip_version: "{{ item }}"
with_items: [ v4, v6 ]
- name: allow ping
local_action:
module: vr_firewall_rule
group: web
protocol: icmp
- name: ensure a firewall rule is absent
local_action:
module: vr_firewall_rule
group: application
protocol: tcp
start_port: 8000
end_port: 9000
cidr: 17.17.17.0/24
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| vultr_api
complex
|
success |
Response from Vultr API with a few additions/modification
|
|
| api_account
string
|
success |
Account used in the ini file to select the key
Sample:
default
|
|
| api_timeout
int
|
success |
Timeout used for the API requests
Sample:
60
|
|
| api_retries
int
|
success |
Amount of max retries for the API requests
Sample:
5
|
|
| api_endpoint
string
|
success |
Endpoint used for the API requests
Sample:
https://api.vultr.com
|
|
| vultr_firewall_rule
complex
|
success |
Response from Vultr API
|
|
| rule_number
int
|
success |
Rule number of the firewall rule
Sample:
2
|
|
| action
string
|
success |
Action of the firewall rule
Sample:
accept
|
|
| protocol
string
|
success |
Protocol of the firewall rule
Sample:
tcp
|
|
| start_port
int
|
success and protocol is tcp or udp |
Start port of the firewall rule
Sample:
80
|
|
| end_port
int
|
success and when port range and protocol is tcp or udp |
End port of the firewall rule
Sample:
8080
|
|
| cidr
string
|
success and when port range |
CIDR of the firewall rule (IPv4 or IPv6)
Sample:
0.0.0.0/0
|
|
| group
string
|
success |
Firewall group the rule is into.
Sample:
web
|
|
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author
- René Moser (@resmo)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/vr_firewall_rule_module.html