a10_ip_anomaly_drop
Synopsis
Set IP anomaly drop policy
Parameters
Parameters |
Choices/Defaults |
Comment |
|
---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
packet_deformity dict |
Field packet_deformity |
||
packet_deformity_layer_3 bool |
drop packets with layer 3 anomaly |
||
packet_deformity_layer_4 bool |
drop packets with layer 4 anomaly |
||
security_attack dict |
Field security_attack |
||
security_attack_layer_3 bool |
drop packets with layer 3 anomaly |
||
security_attack_layer_4 bool |
drop packets with layer 4 anomaly |
||
bad_content int |
bad content threshold (threshold value) |
||
drop_all bool |
drop all IP anomaly packets |
||
frag bool |
drop all fragmented packets |
||
ip_option bool |
drop packets with IP options |
||
land_attack bool |
drop IP packets with the same source and destination addresses |
||
out_of_sequence int |
out of sequence packet threshold (threshold value) |
||
ping_of_death bool |
drop oversize ICMP packets |
||
tcp_no_flag bool |
drop TCP packets with no flag |
||
tcp_syn_fin bool |
drop TCP packets with both syn and fin flags set |
||
tcp_syn_frag bool |
drop fragmented TCP packets with syn flag set |
||
zero_window int |
zero window size threshold (threshold value) |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘land’= Land Attack Drop; ‘emp_frg’= Empty Fragment Drop; ‘emp_mic_frg’= Micro Fragment Drop; ‘opt’= IPv4 Options Drop; ‘frg’= IPv4 Fragment Drop; ‘bad_ip_hdrlen’= Bad IP Header Len Drop; ‘bad_ip_flg’= Bad IP Flags Drop; ‘bad_ip_ttl’= Bad IP TTL Drop; ‘no_ip_payload’= No IP Payload drop; ‘over_ip_payload’= Oversize IP Payload Drop; ‘bad_ip_payload_len’= Bad IP Payload Len Drop; ‘bad_ip_frg_offset’= Bad IP Fragment Offset Drop; ‘csum’= Bad IP Checksum Drop; ‘pod’= ICMP Ping of Death Drop; ‘bad_tcp_urg_offset’= TCP Bad Urgent Offset Drop; ‘tcp_sht_hdr’= TCP Short Header Drop; ‘tcp_bad_iplen’= TCP Bad IP Length Drop; ‘tcp_null_frg’= TCP Null Flags Drop; ‘tcp_null_scan’= TCP Null Scan Drop; ‘tcp_syn_fin’= TCP Syn and Fin Drop; ‘tcp_xmas’= TCP XMAS Flags Drop; ‘tcp_xmas_scan’= TCP XMAS Scan Drop; ‘tcp_syn_frg’= TCP Syn Fragment Drop; ‘tcp_frg_hdr’= TCP Fragmented Header Drop; ‘tcp_bad_csum’= TCP Bad Checksum Drop; ‘udp_srt_hdr’= UDP Short Header Drop; ‘udp_bad_len’= UDP Bad Length Drop; ‘udp_kerb_frg’= UDP Kerberos Fragment Drop; ‘udp_port_lb’= UDP Port Loopback Drop; ‘udp_bad_csum’= UDP Bad Checksum Drop; ‘runt_ip_hdr’= Runt IP Header Drop; ‘runt_tcp_udp_hdr’= Runt TCP/UDP Header Drop; ‘ipip_tnl_msmtch’= IP-over-IP Tunnel Mismatch Drop; ‘tcp_opt_err’= TCP Option Error Drop; ‘ipip_tnl_err’= IP-over-IP Tunnel Error Drop; ‘vxlan_err’= VXLAN Tunnel Error Drop; ‘nvgre_err’= GRE Tunnel Error Drop; ‘gre_pptp_err’= GRE PPTP Error Drop; |
||
stats dict |
Field stats |
||
land str |
Land Attack Drop |
||
emp_frg str |
Empty Fragment Drop |
||
emp_mic_frg str |
Micro Fragment Drop |
||
opt str |
IPv4 Options Drop |
||
frg str |
IPv4 Fragment Drop |
||
bad_ip_hdrlen str |
Bad IP Header Len Drop |
||
bad_ip_flg str |
Bad IP Flags Drop |
||
bad_ip_ttl str |
Bad IP TTL Drop |
||
no_ip_payload str |
No IP Payload drop |
||
over_ip_payload str |
Oversize IP Payload Drop |
||
bad_ip_payload_len str |
Bad IP Payload Len Drop |
||
bad_ip_frg_offset str |
Bad IP Fragment Offset Drop |
||
csum str |
Bad IP Checksum Drop |
||
pod str |
ICMP Ping of Death Drop |
||
bad_tcp_urg_offset str |
TCP Bad Urgent Offset Drop |
||
tcp_sht_hdr str |
TCP Short Header Drop |
||
tcp_bad_iplen str |
TCP Bad IP Length Drop |
||
tcp_null_frg str |
TCP Null Flags Drop |
||
tcp_null_scan str |
TCP Null Scan Drop |
||
tcp_syn_fin str |
TCP Syn and Fin Drop |
||
tcp_xmas str |
TCP XMAS Flags Drop |
||
tcp_xmas_scan str |
TCP XMAS Scan Drop |
||
tcp_syn_frg str |
TCP Syn Fragment Drop |
||
tcp_frg_hdr str |
TCP Fragmented Header Drop |
||
tcp_bad_csum str |
TCP Bad Checksum Drop |
||
udp_srt_hdr str |
UDP Short Header Drop |
||
udp_bad_len str |
UDP Bad Length Drop |
||
udp_kerb_frg str |
UDP Kerberos Fragment Drop |
||
udp_port_lb str |
UDP Port Loopback Drop |
||
udp_bad_csum str |
UDP Bad Checksum Drop |
||
runt_ip_hdr str |
Runt IP Header Drop |
||
runt_tcp_udp_hdr str |
Runt TCP/UDP Header Drop |
||
ipip_tnl_msmtch str |
IP-over-IP Tunnel Mismatch Drop |
||
tcp_opt_err str |
TCP Option Error Drop |
||
ipip_tnl_err str |
IP-over-IP Tunnel Error Drop |
||
vxlan_err str |
VXLAN Tunnel Error Drop |
||
nvgre_err str |
GRE Tunnel Error Drop |
||
gre_pptp_err str |
GRE PPTP Error Drop |
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.