a10_rule_set_rule
Synopsis
Configure rule-set rule
Parameters
Parameters |
Choices/Defaults |
Comment |
|
---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
rule_set_name str/required |
Key to identify parent object |
||
name str/required |
Rule name |
||
remark str |
Rule entry comment (Notes for this rule) |
||
status str |
‘enable’= Enable rule; ‘disable’= Disable rule; |
||
ip_version str |
‘v4’= IPv4 rule; ‘v6’= IPv6 rule; |
||
action str |
‘permit’= permit; ‘deny’= deny; ‘reset’= reset; |
||
log bool |
Enable logging |
||
reset_lid int |
Apply a Template LID |
||
listen_on_port bool |
Listen on port |
||
policy str |
‘cgnv6’= Apply CGNv6 policy; ‘forward’= Forward packet; ‘ipsec’= Apply IPsec encapsulation; ‘ipsec-group’= Apply IPsec encapsulation from a group; |
||
vpn_ipsec_name str |
VPN IPsec name |
||
vpn_ipsec_group_name str |
VPN IPsec Group name |
||
forward_listen_on_port bool |
Listen on port |
||
lid int |
Apply a Template LID |
||
listen_on_port_lid int |
Apply a Template LID |
||
fw_log bool |
Enable logging |
||
fwlog bool |
Enable logging |
||
cgnv6_log bool |
Enable logging |
||
forward_log bool |
Enable logging |
||
lidlog bool |
Enable logging |
||
reset_lidlog bool |
Enable logging |
||
listen_on_port_lidlog bool |
Enable logging |
||
cgnv6_policy str |
‘lsn-lid’= Apply specified CGNv6 LSN LID; ‘fixed-nat’= Apply CGNv6 Fixed NAT; ‘ds-lite’= Apply CGNv6 DS-Lite; |
||
cgnv6_fixed_nat_log bool |
Enable logging |
||
cgnv6_lsn_lid int |
LSN LID |
||
cgnv6_ds_lite str |
‘lsn-lid’= Apply specified CGNv6 LSN LID; |
||
cgnv6_ds_lite_lsn_lid int |
LSN LID |
||
inspect_payload bool |
Enable DS-Lite tunnel inspection |
||
cgnv6_ds_lite_log bool |
Enable logging |
||
cgnv6_lsn_log bool |
Enable logging |
||
gtp_template str |
Configure GTP Policy Template (GTP Template Policy Name) |
||
src_geoloc_name str |
Single geolocation name |
||
src_geoloc_list str |
Geolocation name list |
||
src_geoloc_list_shared bool |
Use Geolocation list from shared partition |
||
src_ipv4_any str |
‘any’= Any IPv4 address; |
||
src_ipv6_any str |
‘any’= Any IPv6 address; |
||
src_class_list str |
Match source IP against class-list |
||
source_list list |
Field source_list |
||
src_ip_subnet str |
IPv4 IP Address |
||
src_ipv6_subnet str |
IPv6 IP Address |
||
src_obj_network str |
Network object |
||
src_obj_grp_network str |
Network object group |
||
src_slb_server str |
SLB Real server name |
||
src_zone str |
Zone name |
||
src_zone_any str |
‘any’= any; |
||
src_threat_list str |
Bind threat-list for source IP based filtering |
||
dst_geoloc_name str |
Single geolocation name |
||
dst_geoloc_list str |
Geolocation name list |
||
dst_geoloc_list_shared bool |
Use Geolocation list from shared partition |
||
dst_ipv4_any str |
‘any’= Any IPv4 address; |
||
dst_ipv6_any str |
‘any’= Any IPv6 address; |
||
dst_class_list str |
Match destination IP against class-list |
||
dest_list list |
Field dest_list |
||
dst_ip_subnet str |
IPv4 IP Address |
||
dst_ipv6_subnet str |
IPv6 IP Address |
||
dst_obj_network str |
Network object |
||
dst_obj_grp_network str |
Network object group |
||
dst_slb_server str |
SLB Real server name |
||
dst_slb_vserver str |
SLB Virtual server name |
||
dst_domain_list str |
Match destination IP against domain-list |
||
dst_zone str |
Zone name |
||
dst_zone_any str |
‘any’= any; |
||
dst_threat_list str |
Bind threat-list for destination IP based filtering |
||
service_any str |
‘any’= any; |
||
service_list list |
Field service_list |
||
protocols str |
‘tcp’= tcp; ‘udp’= udp; ‘sctp’= sctp; |
||
proto_id int |
Protocol ID |
||
obj_grp_service str |
service object group |
||
icmp bool |
ICMP |
||
icmpv6 bool |
ICMPv6 |
||
icmp_type int |
ICMP type number |
||
special_type str |
‘any-type’= Any ICMP type; ‘echo-reply’= Type 0, echo reply; ‘echo-request’= Type 8, echo request; ‘info-reply’= Type 16, information reply; ‘info-request’= Type 15, information request; ‘mask-reply’= Type 18, address mask reply; ‘mask- request’= Type 17, address mask request; ‘parameter-problem’= Type 12, parameter problem; ‘redirect’= Type 5, redirect message; ‘source-quench’= Type 4, source quench; ‘time-exceeded’= Type 11, time exceeded; ‘timestamp’= Type 13, timestamp; ‘timestamp-reply’= Type 14, timestamp reply; ‘dest-unreachable’= Type 3, destination unreachable; |
||
icmp_code int |
ICMP code number |
||
special_code str |
‘any-code’= Any ICMP code; ‘frag-required’= Code 4, fragmentation required; ‘host-unreachable’= Code 1, destination host unreachable; ‘network- unreachable’= Code 0, destination network unreachable; ‘port-unreachable’= Code 3, destination port unreachable; ‘proto-unreachable’= Code 2, destination protocol unreachable; ‘route-failed’= Code 5, source route failed; |
||
icmpv6_type int |
ICMPv6 type number |
||
special_v6_type str |
‘any-type’= Any ICMPv6 type; ‘dest-unreachable’= Type 1, destination unreachable; ‘echo-reply’= Type 129, echo reply; ‘echo-request’= Type 128, echo request; ‘packet-too-big’= Type 2, packet too big; ‘param-prob’= Type 4, parameter problem; ‘time-exceeded’= Type 3, time exceeded; |
||
icmpv6_code int |
ICMPv6 code number |
||
special_v6_code str |
‘any-code’= Any ICMPv6 code; ‘addr-unreachable’= Code 3, address unreachable; ‘admin-prohibited’= Code 1, admin prohibited; ‘no-route’= Code 0, no route to destination; ‘not-neighbour’= Code 2, not neighbor; ‘port-unreachable’= Code 4, destination port unreachable; |
||
eq_src_port int |
Equal to the port number |
||
gt_src_port int |
Greater than the port number |
||
lt_src_port int |
Lower than the port number |
||
range_src_port int |
Port range (Starting Port Number) |
||
port_num_end_src int |
Ending Port Number |
||
eq_dst_port int |
Equal to the port number |
||
gt_dst_port int |
Greater than the port number |
||
lt_dst_port int |
Lower than the port number |
||
range_dst_port int |
Port range (Starting Port Number) |
||
port_num_end_dst int |
Ending Port Number |
||
sctp_template str |
SCTP Template |
||
alg str |
‘FTP’= FTP; ‘TFTP’= TFTP; ‘SIP’= SIP; ‘DNS’= DNS; ‘PPTP’= PPTP; ‘RTSP’= RTSP; ‘ESP’= ESP; |
||
idle_timeout int |
TCP/UDP idle-timeout |
||
dscp_list list |
Field dscp_list |
||
dscp_value str |
‘default’= Default dscp (000000); ‘af11’= AF11 (001010); ‘af12’= AF12 (001100); ‘af13’= AF13 (001110); ‘af21’= AF21 (010010); ‘af22’= AF22 (010100); ‘af23’= AF23 (010110); ‘af31’= AF31 (011010); ‘af32’= AF32 (011100); ‘af33’= AF33 (011110); ‘af41’= AF41 (100010); ‘af42’= AF42 (100100); ‘af43’= AF43 (100110); ‘cs1’= CS1 (001000); ‘cs2’= CS2 (010000); ‘cs3’= CS3 (011000); ‘cs4’= CS4 (100000); ‘cs5’= CS5 (101000); ‘cs6’= CS6 (110000); ‘cs7’= CS7 (111000); ‘ef’= EF (101110); |
||
dscp_range_start int |
Start DSCP Number |
||
dscp_range_end int |
Ending DSCP Number |
||
application_any str |
‘any’= any; |
||
app_list list |
Field app_list |
||
obj_grp_application str |
Application object group |
||
protocol str |
Specify application(s) |
||
protocol_tag str |
‘aaa’= Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; ‘adult-content’= Adult content protocol/application.; ‘advertising’= Advertising networks and applications.; ‘application-enforcing- tls’= Application known to enforce HSTS and thus use of TLS.; ‘analytics-and- statistics’= User analytics and statistics protocol/application.; ‘anonymizers- and-proxies’= Traffic-anonymization protocol/application.; ‘audio-chat’= Protocol/application used for Audio Chat.; ‘basic’= Covers all protocols required for basic classification, including most networking protocols as well as standard protocols like HTTP.; ‘blog’= Blogging platform protocol/application.; ‘cdn’= Protocol/application used for Content-Delivery Networks.; ‘certification-authority’= Certification Authority for SSL/TLS certificate.; ‘chat’= Protocol/application used for Text Chat.; ‘classified- ads’= Protocol/application used for Classified Advertisements.; ‘cloud-based- services’= SaaS and/or PaaS cloud based services.; ‘crowdfunding’= Service for funding a project or venture by raising small amounts of money from a large number of people, typically via the Internet.; ‘cryptocurrency’= Services for mining cryptocurrencies, for example a Crypto Web Browser (an application that mines crypto currency in the background while its user browses the web).; ‘database’= Database-specific protocols.; ‘disposable-email’= Service offering Disposable Email Accounts (DEA). DEA is a technique to share temporary email address between many users.; ‘ebook-reader’= Services for e-book readers, i.e. connected devices that display electronic books (typically using e-ink displays to reduce glare and eye strain).; ‘education’= Protocols offering education services and online courses.; ‘email’= Native email protocol.; ‘enterprise’= Protocol/application used in an enterprise network.; ‘file-management’= Protocol/application designed specifically for file management and exchange. This can include bona fide network protocols (like SMB) as well as web/cloud services (like Dropbox).; ‘file-transfer’= Protocol that offers file transferring as a secondary feature. This typically includes IM, WebMail, and other protocols that allow file transfers in addition to their principal function.; ‘forum’= Online forum protocol/application.; ‘gaming’= Protocol/application used by games.; ‘healthcare’= Protocols offering medical services, i.e protocols used in medical environment.; ‘instant-messaging-and- multimedia-conferencing’= Protocol/application used for Instant Messaging or Multi-Conferencing.; ‘internet-of-things’= Internet Of Things protocol/application.; ‘map-service’= Digital Maps service (web site and their related API).; ‘mobile’= Mobile-specific protocol/application.; ‘multimedia- streaming’= Protocol/application used for multimedia streaming.; ‘networking’= Protocol used for (inter) networking purpose.; ‘news-portal’= Protocol/application used for News Portals.; ‘payment-service’= Application offering online services for accepting electronic payments by a variety of payment methods (credit card, bank-based payments such as direct debit, bank transfer, etc).; ‘peer-to-peer’= Protocol/application used for Peer-to-peer purposes.; ‘remote-access’= Protocol/application used for remote access.; ‘scada’= SCADA (Supervisory control and data acquisition) protocols, all generations.; ‘social-networks’= Social networking application.; ‘software- update’= Auto-update protocol.; ‘speedtest’= Speedtest application allowing to access quality of Internet connection (upload, download, latency, etc).; ‘standards-based’= Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; ‘transportation’= Transportation services, for example smartphone applications that allow users to hail a taxi.; ‘video-chat’= Protocol/application used for Video Chat.; ‘voip’= Application used for Voice- Over-IP.; ‘vpn-tunnels’= Protocol/application used for VPN or tunneling purposes.; ‘web’= Application based on HTTP/HTTPS.; ‘web-e-commerce’= Protocol/application used for E-commerce websites.; ‘web-search-engines’= Protocol/application used for Web search portals.; ‘web-websites’= Protocol/application used for Company Websites.; ‘webmails’= Web-based e-mail application.; ‘web-ext-adult’= Web Extension Adult; ‘web-ext-auctions’= Web Extension Auctions; ‘web-ext-blogs’= Web Extension Blogs; ‘web-ext-business- and-economy’= Web Extension Business and Economy; ‘web-ext-cdns’= Web Extension CDNs; ‘web-ext-collaboration’= Web Extension Collaboration; ‘web-ext-computer- and-internet-info’= Web Extension Computer and Internet Info; ‘web-ext- computer-and-internet-security’= Web Extension Computer and Internet Security; ‘web-ext-dating’= Web Extension Dating; ‘web-ext-educational-institutions’= Web Extension Educational Institutions; ‘web-ext-entertainment-and-arts’= Web Extension Entertainment and Arts; ‘web-ext-fashion-and-beauty’= Web Extension Fashion and Beauty; ‘web-ext-file-share’= Web Extension File Share; ‘web-ext- financial-services’= Web Extension Financial Services; ‘web-ext-gambling’= Web Extension Gambling; ‘web-ext-games’= Web Extension Games; ‘web-ext-government’= Web Extension Government; ‘web-ext-health-and-medicine’= Web Extension Health and Medicine; ‘web-ext-individual-stock-advice-and-tools’= Web Extension Individual Stock Advice and Tools; ‘web-ext-internet-portals’= Web Extension Internet Portals; ‘web-ext-job-search’= Web Extension Job Search; ‘web-ext- local-information’= Web Extension Local Information; ‘web-ext-malware’= Web Extension Malware; ‘web-ext-motor-vehicles’= Web Extension Motor Vehicles; ‘web-ext-music’= Web Extension Music; ‘web-ext-news’= Web Extension News; ‘web- ext-p2p’= Web Extension P2P; ‘web-ext-parked-sites’= Web Extension Parked Sites; ‘web-ext-proxy-avoid-and-anonymizers’= Web Extension Proxy Avoid and Anonymizers; ‘web-ext-real-estate’= Web Extension Real Estate; ‘web-ext- reference-and-research’= Web Extension Reference and Research; ‘web-ext-search- engines’= Web Extension Search Engines; ‘web-ext-shopping’= Web Extension Shopping; ‘web-ext-social-network’= Web Extension Social Network; ‘web-ext- society’= Web Extension Society; ‘web-ext-software’= Web Extension Software; ‘web-ext-sports’= Web Extension Sports; ‘web-ext-streaming-media’= Web Extension Streaming Media; ‘web-ext-training-and-tools’= Web Extension Training and Tools; ‘web-ext-translation’= Web Extension Translation; ‘web-ext-travel’= Web Extension Travel; ‘web-ext-web-advertisements’= Web Extension Web Advertisements; ‘web-ext-web-based-email’= Web Extension Web based Email; ‘web- ext-web-hosting’= Web Extension Web Hosting; ‘web-ext-web-service’= Web Extension Web Service; |
||
track_application bool |
Enable application statistic (functional only in action permit) |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘hit-count’= Hit counts; ‘permit-bytes’= Permitted bytes counter; ‘deny-bytes’= Denied bytes counter; ‘reset-bytes’= Reset bytes counter; ‘permit-packets’= Permitted packets counter; ‘deny-packets’= Denied packets counter; ‘reset-packets’= Reset packets counter; ‘active-session-tcp’= Active TCP session counter; ‘active-session-udp’= Active UDP session counter; ‘active- session-icmp’= Active ICMP session counter; ‘active-session-other’= Active other protocol session counter; ‘session-tcp’= TCP session counter; ‘session- udp’= UDP session counter; ‘session-icmp’= ICMP session counter; ‘session- other’= Other protocol session counter; ‘active-session-sctp’= Active SCTP session counter; ‘session-sctp’= SCTP session counter; ‘hitcount-timestamp’= Last hit counts timestamp; ‘rate-limit-drops’= Rate Limit Drops; |
||
action_group dict |
Field action_group |
||
ntype str |
‘permit’= permit; ‘deny’= deny; ‘reset’= reset; |
||
permit_log bool |
Enable logging |
||
reset_log bool |
Enable logging |
||
deny_log bool |
Enable logging |
||
logging_template_list list |
Field logging_template_list |
||
reset_log_template_type str |
‘fw-logging-template’= Logging with specified fw template; |
||
reset_fw_log str |
Logging template name |
||
deny_log_template_type str |
‘fw-logging-template’= Logging with specified fw template; |
||
deny_fw_log str |
Logging template name |
||
listen_on_port bool |
Listen on port |
||
forward bool |
Forward packet |
||
ipsec bool |
Apply IPsec encapsulation |
||
ipsec_group bool |
Apply IPsec Group encapsulation |
||
vpn_ipsec_name str |
VPN IPsec name |
||
vpn_ipsec_group_name str |
VPN IPsec Group name |
||
cgnv6 bool |
Apply CGNv6 policy |
||
cgnv6_policy str |
‘lsn-lid’= Apply specified CGNv6 LSN LID; ‘fixed-nat’= Apply CGNv6 Fixed NAT; ‘ds-lite’= Apply CGNv6 DS-Lite; |
||
cgnv6_lsn_lid int |
LSN LID |
||
cgnv6_ds_lite str |
‘lsn-lid’= Apply specified CGNv6 LSN LID; |
||
cgnv6_ds_lite_lsn_lid int |
LSN LID |
||
inspect_payload bool |
Enable DS-Lite tunnel inspection |
||
permit_limit_policy int |
Limit policy Template |
||
deny_reset_limit_policy int |
Limit policy Template (only works for inbound rule) |
||
permit_respond_to_user_mac bool |
Use the user’s source MAC for the next hop rather than the routing table (default=off) |
||
reset_respond_to_user_mac bool |
Use the user’s source MAC for the next hop rather than the routing table (default=off) |
||
set_dscp bool |
DSCP setting |
||
dscp_value str |
‘default’= Default dscp (000000); ‘af11’= AF11 (001010); ‘af12’= AF12 (001100); ‘af13’= AF13 (001110); ‘af21’= AF21 (010010); ‘af22’= AF22 (010100); ‘af23’= AF23 (010110); ‘af31’= AF31 (011010); ‘af32’= AF32 (011100); ‘af33’= AF33 (011110); ‘af41’= AF41 (100010); ‘af42’= AF42 (100100); ‘af43’= AF43 (100110); ‘cs1’= CS1 (001000); ‘cs2’= CS2 (010000); ‘cs3’= CS3 (011000); ‘cs4’= CS4 (100000); ‘cs5’= CS5 (101000); ‘cs6’= CS6 (110000); ‘cs7’= CS7 (111000); ‘ef’= EF (101110); |
||
dscp_number int |
DSCP Number |
||
uuid str |
uuid of the object |
||
move_rule dict |
Field move_rule |
||
location str |
‘top’= top; ‘before’= before; ‘after’= after; ‘bottom’= bottom; |
||
target_rule str |
Field target_rule |
||
oper dict |
Field oper |
||
hitcount int |
Field hitcount |
||
last_hitcount_time str |
Field last_hitcount_time |
||
action str |
Field action |
||
status str |
Field status |
||
permitbytes int |
Field permitbytes |
||
denybytes int |
Field denybytes |
||
resetbytes int |
Field resetbytes |
||
totalbytes int |
Field totalbytes |
||
permitpackets int |
Field permitpackets |
||
denypackets int |
Field denypackets |
||
resetpackets int |
Field resetpackets |
||
totalpackets int |
Field totalpackets |
||
activesessiontcp int |
Field activesessiontcp |
||
activesessionudp int |
Field activesessionudp |
||
activesessionicmp int |
Field activesessionicmp |
||
activesessionsctp int |
Field activesessionsctp |
||
activesessionother int |
Field activesessionother |
||
activesessiontotal int |
Field activesessiontotal |
||
sessiontcp int |
Field sessiontcp |
||
sessionudp int |
Field sessionudp |
||
sessionicmp int |
Field sessionicmp |
||
sessionsctp int |
Field sessionsctp |
||
sessionother int |
Field sessionother |
||
sessiontotal int |
Field sessiontotal |
||
ratelimitdrops int |
Field ratelimitdrops |
||
name str |
Rule name |
||
stats dict |
Field stats |
||
hit_count str |
Hit counts |
||
permit_bytes str |
Permitted bytes counter |
||
deny_bytes str |
Denied bytes counter |
||
reset_bytes str |
Reset bytes counter |
||
permit_packets str |
Permitted packets counter |
||
deny_packets str |
Denied packets counter |
||
reset_packets str |
Reset packets counter |
||
active_session_tcp str |
Active TCP session counter |
||
active_session_udp str |
Active UDP session counter |
||
active_session_icmp str |
Active ICMP session counter |
||
active_session_other str |
Active other protocol session counter |
||
session_tcp str |
TCP session counter |
||
session_udp str |
UDP session counter |
||
session_icmp str |
ICMP session counter |
||
session_other str |
Other protocol session counter |
||
active_session_sctp str |
Active SCTP session counter |
||
session_sctp str |
SCTP session counter |
||
hitcount_timestamp str |
Last hit counts timestamp |
||
rate_limit_drops str |
Rate Limit Drops |
||
name str |
Rule name |
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.