This repository has been archived by the owner on Jan 6, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 48
pfsense_rule
Frederic Bor edited this page Jul 1, 2020
·
9 revisions
> PFSENSE_RULE (/home/fbor/ansible/lib/ansible/modules/network/pfsense/pfsense_rule.py)
Manage pfSense rules
* This module is maintained by The Ansible Community
OPTIONS (= is mandatory):
- ackqueue
QOS acknowledge queue
[Default: (null)]
type: str
- action
The action of the rule
(Choices: pass, block, match, reject)[Default: pass]
type: str
- after
Rule to go after, or `top'
[Default: (null)]
type: str
- before
Rule to go before, or `bottom'
[Default: (null)]
type: str
- destination
The destination address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format.
[Default: None]
type: str
- destination_port
Destination port or port range specification.
This can either be a alias or a port number.
An inclusive range can also be specified, using the format `first-last'..
[Default: None]
type: str
- direction
Direction floating rule applies to
(Choices: any, in, out)[Default: (null)]
type: str
- disabled
Is the rule disabled
[Default: False]
type: bool
- floating
Is the rule floating
[Default: (null)]
type: bool
- gateway
Leave as `default' to use the system routing table or choose a gateway to utilize policy based routing.
[Default: default]
type: str
- icmptype
One or more of these ICMP subtypes may be specified, separated by comma, or `any' for all of them.
The types must match ip protocol.
althost, dataconv, echorep, echoreq, fqdnrep, fqdnreq, groupqry, grouprep, groupterm, inforep, inforeq, ipv6-here,
ipv6-where, listendone, listenrep, listqry, maskrep, maskreq, mobredir, mobregrep, mobregreq, mtrace, mtraceresp,
neighbradv, neighbrsol, niqry, nirep, paramprob, photuris, redir, routeradv, routersol, routrrenum, skip, squench,
timerep, timereq, timex, toobig, trace, unreach, wrurep, wrureq
[Default: any]
type: str
- in_queue
Limiter queue for traffic coming into the chosen interface
[Default: (null)]
type: str
= interface
The interface for the rule
type: str
- ipprotocol
The IP protocol
(Choices: inet, inet46, inet6)[Default: inet]
type: str
- log
Log packets matched by rule
[Default: (null)]
type: bool
= name
The name the rule
[Default: None]
type: str
- out_queue
Limiter queue for traffic leaving the chosen interface
[Default: (null)]
type: str
- protocol
The protocol
(Choices: any, tcp, udp, tcp/udp, icmp, igmp, ospf, esp, ah, gre, pim, sctp, pfsync, carp)[Default: any]
type: str
- queue
QOS default queue
[Default: (null)]
type: str
- quick
Set this option to apply this action to traffic that matches this rule immediately
[Default: False]
type: bool
- sched
Schedule day/time when the rule must be active
[Default: (null)]
type: str
- source
The source address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format.
[Default: None]
type: str
- source_port
Source port or port range specification.
This can either be a alias or a port number.
An inclusive range can also be specified, using the format `first-last'..
[Default: None]
type: str
- state
State in which to leave the rule
(Choices: present, absent)[Default: present]
type: str
- statetype
State type
(Choices: keep state, sloppy state, synproxy state, none)[Default: keep state]
type: str
- tcpflags_any
Allow TCP packets with any flags set.
[Default: (null)]
type: bool
- tracker
Rule tracking ID. Defaults to timestamp of rule creation.
[Default: (null)]
type: int
AUTHOR: Orion Poplawski (@opoplawski), Frederic Bor (@f-bor)
METADATA:
status:
- preview
supported_by: community
EXAMPLES:
- name: "Add Internal DNS out rule"
pfsense_rule:
name: 'Allow Internal DNS traffic out'
action: pass
interface: lan
ipprotocol: inet
protocol: udp
source: dns_int
destination: any
destination_port: 53
after: 'Allow proxies out'
state: present
- name: "Allow inbound port range"
pfsense_rule:
name: 'Allow inbound port range'
action: pass
interface: wan
ipprotocol: inet
protocol: tcp
source: any
destination: NET:lan
destination_port: 4000-5000
after: 'Allow Internal DNS traffic out'
state: present
RETURN VALUES: