Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add module to manage AFM rule lists #489

Closed
caphrim007 opened this issue Dec 5, 2017 · 1 comment
Closed

add module to manage AFM rule lists #489

caphrim007 opened this issue Dec 5, 2017 · 1 comment
Assignees
@caphrim007
Labels
new-module Issues that require the creation of a new Ansible module
Projects
Ansible 2.7 release

Comments

@caphrim007
Copy link
Contributor

caphrim007 commented Dec 5, 2017
edited 

modify security firewall rule-list DIAMETER-NODES-RL-IPV4 rules add {
  ALLOW-FOREIGNNET-ICMP {
    place-before DEFAULT-DROP
    action accept
    description "Allow DIAMETER-NODES FOREIGNNET to Originate ICMP PING/TRACEROUTE"
    ip-protocol icmp
    icmp replace-all-with {
      0 {} 8 {} 30 {}
    }
    log yes
    destination {
      address-lists add {
        DIAMETER-NODES-PARTNERNETWORK-BILLING-DRA
      }
    }
    source {
      address-lists add {
        DIAMETER-NODES-FOREIGNNET
      }
    }
  }
}

modify security firewall rule-list PARTNERNETWORK-RL-IPV4 rules add {
  ALLOW-PARTNERNETWORK-ICMP {
    place-before DEFAULT-DROP
    action accept
    description "Allow PARTNERNETWORK BILLING DRA to Originate ICMP PING/TRACEROUTE"
    ip-protocol icmp
    icmp replace-all-with {
      0 {} 8 {} 30 {}
    }
    log yes
    destination {
      address-lists add {
        DIAMETER-NODES-FOREIGNNET
      }
    }
    source {
      address-lists add {
        DIAMETER-NODES-PARTNERNETWORK-BILLING-DRA
      }
    }
  }
}

create security firewall rule-list DIAMETER-NODES-RL-UDR-IPV4 {
  description "Rule List for DIAMETER-NODES UDR IPv4 Flows"
  rules replace-all-with {
    ALLOW-UDR-TCP {
      action accept
      description "Allow DIAMETER-NODES Originate TCP SSH UDR"
      ip-protocol tcp
      log yes
      destination {
        address-lists replace-all-with {
          DIAMETER-NODES-PARTNERNETWORK-BILLING-UDR
        }
        port-lists replace-all-with {
          SFTP-TCP
        }
      }
      source {
        address-lists replace-all-with {
          DIAMETER-NODES-FOREIGNNET
        }
      }
    }
    DEFAULT-DROP {
      action drop
      description "Drop Policy with Logging"
      log yes
    }
  }
}
@caphrim007 caphrim007 mentioned this issue Dec 5, 2017
Closed
@caphrim007 caphrim007 self-assigned this Dec 5, 2017
@caphrim007 caphrim007 added the new-module Issues that require the creation of a new Ansible module label Dec 5, 2017
@caphrim007 caphrim007 changed the title add module to mnaage AFM rule lists add module to manage AFM rule lists Dec 5, 2017
@caphrim007
Copy link
Contributor Author 

bigip_security_rule_list:
    name: DIAMETER-NODES-RL-IPV4
    partition: Common
    rules:
        - name: ALLOW-FOREIGNNET-TCP
          description: Allow DIAMETER-NODES FOREIGNNET to Originate TCP
          state: enabled
          protocol: tcp
          source:
              - [address|address_list|address_range|country_and_region] mutually exclusive
                 [port|port_range|port_list] mutually exclusive
                 vlan (type list)
          destination:
              - [address|address_list|address_range|country] mutually exclusive
                 [port|port_range|port_list] mutually exclusive
                 vlan (type list)
          irule:
          action: (accept|drop|reject|accept_decisively)
          logging: (bool)
          service_policy: string

@caphrim007 caphrim007 removed this from Todo in Ansible 2.5 release May 19, 2018
@caphrim007 caphrim007 removed this from Todo in Ansible 2.6 release May 19, 2018
@caphrim007 caphrim007 moved this from Todo to In Progress in Ansible 2.7 release Jun 23, 2018
caphrim007 added a commit that referenced this issue Aug 7, 2018
@caphrim007
Add module to adding rules to either firewall policies or firewall ru…
bd8f690 
…le lists.

Part of #489 and #275
@caphrim007 caphrim007 moved this from In Progress to Done in Ansible 2.7 release Aug 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caphrim007 caphrim007

Labels
new-module Issues that require the creation of a new Ansible module
Projects
No open projects
Ansible 2.7 release
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caphrim007 @delgadillo22