vultr_firewall_rule – Manages firewall rules on Vultr

New in version 2.5.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values
Status

Synopsis

Create and remove firewall rules.

Aliases: vr_firewall_rule

Requirements

The below requirements are needed on the host that executes this module.

python >= 2.6

Parameters

Parameter	Choices/Defaults	Comments
api_account string	Default: "default"	Name of the ini section in the `vultr.ini` file. The ENV variable `VULTR_API_ACCOUNT` is used as default, when defined.
api_endpoint string		URL to API endpint (without trailing slash). The ENV variable `VULTR_API_ENDPOINT` is used as default, when defined. Fallback value is https://api.vultr.com if not specified.
api_key string		API key of the Vultr API. The ENV variable `VULTR_API_KEY` is used as default, when defined.
api_retries integer		Amount of retries in case of the Vultr API retuns an HTTP 503 code. The ENV variable `VULTR_API_RETRIES` is used as default, when defined. Fallback value is 5 retries if not specified.
api_retry_max_delay integer added in 2.9		Retry backoff delay in seconds is exponential up to this max. value, in seconds. The ENV variable `VULTR_API_RETRY_MAX_DELAY` is used as default, when defined. Fallback value is 12 seconds.
api_timeout integer		HTTP timeout to Vultr API. The ENV variable `VULTR_API_TIMEOUT` is used as default, when defined. Fallback value is 60 seconds if not specified.
cidr -		Network in CIDR format The CIDR format must match with the `ip_version` value. Required if `state=present`. Defaulted to 0.0.0.0/0 or ::/0 depending on `ip_version`.
end_port -		End port for the firewall rule. Only considered if `protocol` is tcp or udp and state=present.
group - / required		Name of the firewall group.
ip_version -	v4 ← v6	IP address version aliases: ip_type
protocol -	icmp tcp ← udp gre	Protocol of the firewall rule.
start_port -		Start port for the firewall rule. Required if `protocol` is tcp or udp and state=present. aliases: port
state -	present ← absent	State of the firewall rule.
validate_certs boolean	no yes ←	Validate SSL certs of the Vultr API.

Notes

Note

Also see the API documentation on https://www.vultr.com/api/.

Examples

- name: ensure a firewall rule is present
  local_action:
    module: vultr_firewall_rule
    group: application
    protocol: tcp
    start_port: 8000
    end_port: 9000
    cidr: 17.17.17.0/24

- name: open DNS port for all ipv4 and ipv6
  local_action:
    module: vultr_firewall_rule
    group: dns
    protocol: udp
    port: 53
    ip_version: "{{ item }}"
  with_items: [ v4, v6 ]

- name: allow ping
  local_action:
    module: vultr_firewall_rule
    group: web
    protocol: icmp

- name: ensure a firewall rule is absent
  local_action:
    module: vultr_firewall_rule
    group: application
    protocol: tcp
    start_port: 8000
    end_port: 9000
    cidr: 17.17.17.0/24
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key		Returned	Description
vultr_api complex		success	Response from Vultr API with a few additions/modification
	api_account string	success	Account used in the ini file to select the key Sample: default
	api_endpoint string	success	Endpoint used for the API requests Sample: https://api.vultr.com
	api_retries integer	success	Amount of max retries for the API requests Sample: 5
	api_retry_max_delay integer added in 2.9	success	Exponential backoff delay in seconds between retries up to this max delay value. Sample: 12
	api_timeout integer	success	Timeout used for the API requests Sample: 60
vultr_firewall_rule complex		success	Response from Vultr API
	action string	success	Action of the firewall rule Sample: accept
	cidr string	success and when port range	CIDR of the firewall rule (IPv4 or IPv6) Sample: 0.0.0.0/0
	end_port integer	success and when port range and protocol is tcp or udp	End port of the firewall rule Sample: 8080
	group string	success	Firewall group the rule is into. Sample: web
	protocol string	success	Protocol of the firewall rule Sample: tcp
	rule_number integer	success	Rule number of the firewall rule Sample: 2
	start_port integer	success and protocol is tcp or udp	Start port of the firewall rule Sample: 80

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

René Moser (@resmo)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/vultr_firewall_rule_module.html