firewall_nat_rule_facts - Facts about NAT based int the specified policy¶
Synopsis¶
Retrieve rule-specific information based on the policy specified in the facts module run. Specifying the policy is a required field. In addition, you can choose to expand fields like source, destination and services from HREF to their native element type and name by using the expand list with specified fields to expand. There are other search capabilities, such as finding a rule based on partial match and rules within specific ranges.
Requirements (on host that executes module)¶
smc-python version 0.6.0 or greater
Options¶
| parameter | required | default | choices | comments | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| as_yaml |
no |
|
Set this parameter to true if the output should be exported into YAML format. By default the output format is actually dict, but using this field allows you to also use the provided jinja templates to format into YAML and reuse for playbook runs. |
||||||||||||||||
| case_sensitive |
no | True |
Whether to do a case sensitive match on the filter specified |
||||||||||||||||
| exact_match |
no |
Whether to do an exact match on the filter specified |
|||||||||||||||||
| expand |
no |
|
Fields that should be expanded from HREF into their native elements. Expanded fields will be returned as a dict of lists with the key being the element type and list being the name values for that element type. |
||||||||||||||||
| filter |
yes |
The name of the Firewall Policy for which to retrieve rules |
|||||||||||||||||
| limit |
no | 10 |
Limit the number of results. Set to 0 to remove limit. |
||||||||||||||||
| rule_range |
no |
Provide a rule range to retrieve. Firewall rules will be displayed based on the ranges provided in a top down fashion. |
|||||||||||||||||
| search |
no |
Provide a search string for which to use as a match against a rule/s name or comments field. Mutually exclusive with rule_range |
|||||||||||||||||
| smc_address |
no |
FQDN with port of SMC. The default value is the environment variable |
|||||||||||||||||
| smc_alt_filepath |
no |
Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, address and api_key settings are not required and will be ignored. |
|||||||||||||||||
| smc_api_key |
no |
API key for api client. The default value is the environment variable |
|||||||||||||||||
| smc_api_version |
no |
Optional SMC API version to connect to. If none is provided, the latest long-term support (LTS) version of the SMC API will be used based on the SMC version. Can be set though the environment variable |
|||||||||||||||||
| smc_domain |
no |
Optional administrative domain in the SMC to log on to. If no domain is provided, 'Shared Domain' is used. Can be set through the environment variable |
|||||||||||||||||
| smc_extra_args |
no |
Extra arguments to pass to the login constructor. These arguments are generally only used if specifically requested by support personnel.
| |||||||||||||||||
|
|||||||||||||||||||
| smc_logging |
no |
Optionally enable SMC API logging to a file
| |||||||||||||||||
|
|||||||||||||||||||
| smc_timeout |
no |
Optional timeout for connections to the SMC API. Can be set through the environment variable |
|||||||||||||||||
Examples¶
- name: Facts about all engines within SMC
hosts: localhost
gather_facts: no
tasks:
- name: Show rules for policy 'TestPolicy' (only shows name, type)
firewall_nat_rule_facts:
filter: TestPolicy
- name: Search for specific rule/s using search value (partial searching supported)
firewall_nat_rule_facts:
filter: TestPolicy
search: rulet
- name: Dump the results in yaml format, showing details of rule
firewall_nat_rule_facts:
filter: TestPolicy
search: rulet
as_yaml: true
- name: Resolve the source, destination and services fields
firewall_nat_rule_facts:
filter: TestPolicy
search: rulet
as_yaml: true
expand:
- sources
- destinations
- services
- name: Get specific rules based on range order (rules 1-10)
firewall_nat_rule_facts:
filter: TestPolicy
rule_range: 1-3
as_yaml: true
- name: Get firewall rule as yaml
firewall_nat_rule_facts:
smc_logging:
level: 10
path: ansible-smc.log
filter: TestPolicy
search: rulet
#rule_range: 1-3
as_yaml: true
expand:
- services
- destinations
- sources
- name: Write the yaml using a jinja template
template: src=templates/facts_yaml.j2 dest=./firewall_nat_rules_test.yml
vars:
playbook: firewall_rule
Return Values¶
Return values that are common to all modules are documented in Return Values. The following fields are unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| firewall_nat_rule |
Obtain metadata through a simple rule search
|
always | list | [{'policy': 'TestPolicy', 'rules': [{'type': 'fw_ipv4_nat_rule', 'name': 'Rule @125.4', 'pos': 1}, {'type': 'fw_ipv4_nat_rule', 'name': 'Rule @122.5', 'pos': 2}, {'type': 'fw_ipv4_nat_rule', 'name': 'Rule @121.4', 'pos': 3}]}] |
Notes¶
Note
If a filter is not used in the query, this will return all results for the element type specified. The return data in this case will only contain the metadata for the element which will be name and type. To get detailed information about an element, use a filter. When using filters on network or service elements, the filter value will search the element fields, for example, you could use a filter of ‘1.1.1.1’ when searching for hosts and all hosts with this IP will be returned. The same applies for services. If you are unsure of the service name but know the port you require, your filter can be by port.
Status¶
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.