cisco.meraki.networks_appliance_firewall_inbound_firewall_rules module -- Resource module for networks _appliance _firewall _inboundfirewallrules

Note

This module is part of the cisco.meraki collection (version 2.18.2).

To install it, use: ansible-galaxy collection install cisco.meraki. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.meraki.networks_appliance_firewall_inbound_firewall_rules.

New in cisco.meraki 2.16.0

Synopsis

  • Manage operation update of the resource networks _appliance _firewall _inboundfirewallrules.

  • Update the inbound firewall rules of an MX network.

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

  • meraki >= 2.4.9

  • python >= 3.5

Parameters

Parameter

Comments

meraki_action_batch_retry_wait_time

integer

meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time

Default: :ansible-option-default:`60`

meraki_api_key

string / required

meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY

meraki_base_url

string

meraki_base_url (string), preceding all endpoint resources

Default: :ansible-option-default:`"https://api.meraki.com/api/v1"`

meraki_be_geo_id

string

meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID

Default: :ansible-option-default:`""`

meraki_caller

string

meraki_caller (string), optional identifier for API usage tracking; can also be set as an environment variable MERAKI_PYTHON_SDK_CALLER

Default: :ansible-option-default:`""`

meraki_certificate_path

string

meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy

Default: :ansible-option-default:`""`

meraki_inherit_logging_config

boolean

meraki_inherit_logging_config (boolean), Inherits your own logger instance

Choices:

meraki_log_file_prefix

string

meraki_log_file_prefix (string), log file name appended with date and timestamp

Default: :ansible-option-default:`"meraki\_api\_"`

meraki_log_path

string

log_path (string), path to output log; by default, working directory of script if not specified

Default: :ansible-option-default:`""`

meraki_maximum_retries

integer

meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors

Default: :ansible-option-default:`2`

meraki_nginx_429_retry_wait_time

integer

meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time

Default: :ansible-option-default:`60`

meraki_output_log

boolean

meraki_output_log (boolean), create an output log file?

Choices:

meraki_print_console

boolean

meraki_print_console (boolean), print logging output to console?

Choices:

meraki_requests_proxy

string

meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS

Default: :ansible-option-default:`""`

meraki_retry_4xx_error

boolean

meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)?

Choices:

meraki_retry_4xx_error_wait_time

integer

meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time

Default: :ansible-option-default:`60`

meraki_simulate

boolean

meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes?

Choices:

meraki_single_request_timeout

integer

meraki_single_request_timeout (integer), maximum number of seconds for each API call

Default: :ansible-option-default:`60`

meraki_suppress_logging

boolean

meraki_suppress_logging (boolean), disable all logging? you're on your own then!

Choices:

meraki_use_iterator_for_get_pages

boolean

meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items

Choices:

meraki_wait_on_rate_limit

boolean

meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered?

Choices:

networkId

string

NetworkId path parameter. Network ID.

rules

list / elements=dictionary

An ordered array of the firewall rules (not including the default rule).

comment

string

Description of the rule (optional).

destCidr

string

Comma-separated list of destination IP address(es) (in IP or CIDR notation), fully-qualified domain names (FQDN) or 'any'.

destPort

string

Comma-separated list of destination port(s) (integer in the range 1-65535), or 'any'.

policy

string

'allow' or 'deny' traffic specified by this rule.

protocol

string

The type of protocol (must be 'tcp', 'udp', 'icmp', 'icmp6' or 'any').

srcCidr

string

Comma-separated list of source IP address(es) (in IP or CIDR notation), or 'any' (note FQDN not supported for source addresses).

srcPort

string

Comma-separated list of source port(s) (integer in the range 1-65535), or 'any'.

syslogEnabled

boolean

Log this rule to syslog (true or false, boolean value) - only applicable if a syslog has been configured (optional).

Choices:

syslogDefaultRule

boolean

Log the special default rule (boolean value - enable only if you've configured a syslog server) (optional).

Choices:

Notes

Note

  • SDK Method used are appliance.Appliance.update_network_appliance_firewall_inbound_firewall_rules,

  • Paths used are put /networks/{networkId}/appliance/firewall/inboundFirewallRules,

  • Does not support check_mode

  • The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco DNAC SDK

  • The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection

See Also

See also

Cisco Meraki documentation for appliance updateNetworkApplianceFirewallInboundFirewallRules

Complete reference of the updateNetworkApplianceFirewallInboundFirewallRules API.

Examples

- name: Update all
  cisco.meraki.networks_appliance_firewall_inbound_firewall_rules:
    meraki_api_key: "{{meraki_api_key}}"
    meraki_base_url: "{{meraki_base_url}}"
    meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
    meraki_certificate_path: "{{meraki_certificate_path}}"
    meraki_requests_proxy: "{{meraki_requests_proxy}}"
    meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
    meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
    meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
    meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
    meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
    meraki_maximum_retries: "{{meraki_maximum_retries}}"
    meraki_output_log: "{{meraki_output_log}}"
    meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
    meraki_log_path: "{{meraki_log_path}}"
    meraki_print_console: "{{meraki_print_console}}"
    meraki_suppress_logging: "{{meraki_suppress_logging}}"
    meraki_simulate: "{{meraki_simulate}}"
    meraki_be_geo_id: "{{meraki_be_geo_id}}"
    meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
    meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
    state: present
    networkId: string
    rules:
    - comment: Allow TCP traffic to subnet with HTTP servers.
      destCidr: 192.168.1.0/24
      destPort: '443'
      policy: allow
      protocol: tcp
      srcCidr: Any
      srcPort: Any
      syslogEnabled: false
    syslogDefaultRule: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meraki_response

dictionary

A dictionary or list with the response returned by the Cisco Meraki Python SDK

Returned: always

Sample: :ansible-rv-sample-value:`{"rules": [{"comment": "string", "destCidr": "string", "destPort": "string", "policy": "string", "protocol": "string", "srcCidr": "string", "srcPort": "string", "syslogEnabled": true}], "syslogDefaultRule": true}`

Authors

  • Francisco Munoz (@fmunoz)