puzzle.opnsense.firewall_alias module – Configure firewall aliases.

Note

This module is part of the puzzle.opnsense collection (version 1.5.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install puzzle.opnsense.

To use it in a playbook, specify: puzzle.opnsense.firewall_alias.

New in puzzle.opnsense 1.4.0

Synopsis

  • Module to configure opnsense firewall aliases

Parameters

Parameter

Comments

content

list / elements=string

Content of the alias

description

string

Description of the Alias

enabled

boolean

If set to True, the Alias will be enabled

If set to False, the Alias will not be enabled

Choices:

  • false

  • true ← (default)

interface

string

Select the interface for the V6 dynamic IP

name

string / required

The name of the alias may only consist of the characters “a-z, A-Z, 0-9 and _”

protocol

list / elements=string

Protocol of BGP ASN Entry

Choices:

  • "IPv4"

  • "IPv6"

  • ""

refreshfrequency

dictionary

The frequency that the list will be refreshed, in days + hours, so 1 day and 8 hours means the alias will be refreshed after 32 hours.

days

integer

Number of days for the refresh frequency.

hours

integer

Number of hours for the refresh frequency.

state

string

Whether alias should be added or removed.

Choices:

  • "present" ← (default)

  • "absent"

statistics

boolean

Maintain a set of counters for each table entry

Choices:

  • false ← (default)

  • true

type

string / required

The type used for the Alias

hosts (Single hosts by IP or Fully Qualified Domain Name or host exclusions (starts with ‘!’ sign))

networks (Entire network p.e. 192.168.1.1/24 or network exclusion eg !192.168.1.0/24)

ports (Port numbers or a port range like 20:30)

urls (A table of IP addresses that are fetched once)

urltable (A table of IP addresses that are fetched on regular intervals.)

geoip (Select countries or whole regions) disclaimer -> validation is not supported at this point

networkgroup (Combine different network type aliases into one)

macaddress (MAC address or partial mac addresses like f4:90:ea)

bgpasn (Maps autonomous system (AS) numbers to networks where they are responsible for) supported >= version 23.7

dynamicipv6host (A Host entry that will auto update on a prefixchange) supported >= version 23.7

opnvpngroup (Map user groups to logged in OpenVPN users) supported >= version 23.1

internal (Internal aliases which are managed by the product)

external (Externally managed alias, this only handles the placeholder. Content is set from another source (plugin, api call, etc))

Choices:

  • "host"

  • "network"

  • "port"

  • "url"

  • "urltable"

  • "geoip"

  • "networkgroup"

  • "macaddress"

  • "bgpasn"

  • "dynamicipv6host"

  • "opnvpngroup"

  • "internal"

  • "external"

Examples

- name: Create an Host Alias with the content 10.0.0.1
  puzzle.opnsense.firewall_alias:
    name: TestAliasTypeHost
    type: host
    statistics: false
    description: Test Alias with type Host
    content: 10.0.0.1

- name: Create a URL Alias with the content www.puzzle.ch
  puzzle.opnsense.firewall_alias:
    name: TestAliasTypeURL
    type: url
    statistics: false
    description: Test Alias with type URL
    content: www.puzzle.ch

- name: Create a URLTable Alias with the content www.google.ch, www.puzzle.ch
  puzzle.opnsense.firewall_alias:
    name: TestAliasTypeURLTable
    type: urltable
    description: Test Alias with type URLTable
    refreshfrequency:
      days: 1
      hours: 2
    content:
      - www.google.ch
      - www.puzzle.ch

- name: Create a GeoIP Alias with the content CH, DE
  puzzle.opnsense.firewall_alias:
    name: TestAliasTypeGeoIP
    type: geoip
    description: Test Alias with type GeoIP
    content:
        - CH
        - DE

- name: Create an MAC Alias with the content FF:FF:FF:FF:FF
  puzzle.opnsense.firewall_alias:
    name: TestAliasTypeMAC
    type: macaddress
    statistics: false
    description: Test Alias with type MAC
    content: FF:FF:FF:FF:FF:FF

- name: Create a BGP ASN Alias with the content 65001 and protocol IPv4
  puzzle.opnsense.firewall_alias:
    name: TestAliasTypeBGPASN_ipv4
    type: bgpasn
    protocol: IPv4
    statistics: false
    description: Test Alias with type BGPASN with the content 65001 and protocol IPv4
    content: 65001

- name: Create an OPNVPNGROUP Alias with the content admins
  puzzle.opnsense.firewall_alias:
    name: TestAliasTypeOPNVPNGROUP
    type: opnvpngroup
    statistics: false
    description: Test Alias with type OPNVPNGROUP
    content: admins

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

opnsense_configure_output

list / elements=string

A List of the executed OPNsense configure function along with their respective stdout, stderr and rc

Returned: always

Authors

  • Kilian Soltermann (@killuuuhh)