puzzle.opnsense.firewall_rules module – This module is used to manage OPNSense firewall rules
Note
This module is part of the puzzle.opnsense collection (version 1.5.0).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install puzzle.opnsense
.
To use it in a playbook, specify: puzzle.opnsense.firewall_rules
.
New in puzzle.opnsense 1.0.0
Synopsis
This module is used to manage OPNSense firewall rules.
Parameters
Parameter |
Comments |
---|---|
Choose what to do with packets that match the criteria specified below. Choices:
|
|
You may enter or select a category here to group firewall rules |
|
Description for the rule. |
|
Specifies the source configuration. |
|
The IP address of the source. Default: |
|
Inverts the match logic. Choices:
|
|
The network of the source. Default: |
|
The port of the source. Default: |
|
“Direction of the traffic. Traffic IN is coming into the firewall interface, while traffic OUT is going out of the firewall interface. In visual terms: [Source] -> IN -> [Firewall] -> OUT -> [Destination]. The default policy is to filter inbound traffic, which means the policy applies to the interface on which the traffic is originally received by the firewall from the source. This is more efficient from a traffic processing perspective. In most cases, the default policy will be the most appropriate.” Choices:
|
|
Set this option to disable this rule without removing it from the list. Choices:
|
|
Choose on which interface packets must come in to match this rule. |
|
IP version Choices:
|
|
“Log packets that are handled by this rule. Hint: the firewall has limited local log space. Don’t turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server.” Choices:
|
|
Choose which IP protocol this rule should match. Choices:
|
|
If a packet matches a rule specifying quick, then that rule is considered the last matching rule and the specified action is taken. When a rule does not have quick enabled, the last matching rule wins. Choices:
|
|
Specifies the source configuration. |
|
The IP address of the source. Default: |
|
Inverts the match logic. Choices:
|
|
The network of the source. Default: |
|
The port of the source. Default: |
|
Whether rule should be added or removed. Choices:
|
Examples
- name: Block SSH in LAN Network
puzzle.opnsense.firewall_rules:
interface: lan
source:
destination:
port: 22
action: block
- name: Allow all access from RFC1918 networks to this host
puzzle.opnsense.firewall_rules:
interface: lan
action: pass
source:
address: 192.168.0.0/16
destination:
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A List of the executed OPNsense configure function along with their respective stdout, stderr and rc Returned: always Sample: |