| Parameter |
Choices/Defaults |
Comments |
|
config
dictionary
|
|
A dictionary of ACL options.
|
|
acls
list
/ elements=dictionary
|
|
A list of Access Control Lists (ACL).
|
|
|
aces
list
/ elements=dictionary
|
|
The entries within the ACL.
|
|
|
|
destination
dictionary
|
|
Specify the packet destination.
|
|
|
|
|
address
string
|
|
Host address to match, or any single host address.
|
|
|
|
|
any
boolean
|
|
Match any destination address.
|
|
|
|
|
any4
boolean
|
|
Match any ipv4 destination address.
|
|
|
|
|
any6
boolean
|
|
Match any ipv6 destination address.
|
|
|
|
|
host
string
|
|
A single destination host
|
|
|
|
|
interface
string
|
|
Use interface address as destination address
|
|
|
|
|
netmask
string
|
|
Netmask for destination IP address, valid with IPV4 address.
|
|
|
|
|
object_group
string
|
|
Network object-group for destination address
|
|
|
|
|
port_protocol
dictionary
|
|
Specify the destination port along with protocol.
Note, Valid with TCP/UDP protocol_options
|
|
|
|
|
|
eq
string
|
|
Match only packets on a given port number.
|
|
|
|
|
|
gt
string
|
|
Match only packets with a greater port number.
|
|
|
|
|
|
lt
string
|
|
Match only packets with a lower port number.
|
|
|
|
|
|
neq
string
|
|
Match only packets not on a given port number.
|
|
|
|
|
|
range
dictionary
|
|
Port range operator
|
|
|
|
|
|
|
end
integer
|
|
Specify the end of the port range.
|
|
|
|
|
|
|
start
integer
|
|
Specify the start of the port range.
|
|
|
|
grant
string
|
|
Specify the action.
|
|
|
|
inactive
boolean
|
|
Keyword for disabling an ACL element.
|
|
|
|
line
integer
|
|
Use this to specify line number at which ACE should be entered.
Existing ACE can be updated based on the input line number.
It's not a required param in case of configuring the acl, but in case of Delete operation it's required, else Delete operation won't work as expected.
Refer to vendor documentation for valid values.
|
|
|
|
log
string
|
Choices:
- default
- alerts
- critical
- debugging
- disable
- emergencies
- errors
- informational
- interval
- notifications
- warnings
|
Log matches against this entry.
|
|
|
|
protocol
string
|
|
Specify the protocol to match.
Refer to vendor documentation for valid values.
|
|
|
|
protocol_options
dictionary
|
|
protocol type.
|
|
|
|
|
ahp
boolean
|
|
Authentication Header Protocol.
|
|
|
|
|
eigrp
boolean
|
|
Cisco's EIGRP routing protocol.
|
|
|
|
|
esp
boolean
|
|
Encapsulation Security Payload.
|
|
|
|
|
gre
boolean
|
|
Cisco's GRE tunneling.
|
|
|
|
|
icmp
dictionary
|
|
Internet Control Message Protocol.
|
|
|
|
|
|
alternate_address
boolean
|
|
Alternate address
|
|
|
|
|
|
conversion_error
boolean
|
|
Datagram conversion
|
|
|
|
|
|
echo
boolean
|
|
Echo (ping)
|
|
|
|
|
|
echo_reply
boolean
|
|
Echo reply
|
|
|
|
|
|
information_reply
boolean
|
|
Information replies
|
|
|
|
|
|
information_request
boolean
|
|
Information requests
|
|
|
|
|
|
mask_reply
boolean
|
|
Mask replies
|
|
|
|
|
|
mask_request
boolean
|
|
mask_request
|
|
|
|
|
|
mobile_redirect
boolean
|
|
Mobile host redirect
|
|
|
|
|
|
parameter_problem
boolean
|
|
All parameter problems
|
|
|
|
|
|
redirect
boolean
|
|
All redirects
|
|
|
|
|
|
router_advertisement
boolean
|
|
Router discovery advertisements
|
|
|
|
|
|
router_solicitation
boolean
|
|
Router discovery solicitations
|
|
|
|
|
|
source_quench
boolean
|
|
Source quenches
|
|
|
|
|
|
source_route_failed
boolean
|
|
Source route
|
|
|
|
|
|
time_exceeded
boolean
|
|
All time exceededs
|
|
|
|
|
|
timestamp_reply
boolean
|
|
Timestamp replies
|
|
|
|
|
|
timestamp_request
boolean
|
|
Timestamp requests
|
|
|
|
|
|
traceroute
boolean
|
|
Traceroute
|
|
|
|
|
|
unreachable
boolean
|
|
All unreachables
|
|
|
|
|
icmp6
dictionary
|
|
Internet Control Message Protocol.
|
|
|
|
|
|
echo
boolean
|
|
Echo (ping)
|
|
|
|
|
|
echo_reply
boolean
|
|
Echo reply
|
|
|
|
|
|
membership_query
boolean
|
|
Membership query
|
|
|
|
|
|
membership_reduction
boolean
|
|
Membership reduction
|
|
|
|
|
|
membership_report
boolean
|
|
Membership report
|
|
|
|
|
|
neighbor_advertisement
boolean
|
|
Neighbor advertisement
|
|
|
|
|
|
neighbor_redirect
boolean
|
|
Neighbor redirect
|
|
|
|
|
|
neighbor_solicitation
boolean
|
|
Neighbor_solicitation
|
|
|
|
|
|
packet_too_big
boolean
|
|
Packet too big
|
|
|
|
|
|
parameter_problem
boolean
|
|
Parameter problem
|
|
|
|
|
|
router_advertisement
boolean
|
|
Router discovery advertisements
|
|
|
|
|
|
router_renumbering
boolean
|
|
Router renumbering
|
|
|
|
|
|
router_solicitation
boolean
|
|
Router solicitation
|
|
|
|
|
|
time_exceeded
boolean
|
|
Time exceeded
|
|
|
|
|
|
unreachable
boolean
|
|
All unreachables
|
|
|
|
|
igmp
boolean
|
|
Internet Gateway Message Protocol.
|
|
|
|
|
igrp
boolean
|
|
Internet Gateway Routing Protocol.
|
|
|
|
|
ip
boolean
|
|
Any Internet Protocol.
|
|
|
|
|
ipinip
boolean
|
|
IP in IP tunneling.
|
|
|
|
|
ipsec
boolean
|
|
IP Security.
|
|
|
|
|
nos
boolean
|
|
KA9Q NOS compatible IP over IP tunneling.
|
|
|
|
|
ospf
boolean
|
|
OSPF routing protocol.
|
|
|
|
|
pcp
boolean
|
|
Payload Compression Protocol.
|
|
|
|
|
pim
boolean
|
|
Protocol Independent Multicast.
|
|
|
|
|
pptp
boolean
|
|
Point-to-Point Tunneling Protocol.
|
|
|
|
|
protocol_number
integer
|
|
An IP protocol number
|
|
|
|
|
sctp
boolean
|
|
Stream Control Transmission Protocol.
|
|
|
|
|
snp
boolean
|
|
Simple Network Protocol.
|
|
|
|
|
tcp
boolean
|
|
Match TCP packet flags
|
|
|
|
|
udp
boolean
|
|
User Datagram Protocol.
|
|
|
|
remark
string
|
|
Specify a comment (remark) for the access-list after this keyword
|
|
|
|
source
dictionary
|
|
Specify the packet source.
|
|
|
|
|
address
string
|
|
Source network address.
|
|
|
|
|
any
boolean
|
|
Match any source address.
|
|
|
|
|
any4
boolean
|
|
Match any ipv4 source address.
|
|
|
|
|
any6
boolean
|
|
Match any ipv6 source address.
|
|
|
|
|
host
string
|
|
A single source host
|
|
|
|
|
interface
string
|
|
Use interface address as source address
|
|
|
|
|
netmask
string
|
|
Netmask for source IP address, valid with IPV4 address.
|
|
|
|
|
object_group
string
|
|
Network object-group for source address
|
|
|
|
|
port_protocol
dictionary
|
|
Specify the destination port along with protocol.
Note, Valid with TCP/UDP protocol_options
|
|
|
|
|
|
eq
string
|
|
Match only packets on a given port number.
|
|
|
|
|
|
gt
string
|
|
Match only packets with a greater port number.
|
|
|
|
|
|
lt
string
|
|
Match only packets with a lower port number.
|
|
|
|
|
|
neq
string
|
|
Match only packets not on a given port number.
|
|
|
|
|
|
range
dictionary
|
|
Port range operator
|
|
|
|
|
|
|
end
integer
|
|
Specify the end of the port range.
|
|
|
|
|
|
|
start
integer
|
|
Specify the start of the port range.
|
|
|
|
time_range
string
|
|
Specify a time-range.
|
|
|
acl_type
string
|
Choices:
- extended
- standard
|
ACL type
|
|
|
name
string
/ required
|
|
The name or the number of the ACL.
|
|
|
rename
string
|
|
Rename an existing access-list.
If input to rename param is given, it'll take preference over other parameters and only rename config will be matched and computed against.
|
|
running_config
string
|
|
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison.
|
|
state
string
|
Choices:
merged ← - replaced
- overridden
- deleted
- gathered
- rendered
- parsed
|
The state of the configuration after module completion
|