| Parameter | Choices/Defaults | Comments | 
                
                                                            | action 
                    string
                                                                 | Choices:
                                                                                                                                                            acceptdroprejectaccept-decisively | Specifies the action for the firewall rule. When accept, allows packets with the specified source, destination, and protocol to pass through the firewall. Packets that match the rule, and are accepted, traverse the system as if the firewall is not present. When drop, drops packets with the specified source, destination, and protocol. Dropping a packet is a silent action with no notification to the source or destination systems. Dropping the packet causes the connection to be retried until the retry threshold is reached. When reject, rejects packets with the specified source, destination, and protocol. When a packet is rejected the firewall sends a destination unreachable message to the sender. When accept-decisively, allows packets with the specified source, destination, and protocol to pass through the firewall, and does not require any further processing by any of the further firewalls. Packets that match the rule, and are accepted, traverse the system as if the firewall is not present. If the Rule List is applied to a virtual server, management IP, or self IP firewall rule, then Accept Decisively is equivalent to Accept. When creating a new rule, if this parameter is not provided, the default is reject. | 
                            
                                                            | description 
                    string
                                                                 |  | The rule description. | 
                            
                                                            | destination 
                    list
                                                                 |  | Specifies packet destinations to which the rule applies. Leaving this field blank applies the rule to all addresses and all ports. You can specify the following destination items. An IPv4 or IPv6 address, an IPv4 or IPv6 address range, geographic location, VLAN, address list, port, port range, port list or address list. You can specify a mix of different types of items for the source address. | 
                                                        
                                                |  | address 
                    string
                                                                 |  | Specifies a specific IP address. | 
                            
                                                |  | address_list 
                    string
                                                                 |  | Specifies an existing address list. | 
                            
                                                |  | address_range 
                    string
                                                                 |  | Specifies an address range. | 
                            
                                                |  | country 
                    string
                                                                 |  | Specifies a country code. | 
                            
                                                |  | port 
                    integer
                                                                 |  | Specifies a single numeric port. This option is only valid when protocolistcp(6) orudp(17). | 
                            
                                                |  | port_list 
                    string
                                                                 |  | Specifes an existing port list. This option is only valid when protocolistcp(6) orudp(17). | 
                            
                                                |  | port_range 
                    string
                                                                 |  | Specifies a range of ports, which is two port values separated by a hyphen. The port to the left of the hyphen should be less than the port to the right. This option is only valid when protocolistcp(6) orudp(17). | 
                                            
                                                            | icmp_message 
                    list
                                                                 |  | Specifies the Internet Control Message Protocol (ICMP) or ICMPv6 message typeandcodethat the rule uses. This parameter is only relevant when protocolis eithericmp(1) oricmpv6(58). | 
                                                        
                                                |  | code 
                    string
                                                                 |  | Specifies the code returned in response to the specified ICMP message type. You can specify codes, each set appropriate to the associated type, such as No Code (0) (associated with Echo Reply (0)) and Host Unreachable (1) (associated with Destination Unreachable (3)), or you can specify anyto indicate that the system applies the rule for all codes in response to that specific ICMP message. You can also specify an arbitrary code. The ICMP protocol contains definitions for the existing message code and number pairs. | 
                            
                                                |  | type 
                    string
                                                                 |  | Specifies the type of ICMP message. You can specify control messages, such as Echo Reply (0) and Destination Unreachable (3), or you can specify anyto indicate that the system applies the rule for all ICMP messages. You can also specify an arbitrary ICMP message. The ICMP protocol contains definitions for the existing message type and number pairs. | 
                                            
                                                            | irule 
                    string
                                                                 |  | Specifies an iRule that is applied to the firewall rule. An iRule can be started when the firewall rule matches traffic. | 
                            
                                                            | logging 
                    boolean
                                                                 |  | Specifies whether logging is enabled or disabled for the firewall rule. When creating a new rule, if this parameter is not specified, the default if no. | 
                            
                                                            | name 
                    string
                                             / required                     |  | Specifies the name of the rule. | 
                            
                                                            | parent_policy 
                    string
                                                                 |  | The policy which contains the rule to be managed. One of either parent_policyorparent_rule_listis required. | 
                            
                                                            | parent_rule_list 
                    string
                                                                 |  | The rule list which contains the rule to be managed. One of either parent_policyorparent_rule_listis required. | 
                            
                                                            | partition 
                    string
                                                                 | Default: 
 "Common" | Device partition to manage resources on. | 
                            
                                                            | protocol 
                    string
                                                                 |  | Specifies the protocol to which the rule applies. Protocols may be specified by either their name or numeric value. A special protocol value anycan be specified to match any protocol. The numeric equivalent of this protocol is255. | 
                            
                                                            | provider 
                    dictionary
                                                                 added in 2.5 |  | A dict object containing connection details. | 
                                                        
                                                |  | auth_provider 
                    string
                                                                 |  | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | 
                            
                                                |  | password 
                    string
                                             / required                     |  | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD. aliases: pass, pwd
 | 
                            
                                                |  | server 
                    string
                                             / required                     |  | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER. | 
                            
                                                |  | server_port 
                    integer
                                                                 | Default: 
 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT. | 
                            
                                                |  | ssh_keyfile 
                    path
                                                                 |  | Specifies the SSH keyfile to use to authenticate the connection to the remote device.  This argument is only used for cli transports. You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE. | 
                            
                                                |  | timeout 
                    integer
                                                                 |  | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. | 
                            
                                                |  | transport 
                    string
                                                                 |  | Configures the transport connection to use when connecting to the remote device. | 
                            
                                                |  | user 
                    string
                                             / required                     |  | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER. | 
                            
                                                |  | validate_certs 
                    boolean
                                                                 |  | If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable F5_VALIDATE_CERTS. | 
                                            
                                                            | rule_list 
                    string
                                                                 |  | Specifies an existing rule list to use in the rule. This parameter is mutually exclusive with many of the other individual-rule specific settings. This includes logging,action,source,destination,irule',protocolandlogging. This parameter is only used when parent_policyis specified, otherwise it is ignored. | 
                            
                                                            | schedule 
                    string
                                                                 |  | Specifies a schedule for the firewall rule. You configure schedules to define days and times when the firewall rule is made active. | 
                            
                                                            | source 
                    list
                                                                 |  | Specifies packet sources to which the rule applies. Leaving this field blank applies the rule to all addresses and all ports. You can specify the following source items. An IPv4 or IPv6 address, an IPv4 or IPv6 address range, geographic location, VLAN, address list, port, port range, port list or address list. You can specify a mix of different types of items for the source address. | 
                                                        
                                                |  | address 
                    string
                                                                 |  | Specifies a specific IP address. | 
                            
                                                |  | address_list 
                    string
                                                                 |  | Specifies an existing address list. | 
                            
                                                |  | address_range 
                    string
                                                                 |  | Specifies an address range. | 
                            
                                                |  | country 
                    string
                                                                 |  | Specifies a country code. | 
                            
                                                |  | port 
                    integer
                                                                 |  | Specifies a single numeric port. This option is only valid when protocolistcp(6) orudp(17). | 
                            
                                                |  | port_list 
                    string
                                                                 |  | Specifes an existing port list. This option is only valid when protocolistcp(6) orudp(17). | 
                            
                                                |  | port_range 
                    string
                                                                 |  | Specifies a range of ports, which is two port values separated by a hyphen. The port to the left of the hyphen should be less than the port to the right. This option is only valid when protocolistcp(6) orudp(17). | 
                            
                                                |  | vlan 
                    string
                                                                 |  | Specifies VLANs to which the rule applies. The VLAN source refers to the packet's source. | 
                                            
                                                            | state 
                    string
                                                                 | Choices:
                                                                                                                                                            present ←absent | When stateispresent, ensures that the rule exists. When stateisabsent, ensures that the rule is removed. | 
                            
                                                            | status 
                    string
                                                                 | Choices:
                                                                                                                                                            enableddisabledscheduled | Indicates the activity state of the rule or rule list. When disabled, specifies that the rule or rule list does not apply at all. When enabled, specifies that the system applies the firewall rule or rule list to the given context and addresses. When scheduled, specifies that the system applies the rule or rule list according to the specified schedule. When creating a new rule, if this parameter is not provided, the default is enabled. |