bigip_apm_acl – Manage user-defined APM ACLs¶
New in version 2.9.
Parameters¶
Notes¶
Note
- For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
- Requires BIG-IP software version >= 12.
- The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples¶
- name: Create a static ACL with L4 entries
  bigip_apm_acl:
    name: L4foo
    acl_order: 0
    type: static
    entries:
      - action: allow
        dst_port: '80'
        dst_addr: '192.168.1.1'
        src_port: '443'
        src_addr: '10.10.10.0'
        src_mask: '255.255.255.128'
        protocol: tcp
      - action: reject
        dst_port: '*'
        dst_addr: '192.168.1.1'
        src_port: '*'
        src_addr: '10.10.10.0'
        src_mask: '255.255.255.128'
        protocol: tcp
        log: packet
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost
- name: Create a static ACL with L7 entries
  bigip_apm_acl:
    name: L7foo
    acl_order: 1
    type: static
    path_match_case: no
    entries:
      - action: allow
        host_name: 'foobar.com'
        paths: '/shopfront'
        scheme: https
      - action: reject
        host_name: 'internal_foobar.com'
        paths: '/admin'
        scheme: any
        log: packet
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost
- name: Create a static ACL with L7/L4 entries
  bigip_apm_acl:
    name: L7L4foo
    acl_order: 2
    type: static
    path_match_case: no
    entries:
      - action: allow
        host_name: 'foobar.com'
        paths: '/shopfront'
        scheme: https
        dst_port: '8181'
        dst_addr: '192.168.1.1'
        protocol: tcp
      - action: reject
        dst_addr: '192.168.1.1'
        host_name: 'internal_foobar.com'
        paths: '/admin'
        scheme: any
        protocol: all
        log: packet
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost
- name: Modify a static ACL entries
  bigip_apm_acl:
    name: L4foo
    entries:
      - action: allow
        dst_port: '80'
        dst_addr: '192.168.1.1'
        src_port: '443'
        src_addr: '10.10.10.0'
        src_mask: '255.255.255.128'
        protocol: tcp
      - action: discard
        dst_port: '*'
        dst_addr: 192.168.1.1
        src_port: '*'
        src_addr: '10.10.10.0'
        src_mask: '255.2155.255.128'
        protocol: all
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost
- name: Remove static ACL
  bigip_apm_acl:
    name: L4foo
    state: absent
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by an Ansible Partner. [certified]
Authors¶
- Wojciech Wypior (@wojtek0806)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
