junipernetworks.junos.junos_acl_interfaces 模块 – ACL 接口资源模块
注意
此模块是 junipernetworks.junos 集合(版本 9.1.0)的一部分。
如果您正在使用 ansible 包,您可能已经安装了此集合。它不包含在 ansible-core 中。要检查是否已安装,请运行 ansible-galaxy collection list。
要安装它,请使用:ansible-galaxy collection install junipernetworks.junos。您需要进一步的要求才能使用此模块,请参阅 要求 以了解详细信息。
要在 playbook 中使用它,请指定:junipernetworks.junos.junos_acl_interfaces。
junipernetworks.junos 1.0.0 中的新增功能
概要
此模块管理在运行 Juniper JUNOS 的设备上添加和删除接口的访问控制列表 (ACL)。
要求
执行此模块的主机需要满足以下要求。
ncclient (>=v0.6.4)
xmltodict (>=0.12.0)
参数
参数 |
注释 |
|---|---|
接口 ACL 选项的字典。 |
|
指定附加到接口的 ACL。 |
|
指定为提供的 AFI 的 ACL。 |
|
指定将应用 ACL 的数据包的方向。 选项
|
|
指定接口的 IPv4/IPv4 ACL 的名称。 |
|
指定要在此接口上配置的 ACL 的 AFI。 选项
|
|
接口的名称/标识符。 |
|
此选项仅用于状态 _parsed_。 此选项的值应该是通过执行命令 **show interfaces** 从 Junos 设备收到的输出。 状态 _parsed_ 从 |
|
配置应保留的状态。 选项
|
注释
注意
此模块要求在被管理的设备上启用 netconf 系统服务。
此模块使用连接
netconf。请参阅 Junos OS 平台选项。已针对 JunOS v18.4R1 进行测试
示例
# Using deleted
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Delete JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: deleted
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using merged
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Merge JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: merged
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using overridden
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# filter {
# input foo_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Override JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: overridden
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using replaced
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# filter {
# input foo_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Replace JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
state: replaced
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
返回值
常见的返回值记录在此处,以下是此模块独有的字段
键 |
描述 |
|---|---|
生成的配置模型调用。 返回:当更改时 示例: |
|
模型调用之前的配置。 返回:总是 示例: |
|
推送到远程设备的命令集。 返回:总是 示例: |