| Parameter |
Choices/Defaults |
Comments |
|
config
list
/ elements=dictionary
|
|
A dictionary of IP access-list options
|
|
acls
list
/ elements=dictionary
|
|
A list of Access Control Lists (ACL).
|
|
|
aces
list
/ elements=dictionary
|
|
Filtering data
|
|
|
|
destination
dictionary
|
|
The packet's destination address
|
|
|
|
|
address
string
|
|
dotted decimal notation of IP address
|
|
|
|
|
any
boolean
|
|
Rule matches all source addresses
|
|
|
|
|
host
string
|
|
Host IP address
|
|
|
|
|
port_protocol
dictionary
|
|
Specify dest port/protocol, along with operator . (comes with tcp/udp).
|
|
|
|
|
subnet_address
string
|
|
A subnet address
|
|
|
|
|
wildcard_bits
string
|
|
Source wildcard bits
|
|
|
|
fragment_rules
boolean
|
|
Add fragment rules
|
|
|
|
fragments
boolean
|
|
Match non-head fragment packets
|
|
|
|
grant
string
|
|
Action to be applied on the rule
|
|
|
|
hop_limit
dictionary
|
|
Hop limit value.
|
|
|
|
line
string
|
|
For fact gathering, any ACE that is not fully parsed, while show up as a value of this attribute.
aliases: ace
|
|
|
|
log
boolean
|
|
Log matches against this rule
|
|
|
|
protocol
string
|
|
Specify the protocol to match.
Refer to vendor documentation for valid values.
|
|
|
|
protocol_options
dictionary
|
|
All the possible sub options for the protocol chosen.
|
|
|
|
|
icmp
dictionary
|
|
Internet Control Message Protocol settings.
|
|
|
|
|
|
administratively_prohibited
boolean
|
|
Administratively prohibited
|
|
|
|
|
|
alternate_address
boolean
|
|
Alternate address
|
|
|
|
|
|
conversion_error
boolean
|
|
Datagram conversion
|
|
|
|
|
|
dod_host_prohibited
boolean
|
|
Host prohibited
|
|
|
|
|
|
dod_net_prohibited
boolean
|
|
Net prohibited
|
|
|
|
|
|
echo
boolean
|
|
Echo (ping)
|
|
|
|
|
|
echo_reply
boolean
|
|
Echo reply
|
|
|
|
|
|
general_parameter_problem
boolean
|
|
Parameter problem
|
|
|
|
|
|
host_isolated
boolean
|
|
Host isolated
|
|
|
|
|
|
host_precedence_unreachable
boolean
|
|
Host unreachable for precedence
|
|
|
|
|
|
host_redirect
boolean
|
|
Host redirect
|
|
|
|
|
|
host_tos_redirect
boolean
|
|
Host redirect for TOS
|
|
|
|
|
|
host_tos_unreachable
boolean
|
|
Host unreachable for TOS
|
|
|
|
|
|
host_unknown
boolean
|
|
Host unknown
|
|
|
|
|
|
host_unreachable
boolean
|
|
Host unreachable
|
|
|
|
|
|
information_reply
boolean
|
|
Information replies
|
|
|
|
|
|
information_request
boolean
|
|
Information requests
|
|
|
|
|
|
mask_reply
boolean
|
|
Mask replies
|
|
|
|
|
|
mask_request
boolean
|
|
Mask requests
|
|
|
|
|
|
message_code
integer
|
|
ICMP message code
|
|
|
|
|
|
message_num
integer
|
|
icmp msg type number.
|
|
|
|
|
|
message_type
integer
|
|
ICMP message type
|
|
|
|
|
|
mobile_redirect
boolean
|
|
Mobile host redirect
|
|
|
|
|
|
net_redirect
boolean
|
|
Network redirect
|
|
|
|
|
|
net_tos_redirect
boolean
|
|
Net redirect for TOS
|
|
|
|
|
|
net_tos_unreachable
boolean
|
|
Network unreachable for TOS
|
|
|
|
|
|
net_unreachable
boolean
|
|
Net unreachable
|
|
|
|
|
|
network_unknown
boolean
|
|
Network unknown
|
|
|
|
|
|
no_room_for_option
boolean
|
|
Parameter required but no room
|
|
|
|
|
|
option_missing
boolean
|
|
Parameter required but not present
|
|
|
|
|
|
packet_too_big
boolean
|
|
Fragmentation needed and DF set
|
|
|
|
|
|
parameter_problem
boolean
|
|
All parameter problems
|
|
|
|
|
|
port_unreachable
boolean
|
|
Port unreachable
|
|
|
|
|
|
precedence_unreachable
boolean
|
|
Precedence cutoff
|
|
|
|
|
|
protocol_unreachable
boolean
|
|
Protocol unreachable
|
|
|
|
|
|
reassembly_timeout
boolean
|
|
Reassembly timeout
|
|
|
|
|
|
redirect
boolean
|
|
All redirects
|
|
|
|
|
|
router_advertisement
boolean
|
|
Router discovery advertisements
|
|
|
|
|
|
router_solicitation
boolean
|
|
Router discovery solicitations
|
|
|
|
|
|
source_quench
boolean
|
|
Source quenches
|
|
|
|
|
|
source_route_failed
boolean
|
|
Source route failed
|
|
|
|
|
|
time_exceeded
boolean
|
|
All time exceededs
|
|
|
|
|
|
timestamp_reply
boolean
|
|
Timestamp replies
|
|
|
|
|
|
timestamp_request
boolean
|
|
Timestamp requests
|
|
|
|
|
|
traceroute
boolean
|
|
Traceroute
|
|
|
|
|
|
ttl_exceeded
boolean
|
|
TTL exceeded
|
|
|
|
|
|
unreachable
boolean
|
|
All unreachables
|
|
|
|
|
icmpv6
dictionary
|
|
Options for icmpv6.
|
|
|
|
|
|
address_unreachable
boolean
|
|
address unreachable
|
|
|
|
|
|
beyond_scope
boolean
|
|
beyond_scope
|
|
|
|
|
|
echo_reply
boolean
|
|
echo_reply
|
|
|
|
|
|
echo_request
boolean
|
|
echo reques
|
|
|
|
|
|
erroneous_header
boolean
|
|
erroneous header
|
|
|
|
|
|
fragment_reassembly_exceeded
boolean
|
|
fragment_reassembly_exceeded
|
|
|
|
|
|
hop_limit_exceeded
boolean
|
|
hop limit exceeded
|
|
|
|
|
|
neighbor_advertisement
boolean
|
|
neighbor advertisement
|
|
|
|
|
|
neighbor_solicitation
boolean
|
|
neighbor_solicitation
|
|
|
|
|
|
no_admin
boolean
|
|
no admin
|
|
|
|
|
|
no_route
boolean
|
|
no route
|
|
|
|
|
|
packet_too_big
boolean
|
|
packet too big
|
|
|
|
|
|
parameter_problem
boolean
|
|
parameter problem
|
|
|
|
|
|
port_unreachable
boolean
|
|
port unreachable
|
|
|
|
|
|
redirect_message
boolean
|
|
redirect message
|
|
|
|
|
|
reject_route
boolean
|
|
reject route
|
|
|
|
|
|
router_advertisement
boolean
|
|
router_advertisement
|
|
|
|
|
|
router_solicitation
boolean
|
|
router_solicitation
|
|
|
|
|
|
source_address_failed
boolean
|
|
source_address_failed
|
|
|
|
|
|
source_routing_error
boolean
|
|
source_routing_error
|
|
|
|
|
|
time_exceeded
boolean
|
|
time_exceeded
|
|
|
|
|
|
unreachable
boolean
|
|
unreachable
|
|
|
|
|
|
unrecognized_ipv6_option
boolean
|
|
unrecognized_ipv6_option
|
|
|
|
|
|
unrecognized_next_header
boolean
|
|
unrecognized_next_header
|
|
|
|
|
ip
dictionary
|
|
Internet Protocol.
|
|
|
|
|
|
nexthop_group
string
|
|
Nexthop-group name.
|
|
|
|
|
ipv6
dictionary
|
|
Internet V6 Protocol.
|
|
|
|
|
|
nexthop_group
string
|
|
Nexthop-group name.
|
|
|
|
|
tcp
dictionary
|
|
Options for tcp protocol.
|
|
|
|
|
|
flags
dictionary
|
|
Match TCP packet flags
|
|
|
|
|
|
|
ack
boolean
|
|
Match on the ACK bit
|
|
|
|
|
|
|
established
boolean
|
|
Match established connections
|
|
|
|
|
|
|
fin
boolean
|
|
Match on the FIN bit
|
|
|
|
|
|
|
psh
boolean
|
|
Match on the PSH bit
|
|
|
|
|
|
|
rst
boolean
|
|
Match on the RST bit
|
|
|
|
|
|
|
syn
boolean
|
|
Match on the SYN bit
|
|
|
|
|
|
|
urg
boolean
|
|
Match on the URG bit
|
|
|
|
remark
string
|
|
Specify a comment
|
|
|
|
sequence
integer
|
|
sequence number for the ordered list of rules
|
|
|
|
source
dictionary
|
|
The packet's source address
|
|
|
|
|
address
string
|
|
dotted decimal notation of IP address
|
|
|
|
|
any
boolean
|
|
Rule matches all source addresses
|
|
|
|
|
host
string
|
|
Host IP address
|
|
|
|
|
port_protocol
dictionary
|
|
Specify source port/protocoli, along with operator. (comes with tcp/udp).
|
|
|
|
|
subnet_address
string
|
|
A subnet address
|
|
|
|
|
wildcard_bits
string
|
|
Source wildcard bits
|
|
|
|
tracked
boolean
|
|
Match packets in existing ICMP/UDP/TCP connections
|
|
|
|
ttl
dictionary
|
|
Compares the TTL (time-to-live) value in the packet to a specified value
|
|
|
|
|
eq
integer
|
|
Match a single TTL value
|
|
|
|
|
gt
integer
|
|
Match TTL greater than this number
|
|
|
|
|
lt
integer
|
|
Match TTL lesser than this number
|
|
|
|
|
neq
integer
|
|
Match TTL not equal to this value
|
|
|
|
vlan
string
|
|
Vlan options
|
|
|
name
string
/ required
|
|
Name of the acl-list
|
|
|
standard
boolean
|
|
standard access-list or not
|
|
afi
string
/ required
|
|
The Address Family Indicator (AFI) for the Access Control Lists (ACL).
|
|
running_config
string
|
|
This option is used only with state parsed.
The value of this option should be the output received from the EOS device by executing the command show running-config | section access-list.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
|
|
state
string
|
Choices:
- deleted
merged ← - overridden
- replaced
- gathered
- rendered
- parsed
|
The state the configuration should be left in.
|