Class: Ansible::Ruby::Modules::Iptables

Inherits:

Base

• Object
• Ansible::Ruby::Models::Base
• Base
• Ansible::Ruby::Modules::Iptables

Defined in:

lib/ansible/ruby/modules/generated/system/iptables.rb

Overview

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. This module does not handle the saving and/or loading of rules, but rather only manipulates the current rules that are present in memory. This is the same as the behaviour of the C(iptables) and C(ip6tables) command which this module uses internally.

Instance Method Summary

• #action ⇒ :append, ...

  Whether the rule should be appended at the bottom or inserted at the top.,If the rule already exists the chain won’t be modified.

• #chain ⇒ String^?

  Chain to operate on.,This option can either be the name of a user defined chain or any of the builtin chains: ‘INPUT’, ‘FORWARD’, ‘OUTPUT’, ‘PREROUTING’, ‘POSTROUTING’, ‘SECMARK’, ‘CONNSECMARK’.

• #comment ⇒ String^?

  This specifies a comment that will be added to the rule.

• #ctstate ⇒ :DNAT, ...

  C(ctstate) is a list of the connection states to match in the conntrack module.

• #destination ⇒ Object^?

  Destination specification.,Address can be either a network name, a hostname, a network IP address (with /mask), or a plain IP address.,Hostnames will be resolved once only, before the rule is submitted to the kernel.

• #destination_port ⇒ Integer^?

  Destination port or port range specification.

• #flush ⇒ Object^?

  Flushes the specified table and chain of all rules.,If no chain is specified then the entire table is purged.,Ignores all other parameters.

• #fragment ⇒ Object^?

  This means that the rule only refers to second and further fragments of fragmented packets.

• #goto ⇒ Object^?

  This specifies that the processing should continue in a user specified chain.

• #icmp_type ⇒ Object^?

  This allows specification of the ICMP type, which can be a numeric ICMP type, type/code pair, or one of the ICMP type names shown by the command ‘iptables -p icmp -h’.

• #in_interface ⇒ String^?

  Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD and PREROUTING chains).

• #ip_version ⇒ :ipv4, ...

  Which version of the IP protocol this rule should apply to.

• #jump ⇒ String^?

  This specifies the target of the rule; i.e., what to do if the packet matches it.

• #limit ⇒ Object^?

  Specifies the maximum average number of matches to allow per second.,The number can specify units explicitly, using ‘/second’, ‘/minute’, ‘/hour’ or ‘/day’, or parts of them (so ‘5/second’ is the same as ‘5/s’).

• #limit_burst ⇒ Object^?

  Specifies the maximum burst before the above limit kicks in.

• #log_prefix ⇒ Object^?

  Specifies a log text for the rule.

• #match ⇒ Object^?

  Specifies a match to use, that is, an extension module that tests for a specific property.

• #out_interface ⇒ Object^?

  Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains).

• #policy ⇒ :ACCEPT, ...

  Set the policy for the chain to the given target.,Only built-in chains can have policies.,This parameter requires the C(chain) parameter.,Ignores all other parameters.

• #protocol ⇒ String^?

  The protocol of the rule or of the packet to check.,The specified protocol can be one of tcp, udp, udplite, icmp, esp, ah, sctp or the special keyword “all”, or it can be a numeric value, representing one of these protocols or a different one.

• #reject_with ⇒ String^?

  Specifies the error packet type to return while rejecting.

• #rule_num ⇒ Integer^?

  Insert the rule as the given rule number.

• #set_counters ⇒ Object^?

  This enables the administrator to initialize the packet and byte counters of a rule (during INSERT, APPEND, REPLACE operations).

• #set_dscp_mark ⇒ Integer^?

  This allows specifying a DSCP mark to be added to packets.

• #set_dscp_mark_class ⇒ String^?

  This allows specifying a predefined DiffServ class which will be translated to the corresponding DSCP mark.,Mutually exclusive with C(set_dscp_mark).

• #source ⇒ String^?

  Source specification.,Address can be either a network name, a hostname, a network IP address (with /mask), or a plain IP address.,Hostnames will be resolved once only, before the rule is submitted to the kernel.

• #source_port ⇒ Object^?

  Source port or port range specification.

• #state ⇒ :absent, ...

  Whether the rule should be absent or present.

• #syn ⇒ :ignore, ...

  This allows matching packets that have the SYN bit set and the ACK and RST bits unset.,When negated, this matches all packets with the RST or the ACK bits set.

• #table ⇒ :filter, ...

  This option specifies the packet matching table which the command should operate on.

• #tcp_flags ⇒ Object^?

  TCP flags specification.,C(tcp_flags) expects a dict with the two keys C(flags) and C(flags_set).

• #to_destination ⇒ Object^?

  This specifies a destination address to use with DNAT.,Without this, the destination address is never altered.

• #to_ports ⇒ Integer^?

  This specifies a destination port or range of ports to use: without this, the destination port is never altered.

• #to_source ⇒ Object^?

  This specifies a source address to use with SNAT.,Without this, the source address is never altered.

• #uid_owner ⇒ Object^?

  Specifies the UID or username to use in match by owner rule.

Methods inherited from Base

#ansible_name, #to_h

Methods inherited from Ansible::Ruby::Models::Base

attr_option, attr_options, attribute, fix_inclusion, #initialize, remove_existing_validations, #to_h, validates

Constructor Details

This class inherits a constructor from Ansible::Ruby::Models::Base

Instance Method Details

#action ⇒ :append, ...

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 21

attribute :action

#chain ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 33

attribute :chain

#comment ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 106

attribute :comment

#ctstate ⇒ :DNAT, ...

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 110

attribute :ctstate

#destination ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 45

attribute :destination

#destination_port ⇒ Integer^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 80

attribute :destination_port

#flush ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 130

attribute :flush

#fragment ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 71

attribute :fragment

#goto ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 61

attribute :goto

#icmp_type ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 127

attribute :icmp_type

#in_interface ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 64

attribute :in_interface

#ip_version ⇒ :ipv4, ...

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 29

attribute :ip_version

#jump ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 54

attribute :jump

#limit ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 114

attribute :limit

#limit_burst ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 117

attribute :limit_burst

#log_prefix ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 58

attribute :log_prefix

#match ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 51

attribute :match

#out_interface ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 68

attribute :out_interface

#policy ⇒ :ACCEPT, ...

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 133

attribute :policy

#protocol ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 37

attribute :protocol

#reject_with ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 123

attribute :reject_with

#rule_num ⇒ Integer^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 25

attribute :rule_num

#set_counters ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 74

attribute :set_counters

#set_dscp_mark ⇒ Integer^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 98

attribute :set_dscp_mark

#set_dscp_mark_class ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 102

attribute :set_dscp_mark_class

#source ⇒ String^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 41

attribute :source

#source_port ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 77

attribute :source_port

#state ⇒ :absent, ...

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 17

attribute :state

#syn ⇒ :ignore, ...

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 94

attribute :syn

#table ⇒ :filter, ...

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 13

attribute :table

#tcp_flags ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 48

attribute :tcp_flags

#to_destination ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 88

attribute :to_destination

#to_ports ⇒ Integer^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 84

attribute :to_ports

#to_source ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 91

attribute :to_source

#uid_owner ⇒ Object^?

# File 'lib/ansible/ruby/modules/generated/system/iptables.rb', line 120

attribute :uid_owner