Firewall Savepoint
STATE: unstable
TESTS: Playbook
API Docs: Core - Firewall
Info
You can use those savepoints to prevent lockout-situations when managing rulesets remotely.
Here is the basic process:
It currently just works with the ‘Firewall’ plugin:
Definition
Parameter |
Type |
Required |
Default |
Aliases |
Comment |
---|---|---|---|---|---|
name |
string |
false |
‘create’ |
Action to execute. One of: ‘create’, ‘revert’, ‘apply’, ‘cancel_rollback’, ‘cancel’ |
|
revision |
string |
false, true if action is one of ‘apply’, ‘revert’ or ‘cancel_rollback’ |
- |
Savepoint revision to apply, revert or cancel_rollback |
|
controller |
string |
false |
‘filter’ |
Controller to manage the savepoint of. One of: ‘source_nat’, ‘filter’ |
|
api_module |
string |
false |
‘firewall’ |
Module to manage the savepoint of. Currently only supports ‘firewall’ |
For basic parameters see: Basic
Examples
- hosts: localhost
gather_facts: no
module_defaults:
group/ansibleguy.opnsense.all:
firewall: 'opnsense.template.ansibleguy.net'
api_credential_file: '/home/guy/.secret/opn.key'
tasks:
- name: Create a savepoint for firewall filters
ansibleguy.opnsense.savepoint:
action: 'create'
controller: 'filter' # default
register: filter_savepoint
- name: Apply savepoint
ansibleguy.opnsense.savepoint:
action: 'apply'
revision: "{{ filter_savepoint.revision }}"
- name: Revert savepoint
ansibleguy.opnsense.savepoint:
action: 'revert'
revision: "{{ filter_savepoint.revision }}"
- name: Create a savepoint for firewall source-nat
ansibleguy.opnsense.savepoint:
action: 'create'
controller: 'source_nat'
register: snat_savepoint
- name: Remove source-nat savepoint (else it will be reverted automatically)
ansibleguy.opnsense.savepoint:
action: 'cancel_rollback'
controller: 'source_nat'
revision: "{{ snat_savepoint.revision }}"