File: //lib/python3.9/site-packages/ansible_collections/dellemc/os9/roles/os9_acl/templates/os9_acl.j2
#jinja2: trim_blocks: True,lstrip_blocks: True
{####################################
Purpose:
Configure ACL commands for os9 devices
os9_acl:
- name: ssh-only
type: ipv4
description: acl
extended: true
remark:
- number: 1
description: helloworld
state: present
entries:
- number: 10
permit: true
protocol: tcp
source: any
destination: any
src_condition: eq 22
dest_condition: ack
other_options: count
state: present
stage_ingress:
- name: fortyGigE 1/8
state: present
- name: fortyGigE 1/9
state: present
stage_egress:
- name: fortyGigE 1/19
state: present
lineterminal:
- line: vty 0
state: present
- line: vty 1
state: present
state: present
- name: ipv6-ssh-only
type: ipv6
entries:
- number: 10
permit: true
protocol: ipv6
source: 2001:4898::/32
destination: any
- number: 20
permit: true
protocol: tcp
source: any
src_condition: ack
destination: any
- number: 40
permit: true
protocol: tcp
source: any
destination: any
state: present
lineterminal:
- line: vty 0
state: present
- line: vty 1
state: present
#####################################}
{% if os9_acl is defined and os9_acl %}
{% for val in os9_acl
%}
{% if val.name is defined and val.name %}
{% if val.state is defined and val.state == "absent" %}
{% if val.type is defined and val.type == "ipv4" %}
{% if val.extended is defined and val.extended %}
no ip access-list extended {{ val.name }}
{% else %}
no ip access-list standard {{ val.name }}
{% endif %}
{% elif val.type is defined and val.type == "ipv6" %}
no ipv6 access-list {{ val.name }}
{% elif val.type is defined and val.type == "mac" %}
{% if val.extended is defined and val.extended %}
no mac access-list extended {{ val.name }}
{% else %}
no mac access-list standard {{ val.name }}
{% endif %}
{% endif %}
{% else %}
{% if val.type is defined and val.type == "ipv4" %}
{% if val.extended is defined and val.extended %}
ip access-list extended {{ val.name }}
{% else %}
ip access-list standard {{ val.name }}
{% endif %}
{% elif val.type is defined and val.type == "ipv6" %}
ipv6 access-list {{ val.name }}
{% elif val.type is defined and val.type == "mac" %}
{% if val.extended is defined and val.extended %}
mac access-list extended {{ val.name }}
{% else %}
mac access-list standard {{ val.name }}
{% endif %}
{% endif %}
{% if val.description is defined %}
{% if val.description %}
description {{ val.description }}
{% else %}
no description a
{% endif %}
{% endif %}
{% if val.remark is defined and val.remark %}
{% for remark in val.remark %}
{% if remark.number is defined and remark.number %}
{% if remark.state is defined and remark.state == "absent" %}
no remark {{ remark.number }}
{% else %}
{% if remark.description is defined and remark.description %}
remark {{ remark.number }} {{ remark.description }}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% if val.entries is defined and val.entries %}
{% for rule in val.entries %}
{% if rule.number is defined and rule.number %}
{% if rule.state is defined and rule.state == "absent" %}
no seq {{ rule.number }}
{% else %}
{% if rule.permit is defined %}
{% if rule.permit %}
{% set is_permit = "permit" %}
{% else %}
{% set is_permit = "deny" %}
{% endif %}
{% if val.type is defined and val.type == "mac" %}
{% if rule.source is defined and rule.source %}
{% if rule.destination is defined and rule.destination %}
{% if rule.other_options is defined and rule.other_options %}
{% if rule.other_options == "log" %}
{% set other_options = rule.other_options + ' threshold-in-msgs 10 interval 5' %}
{% else %}
{% set other_options = rule.other_options %}
{% endif %}
seq {{ rule.number }} {{ is_permit }} {{ rule.source }} {{ rule.destination }} {{ other_options }}
{% else %}
seq {{ rule.number }} {{ is_permit }} {{ rule.source }} {{ rule.destination }}
{% endif %}
{% endif %}
{% endif %}
{% else %}
{% if rule.protocol is defined and rule.protocol %}
{% if rule.source is defined and rule.source %}
{% if rule.destination is defined and rule.destination %}
{% if rule.src_condition is defined and rule.src_condition %}
{% if rule.dest_condition is defined and rule.dest_condition %}
{% if rule.other_options is defined and rule.other_options %}
{% if rule.other_options == "log" %}
{% set other_options = rule.other_options + ' threshold-in-msgs 10 interval 5' %}
{% else %}
{% set other_options = rule.other_options %}
{% endif %}
seq {{ rule.number }} {{ is_permit }} {{ rule.protocol }} {{ rule.source }} {{ rule.src_condition }} {{ rule.destination }} {{ rule.dest_condition }} {{ other_options }}
{% else %}
seq {{ rule.number }} {{ is_permit }} {{ rule.protocol }} {{ rule.source }} {{ rule.src_condition }} {{ rule.destination }} {{ rule.dest_condition }}
{% endif %}
{% else %}
{% if rule.other_options is defined and rule.other_options %}
{% if rule.other_options == "log" %}
{% set other_options = rule.other_options + ' threshold-in-msgs 10 interval 5' %}
{% else %}
{% set other_options = rule.other_options %}
{% endif %}
seq {{ rule.number }} {{ is_permit }} {{ rule.protocol }} {{ rule.source }} {{ rule.src_condition }} {{ rule.destination }} {{ other_options }}
{% else %}
seq {{ rule.number }} {{ is_permit }} {{ rule.protocol }} {{ rule.source }} {{ rule.src_condition }} {{ rule.destination }}
{% endif %}
{% endif %}
{% else %}
{% if rule.dest_condition is defined and rule.dest_condition %}
{% if rule.other_options is defined and rule.other_options %}
{% if rule.other_options == "log" %}
{% set other_options = rule.other_options + ' threshold-in-msgs 10 interval 5' %}
{% else %}
{% set other_options = rule.other_options %}
{% endif %}
seq {{ rule.number }} {{ is_permit }} {{ rule.protocol }} {{ rule.source }} {{ rule.destination }} {{ rule.dest_condition }} {{ other_options }}
{% else %}
seq {{ rule.number }} {{ is_permit }} {{ rule.protocol }} {{ rule.source }} {{ rule.destination }} {{ rule.dest_condition }}
{% endif %}
{% else %}
{% if rule.other_options is defined and rule.other_options %}
{% if rule.other_options == "log" %}
{% set other_options = rule.other_options + ' threshold-in-msgs 10 interval 5' %}
{% else %}
{% set other_options = rule.other_options %}
{% endif %}
seq {{ rule.number }} {{ is_permit }} {{ rule.protocol }} {{ rule.source }} {{ rule.destination }} {{ other_options }}
{% else %}
seq {{ rule.number }} {{ is_permit }} {{ rule.protocol }} {{ rule.source }} {{ rule.destination }}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% if val.lineterminal is defined and val.lineterminal %}
{% if val.type is defined and not val.type == "mac" %}
{% for vty in val.lineterminal %}
{% if vty.line is defined and vty.line %}
line {{ vty.line }}
{% if vty.state is defined and vty.state == "absent" %}
no access-class {{ val.name }} {{ val.type }}
{% else %}
access-class {{ val.name }} {{ val.type }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}
{% if val.stage_ingress is defined and val.stage_ingress %}
{% for intf in val.stage_ingress %}
{% if intf.state is defined and intf.state == "absent" %}
{% if intf.name is defined and intf.name %}
interface {{ intf.name }}
{% if val.type is defined and val.type == "mac" %}
no mac access-group {{ val.name }} in
{% else %}
no ip access-group {{ val.name }} in
{% endif %}
{% endif %}
{% else %}
{% if intf.name is defined and intf.name %}
interface {{ intf.name }}
{% if val.type is defined and val.type == "mac" %}
mac access-group {{ val.name }} in
{% else %}
ip access-group {{ val.name }} in
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% if val.stage_egress is defined and val.stage_egress %}
{% for intf in val.stage_egress %}
{% if intf.state is defined and intf.state == "absent" %}
{% if intf.name is defined and intf.name %}
interface {{ intf.name }}
{% if val.type is defined and val.type == "mac" %}
no mac access-group {{ val.name }} out
{% else %}
no ip access-group {{ val.name }} out
{% endif %}
{% endif %}
{% else %}
{% if intf.name is defined and intf.name %}
interface {{ intf.name }}
{% if val.type is defined and val.type == "mac" %}
mac access-group {{ val.name }} out
{% else %}
ip access-group {{ val.name }} out
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}