Forum Discussion
Add rule or rulelist at beginning F5 security firewall policy using ansible
Hi Team,
We can see option called "Add rulelist at beginning" in BigIP server. To achieve this through automation, I don't find an option in ansible. I used the listed below module to add rulelist but adding to first position is a blocker.
- F5Networks.F5_Modules
Please help to get a solution to the issue.
- Matt_MabisEmployee
Hey sels1987
Did you happen to see this post? - https://community.f5.com/t5/technical-forum/ansible-configuration-of-a-firewall-rule-list-to-be-added-on/m-p/313452
Is this what you are looking for?
- sels1987Nimbostratus
Hi Matt,
This link has partial answer.
1. How to bring rules and rulelists name of firewall security policy
ex: I have a policy "POL01" and have 3 rules - Rule01, Rule02 & Rule03, 2 rulelists - Rulelist01 & Rulelist02 and default-deny rule.
I am using tmsh list security firewall policy POL01 command to bring firewall policy details as I don't find f5_modules to get security firewall policy rules/rulelists. Unable to use the output of tmsh to convert to JSON or any object.
2. I added a new rule or rulelist. But not associate to policy. Assume, I got name of rules, rulelists of policy and execute bigip_firewall_rule module to associate and order the new rule/rulelist. Order & association happened as expected. But problem here is new rule or rulelist is not have proper configuration instead it has default deny configuration.
Workaround: Associate new rule/rulelist then for order the rules/rulelist - use "Dummy" in the rules ["New-Rulelist", "Rulelist01", "Rulelist02", "Rule01", "Rule02", "Rule03", "Default-Deny", "Dummy"] and then order again without "Dummy" ["New-Rulelist", "Rulelist01", "Rulelist02", "Rule01", "Rule02", "Rule03", "Default-Deny"].
- sels1987Nimbostratus
Please ignore my second point as thread have answer to switch association and order to solve blank rule issue.
Please help for the first point. - How to bring rules and rulelists name of firewall security policy
- sels1987Nimbostratus
Hi Team,
Do we have option to fetch rules, rulelists name of security firewall rules ? This is a blocker for me.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com