Forum Discussion
sels1987
Nimbostratus
NimbostratusAdd rule or rulelist at beginning F5 security firewall policy using ansible
Hi Team, We can see option called "Add rulelist at beginning" in BigIP server. To achieve this through automation, I don't find an option in ansible. I used the listed below module to add rulelist b...
Matt_Mabis
Employee
EmployeeHey sels1987
Did you happen to see this post? - https://community.f5.com/t5/technical-forum/ansible-configuration-of-a-firewall-rule-list-to-be-added-on/m-p/313452
Is this what you are looking for?
sels1987Nimbostratus
NimbostratusHi Matt,
This link has partial answer.
1. How to bring rules and rulelists name of firewall security policy
ex: I have a policy "POL01" and have 3 rules - Rule01, Rule02 & Rule03, 2 rulelists - Rulelist01 & Rulelist02 and default-deny rule.
I am using tmsh list security firewall policy POL01 command to bring firewall policy details as I don't find f5_modules to get security firewall policy rules/rulelists. Unable to use the output of tmsh to convert to JSON or any object.
2. I added a new rule or rulelist. But not associate to policy. Assume, I got name of rules, rulelists of policy and execute bigip_firewall_rule module to associate and order the new rule/rulelist. Order & association happened as expected. But problem here is new rule or rulelist is not have proper configuration instead it has default deny configuration.
Workaround: Associate new rule/rulelist then for order the rules/rulelist - use "Dummy" in the rules ["New-Rulelist", "Rulelist01", "Rulelist02", "Rule01", "Rule02", "Rule03", "Default-Deny", "Dummy"] and then order again without "Dummy" ["New-Rulelist", "Rulelist01", "Rulelist02", "Rule01", "Rule02", "Rule03", "Default-Deny"].
- sels1987
Please ignore my second point as thread have answer to switch association and order to solve blank rule issue.
Please help for the first point. - How to bring rules and rulelists name of firewall security policy