sophos.sophos_firewall.sfos_service_acl_exception module – Manage Local Service Exception ACL Rules (System > Administration > Device Access)

Note

This module is part of the sophos.sophos_firewall collection (version 2.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sophos.sophos_firewall. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: sophos.sophos_firewall.sfos_service_acl_exception.

New in sophos.sophos_firewall 1.0.0

Synopsis

• Creates, updates or removes an Local Service Exception Rule (System > Administration > Device Access) on Sophos Firewall

Requirements

The below requirements are needed on the host that executes this module.

• sophosfirewall-python

• Beginning in version 2.0.0, this module requires use of an httpapi connection plugin. See the HTTPAPI example for details.

Parameters

Parameter	Comments
action string	Accept or Drop. Choices: "accept" "drop"
description string	Description of the Local service ACL exception rule.
dest_list list / elements=string	Destination Host(s).
name string / required	Name of the Local service ACL exception rule to create, update, or delete
position string	Position of the rule (Top or Bottom). Choices: "top" "bottom" ← (default)
service_list list / elements=string	Service(s).
source_list list / elements=string	Source Network(s) or Host(s).
source_zone string	Source zone of the Local service ACL exception rule.
state string / required	Use query to retrieve, present to create, absent to remove, or updated to modify Choices: "present" "absent" "updated" "query"
update_action string	Indicate whether entries specified for source_list, dest_list, or service_list should be added or removed from, or replaced when updating. Choices: "add" ← (default) "remove" "replace"

Examples

- name: Retrieve Local service ACL exception rule
  sophos.sophos_firewall.sfos_service_acl_exception:
    name: TESTACLRULE
    state: query

- name: Create Local service ACL exception rule
  sophos.sophos_firewall.sfos_service_acl_exception:
    name: TESTACLRULE
    description: Test ACL Rule
    position: bottom
    source_zone: LAN
    source_list:
      - TESTHOST1
      - TESTHOST2
    dest_list:
      - TESTHOST3
    service_list:
      - HTTP
      - HTTPS
    action: drop
    state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
api_response dictionary	Serialized object containing the API response. Returned: always

Authors

• Matt Mullen (@mamullen13316)

Collection links

• Issue Tracker
• Repository (Sources)

Warning

If the firewall is a member of a group in Central, the changes made by Ansible will override the settings of the group. The actual configuration on the firewall may then differ from what is displayed for the same setting in the Central group.