sophos.sophos_firewall.sfos_service module – Manage Service (System > Hosts and services > Services)

Note

This module is part of the sophos.sophos_firewall collection (version 2.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sophos.sophos_firewall. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: sophos.sophos_firewall.sfos_service.

New in sophos.sophos_firewall 1.0.0

Synopsis

• Creates, updates or removes a Service (System > Hosts and services > Services) on Sophos Firewall

Requirements

The below requirements are needed on the host that executes this module.

• sophosfirewall-python

• Beginning in version 2.0.0, this module requires use of an httpapi connection plugin. See the HTTPAPI example for details.

Parameters

Parameter	Comments
action string	When performing an update, use to add or remove services from the list, or replace the list entirely Choices: "add" "remove" "replace" ← (default)
name string / required	Name of the Service object to create, update, or delete
service_list list / elements=dictionary	A list of ports/protocols to be included in the service definition.
dst_port string	Destination TCP or UDP port.
icmp_code string	ICMP code in numeric format.
icmp_type string	ICMP type in numeric format.
protocol string	TCP, UDP, or IP protocol number
src_port string	Source TCP or UDP port. Default: "1:65535"
state string / required	Use query to retrieve, present to create, absent to remove, or updated to modify Choices: "present" "absent" "updated" "query"
type string	Type of service object. Choices: "tcporudp" "ip" "icmp" "icmpv6"

Examples

- name: Retrieve Service
  sophos.sophos_firewall.sfos_service:
    name: TESTSERVICE
    state: query
  delegate_to: localhost

- name: Create Service
  sophos.sophos_firewall.sfos_service:
    name: TESTSERVICEWEB
    type: tcporudp
    service_list:
      - protocol: tcp
        src_port: 1:65535
        dst_port: 80
      - protocol: tcp
        src_port: 1:65535
        dst_port: 443
    state: present

- name: Add service to service list
  sophos.sophos_firewall.sfos_service:
    name: TESTSERVICEWEB
    service_list:
      - protocol: tcp
        src_port: 1:65535
        dst_port: 8888
    action: add
    state: updated
  delegate_to: localhost

- name: Add ICMP service
  sophos.sophos_firewall.sfos_service:
    name: TESTICMP
    type: icmp
    service_list:
    - icmp_type: "Echo Reply"
      icmp_code: "Any Code"
    state: present
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
api_response dictionary	Serialized object containing the API response. Returned: always

Authors

• Matt Mullen (@mamullen13316)

Collection links

• Issue Tracker
• Repository (Sources)

Warning

If the firewall is a member of a group in Central, the changes made by Ansible will override the settings of the group. The actual configuration on the firewall may then differ from what is displayed for the same setting in the Central group.