fc05c50b7f
* firewall global module Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * sanity fixed Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * test updated Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * sanity fixes Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * group member handling updated Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com> * comments incorporated Signed-off-by: rohitthakur2590 <rohitthakur2590@outlook.com>
218 lines
7 KiB
YAML
218 lines
7 KiB
YAML
---
|
|
merged:
|
|
before: []
|
|
|
|
|
|
commands:
|
|
- "set firewall group address-group MGMT-HOSTS address 192.0.1.1"
|
|
- "set firewall group address-group MGMT-HOSTS address 192.0.1.3"
|
|
- "set firewall group address-group MGMT-HOSTS address 192.0.1.5"
|
|
- "set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list'"
|
|
- "set firewall group address-group MGMT-HOSTS"
|
|
- "set firewall group network-group MGMT network 192.0.1.0/24"
|
|
- "set firewall group network-group MGMT description 'This group has the Management network addresses'"
|
|
- "set firewall group network-group MGMT"
|
|
- "set firewall ip-src-route 'enable'"
|
|
- "set firewall receive-redirects 'disable'"
|
|
- "set firewall send-redirects 'enable'"
|
|
- "set firewall config-trap 'enable'"
|
|
- "set firewall state-policy established action 'accept'"
|
|
- "set firewall state-policy established log 'enable'"
|
|
- "set firewall state-policy invalid action 'reject'"
|
|
- "set firewall broadcast-ping 'enable'"
|
|
- "set firewall all-ping 'enable'"
|
|
- "set firewall log-martians 'enable'"
|
|
- "set firewall twa-hazards-protection 'enable'"
|
|
- "set firewall syn-cookies 'enable'"
|
|
- "set firewall source-validation 'strict'"
|
|
|
|
after:
|
|
config_trap: true
|
|
group:
|
|
address_group:
|
|
- members:
|
|
- address: 192.0.1.1
|
|
- address: 192.0.1.3
|
|
- address: 192.0.1.5
|
|
description: This group has the Management hosts address list
|
|
name: MGMT-HOSTS
|
|
network_group:
|
|
- members:
|
|
- address: 192.0.1.0/24
|
|
description: This group has the Management network addresses
|
|
name: MGMT
|
|
log_martians: true
|
|
ping:
|
|
all: true
|
|
broadcast: true
|
|
route_redirects:
|
|
- afi: ipv4
|
|
icmp_redirects:
|
|
receive: false
|
|
send: true
|
|
ip_src_route: true
|
|
syn_cookies: true
|
|
state_policy:
|
|
- action: accept
|
|
connection_type: established
|
|
log: true
|
|
- action: reject
|
|
connection_type: invalid
|
|
twa_hazards_protection: true
|
|
validation: strict
|
|
|
|
populate:
|
|
validation: strict
|
|
config_trap: True
|
|
log_martians: True
|
|
syn_cookies: True
|
|
twa_hazards_protection: True
|
|
ping:
|
|
all: True
|
|
broadcast: True
|
|
state_policy:
|
|
- connection_type: 'established'
|
|
action: 'accept'
|
|
log: True
|
|
- connection_type: 'invalid'
|
|
action: 'reject'
|
|
route_redirects:
|
|
- afi: 'ipv4'
|
|
ip_src_route: True
|
|
icmp_redirects:
|
|
send: True
|
|
receive: False
|
|
group:
|
|
address_group:
|
|
- name: 'MGMT-HOSTS'
|
|
description: 'This group has the Management hosts address list'
|
|
members:
|
|
- address: 192.0.1.1
|
|
- address: 192.0.1.3
|
|
- address: 192.0.1.5
|
|
network_group:
|
|
- name: 'MGMT'
|
|
description: 'This group has the Management network addresses'
|
|
members:
|
|
- address: 192.0.1.0/24
|
|
|
|
replaced:
|
|
commands:
|
|
- "delete firewall group address-group MGMT-HOSTS"
|
|
- "set firewall group address-group SALES-HOSTS address 192.0.2.1"
|
|
- "set firewall group address-group SALES-HOSTS address 192.0.2.2"
|
|
- "set firewall group address-group SALES-HOSTS address 192.0.2.3"
|
|
- "set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'"
|
|
- "set firewall group address-group SALES-HOSTS"
|
|
- "set firewall group address-group ENG-HOSTS address 192.0.3.1"
|
|
- "set firewall group address-group ENG-HOSTS address 192.0.3.2"
|
|
- "set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'"
|
|
- "set firewall group address-group ENG-HOSTS"
|
|
|
|
after:
|
|
config_trap: true
|
|
group:
|
|
address_group:
|
|
- members:
|
|
- address: 192.0.3.1
|
|
- address: 192.0.3.2
|
|
description: 'Sales office hosts address list'
|
|
name: 'ENG-HOSTS'
|
|
- members:
|
|
- address: 192.0.2.1
|
|
- address: 192.0.2.2
|
|
- address: 192.0.2.3
|
|
description: 'Sales office hosts address list'
|
|
name: 'SALES-HOSTS'
|
|
network_group:
|
|
- members:
|
|
- address: 192.0.1.0/24
|
|
description: 'This group has the Management network addresses'
|
|
name: 'MGMT'
|
|
log_martians: true
|
|
ping:
|
|
all: true
|
|
broadcast: true
|
|
route_redirects:
|
|
- afi: 'ipv4'
|
|
icmp_redirects:
|
|
receive: false
|
|
send: true
|
|
ip_src_route: true
|
|
state_policy:
|
|
- action: 'accept'
|
|
connection_type: 'established'
|
|
log: true
|
|
- action: 'reject'
|
|
connection_type: 'invalid'
|
|
syn_cookies: true
|
|
twa_hazards_protection: true
|
|
validation: strict
|
|
rendered:
|
|
commands:
|
|
- set firewall group address-group SALES-HOSTS address 192.0.2.1
|
|
- set firewall group address-group SALES-HOSTS address 192.0.2.2
|
|
- set firewall group address-group SALES-HOSTS address 192.0.2.3
|
|
- set firewall group address-group SALES-HOSTS description 'Sales office hosts address list'
|
|
- set firewall group address-group SALES-HOSTS
|
|
- set firewall group address-group ENG-HOSTS address 192.0.3.1
|
|
- set firewall group address-group ENG-HOSTS address 192.0.3.2
|
|
- set firewall group address-group ENG-HOSTS description 'Sales office hosts address list'
|
|
- set firewall group address-group ENG-HOSTS
|
|
- set firewall group network-group MGMT network 192.0.1.0/24
|
|
- set firewall group network-group MGMT description 'This group has the Management network addresses'
|
|
- set firewall group network-group MGMT
|
|
- set firewall ip-src-route 'enable'
|
|
- set firewall receive-redirects 'disable'
|
|
- set firewall send-redirects 'enable'
|
|
- set firewall config-trap 'enable'
|
|
- set firewall state-policy established action 'accept'
|
|
- set firewall state-policy established log 'enable'
|
|
- set firewall state-policy invalid action 'reject'
|
|
- set firewall broadcast-ping 'enable'
|
|
- set firewall all-ping 'enable'
|
|
- set firewall log-martians 'enable'
|
|
- set firewall twa-hazards-protection 'enable'
|
|
- set firewall syn-cookies 'enable'
|
|
- set firewall source-validation 'strict'
|
|
deleted:
|
|
commands:
|
|
- "delete firewall "
|
|
|
|
after: []
|
|
|
|
round_trip:
|
|
after:
|
|
validation: strict
|
|
config_trap: False
|
|
log_martians: False
|
|
syn_cookies: False
|
|
twa_hazards_protection: False
|
|
ping:
|
|
all: False
|
|
broadcast: False
|
|
state_policy:
|
|
- connection_type: 'established'
|
|
action: 'accept'
|
|
log: True
|
|
- connection_type: 'invalid'
|
|
action: 'reject'
|
|
route_redirects:
|
|
- afi: 'ipv4'
|
|
ip_src_route: True
|
|
icmp_redirects:
|
|
send: True
|
|
receive: False
|
|
group:
|
|
address_group:
|
|
- name: 'MGMT-HOSTS'
|
|
description: 'This group has the Management hosts address list'
|
|
members:
|
|
- address: 192.0.1.1
|
|
- address: 192.0.1.3
|
|
- address: 192.0.1.5
|
|
network_group:
|
|
- name: 'MGMT'
|
|
description: 'This group has the Management network addresses'
|
|
members:
|
|
- address: 192.0.1.0/24
|