Resource Type: ios_acl

Defined in:

lib/puppet/type/ios_acl.rb

Overview

Manage ACL contents

Properties

• ack

  Match on the ACK bit.

• destination_address

  Destination Address. Either Destination Address, address object-group, any or destination host are required.

• destination_address_any

  Destination Address. Either Destination Address, address object-group, any or destination host are required.

• destination_address_group

  Destination Address object-group. Either Destination Address, address object-group, any or destination host are required.

• destination_address_host

  Destination Address. Either Destination Address, address object-group, any or destination host are required.

• destination_address_wildcard_mask

  Destination Address wildcard mask. Must be used with, and only used with, Destination Address.

• destination_eq

  Match only packets on a given port number.

• destination_gt

  Match only packets with a greater port number.

• destination_lt

  Match only packets with a lower port number.

• destination_neq

  Match only packets not on a given port number.

• destination_portgroup

  Destination port object-group.

• destination_range

  Match only packets in the range of port numbers.

• dscp

  Match packets with given dscp value.

• dynamic

  Name of a Dynamic list

• ensure (defaults to: present)

  Whether this access list entry should be present or absent on the target system.

• evaluation_name

  Evaluate an access list

• fin

  Match on the FIN bit.

• fragments

  Check non-initial fragments.

• icmp_message_code

  ICMP message code.

• icmp_message_type

  ICMP message type.

• igmp_message_type

  IGMP message type.

• log

  Log matches against this entry. Either log or log_input can be used, but not both.

• log_input

  Log matches against this entry, including input interface. Either log or log_input can be used, but not both.

• match_all

  Match if all specified flags are present.

• match_any

  Match if any specified flags are present.

• option

  Match packets with given IP Options value.

• permission

  Specify packets to forward/reject, or evaluate an access list

• precedence

  Match packets with given precedence value.

• protocol

  ACL Entry Protocol

• psh

  Match on the PSH bit.

• reflect

  Create reflexive access list entry.

• reflect_timeout

  Maximum time to live in seconds. Only to be used with reflect.

• rst

  Match on the RST bit.

• source_address

  Source Address. Either Source Address, address object-group, any or source host are required.

• source_address_any

  Source Address. Either Source Address, address object-group, any or source host are required.

• source_address_group

  Source Address object-group. Either Source Address, address object-group, any or source host are required.

• source_address_host

  Source Address. Either Source Address, address object-group, any or source host are required.

• source_address_wildcard_mask

  Source Address wildcard mask. Must be used with, and only used with, Source Address.

• source_eq

  Match only packets on a given port number.

• source_gt

  Match only packets with a greater port number.

• source_lt

  Match only packets with a lower port number.

• source_neq

  Match only packets not on a given port number.

• source_portgroup

  Destination port object-group.

• source_range

  Match only packets in the range of port numbers.

• syn

  Match on the SYN bit.

• time_range

  Specify a time-range.

• tos

  Match packets with given TOS value.

• urg

  Match on the URG bit.

Parameters

• access_list (namevar)

  Name of parent access list

• access_list_type (namevar)

  Type of access list - standard, extended, reflexive or no type

• entry (namevar)

  Name. Used as sequence number <1-2147483647>