Resource Type: ios_acl_entry

Defined in:

lib/puppet/type/ios_acl_entry.rb

Overview

Configure access lists entries. Deprecated, due to unreconcilable implementation issues. Use the ios_acl type instead.

Properties

• access_list

  Name of parent access list

• ack

  Match on the ACK bit.

• destination_address

  Destination Address. Either Destination Address, address object-group, any or destination host are required.

• destination_address_any

  Destination Address. Either Destination Address, address object-group, any or destination host are required.

• destination_address_group

  Destination Address object-group. Either Destination Address, address object-group, any or destination host are required.

• destination_address_host

  Destination Address. Either Destination Address, address object-group, any or destination host are required.

• destination_address_wildcard_mask

  Destination Address wildcard mask. Must be used with, and only used with, Destination Address.

• destination_eq

  Match only packets on a given port number.

• destination_gt

  Match only packets with a greater port number.

• destination_lt

  Match only packets with a lower port number.

• destination_neq

  Match only packets not on a given port number.

• destination_portgroup

  Destination port object-group.

• destination_range

  Match only packets in the range of port numbers.

• dscp

  Match packets with given dscp value.

• dynamic

  Name of a Dynamic list

• ensure (defaults to: present)

  Whether this access list entry should be present or absent on the target system.

• entry

  Name. Used as sequence number <1-2147483647>

• evaluation_name

  Evaluate an access list

• fin

  Match on the FIN bit.

• fragments

  Check non-initial fragments.

• icmp_message_code

  ICMP message code.

• icmp_message_type

  ICMP message type.

• igmp_message_type

  IGMP message type.

• log

  Log matches against this entry. Either log or log_input can be used, but not both.

• log_input

  Log matches against this entry, including input interface. Either log or log_input can be used, but not both.

• match_all

  Match if all specified flags are present.

• match_any

  Match if any specified flags are present.

• option

  Match packets with given IP Options value.

• permission

  Specify packets to forward/reject, or evaluate an access list

• precedence

  Match packets with given precedence value.

• protocol

  The ACL Entry Protocol

  Example: “‘puppet protocol => ’tcp’ “‘ “`puppet protocol => ’8’ “‘

• psh

  Match on the PSH bit.

• reflect

  Create reflexive access list entry.

• reflect_timeout

  Maximum time to live in seconds. Only to be used with reflect.

• rst

  Match on the RST bit.

• source_address

  Source Address. Either Source Address, address object-group, any or source host are required.

• source_address_any

  Source Address. Either Source Address, address object-group, any or source host are required.

• source_address_group

  Source Address object-group. Either Source Address, address object-group, any or source host are required.

• source_address_host

  Source Address. Either Source Address, address object-group, any or source host are required.

• source_address_wildcard_mask

  Source Address wildcard mask. Must be used with, and only used with, Source Address.

• source_eq

  Match only packets on a given port number.

• source_gt

  Match only packets with a greater port number.

• source_lt

  Match only packets with a lower port number.

• source_neq

  Match only packets not on a given port number.

• source_portgroup

  Destination port object-group.

• source_range

  Match only packets in the range of port numbers.

• syn

  Match on the SYN bit.

• time_range

  Specify a time-range.

• tos

  Match packets with given TOS value.

• urg

  Match on the URG bit.

Parameters

• name (namevar)

  Name. Made up of access_list and the entry with a space seperator. eg. “list42 10” is from access_list list42 and entry 10.