Skip to content
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.

pfsense_nat_outbound

Frederic Bor edited this page Aug 9, 2020 · 3 revisions
> PFSENSE_NAT_OUTBOUND    (/home/fbor/ansible/lib/ansible/modules/network/pfsense/pfsense_nat_outbound.py)

  Manage pfSense Outbound NAT Entries

  * This module is maintained by The Ansible Community
OPTIONS (= is mandatory):

- address
  The translated to address, in {ALIAS,NETWORK}[:port] format. Leave address part empty to use interface address.
  [Default: None]
  type: str

- after
  Rule to go after, or "top"
  [Default: (null)]
  type: str

- before
  Rule to go before, or "bottom"
  [Default: (null)]
  type: str

= descr
  The name of the nat rule
  [Default: None]
  type: str

- destination
  The matching destination address, in {any,ALIAS,NETWORK}[:port] format.
  [Default: None]
  type: str

- disabled
  Is the rule disabled
  [Default: False]
  type: bool

- interface
  The interface for the rule
  [Default: (null)]
  type: str

- invert
  Invert the sense of the destination match.
  [Default: False]
  type: bool

- ipprotocol
  The Internet Protocol version this rule applies to.
  (Choices: inet, inet46, inet6)[Default: inet46]
  type: str

- nonat
  This option will disable NAT for traffic matching this rule and stop processing Outbound NAT rules
  [Default: False]
  type: bool

- nosync
  Prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.
  [Default: False]
  type: bool

- poolopts
  When an address pool is used, there are several options available that control how NAT translations happen on the pool.
  (Choices: , round-robin, round-robin sticky-address, random, random sticky-address, source-hash, bitmask)[Default: ]
  type: str

- protocol
  Which protocol this rule should match.
  (Choices: any, tcp, udp, tcp/udp, icmp, esp, ah, gre, ipv6, igmp, carp, pfsync)[Default: any]
  type: str

- source
  The matching source address, in {any,(self),ALIAS,NETWORK}[:port] format.
  [Default: None]
  type: str

- source_hash_key
  The key that is fed to the hashing algorithm in hex format, preceeded by "0x", or any string. A non-hex string is hashed using md5 to a hexadecimal key. Defaults to a randomly
  generated value.
  [Default: ]
  type: str

- state
  State in which to leave the rule
  (Choices: present, absent)[Default: present]
  type: str

- staticnatport
  Do not randomize source port
  [Default: False]
  type: bool


AUTHOR: Frederic Bor (@f-bor)
  METADATA:
    status:
    - preview
    supported_by: community
  

EXAMPLES:

- name: "Add NAT outbound traffic rule"
  pfsense_nat_outbound:
    descr: 'NAT outbound traffic'
    interface: wan
    source: any
    destination: any
    state: present
- name: "Delete NAT outbound traffic rule"
  pfsense_nat_outbound:
    descr: 'NAT outbound traffic'
    state: absent


RETURN VALUES:

commands:
    description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)
    returned: always
    type: list
    sample: ["create nat_outbound 'NAT outbound traffic', interface='wan', source='any', destination='any'", "delete nat_outbound 'NAT outbound traffic'"]
Clone this wiki locally