Hi there!
I want to create a access layer ruleset with sections and rules.
There are two modules provided by checkpoint which seem to be relevant:
I am having a yaml file which contains all rules in the right order, looking something like this:
-
Name: "FW MGMT"
Comments: "MGMT Clients to FW"
Action: Accept
Destination: o-fw01
Source: allow_fwmgmt
Enable: yes
Service:
- ssh_version_2
- https-tcp8443
-
Name: "GW Identity Access"
Comments: "Access f. Identity Awareness"
Action: Accept
Destination: fw01
Source: allow_fw-identity
Enable: yes
Service: https
-
Name: "FW Stealth"
Comments: "FW Stealth Rule"
Action: Drop
Destination: fw01
Source: Any
Enable: yes
Service: Any
The corresponding task looks something like this:
- name: set access rule
check_point.mgmt.cp_mgmt_access_rule:
name: "{{ item.Name }}"
position: "{{ index | int + 1 }}"
comments: "{{ item.Comments }}"
destination: "{{ item.Destination }}"
source: "{{ item.Source }}"
service: "{{ item.Service }}"
action: "{{ item.Action }}"
loop: "{{ cp_access_rules }}"
loop_control:
index_var: index
So it takes the first entry of the rules file and submits it as first rule to the rulebase, takes the second on and puts it on second position and so on, using the index.
Is it somehow possible to combine this with sections?
Is it possible to put sections between the rules in the same file and let ansible decide which task to execute?
I tried put a cp_mgmt_access_rule and a cp_mgmt_access_section in a block and loop the block but ansible does not support looping entire blocks.
Is there a better way to do this?
