diff --git a/plugins/module_utils/rule.py b/plugins/module_utils/rule.py index 25ace9ea..20c744cd 100644 --- a/plugins/module_utils/rule.py +++ b/plugins/module_utils/rule.py @@ -40,6 +40,7 @@ icmptype=dict(default='any', required=False, type='str'), sched=dict(required=False, type='str'), quick=dict(default=False, type='bool'), + invert=dict(default=False, required=False, type='bool'), ) RULE_REQUIRED_IF = [ @@ -116,6 +117,9 @@ def _params_to_obj(self): if params.get('destination_port'): self.pfsense.parse_port(params['destination_port'], obj['destination']) + if self.params['invert']: + obj['destination']['not'] = '' + if params['protocol'] not in ['tcp', 'udp', 'tcp/udp'] and ('port' in obj['source'] or 'port' in obj['destination']): self.module.fail_json(msg="{0}: you can't use ports on protocols other than tcp, udp or tcp/udp".format(self._get_obj_name())) diff --git a/plugins/modules/pfsense_aggregate.py b/plugins/modules/pfsense_aggregate.py index a7fa77b6..10d5dfc6 100644 --- a/plugins/modules/pfsense_aggregate.py +++ b/plugins/modules/pfsense_aggregate.py @@ -361,6 +361,10 @@ - An inclusive range can also be specified, using the format C(first-last).. default: null type: str + invert: + description: Invert the sense of the destination match. + default: false + type: bool destination: description: The destination address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format. default: null diff --git a/plugins/modules/pfsense_rule.py b/plugins/modules/pfsense_rule.py index 0c22db1e..eb0ae662 100644 --- a/plugins/modules/pfsense_rule.py +++ b/plugins/modules/pfsense_rule.py @@ -73,6 +73,10 @@ - An inclusive range can also be specified, using the format C(first-last).. default: null type: str + invert: + description: Invert the sense of the destination match. + default: false + type: bool destination: description: The destination address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format. default: null