Hi Dan, thanks for your feedback. In fact, the -1 solution does work in ansible. However, this will open traffic to all ICMP types (which I would like to avoid). According to James Cammarata's link earlier in this conversation, the ICMP code types map to AWS from_port settings when we want to set ICMP rules up with ansible/boto through the AWS API:
"The start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number)." Maybe I am still misunderstanding something. Could you give a code example to only open echo (8) and echo reply (0)? This is possible when I use the AWS dashboard, so it should also be possible programmatically. Thanks so much, Markus On Monday, February 16, 2015 at 10:03:29 PM UTC+1, Dan Vaida wrote: > > I guess you misunderstood how ICMP works. > Try this: > - proto: icmp > from_port: -1 > to_port: -1 > > > > On Monday, 16 February 2015 12:06:50 UTC+1, Markus Klems wrote: >> >> Hi, >> >> I tried the solution as follows but it does not work for me: >> >> - proto: icmp >> from_port: 0 >> to_port: 0 >> cidr_ip: 0.0.0.0/0 >> - proto: icmp >> from_port: 8 >> to_port: 8 >> cidr_ip: 0.0.0.0/0 >> >> In my AWS security group dashboard, I can see the following two lines >> added: >> >> Custom ICMP Rule >> Echo Request >> 8 >> 0.0.0.0/0 >> >> Custom ICMP Rule >> Echo Reply >> 0 >> 0.0.0.0/0 >> >> Unfortunately, I still cannot ping my server. When I manually add the two >> custom ICMP rules on the AWS dashboard it works, though. When I add the >> ICMP rules on the dashboard, the port number is "N/A" whereas when I add >> the rules with Ansible they correspond to the ICMP type number. >> >> Does it work for anybody else / could you post an example? >> >> Thanks, >> >> Markus >> On Wednesday, June 18, 2014 at 5:04:53 PM UTC+2, James Cammarata wrote: >>> >>> Looking through the code, I don't see any reason why an ICMP rule should >>> not work. We do not filter based on the specified protocol in the list. >>> >>> According to >>> http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html, >>> >>> when creating an ICMP rule, the from_port should be used to specify the >>> ICMP type number (or -1 for all ICMP types). >>> >>> Feel free to send us a pull request with an example for an ICMP rule as >>> well. >>> >>> >>> On Wed, Jun 18, 2014 at 2:17 AM, iain wright <[email protected]> wrote: >>> >>>> I'm wondering if the ec2 groups module supports the icmp protocol. >>>> >>>> I've tried a few combinations of rules and am not having much luck -- i >>>> don't see an example for it in the docs here: >>>> https://github.com/ansible/ansible/blob/release1.6.3/library/cloud/ec2_group >>>> >>>> Thank you, >>>> iain >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/99cdbaef-0492-4042-a405-8059afada15c%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/ansible-project/99cdbaef-0492-4042-a405-8059afada15c%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/79e9d25a-2aa3-47f0-9bed-e809bbe2ef40%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
