Hey Markus, Apologies for rushing in like that. Always a bad idea to answer in mailing list threads while commuting :) What version of Ansible are you sporting? Brian committed this piece of code: https://github.com/ansible/ansible-modules-core/commit/e174c9b4741a14dc5ab3cbe0506cef4010396155 I believe it could help you.
On Monday, 16 February 2015 22:26:29 UTC+1, Markus Klems wrote: > > Hi Dan, > > thanks for your feedback. In fact, the -1 solution does work in ansible. > However, this will open traffic to all ICMP types (which I would like to > avoid). According to James Cammarata's link earlier in this conversation, > the ICMP code types map to AWS from_port settings when we want to set ICMP > rules up with ansible/boto through the AWS API: > > "The start of port range for the TCP and UDP protocols, or an ICMP type > number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type > number)." > > Maybe I am still misunderstanding something. Could you give a code example > to only open echo (8) and echo reply (0)? This is possible when I use the > AWS dashboard, so it should also be possible programmatically. > > Thanks so much, > > Markus > > On Monday, February 16, 2015 at 10:03:29 PM UTC+1, Dan Vaida wrote: >> >> I guess you misunderstood how ICMP works. >> Try this: >> - proto: icmp >> from_port: -1 >> to_port: -1 >> >> >> >> On Monday, 16 February 2015 12:06:50 UTC+1, Markus Klems wrote: >>> >>> Hi, >>> >>> I tried the solution as follows but it does not work for me: >>> >>> - proto: icmp >>> from_port: 0 >>> to_port: 0 >>> cidr_ip: 0.0.0.0/0 >>> - proto: icmp >>> from_port: 8 >>> to_port: 8 >>> cidr_ip: 0.0.0.0/0 >>> >>> In my AWS security group dashboard, I can see the following two lines >>> added: >>> >>> Custom ICMP Rule >>> Echo Request >>> 8 >>> 0.0.0.0/0 >>> >>> Custom ICMP Rule >>> Echo Reply >>> 0 >>> 0.0.0.0/0 >>> >>> Unfortunately, I still cannot ping my server. When I manually add the >>> two custom ICMP rules on the AWS dashboard it works, though. When I add the >>> ICMP rules on the dashboard, the port number is "N/A" whereas when I add >>> the rules with Ansible they correspond to the ICMP type number. >>> >>> Does it work for anybody else / could you post an example? >>> >>> Thanks, >>> >>> Markus >>> On Wednesday, June 18, 2014 at 5:04:53 PM UTC+2, James Cammarata wrote: >>>> >>>> Looking through the code, I don't see any reason why an ICMP rule >>>> should not work. We do not filter based on the specified protocol in the >>>> list. >>>> >>>> According to >>>> http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html, >>>> >>>> when creating an ICMP rule, the from_port should be used to specify the >>>> ICMP type number (or -1 for all ICMP types). >>>> >>>> Feel free to send us a pull request with an example for an ICMP rule as >>>> well. >>>> >>>> >>>> On Wed, Jun 18, 2014 at 2:17 AM, iain wright <[email protected]> wrote: >>>> >>>>> I'm wondering if the ec2 groups module supports the icmp protocol. >>>>> >>>>> I've tried a few combinations of rules and am not having much luck -- >>>>> i don't see an example for it in the docs here: >>>>> https://github.com/ansible/ansible/blob/release1.6.3/library/cloud/ec2_group >>>>> >>>>> Thank you, >>>>> iain >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Ansible Project" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/ansible-project/99cdbaef-0492-4042-a405-8059afada15c%40googlegroups.com >>>>> >>>>> <https://groups.google.com/d/msgid/ansible-project/99cdbaef-0492-4042-a405-8059afada15c%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/211f388e-5569-4fc5-9e7d-415ac731988b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
