Hi Dan, Apologies for rushing in like that. Always a bad idea to answer in mailing > list threads while commuting :) >
no problemo, my question was probably phrased a bit oddly ;-) > What version of Ansible are you sporting? > Brian committed this piece of code: > https://github.com/ansible/ansible-modules-core/commit/e174c9b4741a14dc5ab3cbe0506cef4010396155 > I believe it could help you. > I have just upgraded to "ansible 1.9 (devel 5738ee1cb3)" but it's still the same problem. Well, this is not a show stopper for my project. I will use the -1 solution and move on with other tasks. Thanks & best regards, Markus > > On Monday, 16 February 2015 22:26:29 UTC+1, Markus Klems wrote: >> >> Hi Dan, >> >> thanks for your feedback. In fact, the -1 solution does work in ansible. >> However, this will open traffic to all ICMP types (which I would like to >> avoid). According to James Cammarata's link earlier in this conversation, >> the ICMP code types map to AWS from_port settings when we want to set ICMP >> rules up with ansible/boto through the AWS API: >> >> "The start of port range for the TCP and UDP protocols, or an ICMP type >> number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type >> number)." >> >> Maybe I am still misunderstanding something. Could you give a code >> example to only open echo (8) and echo reply (0)? This is possible when I >> use the AWS dashboard, so it should also be possible programmatically. >> >> Thanks so much, >> >> Markus >> >> On Monday, February 16, 2015 at 10:03:29 PM UTC+1, Dan Vaida wrote: >>> >>> I guess you misunderstood how ICMP works. >>> Try this: >>> - proto: icmp >>> from_port: -1 >>> to_port: -1 >>> >>> >>> >>> On Monday, 16 February 2015 12:06:50 UTC+1, Markus Klems wrote: >>>> >>>> Hi, >>>> >>>> I tried the solution as follows but it does not work for me: >>>> >>>> - proto: icmp >>>> from_port: 0 >>>> to_port: 0 >>>> cidr_ip: 0.0.0.0/0 >>>> - proto: icmp >>>> from_port: 8 >>>> to_port: 8 >>>> cidr_ip: 0.0.0.0/0 >>>> >>>> In my AWS security group dashboard, I can see the following two lines >>>> added: >>>> >>>> Custom ICMP Rule >>>> Echo Request >>>> 8 >>>> 0.0.0.0/0 >>>> >>>> Custom ICMP Rule >>>> Echo Reply >>>> 0 >>>> 0.0.0.0/0 >>>> >>>> Unfortunately, I still cannot ping my server. When I manually add the >>>> two custom ICMP rules on the AWS dashboard it works, though. When I add >>>> the >>>> ICMP rules on the dashboard, the port number is "N/A" whereas when I add >>>> the rules with Ansible they correspond to the ICMP type number. >>>> >>>> Does it work for anybody else / could you post an example? >>>> >>>> Thanks, >>>> >>>> Markus >>>> On Wednesday, June 18, 2014 at 5:04:53 PM UTC+2, James Cammarata wrote: >>>>> >>>>> Looking through the code, I don't see any reason why an ICMP rule >>>>> should not work. We do not filter based on the specified protocol in the >>>>> list. >>>>> >>>>> According to >>>>> http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html, >>>>> >>>>> when creating an ICMP rule, the from_port should be used to specify the >>>>> ICMP type number (or -1 for all ICMP types). >>>>> >>>>> Feel free to send us a pull request with an example for an ICMP rule >>>>> as well. >>>>> >>>>> >>>>> On Wed, Jun 18, 2014 at 2:17 AM, iain wright <[email protected]> >>>>> wrote: >>>>> >>>>>> I'm wondering if the ec2 groups module supports the icmp protocol. >>>>>> >>>>>> I've tried a few combinations of rules and am not having much luck -- >>>>>> i don't see an example for it in the docs here: >>>>>> https://github.com/ansible/ansible/blob/release1.6.3/library/cloud/ec2_group >>>>>> >>>>>> Thank you, >>>>>> iain >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Ansible Project" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/ansible-project/99cdbaef-0492-4042-a405-8059afada15c%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/ansible-project/99cdbaef-0492-4042-a405-8059afada15c%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0c8603a3-9605-46ca-a646-78f82103567f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
