Documentation

v2.21
latest v2.21 v2.20 v2.19 v2.18 v2.17 v2.16 v2.15 v2.14 v2.12 v2.11 v2.10 v2.9 v2.8 v2.7 v2.6 v2.5 v2.4 v2.3 v2.2 v2.1 v2.0 v1.10 v1.9 v1.8 v1.7 v1.6 v1.5 v1.4 v1.3 v1.2 v1.1 v1.0
      Edit on GitHub

      conntrack

      Manage Linux connection tracking table entries. Essential for container networking, firewall troubleshooting, and IoT network management.

      Attributes

      check_mode:
  support: full

      Parameters

      Parameter Required Type Values Description
      conn_state   string   Connection state to filter (e.g., ESTABLISHED, TIME_WAIT, CLOSE, SYN_SENT).
      destination   string   Destination IP address or CIDR to filter connections.
      flush   boolean   Flush all connection tracking entries. [default: false]
      port   integer   Port number to filter (used with protocol).
      protocol   string   Network protocol to filter (tcp, udp, icmp, sctp, dccp, gre).
      source   string   Source IP address or CIDR to filter connections.
      source_port   integer   Source port number to filter.
      state   string absent
      list      		 Whether to list entries or delete matching entries. [default: "absent"]

      Examples

      - name: Flush all connection tracking entries
  conntrack:
    flush: true

- name: Drop connections from specific IP
  conntrack:
    source: 10.0.0.1
    state: absent

- name: Drop connections to specific IP and port
  conntrack:
    destination: 192.168.1.100
    protocol: tcp
    port: 443
    state: absent

- name: Drop UDP connections from a subnet
  conntrack:
    source: 10.0.0.0/24
    protocol: udp
    state: absent

- name: List connections from specific IP
  conntrack:
    source: 10.0.0.1
    state: list

- name: Drop connections from source to destination
  conntrack:
    source: 10.0.0.1
    destination: 192.168.1.100
    state: absent