fix: support inverted rules

plugins/module_utils/rule.py

@@ -40,6 +40,7 @@
     icmptype=dict(default='any', required=False, type='str'),
     sched=dict(required=False, type='str'),
     quick=dict(default=False, type='bool'),
+    invert=dict(default=False, required=False, type='bool'),
 )
 
 RULE_REQUIRED_IF = [
@@ -116,6 +117,9 @@ def _params_to_obj(self):
             if params.get('destination_port'):
                 self.pfsense.parse_port(params['destination_port'], obj['destination'])
 
+            if self.params['invert']:
+                obj['destination']['not'] = ''
+
             if params['protocol'] not in ['tcp', 'udp', 'tcp/udp'] and ('port' in obj['source'] or 'port' in obj['destination']):
                 self.module.fail_json(msg="{0}: you can't use ports on protocols other than tcp, udp or tcp/udp".format(self._get_obj_name()))
 

plugins/modules/pfsense_aggregate.py

@@ -361,6 +361,10 @@
           - An inclusive range can also be specified, using the format C(first-last)..
         default: null
         type: str
+      invert:
+        description: Invert the sense of the destination match.
+        default: false
+        type: bool
       destination:
         description: The destination address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format.
         default: null

plugins/modules/pfsense_rule.py

@@ -73,6 +73,10 @@
       - An inclusive range can also be specified, using the format C(first-last)..
     default: null
     type: str
+  invert:
+    description: Invert the sense of the destination match.
+    default: false
+    type: bool
   destination:
     description: The destination address, in [!]{IP,HOST,ALIAS,any,(self),IP:INTERFACE,NET:INTERFACE} format.
     default: null