Docs Home
Civo v2.4.6 published on Wednesday, Nov 6, 2024 by Pulumi
civo.Firewall
Explore with Pulumi AI
Provides a Civo firewall resource. This can be used to create, modify, and delete firewalls.
Example Usage
- View firewalls after creation on the CLI:
civo firewall ls
civo firewall rule ls example-firewall
Custom ingress and egress rules firewall
import * as pulumi from "@pulumi/pulumi";
import * as civo from "@pulumi/civo";
const example = new civo.Network("example", {label: "example-network"});
const exampleFirewall = new civo.Firewall("example", {
name: "example-firewall",
networkId: example.id,
createDefaultRules: false,
ingressRules: [
{
label: "http",
protocol: "tcp",
portRange: "80",
cidrs: ["0.0.0.0"],
action: "allow",
},
{
label: "https",
protocol: "tcp",
portRange: "443",
cidrs: ["0.0.0.0"],
action: "allow",
},
{
label: "ssh",
protocol: "tcp",
portRange: "22",
cidrs: [
"192.168.1.1/32",
"192.168.10.4/32",
"192.168.10.10/32",
],
action: "allow",
},
],
egressRules: [{
label: "all",
protocol: "tcp",
portRange: "1-65535",
cidrs: ["0.0.0.0/0"],
action: "allow",
}],
});
const debian = civo.getDiskImage({
filters: [{
key: "name",
values: ["debian-10"],
}],
});
// Create a new instance
const exampleInstance = new civo.Instance("example", {
hostname: "example",
notes: "This is an example instance",
firewallId: exampleFirewall.id,
networkId: example.id,
size: "g3.xsmall",
diskImage: debian.then(debian => debian.diskimages?.[0]?.id),
});
import pulumi
import pulumi_civo as civo
example = civo.Network("example", label="example-network")
example_firewall = civo.Firewall("example",
name="example-firewall",
network_id=example.id,
create_default_rules=False,
ingress_rules=[
{
"label": "http",
"protocol": "tcp",
"port_range": "80",
"cidrs": ["0.0.0.0"],
"action": "allow",
},
{
"label": "https",
"protocol": "tcp",
"port_range": "443",
"cidrs": ["0.0.0.0"],
"action": "allow",
},
{
"label": "ssh",
"protocol": "tcp",
"port_range": "22",
"cidrs": [
"192.168.1.1/32",
"192.168.10.4/32",
"192.168.10.10/32",
],
"action": "allow",
},
],
egress_rules=[{
"label": "all",
"protocol": "tcp",
"port_range": "1-65535",
"cidrs": ["0.0.0.0/0"],
"action": "allow",
}])
debian = civo.get_disk_image(filters=[{
"key": "name",
"values": ["debian-10"],
}])
# Create a new instance
example_instance = civo.Instance("example",
hostname="example",
notes="This is an example instance",
firewall_id=example_firewall.id,
network_id=example.id,
size="g3.xsmall",
disk_image=debian.diskimages[0].id)
package main
import (
"github.com/pulumi/pulumi-civo/sdk/v2/go/civo"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := civo.NewNetwork(ctx, "example", &civo.NetworkArgs{
Label: pulumi.String("example-network"),
})
if err != nil {
return err
}
exampleFirewall, err := civo.NewFirewall(ctx, "example", &civo.FirewallArgs{
Name: pulumi.String("example-firewall"),
NetworkId: example.ID(),
CreateDefaultRules: pulumi.Bool(false),
IngressRules: civo.FirewallIngressRuleArray{
&civo.FirewallIngressRuleArgs{
Label: pulumi.String("http"),
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("80"),
Cidrs: pulumi.StringArray{
pulumi.String("0.0.0.0"),
},
Action: pulumi.String("allow"),
},
&civo.FirewallIngressRuleArgs{
Label: pulumi.String("https"),
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("443"),
Cidrs: pulumi.StringArray{
pulumi.String("0.0.0.0"),
},
Action: pulumi.String("allow"),
},
&civo.FirewallIngressRuleArgs{
Label: pulumi.String("ssh"),
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("22"),
Cidrs: pulumi.StringArray{
pulumi.String("192.168.1.1/32"),
pulumi.String("192.168.10.4/32"),
pulumi.String("192.168.10.10/32"),
},
Action: pulumi.String("allow"),
},
},
EgressRules: civo.FirewallEgressRuleArray{
&civo.FirewallEgressRuleArgs{
Label: pulumi.String("all"),
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("1-65535"),
Cidrs: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
Action: pulumi.String("allow"),
},
},
})
if err != nil {
return err
}
debian, err := civo.GetDiskImage(ctx, &civo.GetDiskImageArgs{
Filters: []civo.GetDiskImageFilter{
{
Key: "name",
Values: []string{
"debian-10",
},
},
},
}, nil)
if err != nil {
return err
}
// Create a new instance
_, err = civo.NewInstance(ctx, "example", &civo.InstanceArgs{
Hostname: pulumi.String("example"),
Notes: pulumi.String("This is an example instance"),
FirewallId: exampleFirewall.ID(),
NetworkId: example.ID(),
Size: pulumi.String("g3.xsmall"),
DiskImage: pulumi.String(debian.Diskimages[0].Id),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Civo = Pulumi.Civo;
return await Deployment.RunAsync(() =>
{
var example = new Civo.Network("example", new()
{
Label = "example-network",
});
var exampleFirewall = new Civo.Firewall("example", new()
{
Name = "example-firewall",
NetworkId = example.Id,
CreateDefaultRules = false,
IngressRules = new[]
{
new Civo.Inputs.FirewallIngressRuleArgs
{
Label = "http",
Protocol = "tcp",
PortRange = "80",
Cidrs = new[]
{
"0.0.0.0",
},
Action = "allow",
},
new Civo.Inputs.FirewallIngressRuleArgs
{
Label = "https",
Protocol = "tcp",
PortRange = "443",
Cidrs = new[]
{
"0.0.0.0",
},
Action = "allow",
},
new Civo.Inputs.FirewallIngressRuleArgs
{
Label = "ssh",
Protocol = "tcp",
PortRange = "22",
Cidrs = new[]
{
"192.168.1.1/32",
"192.168.10.4/32",
"192.168.10.10/32",
},
Action = "allow",
},
},
EgressRules = new[]
{
new Civo.Inputs.FirewallEgressRuleArgs
{
Label = "all",
Protocol = "tcp",
PortRange = "1-65535",
Cidrs = new[]
{
"0.0.0.0/0",
},
Action = "allow",
},
},
});
var debian = Civo.GetDiskImage.Invoke(new()
{
Filters = new[]
{
new Civo.Inputs.GetDiskImageFilterInputArgs
{
Key = "name",
Values = new[]
{
"debian-10",
},
},
},
});
// Create a new instance
var exampleInstance = new Civo.Instance("example", new()
{
Hostname = "example",
Notes = "This is an example instance",
FirewallId = exampleFirewall.Id,
NetworkId = example.Id,
Size = "g3.xsmall",
DiskImage = debian.Apply(getDiskImageResult => getDiskImageResult.Diskimages[0]?.Id),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.civo.Network;
import com.pulumi.civo.NetworkArgs;
import com.pulumi.civo.Firewall;
import com.pulumi.civo.FirewallArgs;
import com.pulumi.civo.inputs.FirewallIngressRuleArgs;
import com.pulumi.civo.inputs.FirewallEgressRuleArgs;
import com.pulumi.civo.CivoFunctions;
import com.pulumi.civo.inputs.GetDiskImageArgs;
import com.pulumi.civo.Instance;
import com.pulumi.civo.InstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Network("example", NetworkArgs.builder()
.label("example-network")
.build());
var exampleFirewall = new Firewall("exampleFirewall", FirewallArgs.builder()
.name("example-firewall")
.networkId(example.id())
.createDefaultRules(false)
.ingressRules(
FirewallIngressRuleArgs.builder()
.label("http")
.protocol("tcp")
.portRange("80")
.cidrs("0.0.0.0")
.action("allow")
.build(),
FirewallIngressRuleArgs.builder()
.label("https")
.protocol("tcp")
.portRange("443")
.cidrs("0.0.0.0")
.action("allow")
.build(),
FirewallIngressRuleArgs.builder()
.label("ssh")
.protocol("tcp")
.portRange("22")
.cidrs(
"192.168.1.1/32",
"192.168.10.4/32",
"192.168.10.10/32")
.action("allow")
.build())
.egressRules(FirewallEgressRuleArgs.builder()
.label("all")
.protocol("tcp")
.portRange("1-65535")
.cidrs("0.0.0.0/0")
.action("allow")
.build())
.build());
final var debian = CivoFunctions.getDiskImage(GetDiskImageArgs.builder()
.filters(GetDiskImageFilterArgs.builder()
.key("name")
.values("debian-10")
.build())
.build());
// Create a new instance
var exampleInstance = new Instance("exampleInstance", InstanceArgs.builder()
.hostname("example")
.notes("This is an example instance")
.firewallId(exampleFirewall.id())
.networkId(example.id())
.size("g3.xsmall")
.diskImage(debian.applyValue(getDiskImageResult -> getDiskImageResult.diskimages()[0].id()))
.build());
}
}
resources:
example:
type: civo:Network
properties:
label: example-network
exampleFirewall:
type: civo:Firewall
name: example
properties:
name: example-firewall
networkId: ${example.id}
createDefaultRules: false # Needs to be false when custom rules are applied.
ingressRules:
- label: http
protocol: tcp
portRange: '80'
cidrs:
- 0.0.0.0
action: allow
- label: https
protocol: tcp
portRange: '443'
cidrs:
- 0.0.0.0
action: allow
- label: ssh
protocol: tcp
portRange: '22'
cidrs:
- 192.168.1.1/32
- 192.168.10.4/32
- 192.168.10.10/32
action: allow
egressRules:
- label: all
protocol: tcp
portRange: 1-65535
cidrs:
- 0.0.0.0/0
action: allow
# Create a new instance
exampleInstance:
type: civo:Instance
name: example
properties:
hostname: example
notes: This is an example instance
firewallId: ${exampleFirewall.id}
networkId: ${example.id}
size: g3.xsmall
diskImage: ${debian.diskimages[0].id}
variables:
debian:
fn::invoke:
Function: civo:getDiskImage
Arguments:
filters:
- key: name
values:
- debian-10
Simple firewall
This the minimum amount of code to create a firewall with default rules:
import * as pulumi from "@pulumi/pulumi";
import * as civo from "@pulumi/civo";
// ...
const example = new civo.Firewall("example", {
name: "example-firewall",
networkId: exampleCivoNetwork.id,
});
import pulumi
import pulumi_civo as civo
# ...
example = civo.Firewall("example",
name="example-firewall",
network_id=example_civo_network["id"])
package main
import (
"github.com/pulumi/pulumi-civo/sdk/v2/go/civo"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// ...
_, err := civo.NewFirewall(ctx, "example", &civo.FirewallArgs{
Name: pulumi.String("example-firewall"),
NetworkId: pulumi.Any(exampleCivoNetwork.Id),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Civo = Pulumi.Civo;
return await Deployment.RunAsync(() =>
{
// ...
var example = new Civo.Firewall("example", new()
{
Name = "example-firewall",
NetworkId = exampleCivoNetwork.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.civo.Firewall;
import com.pulumi.civo.FirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// ...
var example = new Firewall("example", FirewallArgs.builder()
.name("example-firewall")
.networkId(exampleCivoNetwork.id())
.build());
}
}
resources:
# ...
example:
type: civo:Firewall
properties:
name: example-firewall
networkId: ${exampleCivoNetwork.id}
Create Firewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);@overload
def Firewall(resource_name: str,
args: Optional[FirewallArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Firewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
create_default_rules: Optional[bool] = None,
egress_rules: Optional[Sequence[FirewallEgressRuleArgs]] = None,
ingress_rules: Optional[Sequence[FirewallIngressRuleArgs]] = None,
name: Optional[str] = None,
network_id: Optional[str] = None,
region: Optional[str] = None)func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: civo:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallResource = new Civo.Firewall("firewallResource", new()
{
CreateDefaultRules = false,
EgressRules = new[]
{
new Civo.Inputs.FirewallEgressRuleArgs
{
Action = "string",
Cidrs = new[]
{
"string",
},
Id = "string",
Label = "string",
PortRange = "string",
Protocol = "string",
},
},
IngressRules = new[]
{
new Civo.Inputs.FirewallIngressRuleArgs
{
Action = "string",
Cidrs = new[]
{
"string",
},
Id = "string",
Label = "string",
PortRange = "string",
Protocol = "string",
},
},
Name = "string",
NetworkId = "string",
Region = "string",
});
example, err := civo.NewFirewall(ctx, "firewallResource", &civo.FirewallArgs{
CreateDefaultRules: pulumi.Bool(false),
EgressRules: civo.FirewallEgressRuleArray{
&civo.FirewallEgressRuleArgs{
Action: pulumi.String("string"),
Cidrs: pulumi.StringArray{
pulumi.String("string"),
},
Id: pulumi.String("string"),
Label: pulumi.String("string"),
PortRange: pulumi.String("string"),
Protocol: pulumi.String("string"),
},
},
IngressRules: civo.FirewallIngressRuleArray{
&civo.FirewallIngressRuleArgs{
Action: pulumi.String("string"),
Cidrs: pulumi.StringArray{
pulumi.String("string"),
},
Id: pulumi.String("string"),
Label: pulumi.String("string"),
PortRange: pulumi.String("string"),
Protocol: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
NetworkId: pulumi.String("string"),
Region: pulumi.String("string"),
})
var firewallResource = new Firewall("firewallResource", FirewallArgs.builder()
.createDefaultRules(false)
.egressRules(FirewallEgressRuleArgs.builder()
.action("string")
.cidrs("string")
.id("string")
.label("string")
.portRange("string")
.protocol("string")
.build())
.ingressRules(FirewallIngressRuleArgs.builder()
.action("string")
.cidrs("string")
.id("string")
.label("string")
.portRange("string")
.protocol("string")
.build())
.name("string")
.networkId("string")
.region("string")
.build());
firewall_resource = civo.Firewall("firewallResource",
create_default_rules=False,
egress_rules=[{
"action": "string",
"cidrs": ["string"],
"id": "string",
"label": "string",
"port_range": "string",
"protocol": "string",
}],
ingress_rules=[{
"action": "string",
"cidrs": ["string"],
"id": "string",
"label": "string",
"port_range": "string",
"protocol": "string",
}],
name="string",
network_id="string",
region="string")
const firewallResource = new civo.Firewall("firewallResource", {
createDefaultRules: false,
egressRules: [{
action: "string",
cidrs: ["string"],
id: "string",
label: "string",
portRange: "string",
protocol: "string",
}],
ingressRules: [{
action: "string",
cidrs: ["string"],
id: "string",
label: "string",
portRange: "string",
protocol: "string",
}],
name: "string",
networkId: "string",
region: "string",
});
type: civo:Firewall
properties:
createDefaultRules: false
egressRules:
- action: string
cidrs:
- string
id: string
label: string
portRange: string
protocol: string
ingressRules:
- action: string
cidrs:
- string
id: string
label: string
portRange: string
protocol: string
name: string
networkId: string
region: string
Firewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Firewall resource accepts the following input properties:
- Create
Default boolRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- Egress
Rules List<FirewallEgress Rule> - The egress rules, this is a list of rules that will be applied to the firewall
- Ingress
Rules List<FirewallIngress Rule> - The ingress rules, this is a list of rules that will be applied to the firewall
- Name string
- The firewall name
- Network
Id string - The firewall network, if is not defined we use the default network
- Region string
- The firewall region, if is not defined we use the global defined in the provider
- Create
Default boolRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- Egress
Rules []FirewallEgress Rule Args - The egress rules, this is a list of rules that will be applied to the firewall
- Ingress
Rules []FirewallIngress Rule Args - The ingress rules, this is a list of rules that will be applied to the firewall
- Name string
- The firewall name
- Network
Id string - The firewall network, if is not defined we use the default network
- Region string
- The firewall region, if is not defined we use the global defined in the provider
- create
Default BooleanRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- egress
Rules List<FirewallEgress Rule> - The egress rules, this is a list of rules that will be applied to the firewall
- ingress
Rules List<FirewallIngress Rule> - The ingress rules, this is a list of rules that will be applied to the firewall
- name String
- The firewall name
- network
Id String - The firewall network, if is not defined we use the default network
- region String
- The firewall region, if is not defined we use the global defined in the provider
- create
Default booleanRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- egress
Rules FirewallEgress Rule[] - The egress rules, this is a list of rules that will be applied to the firewall
- ingress
Rules FirewallIngress Rule[] - The ingress rules, this is a list of rules that will be applied to the firewall
- name string
- The firewall name
- network
Id string - The firewall network, if is not defined we use the default network
- region string
- The firewall region, if is not defined we use the global defined in the provider
- create_
default_ boolrules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- egress_
rules Sequence[FirewallEgress Rule Args] - The egress rules, this is a list of rules that will be applied to the firewall
- ingress_
rules Sequence[FirewallIngress Rule Args] - The ingress rules, this is a list of rules that will be applied to the firewall
- name str
- The firewall name
- network_
id str - The firewall network, if is not defined we use the default network
- region str
- The firewall region, if is not defined we use the global defined in the provider
- create
Default BooleanRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- egress
Rules List<Property Map> - The egress rules, this is a list of rules that will be applied to the firewall
- ingress
Rules List<Property Map> - The ingress rules, this is a list of rules that will be applied to the firewall
- name String
- The firewall name
- network
Id String - The firewall network, if is not defined we use the default network
- region String
- The firewall region, if is not defined we use the global defined in the provider
Outputs
All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Firewall Resource
Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
create_default_rules: Optional[bool] = None,
egress_rules: Optional[Sequence[FirewallEgressRuleArgs]] = None,
ingress_rules: Optional[Sequence[FirewallIngressRuleArgs]] = None,
name: Optional[str] = None,
network_id: Optional[str] = None,
region: Optional[str] = None) -> Firewallfunc GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Create
Default boolRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- Egress
Rules List<FirewallEgress Rule> - The egress rules, this is a list of rules that will be applied to the firewall
- Ingress
Rules List<FirewallIngress Rule> - The ingress rules, this is a list of rules that will be applied to the firewall
- Name string
- The firewall name
- Network
Id string - The firewall network, if is not defined we use the default network
- Region string
- The firewall region, if is not defined we use the global defined in the provider
- Create
Default boolRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- Egress
Rules []FirewallEgress Rule Args - The egress rules, this is a list of rules that will be applied to the firewall
- Ingress
Rules []FirewallIngress Rule Args - The ingress rules, this is a list of rules that will be applied to the firewall
- Name string
- The firewall name
- Network
Id string - The firewall network, if is not defined we use the default network
- Region string
- The firewall region, if is not defined we use the global defined in the provider
- create
Default BooleanRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- egress
Rules List<FirewallEgress Rule> - The egress rules, this is a list of rules that will be applied to the firewall
- ingress
Rules List<FirewallIngress Rule> - The ingress rules, this is a list of rules that will be applied to the firewall
- name String
- The firewall name
- network
Id String - The firewall network, if is not defined we use the default network
- region String
- The firewall region, if is not defined we use the global defined in the provider
- create
Default booleanRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- egress
Rules FirewallEgress Rule[] - The egress rules, this is a list of rules that will be applied to the firewall
- ingress
Rules FirewallIngress Rule[] - The ingress rules, this is a list of rules that will be applied to the firewall
- name string
- The firewall name
- network
Id string - The firewall network, if is not defined we use the default network
- region string
- The firewall region, if is not defined we use the global defined in the provider
- create_
default_ boolrules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- egress_
rules Sequence[FirewallEgress Rule Args] - The egress rules, this is a list of rules that will be applied to the firewall
- ingress_
rules Sequence[FirewallIngress Rule Args] - The ingress rules, this is a list of rules that will be applied to the firewall
- name str
- The firewall name
- network_
id str - The firewall network, if is not defined we use the default network
- region str
- The firewall region, if is not defined we use the global defined in the provider
- create
Default BooleanRules - The create rules flag is used to create the default firewall rules, if is not defined will be set to true, and if you set to false you need to define at least one ingress or egress rule
- egress
Rules List<Property Map> - The egress rules, this is a list of rules that will be applied to the firewall
- ingress
Rules List<Property Map> - The ingress rules, this is a list of rules that will be applied to the firewall
- name String
- The firewall name
- network
Id String - The firewall network, if is not defined we use the default network
- region String
- The firewall region, if is not defined we use the global defined in the provider
Supporting Types
FirewallEgressRule, FirewallEgressRuleArgs
- Action string
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - Cidrs List<string>
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- Id string
- (String) The ID of this resource.
- Label string
- A string that will be the displayed name/reference for this rule
- Port
Range string - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - Protocol string
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- Action string
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - Cidrs []string
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- Id string
- (String) The ID of this resource.
- Label string
- A string that will be the displayed name/reference for this rule
- Port
Range string - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - Protocol string
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- action String
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - cidrs List<String>
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- id String
- (String) The ID of this resource.
- label String
- A string that will be the displayed name/reference for this rule
- port
Range String - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - protocol String
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- action string
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - cidrs string[]
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- id string
- (String) The ID of this resource.
- label string
- A string that will be the displayed name/reference for this rule
- port
Range string - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - protocol string
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- action str
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - cidrs Sequence[str]
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- id str
- (String) The ID of this resource.
- label str
- A string that will be the displayed name/reference for this rule
- port_
range str - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - protocol str
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- action String
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - cidrs List<String>
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- id String
- (String) The ID of this resource.
- label String
- A string that will be the displayed name/reference for this rule
- port
Range String - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - protocol String
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
FirewallIngressRule, FirewallIngressRuleArgs
- Action string
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - Cidrs List<string>
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- Id string
- (String) The ID of this resource.
- Label string
- A string that will be the displayed name/reference for this rule
- Port
Range string - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - Protocol string
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- Action string
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - Cidrs []string
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- Id string
- (String) The ID of this resource.
- Label string
- A string that will be the displayed name/reference for this rule
- Port
Range string - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - Protocol string
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- action String
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - cidrs List<String>
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- id String
- (String) The ID of this resource.
- label String
- A string that will be the displayed name/reference for this rule
- port
Range String - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - protocol String
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- action string
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - cidrs string[]
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- id string
- (String) The ID of this resource.
- label string
- A string that will be the displayed name/reference for this rule
- port
Range string - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - protocol string
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- action str
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - cidrs Sequence[str]
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- id str
- (String) The ID of this resource.
- label str
- A string that will be the displayed name/reference for this rule
- port_
range str - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - protocol str
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
- action String
- The action of the rule can be allow or deny. When we set the
action = 'allow', this is going to add a rule to allow traffic. Similarly, settingaction = 'deny'will deny the traffic. - cidrs List<String>
- The CIDR notation of the other end to affect, or a valid network CIDR (e.g. 0.0.0.0/0 to open for everyone or 1.2.3.4/32 to open just for a specific IP address)
- id String
- (String) The ID of this resource.
- label String
- A string that will be the displayed name/reference for this rule
- port
Range String - The port or port range to open, can be a single port or a range separated by a dash (
-), e.g.80or80-443 - protocol String
- The protocol choice from
tcp,udporicmp(the default if unspecified istcp)
Import
using ID
$ pulumi import civo:index/firewall:Firewall www b8ecd2ab-2267-4a5e-8692-cbf1d32583e3
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Civo pulumi/pulumi-civo
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
civoTerraform Provider.