1. Packages
  2. Unifi
  3. API Docs
  4. firewall
  5. Rule
Unifi v0.1.0 published on Monday, Oct 28, 2024 by Pulumiverse

unifi.firewall.Rule

Explore with Pulumi AI

unifi logo
Unifi v0.1.0 published on Monday, Oct 28, 2024 by Pulumiverse

    unifi.firewall.Rule manages an individual firewall rule on the gateway.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as unifi from "@pulumiverse/unifi";
    
    const config = new pulumi.Config();
    const ipAddress = config.require("ipAddress");
    const dropAll = new unifi.firewall.Rule("drop_all", {
        name: "drop all",
        action: "drop",
        ruleset: "LAN_IN",
        ruleIndex: 2011,
        protocol: "all",
        dstAddress: ipAddress,
    });
    
    import pulumi
    import pulumiverse_unifi as unifi
    
    config = pulumi.Config()
    ip_address = config.require("ipAddress")
    drop_all = unifi.firewall.Rule("drop_all",
        name="drop all",
        action="drop",
        ruleset="LAN_IN",
        rule_index=2011,
        protocol="all",
        dst_address=ip_address)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    	"github.com/pulumiverse/pulumi-unifi/sdk/go/unifi/firewall"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		cfg := config.New(ctx, "")
    		ipAddress := cfg.Require("ipAddress")
    		_, err := firewall.NewRule(ctx, "drop_all", &firewall.RuleArgs{
    			Name:       pulumi.String("drop all"),
    			Action:     pulumi.String("drop"),
    			Ruleset:    pulumi.String("LAN_IN"),
    			RuleIndex:  pulumi.Int(2011),
    			Protocol:   pulumi.String("all"),
    			DstAddress: pulumi.String(ipAddress),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Unifi = Pulumiverse.Unifi;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var ipAddress = config.Require("ipAddress");
        var dropAll = new Unifi.Firewall.Rule("drop_all", new()
        {
            Name = "drop all",
            Action = "drop",
            Ruleset = "LAN_IN",
            RuleIndex = 2011,
            Protocol = "all",
            DstAddress = ipAddress,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.unifi.firewall.Rule;
    import com.pulumi.unifi.firewall.RuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var config = ctx.config();
            final var ipAddress = config.get("ipAddress");
            var dropAll = new Rule("dropAll", RuleArgs.builder()
                .name("drop all")
                .action("drop")
                .ruleset("LAN_IN")
                .ruleIndex(2011)
                .protocol("all")
                .dstAddress(ipAddress)
                .build());
    
        }
    }
    
    configuration:
      ipAddress:
        type: string
    resources:
      dropAll:
        type: unifi:firewall:Rule
        name: drop_all
        properties:
          name: drop all
          action: drop
          ruleset: LAN_IN
          ruleIndex: 2011
          protocol: all
          dstAddress: ${ipAddress}
    

    Create Rule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Rule(name: string, args: RuleArgs, opts?: CustomResourceOptions);
    @overload
    def Rule(resource_name: str,
             args: RuleArgs,
             opts: Optional[ResourceOptions] = None)
    
    @overload
    def Rule(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             action: Optional[str] = None,
             ruleset: Optional[str] = None,
             rule_index: Optional[int] = None,
             protocol_v6: Optional[str] = None,
             dst_address: Optional[str] = None,
             dst_network_type: Optional[str] = None,
             dst_port: Optional[str] = None,
             enabled: Optional[bool] = None,
             icmp_typename: Optional[str] = None,
             icmp_v6_typename: Optional[str] = None,
             ip_sec: Optional[str] = None,
             logging: Optional[bool] = None,
             name: Optional[str] = None,
             protocol: Optional[str] = None,
             dst_firewall_group_ids: Optional[Sequence[str]] = None,
             dst_address_ipv6: Optional[str] = None,
             dst_network_id: Optional[str] = None,
             site: Optional[str] = None,
             src_address: Optional[str] = None,
             src_address_ipv6: Optional[str] = None,
             src_firewall_group_ids: Optional[Sequence[str]] = None,
             src_mac: Optional[str] = None,
             src_network_id: Optional[str] = None,
             src_network_type: Optional[str] = None,
             src_port: Optional[str] = None,
             state_established: Optional[bool] = None,
             state_invalid: Optional[bool] = None,
             state_new: Optional[bool] = None,
             state_related: Optional[bool] = None)
    func NewRule(ctx *Context, name string, args RuleArgs, opts ...ResourceOption) (*Rule, error)
    public Rule(string name, RuleArgs args, CustomResourceOptions? opts = null)
    public Rule(String name, RuleArgs args)
    public Rule(String name, RuleArgs args, CustomResourceOptions options)
    
    type: unifi:firewall:Rule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var ruleResource = new Unifi.Firewall.Rule("ruleResource", new()
    {
        Action = "string",
        Ruleset = "string",
        RuleIndex = 0,
        ProtocolV6 = "string",
        DstAddress = "string",
        DstNetworkType = "string",
        DstPort = "string",
        Enabled = false,
        IcmpTypename = "string",
        IcmpV6Typename = "string",
        IpSec = "string",
        Logging = false,
        Name = "string",
        Protocol = "string",
        DstFirewallGroupIds = new[]
        {
            "string",
        },
        DstAddressIpv6 = "string",
        DstNetworkId = "string",
        Site = "string",
        SrcAddress = "string",
        SrcAddressIpv6 = "string",
        SrcFirewallGroupIds = new[]
        {
            "string",
        },
        SrcMac = "string",
        SrcNetworkId = "string",
        SrcNetworkType = "string",
        SrcPort = "string",
        StateEstablished = false,
        StateInvalid = false,
        StateNew = false,
        StateRelated = false,
    });
    
    example, err := firewall.NewRule(ctx, "ruleResource", &firewall.RuleArgs{
    	Action:         pulumi.String("string"),
    	Ruleset:        pulumi.String("string"),
    	RuleIndex:      pulumi.Int(0),
    	ProtocolV6:     pulumi.String("string"),
    	DstAddress:     pulumi.String("string"),
    	DstNetworkType: pulumi.String("string"),
    	DstPort:        pulumi.String("string"),
    	Enabled:        pulumi.Bool(false),
    	IcmpTypename:   pulumi.String("string"),
    	IcmpV6Typename: pulumi.String("string"),
    	IpSec:          pulumi.String("string"),
    	Logging:        pulumi.Bool(false),
    	Name:           pulumi.String("string"),
    	Protocol:       pulumi.String("string"),
    	DstFirewallGroupIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DstAddressIpv6: pulumi.String("string"),
    	DstNetworkId:   pulumi.String("string"),
    	Site:           pulumi.String("string"),
    	SrcAddress:     pulumi.String("string"),
    	SrcAddressIpv6: pulumi.String("string"),
    	SrcFirewallGroupIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	SrcMac:           pulumi.String("string"),
    	SrcNetworkId:     pulumi.String("string"),
    	SrcNetworkType:   pulumi.String("string"),
    	SrcPort:          pulumi.String("string"),
    	StateEstablished: pulumi.Bool(false),
    	StateInvalid:     pulumi.Bool(false),
    	StateNew:         pulumi.Bool(false),
    	StateRelated:     pulumi.Bool(false),
    })
    
    var ruleResource = new Rule("ruleResource", RuleArgs.builder()
        .action("string")
        .ruleset("string")
        .ruleIndex(0)
        .protocolV6("string")
        .dstAddress("string")
        .dstNetworkType("string")
        .dstPort("string")
        .enabled(false)
        .icmpTypename("string")
        .icmpV6Typename("string")
        .ipSec("string")
        .logging(false)
        .name("string")
        .protocol("string")
        .dstFirewallGroupIds("string")
        .dstAddressIpv6("string")
        .dstNetworkId("string")
        .site("string")
        .srcAddress("string")
        .srcAddressIpv6("string")
        .srcFirewallGroupIds("string")
        .srcMac("string")
        .srcNetworkId("string")
        .srcNetworkType("string")
        .srcPort("string")
        .stateEstablished(false)
        .stateInvalid(false)
        .stateNew(false)
        .stateRelated(false)
        .build());
    
    rule_resource = unifi.firewall.Rule("ruleResource",
        action="string",
        ruleset="string",
        rule_index=0,
        protocol_v6="string",
        dst_address="string",
        dst_network_type="string",
        dst_port="string",
        enabled=False,
        icmp_typename="string",
        icmp_v6_typename="string",
        ip_sec="string",
        logging=False,
        name="string",
        protocol="string",
        dst_firewall_group_ids=["string"],
        dst_address_ipv6="string",
        dst_network_id="string",
        site="string",
        src_address="string",
        src_address_ipv6="string",
        src_firewall_group_ids=["string"],
        src_mac="string",
        src_network_id="string",
        src_network_type="string",
        src_port="string",
        state_established=False,
        state_invalid=False,
        state_new=False,
        state_related=False)
    
    const ruleResource = new unifi.firewall.Rule("ruleResource", {
        action: "string",
        ruleset: "string",
        ruleIndex: 0,
        protocolV6: "string",
        dstAddress: "string",
        dstNetworkType: "string",
        dstPort: "string",
        enabled: false,
        icmpTypename: "string",
        icmpV6Typename: "string",
        ipSec: "string",
        logging: false,
        name: "string",
        protocol: "string",
        dstFirewallGroupIds: ["string"],
        dstAddressIpv6: "string",
        dstNetworkId: "string",
        site: "string",
        srcAddress: "string",
        srcAddressIpv6: "string",
        srcFirewallGroupIds: ["string"],
        srcMac: "string",
        srcNetworkId: "string",
        srcNetworkType: "string",
        srcPort: "string",
        stateEstablished: false,
        stateInvalid: false,
        stateNew: false,
        stateRelated: false,
    });
    
    type: unifi:firewall:Rule
    properties:
        action: string
        dstAddress: string
        dstAddressIpv6: string
        dstFirewallGroupIds:
            - string
        dstNetworkId: string
        dstNetworkType: string
        dstPort: string
        enabled: false
        icmpTypename: string
        icmpV6Typename: string
        ipSec: string
        logging: false
        name: string
        protocol: string
        protocolV6: string
        ruleIndex: 0
        ruleset: string
        site: string
        srcAddress: string
        srcAddressIpv6: string
        srcFirewallGroupIds:
            - string
        srcMac: string
        srcNetworkId: string
        srcNetworkType: string
        srcPort: string
        stateEstablished: false
        stateInvalid: false
        stateNew: false
        stateRelated: false
    

    Rule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Rule resource accepts the following input properties:

    Action string
    The action of the firewall rule. Must be one of drop, accept, or reject.
    RuleIndex int
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    Ruleset string
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    DstAddress string
    The destination address of the firewall rule.
    DstAddressIpv6 string
    The IPv6 destination address of the firewall rule.
    DstFirewallGroupIds List<string>
    The destination firewall group IDs of the firewall rule.
    DstNetworkId string
    The destination network ID of the firewall rule.
    DstNetworkType string
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    DstPort string
    The destination port of the firewall rule.
    Enabled bool
    Specifies whether the rule should be enabled. Defaults to true.
    IcmpTypename string
    ICMP type name.
    IcmpV6Typename string
    ICMPv6 type name.
    IpSec string
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    Logging bool
    Enable logging for the firewall rule.
    Name string
    The name of the firewall rule.
    Protocol string
    The protocol of the rule.
    ProtocolV6 string
    The IPv6 protocol of the rule.
    Site string
    The name of the site to associate the firewall rule with.
    SrcAddress string
    The source address for the firewall rule.
    SrcAddressIpv6 string
    The IPv6 source address for the firewall rule.
    SrcFirewallGroupIds List<string>
    The source firewall group IDs for the firewall rule.
    SrcMac string
    The source MAC address of the firewall rule.
    SrcNetworkId string
    The source network ID for the firewall rule.
    SrcNetworkType string
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    SrcPort string
    The source port of the firewall rule.
    StateEstablished bool
    Match where the state is established.
    StateInvalid bool
    Match where the state is invalid.
    StateNew bool
    Match where the state is new.
    StateRelated bool
    Match where the state is related.
    Action string
    The action of the firewall rule. Must be one of drop, accept, or reject.
    RuleIndex int
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    Ruleset string
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    DstAddress string
    The destination address of the firewall rule.
    DstAddressIpv6 string
    The IPv6 destination address of the firewall rule.
    DstFirewallGroupIds []string
    The destination firewall group IDs of the firewall rule.
    DstNetworkId string
    The destination network ID of the firewall rule.
    DstNetworkType string
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    DstPort string
    The destination port of the firewall rule.
    Enabled bool
    Specifies whether the rule should be enabled. Defaults to true.
    IcmpTypename string
    ICMP type name.
    IcmpV6Typename string
    ICMPv6 type name.
    IpSec string
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    Logging bool
    Enable logging for the firewall rule.
    Name string
    The name of the firewall rule.
    Protocol string
    The protocol of the rule.
    ProtocolV6 string
    The IPv6 protocol of the rule.
    Site string
    The name of the site to associate the firewall rule with.
    SrcAddress string
    The source address for the firewall rule.
    SrcAddressIpv6 string
    The IPv6 source address for the firewall rule.
    SrcFirewallGroupIds []string
    The source firewall group IDs for the firewall rule.
    SrcMac string
    The source MAC address of the firewall rule.
    SrcNetworkId string
    The source network ID for the firewall rule.
    SrcNetworkType string
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    SrcPort string
    The source port of the firewall rule.
    StateEstablished bool
    Match where the state is established.
    StateInvalid bool
    Match where the state is invalid.
    StateNew bool
    Match where the state is new.
    StateRelated bool
    Match where the state is related.
    action String
    The action of the firewall rule. Must be one of drop, accept, or reject.
    ruleIndex Integer
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    ruleset String
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    dstAddress String
    The destination address of the firewall rule.
    dstAddressIpv6 String
    The IPv6 destination address of the firewall rule.
    dstFirewallGroupIds List<String>
    The destination firewall group IDs of the firewall rule.
    dstNetworkId String
    The destination network ID of the firewall rule.
    dstNetworkType String
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    dstPort String
    The destination port of the firewall rule.
    enabled Boolean
    Specifies whether the rule should be enabled. Defaults to true.
    icmpTypename String
    ICMP type name.
    icmpV6Typename String
    ICMPv6 type name.
    ipSec String
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    logging Boolean
    Enable logging for the firewall rule.
    name String
    The name of the firewall rule.
    protocol String
    The protocol of the rule.
    protocolV6 String
    The IPv6 protocol of the rule.
    site String
    The name of the site to associate the firewall rule with.
    srcAddress String
    The source address for the firewall rule.
    srcAddressIpv6 String
    The IPv6 source address for the firewall rule.
    srcFirewallGroupIds List<String>
    The source firewall group IDs for the firewall rule.
    srcMac String
    The source MAC address of the firewall rule.
    srcNetworkId String
    The source network ID for the firewall rule.
    srcNetworkType String
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    srcPort String
    The source port of the firewall rule.
    stateEstablished Boolean
    Match where the state is established.
    stateInvalid Boolean
    Match where the state is invalid.
    stateNew Boolean
    Match where the state is new.
    stateRelated Boolean
    Match where the state is related.
    action string
    The action of the firewall rule. Must be one of drop, accept, or reject.
    ruleIndex number
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    ruleset string
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    dstAddress string
    The destination address of the firewall rule.
    dstAddressIpv6 string
    The IPv6 destination address of the firewall rule.
    dstFirewallGroupIds string[]
    The destination firewall group IDs of the firewall rule.
    dstNetworkId string
    The destination network ID of the firewall rule.
    dstNetworkType string
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    dstPort string
    The destination port of the firewall rule.
    enabled boolean
    Specifies whether the rule should be enabled. Defaults to true.
    icmpTypename string
    ICMP type name.
    icmpV6Typename string
    ICMPv6 type name.
    ipSec string
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    logging boolean
    Enable logging for the firewall rule.
    name string
    The name of the firewall rule.
    protocol string
    The protocol of the rule.
    protocolV6 string
    The IPv6 protocol of the rule.
    site string
    The name of the site to associate the firewall rule with.
    srcAddress string
    The source address for the firewall rule.
    srcAddressIpv6 string
    The IPv6 source address for the firewall rule.
    srcFirewallGroupIds string[]
    The source firewall group IDs for the firewall rule.
    srcMac string
    The source MAC address of the firewall rule.
    srcNetworkId string
    The source network ID for the firewall rule.
    srcNetworkType string
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    srcPort string
    The source port of the firewall rule.
    stateEstablished boolean
    Match where the state is established.
    stateInvalid boolean
    Match where the state is invalid.
    stateNew boolean
    Match where the state is new.
    stateRelated boolean
    Match where the state is related.
    action str
    The action of the firewall rule. Must be one of drop, accept, or reject.
    rule_index int
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    ruleset str
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    dst_address str
    The destination address of the firewall rule.
    dst_address_ipv6 str
    The IPv6 destination address of the firewall rule.
    dst_firewall_group_ids Sequence[str]
    The destination firewall group IDs of the firewall rule.
    dst_network_id str
    The destination network ID of the firewall rule.
    dst_network_type str
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    dst_port str
    The destination port of the firewall rule.
    enabled bool
    Specifies whether the rule should be enabled. Defaults to true.
    icmp_typename str
    ICMP type name.
    icmp_v6_typename str
    ICMPv6 type name.
    ip_sec str
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    logging bool
    Enable logging for the firewall rule.
    name str
    The name of the firewall rule.
    protocol str
    The protocol of the rule.
    protocol_v6 str
    The IPv6 protocol of the rule.
    site str
    The name of the site to associate the firewall rule with.
    src_address str
    The source address for the firewall rule.
    src_address_ipv6 str
    The IPv6 source address for the firewall rule.
    src_firewall_group_ids Sequence[str]
    The source firewall group IDs for the firewall rule.
    src_mac str
    The source MAC address of the firewall rule.
    src_network_id str
    The source network ID for the firewall rule.
    src_network_type str
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    src_port str
    The source port of the firewall rule.
    state_established bool
    Match where the state is established.
    state_invalid bool
    Match where the state is invalid.
    state_new bool
    Match where the state is new.
    state_related bool
    Match where the state is related.
    action String
    The action of the firewall rule. Must be one of drop, accept, or reject.
    ruleIndex Number
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    ruleset String
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    dstAddress String
    The destination address of the firewall rule.
    dstAddressIpv6 String
    The IPv6 destination address of the firewall rule.
    dstFirewallGroupIds List<String>
    The destination firewall group IDs of the firewall rule.
    dstNetworkId String
    The destination network ID of the firewall rule.
    dstNetworkType String
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    dstPort String
    The destination port of the firewall rule.
    enabled Boolean
    Specifies whether the rule should be enabled. Defaults to true.
    icmpTypename String
    ICMP type name.
    icmpV6Typename String
    ICMPv6 type name.
    ipSec String
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    logging Boolean
    Enable logging for the firewall rule.
    name String
    The name of the firewall rule.
    protocol String
    The protocol of the rule.
    protocolV6 String
    The IPv6 protocol of the rule.
    site String
    The name of the site to associate the firewall rule with.
    srcAddress String
    The source address for the firewall rule.
    srcAddressIpv6 String
    The IPv6 source address for the firewall rule.
    srcFirewallGroupIds List<String>
    The source firewall group IDs for the firewall rule.
    srcMac String
    The source MAC address of the firewall rule.
    srcNetworkId String
    The source network ID for the firewall rule.
    srcNetworkType String
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    srcPort String
    The source port of the firewall rule.
    stateEstablished Boolean
    Match where the state is established.
    stateInvalid Boolean
    Match where the state is invalid.
    stateNew Boolean
    Match where the state is new.
    stateRelated Boolean
    Match where the state is related.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Rule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Rule Resource

    Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RuleState, opts?: CustomResourceOptions): Rule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            dst_address: Optional[str] = None,
            dst_address_ipv6: Optional[str] = None,
            dst_firewall_group_ids: Optional[Sequence[str]] = None,
            dst_network_id: Optional[str] = None,
            dst_network_type: Optional[str] = None,
            dst_port: Optional[str] = None,
            enabled: Optional[bool] = None,
            icmp_typename: Optional[str] = None,
            icmp_v6_typename: Optional[str] = None,
            ip_sec: Optional[str] = None,
            logging: Optional[bool] = None,
            name: Optional[str] = None,
            protocol: Optional[str] = None,
            protocol_v6: Optional[str] = None,
            rule_index: Optional[int] = None,
            ruleset: Optional[str] = None,
            site: Optional[str] = None,
            src_address: Optional[str] = None,
            src_address_ipv6: Optional[str] = None,
            src_firewall_group_ids: Optional[Sequence[str]] = None,
            src_mac: Optional[str] = None,
            src_network_id: Optional[str] = None,
            src_network_type: Optional[str] = None,
            src_port: Optional[str] = None,
            state_established: Optional[bool] = None,
            state_invalid: Optional[bool] = None,
            state_new: Optional[bool] = None,
            state_related: Optional[bool] = None) -> Rule
    func GetRule(ctx *Context, name string, id IDInput, state *RuleState, opts ...ResourceOption) (*Rule, error)
    public static Rule Get(string name, Input<string> id, RuleState? state, CustomResourceOptions? opts = null)
    public static Rule get(String name, Output<String> id, RuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    The action of the firewall rule. Must be one of drop, accept, or reject.
    DstAddress string
    The destination address of the firewall rule.
    DstAddressIpv6 string
    The IPv6 destination address of the firewall rule.
    DstFirewallGroupIds List<string>
    The destination firewall group IDs of the firewall rule.
    DstNetworkId string
    The destination network ID of the firewall rule.
    DstNetworkType string
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    DstPort string
    The destination port of the firewall rule.
    Enabled bool
    Specifies whether the rule should be enabled. Defaults to true.
    IcmpTypename string
    ICMP type name.
    IcmpV6Typename string
    ICMPv6 type name.
    IpSec string
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    Logging bool
    Enable logging for the firewall rule.
    Name string
    The name of the firewall rule.
    Protocol string
    The protocol of the rule.
    ProtocolV6 string
    The IPv6 protocol of the rule.
    RuleIndex int
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    Ruleset string
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    Site string
    The name of the site to associate the firewall rule with.
    SrcAddress string
    The source address for the firewall rule.
    SrcAddressIpv6 string
    The IPv6 source address for the firewall rule.
    SrcFirewallGroupIds List<string>
    The source firewall group IDs for the firewall rule.
    SrcMac string
    The source MAC address of the firewall rule.
    SrcNetworkId string
    The source network ID for the firewall rule.
    SrcNetworkType string
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    SrcPort string
    The source port of the firewall rule.
    StateEstablished bool
    Match where the state is established.
    StateInvalid bool
    Match where the state is invalid.
    StateNew bool
    Match where the state is new.
    StateRelated bool
    Match where the state is related.
    Action string
    The action of the firewall rule. Must be one of drop, accept, or reject.
    DstAddress string
    The destination address of the firewall rule.
    DstAddressIpv6 string
    The IPv6 destination address of the firewall rule.
    DstFirewallGroupIds []string
    The destination firewall group IDs of the firewall rule.
    DstNetworkId string
    The destination network ID of the firewall rule.
    DstNetworkType string
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    DstPort string
    The destination port of the firewall rule.
    Enabled bool
    Specifies whether the rule should be enabled. Defaults to true.
    IcmpTypename string
    ICMP type name.
    IcmpV6Typename string
    ICMPv6 type name.
    IpSec string
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    Logging bool
    Enable logging for the firewall rule.
    Name string
    The name of the firewall rule.
    Protocol string
    The protocol of the rule.
    ProtocolV6 string
    The IPv6 protocol of the rule.
    RuleIndex int
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    Ruleset string
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    Site string
    The name of the site to associate the firewall rule with.
    SrcAddress string
    The source address for the firewall rule.
    SrcAddressIpv6 string
    The IPv6 source address for the firewall rule.
    SrcFirewallGroupIds []string
    The source firewall group IDs for the firewall rule.
    SrcMac string
    The source MAC address of the firewall rule.
    SrcNetworkId string
    The source network ID for the firewall rule.
    SrcNetworkType string
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    SrcPort string
    The source port of the firewall rule.
    StateEstablished bool
    Match where the state is established.
    StateInvalid bool
    Match where the state is invalid.
    StateNew bool
    Match where the state is new.
    StateRelated bool
    Match where the state is related.
    action String
    The action of the firewall rule. Must be one of drop, accept, or reject.
    dstAddress String
    The destination address of the firewall rule.
    dstAddressIpv6 String
    The IPv6 destination address of the firewall rule.
    dstFirewallGroupIds List<String>
    The destination firewall group IDs of the firewall rule.
    dstNetworkId String
    The destination network ID of the firewall rule.
    dstNetworkType String
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    dstPort String
    The destination port of the firewall rule.
    enabled Boolean
    Specifies whether the rule should be enabled. Defaults to true.
    icmpTypename String
    ICMP type name.
    icmpV6Typename String
    ICMPv6 type name.
    ipSec String
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    logging Boolean
    Enable logging for the firewall rule.
    name String
    The name of the firewall rule.
    protocol String
    The protocol of the rule.
    protocolV6 String
    The IPv6 protocol of the rule.
    ruleIndex Integer
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    ruleset String
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    site String
    The name of the site to associate the firewall rule with.
    srcAddress String
    The source address for the firewall rule.
    srcAddressIpv6 String
    The IPv6 source address for the firewall rule.
    srcFirewallGroupIds List<String>
    The source firewall group IDs for the firewall rule.
    srcMac String
    The source MAC address of the firewall rule.
    srcNetworkId String
    The source network ID for the firewall rule.
    srcNetworkType String
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    srcPort String
    The source port of the firewall rule.
    stateEstablished Boolean
    Match where the state is established.
    stateInvalid Boolean
    Match where the state is invalid.
    stateNew Boolean
    Match where the state is new.
    stateRelated Boolean
    Match where the state is related.
    action string
    The action of the firewall rule. Must be one of drop, accept, or reject.
    dstAddress string
    The destination address of the firewall rule.
    dstAddressIpv6 string
    The IPv6 destination address of the firewall rule.
    dstFirewallGroupIds string[]
    The destination firewall group IDs of the firewall rule.
    dstNetworkId string
    The destination network ID of the firewall rule.
    dstNetworkType string
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    dstPort string
    The destination port of the firewall rule.
    enabled boolean
    Specifies whether the rule should be enabled. Defaults to true.
    icmpTypename string
    ICMP type name.
    icmpV6Typename string
    ICMPv6 type name.
    ipSec string
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    logging boolean
    Enable logging for the firewall rule.
    name string
    The name of the firewall rule.
    protocol string
    The protocol of the rule.
    protocolV6 string
    The IPv6 protocol of the rule.
    ruleIndex number
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    ruleset string
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    site string
    The name of the site to associate the firewall rule with.
    srcAddress string
    The source address for the firewall rule.
    srcAddressIpv6 string
    The IPv6 source address for the firewall rule.
    srcFirewallGroupIds string[]
    The source firewall group IDs for the firewall rule.
    srcMac string
    The source MAC address of the firewall rule.
    srcNetworkId string
    The source network ID for the firewall rule.
    srcNetworkType string
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    srcPort string
    The source port of the firewall rule.
    stateEstablished boolean
    Match where the state is established.
    stateInvalid boolean
    Match where the state is invalid.
    stateNew boolean
    Match where the state is new.
    stateRelated boolean
    Match where the state is related.
    action str
    The action of the firewall rule. Must be one of drop, accept, or reject.
    dst_address str
    The destination address of the firewall rule.
    dst_address_ipv6 str
    The IPv6 destination address of the firewall rule.
    dst_firewall_group_ids Sequence[str]
    The destination firewall group IDs of the firewall rule.
    dst_network_id str
    The destination network ID of the firewall rule.
    dst_network_type str
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    dst_port str
    The destination port of the firewall rule.
    enabled bool
    Specifies whether the rule should be enabled. Defaults to true.
    icmp_typename str
    ICMP type name.
    icmp_v6_typename str
    ICMPv6 type name.
    ip_sec str
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    logging bool
    Enable logging for the firewall rule.
    name str
    The name of the firewall rule.
    protocol str
    The protocol of the rule.
    protocol_v6 str
    The IPv6 protocol of the rule.
    rule_index int
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    ruleset str
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    site str
    The name of the site to associate the firewall rule with.
    src_address str
    The source address for the firewall rule.
    src_address_ipv6 str
    The IPv6 source address for the firewall rule.
    src_firewall_group_ids Sequence[str]
    The source firewall group IDs for the firewall rule.
    src_mac str
    The source MAC address of the firewall rule.
    src_network_id str
    The source network ID for the firewall rule.
    src_network_type str
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    src_port str
    The source port of the firewall rule.
    state_established bool
    Match where the state is established.
    state_invalid bool
    Match where the state is invalid.
    state_new bool
    Match where the state is new.
    state_related bool
    Match where the state is related.
    action String
    The action of the firewall rule. Must be one of drop, accept, or reject.
    dstAddress String
    The destination address of the firewall rule.
    dstAddressIpv6 String
    The IPv6 destination address of the firewall rule.
    dstFirewallGroupIds List<String>
    The destination firewall group IDs of the firewall rule.
    dstNetworkId String
    The destination network ID of the firewall rule.
    dstNetworkType String
    The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    dstPort String
    The destination port of the firewall rule.
    enabled Boolean
    Specifies whether the rule should be enabled. Defaults to true.
    icmpTypename String
    ICMP type name.
    icmpV6Typename String
    ICMPv6 type name.
    ipSec String
    Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
    logging Boolean
    Enable logging for the firewall rule.
    name String
    The name of the firewall rule.
    protocol String
    The protocol of the rule.
    protocolV6 String
    The IPv6 protocol of the rule.
    ruleIndex Number
    The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
    ruleset String
    The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.
    site String
    The name of the site to associate the firewall rule with.
    srcAddress String
    The source address for the firewall rule.
    srcAddressIpv6 String
    The IPv6 source address for the firewall rule.
    srcFirewallGroupIds List<String>
    The source firewall group IDs for the firewall rule.
    srcMac String
    The source MAC address of the firewall rule.
    srcNetworkId String
    The source network ID for the firewall rule.
    srcNetworkType String
    The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
    srcPort String
    The source port of the firewall rule.
    stateEstablished Boolean
    Match where the state is established.
    stateInvalid Boolean
    Match where the state is invalid.
    stateNew Boolean
    Match where the state is new.
    stateRelated Boolean
    Match where the state is related.

    Import

    import using the ID from the controller API/UI

    $ pulumi import unifi:firewall/rule:Rule my_rule 5f7080eb6b8969064f80494f
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    unifi pulumiverse/pulumi-unifi
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the unifi Terraform Provider.
    unifi logo
    Unifi v0.1.0 published on Monday, Oct 28, 2024 by Pulumiverse