unifi.firewall.Rule
Explore with Pulumi AI
unifi.firewall.Rule
manages an individual firewall rule on the gateway.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as unifi from "@pulumiverse/unifi";
const config = new pulumi.Config();
const ipAddress = config.require("ipAddress");
const dropAll = new unifi.firewall.Rule("drop_all", {
name: "drop all",
action: "drop",
ruleset: "LAN_IN",
ruleIndex: 2011,
protocol: "all",
dstAddress: ipAddress,
});
import pulumi
import pulumiverse_unifi as unifi
config = pulumi.Config()
ip_address = config.require("ipAddress")
drop_all = unifi.firewall.Rule("drop_all",
name="drop all",
action="drop",
ruleset="LAN_IN",
rule_index=2011,
protocol="all",
dst_address=ip_address)
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
"github.com/pulumiverse/pulumi-unifi/sdk/go/unifi/firewall"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
ipAddress := cfg.Require("ipAddress")
_, err := firewall.NewRule(ctx, "drop_all", &firewall.RuleArgs{
Name: pulumi.String("drop all"),
Action: pulumi.String("drop"),
Ruleset: pulumi.String("LAN_IN"),
RuleIndex: pulumi.Int(2011),
Protocol: pulumi.String("all"),
DstAddress: pulumi.String(ipAddress),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Unifi = Pulumiverse.Unifi;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var ipAddress = config.Require("ipAddress");
var dropAll = new Unifi.Firewall.Rule("drop_all", new()
{
Name = "drop all",
Action = "drop",
Ruleset = "LAN_IN",
RuleIndex = 2011,
Protocol = "all",
DstAddress = ipAddress,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.unifi.firewall.Rule;
import com.pulumi.unifi.firewall.RuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var ipAddress = config.get("ipAddress");
var dropAll = new Rule("dropAll", RuleArgs.builder()
.name("drop all")
.action("drop")
.ruleset("LAN_IN")
.ruleIndex(2011)
.protocol("all")
.dstAddress(ipAddress)
.build());
}
}
configuration:
ipAddress:
type: string
resources:
dropAll:
type: unifi:firewall:Rule
name: drop_all
properties:
name: drop all
action: drop
ruleset: LAN_IN
ruleIndex: 2011
protocol: all
dstAddress: ${ipAddress}
Create Rule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Rule(name: string, args: RuleArgs, opts?: CustomResourceOptions);
@overload
def Rule(resource_name: str,
args: RuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Rule(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
ruleset: Optional[str] = None,
rule_index: Optional[int] = None,
protocol_v6: Optional[str] = None,
dst_address: Optional[str] = None,
dst_network_type: Optional[str] = None,
dst_port: Optional[str] = None,
enabled: Optional[bool] = None,
icmp_typename: Optional[str] = None,
icmp_v6_typename: Optional[str] = None,
ip_sec: Optional[str] = None,
logging: Optional[bool] = None,
name: Optional[str] = None,
protocol: Optional[str] = None,
dst_firewall_group_ids: Optional[Sequence[str]] = None,
dst_address_ipv6: Optional[str] = None,
dst_network_id: Optional[str] = None,
site: Optional[str] = None,
src_address: Optional[str] = None,
src_address_ipv6: Optional[str] = None,
src_firewall_group_ids: Optional[Sequence[str]] = None,
src_mac: Optional[str] = None,
src_network_id: Optional[str] = None,
src_network_type: Optional[str] = None,
src_port: Optional[str] = None,
state_established: Optional[bool] = None,
state_invalid: Optional[bool] = None,
state_new: Optional[bool] = None,
state_related: Optional[bool] = None)
func NewRule(ctx *Context, name string, args RuleArgs, opts ...ResourceOption) (*Rule, error)
public Rule(string name, RuleArgs args, CustomResourceOptions? opts = null)
type: unifi:firewall:Rule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ruleResource = new Unifi.Firewall.Rule("ruleResource", new()
{
Action = "string",
Ruleset = "string",
RuleIndex = 0,
ProtocolV6 = "string",
DstAddress = "string",
DstNetworkType = "string",
DstPort = "string",
Enabled = false,
IcmpTypename = "string",
IcmpV6Typename = "string",
IpSec = "string",
Logging = false,
Name = "string",
Protocol = "string",
DstFirewallGroupIds = new[]
{
"string",
},
DstAddressIpv6 = "string",
DstNetworkId = "string",
Site = "string",
SrcAddress = "string",
SrcAddressIpv6 = "string",
SrcFirewallGroupIds = new[]
{
"string",
},
SrcMac = "string",
SrcNetworkId = "string",
SrcNetworkType = "string",
SrcPort = "string",
StateEstablished = false,
StateInvalid = false,
StateNew = false,
StateRelated = false,
});
example, err := firewall.NewRule(ctx, "ruleResource", &firewall.RuleArgs{
Action: pulumi.String("string"),
Ruleset: pulumi.String("string"),
RuleIndex: pulumi.Int(0),
ProtocolV6: pulumi.String("string"),
DstAddress: pulumi.String("string"),
DstNetworkType: pulumi.String("string"),
DstPort: pulumi.String("string"),
Enabled: pulumi.Bool(false),
IcmpTypename: pulumi.String("string"),
IcmpV6Typename: pulumi.String("string"),
IpSec: pulumi.String("string"),
Logging: pulumi.Bool(false),
Name: pulumi.String("string"),
Protocol: pulumi.String("string"),
DstFirewallGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
DstAddressIpv6: pulumi.String("string"),
DstNetworkId: pulumi.String("string"),
Site: pulumi.String("string"),
SrcAddress: pulumi.String("string"),
SrcAddressIpv6: pulumi.String("string"),
SrcFirewallGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
SrcMac: pulumi.String("string"),
SrcNetworkId: pulumi.String("string"),
SrcNetworkType: pulumi.String("string"),
SrcPort: pulumi.String("string"),
StateEstablished: pulumi.Bool(false),
StateInvalid: pulumi.Bool(false),
StateNew: pulumi.Bool(false),
StateRelated: pulumi.Bool(false),
})
var ruleResource = new Rule("ruleResource", RuleArgs.builder()
.action("string")
.ruleset("string")
.ruleIndex(0)
.protocolV6("string")
.dstAddress("string")
.dstNetworkType("string")
.dstPort("string")
.enabled(false)
.icmpTypename("string")
.icmpV6Typename("string")
.ipSec("string")
.logging(false)
.name("string")
.protocol("string")
.dstFirewallGroupIds("string")
.dstAddressIpv6("string")
.dstNetworkId("string")
.site("string")
.srcAddress("string")
.srcAddressIpv6("string")
.srcFirewallGroupIds("string")
.srcMac("string")
.srcNetworkId("string")
.srcNetworkType("string")
.srcPort("string")
.stateEstablished(false)
.stateInvalid(false)
.stateNew(false)
.stateRelated(false)
.build());
rule_resource = unifi.firewall.Rule("ruleResource",
action="string",
ruleset="string",
rule_index=0,
protocol_v6="string",
dst_address="string",
dst_network_type="string",
dst_port="string",
enabled=False,
icmp_typename="string",
icmp_v6_typename="string",
ip_sec="string",
logging=False,
name="string",
protocol="string",
dst_firewall_group_ids=["string"],
dst_address_ipv6="string",
dst_network_id="string",
site="string",
src_address="string",
src_address_ipv6="string",
src_firewall_group_ids=["string"],
src_mac="string",
src_network_id="string",
src_network_type="string",
src_port="string",
state_established=False,
state_invalid=False,
state_new=False,
state_related=False)
const ruleResource = new unifi.firewall.Rule("ruleResource", {
action: "string",
ruleset: "string",
ruleIndex: 0,
protocolV6: "string",
dstAddress: "string",
dstNetworkType: "string",
dstPort: "string",
enabled: false,
icmpTypename: "string",
icmpV6Typename: "string",
ipSec: "string",
logging: false,
name: "string",
protocol: "string",
dstFirewallGroupIds: ["string"],
dstAddressIpv6: "string",
dstNetworkId: "string",
site: "string",
srcAddress: "string",
srcAddressIpv6: "string",
srcFirewallGroupIds: ["string"],
srcMac: "string",
srcNetworkId: "string",
srcNetworkType: "string",
srcPort: "string",
stateEstablished: false,
stateInvalid: false,
stateNew: false,
stateRelated: false,
});
type: unifi:firewall:Rule
properties:
action: string
dstAddress: string
dstAddressIpv6: string
dstFirewallGroupIds:
- string
dstNetworkId: string
dstNetworkType: string
dstPort: string
enabled: false
icmpTypename: string
icmpV6Typename: string
ipSec: string
logging: false
name: string
protocol: string
protocolV6: string
ruleIndex: 0
ruleset: string
site: string
srcAddress: string
srcAddressIpv6: string
srcFirewallGroupIds:
- string
srcMac: string
srcNetworkId: string
srcNetworkType: string
srcPort: string
stateEstablished: false
stateInvalid: false
stateNew: false
stateRelated: false
Rule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Rule resource accepts the following input properties:
- Action string
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - Rule
Index int - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- Ruleset string
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - Dst
Address string - The destination address of the firewall rule.
- Dst
Address stringIpv6 - The IPv6 destination address of the firewall rule.
- Dst
Firewall List<string>Group Ids - The destination firewall group IDs of the firewall rule.
- Dst
Network stringId - The destination network ID of the firewall rule.
- Dst
Network stringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - Dst
Port string - The destination port of the firewall rule.
- Enabled bool
- Specifies whether the rule should be enabled. Defaults to
true
. - Icmp
Typename string - ICMP type name.
- Icmp
V6Typename string - ICMPv6 type name.
- Ip
Sec string - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - Logging bool
- Enable logging for the firewall rule.
- Name string
- The name of the firewall rule.
- Protocol string
- The protocol of the rule.
- Protocol
V6 string - The IPv6 protocol of the rule.
- Site string
- The name of the site to associate the firewall rule with.
- Src
Address string - The source address for the firewall rule.
- Src
Address stringIpv6 - The IPv6 source address for the firewall rule.
- Src
Firewall List<string>Group Ids - The source firewall group IDs for the firewall rule.
- Src
Mac string - The source MAC address of the firewall rule.
- Src
Network stringId - The source network ID for the firewall rule.
- Src
Network stringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - Src
Port string - The source port of the firewall rule.
- State
Established bool - Match where the state is established.
- State
Invalid bool - Match where the state is invalid.
- State
New bool - Match where the state is new.
- bool
- Match where the state is related.
- Action string
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - Rule
Index int - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- Ruleset string
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - Dst
Address string - The destination address of the firewall rule.
- Dst
Address stringIpv6 - The IPv6 destination address of the firewall rule.
- Dst
Firewall []stringGroup Ids - The destination firewall group IDs of the firewall rule.
- Dst
Network stringId - The destination network ID of the firewall rule.
- Dst
Network stringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - Dst
Port string - The destination port of the firewall rule.
- Enabled bool
- Specifies whether the rule should be enabled. Defaults to
true
. - Icmp
Typename string - ICMP type name.
- Icmp
V6Typename string - ICMPv6 type name.
- Ip
Sec string - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - Logging bool
- Enable logging for the firewall rule.
- Name string
- The name of the firewall rule.
- Protocol string
- The protocol of the rule.
- Protocol
V6 string - The IPv6 protocol of the rule.
- Site string
- The name of the site to associate the firewall rule with.
- Src
Address string - The source address for the firewall rule.
- Src
Address stringIpv6 - The IPv6 source address for the firewall rule.
- Src
Firewall []stringGroup Ids - The source firewall group IDs for the firewall rule.
- Src
Mac string - The source MAC address of the firewall rule.
- Src
Network stringId - The source network ID for the firewall rule.
- Src
Network stringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - Src
Port string - The source port of the firewall rule.
- State
Established bool - Match where the state is established.
- State
Invalid bool - Match where the state is invalid.
- State
New bool - Match where the state is new.
- bool
- Match where the state is related.
- action String
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - rule
Index Integer - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- ruleset String
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - dst
Address String - The destination address of the firewall rule.
- dst
Address StringIpv6 - The IPv6 destination address of the firewall rule.
- dst
Firewall List<String>Group Ids - The destination firewall group IDs of the firewall rule.
- dst
Network StringId - The destination network ID of the firewall rule.
- dst
Network StringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - dst
Port String - The destination port of the firewall rule.
- enabled Boolean
- Specifies whether the rule should be enabled. Defaults to
true
. - icmp
Typename String - ICMP type name.
- icmp
V6Typename String - ICMPv6 type name.
- ip
Sec String - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - logging Boolean
- Enable logging for the firewall rule.
- name String
- The name of the firewall rule.
- protocol String
- The protocol of the rule.
- protocol
V6 String - The IPv6 protocol of the rule.
- site String
- The name of the site to associate the firewall rule with.
- src
Address String - The source address for the firewall rule.
- src
Address StringIpv6 - The IPv6 source address for the firewall rule.
- src
Firewall List<String>Group Ids - The source firewall group IDs for the firewall rule.
- src
Mac String - The source MAC address of the firewall rule.
- src
Network StringId - The source network ID for the firewall rule.
- src
Network StringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - src
Port String - The source port of the firewall rule.
- state
Established Boolean - Match where the state is established.
- state
Invalid Boolean - Match where the state is invalid.
- state
New Boolean - Match where the state is new.
- Boolean
- Match where the state is related.
- action string
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - rule
Index number - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- ruleset string
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - dst
Address string - The destination address of the firewall rule.
- dst
Address stringIpv6 - The IPv6 destination address of the firewall rule.
- dst
Firewall string[]Group Ids - The destination firewall group IDs of the firewall rule.
- dst
Network stringId - The destination network ID of the firewall rule.
- dst
Network stringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - dst
Port string - The destination port of the firewall rule.
- enabled boolean
- Specifies whether the rule should be enabled. Defaults to
true
. - icmp
Typename string - ICMP type name.
- icmp
V6Typename string - ICMPv6 type name.
- ip
Sec string - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - logging boolean
- Enable logging for the firewall rule.
- name string
- The name of the firewall rule.
- protocol string
- The protocol of the rule.
- protocol
V6 string - The IPv6 protocol of the rule.
- site string
- The name of the site to associate the firewall rule with.
- src
Address string - The source address for the firewall rule.
- src
Address stringIpv6 - The IPv6 source address for the firewall rule.
- src
Firewall string[]Group Ids - The source firewall group IDs for the firewall rule.
- src
Mac string - The source MAC address of the firewall rule.
- src
Network stringId - The source network ID for the firewall rule.
- src
Network stringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - src
Port string - The source port of the firewall rule.
- state
Established boolean - Match where the state is established.
- state
Invalid boolean - Match where the state is invalid.
- state
New boolean - Match where the state is new.
- boolean
- Match where the state is related.
- action str
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - rule_
index int - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- ruleset str
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - dst_
address str - The destination address of the firewall rule.
- dst_
address_ stripv6 - The IPv6 destination address of the firewall rule.
- dst_
firewall_ Sequence[str]group_ ids - The destination firewall group IDs of the firewall rule.
- dst_
network_ strid - The destination network ID of the firewall rule.
- dst_
network_ strtype - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - dst_
port str - The destination port of the firewall rule.
- enabled bool
- Specifies whether the rule should be enabled. Defaults to
true
. - icmp_
typename str - ICMP type name.
- icmp_
v6_ strtypename - ICMPv6 type name.
- ip_
sec str - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - logging bool
- Enable logging for the firewall rule.
- name str
- The name of the firewall rule.
- protocol str
- The protocol of the rule.
- protocol_
v6 str - The IPv6 protocol of the rule.
- site str
- The name of the site to associate the firewall rule with.
- src_
address str - The source address for the firewall rule.
- src_
address_ stripv6 - The IPv6 source address for the firewall rule.
- src_
firewall_ Sequence[str]group_ ids - The source firewall group IDs for the firewall rule.
- src_
mac str - The source MAC address of the firewall rule.
- src_
network_ strid - The source network ID for the firewall rule.
- src_
network_ strtype - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - src_
port str - The source port of the firewall rule.
- state_
established bool - Match where the state is established.
- state_
invalid bool - Match where the state is invalid.
- state_
new bool - Match where the state is new.
- bool
- Match where the state is related.
- action String
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - rule
Index Number - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- ruleset String
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - dst
Address String - The destination address of the firewall rule.
- dst
Address StringIpv6 - The IPv6 destination address of the firewall rule.
- dst
Firewall List<String>Group Ids - The destination firewall group IDs of the firewall rule.
- dst
Network StringId - The destination network ID of the firewall rule.
- dst
Network StringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - dst
Port String - The destination port of the firewall rule.
- enabled Boolean
- Specifies whether the rule should be enabled. Defaults to
true
. - icmp
Typename String - ICMP type name.
- icmp
V6Typename String - ICMPv6 type name.
- ip
Sec String - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - logging Boolean
- Enable logging for the firewall rule.
- name String
- The name of the firewall rule.
- protocol String
- The protocol of the rule.
- protocol
V6 String - The IPv6 protocol of the rule.
- site String
- The name of the site to associate the firewall rule with.
- src
Address String - The source address for the firewall rule.
- src
Address StringIpv6 - The IPv6 source address for the firewall rule.
- src
Firewall List<String>Group Ids - The source firewall group IDs for the firewall rule.
- src
Mac String - The source MAC address of the firewall rule.
- src
Network StringId - The source network ID for the firewall rule.
- src
Network StringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - src
Port String - The source port of the firewall rule.
- state
Established Boolean - Match where the state is established.
- state
Invalid Boolean - Match where the state is invalid.
- state
New Boolean - Match where the state is new.
- Boolean
- Match where the state is related.
Outputs
All input properties are implicitly available as output properties. Additionally, the Rule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Rule Resource
Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RuleState, opts?: CustomResourceOptions): Rule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
dst_address: Optional[str] = None,
dst_address_ipv6: Optional[str] = None,
dst_firewall_group_ids: Optional[Sequence[str]] = None,
dst_network_id: Optional[str] = None,
dst_network_type: Optional[str] = None,
dst_port: Optional[str] = None,
enabled: Optional[bool] = None,
icmp_typename: Optional[str] = None,
icmp_v6_typename: Optional[str] = None,
ip_sec: Optional[str] = None,
logging: Optional[bool] = None,
name: Optional[str] = None,
protocol: Optional[str] = None,
protocol_v6: Optional[str] = None,
rule_index: Optional[int] = None,
ruleset: Optional[str] = None,
site: Optional[str] = None,
src_address: Optional[str] = None,
src_address_ipv6: Optional[str] = None,
src_firewall_group_ids: Optional[Sequence[str]] = None,
src_mac: Optional[str] = None,
src_network_id: Optional[str] = None,
src_network_type: Optional[str] = None,
src_port: Optional[str] = None,
state_established: Optional[bool] = None,
state_invalid: Optional[bool] = None,
state_new: Optional[bool] = None,
state_related: Optional[bool] = None) -> Rule
func GetRule(ctx *Context, name string, id IDInput, state *RuleState, opts ...ResourceOption) (*Rule, error)
public static Rule Get(string name, Input<string> id, RuleState? state, CustomResourceOptions? opts = null)
public static Rule get(String name, Output<String> id, RuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - Dst
Address string - The destination address of the firewall rule.
- Dst
Address stringIpv6 - The IPv6 destination address of the firewall rule.
- Dst
Firewall List<string>Group Ids - The destination firewall group IDs of the firewall rule.
- Dst
Network stringId - The destination network ID of the firewall rule.
- Dst
Network stringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - Dst
Port string - The destination port of the firewall rule.
- Enabled bool
- Specifies whether the rule should be enabled. Defaults to
true
. - Icmp
Typename string - ICMP type name.
- Icmp
V6Typename string - ICMPv6 type name.
- Ip
Sec string - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - Logging bool
- Enable logging for the firewall rule.
- Name string
- The name of the firewall rule.
- Protocol string
- The protocol of the rule.
- Protocol
V6 string - The IPv6 protocol of the rule.
- Rule
Index int - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- Ruleset string
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - Site string
- The name of the site to associate the firewall rule with.
- Src
Address string - The source address for the firewall rule.
- Src
Address stringIpv6 - The IPv6 source address for the firewall rule.
- Src
Firewall List<string>Group Ids - The source firewall group IDs for the firewall rule.
- Src
Mac string - The source MAC address of the firewall rule.
- Src
Network stringId - The source network ID for the firewall rule.
- Src
Network stringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - Src
Port string - The source port of the firewall rule.
- State
Established bool - Match where the state is established.
- State
Invalid bool - Match where the state is invalid.
- State
New bool - Match where the state is new.
- bool
- Match where the state is related.
- Action string
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - Dst
Address string - The destination address of the firewall rule.
- Dst
Address stringIpv6 - The IPv6 destination address of the firewall rule.
- Dst
Firewall []stringGroup Ids - The destination firewall group IDs of the firewall rule.
- Dst
Network stringId - The destination network ID of the firewall rule.
- Dst
Network stringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - Dst
Port string - The destination port of the firewall rule.
- Enabled bool
- Specifies whether the rule should be enabled. Defaults to
true
. - Icmp
Typename string - ICMP type name.
- Icmp
V6Typename string - ICMPv6 type name.
- Ip
Sec string - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - Logging bool
- Enable logging for the firewall rule.
- Name string
- The name of the firewall rule.
- Protocol string
- The protocol of the rule.
- Protocol
V6 string - The IPv6 protocol of the rule.
- Rule
Index int - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- Ruleset string
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - Site string
- The name of the site to associate the firewall rule with.
- Src
Address string - The source address for the firewall rule.
- Src
Address stringIpv6 - The IPv6 source address for the firewall rule.
- Src
Firewall []stringGroup Ids - The source firewall group IDs for the firewall rule.
- Src
Mac string - The source MAC address of the firewall rule.
- Src
Network stringId - The source network ID for the firewall rule.
- Src
Network stringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - Src
Port string - The source port of the firewall rule.
- State
Established bool - Match where the state is established.
- State
Invalid bool - Match where the state is invalid.
- State
New bool - Match where the state is new.
- bool
- Match where the state is related.
- action String
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - dst
Address String - The destination address of the firewall rule.
- dst
Address StringIpv6 - The IPv6 destination address of the firewall rule.
- dst
Firewall List<String>Group Ids - The destination firewall group IDs of the firewall rule.
- dst
Network StringId - The destination network ID of the firewall rule.
- dst
Network StringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - dst
Port String - The destination port of the firewall rule.
- enabled Boolean
- Specifies whether the rule should be enabled. Defaults to
true
. - icmp
Typename String - ICMP type name.
- icmp
V6Typename String - ICMPv6 type name.
- ip
Sec String - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - logging Boolean
- Enable logging for the firewall rule.
- name String
- The name of the firewall rule.
- protocol String
- The protocol of the rule.
- protocol
V6 String - The IPv6 protocol of the rule.
- rule
Index Integer - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- ruleset String
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - site String
- The name of the site to associate the firewall rule with.
- src
Address String - The source address for the firewall rule.
- src
Address StringIpv6 - The IPv6 source address for the firewall rule.
- src
Firewall List<String>Group Ids - The source firewall group IDs for the firewall rule.
- src
Mac String - The source MAC address of the firewall rule.
- src
Network StringId - The source network ID for the firewall rule.
- src
Network StringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - src
Port String - The source port of the firewall rule.
- state
Established Boolean - Match where the state is established.
- state
Invalid Boolean - Match where the state is invalid.
- state
New Boolean - Match where the state is new.
- Boolean
- Match where the state is related.
- action string
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - dst
Address string - The destination address of the firewall rule.
- dst
Address stringIpv6 - The IPv6 destination address of the firewall rule.
- dst
Firewall string[]Group Ids - The destination firewall group IDs of the firewall rule.
- dst
Network stringId - The destination network ID of the firewall rule.
- dst
Network stringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - dst
Port string - The destination port of the firewall rule.
- enabled boolean
- Specifies whether the rule should be enabled. Defaults to
true
. - icmp
Typename string - ICMP type name.
- icmp
V6Typename string - ICMPv6 type name.
- ip
Sec string - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - logging boolean
- Enable logging for the firewall rule.
- name string
- The name of the firewall rule.
- protocol string
- The protocol of the rule.
- protocol
V6 string - The IPv6 protocol of the rule.
- rule
Index number - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- ruleset string
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - site string
- The name of the site to associate the firewall rule with.
- src
Address string - The source address for the firewall rule.
- src
Address stringIpv6 - The IPv6 source address for the firewall rule.
- src
Firewall string[]Group Ids - The source firewall group IDs for the firewall rule.
- src
Mac string - The source MAC address of the firewall rule.
- src
Network stringId - The source network ID for the firewall rule.
- src
Network stringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - src
Port string - The source port of the firewall rule.
- state
Established boolean - Match where the state is established.
- state
Invalid boolean - Match where the state is invalid.
- state
New boolean - Match where the state is new.
- boolean
- Match where the state is related.
- action str
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - dst_
address str - The destination address of the firewall rule.
- dst_
address_ stripv6 - The IPv6 destination address of the firewall rule.
- dst_
firewall_ Sequence[str]group_ ids - The destination firewall group IDs of the firewall rule.
- dst_
network_ strid - The destination network ID of the firewall rule.
- dst_
network_ strtype - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - dst_
port str - The destination port of the firewall rule.
- enabled bool
- Specifies whether the rule should be enabled. Defaults to
true
. - icmp_
typename str - ICMP type name.
- icmp_
v6_ strtypename - ICMPv6 type name.
- ip_
sec str - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - logging bool
- Enable logging for the firewall rule.
- name str
- The name of the firewall rule.
- protocol str
- The protocol of the rule.
- protocol_
v6 str - The IPv6 protocol of the rule.
- rule_
index int - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- ruleset str
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - site str
- The name of the site to associate the firewall rule with.
- src_
address str - The source address for the firewall rule.
- src_
address_ stripv6 - The IPv6 source address for the firewall rule.
- src_
firewall_ Sequence[str]group_ ids - The source firewall group IDs for the firewall rule.
- src_
mac str - The source MAC address of the firewall rule.
- src_
network_ strid - The source network ID for the firewall rule.
- src_
network_ strtype - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - src_
port str - The source port of the firewall rule.
- state_
established bool - Match where the state is established.
- state_
invalid bool - Match where the state is invalid.
- state_
new bool - Match where the state is new.
- bool
- Match where the state is related.
- action String
- The action of the firewall rule. Must be one of
drop
,accept
, orreject
. - dst
Address String - The destination address of the firewall rule.
- dst
Address StringIpv6 - The IPv6 destination address of the firewall rule.
- dst
Firewall List<String>Group Ids - The destination firewall group IDs of the firewall rule.
- dst
Network StringId - The destination network ID of the firewall rule.
- dst
Network StringType - The destination network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - dst
Port String - The destination port of the firewall rule.
- enabled Boolean
- Specifies whether the rule should be enabled. Defaults to
true
. - icmp
Typename String - ICMP type name.
- icmp
V6Typename String - ICMPv6 type name.
- ip
Sec String - Specify whether the rule matches on IPsec packets. Can be one of
match-ipset
ormatch-none
. - logging Boolean
- Enable logging for the firewall rule.
- name String
- The name of the firewall rule.
- protocol String
- The protocol of the rule.
- protocol
V6 String - The IPv6 protocol of the rule.
- rule
Index Number - The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
- ruleset String
- The ruleset for the rule. This is from the perspective of the security gateway. Must be one of
WAN_IN
,WAN_OUT
,WAN_LOCAL
,LAN_IN
,LAN_OUT
,LAN_LOCAL
,GUEST_IN
,GUEST_OUT
,GUEST_LOCAL
,WANv6_IN
,WANv6_OUT
,WANv6_LOCAL
,LANv6_IN
,LANv6_OUT
,LANv6_LOCAL
,GUESTv6_IN
,GUESTv6_OUT
, orGUESTv6_LOCAL
. - site String
- The name of the site to associate the firewall rule with.
- src
Address String - The source address for the firewall rule.
- src
Address StringIpv6 - The IPv6 source address for the firewall rule.
- src
Firewall List<String>Group Ids - The source firewall group IDs for the firewall rule.
- src
Mac String - The source MAC address of the firewall rule.
- src
Network StringId - The source network ID for the firewall rule.
- src
Network StringType - The source network type of the firewall rule. Can be one of
ADDRv4
orNETv4
. Defaults toNETv4
. - src
Port String - The source port of the firewall rule.
- state
Established Boolean - Match where the state is established.
- state
Invalid Boolean - Match where the state is invalid.
- state
New Boolean - Match where the state is new.
- Boolean
- Match where the state is related.
Import
import using the ID from the controller API/UI
$ pulumi import unifi:firewall/rule:Rule my_rule 5f7080eb6b8969064f80494f
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- unifi pulumiverse/pulumi-unifi
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
unifi
Terraform Provider.