2014-12-10 22:20:52 +01:00
|
|
|
---
|
|
|
|
layout: "cloudstack"
|
|
|
|
page_title: "CloudStack: cloudstack_firewall"
|
|
|
|
sidebar_current: "docs-cloudstack-resource-firewall"
|
|
|
|
description: |-
|
2015-01-03 19:31:53 +01:00
|
|
|
Creates firewall rules for a given IP address.
|
2014-12-10 22:20:52 +01:00
|
|
|
---
|
|
|
|
|
|
|
|
# cloudstack\_firewall
|
|
|
|
|
2015-01-03 19:31:53 +01:00
|
|
|
Creates firewall rules for a given IP address.
|
2014-12-10 22:20:52 +01:00
|
|
|
|
|
|
|
## Example Usage
|
|
|
|
|
|
|
|
```
|
|
|
|
resource "cloudstack_firewall" "default" {
|
2016-04-11 17:14:19 +02:00
|
|
|
ip_address_id = "30b21801-d4b3-4174-852b-0c0f30bdbbfb"
|
2014-12-10 22:20:52 +01:00
|
|
|
|
|
|
|
rule {
|
2015-12-03 11:10:42 +01:00
|
|
|
cidr_list = ["10.0.0.0/8"]
|
2014-12-10 22:20:52 +01:00
|
|
|
protocol = "tcp"
|
|
|
|
ports = ["80", "1000-2000"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## Argument Reference
|
|
|
|
|
|
|
|
The following arguments are supported:
|
|
|
|
|
2016-04-11 17:14:19 +02:00
|
|
|
* `ip_address_id` - (Required) The IP address ID for which to create the
|
|
|
|
firewall rules. Changing this forces a new resource to be created.
|
2014-12-10 22:20:52 +01:00
|
|
|
|
2016-04-04 22:13:27 +02:00
|
|
|
* `ipaddress` - (Required, Deprecated) The IP address or ID for which to create
|
|
|
|
the firewall rules. Changing this forces a new resource to be created.
|
|
|
|
|
2015-01-16 17:23:27 +01:00
|
|
|
* `managed` - (Optional) USE WITH CAUTION! If enabled all the firewall rules for
|
|
|
|
this IP address will be managed by this resource. This means it will delete
|
|
|
|
all firewall rules that are not in your config! (defaults false)
|
|
|
|
|
|
|
|
* `rule` - (Optional) Can be specified multiple times. Each rule block supports
|
|
|
|
fields documented below. If `managed = false` at least one rule is required!
|
2014-12-10 22:20:52 +01:00
|
|
|
|
2016-01-21 21:30:54 +01:00
|
|
|
* `parallelism` (Optional) Specifies how much rules will be created or deleted
|
|
|
|
concurrently. (defaults 2)
|
|
|
|
|
2014-12-10 22:20:52 +01:00
|
|
|
The `rule` block supports:
|
|
|
|
|
2015-12-03 11:10:42 +01:00
|
|
|
* `cidr_list` - (Required) A CIDR list to allow access to the given ports.
|
|
|
|
|
|
|
|
* `source_cidr` - (Optional, Deprecated) The source CIDR to allow access to the
|
|
|
|
given ports. This attribute is deprecated, please use `cidr_list` instead.
|
2014-12-10 22:20:52 +01:00
|
|
|
|
|
|
|
* `protocol` - (Required) The name of the protocol to allow. Valid options are:
|
|
|
|
`tcp`, `udp` and `icmp`.
|
|
|
|
|
|
|
|
* `icmp_type` - (Optional) The ICMP type to allow. This can only be specified if
|
|
|
|
the protocol is ICMP.
|
|
|
|
|
|
|
|
* `icmp_code` - (Optional) The ICMP code to allow. This can only be specified if
|
|
|
|
the protocol is ICMP.
|
|
|
|
|
2015-01-14 18:28:25 +01:00
|
|
|
* `ports` - (Optional) List of ports and/or port ranges to allow. This can only
|
2014-12-10 22:20:52 +01:00
|
|
|
be specified if the protocol is TCP or UDP.
|
|
|
|
|
|
|
|
## Attributes Reference
|
|
|
|
|
|
|
|
The following attributes are exported:
|
|
|
|
|
2015-03-09 14:00:29 +01:00
|
|
|
* `id` - The IP address ID for which the firewall rules are created.
|