terraform/website/source/docs/providers/vcd/r/firewall_rules.html.markdown

---
layout: "vcd"
page_title: "vCloudDirector: vcd_firewall_rules"
sidebar_current: "docs-vcd-resource-firewall-rules"
description: |-
  Provides a vCloud Director Firewall resource. This can be used to create, modify, and delete firewall settings and rules.
---

# vcd\_firewall\_rules

Provides a vCloud Director Firewall resource. This can be used to create,
modify, and delete firewall settings and rules.

## Example Usage

```
resource "vcd_firewall_rules" "fw" {
    edge_gateway   = "Edge Gateway Name"
    default_action = "drop"

    rule {
        description      = "deny-ftp-out"
        policy           = "deny"
        protocol         = "tcp"
        destination_port = "21"
        destination_ip   = "any"
        source_port      = "any"
        source_ip        = "10.10.0.0/24"
    }

    rule {
        description      = "allow-outbound"
        policy           = "allow"
        protocol         = "any"
        destination_port = "any"
        destination_ip   = "any"
        source_port      = "any"
        source_ip        = "10.10.0.0/24"
    }

}

resource "vcd_vapp" "web" {
    ...
}

resource "vcd_firewall_rules" "fw-web" {
    edge_gateway   = "Edge Gateway Name"
    default_action = "drop"

    rule {
        description      = "allow-web"
        policy           = "allow"
        protocol         = "tcp"
        destination_port = "80"
        destination_ip   = "${vcd_vapp.web.ip}"
        source_port      = "any"
        source_ip        = "any"
    }
}

```

## Argument Reference

The following arguments are supported:

* `edge_gateway` - (Required) The name of the edge gateway on which to apply the Firewall Rules
* `default_action` - (Required) Either "allow" or "deny". Specifies what to do should none of the rules match
* `rule` - (Optional) Configures a firewall rule; see [Rules](#rules) below for details.

<a id="rules"></a>
## Rules

Each firewall rule supports the following attributes:

* `description` - (Required) Description of the fireall rule
* `policy` - (Required) Specifies what to do when this rule is matched. Either "allow" or "deny"
* `protocol` - (Required) The protocol to match. One of "tcp", "udp", "icmp" or "any"
* `destination_port` - (Required) The destination port to match. Either a port number or "any"
* `destination_ip` - (Required) The destination IP to match. Either an IP address, IP range or "any"
* `source_port` - (Required) The source port to match. Either a port number or "any"
* `source_ip` - (Required) The source IP to match. Either an IP address, IP range or "any"
Added vCloud Director provider with tests and provider documentation 2015-10-26 15:45:48 +01:00			`---`
			`layout: "vcd"`
			`page_title: "vCloudDirector: vcd_firewall_rules"`
			`sidebar_current: "docs-vcd-resource-firewall-rules"`
			`description: \|-`
			`Provides a vCloud Director Firewall resource. This can be used to create, modify, and delete firewall settings and rules.`
			`---`

			`# vcd\_firewall\_rules`

			`Provides a vCloud Director Firewall resource. This can be used to create,`
			`modify, and delete firewall settings and rules.`

			`## Example Usage`

			```
			`resource "vcd_firewall_rules" "fw" {`
			`edge_gateway = "Edge Gateway Name"`
			`default_action = "drop"`

			`rule {`
Changed documentation to better show what can be done with firewall rules 2015-11-10 23:49:38 +01:00			`description = "deny-ftp-out"`
			`policy = "deny"`
Added vCloud Director provider with tests and provider documentation 2015-10-26 15:45:48 +01:00			`protocol = "tcp"`
Changed documentation to better show what can be done with firewall rules 2015-11-10 23:49:38 +01:00			`destination_port = "21"`
			`destination_ip = "any"`
Added vCloud Director provider with tests and provider documentation 2015-10-26 15:45:48 +01:00			`source_port = "any"`
Changed documentation to better show what can be done with firewall rules 2015-11-10 23:49:38 +01:00			`source_ip = "10.10.0.0/24"`
Added vCloud Director provider with tests and provider documentation 2015-10-26 15:45:48 +01:00			`}`

			`rule {`
			`description = "allow-outbound"`
			`policy = "allow"`
			`protocol = "any"`
			`destination_port = "any"`
			`destination_ip = "any"`
			`source_port = "any"`
			`source_ip = "10.10.0.0/24"`
			`}`

			`}`
Changed documentation to better show what can be done with firewall rules 2015-11-10 23:49:38 +01:00
			`resource "vcd_vapp" "web" {`
			`...`
			`}`

			`resource "vcd_firewall_rules" "fw-web" {`
			`edge_gateway = "Edge Gateway Name"`
			`default_action = "drop"`

			`rule {`
			`description = "allow-web"`
			`policy = "allow"`
			`protocol = "tcp"`
			`destination_port = "80"`
			`destination_ip = "${vcd_vapp.web.ip}"`
			`source_port = "any"`
			`source_ip = "any"`
			`}`
			`}`

Added vCloud Director provider with tests and provider documentation 2015-10-26 15:45:48 +01:00			```

			`## Argument Reference`

			`The following arguments are supported:`

			* `edge_gateway` - (Required) The name of the edge gateway on which to apply the Firewall Rules
			* `default_action` - (Required) Either "allow" or "deny". Specifies what to do should none of the rules match
			* `rule` - (Optional) Configures a firewall rule; see [Rules](#rules) below for details.

			`<a id="rules"></a>`
			`## Rules`

			`Each firewall rule supports the following attributes:`

			* `description` - (Required) Description of the fireall rule
			* `policy` - (Required) Specifies what to do when this rule is matched. Either "allow" or "deny"
			* `protocol` - (Required) The protocol to match. One of "tcp", "udp", "icmp" or "any"
			* `destination_port` - (Required) The destination port to match. Either a port number or "any"
			* `destination_ip` - (Required) The destination IP to match. Either an IP address, IP range or "any"
			* `source_port` - (Required) The source port to match. Either a port number or "any"
			* `source_ip` - (Required) The source IP to match. Either an IP address, IP range or "any"