diff --git a/website/source/docs/providers/cloudstack/r/egress_firewall.html.markdown b/website/source/docs/providers/cloudstack/r/egress_firewall.html.markdown
new file mode 100644
index 000000000..17fa20927
--- /dev/null
+++ b/website/source/docs/providers/cloudstack/r/egress_firewall.html.markdown
@@ -0,0 +1,61 @@
+---
+layout: "cloudstack"
+page_title: "CloudStack: cloudstack_egress_firewall"
+sidebar_current: "docs-cloudstack-resource-egress-firewall"
+description: |-
+ Creates egress firewall rules for a given network.
+---
+
+# cloudstack\_egress\_firewall
+
+Creates egress firewall rules for a given network.
+
+## Example Usage
+
+```
+resource "cloudstack_egress_firewall" "default" {
+ network = "test-network"
+
+ rule {
+ source_cidr = "10.0.0.0/8"
+ protocol = "tcp"
+ ports = ["80", "1000-2000"]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `network` - (Required) The network for which to create the egress firewall
+ rules. Changing this forces a new resource to be created.
+
+* `managed` - (Optional) USE WITH CAUTION! If enabled all the egress firewall
+ rules for this network will be managed by this resource. This means it will
+ delete all firewall rules that are not in your config! (defaults false)
+
+* `rule` - (Optional) Can be specified multiple times. Each rule block supports
+ fields documented below. If `managed = false` at least one rule is required!
+
+The `rule` block supports:
+
+* `source_cidr` - (Required) The source CIDR to allow access to the given ports.
+
+* `protocol` - (Required) The name of the protocol to allow. Valid options are:
+ `tcp`, `udp` and `icmp`.
+
+* `icmp_type` - (Optional) The ICMP type to allow. This can only be specified if
+ the protocol is ICMP.
+
+* `icmp_code` - (Optional) The ICMP code to allow. This can only be specified if
+ the protocol is ICMP.
+
+* `ports` - (Optional) List of ports and/or port ranges to allow. This can only
+ be specified if the protocol is TCP or UDP.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `ID` - The network ID for which the egress firewall rules are created.
diff --git a/website/source/docs/providers/cloudstack/r/firewall.html.markdown b/website/source/docs/providers/cloudstack/r/firewall.html.markdown
index 3bae04d0e..1c659e6bf 100644
--- a/website/source/docs/providers/cloudstack/r/firewall.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/firewall.html.markdown
@@ -31,8 +31,12 @@ The following arguments are supported:
* `ipaddress` - (Required) The IP address for which to create the firewall rules.
Changing this forces a new resource to be created.
-* `rule` - (Required) Can be specified multiple times. Each rule block supports
- fields documented below.
+* `managed` - (Optional) USE WITH CAUTION! If enabled all the firewall rules for
+ this IP address will be managed by this resource. This means it will delete
+ all firewall rules that are not in your config! (defaults false)
+
+* `rule` - (Optional) Can be specified multiple times. Each rule block supports
+ fields documented below. If `managed = false` at least one rule is required!
The `rule` block supports:
@@ -54,4 +58,4 @@ The `rule` block supports:
The following attributes are exported:
-* `ipaddress` - The IP address for which the firewall rules are created.
+* `ID` - The IP address ID for which the firewall rules are created.
diff --git a/website/source/docs/providers/cloudstack/r/network_acl.html.markdown b/website/source/docs/providers/cloudstack/r/network_acl.html.markdown
index afead04ee..487d0fe90 100644
--- a/website/source/docs/providers/cloudstack/r/network_acl.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/network_acl.html.markdown
@@ -23,9 +23,12 @@ resource "cloudstack_network_acl" "default" {
The following arguments are supported:
-* `name` - (Required) The name of the ACL. Changing this forces a new resource to be created.
-* `description` - (Optional) The description of the ACL. Changing this forces a new resource to be created.
-* `vpc` - (Required) The name of the VPC to create this ACL for. Changing this forces a new resource to be created.
+* `name` - (Required) The name of the ACL. Changing this forces a new resource
+ to be created.
+* `description` - (Optional) The description of the ACL. Changing this forces a
+ new resource to be created.
+* `vpc` - (Required) The name of the VPC to create this ACL for. Changing this
+ forces a new resource to be created.
## Attributes Reference
diff --git a/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown b/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown
index 38f13520f..fb6b0891f 100644
--- a/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown
@@ -33,8 +33,12 @@ The following arguments are supported:
* `aclid` - (Required) The network ACL ID for which to create the rules.
Changing this forces a new resource to be created.
-* `rule` - (Required) Can be specified multiple times. Each rule block supports
- fields documented below.
+* `managed` - (Optional) USE WITH CAUTION! If enabled all the firewall rules for
+ this network ACL will be managed by this resource. This means it will delete
+ all firewall rules that are not in your config! (defaults false)
+
+* `rule` - (Optional) Can be specified multiple times. Each rule block supports
+ fields documented below. If `managed = false` at least one rule is required!
The `rule` block supports:
@@ -62,4 +66,4 @@ The `rule` block supports:
The following attributes are exported:
-* `aclid` - The ACL ID for which the rules are created.
+* `ID` - The ACL ID for which the rules are created.
diff --git a/website/source/layouts/cloudstack.erb b/website/source/layouts/cloudstack.erb
index 4c0a7f5b5..a0e137aae 100644
--- a/website/source/layouts/cloudstack.erb
+++ b/website/source/layouts/cloudstack.erb
@@ -17,6 +17,10 @@
cloudstack_disk
+ >
+ cloudstack_egress_firewall
+
+
>
cloudstack_firewall