Skip to main content
openstack_fw_group_v2
Last update:

openstack_fw_group_v2

For your information

These instructions are a copy of the official OpenStack Terraform provider documentation in the Terraform Registry.

Manages a v2 firewall group resource within OpenStack.

Firewall v2 has no support for OVN currently.

Example Usage

resource "openstack_fw_rule_v2" "rule_1" {
name = "firewall_rule_2"
description = "drop TELNET traffic"
action = "deny"
protocol = "tcp"
destination_port = "23"
enabled = "true"
}

resource "openstack_fw_rule_v2" "rule_2" {
name = "firewall_rule_1"
description = "drop NTP traffic"
action = "deny"
protocol = "udp"
destination_port = "123"
enabled = "false"
}

resource "openstack_fw_policy_v2" "policy_1" {
name = "firewall_ingress_policy"

rules = [
openstack_fw_rule_v2.rule_1.id,
]
}

resource "openstack_fw_policy_v2" "policy_2" {
name = "firewall_egress_policy"

rules = [
openstack_fw_rule_v2.rule_2.id,
]
}

resource "openstack_fw_group_v2" "group_1" {
name = "firewall_group"
ingress_firewall_policy_id = openstack_fw_policy_v2.policy_1.id
egress_firewall_policy_id = openstack_fw_policy_v2.policy_2.id
}

Argument Reference

The following arguments are supported:

  • region — (Optional) The region in which to obtain the v2 networking client.A networking client is needed to create a firewall group. If omitted, the region argument of the provider is used. Changing this creates a newfirewall group.

  • name — (Optional) A name for the firewall group. Changing thisupdates the name of an existing firewall.

  • description — (Optional) A description for the firewall group. Changing thisupdates the description of an existing firewall group.

  • tenant_id — (Optional) — This argument conflicts and is interchangeable with project_id. The owner of the firewall group. Required if admin wants tocreate a firewall group for another tenant. Changing this creates a newfirewall group.

  • project_id — (Optional) — This argument conflicts andis interchangeablewith tenant_id. The owner of the firewall group. Required if admin wantsto create a firewall group for another project. Changing this creates a newfirewall group.

  • ingress_firewall_policy_id — (Optional) The ingress firewall policy resourceid for the firewall group. Changing this updates the ingress_firewall_policy_id of an existing firewall group.

  • egress_firewall_policy_id — (Optional) The egress firewall policy resourceid for the firewall group. Changing this updates the egress_firewall_policy_id of an existing firewall group.

  • admin_state_up — (Optional) Administrative up/down status for the firewallgroup (must be "true" or "false" if provided — defaults to "true").Changing this updates the admin_state_up of an existing firewall group.

  • ports — (Optional) Port(s) to associate this firewall groupwith. Must be a list of strings. Changing this updates the associated portssof an existing firewall group.

  • shared — (Optional) Sharing status of the firewall group (must be "true "or "false" if provided). If this is "true" the firewall group is visible to,and can be used in, firewalls in other tenants. Changing these updates the shared status of an existing firewall group. Only administrative userscan specify if the firewall group should be shared.

Attributes Reference

The following attributes are exported:

  • region — See Argument Reference above.
  • name — See Argument Reference above.
  • description — See Argument Reference above.
  • tenant_id — See Argument Reference above.
  • project_id — See Argument Reference above.
  • ingress_firewall_policy_id — See Argument Reference above.
  • egress_firewall_policy_id — See Argument Reference above.
  • admin_state_up — See Argument Reference above.
  • ports — See Argument Reference above.
  • shared — See Argument Reference above.
  • status — The status of the firewall group.

Import

Firewall groups can be imported using the id, e.g.

$ terraform import openstack_fw_group_v2.group_1 c9e39fb2-ce20-46c8-a964-25f3898c7a97