Skip to main content
openstack_fw_rule_v2
Last update:

openstack_fw_rule_v2

For your information

These instructions are a copy of the official OpenStack Terraform provider documentation in the Terraform Registry.

Manages a v2 firewall rule resource within OpenStack.

Firewall v2 has no support for OVN currently.

Example Usage

resource "openstack_fw_rule_v2" "rule_2" {
name = "firewall_rule"
description = "drop TELNET traffic"
action = "deny"
protocol = "tcp"
destination_port = "23"
enabled = "true"
}

Argument Reference

The following arguments are supported:

  • region — (Optional) The region in which to obtain the v2 networking client.A networking client is needed to create a firewall rule. If omitted, the region argument of the provider is used. Changing this creates a newfirewall rule.

  • name — (Optional) A unique name for the firewall rule. Changing thisupdates the name of an existing firewall rule.

  • description — (Optional) A description for the firewall rule. Changing thisupdates the description of an existing firewall rule.

  • tenant_id — (Optional) — This argument conflicts and is interchangeable with project_id. The owner of the firewall rule. Required if admin wantsto create a firewall rule for another tenant. Changing this creates a newfirewall rule.

  • project_id — (Optional) — This argument conflicts and is interchangeable with tenant_id. The owner of the firewall rule. Required if admin wantsto create a firewall rule for another project. Changing this creates a newfirewall rule.

  • protocol — (Optional; Required if source_port or destination_port is notempty) The protocol type on which the firewall rule operates.Valid values are: tcp, udp, icmp, and any. Changing this updates the protocol of an existing firewall rule. Default is any.

  • action — (Optional) Action to be taken (must be "allow", "deny" or "reject") when the firewall rule matches. Changing this updates the action of anexisting firewall rule. Default is deny.

  • ip_version — (Optional) IP version, either 4 or 6. Changing thisupdates the ip_version of an existing firewall rule. Default is 4.

  • source_ip_address — (Optional) The source IP address on which the firewallrule operates. Changing this updates the source_ip_address of an existingfirewall rule.

  • destination_ip_address — (Optional) The destination IP address on which thefirewall rule operates. Changing this updates the destination_ip_address of an existing firewall rule.

  • source_port — (Optional) The source port on which the firewallrule operates. Changing this updates the source_port of an existingfirewall rule. Require not any or empty protocol.

  • destination_port — (Optional) The destination port on which the firewallrule operates. Changing this updates the destination_port of an existingfirewall rule. Require not any or empty protocol.

  • shared — (Optional) Sharing status of the firewall rule (must be "true "or "false" if provided). If this is "true" the policy is visible to, andcan be used in, firewalls in other tenants. Changing this updates the shared status of an existing firewall policy. On

  • enabled — (Optional) Enabled status for the firewall rule (must be "true" or "false" if provided — defaults to "true"). Changing this updates the enabled status of an existing firewall rule.

Attributes Reference

The following attributes are exported:

  • region — See Argument Reference above.
  • name — See Argument Reference above.
  • description — See Argument Reference above.
  • tenant_id — See Argument Reference above.
  • project_id — See Argument Reference above.
  • protocol — See Argument Reference above.
  • action — See Argument Reference above.
  • ip_version — See Argument Reference above.
  • source_ip_address — See Argument Reference above.
  • destination_ip_address — See Argument Reference above.
  • source_port — See Argument Reference above.
  • destination_port — See Argument Reference above.
  • shared — See Argument Reference above.
  • enabled — See Argument Reference above.

Import

Firewall Rules can be imported using the id, e.g.

$ terraform import openstack_fw_rule_v2.rule_1 8dbc0c28-e49c-463f-b712-5c5d1bbac327