openstack_fw_rule_v2
This instruction is a copy of the official OpenStack Terraform provider's OpenStack Terraform documentation in the Terraform Registry.
Manages a v2 firewall rule resource within OpenStack.
Firewall v2 has no support for OVN currently.
Example Usage
resource "openstack_fw_rule_v2" "rule_2" {
name = "firewall_rule"
description = "drop TELNET traffic"
action = "deny"
protocol = "tcp"
destination_port = "23"
enabled = "true"
}
Argument Reference
The following arguments are supported:
-
region
— (Optional) The region in which to obtain the v2 networking client. A networking client is needed to create a firewall rule. If omitted, theregion
argument of the provider is used. Changing this creates a new firewall rule. -
name
— (Optional) A unique name for the firewall rule. Changing this updates thename
of an existing firewall rule. -
description
— (Optional) A description for the firewall rule. Changing this updates thedescription
of an existing firewall rule. -
tenant_id
— (Optional) — This argument conflicts and is interchangeable withproject_id
. The owner of the firewall rule. Required if admin wants to create a firewall rule for another tenant. Changing this creates a new firewall rule. -
project_id
— (Optional) — This argument conflicts and is interchangeable withtenant_id
. The owner of the firewall rule. Required if admin wants to create a firewall rule for another project. Changing this creates a new firewall rule. -
protocol
— (Optional; Required ifsource_port
ordestination_port
is not empty) The protocol type on which the firewall rule operates. Valid values are:tcp
,udp
,icmp
andany
. Changing this updates theprotocol
of an existing firewall rule. Default isany
. -
action
— (Optional) Action to be taken (must be "allow", "deny" or "reject") when the firewall rule matches. Changing this updates theaction
of an existing firewall rule. Default isdeny
. -
ip_version
— (Optional) IP version, either 4 or 6. Changing this updates theip_version
of an existing firewall rule. Default is4
. -
source_ip_address
— (Optional) The source IP address on which the firewall rule operates. Changing this updates thesource_ip_address
of an existing firewall rule. -
destination_ip_address
— (Optional) The destination IP address on which the firewall rule operates. Changing these updates thedestination_ip_address
of an existing firewall rule. -
source_port
— (Optional) The source port on which the firewall rule operates. Changing this updates thesource_port
of an existing firewall rule. Require notany
or empty protocol. -
destination_port
— (Optional) The destination port on which the firewall rule operates. Changing this updates thedestination_port
of an existing firewall rule. Require notany
or empty protocol. -
shared
— (Optional) Sharing status of the firewall rule (must be "true" or "false" if provided). If this is "true" the policy is visible to, and can be used in, firewalls in other tenants. Changing this updates theshared
status of an existing firewall policy. On -
enabled
— (Optional) Enabled status for the firewall rule (must be "true" or "false" if provided — defaults to "true"). Changing this updates theenabled
status of an existing firewall rule.
Attributes Reference
The following attributes are exported:
region
— See Argument Reference above.name
— See Argument Reference above.description
— See Argument Reference above.tenant_id
— See Argument Reference above.project_id
— See Argument Reference above.protocol
— See Argument Reference above.action
— See Argument Reference above.ip_version
— See Argument Reference above.source_ip_address
— See Argument Reference above.destination_ip_address
— See Argument Reference above.source_port
— See Argument Reference above.destination_port
— See Argument Reference above.shared
— See Argument Reference above.enabled
— See Argument Reference above.
Import
Firewall Rules can be imported using the id
, e.g.
$ terraform import openstack_fw_rule_v2.rule_1 8dbc0c28-e49c-463f-b712-5c5d1bbac327