openstack_fw_rule_v2
These instructions are a copy of the official OpenStack Terraform provider documentation in the Terraform Registry.
Manages a v2 firewall rule resource within OpenStack.
Firewall v2 has no support for OVN currently.
Example Usage
resource "openstack_fw_rule_v2" "rule_2" {
name = "firewall_rule"
description = "drop TELNET traffic"
action = "deny"
protocol = "tcp"
destination_port = "23"
enabled = "true"
}
Argument Reference
The following arguments are supported:
-
region— (Optional) The region in which to obtain the v2 networking client.A networking client is needed to create a firewall rule. If omitted, theregionargument of the provider is used. Changing this creates a newfirewall rule. -
name— (Optional) A unique name for the firewall rule. Changing thisupdates thenameof an existing firewall rule. -
description— (Optional) A description for the firewall rule. Changing thisupdates thedescriptionof an existing firewall rule. -
tenant_id— (Optional) — This argument conflicts and is interchangeable withproject_id. The owner of the firewall rule. Required if admin wantsto create a firewall rule for another tenant. Changing this creates a newfirewall rule. -
project_id— (Optional) — This argument conflicts and is interchangeable withtenant_id. The owner of the firewall rule. Required if admin wantsto create a firewall rule for another project. Changing this creates a newfirewall rule. -
protocol— (Optional; Required ifsource_portordestination_portis notempty) The protocol type on which the firewall rule operates.Valid values are:tcp,udp,icmp, andany. Changing this updates theprotocolof an existing firewall rule. Default isany. -
action— (Optional) Action to be taken (must be "allow", "deny" or "reject") when the firewall rule matches. Changing this updates theactionof anexisting firewall rule. Default isdeny. -
ip_version— (Optional) IP version, either 4 or 6. Changing thisupdates theip_versionof an existing firewall rule. Default is4. -
source_ip_address— (Optional) The source IP address on which the firewallrule operates. Changing this updates thesource_ip_addressof an existingfirewall rule. -
destination_ip_address— (Optional) The destination IP address on which thefirewall rule operates. Changing this updates thedestination_ip_addressof an existing firewall rule. -
source_port— (Optional) The source port on which the firewallrule operates. Changing this updates thesource_portof an existingfirewall rule. Require notanyor empty protocol. -
destination_port— (Optional) The destination port on which the firewallrule operates. Changing this updates thedestination_portof an existingfirewall rule. Require notanyor empty protocol. -
shared— (Optional) Sharing status of the firewall rule (must be "true "or "false" if provided). If this is "true" the policy is visible to, andcan be used in, firewalls in other tenants. Changing this updates thesharedstatus of an existing firewall policy. On -
enabled— (Optional) Enabled status for the firewall rule (must be "true" or "false" if provided — defaults to "true"). Changing this updates theenabledstatus of an existing firewall rule.
Attributes Reference
The following attributes are exported:
region— See Argument Reference above.name— See Argument Reference above.description— See Argument Reference above.tenant_id— See Argument Reference above.project_id— See Argument Reference above.protocol— See Argument Reference above.action— See Argument Reference above.ip_version— See Argument Reference above.source_ip_address— See Argument Reference above.destination_ip_address— See Argument Reference above.source_port— See Argument Reference above.destination_port— See Argument Reference above.shared— See Argument Reference above.enabled— See Argument Reference above.
Import
Firewall Rules can be imported using the id, e.g.
$ terraform import openstack_fw_rule_v2.rule_1 8dbc0c28-e49c-463f-b712-5c5d1bbac327