Skip to main content
openstack_fw_rule_v2
Last update:

openstack_fw_rule_v2

For your information

This instruction is a copy of the official OpenStack Terraform provider's OpenStack Terraform documentation in the Terraform Registry.

Manages a v2 firewall rule resource within OpenStack.

Firewall v2 has no support for OVN currently.

Example Usage

resource "openstack_fw_rule_v2" "rule_2" {
name = "firewall_rule"
description = "drop TELNET traffic"
action = "deny"
protocol = "tcp"
destination_port = "23"
enabled = "true"
}

Argument Reference

The following arguments are supported:

  • region — (Optional) The region in which to obtain the v2 networking client. A networking client is needed to create a firewall rule. If omitted, theregion argument of the provider is used. Changing this creates a new firewall rule.

  • name — (Optional) A unique name for the firewall rule. Changing this updates the name of an existing firewall rule.

  • description — (Optional) A description for the firewall rule. Changing this updates the description of an existing firewall rule.

  • tenant_id — (Optional) — This argument conflicts and is interchangeable with project_id. The owner of the firewall rule. Required if admin wants to create a firewall rule for another tenant. Changing this creates a new firewall rule.

  • project_id — (Optional) — This argument conflicts and is interchangeable with tenant_id. The owner of the firewall rule. Required if admin wants to create a firewall rule for another project. Changing this creates a new firewall rule.

  • protocol — (Optional; Required if source_port or destination_port is not empty) The protocol type on which the firewall rule operates. Valid values are: tcp, udp, icmpand any. Changing this updates theprotocol of an existing firewall rule. Default is any.

  • action — (Optional) Action to be taken (must be "allow", "deny" or "reject") when the firewall rule matches. Changing this updates the action of an existing firewall rule. Default is deny.

  • ip_version — (Optional) IP version, either 4 or 6. Changing this updates the ip_version of an existing firewall rule. Default is 4.

  • source_ip_address — (Optional) The source IP address on which the firewall rule operates. Changing this updates the source_ip_address of an existing firewall rule.

  • destination_ip_address — (Optional) The destination IP address on which the firewall rule operates. Changing these updates the destination_ip_address of an existing firewall rule.

  • source_port — (Optional) The source port on which the firewall rule operates. Changing this updates the source_port of an existing firewall rule. Require not any or empty protocol.

  • destination_port — (Optional) The destination port on which the firewall rule operates. Changing this updates the destination_port of an existing firewall rule. Require not any or empty protocol.

  • shared — (Optional) Sharing status of the firewall rule (must be "true" or "false" if provided). If this is "true" the policy is visible to, and can be used in, firewalls in other tenants. Changing this updates theshared status of an existing firewall policy. On

  • enabled — (Optional) Enabled status for the firewall rule (must be "true" or "false" if provided — defaults to "true"). Changing this updates theenabled status of an existing firewall rule.

Attributes Reference

The following attributes are exported:

  • region — See Argument Reference above.
  • name — See Argument Reference above.
  • description — See Argument Reference above.
  • tenant_id — See Argument Reference above.
  • project_id — See Argument Reference above.
  • protocol — See Argument Reference above.
  • action — See Argument Reference above.
  • ip_version — See Argument Reference above.
  • source_ip_address — See Argument Reference above.
  • destination_ip_address — See Argument Reference above.
  • source_port — See Argument Reference above.
  • destination_port — See Argument Reference above.
  • shared — See Argument Reference above.
  • enabled — See Argument Reference above.

Import

Firewall Rules can be imported using the id, e.g.

$ terraform import openstack_fw_rule_v2.rule_1 8dbc0c28-e49c-463f-b712-5c5d1bbac327