diff --git a/docs/resources/firewall_rule.md b/docs/resources/firewall_rule.md index 0a4d8c8..a2fad4f 100644 --- a/docs/resources/firewall_rule.md +++ b/docs/resources/firewall_rule.md @@ -48,6 +48,7 @@ resource "unifi_firewall_rule" "drop_all" { - **dst_network_id** (String) The destination network ID of the firewall rule. - **dst_network_type** (String) The destination network type of the firewall rule. Can be one of `ADDRv4` or `NETv4`. Defaults to `NETv4`. - **dst_port** (String) The destination port of the firewall rule. +- **icmp_typename** (String) The ICMP type name. - **ip_sec** (String) Specify whether the rule matches on IPsec packets. Can be one of `match-ipset` or `match-none`. - **logging** (Boolean) Enable logging for the firewall rule. - **site** (String) The name of the site to associate the firewall rule with. diff --git a/internal/provider/resource_firewall_rule.go b/internal/provider/resource_firewall_rule.go index 011db24..4f9a47c 100644 --- a/internal/provider/resource_firewall_rule.go +++ b/internal/provider/resource_firewall_rule.go @@ -68,6 +68,11 @@ func resourceFirewallRule() *schema.Resource { Required: true, ValidateFunc: validation.StringMatch(firewallRuleProtocolRegexp, "must be a valid protocol"), }, + "icmp_typename": { + Description: "ICMP type name.", + Type: schema.TypeString, + Optional: true, + }, // sources "src_network_id": { @@ -124,9 +129,9 @@ func resourceFirewallRule() *schema.Resource { Optional: true, }, "dst_port": { - Description: "The destination port of the firewall rule.", - Type: schema.TypeString, - Optional: true, + Description: "The destination port of the firewall rule.", + Type: schema.TypeString, + Optional: true, ValidateFunc: validatePortRange, }, @@ -207,6 +212,7 @@ func resourceFirewallRuleGetResourceData(d *schema.ResourceData) (*unifi.Firewal Ruleset: d.Get("ruleset").(string), RuleIndex: d.Get("rule_index").(int), Protocol: d.Get("protocol").(string), + ICMPTypename: d.Get("icmp_typename").(string), Logging: d.Get("logging").(bool), IPSec: d.Get("ip_sec").(string), StateEstablished: d.Get("state_established").(bool), @@ -235,6 +241,7 @@ func resourceFirewallRuleSetResourceData(resp *unifi.FirewallRule, d *schema.Res d.Set("ruleset", resp.Ruleset) d.Set("rule_index", resp.RuleIndex) d.Set("protocol", resp.Protocol) + d.Set("icmp_typename", resp.ICMPTypename) d.Set("logging", resp.Logging) d.Set("ip_sec", resp.IPSec) d.Set("state_established", resp.StateEstablished) diff --git a/internal/provider/resource_firewall_rule_test.go b/internal/provider/resource_firewall_rule_test.go index 00b3d50..9630685 100644 --- a/internal/provider/resource_firewall_rule_test.go +++ b/internal/provider/resource_firewall_rule_test.go @@ -36,6 +36,19 @@ func TestAccFirewallRule_dst_port(t *testing.T) { }) } +func TestAccFirewallRule_icmp(t *testing.T) { + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { preCheck(t) }, + ProviderFactories: providerFactories, + Steps: []resource.TestStep{ + { + Config: testAccFirewallRuleConfigWithICMP, + }, + importStep("unifi_firewall_rule.test"), + }, + }) +} + // func TestAccFirewallRule_firewall_group(t *testing.T) { // func TestAccFirewallRule_network(t *testing.T) { @@ -78,6 +91,19 @@ resource "unifi_firewall_rule" "test" { } ` +const testAccFirewallRuleConfigWithICMP = ` +resource "unifi_firewall_rule" "test" { + name = "tf acc" + action = "accept" + ruleset = "LAN_LOCAL" + + rule_index = 2011 + + protocol = "icmp" + icmp_typename = "echo-request" +} +` + // resource "unifi_firewall_rule" "can_print_drop" { // name = "[tf] can-print (drop all)" // action = "drop"