github/terraform-provider-unifi
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
325d7b7f209a6238b6195f5a2d9c10b37b83c7d7
terraform-provider-unifi/docs/resources/firewall_rule.md
Chris Hasenpflug 8bfcf5b503 firewall_rule: Add enabled attribute (#63) 
* firewall_rule: Add enabled attribute

Resolves #62

* Add tests

* Update docs

---------

Co-authored-by: Joshua Spence <josh@spence.com.au>
2023-03-02 20:06:04 +11:00

3.4 KiB
Raw Blame History

page_title, subcategory, description
page_title subcategory description
unifi_firewall_rule Resource - terraform-provider-unifi unifi_firewall_rule manages an individual firewall rule on the gateway.

unifi_firewall_rule (Resource)

unifi_firewall_rule manages an individual firewall rule on the gateway.

Example Usage

variable "ip_address" {
  type = string
}

resource "unifi_firewall_rule" "drop_all" {
  name    = "drop all"
  action  = "drop"
  ruleset = "LAN_IN"

  rule_index = 2011

  protocol = "all"

  dst_address = var.ip_address
}

Schema

Required

  • action (String) The action of the firewall rule. Must be one of drop, accept, or reject.
  • name (String) The name of the firewall rule.
  • rule_index (Number) The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
  • ruleset (String) The ruleset for the rule. This is from the perspective of the security gateway. Must be one of WAN_IN, WAN_OUT, WAN_LOCAL, LAN_IN, LAN_OUT, LAN_LOCAL, GUEST_IN, GUEST_OUT, GUEST_LOCAL, WANv6_IN, WANv6_OUT, WANv6_LOCAL, LANv6_IN, LANv6_OUT, LANv6_LOCAL, GUESTv6_IN, GUESTv6_OUT, or GUESTv6_LOCAL.

Optional

  • dst_address (String) The destination address of the firewall rule.
  • dst_address_ipv6 (String) The IPv6 destination address of the firewall rule.
  • dst_firewall_group_ids (Set of String) The destination firewall group IDs of the firewall rule.
  • dst_network_id (String) The destination network ID of the firewall rule.
  • dst_network_type (String) The destination network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
  • dst_port (String) The destination port of the firewall rule.
  • enabled (Boolean) Specifies whether the rule should be enabled. Defaults to true.
  • icmp_typename (String) ICMP type name.
  • icmp_v6_typename (String) ICMPv6 type name.
  • ip_sec (String) Specify whether the rule matches on IPsec packets. Can be one of match-ipset or match-none.
  • logging (Boolean) Enable logging for the firewall rule.
  • protocol (String) The protocol of the rule.
  • protocol_v6 (String) The IPv6 protocol of the rule.
  • site (String) The name of the site to associate the firewall rule with.
  • src_address (String) The source address for the firewall rule.
  • src_address_ipv6 (String) The IPv6 source address for the firewall rule.
  • src_firewall_group_ids (Set of String) The source firewall group IDs for the firewall rule.
  • src_mac (String) The source MAC address of the firewall rule.
  • src_network_id (String) The source network ID for the firewall rule.
  • src_network_type (String) The source network type of the firewall rule. Can be one of ADDRv4 or NETv4. Defaults to NETv4.
  • src_port (String) The source port of the firewall rule.
  • state_established (Boolean) Match where the state is established.
  • state_invalid (Boolean) Match where the state is invalid.
  • state_new (Boolean) Match where the state is new.
  • state_related (Boolean) Match where the state is related.

Read-Only

  • id (String) The ID of the firewall rule.

Import

Import is supported using the following syntax:

# import using the ID from the controller API/UI
terraform import unifi_firewall_rule.my_rule 5f7080eb6b8969064f80494f
Reference in New Issue View Git Blame Copy Permalink