MagicFirewallRuleset

Magic Firewall is a network-level firewall to protect networks that are onboarded to Cloudflare’s Magic Transit. This resource creates a root ruleset on the account level and contains one or more rules. Rules can be crafted in Wireshark syntax and are evaluated in order, with the first rule having the highest priority.

Example Usage

using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Cloudflare.MagicFirewallRuleset("example", new Cloudflare.MagicFirewallRulesetArgs
        {
            AccountId = "d41d8cd98f00b204e9800998ecf8427e",
            Description = "Global mitigations",
            Name = "Magic Transit Ruleset",
            Rules = 
            {
                
                {
                    { "action", "allow" },
                    { "description", "Allow TCP Ephemeral Ports" },
                    { "enabled", "true" },
                    { "expression", "tcp.dstport in { 32768..65535 }" },
                },
                
                {
                    { "action", "block" },
                    { "description", "Block all" },
                    { "enabled", "true" },
                    { "expression", "ip.len >= 0" },
                },
            },
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-cloudflare/sdk/v2/go/cloudflare"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := cloudflare.NewMagicFirewallRuleset(ctx, "example", &cloudflare.MagicFirewallRulesetArgs{
            AccountId:   pulumi.String("d41d8cd98f00b204e9800998ecf8427e"),
            Description: pulumi.String("Global mitigations"),
            Name:        pulumi.String("Magic Transit Ruleset"),
            Rules: pulumi.StringMapArray{
                pulumi.StringMap{
                    "action":      pulumi.String("allow"),
                    "description": pulumi.String("Allow TCP Ephemeral Ports"),
                    "enabled":     pulumi.String("true"),
                    "expression":  pulumi.String("tcp.dstport in { 32768..65535 }"),
                },
                pulumi.StringMap{
                    "action":      pulumi.String("block"),
                    "description": pulumi.String("Block all"),
                    "enabled":     pulumi.String("true"),
                    "expression":  pulumi.String("ip.len >= 0"),
                },
            },
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_cloudflare as cloudflare

example = cloudflare.MagicFirewallRuleset("example",
    account_id="d41d8cd98f00b204e9800998ecf8427e",
    description="Global mitigations",
    name="Magic Transit Ruleset",
    rules=[
        {
            "action": "allow",
            "description": "Allow TCP Ephemeral Ports",
            "enabled": "true",
            "expression": "tcp.dstport in { 32768..65535 }",
        },
        {
            "action": "block",
            "description": "Block all",
            "enabled": "true",
            "expression": "ip.len >= 0",
        },
    ])

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const example = new cloudflare.MagicFirewallRuleset("example", {
    accountId: "d41d8cd98f00b204e9800998ecf8427e",
    description: "Global mitigations",
    name: "Magic Transit Ruleset",
    rules: [
        {
            action: "allow",
            description: "Allow TCP Ephemeral Ports",
            enabled: "true",
            expression: "tcp.dstport in { 32768..65535 }",
        },
        {
            action: "block",
            description: "Block all",
            enabled: "true",
            expression: "ip.len >= 0",
        },
    ],
});

Create a MagicFirewallRuleset Resource

new MagicFirewallRuleset(name: string, args: MagicFirewallRulesetArgs, opts?: CustomResourceOptions);

def MagicFirewallRuleset(resource_name: str, opts: Optional[ResourceOptions] = None, account_id: Optional[str] = None, description: Optional[str] = None, name: Optional[str] = None, rules: Optional[Sequence[Mapping[str, str]]] = None)

func NewMagicFirewallRuleset(ctx *Context, name string, args MagicFirewallRulesetArgs, opts ...ResourceOption) (*MagicFirewallRuleset, error)

public MagicFirewallRuleset(string name, MagicFirewallRulesetArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args MagicFirewallRulesetArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args MagicFirewallRulesetArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args MagicFirewallRulesetArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

MagicFirewallRuleset Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The MagicFirewallRuleset resource accepts the following input properties:

AccountId string: The ID of the account where the ruleset is being created.
Name string: The name of the ruleset.
Description string: A note that can be used to annotate the rule.
Rules List<ImmutableDictionary<string, string>>

AccountId string: The ID of the account where the ruleset is being created.
Name string: The name of the ruleset.
Description string: A note that can be used to annotate the rule.
Rules []map[string]string

accountId string: The ID of the account where the ruleset is being created.
name string: The name of the ruleset.
description string: A note that can be used to annotate the rule.
rules {[key: string]: string}[]

account_id str: The ID of the account where the ruleset is being created.
name str: The name of the ruleset.
description str: A note that can be used to annotate the rule.
rules Sequence[Mapping[str, str]]

Outputs

All input properties are implicitly available as output properties. Additionally, the MagicFirewallRuleset resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing MagicFirewallRuleset Resource

Get an existing MagicFirewallRuleset resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: MagicFirewallRulesetState, opts?: CustomResourceOptions): MagicFirewallRuleset

@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, account_id: Optional[str] = None, description: Optional[str] = None, name: Optional[str] = None, rules: Optional[Sequence[Mapping[str, str]]] = None) -> MagicFirewallRuleset

func GetMagicFirewallRuleset(ctx *Context, name string, id IDInput, state *MagicFirewallRulesetState, opts ...ResourceOption) (*MagicFirewallRuleset, error)

public static MagicFirewallRuleset Get(string name, Input<string> id, MagicFirewallRulesetState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string: The ID of the account where the ruleset is being created.
Description string: A note that can be used to annotate the rule.
Name string: The name of the ruleset.
Rules List<ImmutableDictionary<string, string>>

AccountId string: The ID of the account where the ruleset is being created.
Description string: A note that can be used to annotate the rule.
Name string: The name of the ruleset.
Rules []map[string]string

accountId string: The ID of the account where the ruleset is being created.
description string: A note that can be used to annotate the rule.
name string: The name of the ruleset.
rules {[key: string]: string}[]

account_id str: The ID of the account where the ruleset is being created.
description str: A note that can be used to annotate the rule.
name str: The name of the ruleset.
rules Sequence[Mapping[str, str]]

Import

An existing Magic Firewall Ruleset can be imported using the account ID and ruleset ID

 $ pulumi import cloudflare:index/magicFirewallRuleset:MagicFirewallRuleset example d41d8cd98f00b204e9800998ecf8427e/cb029e245cfdd66dc8d2e570d5dd3322

Package Details

Repository: https://github.com/pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud