Firewall

Manages a Linode Firewall.

Example Usage

using Pulumi;
using Linode = Pulumi.Linode;

class MyStack : Stack
{
    public MyStack()
    {
        var myInstance = new Linode.Instance("myInstance", new Linode.InstanceArgs
        {
            Label = "my_instance",
            Image = "linode/ubuntu18.04",
            Region = "us-southeast",
            Type = "g6-standard-1",
            RootPass = "bogusPassword$",
            SwapSize = 256,
        });
        var myFirewall = new Linode.Firewall("myFirewall", new Linode.FirewallArgs
        {
            Label = "my_firewall",
            Tags = 
            {
                "test",
            },
            Inbounds = 
            {
                new Linode.Inputs.FirewallInboundArgs
                {
                    Label = "allow-http",
                    Action = "ACCEPT",
                    Protocol = "TCP",
                    Ports = "80",
                    Ipv4s = 
                    {
                        "0.0.0.0/0",
                    },
                    Ipv6s = 
                    {
                        "::/0",
                    },
                },
                new Linode.Inputs.FirewallInboundArgs
                {
                    Label = "allow-https",
                    Action = "ACCEPT",
                    Protocol = "TCP",
                    Ports = "443",
                    Ipv4s = 
                    {
                        "0.0.0.0/0",
                    },
                    Ipv6s = 
                    {
                        "::/0",
                    },
                },
            },
            InboundPolicy = "DROP",
            Outbounds = 
            {
                new Linode.Inputs.FirewallOutboundArgs
                {
                    Label = "reject-http",
                    Action = "DROP",
                    Protocol = "TCP",
                    Ports = "80",
                    Ipv4s = 
                    {
                        "0.0.0.0/0",
                    },
                    Ipv6s = 
                    {
                        "::/0",
                    },
                },
                new Linode.Inputs.FirewallOutboundArgs
                {
                    Label = "reject-https",
                    Action = "DROP",
                    Protocol = "TCP",
                    Ports = "443",
                    Ipv4s = 
                    {
                        "0.0.0.0/0",
                    },
                    Ipv6s = 
                    {
                        "::/0",
                    },
                },
            },
            OutboundPolicy = "ACCEPT",
            Linodes = 
            {
                myInstance.Id,
            },
        });
    }

}

Coming soon!

import pulumi
import pulumi_linode as linode

my_instance = linode.Instance("myInstance",
    label="my_instance",
    image="linode/ubuntu18.04",
    region="us-southeast",
    type="g6-standard-1",
    root_pass="bogusPassword$",
    swap_size=256)
my_firewall = linode.Firewall("myFirewall",
    label="my_firewall",
    tags=["test"],
    inbounds=[
        linode.FirewallInboundArgs(
            label="allow-http",
            action="ACCEPT",
            protocol="TCP",
            ports="80",
            ipv4s=["0.0.0.0/0"],
            ipv6s=["::/0"],
        ),
        linode.FirewallInboundArgs(
            label="allow-https",
            action="ACCEPT",
            protocol="TCP",
            ports="443",
            ipv4s=["0.0.0.0/0"],
            ipv6s=["::/0"],
        ),
    ],
    inbound_policy="DROP",
    outbounds=[
        linode.FirewallOutboundArgs(
            label="reject-http",
            action="DROP",
            protocol="TCP",
            ports="80",
            ipv4s=["0.0.0.0/0"],
            ipv6s=["::/0"],
        ),
        linode.FirewallOutboundArgs(
            label="reject-https",
            action="DROP",
            protocol="TCP",
            ports="443",
            ipv4s=["0.0.0.0/0"],
            ipv6s=["::/0"],
        ),
    ],
    outbound_policy="ACCEPT",
    linodes=[my_instance.id])
import * as pulumi from "@pulumi/pulumi";
import * as linode from "@pulumi/linode";

const myInstance = new linode.Instance("myInstance", {
    label: "my_instance",
    image: "linode/ubuntu18.04",
    region: "us-southeast",
    type: "g6-standard-1",
    rootPass: `bogusPassword$`,
    swapSize: 256,
});
const myFirewall = new linode.Firewall("myFirewall", {
    label: "my_firewall",
    tags: ["test"],
    inbounds: [
        {
            label: "allow-http",
            action: "ACCEPT",
            protocol: "TCP",
            ports: "80",
            ipv4s: ["0.0.0.0/0"],
            ipv6s: ["::/0"],
        },
        {
            label: "allow-https",
            action: "ACCEPT",
            protocol: "TCP",
            ports: "443",
            ipv4s: ["0.0.0.0/0"],
            ipv6s: ["::/0"],
        },
    ],
    inboundPolicy: "DROP",
    outbounds: [
        {
            label: "reject-http",
            action: "DROP",
            protocol: "TCP",
            ports: "80",
            ipv4s: ["0.0.0.0/0"],
            ipv6s: ["::/0"],
        },
        {
            label: "reject-https",
            action: "DROP",
            protocol: "TCP",
            ports: "443",
            ipv4s: ["0.0.0.0/0"],
            ipv6s: ["::/0"],
        },
    ],
    outboundPolicy: "ACCEPT",
    linodes: [myInstance.id],
});

Create a Firewall Resource

new Firewall(name: string, args: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             disabled: Optional[bool] = None,
             inbound_policy: Optional[str] = None,
             inbounds: Optional[Sequence[FirewallInboundArgs]] = None,
             label: Optional[str] = None,
             linodes: Optional[Sequence[int]] = None,
             outbound_policy: Optional[str] = None,
             outbounds: Optional[Sequence[FirewallOutboundArgs]] = None,
             tags: Optional[Sequence[str]] = None)
@overload
def Firewall(resource_name: str,
             args: FirewallArgs,
             opts: Optional[ResourceOptions] = None)
func NewFirewall(ctx *Context, name string, args FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Firewall resource accepts the following input properties:

InboundPolicy string
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (ACCEPT, DROP)
Label string
Used to identify this rule. For display purposes only.
OutboundPolicy string
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (ACCEPT, DROP)
Disabled bool
If true, the Firewall’s rules are not enforced (defaults to false).
Inbounds List<FirewallInboundArgs>
A firewall rule that specifies what inbound network traffic is allowed.
Linodes List<int>
A list of IDs of Linodes this Firewall should govern it’s network traffic for.
Outbounds List<FirewallOutboundArgs>
A firewall rule that specifies what outbound network traffic is allowed.
Tags List<string>
A list of tags applied to the Kubernetes cluster. Tags are for organizational purposes only.
InboundPolicy string
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (ACCEPT, DROP)
Label string
Used to identify this rule. For display purposes only.
OutboundPolicy string
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (ACCEPT, DROP)
Disabled bool
If true, the Firewall’s rules are not enforced (defaults to false).
Inbounds []FirewallInboundArgs
A firewall rule that specifies what inbound network traffic is allowed.
Linodes []int
A list of IDs of Linodes this Firewall should govern it’s network traffic for.
Outbounds []FirewallOutboundArgs
A firewall rule that specifies what outbound network traffic is allowed.
Tags []string
A list of tags applied to the Kubernetes cluster. Tags are for organizational purposes only.
inboundPolicy string
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (ACCEPT, DROP)
label string
Used to identify this rule. For display purposes only.
outboundPolicy string
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (ACCEPT, DROP)
disabled boolean
If true, the Firewall’s rules are not enforced (defaults to false).
inbounds FirewallInboundArgs[]
A firewall rule that specifies what inbound network traffic is allowed.
linodes number[]
A list of IDs of Linodes this Firewall should govern it’s network traffic for.
outbounds FirewallOutboundArgs[]
A firewall rule that specifies what outbound network traffic is allowed.
tags string[]
A list of tags applied to the Kubernetes cluster. Tags are for organizational purposes only.
inbound_policy str
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (ACCEPT, DROP)
label str
Used to identify this rule. For display purposes only.
outbound_policy str
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (ACCEPT, DROP)
disabled bool
If true, the Firewall’s rules are not enforced (defaults to false).
inbounds Sequence[FirewallInboundArgs]
A firewall rule that specifies what inbound network traffic is allowed.
linodes Sequence[int]
A list of IDs of Linodes this Firewall should govern it’s network traffic for.
outbounds Sequence[FirewallOutboundArgs]
A firewall rule that specifies what outbound network traffic is allowed.
tags Sequence[str]
A list of tags applied to the Kubernetes cluster. Tags are for organizational purposes only.

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

Devices List<FirewallDevice>
The devices associated with this firewall.
Id string
The provider-assigned unique ID for this managed resource.
Status string
The status of the Firewall.
Devices []FirewallDevice
The devices associated with this firewall.
Id string
The provider-assigned unique ID for this managed resource.
Status string
The status of the Firewall.
devices FirewallDevice[]
The devices associated with this firewall.
id string
The provider-assigned unique ID for this managed resource.
status string
The status of the Firewall.
devices Sequence[FirewallDevice]
The devices associated with this firewall.
id str
The provider-assigned unique ID for this managed resource.
status str
The status of the Firewall.

Look up an Existing Firewall Resource

Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        devices: Optional[Sequence[FirewallDeviceArgs]] = None,
        disabled: Optional[bool] = None,
        inbound_policy: Optional[str] = None,
        inbounds: Optional[Sequence[FirewallInboundArgs]] = None,
        label: Optional[str] = None,
        linodes: Optional[Sequence[int]] = None,
        outbound_policy: Optional[str] = None,
        outbounds: Optional[Sequence[FirewallOutboundArgs]] = None,
        status: Optional[str] = None,
        tags: Optional[Sequence[str]] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Devices List<FirewallDeviceArgs>
The devices associated with this firewall.
Disabled bool
If true, the Firewall’s rules are not enforced (defaults to false).
InboundPolicy string
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (ACCEPT, DROP)
Inbounds List<FirewallInboundArgs>
A firewall rule that specifies what inbound network traffic is allowed.
Label string
Used to identify this rule. For display purposes only.
Linodes List<int>
A list of IDs of Linodes this Firewall should govern it’s network traffic for.
OutboundPolicy string
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (ACCEPT, DROP)
Outbounds List<FirewallOutboundArgs>
A firewall rule that specifies what outbound network traffic is allowed.
Status string
The status of the Firewall.
Tags List<string>
A list of tags applied to the Kubernetes cluster. Tags are for organizational purposes only.
Devices []FirewallDeviceArgs
The devices associated with this firewall.
Disabled bool
If true, the Firewall’s rules are not enforced (defaults to false).
InboundPolicy string
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (ACCEPT, DROP)
Inbounds []FirewallInboundArgs
A firewall rule that specifies what inbound network traffic is allowed.
Label string
Used to identify this rule. For display purposes only.
Linodes []int
A list of IDs of Linodes this Firewall should govern it’s network traffic for.
OutboundPolicy string
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (ACCEPT, DROP)
Outbounds []FirewallOutboundArgs
A firewall rule that specifies what outbound network traffic is allowed.
Status string
The status of the Firewall.
Tags []string
A list of tags applied to the Kubernetes cluster. Tags are for organizational purposes only.
devices FirewallDeviceArgs[]
The devices associated with this firewall.
disabled boolean
If true, the Firewall’s rules are not enforced (defaults to false).
inboundPolicy string
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (ACCEPT, DROP)
inbounds FirewallInboundArgs[]
A firewall rule that specifies what inbound network traffic is allowed.
label string
Used to identify this rule. For display purposes only.
linodes number[]
A list of IDs of Linodes this Firewall should govern it’s network traffic for.
outboundPolicy string
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (ACCEPT, DROP)
outbounds FirewallOutboundArgs[]
A firewall rule that specifies what outbound network traffic is allowed.
status string
The status of the Firewall.
tags string[]
A list of tags applied to the Kubernetes cluster. Tags are for organizational purposes only.
devices Sequence[FirewallDeviceArgs]
The devices associated with this firewall.
disabled bool
If true, the Firewall’s rules are not enforced (defaults to false).
inbound_policy str
The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (ACCEPT, DROP)
inbounds Sequence[FirewallInboundArgs]
A firewall rule that specifies what inbound network traffic is allowed.
label str
Used to identify this rule. For display purposes only.
linodes Sequence[int]
A list of IDs of Linodes this Firewall should govern it’s network traffic for.
outbound_policy str
The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (ACCEPT, DROP)
outbounds Sequence[FirewallOutboundArgs]
A firewall rule that specifies what outbound network traffic is allowed.
status str
The status of the Firewall.
tags Sequence[str]
A list of tags applied to the Kubernetes cluster. Tags are for organizational purposes only.

Supporting Types

FirewallDevice

EntityId int
The ID of the underlying entity this device references (i.e. the Linode’s ID).
Id int
The ID of the Firewall Device.
Label string
Used to identify this rule. For display purposes only.
Type string
The type of Firewall Device.
Url string
EntityId int
The ID of the underlying entity this device references (i.e. the Linode’s ID).
Id int
The ID of the Firewall Device.
Label string
Used to identify this rule. For display purposes only.
Type string
The type of Firewall Device.
Url string
entityId number
The ID of the underlying entity this device references (i.e. the Linode’s ID).
id number
The ID of the Firewall Device.
label string
Used to identify this rule. For display purposes only.
type string
The type of Firewall Device.
url string
entity_id int
The ID of the underlying entity this device references (i.e. the Linode’s ID).
id int
The ID of the Firewall Device.
label str
Used to identify this rule. For display purposes only.
type str
The type of Firewall Device.
url str

FirewallInbound

Action string
Controls whether traffic is accepted or dropped by this rule (ACCEPT, DROP). Overrides the Firewall’s inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.
Label string
Used to identify this rule. For display purposes only.
Protocol string
The network protocol this rule controls. (TCP, UDP, ICMP)
Ipv4s List<string>
A list of IPv4 addresses or networks. Must be in IP/mask format.
Ipv6s List<string>
A list of IPv6 addresses or networks. Must be in IP/mask format.
Ports string
A string representation of ports and/or port ranges (i.e. “443” or “80-90, 91”).
Action string
Controls whether traffic is accepted or dropped by this rule (ACCEPT, DROP). Overrides the Firewall’s inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.
Label string
Used to identify this rule. For display purposes only.
Protocol string
The network protocol this rule controls. (TCP, UDP, ICMP)
Ipv4s []string
A list of IPv4 addresses or networks. Must be in IP/mask format.
Ipv6s []string
A list of IPv6 addresses or networks. Must be in IP/mask format.
Ports string
A string representation of ports and/or port ranges (i.e. “443” or “80-90, 91”).
action string
Controls whether traffic is accepted or dropped by this rule (ACCEPT, DROP). Overrides the Firewall’s inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.
label string
Used to identify this rule. For display purposes only.
protocol string
The network protocol this rule controls. (TCP, UDP, ICMP)
ipv4s string[]
A list of IPv4 addresses or networks. Must be in IP/mask format.
ipv6s string[]
A list of IPv6 addresses or networks. Must be in IP/mask format.
ports string
A string representation of ports and/or port ranges (i.e. “443” or “80-90, 91”).
action str
Controls whether traffic is accepted or dropped by this rule (ACCEPT, DROP). Overrides the Firewall’s inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.
label str
Used to identify this rule. For display purposes only.
protocol str
The network protocol this rule controls. (TCP, UDP, ICMP)
ipv4s Sequence[str]
A list of IPv4 addresses or networks. Must be in IP/mask format.
ipv6s Sequence[str]
A list of IPv6 addresses or networks. Must be in IP/mask format.
ports str
A string representation of ports and/or port ranges (i.e. “443” or “80-90, 91”).

FirewallOutbound

Action string
Controls whether traffic is accepted or dropped by this rule (ACCEPT, DROP). Overrides the Firewall’s inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.
Label string
Used to identify this rule. For display purposes only.
Protocol string
The network protocol this rule controls. (TCP, UDP, ICMP)
Ipv4s List<string>
A list of IPv4 addresses or networks. Must be in IP/mask format.
Ipv6s List<string>
A list of IPv6 addresses or networks. Must be in IP/mask format.
Ports string
A string representation of ports and/or port ranges (i.e. “443” or “80-90, 91”).
Action string
Controls whether traffic is accepted or dropped by this rule (ACCEPT, DROP). Overrides the Firewall’s inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.
Label string
Used to identify this rule. For display purposes only.
Protocol string
The network protocol this rule controls. (TCP, UDP, ICMP)
Ipv4s []string
A list of IPv4 addresses or networks. Must be in IP/mask format.
Ipv6s []string
A list of IPv6 addresses or networks. Must be in IP/mask format.
Ports string
A string representation of ports and/or port ranges (i.e. “443” or “80-90, 91”).
action string
Controls whether traffic is accepted or dropped by this rule (ACCEPT, DROP). Overrides the Firewall’s inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.
label string
Used to identify this rule. For display purposes only.
protocol string
The network protocol this rule controls. (TCP, UDP, ICMP)
ipv4s string[]
A list of IPv4 addresses or networks. Must be in IP/mask format.
ipv6s string[]
A list of IPv6 addresses or networks. Must be in IP/mask format.
ports string
A string representation of ports and/or port ranges (i.e. “443” or “80-90, 91”).
action str
Controls whether traffic is accepted or dropped by this rule (ACCEPT, DROP). Overrides the Firewall’s inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.
label str
Used to identify this rule. For display purposes only.
protocol str
The network protocol this rule controls. (TCP, UDP, ICMP)
ipv4s Sequence[str]
A list of IPv4 addresses or networks. Must be in IP/mask format.
ipv6s Sequence[str]
A list of IPv6 addresses or networks. Must be in IP/mask format.
ports str
A string representation of ports and/or port ranges (i.e. “443” or “80-90, 91”).

Import

Firewalls can be imported using the id, e.g.

 $ pulumi import linode:index/firewall:Firewall my_firewall 12345

Package Details

Repository
https://github.com/pulumi/pulumi-linode
License
Apache-2.0
Notes
This Pulumi package is based on the linode Terraform Provider.