Docs
Packages
Aviatrix v0.0.10, Jan 21 23
Aviatrix v0.0.10, Jan 21 23
aviatrix.AviatrixFirewall
Explore with Pulumi AI
Import
firewall can be imported using the gw_name, e.g.
$ pulumi import aviatrix:index/aviatrixFirewall:AviatrixFirewall test gw_name
Example Usage
using System.Collections.Generic;
using Pulumi;
using Aviatrix = Pulumi.Aviatrix;
return await Deployment.RunAsync(() =>
{
// Create an Aviatrix Firewall
var statefulFirewall1 = new Aviatrix.AviatrixFirewall("statefulFirewall1", new()
{
BaseLogEnabled = true,
BasePolicy = "allow-all",
GwName = "gateway-1",
ManageFirewallPolicies = false,
});
});
package main
import (
"github.com/astipkovits/pulumi-aviatrix/sdk/go/aviatrix"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := aviatrix.NewAviatrixFirewall(ctx, "statefulFirewall1", &aviatrix.AviatrixFirewallArgs{
BaseLogEnabled: pulumi.Bool(true),
BasePolicy: pulumi.String("allow-all"),
GwName: pulumi.String("gateway-1"),
ManageFirewallPolicies: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aviatrix.AviatrixFirewall;
import com.pulumi.aviatrix.AviatrixFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var statefulFirewall1 = new AviatrixFirewall("statefulFirewall1", AviatrixFirewallArgs.builder()
.baseLogEnabled(true)
.basePolicy("allow-all")
.gwName("gateway-1")
.manageFirewallPolicies(false)
.build());
}
}
import pulumi
import pulumi_aviatrix as aviatrix
# Create an Aviatrix Firewall
stateful_firewall1 = aviatrix.AviatrixFirewall("statefulFirewall1",
base_log_enabled=True,
base_policy="allow-all",
gw_name="gateway-1",
manage_firewall_policies=False)
import * as pulumi from "@pulumi/pulumi";
import * as aviatrix from "@pulumi/aviatrix";
// Create an Aviatrix Firewall
const statefulFirewall1 = new aviatrix.AviatrixFirewall("stateful_firewall_1", {
baseLogEnabled: true,
basePolicy: "allow-all",
gwName: "gateway-1",
manageFirewallPolicies: false,
});
resources:
# Create an Aviatrix Firewall
statefulFirewall1:
type: aviatrix:AviatrixFirewall
properties:
baseLogEnabled: true
basePolicy: allow-all
gwName: gateway-1
manageFirewallPolicies: false
using System.Collections.Generic;
using Pulumi;
using Aviatrix = Pulumi.Aviatrix;
return await Deployment.RunAsync(() =>
{
// Create an Aviatrix Firewall with in-line rules
var statefulFirewall1 = new Aviatrix.AviatrixFirewall("statefulFirewall1", new()
{
GwName = "gateway-1",
BasePolicy = "allow-all",
BaseLogEnabled = true,
Policies = new[]
{
new Aviatrix.Inputs.AviatrixFirewallPolicyArgs
{
Protocol = "all",
SrcIp = "10.17.0.224/32",
LogEnabled = true,
DstIp = "10.12.0.172/32",
Action = "force-drop",
Port = "0:65535",
Description = "first_policy",
},
new Aviatrix.Inputs.AviatrixFirewallPolicyArgs
{
Protocol = "tcp",
SrcIp = "10.16.0.224/32",
LogEnabled = false,
DstIp = "10.12.1.172/32",
Action = "force-drop",
Port = "325",
Description = "second_policy",
},
new Aviatrix.Inputs.AviatrixFirewallPolicyArgs
{
Protocol = "udp",
SrcIp = "10.14.0.225/32",
LogEnabled = false,
DstIp = "10.13.1.173/32",
Action = "deny",
Port = "325",
Description = "third_policy",
},
new Aviatrix.Inputs.AviatrixFirewallPolicyArgs
{
Protocol = "tcp",
SrcIp = aviatrix_firewall_tag.Test.Firewall_tag,
LogEnabled = false,
DstIp = "10.13.1.173/32",
Action = "deny",
Port = "325",
Description = "fourth_policy",
},
},
});
});
package main
import (
"github.com/astipkovits/pulumi-aviatrix/sdk/go/aviatrix"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := aviatrix.NewAviatrixFirewall(ctx, "statefulFirewall1", &aviatrix.AviatrixFirewallArgs{
GwName: pulumi.String("gateway-1"),
BasePolicy: pulumi.String("allow-all"),
BaseLogEnabled: pulumi.Bool(true),
Policies: AviatrixFirewallPolicyTypeArray{
&AviatrixFirewallPolicyTypeArgs{
Protocol: pulumi.String("all"),
SrcIp: pulumi.String("10.17.0.224/32"),
LogEnabled: pulumi.Bool(true),
DstIp: pulumi.String("10.12.0.172/32"),
Action: pulumi.String("force-drop"),
Port: pulumi.String("0:65535"),
Description: pulumi.String("first_policy"),
},
&AviatrixFirewallPolicyTypeArgs{
Protocol: pulumi.String("tcp"),
SrcIp: pulumi.String("10.16.0.224/32"),
LogEnabled: pulumi.Bool(false),
DstIp: pulumi.String("10.12.1.172/32"),
Action: pulumi.String("force-drop"),
Port: pulumi.String("325"),
Description: pulumi.String("second_policy"),
},
&AviatrixFirewallPolicyTypeArgs{
Protocol: pulumi.String("udp"),
SrcIp: pulumi.String("10.14.0.225/32"),
LogEnabled: pulumi.Bool(false),
DstIp: pulumi.String("10.13.1.173/32"),
Action: pulumi.String("deny"),
Port: pulumi.String("325"),
Description: pulumi.String("third_policy"),
},
&AviatrixFirewallPolicyTypeArgs{
Protocol: pulumi.String("tcp"),
SrcIp: pulumi.Any(aviatrix_firewall_tag.Test.Firewall_tag),
LogEnabled: pulumi.Bool(false),
DstIp: pulumi.String("10.13.1.173/32"),
Action: pulumi.String("deny"),
Port: pulumi.String("325"),
Description: pulumi.String("fourth_policy"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aviatrix.AviatrixFirewall;
import com.pulumi.aviatrix.AviatrixFirewallArgs;
import com.pulumi.aviatrix.inputs.AviatrixFirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var statefulFirewall1 = new AviatrixFirewall("statefulFirewall1", AviatrixFirewallArgs.builder()
.gwName("gateway-1")
.basePolicy("allow-all")
.baseLogEnabled(true)
.policies(
AviatrixFirewallPolicyArgs.builder()
.protocol("all")
.srcIp("10.17.0.224/32")
.logEnabled(true)
.dstIp("10.12.0.172/32")
.action("force-drop")
.port("0:65535")
.description("first_policy")
.build(),
AviatrixFirewallPolicyArgs.builder()
.protocol("tcp")
.srcIp("10.16.0.224/32")
.logEnabled(false)
.dstIp("10.12.1.172/32")
.action("force-drop")
.port("325")
.description("second_policy")
.build(),
AviatrixFirewallPolicyArgs.builder()
.protocol("udp")
.srcIp("10.14.0.225/32")
.logEnabled(false)
.dstIp("10.13.1.173/32")
.action("deny")
.port("325")
.description("third_policy")
.build(),
AviatrixFirewallPolicyArgs.builder()
.protocol("tcp")
.srcIp(aviatrix_firewall_tag.test().firewall_tag())
.logEnabled(false)
.dstIp("10.13.1.173/32")
.action("deny")
.port("325")
.description("fourth_policy")
.build())
.build());
}
}
import pulumi
import pulumi_aviatrix as aviatrix
# Create an Aviatrix Firewall with in-line rules
stateful_firewall1 = aviatrix.AviatrixFirewall("statefulFirewall1",
gw_name="gateway-1",
base_policy="allow-all",
base_log_enabled=True,
policies=[
aviatrix.AviatrixFirewallPolicyArgs(
protocol="all",
src_ip="10.17.0.224/32",
log_enabled=True,
dst_ip="10.12.0.172/32",
action="force-drop",
port="0:65535",
description="first_policy",
),
aviatrix.AviatrixFirewallPolicyArgs(
protocol="tcp",
src_ip="10.16.0.224/32",
log_enabled=False,
dst_ip="10.12.1.172/32",
action="force-drop",
port="325",
description="second_policy",
),
aviatrix.AviatrixFirewallPolicyArgs(
protocol="udp",
src_ip="10.14.0.225/32",
log_enabled=False,
dst_ip="10.13.1.173/32",
action="deny",
port="325",
description="third_policy",
),
aviatrix.AviatrixFirewallPolicyArgs(
protocol="tcp",
src_ip=aviatrix_firewall_tag["test"]["firewall_tag"],
log_enabled=False,
dst_ip="10.13.1.173/32",
action="deny",
port="325",
description="fourth_policy",
),
])
import * as pulumi from "@pulumi/pulumi";
import * as aviatrix from "@astipkovits/aviatrix";
// Create an Aviatrix Firewall with in-line rules
const statefulFirewall1 = new aviatrix.AviatrixFirewall("statefulFirewall1", {
gwName: "gateway-1",
basePolicy: "allow-all",
baseLogEnabled: true,
policies: [
{
protocol: "all",
srcIp: "10.17.0.224/32",
logEnabled: true,
dstIp: "10.12.0.172/32",
action: "force-drop",
port: "0:65535",
description: "first_policy",
},
{
protocol: "tcp",
srcIp: "10.16.0.224/32",
logEnabled: false,
dstIp: "10.12.1.172/32",
action: "force-drop",
port: "325",
description: "second_policy",
},
{
protocol: "udp",
srcIp: "10.14.0.225/32",
logEnabled: false,
dstIp: "10.13.1.173/32",
action: "deny",
port: "325",
description: "third_policy",
},
{
protocol: "tcp",
srcIp: aviatrix_firewall_tag.test.firewall_tag,
logEnabled: false,
dstIp: "10.13.1.173/32",
action: "deny",
port: "325",
description: "fourth_policy",
},
],
});
resources:
# Create an Aviatrix Firewall with in-line rules
statefulFirewall1:
type: aviatrix:AviatrixFirewall
properties:
gwName: gateway-1
basePolicy: allow-all
baseLogEnabled: true
policies:
- protocol: all
srcIp: 10.17.0.224/32
logEnabled: true
dstIp: 10.12.0.172/32
action: force-drop
port: 0:65535
description: first_policy
- protocol: tcp
srcIp: 10.16.0.224/32
logEnabled: false
dstIp: 10.12.1.172/32
action: force-drop
port: '325'
description: second_policy
- protocol: udp
srcIp: 10.14.0.225/32
logEnabled: false
dstIp: 10.13.1.173/32
action: deny
port: '325'
description: third_policy
- protocol: tcp
srcIp: ${aviatrix_firewall_tag.test.firewall_tag}
logEnabled: false
dstIp: 10.13.1.173/32
action: deny
port: '325'
description: fourth_policy
Create AviatrixFirewall Resource
new AviatrixFirewall(name: string, args: AviatrixFirewallArgs, opts?: CustomResourceOptions);@overload
def AviatrixFirewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
base_log_enabled: Optional[bool] = None,
base_policy: Optional[str] = None,
gw_name: Optional[str] = None,
manage_firewall_policies: Optional[bool] = None,
policies: Optional[Sequence[AviatrixFirewallPolicyArgs]] = None)
@overload
def AviatrixFirewall(resource_name: str,
args: AviatrixFirewallArgs,
opts: Optional[ResourceOptions] = None)func NewAviatrixFirewall(ctx *Context, name string, args AviatrixFirewallArgs, opts ...ResourceOption) (*AviatrixFirewall, error)public AviatrixFirewall(string name, AviatrixFirewallArgs args, CustomResourceOptions? opts = null)
public AviatrixFirewall(String name, AviatrixFirewallArgs args)
public AviatrixFirewall(String name, AviatrixFirewallArgs args, CustomResourceOptions options)
type: aviatrix:AviatrixFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AviatrixFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AviatrixFirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AviatrixFirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AviatrixFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AviatrixFirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AviatrixFirewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AviatrixFirewall resource accepts the following input properties:
- Gw
Name string Gateway name to attach firewall policy to.
- Base
Log boolEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- Base
Policy string New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- Manage
Firewall boolPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- Policies
List<Aviatrix
Firewall Policy Args> New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- Gw
Name string Gateway name to attach firewall policy to.
- Base
Log boolEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- Base
Policy string New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- Manage
Firewall boolPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- Policies
[]Aviatrix
Firewall Policy Type Args New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- gw
Name String Gateway name to attach firewall policy to.
- base
Log BooleanEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- base
Policy String New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- manage
Firewall BooleanPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- policies
List<Aviatrix
Firewall Policy Args> New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- gw
Name string Gateway name to attach firewall policy to.
- base
Log booleanEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- base
Policy string New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- manage
Firewall booleanPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- policies
Aviatrix
Firewall Policy Args[] New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- gw_
name str Gateway name to attach firewall policy to.
- base_
log_ boolenabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- base_
policy str New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- manage_
firewall_ boolpolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- policies
Sequence[Aviatrix
Firewall Policy Args] New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- gw
Name String Gateway name to attach firewall policy to.
- base
Log BooleanEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- base
Policy String New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- manage
Firewall BooleanPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- policies List<Property Map>
New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
Outputs
All input properties are implicitly available as output properties. Additionally, the AviatrixFirewall resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing AviatrixFirewall Resource
Get an existing AviatrixFirewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AviatrixFirewallState, opts?: CustomResourceOptions): AviatrixFirewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
base_log_enabled: Optional[bool] = None,
base_policy: Optional[str] = None,
gw_name: Optional[str] = None,
manage_firewall_policies: Optional[bool] = None,
policies: Optional[Sequence[AviatrixFirewallPolicyArgs]] = None) -> AviatrixFirewallfunc GetAviatrixFirewall(ctx *Context, name string, id IDInput, state *AviatrixFirewallState, opts ...ResourceOption) (*AviatrixFirewall, error)public static AviatrixFirewall Get(string name, Input<string> id, AviatrixFirewallState? state, CustomResourceOptions? opts = null)public static AviatrixFirewall get(String name, Output<String> id, AviatrixFirewallState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Base
Log boolEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- Base
Policy string New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- Gw
Name string Gateway name to attach firewall policy to.
- Manage
Firewall boolPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- Policies
List<Aviatrix
Firewall Policy Args> New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- Base
Log boolEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- Base
Policy string New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- Gw
Name string Gateway name to attach firewall policy to.
- Manage
Firewall boolPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- Policies
[]Aviatrix
Firewall Policy Type Args New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- base
Log BooleanEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- base
Policy String New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- gw
Name String Gateway name to attach firewall policy to.
- manage
Firewall BooleanPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- policies
List<Aviatrix
Firewall Policy Args> New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- base
Log booleanEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- base
Policy string New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- gw
Name string Gateway name to attach firewall policy to.
- manage
Firewall booleanPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- policies
Aviatrix
Firewall Policy Args[] New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- base_
log_ boolenabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- base_
policy str New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- gw_
name str Gateway name to attach firewall policy to.
- manage_
firewall_ boolpolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- policies
Sequence[Aviatrix
Firewall Policy Args] New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
- base
Log BooleanEnabled Indicates whether enable logging or not. Valid Values: true, false. Default value: false.
- base
Policy String New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"
- gw
Name String Gateway name to attach firewall policy to.
- manage
Firewall BooleanPolicies Enable to manage firewall policies via in-line rules. If false, policies must be managed using
aviatrix.AviatrixFirewallPolicyresources. Default: true. Valid values: true, false. Available in provider version R2.17+.- policies List<Property Map>
New access policy for the gateway. Seven fields are required for each policy item:
src_ip,dst_ip,protocol,port,action,log_enabledanddescription. No duplicate rules (with samesrc_ip,dst_ip,protocolandport) are allowed.
Supporting Types
AviatrixFirewallPolicy
- Action string
Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).
- Dst
Ip string Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- Port string
A single port or a range of port numbers. Example: "25", "25:1024".
- Src
Ip string Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- Description string
Description of the policy. Example: "This is policy no.1".
- Log
Enabled bool Valid values: true, false. Default value: false.
- Protocol string
: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".
- Action string
Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).
- Dst
Ip string Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- Port string
A single port or a range of port numbers. Example: "25", "25:1024".
- Src
Ip string Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- Description string
Description of the policy. Example: "This is policy no.1".
- Log
Enabled bool Valid values: true, false. Default value: false.
- Protocol string
: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".
- action String
Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).
- dst
Ip String Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- port String
A single port or a range of port numbers. Example: "25", "25:1024".
- src
Ip String Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- description String
Description of the policy. Example: "This is policy no.1".
- log
Enabled Boolean Valid values: true, false. Default value: false.
- protocol String
: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".
- action string
Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).
- dst
Ip string Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- port string
A single port or a range of port numbers. Example: "25", "25:1024".
- src
Ip string Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- description string
Description of the policy. Example: "This is policy no.1".
- log
Enabled boolean Valid values: true, false. Default value: false.
- protocol string
: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".
- action str
Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).
- dst_
ip str Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- port str
A single port or a range of port numbers. Example: "25", "25:1024".
- src_
ip str Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- description str
Description of the policy. Example: "This is policy no.1".
- log_
enabled bool Valid values: true, false. Default value: false.
- protocol str
: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".
- action String
Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).
- dst
Ip String Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- port String
A single port or a range of port numbers. Example: "25", "25:1024".
- src
Ip String Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.
- description String
Description of the policy. Example: "This is policy no.1".
- log
Enabled Boolean Valid values: true, false. Default value: false.
- protocol String
: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".
Package Details
- Repository
- aviatrix astipkovits/pulumi-aviatrix
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aviatrixTerraform Provider.