aviatrix logo
Aviatrix v0.0.10, Jan 21 23

aviatrix.AviatrixFirewall

Explore with Pulumi AI

Import

firewall can be imported using the gw_name, e.g.

 $ pulumi import aviatrix:index/aviatrixFirewall:AviatrixFirewall test gw_name

Example Usage

using System.Collections.Generic;
using Pulumi;
using Aviatrix = Pulumi.Aviatrix;

return await Deployment.RunAsync(() => 
{
    // Create an Aviatrix Firewall
    var statefulFirewall1 = new Aviatrix.AviatrixFirewall("statefulFirewall1", new()
    {
        BaseLogEnabled = true,
        BasePolicy = "allow-all",
        GwName = "gateway-1",
        ManageFirewallPolicies = false,
    });

});
package main

import (
	"github.com/astipkovits/pulumi-aviatrix/sdk/go/aviatrix"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := aviatrix.NewAviatrixFirewall(ctx, "statefulFirewall1", &aviatrix.AviatrixFirewallArgs{
			BaseLogEnabled:         pulumi.Bool(true),
			BasePolicy:             pulumi.String("allow-all"),
			GwName:                 pulumi.String("gateway-1"),
			ManageFirewallPolicies: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aviatrix.AviatrixFirewall;
import com.pulumi.aviatrix.AviatrixFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var statefulFirewall1 = new AviatrixFirewall("statefulFirewall1", AviatrixFirewallArgs.builder()        
            .baseLogEnabled(true)
            .basePolicy("allow-all")
            .gwName("gateway-1")
            .manageFirewallPolicies(false)
            .build());

    }
}
import pulumi
import pulumi_aviatrix as aviatrix

# Create an Aviatrix Firewall
stateful_firewall1 = aviatrix.AviatrixFirewall("statefulFirewall1",
    base_log_enabled=True,
    base_policy="allow-all",
    gw_name="gateway-1",
    manage_firewall_policies=False)
import * as pulumi from "@pulumi/pulumi";
import * as aviatrix from "@pulumi/aviatrix";

// Create an Aviatrix Firewall
const statefulFirewall1 = new aviatrix.AviatrixFirewall("stateful_firewall_1", {
    baseLogEnabled: true,
    basePolicy: "allow-all",
    gwName: "gateway-1",
    manageFirewallPolicies: false,
});
resources:
  # Create an Aviatrix Firewall
  statefulFirewall1:
    type: aviatrix:AviatrixFirewall
    properties:
      baseLogEnabled: true
      basePolicy: allow-all
      gwName: gateway-1
      manageFirewallPolicies: false
using System.Collections.Generic;
using Pulumi;
using Aviatrix = Pulumi.Aviatrix;

return await Deployment.RunAsync(() => 
{
    // Create an Aviatrix Firewall with in-line rules
    var statefulFirewall1 = new Aviatrix.AviatrixFirewall("statefulFirewall1", new()
    {
        GwName = "gateway-1",
        BasePolicy = "allow-all",
        BaseLogEnabled = true,
        Policies = new[]
        {
            new Aviatrix.Inputs.AviatrixFirewallPolicyArgs
            {
                Protocol = "all",
                SrcIp = "10.17.0.224/32",
                LogEnabled = true,
                DstIp = "10.12.0.172/32",
                Action = "force-drop",
                Port = "0:65535",
                Description = "first_policy",
            },
            new Aviatrix.Inputs.AviatrixFirewallPolicyArgs
            {
                Protocol = "tcp",
                SrcIp = "10.16.0.224/32",
                LogEnabled = false,
                DstIp = "10.12.1.172/32",
                Action = "force-drop",
                Port = "325",
                Description = "second_policy",
            },
            new Aviatrix.Inputs.AviatrixFirewallPolicyArgs
            {
                Protocol = "udp",
                SrcIp = "10.14.0.225/32",
                LogEnabled = false,
                DstIp = "10.13.1.173/32",
                Action = "deny",
                Port = "325",
                Description = "third_policy",
            },
            new Aviatrix.Inputs.AviatrixFirewallPolicyArgs
            {
                Protocol = "tcp",
                SrcIp = aviatrix_firewall_tag.Test.Firewall_tag,
                LogEnabled = false,
                DstIp = "10.13.1.173/32",
                Action = "deny",
                Port = "325",
                Description = "fourth_policy",
            },
        },
    });

});
package main

import (
	"github.com/astipkovits/pulumi-aviatrix/sdk/go/aviatrix"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := aviatrix.NewAviatrixFirewall(ctx, "statefulFirewall1", &aviatrix.AviatrixFirewallArgs{
			GwName:         pulumi.String("gateway-1"),
			BasePolicy:     pulumi.String("allow-all"),
			BaseLogEnabled: pulumi.Bool(true),
			Policies: AviatrixFirewallPolicyTypeArray{
				&AviatrixFirewallPolicyTypeArgs{
					Protocol:    pulumi.String("all"),
					SrcIp:       pulumi.String("10.17.0.224/32"),
					LogEnabled:  pulumi.Bool(true),
					DstIp:       pulumi.String("10.12.0.172/32"),
					Action:      pulumi.String("force-drop"),
					Port:        pulumi.String("0:65535"),
					Description: pulumi.String("first_policy"),
				},
				&AviatrixFirewallPolicyTypeArgs{
					Protocol:    pulumi.String("tcp"),
					SrcIp:       pulumi.String("10.16.0.224/32"),
					LogEnabled:  pulumi.Bool(false),
					DstIp:       pulumi.String("10.12.1.172/32"),
					Action:      pulumi.String("force-drop"),
					Port:        pulumi.String("325"),
					Description: pulumi.String("second_policy"),
				},
				&AviatrixFirewallPolicyTypeArgs{
					Protocol:    pulumi.String("udp"),
					SrcIp:       pulumi.String("10.14.0.225/32"),
					LogEnabled:  pulumi.Bool(false),
					DstIp:       pulumi.String("10.13.1.173/32"),
					Action:      pulumi.String("deny"),
					Port:        pulumi.String("325"),
					Description: pulumi.String("third_policy"),
				},
				&AviatrixFirewallPolicyTypeArgs{
					Protocol:    pulumi.String("tcp"),
					SrcIp:       pulumi.Any(aviatrix_firewall_tag.Test.Firewall_tag),
					LogEnabled:  pulumi.Bool(false),
					DstIp:       pulumi.String("10.13.1.173/32"),
					Action:      pulumi.String("deny"),
					Port:        pulumi.String("325"),
					Description: pulumi.String("fourth_policy"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aviatrix.AviatrixFirewall;
import com.pulumi.aviatrix.AviatrixFirewallArgs;
import com.pulumi.aviatrix.inputs.AviatrixFirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var statefulFirewall1 = new AviatrixFirewall("statefulFirewall1", AviatrixFirewallArgs.builder()        
            .gwName("gateway-1")
            .basePolicy("allow-all")
            .baseLogEnabled(true)
            .policies(            
                AviatrixFirewallPolicyArgs.builder()
                    .protocol("all")
                    .srcIp("10.17.0.224/32")
                    .logEnabled(true)
                    .dstIp("10.12.0.172/32")
                    .action("force-drop")
                    .port("0:65535")
                    .description("first_policy")
                    .build(),
                AviatrixFirewallPolicyArgs.builder()
                    .protocol("tcp")
                    .srcIp("10.16.0.224/32")
                    .logEnabled(false)
                    .dstIp("10.12.1.172/32")
                    .action("force-drop")
                    .port("325")
                    .description("second_policy")
                    .build(),
                AviatrixFirewallPolicyArgs.builder()
                    .protocol("udp")
                    .srcIp("10.14.0.225/32")
                    .logEnabled(false)
                    .dstIp("10.13.1.173/32")
                    .action("deny")
                    .port("325")
                    .description("third_policy")
                    .build(),
                AviatrixFirewallPolicyArgs.builder()
                    .protocol("tcp")
                    .srcIp(aviatrix_firewall_tag.test().firewall_tag())
                    .logEnabled(false)
                    .dstIp("10.13.1.173/32")
                    .action("deny")
                    .port("325")
                    .description("fourth_policy")
                    .build())
            .build());

    }
}
import pulumi
import pulumi_aviatrix as aviatrix

# Create an Aviatrix Firewall with in-line rules
stateful_firewall1 = aviatrix.AviatrixFirewall("statefulFirewall1",
    gw_name="gateway-1",
    base_policy="allow-all",
    base_log_enabled=True,
    policies=[
        aviatrix.AviatrixFirewallPolicyArgs(
            protocol="all",
            src_ip="10.17.0.224/32",
            log_enabled=True,
            dst_ip="10.12.0.172/32",
            action="force-drop",
            port="0:65535",
            description="first_policy",
        ),
        aviatrix.AviatrixFirewallPolicyArgs(
            protocol="tcp",
            src_ip="10.16.0.224/32",
            log_enabled=False,
            dst_ip="10.12.1.172/32",
            action="force-drop",
            port="325",
            description="second_policy",
        ),
        aviatrix.AviatrixFirewallPolicyArgs(
            protocol="udp",
            src_ip="10.14.0.225/32",
            log_enabled=False,
            dst_ip="10.13.1.173/32",
            action="deny",
            port="325",
            description="third_policy",
        ),
        aviatrix.AviatrixFirewallPolicyArgs(
            protocol="tcp",
            src_ip=aviatrix_firewall_tag["test"]["firewall_tag"],
            log_enabled=False,
            dst_ip="10.13.1.173/32",
            action="deny",
            port="325",
            description="fourth_policy",
        ),
    ])
import * as pulumi from "@pulumi/pulumi";
import * as aviatrix from "@astipkovits/aviatrix";

// Create an Aviatrix Firewall with in-line rules
const statefulFirewall1 = new aviatrix.AviatrixFirewall("statefulFirewall1", {
    gwName: "gateway-1",
    basePolicy: "allow-all",
    baseLogEnabled: true,
    policies: [
        {
            protocol: "all",
            srcIp: "10.17.0.224/32",
            logEnabled: true,
            dstIp: "10.12.0.172/32",
            action: "force-drop",
            port: "0:65535",
            description: "first_policy",
        },
        {
            protocol: "tcp",
            srcIp: "10.16.0.224/32",
            logEnabled: false,
            dstIp: "10.12.1.172/32",
            action: "force-drop",
            port: "325",
            description: "second_policy",
        },
        {
            protocol: "udp",
            srcIp: "10.14.0.225/32",
            logEnabled: false,
            dstIp: "10.13.1.173/32",
            action: "deny",
            port: "325",
            description: "third_policy",
        },
        {
            protocol: "tcp",
            srcIp: aviatrix_firewall_tag.test.firewall_tag,
            logEnabled: false,
            dstIp: "10.13.1.173/32",
            action: "deny",
            port: "325",
            description: "fourth_policy",
        },
    ],
});
resources:
  # Create an Aviatrix Firewall with in-line rules
  statefulFirewall1:
    type: aviatrix:AviatrixFirewall
    properties:
      gwName: gateway-1
      basePolicy: allow-all
      baseLogEnabled: true
      policies:
        - protocol: all
          srcIp: 10.17.0.224/32
          logEnabled: true
          dstIp: 10.12.0.172/32
          action: force-drop
          port: 0:65535
          description: first_policy
        - protocol: tcp
          srcIp: 10.16.0.224/32
          logEnabled: false
          dstIp: 10.12.1.172/32
          action: force-drop
          port: '325'
          description: second_policy
        - protocol: udp
          srcIp: 10.14.0.225/32
          logEnabled: false
          dstIp: 10.13.1.173/32
          action: deny
          port: '325'
          description: third_policy
        - protocol: tcp
          srcIp: ${aviatrix_firewall_tag.test.firewall_tag}
          logEnabled: false
          dstIp: 10.13.1.173/32
          action: deny
          port: '325'
          description: fourth_policy

Create AviatrixFirewall Resource

new AviatrixFirewall(name: string, args: AviatrixFirewallArgs, opts?: CustomResourceOptions);
@overload
def AviatrixFirewall(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     base_log_enabled: Optional[bool] = None,
                     base_policy: Optional[str] = None,
                     gw_name: Optional[str] = None,
                     manage_firewall_policies: Optional[bool] = None,
                     policies: Optional[Sequence[AviatrixFirewallPolicyArgs]] = None)
@overload
def AviatrixFirewall(resource_name: str,
                     args: AviatrixFirewallArgs,
                     opts: Optional[ResourceOptions] = None)
func NewAviatrixFirewall(ctx *Context, name string, args AviatrixFirewallArgs, opts ...ResourceOption) (*AviatrixFirewall, error)
public AviatrixFirewall(string name, AviatrixFirewallArgs args, CustomResourceOptions? opts = null)
public AviatrixFirewall(String name, AviatrixFirewallArgs args)
public AviatrixFirewall(String name, AviatrixFirewallArgs args, CustomResourceOptions options)
type: aviatrix:AviatrixFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AviatrixFirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AviatrixFirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AviatrixFirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AviatrixFirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AviatrixFirewallArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AviatrixFirewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AviatrixFirewall resource accepts the following input properties:

GwName string

Gateway name to attach firewall policy to.

BaseLogEnabled bool

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

BasePolicy string

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

ManageFirewallPolicies bool

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

Policies List<AviatrixFirewallPolicyArgs>

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

GwName string

Gateway name to attach firewall policy to.

BaseLogEnabled bool

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

BasePolicy string

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

ManageFirewallPolicies bool

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

Policies []AviatrixFirewallPolicyTypeArgs

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

gwName String

Gateway name to attach firewall policy to.

baseLogEnabled Boolean

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

basePolicy String

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

manageFirewallPolicies Boolean

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

policies List<AviatrixFirewallPolicyArgs>

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

gwName string

Gateway name to attach firewall policy to.

baseLogEnabled boolean

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

basePolicy string

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

manageFirewallPolicies boolean

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

policies AviatrixFirewallPolicyArgs[]

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

gw_name str

Gateway name to attach firewall policy to.

base_log_enabled bool

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

base_policy str

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

manage_firewall_policies bool

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

policies Sequence[AviatrixFirewallPolicyArgs]

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

gwName String

Gateway name to attach firewall policy to.

baseLogEnabled Boolean

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

basePolicy String

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

manageFirewallPolicies Boolean

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

policies List<Property Map>

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

Outputs

All input properties are implicitly available as output properties. Additionally, the AviatrixFirewall resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing AviatrixFirewall Resource

Get an existing AviatrixFirewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AviatrixFirewallState, opts?: CustomResourceOptions): AviatrixFirewall
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        base_log_enabled: Optional[bool] = None,
        base_policy: Optional[str] = None,
        gw_name: Optional[str] = None,
        manage_firewall_policies: Optional[bool] = None,
        policies: Optional[Sequence[AviatrixFirewallPolicyArgs]] = None) -> AviatrixFirewall
func GetAviatrixFirewall(ctx *Context, name string, id IDInput, state *AviatrixFirewallState, opts ...ResourceOption) (*AviatrixFirewall, error)
public static AviatrixFirewall Get(string name, Input<string> id, AviatrixFirewallState? state, CustomResourceOptions? opts = null)
public static AviatrixFirewall get(String name, Output<String> id, AviatrixFirewallState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
BaseLogEnabled bool

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

BasePolicy string

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

GwName string

Gateway name to attach firewall policy to.

ManageFirewallPolicies bool

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

Policies List<AviatrixFirewallPolicyArgs>

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

BaseLogEnabled bool

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

BasePolicy string

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

GwName string

Gateway name to attach firewall policy to.

ManageFirewallPolicies bool

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

Policies []AviatrixFirewallPolicyTypeArgs

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

baseLogEnabled Boolean

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

basePolicy String

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

gwName String

Gateway name to attach firewall policy to.

manageFirewallPolicies Boolean

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

policies List<AviatrixFirewallPolicyArgs>

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

baseLogEnabled boolean

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

basePolicy string

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

gwName string

Gateway name to attach firewall policy to.

manageFirewallPolicies boolean

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

policies AviatrixFirewallPolicyArgs[]

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

base_log_enabled bool

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

base_policy str

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

gw_name str

Gateway name to attach firewall policy to.

manage_firewall_policies bool

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

policies Sequence[AviatrixFirewallPolicyArgs]

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

baseLogEnabled Boolean

Indicates whether enable logging or not. Valid Values: true, false. Default value: false.

basePolicy String

New base policy. Valid Values: "allow-all", "deny-all". Default value: "deny-all"

gwName String

Gateway name to attach firewall policy to.

manageFirewallPolicies Boolean

Enable to manage firewall policies via in-line rules. If false, policies must be managed using aviatrix.AviatrixFirewallPolicy resources. Default: true. Valid values: true, false. Available in provider version R2.17+.

policies List<Property Map>

New access policy for the gateway. Seven fields are required for each policy item: src_ip, dst_ip, protocol, port, action, log_enabled and description. No duplicate rules (with same src_ip, dst_ip, protocol and port) are allowed.

Supporting Types

AviatrixFirewallPolicy

Action string

Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).

DstIp string

Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

Port string

A single port or a range of port numbers. Example: "25", "25:1024".

SrcIp string

Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

Description string

Description of the policy. Example: "This is policy no.1".

LogEnabled bool

Valid values: true, false. Default value: false.

Protocol string

: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".

Action string

Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).

DstIp string

Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

Port string

A single port or a range of port numbers. Example: "25", "25:1024".

SrcIp string

Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

Description string

Description of the policy. Example: "This is policy no.1".

LogEnabled bool

Valid values: true, false. Default value: false.

Protocol string

: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".

action String

Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).

dstIp String

Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

port String

A single port or a range of port numbers. Example: "25", "25:1024".

srcIp String

Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

description String

Description of the policy. Example: "This is policy no.1".

logEnabled Boolean

Valid values: true, false. Default value: false.

protocol String

: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".

action string

Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).

dstIp string

Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

port string

A single port or a range of port numbers. Example: "25", "25:1024".

srcIp string

Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

description string

Description of the policy. Example: "This is policy no.1".

logEnabled boolean

Valid values: true, false. Default value: false.

protocol string

: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".

action str

Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).

dst_ip str

Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

port str

A single port or a range of port numbers. Example: "25", "25:1024".

src_ip str

Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

description str

Description of the policy. Example: "This is policy no.1".

log_enabled bool

Valid values: true, false. Default value: false.

protocol str

: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".

action String

Valid values: "allow", "deny" and "force-drop" (in stateful firewall rule to allow immediate packet dropping on established sessions).

dstIp String

Destination address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

port String

A single port or a range of port numbers. Example: "25", "25:1024".

srcIp String

Source address, a valid IPv4 address or tag name such "HR" or "marketing" etc. Example: "10.30.0.0/16". The aviatrix_firewall_tag resource should be created prior to using the tag name.

description String

Description of the policy. Example: "This is policy no.1".

logEnabled Boolean

Valid values: true, false. Default value: false.

protocol String

: Valid values: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp". Default value: "all".

Package Details

Repository
aviatrix astipkovits/pulumi-aviatrix
License
Apache-2.0
Notes

This Pulumi package is based on the aviatrix Terraform Provider.