digitalocean.Firewall
Provides a DigitalOcean Cloud Firewall resource. This can be used to create, modify, and delete Firewalls.
Example Usage
using System.Collections.Generic;
using Pulumi;
using DigitalOcean = Pulumi.DigitalOcean;
return await Deployment.RunAsync(() =>
{
var webDroplet = new DigitalOcean.Droplet("webDroplet", new()
{
Size = "s-1vcpu-1gb",
Image = "ubuntu-18-04-x64",
Region = "nyc3",
});
var webFirewall = new DigitalOcean.Firewall("webFirewall", new()
{
DropletIds = new[]
{
webDroplet.Id,
},
InboundRules = new[]
{
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "tcp",
PortRange = "22",
SourceAddresses = new[]
{
"192.168.1.0/24",
"2002:1:2::/48",
},
},
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "tcp",
PortRange = "80",
SourceAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "tcp",
PortRange = "443",
SourceAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "icmp",
SourceAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
},
OutboundRules = new[]
{
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "tcp",
PortRange = "53",
DestinationAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "udp",
PortRange = "53",
DestinationAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "icmp",
DestinationAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-digitalocean/sdk/v4/go/digitalocean"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
webDroplet, err := digitalocean.NewDroplet(ctx, "webDroplet", &digitalocean.DropletArgs{
Size: pulumi.String("s-1vcpu-1gb"),
Image: pulumi.String("ubuntu-18-04-x64"),
Region: pulumi.String("nyc3"),
})
if err != nil {
return err
}
_, err = digitalocean.NewFirewall(ctx, "webFirewall", &digitalocean.FirewallArgs{
DropletIds: pulumi.IntArray{
webDroplet.ID(),
},
InboundRules: digitalocean.FirewallInboundRuleArray{
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("22"),
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
pulumi.String("2002:1:2::/48"),
},
},
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("80"),
SourceAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("443"),
SourceAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("icmp"),
SourceAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
},
OutboundRules: digitalocean.FirewallOutboundRuleArray{
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("53"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("udp"),
PortRange: pulumi.String("53"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("icmp"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.digitalocean.Droplet;
import com.pulumi.digitalocean.DropletArgs;
import com.pulumi.digitalocean.Firewall;
import com.pulumi.digitalocean.FirewallArgs;
import com.pulumi.digitalocean.inputs.FirewallInboundRuleArgs;
import com.pulumi.digitalocean.inputs.FirewallOutboundRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var webDroplet = new Droplet("webDroplet", DropletArgs.builder()
.size("s-1vcpu-1gb")
.image("ubuntu-18-04-x64")
.region("nyc3")
.build());
var webFirewall = new Firewall("webFirewall", FirewallArgs.builder()
.dropletIds(webDroplet.id())
.inboundRules(
FirewallInboundRuleArgs.builder()
.protocol("tcp")
.portRange("22")
.sourceAddresses(
"192.168.1.0/24",
"2002:1:2::/48")
.build(),
FirewallInboundRuleArgs.builder()
.protocol("tcp")
.portRange("80")
.sourceAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallInboundRuleArgs.builder()
.protocol("tcp")
.portRange("443")
.sourceAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallInboundRuleArgs.builder()
.protocol("icmp")
.sourceAddresses(
"0.0.0.0/0",
"::/0")
.build())
.outboundRules(
FirewallOutboundRuleArgs.builder()
.protocol("tcp")
.portRange("53")
.destinationAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallOutboundRuleArgs.builder()
.protocol("udp")
.portRange("53")
.destinationAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallOutboundRuleArgs.builder()
.protocol("icmp")
.destinationAddresses(
"0.0.0.0/0",
"::/0")
.build())
.build());
}
}
import pulumi
import pulumi_digitalocean as digitalocean
web_droplet = digitalocean.Droplet("webDroplet",
size="s-1vcpu-1gb",
image="ubuntu-18-04-x64",
region="nyc3")
web_firewall = digitalocean.Firewall("webFirewall",
droplet_ids=[web_droplet.id],
inbound_rules=[
digitalocean.FirewallInboundRuleArgs(
protocol="tcp",
port_range="22",
source_addresses=[
"192.168.1.0/24",
"2002:1:2::/48",
],
),
digitalocean.FirewallInboundRuleArgs(
protocol="tcp",
port_range="80",
source_addresses=[
"0.0.0.0/0",
"::/0",
],
),
digitalocean.FirewallInboundRuleArgs(
protocol="tcp",
port_range="443",
source_addresses=[
"0.0.0.0/0",
"::/0",
],
),
digitalocean.FirewallInboundRuleArgs(
protocol="icmp",
source_addresses=[
"0.0.0.0/0",
"::/0",
],
),
],
outbound_rules=[
digitalocean.FirewallOutboundRuleArgs(
protocol="tcp",
port_range="53",
destination_addresses=[
"0.0.0.0/0",
"::/0",
],
),
digitalocean.FirewallOutboundRuleArgs(
protocol="udp",
port_range="53",
destination_addresses=[
"0.0.0.0/0",
"::/0",
],
),
digitalocean.FirewallOutboundRuleArgs(
protocol="icmp",
destination_addresses=[
"0.0.0.0/0",
"::/0",
],
),
])
import * as pulumi from "@pulumi/pulumi";
import * as digitalocean from "@pulumi/digitalocean";
const webDroplet = new digitalocean.Droplet("webDroplet", {
size: "s-1vcpu-1gb",
image: "ubuntu-18-04-x64",
region: "nyc3",
});
const webFirewall = new digitalocean.Firewall("webFirewall", {
dropletIds: [webDroplet.id],
inboundRules: [
{
protocol: "tcp",
portRange: "22",
sourceAddresses: [
"192.168.1.0/24",
"2002:1:2::/48",
],
},
{
protocol: "tcp",
portRange: "80",
sourceAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "tcp",
portRange: "443",
sourceAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "icmp",
sourceAddresses: [
"0.0.0.0/0",
"::/0",
],
},
],
outboundRules: [
{
protocol: "tcp",
portRange: "53",
destinationAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "udp",
portRange: "53",
destinationAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "icmp",
destinationAddresses: [
"0.0.0.0/0",
"::/0",
],
},
],
});
resources:
webDroplet:
type: digitalocean:Droplet
properties:
size: s-1vcpu-1gb
image: ubuntu-18-04-x64
region: nyc3
webFirewall:
type: digitalocean:Firewall
properties:
dropletIds:
- ${webDroplet.id}
inboundRules:
- protocol: tcp
portRange: '22'
sourceAddresses:
- 192.168.1.0/24
- 2002:1:2::/48
- protocol: tcp
portRange: '80'
sourceAddresses:
- 0.0.0.0/0
- ::/0
- protocol: tcp
portRange: '443'
sourceAddresses:
- 0.0.0.0/0
- ::/0
- protocol: icmp
sourceAddresses:
- 0.0.0.0/0
- ::/0
outboundRules:
- protocol: tcp
portRange: '53'
destinationAddresses:
- 0.0.0.0/0
- ::/0
- protocol: udp
portRange: '53'
destinationAddresses:
- 0.0.0.0/0
- ::/0
- protocol: icmp
destinationAddresses:
- 0.0.0.0/0
- ::/0
Create Firewall Resource
new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);@overload
def Firewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
droplet_ids: Optional[Sequence[int]] = None,
inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
name: Optional[str] = None,
outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
tags: Optional[Sequence[str]] = None)
@overload
def Firewall(resource_name: str,
args: Optional[FirewallArgs] = None,
opts: Optional[ResourceOptions] = None)func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: digitalocean:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Firewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Firewall resource accepts the following input properties:
- Droplet
Ids List<int> The list of the IDs of the Droplets assigned to the Firewall.
- Inbound
Rules List<Pulumi.Digital Ocean. Inputs. Firewall Inbound Rule Args> The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- Name string
The Firewall name
- Outbound
Rules List<Pulumi.Digital Ocean. Inputs. Firewall Outbound Rule Args> The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- List<string>
The names of the Tags assigned to the Firewall.
- Droplet
Ids []int The list of the IDs of the Droplets assigned to the Firewall.
- Inbound
Rules []FirewallInbound Rule Args The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- Name string
The Firewall name
- Outbound
Rules []FirewallOutbound Rule Args The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- []string
The names of the Tags assigned to the Firewall.
- droplet
Ids List<Integer> The list of the IDs of the Droplets assigned to the Firewall.
- inbound
Rules List<FirewallInbound Rule Args> The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- name String
The Firewall name
- outbound
Rules List<FirewallOutbound Rule Args> The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- List<String>
The names of the Tags assigned to the Firewall.
- droplet
Ids number[] The list of the IDs of the Droplets assigned to the Firewall.
- inbound
Rules FirewallInbound Rule Args[] The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- name string
The Firewall name
- outbound
Rules FirewallOutbound Rule Args[] The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- string[]
The names of the Tags assigned to the Firewall.
- droplet_
ids Sequence[int] The list of the IDs of the Droplets assigned to the Firewall.
- inbound_
rules Sequence[FirewallInbound Rule Args] The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- name str
The Firewall name
- outbound_
rules Sequence[FirewallOutbound Rule Args] The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- Sequence[str]
The names of the Tags assigned to the Firewall.
- droplet
Ids List<Number> The list of the IDs of the Droplets assigned to the Firewall.
- inbound
Rules List<Property Map> The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- name String
The Firewall name
- outbound
Rules List<Property Map> The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- List<String>
The names of the Tags assigned to the Firewall.
Outputs
All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:
- Created
At string A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Pending
Changes List<Pulumi.Digital Ocean. Outputs. Firewall Pending Change> An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- Status string
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- Created
At string A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Pending
Changes []FirewallPending Change An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- Status string
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- created
At String A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- id String
The provider-assigned unique ID for this managed resource.
- pending
Changes List<FirewallPending Change> An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status String
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- created
At string A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- id string
The provider-assigned unique ID for this managed resource.
- pending
Changes FirewallPending Change[] An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status string
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- created_
at str A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- id str
The provider-assigned unique ID for this managed resource.
- pending_
changes Sequence[FirewallPending Change] An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status str
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- created
At String A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- id String
The provider-assigned unique ID for this managed resource.
- pending
Changes List<Property Map> An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status String
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
Look up Existing Firewall Resource
Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_at: Optional[str] = None,
droplet_ids: Optional[Sequence[int]] = None,
inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
name: Optional[str] = None,
outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
pending_changes: Optional[Sequence[FirewallPendingChangeArgs]] = None,
status: Optional[str] = None,
tags: Optional[Sequence[str]] = None) -> Firewallfunc GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
At string A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- Droplet
Ids List<int> The list of the IDs of the Droplets assigned to the Firewall.
- Inbound
Rules List<Pulumi.Digital Ocean. Inputs. Firewall Inbound Rule Args> The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- Name string
The Firewall name
- Outbound
Rules List<Pulumi.Digital Ocean. Inputs. Firewall Outbound Rule Args> The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- Pending
Changes List<Pulumi.Digital Ocean. Inputs. Firewall Pending Change Args> An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- Status string
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- List<string>
The names of the Tags assigned to the Firewall.
- Created
At string A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- Droplet
Ids []int The list of the IDs of the Droplets assigned to the Firewall.
- Inbound
Rules []FirewallInbound Rule Args The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- Name string
The Firewall name
- Outbound
Rules []FirewallOutbound Rule Args The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- Pending
Changes []FirewallPending Change Args An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- Status string
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- []string
The names of the Tags assigned to the Firewall.
- created
At String A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- droplet
Ids List<Integer> The list of the IDs of the Droplets assigned to the Firewall.
- inbound
Rules List<FirewallInbound Rule Args> The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- name String
The Firewall name
- outbound
Rules List<FirewallOutbound Rule Args> The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- pending
Changes List<FirewallPending Change Args> An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status String
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- List<String>
The names of the Tags assigned to the Firewall.
- created
At string A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- droplet
Ids number[] The list of the IDs of the Droplets assigned to the Firewall.
- inbound
Rules FirewallInbound Rule Args[] The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- name string
The Firewall name
- outbound
Rules FirewallOutbound Rule Args[] The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- pending
Changes FirewallPending Change Args[] An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status string
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- string[]
The names of the Tags assigned to the Firewall.
- created_
at str A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- droplet_
ids Sequence[int] The list of the IDs of the Droplets assigned to the Firewall.
- inbound_
rules Sequence[FirewallInbound Rule Args] The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- name str
The Firewall name
- outbound_
rules Sequence[FirewallOutbound Rule Args] The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- pending_
changes Sequence[FirewallPending Change Args] An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status str
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- Sequence[str]
The names of the Tags assigned to the Firewall.
- created
At String A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- droplet
Ids List<Number> The list of the IDs of the Droplets assigned to the Firewall.
- inbound
Rules List<Property Map> The inbound access rule block for the Firewall. The
inbound_ruleblock is documented below.- name String
The Firewall name
- outbound
Rules List<Property Map> The outbound access rule block for the Firewall. The
outbound_ruleblock is documented below.- pending
Changes List<Property Map> An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status String
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- List<String>
The names of the Tags assigned to the Firewall.
Supporting Types
FirewallInboundRule
- Protocol string
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- Port
Range string The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.- Source
Addresses List<string> An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- Source
Droplet List<int>Ids An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- Source
Kubernetes List<string>Ids An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- Source
Load List<string>Balancer Uids An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- List<string>
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- Protocol string
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- Port
Range string The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.- Source
Addresses []string An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- Source
Droplet []intIds An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- Source
Kubernetes []stringIds An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- Source
Load []stringBalancer Uids An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- []string
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- protocol String
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- port
Range String The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.- source
Addresses List<String> An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- source
Droplet List<Integer>Ids An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- source
Kubernetes List<String>Ids An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- source
Load List<String>Balancer Uids An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- List<String>
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- protocol string
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- port
Range string The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.- source
Addresses string[] An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- source
Droplet number[]Ids An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- source
Kubernetes string[]Ids An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- source
Load string[]Balancer Uids An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- string[]
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- protocol str
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- port_
range str The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.- source_
addresses Sequence[str] An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- source_
droplet_ Sequence[int]ids An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- source_
kubernetes_ Sequence[str]ids An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- source_
load_ Sequence[str]balancer_ uids An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- Sequence[str]
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- protocol String
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- port
Range String The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.- source
Addresses List<String> An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- source
Droplet List<Number>Ids An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- source
Kubernetes List<String>Ids An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- source
Load List<String>Balancer Uids An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- List<String>
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
FirewallOutboundRule
- Protocol string
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- Destination
Addresses List<string> An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- Destination
Droplet List<int>Ids An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- Destination
Kubernetes List<string>Ids An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- Destination
Load List<string>Balancer Uids An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- List<string>
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- Port
Range string The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- Protocol string
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- Destination
Addresses []string An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- Destination
Droplet []intIds An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- Destination
Kubernetes []stringIds An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- Destination
Load []stringBalancer Uids An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- []string
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- Port
Range string The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- protocol String
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- destination
Addresses List<String> An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- destination
Droplet List<Integer>Ids An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- destination
Kubernetes List<String>Ids An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- destination
Load List<String>Balancer Uids An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- List<String>
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- port
Range String The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- protocol string
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- destination
Addresses string[] An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- destination
Droplet number[]Ids An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- destination
Kubernetes string[]Ids An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- destination
Load string[]Balancer Uids An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- string[]
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- port
Range string The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- protocol str
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- destination_
addresses Sequence[str] An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- destination_
droplet_ Sequence[int]ids An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- destination_
kubernetes_ Sequence[str]ids An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- destination_
load_ Sequence[str]balancer_ uids An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- Sequence[str]
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- port_
range str The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- protocol String
The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- destination
Addresses List<String> An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- destination
Droplet List<Number>Ids An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- destination
Kubernetes List<String>Ids An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- destination
Load List<String>Balancer Uids An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- List<String>
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- port
Range String The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
FirewallPendingChange
- droplet_
id int - removing bool
- status str
A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
Import
Firewalls can be imported using the firewall id, e.g.
$ pulumi import digitalocean:index/firewall:Firewall myfirewall b8ecd2ab-2267-4a5e-8692-cbf1d32583e3
Package Details
- Repository
- DigitalOcean pulumi/pulumi-digitalocean
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
digitaloceanTerraform Provider.