digitalocean logo
DigitalOcean v4.19.1, Mar 23 23

digitalocean.Firewall

Provides a DigitalOcean Cloud Firewall resource. This can be used to create, modify, and delete Firewalls.

Example Usage

using System.Collections.Generic;
using Pulumi;
using DigitalOcean = Pulumi.DigitalOcean;

return await Deployment.RunAsync(() => 
{
    var webDroplet = new DigitalOcean.Droplet("webDroplet", new()
    {
        Size = "s-1vcpu-1gb",
        Image = "ubuntu-18-04-x64",
        Region = "nyc3",
    });

    var webFirewall = new DigitalOcean.Firewall("webFirewall", new()
    {
        DropletIds = new[]
        {
            webDroplet.Id,
        },
        InboundRules = new[]
        {
            new DigitalOcean.Inputs.FirewallInboundRuleArgs
            {
                Protocol = "tcp",
                PortRange = "22",
                SourceAddresses = new[]
                {
                    "192.168.1.0/24",
                    "2002:1:2::/48",
                },
            },
            new DigitalOcean.Inputs.FirewallInboundRuleArgs
            {
                Protocol = "tcp",
                PortRange = "80",
                SourceAddresses = new[]
                {
                    "0.0.0.0/0",
                    "::/0",
                },
            },
            new DigitalOcean.Inputs.FirewallInboundRuleArgs
            {
                Protocol = "tcp",
                PortRange = "443",
                SourceAddresses = new[]
                {
                    "0.0.0.0/0",
                    "::/0",
                },
            },
            new DigitalOcean.Inputs.FirewallInboundRuleArgs
            {
                Protocol = "icmp",
                SourceAddresses = new[]
                {
                    "0.0.0.0/0",
                    "::/0",
                },
            },
        },
        OutboundRules = new[]
        {
            new DigitalOcean.Inputs.FirewallOutboundRuleArgs
            {
                Protocol = "tcp",
                PortRange = "53",
                DestinationAddresses = new[]
                {
                    "0.0.0.0/0",
                    "::/0",
                },
            },
            new DigitalOcean.Inputs.FirewallOutboundRuleArgs
            {
                Protocol = "udp",
                PortRange = "53",
                DestinationAddresses = new[]
                {
                    "0.0.0.0/0",
                    "::/0",
                },
            },
            new DigitalOcean.Inputs.FirewallOutboundRuleArgs
            {
                Protocol = "icmp",
                DestinationAddresses = new[]
                {
                    "0.0.0.0/0",
                    "::/0",
                },
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-digitalocean/sdk/v4/go/digitalocean"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		webDroplet, err := digitalocean.NewDroplet(ctx, "webDroplet", &digitalocean.DropletArgs{
			Size:   pulumi.String("s-1vcpu-1gb"),
			Image:  pulumi.String("ubuntu-18-04-x64"),
			Region: pulumi.String("nyc3"),
		})
		if err != nil {
			return err
		}
		_, err = digitalocean.NewFirewall(ctx, "webFirewall", &digitalocean.FirewallArgs{
			DropletIds: pulumi.IntArray{
				webDroplet.ID(),
			},
			InboundRules: digitalocean.FirewallInboundRuleArray{
				&digitalocean.FirewallInboundRuleArgs{
					Protocol:  pulumi.String("tcp"),
					PortRange: pulumi.String("22"),
					SourceAddresses: pulumi.StringArray{
						pulumi.String("192.168.1.0/24"),
						pulumi.String("2002:1:2::/48"),
					},
				},
				&digitalocean.FirewallInboundRuleArgs{
					Protocol:  pulumi.String("tcp"),
					PortRange: pulumi.String("80"),
					SourceAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
				&digitalocean.FirewallInboundRuleArgs{
					Protocol:  pulumi.String("tcp"),
					PortRange: pulumi.String("443"),
					SourceAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
				&digitalocean.FirewallInboundRuleArgs{
					Protocol: pulumi.String("icmp"),
					SourceAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
			},
			OutboundRules: digitalocean.FirewallOutboundRuleArray{
				&digitalocean.FirewallOutboundRuleArgs{
					Protocol:  pulumi.String("tcp"),
					PortRange: pulumi.String("53"),
					DestinationAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
				&digitalocean.FirewallOutboundRuleArgs{
					Protocol:  pulumi.String("udp"),
					PortRange: pulumi.String("53"),
					DestinationAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
				&digitalocean.FirewallOutboundRuleArgs{
					Protocol: pulumi.String("icmp"),
					DestinationAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.digitalocean.Droplet;
import com.pulumi.digitalocean.DropletArgs;
import com.pulumi.digitalocean.Firewall;
import com.pulumi.digitalocean.FirewallArgs;
import com.pulumi.digitalocean.inputs.FirewallInboundRuleArgs;
import com.pulumi.digitalocean.inputs.FirewallOutboundRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var webDroplet = new Droplet("webDroplet", DropletArgs.builder()        
            .size("s-1vcpu-1gb")
            .image("ubuntu-18-04-x64")
            .region("nyc3")
            .build());

        var webFirewall = new Firewall("webFirewall", FirewallArgs.builder()        
            .dropletIds(webDroplet.id())
            .inboundRules(            
                FirewallInboundRuleArgs.builder()
                    .protocol("tcp")
                    .portRange("22")
                    .sourceAddresses(                    
                        "192.168.1.0/24",
                        "2002:1:2::/48")
                    .build(),
                FirewallInboundRuleArgs.builder()
                    .protocol("tcp")
                    .portRange("80")
                    .sourceAddresses(                    
                        "0.0.0.0/0",
                        "::/0")
                    .build(),
                FirewallInboundRuleArgs.builder()
                    .protocol("tcp")
                    .portRange("443")
                    .sourceAddresses(                    
                        "0.0.0.0/0",
                        "::/0")
                    .build(),
                FirewallInboundRuleArgs.builder()
                    .protocol("icmp")
                    .sourceAddresses(                    
                        "0.0.0.0/0",
                        "::/0")
                    .build())
            .outboundRules(            
                FirewallOutboundRuleArgs.builder()
                    .protocol("tcp")
                    .portRange("53")
                    .destinationAddresses(                    
                        "0.0.0.0/0",
                        "::/0")
                    .build(),
                FirewallOutboundRuleArgs.builder()
                    .protocol("udp")
                    .portRange("53")
                    .destinationAddresses(                    
                        "0.0.0.0/0",
                        "::/0")
                    .build(),
                FirewallOutboundRuleArgs.builder()
                    .protocol("icmp")
                    .destinationAddresses(                    
                        "0.0.0.0/0",
                        "::/0")
                    .build())
            .build());

    }
}
import pulumi
import pulumi_digitalocean as digitalocean

web_droplet = digitalocean.Droplet("webDroplet",
    size="s-1vcpu-1gb",
    image="ubuntu-18-04-x64",
    region="nyc3")
web_firewall = digitalocean.Firewall("webFirewall",
    droplet_ids=[web_droplet.id],
    inbound_rules=[
        digitalocean.FirewallInboundRuleArgs(
            protocol="tcp",
            port_range="22",
            source_addresses=[
                "192.168.1.0/24",
                "2002:1:2::/48",
            ],
        ),
        digitalocean.FirewallInboundRuleArgs(
            protocol="tcp",
            port_range="80",
            source_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
        digitalocean.FirewallInboundRuleArgs(
            protocol="tcp",
            port_range="443",
            source_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
        digitalocean.FirewallInboundRuleArgs(
            protocol="icmp",
            source_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
    ],
    outbound_rules=[
        digitalocean.FirewallOutboundRuleArgs(
            protocol="tcp",
            port_range="53",
            destination_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
        digitalocean.FirewallOutboundRuleArgs(
            protocol="udp",
            port_range="53",
            destination_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
        digitalocean.FirewallOutboundRuleArgs(
            protocol="icmp",
            destination_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
    ])
import * as pulumi from "@pulumi/pulumi";
import * as digitalocean from "@pulumi/digitalocean";

const webDroplet = new digitalocean.Droplet("webDroplet", {
    size: "s-1vcpu-1gb",
    image: "ubuntu-18-04-x64",
    region: "nyc3",
});
const webFirewall = new digitalocean.Firewall("webFirewall", {
    dropletIds: [webDroplet.id],
    inboundRules: [
        {
            protocol: "tcp",
            portRange: "22",
            sourceAddresses: [
                "192.168.1.0/24",
                "2002:1:2::/48",
            ],
        },
        {
            protocol: "tcp",
            portRange: "80",
            sourceAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
        {
            protocol: "tcp",
            portRange: "443",
            sourceAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
        {
            protocol: "icmp",
            sourceAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
    ],
    outboundRules: [
        {
            protocol: "tcp",
            portRange: "53",
            destinationAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
        {
            protocol: "udp",
            portRange: "53",
            destinationAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
        {
            protocol: "icmp",
            destinationAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
    ],
});
resources:
  webDroplet:
    type: digitalocean:Droplet
    properties:
      size: s-1vcpu-1gb
      image: ubuntu-18-04-x64
      region: nyc3
  webFirewall:
    type: digitalocean:Firewall
    properties:
      dropletIds:
        - ${webDroplet.id}
      inboundRules:
        - protocol: tcp
          portRange: '22'
          sourceAddresses:
            - 192.168.1.0/24
            - 2002:1:2::/48
        - protocol: tcp
          portRange: '80'
          sourceAddresses:
            - 0.0.0.0/0
            - ::/0
        - protocol: tcp
          portRange: '443'
          sourceAddresses:
            - 0.0.0.0/0
            - ::/0
        - protocol: icmp
          sourceAddresses:
            - 0.0.0.0/0
            - ::/0
      outboundRules:
        - protocol: tcp
          portRange: '53'
          destinationAddresses:
            - 0.0.0.0/0
            - ::/0
        - protocol: udp
          portRange: '53'
          destinationAddresses:
            - 0.0.0.0/0
            - ::/0
        - protocol: icmp
          destinationAddresses:
            - 0.0.0.0/0
            - ::/0

Create Firewall Resource

new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             droplet_ids: Optional[Sequence[int]] = None,
             inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
             name: Optional[str] = None,
             outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
             tags: Optional[Sequence[str]] = None)
@overload
def Firewall(resource_name: str,
             args: Optional[FirewallArgs] = None,
             opts: Optional[ResourceOptions] = None)
func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: digitalocean:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Firewall resource accepts the following input properties:

DropletIds List<int>

The list of the IDs of the Droplets assigned to the Firewall.

InboundRules List<Pulumi.DigitalOcean.Inputs.FirewallInboundRuleArgs>

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

Name string

The Firewall name

OutboundRules List<Pulumi.DigitalOcean.Inputs.FirewallOutboundRuleArgs>

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

Tags List<string>

The names of the Tags assigned to the Firewall.

DropletIds []int

The list of the IDs of the Droplets assigned to the Firewall.

InboundRules []FirewallInboundRuleArgs

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

Name string

The Firewall name

OutboundRules []FirewallOutboundRuleArgs

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

Tags []string

The names of the Tags assigned to the Firewall.

dropletIds List<Integer>

The list of the IDs of the Droplets assigned to the Firewall.

inboundRules List<FirewallInboundRuleArgs>

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

name String

The Firewall name

outboundRules List<FirewallOutboundRuleArgs>

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

tags List<String>

The names of the Tags assigned to the Firewall.

dropletIds number[]

The list of the IDs of the Droplets assigned to the Firewall.

inboundRules FirewallInboundRuleArgs[]

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

name string

The Firewall name

outboundRules FirewallOutboundRuleArgs[]

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

tags string[]

The names of the Tags assigned to the Firewall.

droplet_ids Sequence[int]

The list of the IDs of the Droplets assigned to the Firewall.

inbound_rules Sequence[FirewallInboundRuleArgs]

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

name str

The Firewall name

outbound_rules Sequence[FirewallOutboundRuleArgs]

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

tags Sequence[str]

The names of the Tags assigned to the Firewall.

dropletIds List<Number>

The list of the IDs of the Droplets assigned to the Firewall.

inboundRules List<Property Map>

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

name String

The Firewall name

outboundRules List<Property Map>

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

tags List<String>

The names of the Tags assigned to the Firewall.

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

CreatedAt string

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

Id string

The provider-assigned unique ID for this managed resource.

PendingChanges List<Pulumi.DigitalOcean.Outputs.FirewallPendingChange>

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

Status string

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

CreatedAt string

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

Id string

The provider-assigned unique ID for this managed resource.

PendingChanges []FirewallPendingChange

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

Status string

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

createdAt String

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

id String

The provider-assigned unique ID for this managed resource.

pendingChanges List<FirewallPendingChange>

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

status String

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

createdAt string

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

id string

The provider-assigned unique ID for this managed resource.

pendingChanges FirewallPendingChange[]

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

status string

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

created_at str

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

id str

The provider-assigned unique ID for this managed resource.

pending_changes Sequence[FirewallPendingChange]

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

status str

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

createdAt String

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

id String

The provider-assigned unique ID for this managed resource.

pendingChanges List<Property Map>

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

status String

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

Look up Existing Firewall Resource

Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        created_at: Optional[str] = None,
        droplet_ids: Optional[Sequence[int]] = None,
        inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
        name: Optional[str] = None,
        outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
        pending_changes: Optional[Sequence[FirewallPendingChangeArgs]] = None,
        status: Optional[str] = None,
        tags: Optional[Sequence[str]] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
CreatedAt string

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

DropletIds List<int>

The list of the IDs of the Droplets assigned to the Firewall.

InboundRules List<Pulumi.DigitalOcean.Inputs.FirewallInboundRuleArgs>

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

Name string

The Firewall name

OutboundRules List<Pulumi.DigitalOcean.Inputs.FirewallOutboundRuleArgs>

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

PendingChanges List<Pulumi.DigitalOcean.Inputs.FirewallPendingChangeArgs>

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

Status string

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

Tags List<string>

The names of the Tags assigned to the Firewall.

CreatedAt string

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

DropletIds []int

The list of the IDs of the Droplets assigned to the Firewall.

InboundRules []FirewallInboundRuleArgs

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

Name string

The Firewall name

OutboundRules []FirewallOutboundRuleArgs

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

PendingChanges []FirewallPendingChangeArgs

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

Status string

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

Tags []string

The names of the Tags assigned to the Firewall.

createdAt String

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

dropletIds List<Integer>

The list of the IDs of the Droplets assigned to the Firewall.

inboundRules List<FirewallInboundRuleArgs>

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

name String

The Firewall name

outboundRules List<FirewallOutboundRuleArgs>

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

pendingChanges List<FirewallPendingChangeArgs>

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

status String

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

tags List<String>

The names of the Tags assigned to the Firewall.

createdAt string

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

dropletIds number[]

The list of the IDs of the Droplets assigned to the Firewall.

inboundRules FirewallInboundRuleArgs[]

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

name string

The Firewall name

outboundRules FirewallOutboundRuleArgs[]

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

pendingChanges FirewallPendingChangeArgs[]

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

status string

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

tags string[]

The names of the Tags assigned to the Firewall.

created_at str

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

droplet_ids Sequence[int]

The list of the IDs of the Droplets assigned to the Firewall.

inbound_rules Sequence[FirewallInboundRuleArgs]

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

name str

The Firewall name

outbound_rules Sequence[FirewallOutboundRuleArgs]

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

pending_changes Sequence[FirewallPendingChangeArgs]

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

status str

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

tags Sequence[str]

The names of the Tags assigned to the Firewall.

createdAt String

A time value given in ISO8601 combined date and time format that represents when the Firewall was created.

dropletIds List<Number>

The list of the IDs of the Droplets assigned to the Firewall.

inboundRules List<Property Map>

The inbound access rule block for the Firewall. The inbound_rule block is documented below.

name String

The Firewall name

outboundRules List<Property Map>

The outbound access rule block for the Firewall. The outbound_rule block is documented below.

pendingChanges List<Property Map>

An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.

status String

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

tags List<String>

The names of the Tags assigned to the Firewall.

Supporting Types

FirewallInboundRule

Protocol string

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

PortRange string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

SourceAddresses List<string>

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.

SourceDropletIds List<int>

An array containing the IDs of the Droplets from which the inbound traffic will be accepted.

SourceKubernetesIds List<string>

An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.

SourceLoadBalancerUids List<string>

An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.

SourceTags List<string>

An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

Protocol string

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

PortRange string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

SourceAddresses []string

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.

SourceDropletIds []int

An array containing the IDs of the Droplets from which the inbound traffic will be accepted.

SourceKubernetesIds []string

An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.

SourceLoadBalancerUids []string

An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.

SourceTags []string

An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

protocol String

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

portRange String

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

sourceAddresses List<String>

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.

sourceDropletIds List<Integer>

An array containing the IDs of the Droplets from which the inbound traffic will be accepted.

sourceKubernetesIds List<String>

An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.

sourceLoadBalancerUids List<String>

An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.

sourceTags List<String>

An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

protocol string

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

portRange string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

sourceAddresses string[]

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.

sourceDropletIds number[]

An array containing the IDs of the Droplets from which the inbound traffic will be accepted.

sourceKubernetesIds string[]

An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.

sourceLoadBalancerUids string[]

An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.

sourceTags string[]

An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

protocol str

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

port_range str

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

source_addresses Sequence[str]

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.

source_droplet_ids Sequence[int]

An array containing the IDs of the Droplets from which the inbound traffic will be accepted.

source_kubernetes_ids Sequence[str]

An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.

source_load_balancer_uids Sequence[str]

An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.

source_tags Sequence[str]

An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

protocol String

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

portRange String

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

sourceAddresses List<String>

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.

sourceDropletIds List<Number>

An array containing the IDs of the Droplets from which the inbound traffic will be accepted.

sourceKubernetesIds List<String>

An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.

sourceLoadBalancerUids List<String>

An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.

sourceTags List<String>

An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

FirewallOutboundRule

Protocol string

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

DestinationAddresses List<string>

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.

DestinationDropletIds List<int>

An array containing the IDs of the Droplets to which the outbound traffic will be allowed.

DestinationKubernetesIds List<string>

An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.

DestinationLoadBalancerUids List<string>

An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.

DestinationTags List<string>

An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.

PortRange string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

Protocol string

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

DestinationAddresses []string

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.

DestinationDropletIds []int

An array containing the IDs of the Droplets to which the outbound traffic will be allowed.

DestinationKubernetesIds []string

An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.

DestinationLoadBalancerUids []string

An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.

DestinationTags []string

An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.

PortRange string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

protocol String

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

destinationAddresses List<String>

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.

destinationDropletIds List<Integer>

An array containing the IDs of the Droplets to which the outbound traffic will be allowed.

destinationKubernetesIds List<String>

An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.

destinationLoadBalancerUids List<String>

An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.

destinationTags List<String>

An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.

portRange String

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

protocol string

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

destinationAddresses string[]

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.

destinationDropletIds number[]

An array containing the IDs of the Droplets to which the outbound traffic will be allowed.

destinationKubernetesIds string[]

An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.

destinationLoadBalancerUids string[]

An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.

destinationTags string[]

An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.

portRange string

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

protocol str

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

destination_addresses Sequence[str]

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.

destination_droplet_ids Sequence[int]

An array containing the IDs of the Droplets to which the outbound traffic will be allowed.

destination_kubernetes_ids Sequence[str]

An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.

destination_load_balancer_uids Sequence[str]

An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.

destination_tags Sequence[str]

An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.

port_range str

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

protocol String

The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".

destinationAddresses List<String>

An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.

destinationDropletIds List<Number>

An array containing the IDs of the Droplets to which the outbound traffic will be allowed.

destinationKubernetesIds List<String>

An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.

destinationLoadBalancerUids List<String>

An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.

destinationTags List<String>

An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.

portRange String

The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

FirewallPendingChange

DropletId int
Removing bool
Status string

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

DropletId int
Removing bool
Status string

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

dropletId Integer
removing Boolean
status String

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

dropletId number
removing boolean
status string

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

droplet_id int
removing bool
status str

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

dropletId Number
removing Boolean
status String

A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

Import

Firewalls can be imported using the firewall id, e.g.

 $ pulumi import digitalocean:index/firewall:Firewall myfirewall b8ecd2ab-2267-4a5e-8692-cbf1d32583e3

Package Details

Repository
DigitalOcean pulumi/pulumi-digitalocean
License
Apache-2.0
Notes

This Pulumi package is based on the digitalocean Terraform Provider.