DigitalOcean

v4.10.0 published on Wednesday, Nov 24, 2021 by Pulumi

Firewall

Provides a DigitalOcean Cloud Firewall resource. This can be used to create, modify, and delete Firewalls.

Example Usage

using Pulumi;
using DigitalOcean = Pulumi.DigitalOcean;

class MyStack : Stack
{
    public MyStack()
    {
        var webDroplet = new DigitalOcean.Droplet("webDroplet", new DigitalOcean.DropletArgs
        {
            Size = "s-1vcpu-1gb",
            Image = "ubuntu-18-04-x64",
            Region = "nyc3",
        });
        var webFirewall = new DigitalOcean.Firewall("webFirewall", new DigitalOcean.FirewallArgs
        {
            DropletIds = 
            {
                webDroplet.Id,
            },
            InboundRules = 
            {
                new DigitalOcean.Inputs.FirewallInboundRuleArgs
                {
                    Protocol = "tcp",
                    PortRange = "22",
                    SourceAddresses = 
                    {
                        "192.168.1.0/24",
                        "2002:1:2::/48",
                    },
                },
                new DigitalOcean.Inputs.FirewallInboundRuleArgs
                {
                    Protocol = "tcp",
                    PortRange = "80",
                    SourceAddresses = 
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
                new DigitalOcean.Inputs.FirewallInboundRuleArgs
                {
                    Protocol = "tcp",
                    PortRange = "443",
                    SourceAddresses = 
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
                new DigitalOcean.Inputs.FirewallInboundRuleArgs
                {
                    Protocol = "icmp",
                    SourceAddresses = 
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
            },
            OutboundRules = 
            {
                new DigitalOcean.Inputs.FirewallOutboundRuleArgs
                {
                    Protocol = "tcp",
                    PortRange = "53",
                    DestinationAddresses = 
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
                new DigitalOcean.Inputs.FirewallOutboundRuleArgs
                {
                    Protocol = "udp",
                    PortRange = "53",
                    DestinationAddresses = 
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
                new DigitalOcean.Inputs.FirewallOutboundRuleArgs
                {
                    Protocol = "icmp",
                    DestinationAddresses = 
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-digitalocean/sdk/v4/go/digitalocean"
	"github.com/pulumi/pulumi-digitalocean/sdk/v4/go/digitalocean/index"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		webDroplet, err := digitalocean.NewDroplet(ctx, "webDroplet", &digitalocean.DropletArgs{
			Size:   pulumi.String("s-1vcpu-1gb"),
			Image:  pulumi.String("ubuntu-18-04-x64"),
			Region: pulumi.String("nyc3"),
		})
		if err != nil {
			return err
		}
		_, err = digitalocean.NewFirewall(ctx, "webFirewall", &digitalocean.FirewallArgs{
			DropletIds: pulumi.IntArray{
				webDroplet.ID(),
			},
			InboundRules: FirewallInboundRuleArray{
				&FirewallInboundRuleArgs{
					Protocol:  pulumi.String("tcp"),
					PortRange: pulumi.String("22"),
					SourceAddresses: pulumi.StringArray{
						pulumi.String("192.168.1.0/24"),
						pulumi.String("2002:1:2::/48"),
					},
				},
				&FirewallInboundRuleArgs{
					Protocol:  pulumi.String("tcp"),
					PortRange: pulumi.String("80"),
					SourceAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
				&FirewallInboundRuleArgs{
					Protocol:  pulumi.String("tcp"),
					PortRange: pulumi.String("443"),
					SourceAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
				&FirewallInboundRuleArgs{
					Protocol: pulumi.String("icmp"),
					SourceAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
			},
			OutboundRules: FirewallOutboundRuleArray{
				&FirewallOutboundRuleArgs{
					Protocol:  pulumi.String("tcp"),
					PortRange: pulumi.String("53"),
					DestinationAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
				&FirewallOutboundRuleArgs{
					Protocol:  pulumi.String("udp"),
					PortRange: pulumi.String("53"),
					DestinationAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
				&FirewallOutboundRuleArgs{
					Protocol: pulumi.String("icmp"),
					DestinationAddresses: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_digitalocean as digitalocean

web_droplet = digitalocean.Droplet("webDroplet",
    size="s-1vcpu-1gb",
    image="ubuntu-18-04-x64",
    region="nyc3")
web_firewall = digitalocean.Firewall("webFirewall",
    droplet_ids=[web_droplet.id],
    inbound_rules=[
        digitalocean.FirewallInboundRuleArgs(
            protocol="tcp",
            port_range="22",
            source_addresses=[
                "192.168.1.0/24",
                "2002:1:2::/48",
            ],
        ),
        digitalocean.FirewallInboundRuleArgs(
            protocol="tcp",
            port_range="80",
            source_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
        digitalocean.FirewallInboundRuleArgs(
            protocol="tcp",
            port_range="443",
            source_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
        digitalocean.FirewallInboundRuleArgs(
            protocol="icmp",
            source_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
    ],
    outbound_rules=[
        digitalocean.FirewallOutboundRuleArgs(
            protocol="tcp",
            port_range="53",
            destination_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
        digitalocean.FirewallOutboundRuleArgs(
            protocol="udp",
            port_range="53",
            destination_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
        digitalocean.FirewallOutboundRuleArgs(
            protocol="icmp",
            destination_addresses=[
                "0.0.0.0/0",
                "::/0",
            ],
        ),
    ])
import * as pulumi from "@pulumi/pulumi";
import * as digitalocean from "@pulumi/digitalocean";

const webDroplet = new digitalocean.Droplet("webDroplet", {
    size: "s-1vcpu-1gb",
    image: "ubuntu-18-04-x64",
    region: "nyc3",
});
const webFirewall = new digitalocean.Firewall("webFirewall", {
    dropletIds: [webDroplet.id],
    inboundRules: [
        {
            protocol: "tcp",
            portRange: "22",
            sourceAddresses: [
                "192.168.1.0/24",
                "2002:1:2::/48",
            ],
        },
        {
            protocol: "tcp",
            portRange: "80",
            sourceAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
        {
            protocol: "tcp",
            portRange: "443",
            sourceAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
        {
            protocol: "icmp",
            sourceAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
    ],
    outboundRules: [
        {
            protocol: "tcp",
            portRange: "53",
            destinationAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
        {
            protocol: "udp",
            portRange: "53",
            destinationAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
        {
            protocol: "icmp",
            destinationAddresses: [
                "0.0.0.0/0",
                "::/0",
            ],
        },
    ],
});

Create a Firewall Resource

new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             droplet_ids: Optional[Sequence[int]] = None,
             inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
             name: Optional[str] = None,
             outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
             tags: Optional[Sequence[str]] = None)
@overload
def Firewall(resource_name: str,
             args: Optional[FirewallArgs] = None,
             opts: Optional[ResourceOptions] = None)
func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Firewall resource accepts the following input properties:

DropletIds List<int>
The list of the IDs of the Droplets assigned to the Firewall.
InboundRules List<Pulumi.DigitalOcean.Inputs.FirewallInboundRuleArgs>
The inbound access rule block for the Firewall. The inbound_rule block is documented below.
Name string
The Firewall name
OutboundRules List<Pulumi.DigitalOcean.Inputs.FirewallOutboundRuleArgs>
The outbound access rule block for the Firewall. The outbound_rule block is documented below.
Tags List<string>
The names of the Tags assigned to the Firewall.
DropletIds []int
The list of the IDs of the Droplets assigned to the Firewall.
InboundRules []FirewallInboundRuleArgs
The inbound access rule block for the Firewall. The inbound_rule block is documented below.
Name string
The Firewall name
OutboundRules []FirewallOutboundRuleArgs
The outbound access rule block for the Firewall. The outbound_rule block is documented below.
Tags []string
The names of the Tags assigned to the Firewall.
dropletIds number[]
The list of the IDs of the Droplets assigned to the Firewall.
inboundRules FirewallInboundRuleArgs[]
The inbound access rule block for the Firewall. The inbound_rule block is documented below.
name string
The Firewall name
outboundRules FirewallOutboundRuleArgs[]
The outbound access rule block for the Firewall. The outbound_rule block is documented below.
tags string[]
The names of the Tags assigned to the Firewall.
droplet_ids Sequence[int]
The list of the IDs of the Droplets assigned to the Firewall.
inbound_rules Sequence[FirewallInboundRuleArgs]
The inbound access rule block for the Firewall. The inbound_rule block is documented below.
name str
The Firewall name
outbound_rules Sequence[FirewallOutboundRuleArgs]
The outbound access rule block for the Firewall. The outbound_rule block is documented below.
tags Sequence[str]
The names of the Tags assigned to the Firewall.

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

CreatedAt string
A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
Id string
The provider-assigned unique ID for this managed resource.
PendingChanges List<Pulumi.DigitalOcean.Outputs.FirewallPendingChange>
An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
Status string
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
CreatedAt string
A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
Id string
The provider-assigned unique ID for this managed resource.
PendingChanges []FirewallPendingChange
An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
Status string
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
createdAt string
A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
id string
The provider-assigned unique ID for this managed resource.
pendingChanges FirewallPendingChange[]
An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
status string
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
created_at str
A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
id str
The provider-assigned unique ID for this managed resource.
pending_changes Sequence[FirewallPendingChange]
An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
status str
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

Look up an Existing Firewall Resource

Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        created_at: Optional[str] = None,
        droplet_ids: Optional[Sequence[int]] = None,
        inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
        name: Optional[str] = None,
        outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
        pending_changes: Optional[Sequence[FirewallPendingChangeArgs]] = None,
        status: Optional[str] = None,
        tags: Optional[Sequence[str]] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

CreatedAt string
A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
DropletIds List<int>
The list of the IDs of the Droplets assigned to the Firewall.
InboundRules List<Pulumi.DigitalOcean.Inputs.FirewallInboundRuleArgs>
The inbound access rule block for the Firewall. The inbound_rule block is documented below.
Name string
The Firewall name
OutboundRules List<Pulumi.DigitalOcean.Inputs.FirewallOutboundRuleArgs>
The outbound access rule block for the Firewall. The outbound_rule block is documented below.
PendingChanges List<Pulumi.DigitalOcean.Inputs.FirewallPendingChangeArgs>
An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
Status string
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
Tags List<string>
The names of the Tags assigned to the Firewall.
CreatedAt string
A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
DropletIds []int
The list of the IDs of the Droplets assigned to the Firewall.
InboundRules []FirewallInboundRuleArgs
The inbound access rule block for the Firewall. The inbound_rule block is documented below.
Name string
The Firewall name
OutboundRules []FirewallOutboundRuleArgs
The outbound access rule block for the Firewall. The outbound_rule block is documented below.
PendingChanges []FirewallPendingChangeArgs
An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
Status string
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
Tags []string
The names of the Tags assigned to the Firewall.
createdAt string
A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
dropletIds number[]
The list of the IDs of the Droplets assigned to the Firewall.
inboundRules FirewallInboundRuleArgs[]
The inbound access rule block for the Firewall. The inbound_rule block is documented below.
name string
The Firewall name
outboundRules FirewallOutboundRuleArgs[]
The outbound access rule block for the Firewall. The outbound_rule block is documented below.
pendingChanges FirewallPendingChangeArgs[]
An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
status string
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
tags string[]
The names of the Tags assigned to the Firewall.
created_at str
A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
droplet_ids Sequence[int]
The list of the IDs of the Droplets assigned to the Firewall.
inbound_rules Sequence[FirewallInboundRuleArgs]
The inbound access rule block for the Firewall. The inbound_rule block is documented below.
name str
The Firewall name
outbound_rules Sequence[FirewallOutboundRuleArgs]
The outbound access rule block for the Firewall. The outbound_rule block is documented below.
pending_changes Sequence[FirewallPendingChangeArgs]
An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
status str
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
tags Sequence[str]
The names of the Tags assigned to the Firewall.

Supporting Types

FirewallInboundRule

Protocol string
The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
PortRange string
The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
SourceAddresses List<string>
An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
SourceDropletIds List<int>
An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
SourceKubernetesIds List<string>
An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
SourceLoadBalancerUids List<string>
An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
SourceTags List<string>
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
Protocol string
The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
PortRange string
The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
SourceAddresses []string
An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
SourceDropletIds []int
An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
SourceKubernetesIds []string
An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
SourceLoadBalancerUids []string
An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
SourceTags []string
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
protocol string
The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
portRange string
The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
sourceAddresses string[]
An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
sourceDropletIds number[]
An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
sourceKubernetesIds string[]
An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
sourceLoadBalancerUids string[]
An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
sourceTags string[]
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
protocol str
The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
port_range str
The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
source_addresses Sequence[str]
An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
source_droplet_ids Sequence[int]
An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
source_kubernetes_ids Sequence[str]
An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
source_load_balancer_uids Sequence[str]
An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
source_tags Sequence[str]
An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

FirewallOutboundRule

Protocol string
The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
DestinationAddresses List<string>
An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
DestinationDropletIds List<int>
An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
DestinationKubernetesIds List<string>
An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
DestinationLoadBalancerUids List<string>
An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
DestinationTags List<string>
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
PortRange string
The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
Protocol string
The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
DestinationAddresses []string
An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
DestinationDropletIds []int
An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
DestinationKubernetesIds []string
An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
DestinationLoadBalancerUids []string
An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
DestinationTags []string
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
PortRange string
The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
protocol string
The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
destinationAddresses string[]
An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
destinationDropletIds number[]
An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
destinationKubernetesIds string[]
An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
destinationLoadBalancerUids string[]
An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
destinationTags string[]
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
portRange string
The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
protocol str
The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
destination_addresses Sequence[str]
An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
destination_droplet_ids Sequence[int]
An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
destination_kubernetes_ids Sequence[str]
An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
destination_load_balancer_uids Sequence[str]
An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
destination_tags Sequence[str]
An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
port_range str
The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.

FirewallPendingChange

DropletId int
Removing bool
Status string
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
DropletId int
Removing bool
Status string
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
dropletId number
removing boolean
status string
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
droplet_id int
removing bool
status str
A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

Import

Firewalls can be imported using the firewall id, e.g.

 $ pulumi import digitalocean:index/firewall:Firewall myfirewall b8ecd2ab-2267-4a5e-8692-cbf1d32583e3

Package Details

Repository
https://github.com/pulumi/pulumi-digitalocean
License
Apache-2.0
Notes
This Pulumi package is based on the digitalocean Terraform Provider.