oci.Core.NetworkSecurityGroupSecurityRule
Explore with Pulumi AI
This resource provides the Network Security Group Security Rule resource in Oracle Cloud Infrastructure Core service.
Adds a security rule to the specified network security group.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testNetworkSecurityGroupSecurityRule = new oci.core.NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule", {
networkSecurityGroupId: oci_core_network_security_group.test_network_security_group.id,
direction: _var.network_security_group_security_rule_direction,
protocol: _var.network_security_group_security_rule_protocol,
description: _var.network_security_group_security_rule_description,
destination: _var.network_security_group_security_rule_destination,
destinationType: _var.network_security_group_security_rule_destination_type,
icmpOptions: {
type: _var.network_security_group_security_rule_icmp_options_type,
code: _var.network_security_group_security_rule_icmp_options_code,
},
source: _var.network_security_group_security_rule_source,
sourceType: _var.network_security_group_security_rule_source_type,
stateless: _var.network_security_group_security_rule_stateless,
tcpOptions: {
destinationPortRange: {
max: _var.network_security_group_security_rule_tcp_options_destination_port_range_max,
min: _var.network_security_group_security_rule_tcp_options_destination_port_range_min,
},
sourcePortRange: {
max: _var.network_security_group_security_rule_tcp_options_source_port_range_max,
min: _var.network_security_group_security_rule_tcp_options_source_port_range_min,
},
},
udpOptions: {
destinationPortRange: {
max: _var.network_security_group_security_rule_udp_options_destination_port_range_max,
min: _var.network_security_group_security_rule_udp_options_destination_port_range_min,
},
sourcePortRange: {
max: _var.network_security_group_security_rule_udp_options_source_port_range_max,
min: _var.network_security_group_security_rule_udp_options_source_port_range_min,
},
},
});
import pulumi
import pulumi_oci as oci
test_network_security_group_security_rule = oci.core.NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule",
network_security_group_id=oci_core_network_security_group["test_network_security_group"]["id"],
direction=var["network_security_group_security_rule_direction"],
protocol=var["network_security_group_security_rule_protocol"],
description=var["network_security_group_security_rule_description"],
destination=var["network_security_group_security_rule_destination"],
destination_type=var["network_security_group_security_rule_destination_type"],
icmp_options=oci.core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs(
type=var["network_security_group_security_rule_icmp_options_type"],
code=var["network_security_group_security_rule_icmp_options_code"],
),
source=var["network_security_group_security_rule_source"],
source_type=var["network_security_group_security_rule_source_type"],
stateless=var["network_security_group_security_rule_stateless"],
tcp_options=oci.core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs(
destination_port_range=oci.core.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs(
max=var["network_security_group_security_rule_tcp_options_destination_port_range_max"],
min=var["network_security_group_security_rule_tcp_options_destination_port_range_min"],
),
source_port_range=oci.core.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs(
max=var["network_security_group_security_rule_tcp_options_source_port_range_max"],
min=var["network_security_group_security_rule_tcp_options_source_port_range_min"],
),
),
udp_options=oci.core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs(
destination_port_range=oci.core.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs(
max=var["network_security_group_security_rule_udp_options_destination_port_range_max"],
min=var["network_security_group_security_rule_udp_options_destination_port_range_min"],
),
source_port_range=oci.core.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs(
max=var["network_security_group_security_rule_udp_options_source_port_range_max"],
min=var["network_security_group_security_rule_udp_options_source_port_range_min"],
),
))
package main
import (
"github.com/pulumi/pulumi-oci/sdk/go/oci/Core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := Core.NewNetworkSecurityGroupSecurityRule(ctx, "testNetworkSecurityGroupSecurityRule", &Core.NetworkSecurityGroupSecurityRuleArgs{
NetworkSecurityGroupId: pulumi.Any(oci_core_network_security_group.Test_network_security_group.Id),
Direction: pulumi.Any(_var.Network_security_group_security_rule_direction),
Protocol: pulumi.Any(_var.Network_security_group_security_rule_protocol),
Description: pulumi.Any(_var.Network_security_group_security_rule_description),
Destination: pulumi.Any(_var.Network_security_group_security_rule_destination),
DestinationType: pulumi.Any(_var.Network_security_group_security_rule_destination_type),
IcmpOptions: &core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs{
Type: pulumi.Any(_var.Network_security_group_security_rule_icmp_options_type),
Code: pulumi.Any(_var.Network_security_group_security_rule_icmp_options_code),
},
Source: pulumi.Any(_var.Network_security_group_security_rule_source),
SourceType: pulumi.Any(_var.Network_security_group_security_rule_source_type),
Stateless: pulumi.Any(_var.Network_security_group_security_rule_stateless),
TcpOptions: &core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs{
DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs{
Max: pulumi.Any(_var.Network_security_group_security_rule_tcp_options_destination_port_range_max),
Min: pulumi.Any(_var.Network_security_group_security_rule_tcp_options_destination_port_range_min),
},
SourcePortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs{
Max: pulumi.Any(_var.Network_security_group_security_rule_tcp_options_source_port_range_max),
Min: pulumi.Any(_var.Network_security_group_security_rule_tcp_options_source_port_range_min),
},
},
UdpOptions: &core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs{
DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs{
Max: pulumi.Any(_var.Network_security_group_security_rule_udp_options_destination_port_range_max),
Min: pulumi.Any(_var.Network_security_group_security_rule_udp_options_destination_port_range_min),
},
SourcePortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs{
Max: pulumi.Any(_var.Network_security_group_security_rule_udp_options_source_port_range_max),
Min: pulumi.Any(_var.Network_security_group_security_rule_udp_options_source_port_range_min),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testNetworkSecurityGroupSecurityRule = new Oci.Core.NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule", new()
{
NetworkSecurityGroupId = oci_core_network_security_group.Test_network_security_group.Id,
Direction = @var.Network_security_group_security_rule_direction,
Protocol = @var.Network_security_group_security_rule_protocol,
Description = @var.Network_security_group_security_rule_description,
Destination = @var.Network_security_group_security_rule_destination,
DestinationType = @var.Network_security_group_security_rule_destination_type,
IcmpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs
{
Type = @var.Network_security_group_security_rule_icmp_options_type,
Code = @var.Network_security_group_security_rule_icmp_options_code,
},
Source = @var.Network_security_group_security_rule_source,
SourceType = @var.Network_security_group_security_rule_source_type,
Stateless = @var.Network_security_group_security_rule_stateless,
TcpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs
{
DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs
{
Max = @var.Network_security_group_security_rule_tcp_options_destination_port_range_max,
Min = @var.Network_security_group_security_rule_tcp_options_destination_port_range_min,
},
SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs
{
Max = @var.Network_security_group_security_rule_tcp_options_source_port_range_max,
Min = @var.Network_security_group_security_rule_tcp_options_source_port_range_min,
},
},
UdpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs
{
DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs
{
Max = @var.Network_security_group_security_rule_udp_options_destination_port_range_max,
Min = @var.Network_security_group_security_rule_udp_options_destination_port_range_min,
},
SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs
{
Max = @var.Network_security_group_security_rule_udp_options_source_port_range_max,
Min = @var.Network_security_group_security_rule_udp_options_source_port_range_min,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Core.NetworkSecurityGroupSecurityRule;
import com.pulumi.oci.Core.NetworkSecurityGroupSecurityRuleArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testNetworkSecurityGroupSecurityRule = new NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule", NetworkSecurityGroupSecurityRuleArgs.builder()
.networkSecurityGroupId(oci_core_network_security_group.test_network_security_group().id())
.direction(var_.network_security_group_security_rule_direction())
.protocol(var_.network_security_group_security_rule_protocol())
.description(var_.network_security_group_security_rule_description())
.destination(var_.network_security_group_security_rule_destination())
.destinationType(var_.network_security_group_security_rule_destination_type())
.icmpOptions(NetworkSecurityGroupSecurityRuleIcmpOptionsArgs.builder()
.type(var_.network_security_group_security_rule_icmp_options_type())
.code(var_.network_security_group_security_rule_icmp_options_code())
.build())
.source(var_.network_security_group_security_rule_source())
.sourceType(var_.network_security_group_security_rule_source_type())
.stateless(var_.network_security_group_security_rule_stateless())
.tcpOptions(NetworkSecurityGroupSecurityRuleTcpOptionsArgs.builder()
.destinationPortRange(NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs.builder()
.max(var_.network_security_group_security_rule_tcp_options_destination_port_range_max())
.min(var_.network_security_group_security_rule_tcp_options_destination_port_range_min())
.build())
.sourcePortRange(NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs.builder()
.max(var_.network_security_group_security_rule_tcp_options_source_port_range_max())
.min(var_.network_security_group_security_rule_tcp_options_source_port_range_min())
.build())
.build())
.udpOptions(NetworkSecurityGroupSecurityRuleUdpOptionsArgs.builder()
.destinationPortRange(NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs.builder()
.max(var_.network_security_group_security_rule_udp_options_destination_port_range_max())
.min(var_.network_security_group_security_rule_udp_options_destination_port_range_min())
.build())
.sourcePortRange(NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs.builder()
.max(var_.network_security_group_security_rule_udp_options_source_port_range_max())
.min(var_.network_security_group_security_rule_udp_options_source_port_range_min())
.build())
.build())
.build());
}
}
resources:
testNetworkSecurityGroupSecurityRule:
type: oci:Core:NetworkSecurityGroupSecurityRule
properties:
#Required
networkSecurityGroupId: ${oci_core_network_security_group.test_network_security_group.id}
direction: ${var.network_security_group_security_rule_direction}
protocol: ${var.network_security_group_security_rule_protocol}
#Optional
description: ${var.network_security_group_security_rule_description}
destination: ${var.network_security_group_security_rule_destination}
destinationType: ${var.network_security_group_security_rule_destination_type}
icmpOptions:
type: ${var.network_security_group_security_rule_icmp_options_type}
code: ${var.network_security_group_security_rule_icmp_options_code}
source: ${var.network_security_group_security_rule_source}
sourceType: ${var.network_security_group_security_rule_source_type}
stateless: ${var.network_security_group_security_rule_stateless}
tcpOptions:
destinationPortRange:
max: ${var.network_security_group_security_rule_tcp_options_destination_port_range_max}
min: ${var.network_security_group_security_rule_tcp_options_destination_port_range_min}
sourcePortRange:
max: ${var.network_security_group_security_rule_tcp_options_source_port_range_max}
min: ${var.network_security_group_security_rule_tcp_options_source_port_range_min}
udpOptions:
destinationPortRange:
max: ${var.network_security_group_security_rule_udp_options_destination_port_range_max}
min: ${var.network_security_group_security_rule_udp_options_destination_port_range_min}
sourcePortRange:
max: ${var.network_security_group_security_rule_udp_options_source_port_range_max}
min: ${var.network_security_group_security_rule_udp_options_source_port_range_min}
Create NetworkSecurityGroupSecurityRule Resource
new NetworkSecurityGroupSecurityRule(name: string, args: NetworkSecurityGroupSecurityRuleArgs, opts?: CustomResourceOptions);
@overload
def NetworkSecurityGroupSecurityRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
destination: Optional[str] = None,
destination_type: Optional[str] = None,
direction: Optional[str] = None,
icmp_options: Optional[_core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs] = None,
network_security_group_id: Optional[str] = None,
protocol: Optional[str] = None,
source: Optional[str] = None,
source_type: Optional[str] = None,
stateless: Optional[bool] = None,
tcp_options: Optional[_core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs] = None,
udp_options: Optional[_core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs] = None)
@overload
def NetworkSecurityGroupSecurityRule(resource_name: str,
args: NetworkSecurityGroupSecurityRuleArgs,
opts: Optional[ResourceOptions] = None)
func NewNetworkSecurityGroupSecurityRule(ctx *Context, name string, args NetworkSecurityGroupSecurityRuleArgs, opts ...ResourceOption) (*NetworkSecurityGroupSecurityRule, error)
public NetworkSecurityGroupSecurityRule(string name, NetworkSecurityGroupSecurityRuleArgs args, CustomResourceOptions? opts = null)
public NetworkSecurityGroupSecurityRule(String name, NetworkSecurityGroupSecurityRuleArgs args)
public NetworkSecurityGroupSecurityRule(String name, NetworkSecurityGroupSecurityRuleArgs args, CustomResourceOptions options)
type: oci:Core:NetworkSecurityGroupSecurityRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
NetworkSecurityGroupSecurityRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The NetworkSecurityGroupSecurityRule resource accepts the following input properties:
- Direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - Network
Security stringGroup Id - The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - Description string
- An optional description of your choice for the rule. Avoid entering confidential information.
- Destination string
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- Destination
Type string Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- Icmp
Options NetworkSecurity Group Security Rule Icmp Options Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- Source string
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- Source
Type string - Type of source for the rule. Required if
direction
=INGRESS
. - Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- Tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- Udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- Direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - Network
Security stringGroup Id - The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - Description string
- An optional description of your choice for the rule. Avoid entering confidential information.
- Destination string
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- Destination
Type string Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- Icmp
Options NetworkSecurity Group Security Rule Icmp Options Args Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- Source string
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- Source
Type string - Type of source for the rule. Required if
direction
=INGRESS
. - Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- Tcp
Options NetworkSecurity Group Security Rule Tcp Options Args - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- Udp
Options NetworkSecurity Group Security Rule Udp Options Args - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction String
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - network
Security StringGroup Id - The OCID of the network security group.
- protocol String
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - description String
- An optional description of your choice for the rule. Avoid entering confidential information.
- destination String
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- destination
Type String Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- icmp
Options NetworkSecurity Group Security Rule Icmp Options Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- source String
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- source
Type String - Type of source for the rule. Required if
direction
=INGRESS
. - stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - network
Security stringGroup Id - The OCID of the network security group.
- protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - description string
- An optional description of your choice for the rule. Avoid entering confidential information.
- destination string
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- destination
Type string Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- icmp
Options NetworkSecurity Group Security Rule Icmp Options Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- source string
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- source
Type string - Type of source for the rule. Required if
direction
=INGRESS
. - stateless boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction str
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - network_
security_ strgroup_ id - The OCID of the network security group.
- protocol str
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - description str
- An optional description of your choice for the rule. Avoid entering confidential information.
- destination str
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- destination_
type str Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- icmp_
options NetworkSecurity Group Security Rule Icmp Options Args Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- source str
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- source_
type str - Type of source for the rule. Required if
direction
=INGRESS
. - stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp_
options NetworkSecurity Group Security Rule Tcp Options Args - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udp_
options NetworkSecurity Group Security Rule Udp Options Args - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction String
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - network
Security StringGroup Id - The OCID of the network security group.
- protocol String
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - description String
- An optional description of your choice for the rule. Avoid entering confidential information.
- destination String
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- destination
Type String Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- icmp
Options Property Map Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- source String
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- source
Type String - Type of source for the rule. Required if
direction
=INGRESS
. - stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options Property Map - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udp
Options Property Map - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
Outputs
All input properties are implicitly available as output properties. Additionally, the NetworkSecurityGroupSecurityRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Is
Valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - Time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- Id string
- The provider-assigned unique ID for this managed resource.
- Is
Valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - Time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- id String
- The provider-assigned unique ID for this managed resource.
- is
Valid Boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - time
Created String - The date and time the security rule was created. Format defined by RFC3339.
- id string
- The provider-assigned unique ID for this managed resource.
- is
Valid boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- id str
- The provider-assigned unique ID for this managed resource.
- is_
valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - time_
created str - The date and time the security rule was created. Format defined by RFC3339.
- id String
- The provider-assigned unique ID for this managed resource.
- is
Valid Boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - time
Created String - The date and time the security rule was created. Format defined by RFC3339.
Look up Existing NetworkSecurityGroupSecurityRule Resource
Get an existing NetworkSecurityGroupSecurityRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NetworkSecurityGroupSecurityRuleState, opts?: CustomResourceOptions): NetworkSecurityGroupSecurityRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
destination: Optional[str] = None,
destination_type: Optional[str] = None,
direction: Optional[str] = None,
icmp_options: Optional[_core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs] = None,
is_valid: Optional[bool] = None,
network_security_group_id: Optional[str] = None,
protocol: Optional[str] = None,
source: Optional[str] = None,
source_type: Optional[str] = None,
stateless: Optional[bool] = None,
tcp_options: Optional[_core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs] = None,
time_created: Optional[str] = None,
udp_options: Optional[_core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs] = None) -> NetworkSecurityGroupSecurityRule
func GetNetworkSecurityGroupSecurityRule(ctx *Context, name string, id IDInput, state *NetworkSecurityGroupSecurityRuleState, opts ...ResourceOption) (*NetworkSecurityGroupSecurityRule, error)
public static NetworkSecurityGroupSecurityRule Get(string name, Input<string> id, NetworkSecurityGroupSecurityRuleState? state, CustomResourceOptions? opts = null)
public static NetworkSecurityGroupSecurityRule get(String name, Output<String> id, NetworkSecurityGroupSecurityRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- An optional description of your choice for the rule. Avoid entering confidential information.
- Destination string
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- Destination
Type string Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- Direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - Icmp
Options NetworkSecurity Group Security Rule Icmp Options Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- Is
Valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - Network
Security stringGroup Id - The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - Source string
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- Source
Type string - Type of source for the rule. Required if
direction
=INGRESS
. - Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- Tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- Time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- Udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- Description string
- An optional description of your choice for the rule. Avoid entering confidential information.
- Destination string
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- Destination
Type string Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- Direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - Icmp
Options NetworkSecurity Group Security Rule Icmp Options Args Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- Is
Valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - Network
Security stringGroup Id - The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - Source string
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- Source
Type string - Type of source for the rule. Required if
direction
=INGRESS
. - Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- Tcp
Options NetworkSecurity Group Security Rule Tcp Options Args - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- Time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- Udp
Options NetworkSecurity Group Security Rule Udp Options Args - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description String
- An optional description of your choice for the rule. Avoid entering confidential information.
- destination String
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- destination
Type String Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- direction String
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - icmp
Options NetworkSecurity Group Security Rule Icmp Options Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- is
Valid Boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - network
Security StringGroup Id - The OCID of the network security group.
- protocol String
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - source String
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- source
Type String - Type of source for the rule. Required if
direction
=INGRESS
. - stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- time
Created String - The date and time the security rule was created. Format defined by RFC3339.
- udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description string
- An optional description of your choice for the rule. Avoid entering confidential information.
- destination string
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- destination
Type string Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - icmp
Options NetworkSecurity Group Security Rule Icmp Options Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- is
Valid boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - network
Security stringGroup Id - The OCID of the network security group.
- protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - source string
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- source
Type string - Type of source for the rule. Required if
direction
=INGRESS
. - stateless boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description str
- An optional description of your choice for the rule. Avoid entering confidential information.
- destination str
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- destination_
type str Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- direction str
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - icmp_
options NetworkSecurity Group Security Rule Icmp Options Args Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- is_
valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - network_
security_ strgroup_ id - The OCID of the network security group.
- protocol str
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - source str
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- source_
type str - Type of source for the rule. Required if
direction
=INGRESS
. - stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp_
options NetworkSecurity Group Security Rule Tcp Options Args - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- time_
created str - The date and time the security rule was created. Format defined by RFC3339.
- udp_
options NetworkSecurity Group Security Rule Udp Options Args - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description String
- An optional description of your choice for the rule. Avoid entering confidential information.
- destination String
Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic destined for a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- destination
Type String Type of destination for the rule. Required if
direction
=EGRESS
.Allowed values:
- direction String
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - icmp
Options Property Map Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
- is
Valid Boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - network
Security StringGroup Id - The OCID of the network security group.
- protocol String
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - source String
Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
Allowed values:
- An IP address range in CIDR notation. For example:
192.168.1.0/24
or2001:0db8:0123:45::/56
IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses. - The
cidrBlock
value for a Service, if you're setting up a security rule for traffic coming from a particularService
through a service gateway. For example:oci-phx-objectstorage
. - The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
- An IP address range in CIDR notation. For example:
- source
Type String - Type of source for the rule. Required if
direction
=INGRESS
. - stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options Property Map - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- time
Created String - The date and time the security rule was created. Format defined by RFC3339.
- udp
Options Property Map - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
Supporting Types
NetworkSecurityGroupSecurityRuleIcmpOptions, NetworkSecurityGroupSecurityRuleIcmpOptionsArgs
NetworkSecurityGroupSecurityRuleTcpOptions, NetworkSecurityGroupSecurityRuleTcpOptionsArgs
NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRange, NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs
- Max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- Min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- Min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max Integer
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min Integer
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max number
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min number
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max Number
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min Number
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRange, NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs
- Max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- Min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- Min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max Integer
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min Integer
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max number
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min number
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max Number
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min Number
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
NetworkSecurityGroupSecurityRuleUdpOptions, NetworkSecurityGroupSecurityRuleUdpOptionsArgs
NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRange, NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs
- Max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- Min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- Min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max Integer
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min Integer
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max number
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min number
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max Number
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min Number
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRange, NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs
- Max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- Min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- Min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max Integer
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min Integer
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max number
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min number
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max int
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min int
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- max Number
- The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
- min Number
The minimum port number, which must not be greater than the maximum port number.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Import
NetworkSecurityGroupSecurityRule can be imported using the id
, e.g.
$ pulumi import oci:Core/networkSecurityGroupSecurityRule:NetworkSecurityGroupSecurityRule test_network_security_group_security_rule "networkSecurityGroups/{networkSecurityGroupId}/securityRules/{securityRuleId}"
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.