Oracle Cloud Infrastructure

v0.5.0 published on Monday, Sep 12, 2022 by Pulumi

getNetworkFirewallPolicies

This data source provides the list of Network Firewall Policies in Oracle Cloud Infrastructure Network Firewall service.

Returns a list of Network Firewall Policies.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testNetworkFirewallPolicies = Oci.NetworkFirewall.GetNetworkFirewallPolicies.Invoke(new()
    {
        CompartmentId = @var.Compartment_id,
        DisplayName = @var.Network_firewall_policy_display_name,
        Id = @var.Network_firewall_policy_id,
        State = @var.Network_firewall_policy_state,
    });

});
package main

import (
	"github.com/pulumi/pulumi-oci/sdk/go/oci/NetworkFirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := NetworkFirewall.GetNetworkFirewallPolicies(ctx, &networkfirewall.GetNetworkFirewallPoliciesArgs{
			CompartmentId: _var.Compartment_id,
			DisplayName:   pulumi.StringRef(_var.Network_firewall_policy_display_name),
			Id:            pulumi.StringRef(_var.Network_firewall_policy_id),
			State:         pulumi.StringRef(_var.Network_firewall_policy_state),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.NetworkFirewall.NetworkFirewallFunctions;
import com.pulumi.oci.NetworkFirewall.inputs.GetNetworkFirewallPoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testNetworkFirewallPolicies = NetworkFirewallFunctions.getNetworkFirewallPolicies(GetNetworkFirewallPoliciesArgs.builder()
            .compartmentId(var_.compartment_id())
            .displayName(var_.network_firewall_policy_display_name())
            .id(var_.network_firewall_policy_id())
            .state(var_.network_firewall_policy_state())
            .build());

    }
}
import pulumi
import pulumi_oci as oci

test_network_firewall_policies = oci.NetworkFirewall.get_network_firewall_policies(compartment_id=var["compartment_id"],
    display_name=var["network_firewall_policy_display_name"],
    id=var["network_firewall_policy_id"],
    state=var["network_firewall_policy_state"])
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testNetworkFirewallPolicies = oci.NetworkFirewall.getNetworkFirewallPolicies({
    compartmentId: _var.compartment_id,
    displayName: _var.network_firewall_policy_display_name,
    id: _var.network_firewall_policy_id,
    state: _var.network_firewall_policy_state,
});
variables:
  testNetworkFirewallPolicies:
    Fn::Invoke:
      Function: oci:NetworkFirewall:getNetworkFirewallPolicies
      Arguments:
        compartmentId: ${var.compartment_id}
        displayName: ${var.network_firewall_policy_display_name}
        id: ${var.network_firewall_policy_id}
        state: ${var.network_firewall_policy_state}

Using getNetworkFirewallPolicies

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getNetworkFirewallPolicies(args: GetNetworkFirewallPoliciesArgs, opts?: InvokeOptions): Promise<GetNetworkFirewallPoliciesResult>
function getNetworkFirewallPoliciesOutput(args: GetNetworkFirewallPoliciesOutputArgs, opts?: InvokeOptions): Output<GetNetworkFirewallPoliciesResult>
def get_network_firewall_policies(compartment_id: Optional[str] = None,
                                  display_name: Optional[str] = None,
                                  filters: Optional[Sequence[_networkfirewall.GetNetworkFirewallPoliciesFilter]] = None,
                                  id: Optional[str] = None,
                                  state: Optional[str] = None,
                                  opts: Optional[InvokeOptions] = None) -> GetNetworkFirewallPoliciesResult
def get_network_firewall_policies_output(compartment_id: Optional[pulumi.Input[str]] = None,
                                  display_name: Optional[pulumi.Input[str]] = None,
                                  filters: Optional[pulumi.Input[Sequence[pulumi.Input[_networkfirewall.GetNetworkFirewallPoliciesFilterArgs]]]] = None,
                                  id: Optional[pulumi.Input[str]] = None,
                                  state: Optional[pulumi.Input[str]] = None,
                                  opts: Optional[InvokeOptions] = None) -> Output[GetNetworkFirewallPoliciesResult]
func GetNetworkFirewallPolicies(ctx *Context, args *GetNetworkFirewallPoliciesArgs, opts ...InvokeOption) (*GetNetworkFirewallPoliciesResult, error)
func GetNetworkFirewallPoliciesOutput(ctx *Context, args *GetNetworkFirewallPoliciesOutputArgs, opts ...InvokeOption) GetNetworkFirewallPoliciesResultOutput

> Note: This function is named GetNetworkFirewallPolicies in the Go SDK.

public static class GetNetworkFirewallPolicies 
{
    public static Task<GetNetworkFirewallPoliciesResult> InvokeAsync(GetNetworkFirewallPoliciesArgs args, InvokeOptions? opts = null)
    public static Output<GetNetworkFirewallPoliciesResult> Invoke(GetNetworkFirewallPoliciesInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetNetworkFirewallPoliciesResult> getNetworkFirewallPolicies(GetNetworkFirewallPoliciesArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: oci:NetworkFirewall/getNetworkFirewallPolicies:getNetworkFirewallPolicies
  Arguments:
    # Arguments dictionary

The following arguments are supported:

CompartmentId string

The ID of the compartment in which to list resources.

DisplayName string

A filter to return only resources that match the entire display name given.

Filters List<GetNetworkFirewallPoliciesFilter>
Id string

Unique Network Firewall Policy identifier

State string

A filter to return only resources with a lifecycleState matching the given value.

CompartmentId string

The ID of the compartment in which to list resources.

DisplayName string

A filter to return only resources that match the entire display name given.

Filters []GetNetworkFirewallPoliciesFilter
Id string

Unique Network Firewall Policy identifier

State string

A filter to return only resources with a lifecycleState matching the given value.

compartmentId String

The ID of the compartment in which to list resources.

displayName String

A filter to return only resources that match the entire display name given.

filters List<GetPoliciesFilter>
id String

Unique Network Firewall Policy identifier

state String

A filter to return only resources with a lifecycleState matching the given value.

compartmentId string

The ID of the compartment in which to list resources.

displayName string

A filter to return only resources that match the entire display name given.

filters GetNetworkFirewallPoliciesFilter[]
id string

Unique Network Firewall Policy identifier

state string

A filter to return only resources with a lifecycleState matching the given value.

compartment_id str

The ID of the compartment in which to list resources.

display_name str

A filter to return only resources that match the entire display name given.

filters GetNetworkFirewallPoliciesFilter]
id str

Unique Network Firewall Policy identifier

state str

A filter to return only resources with a lifecycleState matching the given value.

compartmentId String

The ID of the compartment in which to list resources.

displayName String

A filter to return only resources that match the entire display name given.

filters List<Property Map>
id String

Unique Network Firewall Policy identifier

state String

A filter to return only resources with a lifecycleState matching the given value.

getNetworkFirewallPolicies Result

The following output properties are available:

CompartmentId string

The OCID of the compartment containing the NetworkFirewall Policy.

NetworkFirewallPolicySummaryCollections List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollection>

The list of network_firewall_policy_summary_collection.

DisplayName string

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

Filters List<GetNetworkFirewallPoliciesFilter>
Id string

The OCID of the resource - Network Firewall Policy.

State string

The current state of the Network Firewall Policy.

CompartmentId string

The OCID of the compartment containing the NetworkFirewall Policy.

NetworkFirewallPolicySummaryCollections []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollection

The list of network_firewall_policy_summary_collection.

DisplayName string

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

Filters []GetNetworkFirewallPoliciesFilter
Id string

The OCID of the resource - Network Firewall Policy.

State string

The current state of the Network Firewall Policy.

compartmentId String

The OCID of the compartment containing the NetworkFirewall Policy.

networkFirewallPolicySummaryCollections List<GetPoliciesPolicySummaryCollection>

The list of network_firewall_policy_summary_collection.

displayName String

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

filters List<GetPoliciesFilter>
id String

The OCID of the resource - Network Firewall Policy.

state String

The current state of the Network Firewall Policy.

compartmentId string

The OCID of the compartment containing the NetworkFirewall Policy.

networkFirewallPolicySummaryCollections GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollection[]

The list of network_firewall_policy_summary_collection.

displayName string

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

filters GetNetworkFirewallPoliciesFilter[]
id string

The OCID of the resource - Network Firewall Policy.

state string

The current state of the Network Firewall Policy.

compartment_id str

The OCID of the compartment containing the NetworkFirewall Policy.

network_firewall_policy_summary_collections GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollection]

The list of network_firewall_policy_summary_collection.

display_name str

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

filters GetNetworkFirewallPoliciesFilter]
id str

The OCID of the resource - Network Firewall Policy.

state str

The current state of the Network Firewall Policy.

compartmentId String

The OCID of the compartment containing the NetworkFirewall Policy.

networkFirewallPolicySummaryCollections List<Property Map>

The list of network_firewall_policy_summary_collection.

displayName String

A user-friendly optional name for the firewall policy. Avoid entering confidential information.

filters List<Property Map>
id String

The OCID of the resource - Network Firewall Policy.

state String

The current state of the Network Firewall Policy.

Supporting Types

GetNetworkFirewallPoliciesFilter

Name string

Name for the Security rule, must be unique within the policy.

Values List<string>
Regex bool
Name string

Name for the Security rule, must be unique within the policy.

Values []string
Regex bool
name String

Name for the Security rule, must be unique within the policy.

values List<String>
regex Boolean
name string

Name for the Security rule, must be unique within the policy.

values string[]
regex boolean
name str

Name for the Security rule, must be unique within the policy.

values Sequence[str]
regex bool
name String

Name for the Security rule, must be unique within the policy.

values List<String>
regex Boolean

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollection

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItem

ApplicationLists List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemApplicationList>

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

CompartmentId string

The ID of the compartment in which to list resources.

DecryptionProfiles List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionProfile>

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

DecryptionRules List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRule>

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

DefinedTags Dictionary<string, object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

DisplayName string

A filter to return only resources that match the entire display name given.

FreeformTags Dictionary<string, object>

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

Id string

Unique Network Firewall Policy identifier

IpAddressLists List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemIpAddressList>

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

IsFirewallAttached bool

To determine if any Network Firewall is associated with this Network Firewall Policy.

LifecycleDetails string

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

MappedSecrets List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemMappedSecret>

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

SecurityRules List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRule>

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

State string

A filter to return only resources with a lifecycleState matching the given value.

SystemTags Dictionary<string, object>

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

TimeCreated string

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

TimeUpdated string

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

UrlLists List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemUrlList>

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

ApplicationLists []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemApplicationList

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

CompartmentId string

The ID of the compartment in which to list resources.

DecryptionProfiles []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionProfile

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

DecryptionRules []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRule

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

DefinedTags map[string]interface{}

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

DisplayName string

A filter to return only resources that match the entire display name given.

FreeformTags map[string]interface{}

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

Id string

Unique Network Firewall Policy identifier

IpAddressLists []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemIpAddressList

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

IsFirewallAttached bool

To determine if any Network Firewall is associated with this Network Firewall Policy.

LifecycleDetails string

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

MappedSecrets []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemMappedSecret

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

SecurityRules []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRule

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

State string

A filter to return only resources with a lifecycleState matching the given value.

SystemTags map[string]interface{}

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

TimeCreated string

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

TimeUpdated string

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

UrlLists []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemUrlList

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

applicationLists List<GetPoliciesPolicySummaryCollectionItemApplicationList>

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

compartmentId String

The ID of the compartment in which to list resources.

decryptionProfiles List<GetPoliciesPolicySummaryCollectionItemDecryptionProfile>

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

decryptionRules List<GetPoliciesPolicySummaryCollectionItemDecryptionRule>

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

definedTags Map<String,Object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

displayName String

A filter to return only resources that match the entire display name given.

freeformTags Map<String,Object>

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

id String

Unique Network Firewall Policy identifier

ipAddressLists List<GetPoliciesPolicySummaryCollectionItemIpAddressList>

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

isFirewallAttached Boolean

To determine if any Network Firewall is associated with this Network Firewall Policy.

lifecycleDetails String

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

mappedSecrets List<GetPoliciesPolicySummaryCollectionItemMappedSecret>

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

securityRules List<GetPoliciesPolicySummaryCollectionItemSecurityRule>

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

state String

A filter to return only resources with a lifecycleState matching the given value.

systemTags Map<String,Object>

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

timeCreated String

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

timeUpdated String

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

urlLists List<GetPoliciesPolicySummaryCollectionItemUrlList>

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

applicationLists GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemApplicationList[]

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

compartmentId string

The ID of the compartment in which to list resources.

decryptionProfiles GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionProfile[]

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

decryptionRules GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRule[]

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

definedTags {[key: string]: any}

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

displayName string

A filter to return only resources that match the entire display name given.

freeformTags {[key: string]: any}

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

id string

Unique Network Firewall Policy identifier

ipAddressLists GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemIpAddressList[]

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

isFirewallAttached boolean

To determine if any Network Firewall is associated with this Network Firewall Policy.

lifecycleDetails string

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

mappedSecrets GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemMappedSecret[]

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

securityRules GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRule[]

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

state string

A filter to return only resources with a lifecycleState matching the given value.

systemTags {[key: string]: any}

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

timeCreated string

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

timeUpdated string

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

urlLists GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemUrlList[]

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

application_lists GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemApplicationList]

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

compartment_id str

The ID of the compartment in which to list resources.

decryption_profiles GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionProfile]

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

decryption_rules GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRule]

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

defined_tags Mapping[str, Any]

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

display_name str

A filter to return only resources that match the entire display name given.

freeform_tags Mapping[str, Any]

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

id str

Unique Network Firewall Policy identifier

ip_address_lists GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemIpAddressList]

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

is_firewall_attached bool

To determine if any Network Firewall is associated with this Network Firewall Policy.

lifecycle_details str

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

mapped_secrets GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemMappedSecret]

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

security_rules GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRule]

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

state str

A filter to return only resources with a lifecycleState matching the given value.

system_tags Mapping[str, Any]

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

time_created str

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

time_updated str

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

url_lists GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemUrlList]

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

applicationLists List<Property Map>

Map defining application lists of the policy. The value of an entry is a list of "applications", each consisting of a protocol identifier (such as TCP, UDP, or ICMP) and protocol-specific parameters (such as a port range). The associated key is the identifier by which the application list is referenced.

compartmentId String

The ID of the compartment in which to list resources.

decryptionProfiles List<Property Map>

Map defining decryption profiles of the policy. The value of an entry is a decryption profile. The associated key is the identifier by which the decryption profile is referenced.

decryptionRules List<Property Map>

List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

definedTags Map<Any>

Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace.bar-key": "value"}

displayName String

A filter to return only resources that match the entire display name given.

freeformTags Map<Any>

Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"}

id String

Unique Network Firewall Policy identifier

ipAddressLists List<Property Map>

Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced.

isFirewallAttached Boolean

To determine if any Network Firewall is associated with this Network Firewall Policy.

lifecycleDetails String

A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in Failed state.

mappedSecrets List<Property Map>

Map defining secrets of the policy. The value of an entry is a "mapped secret" consisting of a purpose and source. The associated key is the identifier by which the mapped secret is referenced.

securityRules List<Property Map>

List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic.

state String

A filter to return only resources with a lifecycleState matching the given value.

systemTags Map<Any>

Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}

timeCreated String

The time instant at which the Network Firewall Policy was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

timeUpdated String

The time instant at which the Network Firewall Policy was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

urlLists List<Property Map>

Map defining URL pattern lists of the policy. The value of an entry is a list of URL patterns. The associated key is the identifier by which the URL pattern list is referenced.

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemApplicationList

IcmpCode int
IcmpType int
Key string
MaximumPort int
MinimumPort int
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
IcmpCode int
IcmpType int
Key string
MaximumPort int
MinimumPort int
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
icmpCode Integer
icmpType Integer
key String
maximumPort Integer
minimumPort Integer
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
icmpCode number
icmpType number
key string
maximumPort number
minimumPort number
type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
icmp_code int
icmp_type int
key str
maximum_port int
minimum_port int
type str

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
icmpCode Number
icmpType Number
key String
maximumPort Number
minimumPort Number
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionProfile

AreCertificateExtensionsRestricted bool

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

IsAutoIncludeAltName bool

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

IsExpiredCertificateBlocked bool

Whether to block sessions if server's certificate is expired.

IsOutOfCapacityBlocked bool

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

IsRevocationStatusTimeoutBlocked bool

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

IsUnknownRevocationStatusBlocked bool

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

IsUnsupportedCipherBlocked bool

Whether to block sessions if SSL cipher suite is not supported.

IsUnsupportedVersionBlocked bool

Whether to block sessions if SSL version is not supported.

IsUntrustedIssuerBlocked bool

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

Key string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
AreCertificateExtensionsRestricted bool

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

IsAutoIncludeAltName bool

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

IsExpiredCertificateBlocked bool

Whether to block sessions if server's certificate is expired.

IsOutOfCapacityBlocked bool

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

IsRevocationStatusTimeoutBlocked bool

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

IsUnknownRevocationStatusBlocked bool

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

IsUnsupportedCipherBlocked bool

Whether to block sessions if SSL cipher suite is not supported.

IsUnsupportedVersionBlocked bool

Whether to block sessions if SSL version is not supported.

IsUntrustedIssuerBlocked bool

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

Key string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
areCertificateExtensionsRestricted Boolean

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

isAutoIncludeAltName Boolean

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

isExpiredCertificateBlocked Boolean

Whether to block sessions if server's certificate is expired.

isOutOfCapacityBlocked Boolean

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

isRevocationStatusTimeoutBlocked Boolean

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

isUnknownRevocationStatusBlocked Boolean

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

isUnsupportedCipherBlocked Boolean

Whether to block sessions if SSL cipher suite is not supported.

isUnsupportedVersionBlocked Boolean

Whether to block sessions if SSL version is not supported.

isUntrustedIssuerBlocked Boolean

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

key String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
areCertificateExtensionsRestricted boolean

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

isAutoIncludeAltName boolean

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

isExpiredCertificateBlocked boolean

Whether to block sessions if server's certificate is expired.

isOutOfCapacityBlocked boolean

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

isRevocationStatusTimeoutBlocked boolean

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

isUnknownRevocationStatusBlocked boolean

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

isUnsupportedCipherBlocked boolean

Whether to block sessions if SSL cipher suite is not supported.

isUnsupportedVersionBlocked boolean

Whether to block sessions if SSL version is not supported.

isUntrustedIssuerBlocked boolean

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

key string
type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
are_certificate_extensions_restricted bool

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

is_auto_include_alt_name bool

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

is_expired_certificate_blocked bool

Whether to block sessions if server's certificate is expired.

is_out_of_capacity_blocked bool

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

is_revocation_status_timeout_blocked bool

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

is_unknown_revocation_status_blocked bool

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

is_unsupported_cipher_blocked bool

Whether to block sessions if SSL cipher suite is not supported.

is_unsupported_version_blocked bool

Whether to block sessions if SSL version is not supported.

is_untrusted_issuer_blocked bool

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

key str
type str

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
areCertificateExtensionsRestricted Boolean

Whether to block sessions if the server's certificate uses extensions other than key usage and/or extended key usage.

isAutoIncludeAltName Boolean

Whether to automatically append SAN to impersonating certificate if server certificate is missing SAN.

isExpiredCertificateBlocked Boolean

Whether to block sessions if server's certificate is expired.

isOutOfCapacityBlocked Boolean

Whether to block sessions if the firewall is temporarily unable to decrypt their traffic.

isRevocationStatusTimeoutBlocked Boolean

Whether to block sessions if the revocation status check for server's certificate does not succeed within the maximum allowed time (defaulting to 5 seconds).

isUnknownRevocationStatusBlocked Boolean

Whether to block sessions if the revocation status check for server's certificate results in "unknown".

isUnsupportedCipherBlocked Boolean

Whether to block sessions if SSL cipher suite is not supported.

isUnsupportedVersionBlocked Boolean

Whether to block sessions if SSL version is not supported.

isUntrustedIssuerBlocked Boolean

Whether to block sessions if server's certificate is issued by an untrusted certificate authority (CA).

key String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRule

Action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
Conditions List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

DecryptionProfile string

The name of the decryption profile to use.

Name string

Name for the Security rule, must be unique within the policy.

Secret string

The name of a mapped secret. Its type must match that of the specified decryption profile.

Action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
Conditions []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRuleCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

DecryptionProfile string

The name of the decryption profile to use.

Name string

Name for the Security rule, must be unique within the policy.

Secret string

The name of a mapped secret. Its type must match that of the specified decryption profile.

action String

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions List<GetPoliciesPolicySummaryCollectionItemDecryptionRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryptionProfile String

The name of the decryption profile to use.

name String

Name for the Security rule, must be unique within the policy.

secret String

The name of a mapped secret. Its type must match that of the specified decryption profile.

action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRuleCondition[]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryptionProfile string

The name of the decryption profile to use.

name string

Name for the Security rule, must be unique within the policy.

secret string

The name of a mapped secret. Its type must match that of the specified decryption profile.

action str

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRuleCondition]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryption_profile str

The name of the decryption profile to use.

name str

Name for the Security rule, must be unique within the policy.

secret str

The name of a mapped secret. Its type must match that of the specified decryption profile.

action String

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions List<Property Map>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

decryptionProfile String

The name of the decryption profile to use.

name String

Name for the Security rule, must be unique within the policy.

secret String

The name of a mapped secret. Its type must match that of the specified decryption profile.

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemDecryptionRuleCondition

Destinations List<string>

An array of IP address list names to be evaluated against the traffic destination address.

Sources List<string>

An array of IP address list names to be evaluated against the traffic source address.

Destinations []string

An array of IP address list names to be evaluated against the traffic destination address.

Sources []string

An array of IP address list names to be evaluated against the traffic source address.

destinations List<String>

An array of IP address list names to be evaluated against the traffic destination address.

sources List<String>

An array of IP address list names to be evaluated against the traffic source address.

destinations string[]

An array of IP address list names to be evaluated against the traffic destination address.

sources string[]

An array of IP address list names to be evaluated against the traffic source address.

destinations Sequence[str]

An array of IP address list names to be evaluated against the traffic destination address.

sources Sequence[str]

An array of IP address list names to be evaluated against the traffic source address.

destinations List<String>

An array of IP address list names to be evaluated against the traffic destination address.

sources List<String>

An array of IP address list names to be evaluated against the traffic source address.

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemIpAddressList

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemMappedSecret

Key string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
VaultSecretId string

OCID for the Vault Secret to be used.

VersionNumber int

Version number of the secret to be used.

Key string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
VaultSecretId string

OCID for the Vault Secret to be used.

VersionNumber int

Version number of the secret to be used.

key String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
vaultSecretId String

OCID for the Vault Secret to be used.

versionNumber Integer

Version number of the secret to be used.

key string
type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
vaultSecretId string

OCID for the Vault Secret to be used.

versionNumber number

Version number of the secret to be used.

key str
type str

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
vault_secret_id str

OCID for the Vault Secret to be used.

version_number int

Version number of the secret to be used.

key String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
vaultSecretId String

OCID for the Vault Secret to be used.

versionNumber Number

Version number of the secret to be used.

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRule

Action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
Conditions List<GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

Inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
Name string

Name for the Security rule, must be unique within the policy.

Action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
Conditions []GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRuleCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

Inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
Name string

Name for the Security rule, must be unique within the policy.

action String

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions List<GetPoliciesPolicySummaryCollectionItemSecurityRuleCondition>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection String

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
name String

Name for the Security rule, must be unique within the policy.

action string

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRuleCondition[]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
name string

Name for the Security rule, must be unique within the policy.

action str

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRuleCondition]

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection str

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
name str

Name for the Security rule, must be unique within the policy.

action String

Types of Action on the Traffic flow.

  • ALLOW - Allows the traffic.
  • DROP - Silently drops the traffic, e.g. without sending a TCP reset.
  • REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
  • INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.
conditions List<Property Map>

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

inspection String

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

  • INTRUSION_DETECTION - Intrusion Detection.
  • INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.
name String

Name for the Security rule, must be unique within the policy.

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemSecurityRuleCondition

Applications List<string>

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

Destinations List<string>

An array of IP address list names to be evaluated against the traffic destination address.

Sources List<string>

An array of IP address list names to be evaluated against the traffic source address.

Urls List<string>

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

Applications []string

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

Destinations []string

An array of IP address list names to be evaluated against the traffic destination address.

Sources []string

An array of IP address list names to be evaluated against the traffic source address.

Urls []string

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications List<String>

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

destinations List<String>

An array of IP address list names to be evaluated against the traffic destination address.

sources List<String>

An array of IP address list names to be evaluated against the traffic source address.

urls List<String>

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications string[]

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

destinations string[]

An array of IP address list names to be evaluated against the traffic destination address.

sources string[]

An array of IP address list names to be evaluated against the traffic source address.

urls string[]

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications Sequence[str]

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

destinations Sequence[str]

An array of IP address list names to be evaluated against the traffic destination address.

sources Sequence[str]

An array of IP address list names to be evaluated against the traffic source address.

urls Sequence[str]

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications List<String>

An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.

destinations List<String>

An array of IP address list names to be evaluated against the traffic destination address.

sources List<String>

An array of IP address list names to be evaluated against the traffic source address.

urls List<String>

An array of URL pattern list names to be evaluated against the HTTP(S) request target.

GetNetworkFirewallPoliciesNetworkFirewallPolicySummaryCollectionItemUrlList

Key string
Pattern string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
Key string
Pattern string
Type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
key String
pattern String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
key string
pattern string
type string

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
key str
pattern str
type str

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.
key String
pattern String
type String

Type of the secrets mapped based on the policy.

  • SSL_INBOUND_INSPECTION: For Inbound inspection of SSL traffic.
  • SSL_FORWARD_PROXY: For forward proxy certificates for SSL inspection.

Package Details

Repository
https://github.com/pulumi/pulumi-oci
License
Apache-2.0
Notes

This Pulumi package is based on the oci Terraform Provider.