1. Packages
  2. Proxmox Virtual Environment (Proxmox VE)
  3. API Docs
  4. Network
  5. FirewallSecurityGroup
Proxmox Virtual Environment (Proxmox VE) v6.17.1 published on Saturday, Dec 7, 2024 by Daniel Muehlbachler-Pietrzykowski

proxmoxve.Network.FirewallSecurityGroup

Explore with Pulumi AI

proxmoxve logo
Proxmox Virtual Environment (Proxmox VE) v6.17.1 published on Saturday, Dec 7, 2024 by Daniel Muehlbachler-Pietrzykowski

    A security group is a collection of rules, defined at cluster level, which can be used in all VMs’ rules. For example, you can define a group named “webserver” with rules to open the http and https ports.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
    
    const webserver = new proxmoxve.network.FirewallSecurityGroup("webserver", {
        comment: "Managed by Pulumi",
        rules: [
            {
                action: "ACCEPT",
                comment: "Allow HTTP",
                dest: "192.168.1.5",
                dport: "80",
                log: "info",
                proto: "tcp",
                type: "in",
            },
            {
                action: "ACCEPT",
                comment: "Allow HTTPS",
                dest: "192.168.1.5",
                dport: "443",
                log: "info",
                proto: "tcp",
                type: "in",
            },
        ],
    });
    
    import pulumi
    import pulumi_proxmoxve as proxmoxve
    
    webserver = proxmoxve.network.FirewallSecurityGroup("webserver",
        comment="Managed by Pulumi",
        rules=[
            {
                "action": "ACCEPT",
                "comment": "Allow HTTP",
                "dest": "192.168.1.5",
                "dport": "80",
                "log": "info",
                "proto": "tcp",
                "type": "in",
            },
            {
                "action": "ACCEPT",
                "comment": "Allow HTTPS",
                "dest": "192.168.1.5",
                "dport": "443",
                "log": "info",
                "proto": "tcp",
                "type": "in",
            },
        ])
    
    package main
    
    import (
    	"github.com/muhlba91/pulumi-proxmoxve/sdk/v6/go/proxmoxve/Network"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := Network.NewFirewallSecurityGroup(ctx, "webserver", &Network.FirewallSecurityGroupArgs{
    			Comment: pulumi.String("Managed by Pulumi"),
    			Rules: network.FirewallSecurityGroupRuleArray{
    				&network.FirewallSecurityGroupRuleArgs{
    					Action:  pulumi.String("ACCEPT"),
    					Comment: pulumi.String("Allow HTTP"),
    					Dest:    pulumi.String("192.168.1.5"),
    					Dport:   pulumi.String("80"),
    					Log:     pulumi.String("info"),
    					Proto:   pulumi.String("tcp"),
    					Type:    pulumi.String("in"),
    				},
    				&network.FirewallSecurityGroupRuleArgs{
    					Action:  pulumi.String("ACCEPT"),
    					Comment: pulumi.String("Allow HTTPS"),
    					Dest:    pulumi.String("192.168.1.5"),
    					Dport:   pulumi.String("443"),
    					Log:     pulumi.String("info"),
    					Proto:   pulumi.String("tcp"),
    					Type:    pulumi.String("in"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using ProxmoxVE = Pulumi.ProxmoxVE;
    
    return await Deployment.RunAsync(() => 
    {
        var webserver = new ProxmoxVE.Network.FirewallSecurityGroup("webserver", new()
        {
            Comment = "Managed by Pulumi",
            Rules = new[]
            {
                new ProxmoxVE.Network.Inputs.FirewallSecurityGroupRuleArgs
                {
                    Action = "ACCEPT",
                    Comment = "Allow HTTP",
                    Dest = "192.168.1.5",
                    Dport = "80",
                    Log = "info",
                    Proto = "tcp",
                    Type = "in",
                },
                new ProxmoxVE.Network.Inputs.FirewallSecurityGroupRuleArgs
                {
                    Action = "ACCEPT",
                    Comment = "Allow HTTPS",
                    Dest = "192.168.1.5",
                    Dport = "443",
                    Log = "info",
                    Proto = "tcp",
                    Type = "in",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.proxmoxve.Network.FirewallSecurityGroup;
    import com.pulumi.proxmoxve.Network.FirewallSecurityGroupArgs;
    import com.pulumi.proxmoxve.Network.inputs.FirewallSecurityGroupRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var webserver = new FirewallSecurityGroup("webserver", FirewallSecurityGroupArgs.builder()
                .comment("Managed by Pulumi")
                .rules(            
                    FirewallSecurityGroupRuleArgs.builder()
                        .action("ACCEPT")
                        .comment("Allow HTTP")
                        .dest("192.168.1.5")
                        .dport("80")
                        .log("info")
                        .proto("tcp")
                        .type("in")
                        .build(),
                    FirewallSecurityGroupRuleArgs.builder()
                        .action("ACCEPT")
                        .comment("Allow HTTPS")
                        .dest("192.168.1.5")
                        .dport("443")
                        .log("info")
                        .proto("tcp")
                        .type("in")
                        .build())
                .build());
    
        }
    }
    
    resources:
      webserver:
        type: proxmoxve:Network:FirewallSecurityGroup
        properties:
          comment: Managed by Pulumi
          rules:
            - action: ACCEPT
              comment: Allow HTTP
              dest: 192.168.1.5
              dport: '80'
              log: info
              proto: tcp
              type: in
            - action: ACCEPT
              comment: Allow HTTPS
              dest: 192.168.1.5
              dport: '443'
              log: info
              proto: tcp
              type: in
    

    Create FirewallSecurityGroup Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FirewallSecurityGroup(name: string, args: FirewallSecurityGroupArgs, opts?: CustomResourceOptions);
    @overload
    def FirewallSecurityGroup(resource_name: str,
                              args: FirewallSecurityGroupArgs,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def FirewallSecurityGroup(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              rules: Optional[Sequence[_network.FirewallSecurityGroupRuleArgs]] = None,
                              comment: Optional[str] = None,
                              container_id: Optional[int] = None,
                              name: Optional[str] = None,
                              node_name: Optional[str] = None,
                              vm_id: Optional[int] = None)
    func NewFirewallSecurityGroup(ctx *Context, name string, args FirewallSecurityGroupArgs, opts ...ResourceOption) (*FirewallSecurityGroup, error)
    public FirewallSecurityGroup(string name, FirewallSecurityGroupArgs args, CustomResourceOptions? opts = null)
    public FirewallSecurityGroup(String name, FirewallSecurityGroupArgs args)
    public FirewallSecurityGroup(String name, FirewallSecurityGroupArgs args, CustomResourceOptions options)
    
    type: proxmoxve:Network:FirewallSecurityGroup
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FirewallSecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallSecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallSecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallSecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallSecurityGroupArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var firewallSecurityGroupResource = new ProxmoxVE.Network.FirewallSecurityGroup("firewallSecurityGroupResource", new()
    {
        Rules = new[]
        {
            new ProxmoxVE.Network.Inputs.FirewallSecurityGroupRuleArgs
            {
                Action = "string",
                Comment = "string",
                Dest = "string",
                Dport = "string",
                Enabled = false,
                Iface = "string",
                Log = "string",
                Macro = "string",
                Pos = 0,
                Proto = "string",
                SecurityGroup = "string",
                Source = "string",
                Sport = "string",
                Type = "string",
            },
        },
        Comment = "string",
        ContainerId = 0,
        Name = "string",
        NodeName = "string",
        VmId = 0,
    });
    
    example, err := Network.NewFirewallSecurityGroup(ctx, "firewallSecurityGroupResource", &Network.FirewallSecurityGroupArgs{
    	Rules: network.FirewallSecurityGroupRuleArray{
    		&network.FirewallSecurityGroupRuleArgs{
    			Action:        pulumi.String("string"),
    			Comment:       pulumi.String("string"),
    			Dest:          pulumi.String("string"),
    			Dport:         pulumi.String("string"),
    			Enabled:       pulumi.Bool(false),
    			Iface:         pulumi.String("string"),
    			Log:           pulumi.String("string"),
    			Macro:         pulumi.String("string"),
    			Pos:           pulumi.Int(0),
    			Proto:         pulumi.String("string"),
    			SecurityGroup: pulumi.String("string"),
    			Source:        pulumi.String("string"),
    			Sport:         pulumi.String("string"),
    			Type:          pulumi.String("string"),
    		},
    	},
    	Comment:     pulumi.String("string"),
    	ContainerId: pulumi.Int(0),
    	Name:        pulumi.String("string"),
    	NodeName:    pulumi.String("string"),
    	VmId:        pulumi.Int(0),
    })
    
    var firewallSecurityGroupResource = new FirewallSecurityGroup("firewallSecurityGroupResource", FirewallSecurityGroupArgs.builder()
        .rules(FirewallSecurityGroupRuleArgs.builder()
            .action("string")
            .comment("string")
            .dest("string")
            .dport("string")
            .enabled(false)
            .iface("string")
            .log("string")
            .macro("string")
            .pos(0)
            .proto("string")
            .securityGroup("string")
            .source("string")
            .sport("string")
            .type("string")
            .build())
        .comment("string")
        .containerId(0)
        .name("string")
        .nodeName("string")
        .vmId(0)
        .build());
    
    firewall_security_group_resource = proxmoxve.network.FirewallSecurityGroup("firewallSecurityGroupResource",
        rules=[{
            "action": "string",
            "comment": "string",
            "dest": "string",
            "dport": "string",
            "enabled": False,
            "iface": "string",
            "log": "string",
            "macro": "string",
            "pos": 0,
            "proto": "string",
            "security_group": "string",
            "source": "string",
            "sport": "string",
            "type": "string",
        }],
        comment="string",
        container_id=0,
        name="string",
        node_name="string",
        vm_id=0)
    
    const firewallSecurityGroupResource = new proxmoxve.network.FirewallSecurityGroup("firewallSecurityGroupResource", {
        rules: [{
            action: "string",
            comment: "string",
            dest: "string",
            dport: "string",
            enabled: false,
            iface: "string",
            log: "string",
            macro: "string",
            pos: 0,
            proto: "string",
            securityGroup: "string",
            source: "string",
            sport: "string",
            type: "string",
        }],
        comment: "string",
        containerId: 0,
        name: "string",
        nodeName: "string",
        vmId: 0,
    });
    
    type: proxmoxve:Network:FirewallSecurityGroup
    properties:
        comment: string
        containerId: 0
        name: string
        nodeName: string
        rules:
            - action: string
              comment: string
              dest: string
              dport: string
              enabled: false
              iface: string
              log: string
              macro: string
              pos: 0
              proto: string
              securityGroup: string
              source: string
              sport: string
              type: string
        vmId: 0
    

    FirewallSecurityGroup Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FirewallSecurityGroup resource accepts the following input properties:

    Rules List<Pulumi.ProxmoxVE.Network.Inputs.FirewallSecurityGroupRule>
    Firewall rule block (multiple blocks supported).
    Comment string
    Security group comment.
    ContainerId int
    The ID of the container to manage the firewall for.
    Name string
    Security group name.
    NodeName string
    The name of the node.
    VmId int
    The ID of the VM to manage the firewall for.
    Rules []FirewallSecurityGroupRuleArgs
    Firewall rule block (multiple blocks supported).
    Comment string
    Security group comment.
    ContainerId int
    The ID of the container to manage the firewall for.
    Name string
    Security group name.
    NodeName string
    The name of the node.
    VmId int
    The ID of the VM to manage the firewall for.
    rules List<FirewallSecurityGroupRule>
    Firewall rule block (multiple blocks supported).
    comment String
    Security group comment.
    containerId Integer
    The ID of the container to manage the firewall for.
    name String
    Security group name.
    nodeName String
    The name of the node.
    vmId Integer
    The ID of the VM to manage the firewall for.
    rules FirewallSecurityGroupRule[]
    Firewall rule block (multiple blocks supported).
    comment string
    Security group comment.
    containerId number
    The ID of the container to manage the firewall for.
    name string
    Security group name.
    nodeName string
    The name of the node.
    vmId number
    The ID of the VM to manage the firewall for.
    rules Sequence[network.FirewallSecurityGroupRuleArgs]
    Firewall rule block (multiple blocks supported).
    comment str
    Security group comment.
    container_id int
    The ID of the container to manage the firewall for.
    name str
    Security group name.
    node_name str
    The name of the node.
    vm_id int
    The ID of the VM to manage the firewall for.
    rules List<Property Map>
    Firewall rule block (multiple blocks supported).
    comment String
    Security group comment.
    containerId Number
    The ID of the container to manage the firewall for.
    name String
    Security group name.
    nodeName String
    The name of the node.
    vmId Number
    The ID of the VM to manage the firewall for.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FirewallSecurityGroup resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing FirewallSecurityGroup Resource

    Get an existing FirewallSecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FirewallSecurityGroupState, opts?: CustomResourceOptions): FirewallSecurityGroup
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            comment: Optional[str] = None,
            container_id: Optional[int] = None,
            name: Optional[str] = None,
            node_name: Optional[str] = None,
            rules: Optional[Sequence[_network.FirewallSecurityGroupRuleArgs]] = None,
            vm_id: Optional[int] = None) -> FirewallSecurityGroup
    func GetFirewallSecurityGroup(ctx *Context, name string, id IDInput, state *FirewallSecurityGroupState, opts ...ResourceOption) (*FirewallSecurityGroup, error)
    public static FirewallSecurityGroup Get(string name, Input<string> id, FirewallSecurityGroupState? state, CustomResourceOptions? opts = null)
    public static FirewallSecurityGroup get(String name, Output<String> id, FirewallSecurityGroupState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Comment string
    Security group comment.
    ContainerId int
    The ID of the container to manage the firewall for.
    Name string
    Security group name.
    NodeName string
    The name of the node.
    Rules List<Pulumi.ProxmoxVE.Network.Inputs.FirewallSecurityGroupRule>
    Firewall rule block (multiple blocks supported).
    VmId int
    The ID of the VM to manage the firewall for.
    Comment string
    Security group comment.
    ContainerId int
    The ID of the container to manage the firewall for.
    Name string
    Security group name.
    NodeName string
    The name of the node.
    Rules []FirewallSecurityGroupRuleArgs
    Firewall rule block (multiple blocks supported).
    VmId int
    The ID of the VM to manage the firewall for.
    comment String
    Security group comment.
    containerId Integer
    The ID of the container to manage the firewall for.
    name String
    Security group name.
    nodeName String
    The name of the node.
    rules List<FirewallSecurityGroupRule>
    Firewall rule block (multiple blocks supported).
    vmId Integer
    The ID of the VM to manage the firewall for.
    comment string
    Security group comment.
    containerId number
    The ID of the container to manage the firewall for.
    name string
    Security group name.
    nodeName string
    The name of the node.
    rules FirewallSecurityGroupRule[]
    Firewall rule block (multiple blocks supported).
    vmId number
    The ID of the VM to manage the firewall for.
    comment str
    Security group comment.
    container_id int
    The ID of the container to manage the firewall for.
    name str
    Security group name.
    node_name str
    The name of the node.
    rules Sequence[network.FirewallSecurityGroupRuleArgs]
    Firewall rule block (multiple blocks supported).
    vm_id int
    The ID of the VM to manage the firewall for.
    comment String
    Security group comment.
    containerId Number
    The ID of the container to manage the firewall for.
    name String
    Security group name.
    nodeName String
    The name of the node.
    rules List<Property Map>
    Firewall rule block (multiple blocks supported).
    vmId Number
    The ID of the VM to manage the firewall for.

    Supporting Types

    FirewallSecurityGroupRule, FirewallSecurityGroupRuleArgs

    Action string
    Rule action (ACCEPT, DROP, REJECT).
    Comment string
    Rule comment.
    Dest string
    Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    Dport string
    Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    Enabled bool
    Enable rule
    Iface string
    Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
    Log string
    Log level for this rule (emerg, alert, crit, err, warning, notice, info, debug, nolog).
    Macro string
    Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
    Pos int
    Position of the rule in the list.
    Proto string
    Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
    SecurityGroup string
    Security group name
    Source string
    Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    Sport string
    Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    Type string
    Rule type (in, out).
    Action string
    Rule action (ACCEPT, DROP, REJECT).
    Comment string
    Rule comment.
    Dest string
    Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    Dport string
    Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    Enabled bool
    Enable rule
    Iface string
    Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
    Log string
    Log level for this rule (emerg, alert, crit, err, warning, notice, info, debug, nolog).
    Macro string
    Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
    Pos int
    Position of the rule in the list.
    Proto string
    Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
    SecurityGroup string
    Security group name
    Source string
    Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    Sport string
    Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    Type string
    Rule type (in, out).
    action String
    Rule action (ACCEPT, DROP, REJECT).
    comment String
    Rule comment.
    dest String
    Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    dport String
    Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    enabled Boolean
    Enable rule
    iface String
    Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
    log String
    Log level for this rule (emerg, alert, crit, err, warning, notice, info, debug, nolog).
    macro String
    Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
    pos Integer
    Position of the rule in the list.
    proto String
    Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
    securityGroup String
    Security group name
    source String
    Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    sport String
    Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    type String
    Rule type (in, out).
    action string
    Rule action (ACCEPT, DROP, REJECT).
    comment string
    Rule comment.
    dest string
    Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    dport string
    Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    enabled boolean
    Enable rule
    iface string
    Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
    log string
    Log level for this rule (emerg, alert, crit, err, warning, notice, info, debug, nolog).
    macro string
    Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
    pos number
    Position of the rule in the list.
    proto string
    Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
    securityGroup string
    Security group name
    source string
    Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    sport string
    Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    type string
    Rule type (in, out).
    action str
    Rule action (ACCEPT, DROP, REJECT).
    comment str
    Rule comment.
    dest str
    Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    dport str
    Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    enabled bool
    Enable rule
    iface str
    Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
    log str
    Log level for this rule (emerg, alert, crit, err, warning, notice, info, debug, nolog).
    macro str
    Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
    pos int
    Position of the rule in the list.
    proto str
    Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
    security_group str
    Security group name
    source str
    Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    sport str
    Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    type str
    Rule type (in, out).
    action String
    Rule action (ACCEPT, DROP, REJECT).
    comment String
    Rule comment.
    dest String
    Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    dport String
    Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    enabled Boolean
    Enable rule
    iface String
    Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
    log String
    Log level for this rule (emerg, alert, crit, err, warning, notice, info, debug, nolog).
    macro String
    Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
    pos Number
    Position of the rule in the list.
    proto String
    Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
    securityGroup String
    Security group name
    source String
    Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like 20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
    sport String
    Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/ services'. Port ranges can be specified with '\d+:\d+', for example 80:85, and you can use comma separated list to match several ports or ranges.
    type String
    Rule type (in, out).

    Import

    Instances can be imported using the name, e.g.,

    bash

    $ pulumi import proxmoxve:Network/firewallSecurityGroup:FirewallSecurityGroup webserver webserver
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    proxmoxve muhlba91/pulumi-proxmoxve
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the proxmox Terraform Provider.
    proxmoxve logo
    Proxmox Virtual Environment (Proxmox VE) v6.17.1 published on Saturday, Dec 7, 2024 by Daniel Muehlbachler-Pietrzykowski