Provides a vCloud Director Firewall resource. This can be used to create, modify, and delete firewall settings and rules.
resource "vcd_firewall_rules" "fw" {
edge_gateway = "Edge Gateway Name"
default_action = "deny"
rule {
description = "deny-ftp-out"
policy = "deny"
protocol = "tcp"
destination_port = "21"
destination_ip = "any"
source_port = "any"
source_ip = "10.10.0.0/24"
}
rule {
description = "allow-outbound"
policy = "allow"
protocol = "any"
destination_port = "any"
destination_ip = "any"
source_port = "any"
source_ip = "10.10.0.0/24"
}
}
resource "vcd_vapp" "web" {
# ...
}
resource "vcd_firewall_rules" "fw-web" {
edge_gateway = "Edge Gateway Name"
default_action = "drop"
rule {
description = "allow-web"
policy = "allow"
protocol = "tcp"
destination_port = "80"
destination_ip = "${vcd_vapp.web.ip}"
source_port = "any"
source_ip = "any"
}
}
The following arguments are supported:
edge_gateway - (Required) The name of the edge gateway on which to apply the Firewall Rules default_action - (Required) Either "allow" or "deny". Specifies what to do should none of the rules match rule - (Optional) Configures a firewall rule; see Rules below for details. Each firewall rule supports the following attributes:
description - (Required) Description of the fireall rule policy - (Required) Specifies what to do when this rule is matched. Either "allow" or "deny" protocol - (Required) The protocol to match. One of "tcp", "udp", "icmp" or "any" destination_port - (Required) The destination port to match. Either a port number or "any" destination_ip - (Required) The destination IP to match. Either an IP address, IP range or "any" source_port - (Required) The source port to match. Either a port number or "any" source_ip - (Required) The source IP to match. Either an IP address, IP range or "any"
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/vcd/r/firewall_rules.html