firewall_rule

Type representing a IonosCloud firewall rule.

Parameters:

Name	Required	Description
name	true	The name of the firewall rule.

Name

Required

Description

name

true

The name of the firewall rule.

Properties:

Name Required Description

Name	Required	Description
ensure	No	The basic property that the resource should be in. Valid values are `present`, `absent`.
source_mac	No	Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff.
source_ip	No	Only traffic originating from the respective IPv4 address is allowed.
target_ip	No	In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed.
port_range_start	No	Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen.
port_range_end	No	Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen.
icmp_type	No	Defines the allowed type (from 0 to 254) if the protocol ICMP is chosen.
icmp_code	No	Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type	No	The type of firewall rule. If is not specified, it will take the default value INGRESS.
protocol	No	The protocol for the firewall rule. Valid values are `TCP`, `UDP`, `ICMP`, `ANY`.
datacenter_id	No	The ID of the virtual data center where the NIC will reside.
datacenter_name	No	The name of the virtual data center where the NIC will reside.
server_id	No	The server ID the NIC will be attached to.
server_name	No	The server name the NIC will be attached to.
nic_id	No	The NIC ID the NIC will be attached to.
nic_name	No	The name of the NIC the firewall rule will be added to.
id	No	The Firewall Rule ID.
***

ensure

The basic property that the resource should be in. Valid values are present, absent.

source_mac

Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff.

source_ip

Only traffic originating from the respective IPv4 address is allowed.

target_ip

In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed.

port_range_start

Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen.

port_range_end

Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen.

icmp_type

Defines the allowed type (from 0 to 254) if the protocol ICMP is chosen.

icmp_code

Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.

type

The type of firewall rule. If is not specified, it will take the default value INGRESS.

protocol

The protocol for the firewall rule. Valid values are TCP, UDP, ICMP, ANY.

datacenter_id

The ID of the virtual data center where the NIC will reside.

datacenter_name

The name of the virtual data center where the NIC will reside.

server_id

The server ID the NIC will be attached to.

server_name

The server name the NIC will be attached to.

nic_id

The NIC ID the NIC will be attached to.

nic_name

The name of the NIC the firewall rule will be added to.

The Firewall Rule ID.

***

Changeable properties:

icmp_code
icmp_type
port_range_start
port_range_end
source_mac
source_ip
target_ip
type

Examples

To list resources:

puppet resource firewall_rule

NOTE: If two resources have the same name only one of them will be shown.

To create, update or delete a resource:

$datacenter_name = 'MyDataCenter'
$server_name = 'worker4'
$nic = 'testnic3'

firewall_rule { 'SSH':
  ensure           => 'present',
  datacenter_name  => 'MyDataCenter',
  nic_name         => 'testnic3',
  port_range_end   => 29,
  port_range_start => 22,
  protocol         => 'TCP',
  provider         => 'v1',
  server_name      => 'worker4',
  type             => 'INGRESS',
}

NOTE: If two resources with the same name ar found an error will be thrown, this only applies to cases where the resource cannot be identified. Example: an error is thrown for two servers with the same name in the same datacenter, not for two servers with the same name, but in different datacenters.

Previousdatacenter Nextimage

Last updated 1 year ago