# Firewall Rule ## firewall\_rule This module allows you to create, update or remove a firewall rule. ### Example Syntax ```yaml name: Create a firewall rule ionoscloudsdk.ionoscloud.firewall_rule: datacenter: 'AnsibleAutoTestCompute' server: 'AnsibleAutoTestCompute' nic: 'AnsibleAutoTestCompute' name: SSH protocol: ICMPv6 source_mac: 01:23:45:67:89:00 ip_version: IPv6 state: present name: Update firewall rule ionoscloudsdk.ionoscloud.firewall_rule: datacenter: 'AnsibleAutoTestCompute' server: 'AnsibleAutoTestCompute' nic: 'AnsibleAutoTestCompute' firewall_rule: SSH port_range_start: 22 port_range_end: 23 state: update name: Remove firewall rule ionoscloudsdk.ionoscloud.firewall_rule: datacenter: 'AnsibleAutoTestCompute' server: 'AnsibleAutoTestCompute' nic: 'AnsibleAutoTestCompute' firewall_rule: SSH wait: true wait_timeout: '500' state: absent ``` ### Returned object ```json { "changed": true, "failed": false, "action": "create", "firewall_rule": { "href": "https://api.ionos.com/cloudapi/v6/datacenters/f6e15460-e5eb-451a-9da7-08c9da65a179/servers/78ce195d-147b-48d8-a20e-57104b99badd/nics/6e9dd9af-5132-4f8d-a285-62c86956a5da/firewallrules/d48500c7-3483-455b-9f63-9c091a9c73a2", "id": "d48500c7-3483-455b-9f63-9c091a9c73a2", "metadata": { "created_by": "", "created_by_user_id": "", "created_date": "2023-05-29T09:29:40+00:00", "etag": "de89018f9d0664828d9170c632db291a", "last_modified_by": "", "last_modified_by_user_id": "", "last_modified_date": "2023-05-29T09:29:40+00:00", "state": "BUSY" }, "properties": { "icmp_code": null, "icmp_type": null, "ip_version": null, "name": "SSH", "port_range_end": 24, "port_range_start": 22, "protocol": "TCP", "source_ip": null, "source_mac": "", "target_ip": null, "type": null }, "type": "firewall-rule" } } ``` #### For more examples please check out the tests [here](https://github.com/ionos-cloud/module-ansible/tree/master/tests/compute-engine). ## state: **present** ```yaml name: Create a firewall rule ionoscloudsdk.ionoscloud.firewall_rule: datacenter: 'AnsibleAutoTestCompute' server: 'AnsibleAutoTestCompute' nic: 'AnsibleAutoTestCompute' name: SSH protocol: ICMPv6 source_mac: 01:23:45:67:89:00 ip_version: IPv6 state: present ``` #### Available parameters for state **present**:

Name	Required	Description
datacenter str	True	The datacenter name or UUID in which to operate.
server str	True	The server name or UUID.
nic str	True	The NIC name or UUID.
name str	True	The name of the resource.
protocol str	True	The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests). Options: ['TCP', 'UDP', 'ICMP', 'ICMPv6', 'GRE', 'VRRP', 'ESP', 'AH', 'ANY']
source_mac str	False	Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.
source_ip str	False	Only traffic originating from the respective IP address (or CIDR block) is allowed. Value null allows traffic from any IP address (according to the selected ipVersion).
target_ip str	False	If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address (or CIDR block) of the NIC is allowed. Value null allows traffic to any target IP address (according to the selected ipVersion).
port_range_start int	False	Defines the start range of the allowed port (from 1 to 65535) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd value null to allow all ports.
port_range_end int	False	Defines the end range of the allowed port (from 1 to 65535) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type int	False	Defines the allowed type (from 0 to 254) if the protocol ICMP or ICMPv6 is chosen. Value null allows all types.
icmp_code int	False	Defines the allowed code (from 0 to 254) if protocol ICMP or ICMPv6 is chosen. Value null allows all codes.
ip_version str	False	The IP version for this rule. If sourceIp or targetIp are specified, you can omit this value - the IP version will then be deduced from the IP address(es) used; if you specify it anyway, it must match the specified IP address(es). If neither sourceIp nor targetIp are specified, this rule allows traffic only for the specified IP version. If neither sourceIp, targetIp nor ipVersion are specified, this rule will only allow IPv4 traffic. Options: ['IPv4', 'IPv6']
api_url str	False	The Ionos API base URL.
certificate_fingerprint str	False	The Ionos API certificate fingerprint.
username str	False	The Ionos username. Overrides the IONOS_USERNAME environment variable.
password str	False	The Ionos password. Overrides the IONOS_PASSWORD environment variable.
token str	False	The Ionos token. Overrides the IONOS_TOKEN environment variable.
wait bool	False	Wait for the resource to be created before returning. Default: True Options: [True, False]
wait_timeout int	False	How long before wait gives up, in seconds. Default: 600
state str	False	Indicate desired state of the resource. Default: present Options: ['present', 'absent', 'update']

## state: **absent** ```yaml name: Remove firewall rule ionoscloudsdk.ionoscloud.firewall_rule: datacenter: 'AnsibleAutoTestCompute' server: 'AnsibleAutoTestCompute' nic: 'AnsibleAutoTestCompute' firewall_rule: SSH wait: true wait_timeout: '500' state: absent ``` #### Available parameters for state **absent**:

Name	Required	Description
datacenter str	True	The datacenter name or UUID in which to operate.
server str	True	The server name or UUID.
nic str	True	The NIC name or UUID.
firewall_rule str	True	The Firewall Rule name or UUID.
api_url str	False	The Ionos API base URL.
certificate_fingerprint str	False	The Ionos API certificate fingerprint.
username str	False	The Ionos username. Overrides the IONOS_USERNAME environment variable.
password str	False	The Ionos password. Overrides the IONOS_PASSWORD environment variable.
token str	False	The Ionos token. Overrides the IONOS_TOKEN environment variable.
wait bool	False	Wait for the resource to be created before returning. Default: True Options: [True, False]
wait_timeout int	False	How long before wait gives up, in seconds. Default: 600
state str	False	Indicate desired state of the resource. Default: present Options: ['present', 'absent', 'update']

## state: **update** ```yaml name: Update firewall rule ionoscloudsdk.ionoscloud.firewall_rule: datacenter: 'AnsibleAutoTestCompute' server: 'AnsibleAutoTestCompute' nic: 'AnsibleAutoTestCompute' firewall_rule: SSH port_range_start: 22 port_range_end: 23 state: update ``` #### Available parameters for state **update**:

Name	Required	Description
datacenter str	True	The datacenter name or UUID in which to operate.
server str	True	The server name or UUID.
nic str	True	The NIC name or UUID.
firewall_rule str	True	The Firewall Rule name or UUID.
name str	False	The name of the resource.
protocol str	False	The protocol for the rule. Property cannot be modified after it is created (disallowed in update requests). Options: ['TCP', 'UDP', 'ICMP', 'ICMPv6', 'GRE', 'VRRP', 'ESP', 'AH', 'ANY']
source_mac str	False	Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows traffic from any MAC address.
source_ip str	False	Only traffic originating from the respective IP address (or CIDR block) is allowed. Value null allows traffic from any IP address (according to the selected ipVersion).
target_ip str	False	If the target NIC has multiple IP addresses, only the traffic directed to the respective IP address (or CIDR block) of the NIC is allowed. Value null allows traffic to any target IP address (according to the selected ipVersion).
port_range_start int	False	Defines the start range of the allowed port (from 1 to 65535) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd value null to allow all ports.
port_range_end int	False	Defines the end range of the allowed port (from 1 to 65535) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type int	False	Defines the allowed type (from 0 to 254) if the protocol ICMP or ICMPv6 is chosen. Value null allows all types.
icmp_code int	False	Defines the allowed code (from 0 to 254) if protocol ICMP or ICMPv6 is chosen. Value null allows all codes.
ip_version str	False	The IP version for this rule. If sourceIp or targetIp are specified, you can omit this value - the IP version will then be deduced from the IP address(es) used; if you specify it anyway, it must match the specified IP address(es). If neither sourceIp nor targetIp are specified, this rule allows traffic only for the specified IP version. If neither sourceIp, targetIp nor ipVersion are specified, this rule will only allow IPv4 traffic. Options: ['IPv4', 'IPv6']
api_url str	False	The Ionos API base URL.
certificate_fingerprint str	False	The Ionos API certificate fingerprint.
username str	False	The Ionos username. Overrides the IONOS_USERNAME environment variable.
password str	False	The Ionos password. Overrides the IONOS_PASSWORD environment variable.
token str	False	The Ionos token. Overrides the IONOS_TOKEN environment variable.
wait bool	False	Wait for the resource to be created before returning. Default: True Options: [True, False]
wait_timeout int	False	How long before wait gives up, in seconds. Default: 600
state str	False	Indicate desired state of the resource. Default: present Options: ['present', 'absent', 'update']