# ionoscloud\_nsg\_firewallrule Manages a **Network Security Group Rule** on IONOS CLOUD. ## Example Usage ```hcl resource "ionoscloud_datacenter" "example" { name = "Datacenter NSG Example" location = "de/txl" } resource "ionoscloud_nsg" "example" { name = "Example NSG" description = "Example NSG Description" datacenter_id = ionoscloud_datacenter.example.id } resource "ionoscloud_nsg_firewallrule" "example" { nsg_id = ionoscloud_nsg.example.id datacenter_id = ionoscloud_datacenter.example.id protocol = "TCP" name = "SG Rule" source_mac = "00:0a:95:9d:68:15" source_ip = "22.231.113.11" target_ip = "22.231.113.75" type = "EGRESS" } ``` ## Argument Reference The following arguments are supported: * `nsg_id` - (Required)\[string] The ID of a Network Security Group. * `datacenter_id` - (Required)\[string] The ID of a Virtual Data Center. * `name` - (Optional)\[string] The name of the Network Security Group. * `protocol` - (Required)\[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests). * `name` - (Optional)\[string] The name of the firewall rule. * `source_mac` - (Optional)\[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff. * `source_ip` - (Optional)(computed)\[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs. * `target_ip` - (Optional)(Computed)\[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs. * `port_range_start` - (Optional)\[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports. * `port_range_end` - (Optional)\[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports. * `icmp_type` - (Optional)\[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes. * `icmp_code` - (Optional)\[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. * `type` - (Optional)(Computed)\[string] The type of firewall rule. If is not specified, it will take the default value INGRESS. ## Import A Network Security Group firewall rule can be imported using the `datacenter id`, `nsg id` and `firewall rule id`, e.g. ```shell terraform import ionoscloud_nsg_firewallrule.mynsg_firewallrule datacenter_uuid/nsg_uuid/firewall_uuid ``` Or by using an `import` block. ```hcl import { to = ionoscloud_nsg_firewallrule.imported id = "datacenter_uuid/nsg_uuid/firewall_uuid" } resource "ionoscloud_nsg_firewallrule" "imported" { nsg_id = ionoscloud_nsg.example.id datacenter_id = ionoscloud_datacenter.example.id protocol = protocol of the imported rule } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ionos.com/terraform-provider/resources/nsg_firewallrule.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.