terraform-provider-google/website/docs/r/compute_firewall.html.markdown

---
layout: "google"
page_title: "Google: google_compute_firewall"
sidebar_current: "docs-google-compute-firewall"
description: |-
  Manages a firewall resource within GCE.
---

# google\_compute\_firewall

Manages a firewall resource within GCE. For more information see
[the official documentation](https://cloud.google.com/compute/docs/vpc/firewalls)
and
[API](https://cloud.google.com/compute/docs/reference/latest/firewalls).

## Example Usage

```hcl
resource "google_compute_firewall" "default" {
  name    = "test-firewall"
  network = "${google_compute_network.other.name}"

  allow {
    protocol = "icmp"
  }

  allow {
    protocol = "tcp"
    ports    = ["80", "8080", "1000-2000"]
  }

  source_tags = ["web"]
}
```

## Argument Reference

The following arguments are supported:

* `name` - (Required) A unique name for the resource, required by GCE.
    Changing this forces a new resource to be created.

* `network` - (Required) The name of the network to attach this firewall to.

* `allow` - (Required) Can be specified multiple times for each allow
    rule. Each allow block supports fields documented below.

- - -

* `description` - (Optional) Textual description field.

* `project` - (Optional) The project in which the resource belongs. If it
    is not provided, the provider project is used.

* `priority` - (Optional) The priority for this firewall. Ranges from 0-65535, inclusive. Defaults to 1000. Firewall
    resources with lower priority values have higher precedence (e.g. a firewall resource with a priority value of 0
    takes effect over all other firewall rules with a non-zero priority).

* `source_ranges` - (Optional) A list of source CIDR ranges that this
   firewall applies to. Can't be used for `EGRESS`.

* `source_tags` - (Optional) A list of source tags for this firewall. Can't be used for `EGRESS`.

* `target_tags` - (Optional) A list of target tags for this firewall.

- - -

* `deny` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Can be specified multiple times for each deny
    rule. Each deny block supports fields documented below. Can be specified
    instead of allow.

* `direction` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Direction of traffic to which this firewall applies;
    One of `INGRESS` or `EGRESS`. Defaults to `INGRESS`.

* `destination_ranges` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) A list of destination CIDR ranges that this
   firewall applies to. Can't be used for `INGRESS`.

The `allow` block supports:

* `protocol` - (Required) The name of the protocol to allow.

* `ports` - (Optional) List of ports and/or port ranges to allow. This can
    only be specified if the protocol is TCP or UDP.

The `deny` block supports:

* `protocol` - (Required) The name of the protocol to allow.

* `ports` - (Optional) List of ports and/or port ranges to allow. This can
    only be specified if the protocol is TCP or UDP.

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are
exported:

* `self_link` - The URI of the created resource.


## Import

Firewalls can be imported using the `name`, e.g.

```
$ terraform import google_compute_firewall.default test-firewall
```
website: document gce 2014-08-26 21:50:29 +00:00			`---`
			`layout: "google"`
			`page_title: "Google: google_compute_firewall"`
provider/google: SQL instance & database tests & documentation 2015-10-23 14:10:41 +00:00			`sidebar_current: "docs-google-compute-firewall"`
Add meta descriptions to all pages 2014-10-22 03:21:56 +00:00			`description: \|-`
			`Manages a firewall resource within GCE.`
website: document gce 2014-08-26 21:50:29 +00:00			`---`

			`# google\_compute\_firewall`

Add links to official docs across compute Terraform Google Provider docs (#264) 2017-07-28 18:05:48 +00:00			`Manages a firewall resource within GCE. For more information see`
			`[the official documentation](https://cloud.google.com/compute/docs/vpc/firewalls)`
			`and`
			`[API](https://cloud.google.com/compute/docs/reference/latest/firewalls).`
website: document gce 2014-08-26 21:50:29 +00:00
			`## Example Usage`

Massively add HCL source tag in docs Markdown files Signed-off-by: Max Riveiro <kavu13@gmail.com> 2017-04-17 10:17:54 +00:00			```hcl
website: document gce 2014-08-26 21:50:29 +00:00			`resource "google_compute_firewall" "default" {`
Add import docs for 5 resource types. 2017-06-14 00:46:50 +00:00			`name = "test-firewall"`
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`network = "${google_compute_network.other.name}"`
website: document gce 2014-08-26 21:50:29 +00:00
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`allow {`
			`protocol = "icmp"`
			`}`
website: document gce 2014-08-26 21:50:29 +00:00
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`allow {`
			`protocol = "tcp"`
			`ports = ["80", "8080", "1000-2000"]`
			`}`
website: document gce 2014-08-26 21:50:29 +00:00
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`source_tags = ["web"]`
website: document gce 2014-08-26 21:50:29 +00:00			`}`
			```

			`## Argument Reference`

			`The following arguments are supported:`

			* `name` - (Required) A unique name for the resource, required by GCE.
			`Changing this forces a new resource to be created.`

			* `network` - (Required) The name of the network to attach this firewall to.

			* `allow` - (Required) Can be specified multiple times for each allow
			`rule. Each allow block supports fields documented below.`

Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`- - -`

			* `description` - (Optional) Textual description field.

			* `project` - (Optional) The project in which the resource belongs. If it
			`is not provided, the provider project is used.`

Add ability to set priority on compute_firewall (#345) * Add ability to set priority on compute_firewall * Set the priority explicitly when upgrading v1->v0beta 2017-08-30 19:19:50 +00:00			* `priority` - (Optional) The priority for this firewall. Ranges from 0-65535, inclusive. Defaults to 1000. Firewall
			`resources with lower priority values have higher precedence (e.g. a firewall resource with a priority value of 0`
			`takes effect over all other firewall rules with a non-zero priority).`

Revert "docs: consistent use of array configuration syntax" This reverts commit 4893eb8b559c3664377c5c5aab4b30f82caa922b. 2015-01-14 17:28:25 +00:00			* `source_ranges` - (Optional) A list of source CIDR ranges that this
Add Beta support for egress/direction to google_compute_firewall. (#306) * Add Beta support for direction to google_compute_firewall. * Added docs. 2017-08-08 20:28:49 +00:00			firewall applies to. Can't be used for `EGRESS`.
website: document gce 2014-08-26 21:50:29 +00:00
Add Beta support for egress/direction to google_compute_firewall. (#306) * Add Beta support for direction to google_compute_firewall. * Added docs. 2017-08-08 20:28:49 +00:00			* `source_tags` - (Optional) A list of source tags for this firewall. Can't be used for `EGRESS`.
Update CHANGELOG 2014-09-27 19:42:46 +00:00
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			* `target_tags` - (Optional) A list of target tags for this firewall.
website: document gce 2014-08-26 21:50:29 +00:00
Add Beta support & Beta feature deny to google_compute_firewall (#282) * Add versioned Beta support to google_compute_firewall. * Add Beta support for deny to google_compute_firewall. * remove extra line: * make fmt * Add missing ForceNew fields. * Respond to review comments testing functionality + reducing network GET to v1 2017-08-07 20:14:35 +00:00			`- - -`

Document Beta Features in index.html (#280) * First pass of Beta docs. * Updated new docs to link as well. * Updated new Beta resources with Beta link. 2017-08-10 20:28:52 +00:00			* `deny` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Can be specified multiple times for each deny
Add Beta support & Beta feature deny to google_compute_firewall (#282) * Add versioned Beta support to google_compute_firewall. * Add Beta support for deny to google_compute_firewall. * remove extra line: * make fmt * Add missing ForceNew fields. * Respond to review comments testing functionality + reducing network GET to v1 2017-08-07 20:14:35 +00:00			`rule. Each deny block supports fields documented below. Can be specified`
			`instead of allow.`

Document Beta Features in index.html (#280) * First pass of Beta docs. * Updated new docs to link as well. * Updated new Beta resources with Beta link. 2017-08-10 20:28:52 +00:00			* `direction` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Direction of traffic to which this firewall applies;
Add Beta support for egress/direction to google_compute_firewall. (#306) * Add Beta support for direction to google_compute_firewall. * Added docs. 2017-08-08 20:28:49 +00:00			One of `INGRESS` or `EGRESS`. Defaults to `INGRESS`.

Document Beta Features in index.html (#280) * First pass of Beta docs. * Updated new docs to link as well. * Updated new Beta resources with Beta link. 2017-08-10 20:28:52 +00:00			* `destination_ranges` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) A list of destination CIDR ranges that this
Add Beta support for egress/direction to google_compute_firewall. (#306) * Add Beta support for direction to google_compute_firewall. * Added docs. 2017-08-08 20:28:49 +00:00			firewall applies to. Can't be used for `INGRESS`.

website: document gce 2014-08-26 21:50:29 +00:00			The `allow` block supports:

			* `protocol` - (Required) The name of the protocol to allow.

Add Beta support & Beta feature deny to google_compute_firewall (#282) * Add versioned Beta support to google_compute_firewall. * Add Beta support for deny to google_compute_firewall. * remove extra line: * make fmt * Add missing ForceNew fields. * Respond to review comments testing functionality + reducing network GET to v1 2017-08-07 20:14:35 +00:00			* `ports` - (Optional) List of ports and/or port ranges to allow. This can
			`only be specified if the protocol is TCP or UDP.`

			The `deny` block supports:

			* `protocol` - (Required) The name of the protocol to allow.

Revert "docs: consistent use of array configuration syntax" This reverts commit 4893eb8b559c3664377c5c5aab4b30f82caa922b. 2015-01-14 17:28:25 +00:00			* `ports` - (Optional) List of ports and/or port ranges to allow. This can
website: document gce 2014-08-26 21:50:29 +00:00			`only be specified if the protocol is TCP or UDP.`

			`## Attributes Reference`

Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`In addition to the arguments listed above, the following computed attributes are`
			`exported:`
website: document gce 2014-08-26 21:50:29 +00:00
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			* `self_link` - The URI of the created resource.
Add import docs for 5 resource types. 2017-06-14 00:46:50 +00:00

			`## Import`

			Firewalls can be imported using the `name`, e.g.

			```
			`$ terraform import google_compute_firewall.default test-firewall`
			```