3.2 KiB
layout | page_title | sidebar_current | description |
---|---|---|---|
Google: google_compute_firewall | docs-google-compute-firewall | Manages a firewall resource within GCE. |
google_compute_firewall
Manages a firewall resource within GCE. For more information see the official documentation and API.
Example Usage
resource "google_compute_firewall" "default" {
name = "test-firewall"
network = "${google_compute_network.other.name}"
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80", "8080", "1000-2000"]
}
source_tags = ["web"]
}
Argument Reference
The following arguments are supported:
-
name
- (Required) A unique name for the resource, required by GCE. Changing this forces a new resource to be created. -
network
- (Required) The name or self_link of the network to attach this firewall to. -
allow
- (Required) Can be specified multiple times for each allow rule. Each allow block supports fields documented below.
-
description
- (Optional) Textual description field. -
project
- (Optional) The project in which the resource belongs. If it is not provided, the provider project is used. -
priority
- (Optional) The priority for this firewall. Ranges from 0-65535, inclusive. Defaults to 1000. Firewall resources with lower priority values have higher precedence (e.g. a firewall resource with a priority value of 0 takes effect over all other firewall rules with a non-zero priority). -
source_ranges
- (Optional) A list of source CIDR ranges that this firewall applies to. Can't be used forEGRESS
. -
source_tags
- (Optional) A list of source tags for this firewall. Can't be used forEGRESS
. -
target_tags
- (Optional) A list of target tags for this firewall.
-
deny
- (Optional, Beta) Can be specified multiple times for each deny rule. Each deny block supports fields documented below. Can be specified instead of allow. -
direction
- (Optional, Beta) Direction of traffic to which this firewall applies; One ofINGRESS
orEGRESS
. Defaults toINGRESS
. -
destination_ranges
- (Optional, Beta) A list of destination CIDR ranges that this firewall applies to. Can't be used forINGRESS
.
The allow
block supports:
-
protocol
- (Required) The name of the protocol to allow. -
ports
- (Optional) List of ports and/or port ranges to allow. This can only be specified if the protocol is TCP or UDP.
The deny
block supports:
-
protocol
- (Required) The name of the protocol to allow. -
ports
- (Optional) List of ports and/or port ranges to allow. This can only be specified if the protocol is TCP or UDP.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
self_link
- The URI of the created resource.
Import
Firewalls can be imported using the name
, e.g.
$ terraform import google_compute_firewall.default test-firewall