Atom feed of this document
  
 

 Firewall-as-a-Service API abstractions

Table 7.31. Firewall rules
Attribute name Type Default Value Description
id uuid-str generated UUID for the firewall rule.
tenant_id uuid-str N/A Owner of the firewall rule. Only admin users can specify a tenant_id other than its own.
name String None Human readable name for the firewall rule (255 characters limit).
description String None Human readable description for the firewall rule (1024 characters limit).
firewall_policy_id uuid-str or None allocated by Networking This is a read-only attribute that gets populated with the uuid of the firewall policy when this firewall rule is associated with a firewall policy. A firewall rule can be associated with only one firewall policy at a time. However, the association can be changed to a different firewall policy.
shared Boolean False When set to True makes this firewall rule visible to tenants other than its owner, and it can be used in firewall policies not owned by its tenant.
protocol String None IP Protocol (icmp, tcp, udp, None).
ip_version Integer or String 4 IP Version (4, 6).
source_ip_address String (IP address or CIDR) None Source IP address or CIDR.
destination_ip_address String (IP address or CIDR) None Destination IP address or CIDR.
source_port Integer or String (either as a single port number or in the format of a ':' separated range) None Source port number or a range.
destination_port Integer or String (either as a single port number or in the format of a ':' separated range) None Destination port number or a range.
position Integer None This is a read-only attribute that gets assigned to this rule when the rule is associated with a firewall policy. It indicates the position of this rule in that firewall policy.
action String deny Action to be performed on the traffic matching the rule (allow, deny).
enabled Boolean True When set to False, disables this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy.
Table 7.32. Firewall policies
Attribute name Type Default Value Description
id uuid-str generated UUID for the firewall policy.
tenant_id uuid-str N/A Owner of the firewall policy. Only admin users can specify a tenant_id other their own.
name String None Human readable name for the firewall policy (255 characters limit).
description String None Human readable description for the firewall policy (1024 characters limit).
shared Boolean False When set to True makes this firewall policy visible to tenants other than its owner, and can be used to associate with firewalls not owned by its tenant.
firewall_rules List of uuid-str or None None This is an ordered list of firewall rule uuids. The firewall applies the rules in the order in which they appear in this list.
audited Boolean False When set to True by the policy owner indicates that the firewall policy has been audited. This attribute is meant to aid in the firewall policy audit workflows. Each time the firewall policy or the associated firewall rules are changed, this attribute is set to False and must be explicitly set to True through an update operation.
Table 7.33. Firewalls
Attribute name Type Default Value Description
id uuid-str generated UUID for the firewall.
tenant_id uuid-str N/A Owner of the firewall. Only admin users can specify a tenant_id other than its own.
name String None Human readable name for the firewall (255 characters limit).
description String None Human readable description for the firewall (1024 characters limit).
admin_state_up Boolean True The administrative state of the firewall. If False (down), the firewall does not forward any packets.
status String N/A

Indicates whether the firewall is currently operational. Possible values include:

  • ACTIVE

  • DOWN

  • PENDING_CREATE

  • PENDING_UPDATE

  • PENDING_DELETE

  • ERROR

firewall_policy_id uuid-str or None None The firewall policy uuid that this firewall is associated with. This firewall implements the rules contained in the firewall policy represented by this uuid.
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...