Firewall Rule Operations

This section discusses operations for managing a Firewall Rule through this extension.

Table 4.10. Firewall Rule Attributes
Attribute Type Required CRUD [a] Default Value Validation Constraints Notes
id uuid-str N/A R generated N/A Unique identifier for the Firewall Rule object.
tenant_id uuid-str Yes CR Derived from Authentication token N/A Owner of the Firewall Rule. Only admin users can specify a tenant identifier other than their own.
name String No CRU None N/A Human readable name for the Firewall Rule (255 characters limit). Does not have to be unique.
description String No CRU None N/A Human readable description for the Firewall Rule (1024 characters limit).
firewall_policy_id uuid-str No R None N/A This is a readonly attribute which gets populated with the uuid of the Firewall Policy when this Firewall Rule is associated with a Firewall Policy. A Firewall Rule can be associated with one Firewall Policy at a time. The association can however be updated to a different Firewall Policy. This attribute can be "null" if the rule is not associated with any firewall policy.
shared Bool No CRU false {true | false} When set to True makes this Firewall Rule visible to tenants other than its owner, and can be used in Firewall Policies not owned by its tenant.
protocol String No CRU None {icmp | tcp | udp | null} IP Protocol
ip_version Integer No CRU 4 {4 | 6} IP Protocol Version
source_ip_address String (IP address or CIDR) No CRU None valid IP address (v4 or v6), or CIDR Source IP address or CIDR
destination_ip_address String (IP address or CIDR) No CRU None Valid IP address (v4 or v6), or CIDR Destination IP address or CIDR
source_port Integer No CRU None Valid port number (integer or string), or port range in the format of a ':' separated range). In the case of port range, both ends of the range are included. Source port number or a range
destination_port Integer No CRU None Valid port number (integer or string), or port range in the format of a ':' separated range. In the case of port range, both ends of the range are included. Destination port number or a range
position Integer No R None N/A This is a readonly attribute that gets assigned to this rule when the rule is associated with a Firewall Policy. It indicates the position of this rule in that Firewall Policy. This position number starts at 1. The position can be "null" if the firewall rule is not associated with any policy.
action String No CRU deny {allow | deny} Action to be performed on the traffic matching the rule (allow, deny)
enabled Bool No CRU true {true | false} When set to False will disable this rule in the Firewall Policy. Facilitates selectively turning off rules without having to disassociate the rule from the Firewall Policy

[a]

  • C. Use the attribute in create operations.

  • R. This attribute is returned in response to show and list operations.

  • U. You can update the value of this attribute.

  • D. You can delete the value of this attribute.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page


loading table of contents...