This section discusses operations for managing a Firewall Rule through this extension.
Attribute | Type | Required | CRUD [a] | Default Value | Validation Constraints | Notes | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
id | uuid-str | N/A | R | generated | N/A | Unique identifier for the Firewall Rule object. | |||||||||||||||||||||||||||||||||||||||||||
tenant_id | uuid-str | Yes | CR | Derived from Authentication token | N/A | Owner of the Firewall Rule. Only admin users can specify a tenant identifier other than their own. | |||||||||||||||||||||||||||||||||||||||||||
name | String | No | CRU | None | N/A | Human readable name for the Firewall Rule (255 characters limit). Does not have to be unique. | |||||||||||||||||||||||||||||||||||||||||||
description | String | No | CRU | None | N/A | Human readable description for the Firewall Rule (1024 characters limit). | |||||||||||||||||||||||||||||||||||||||||||
firewall_policy_id | uuid-str | No | R | None | N/A | This is a readonly attribute which gets populated with the uuid of the Firewall Policy when this Firewall Rule is associated with a Firewall Policy. A Firewall Rule can be associated with one Firewall Policy at a time. The association can however be updated to a different Firewall Policy. This attribute can be "null" if the rule is not associated with any firewall policy. | |||||||||||||||||||||||||||||||||||||||||||
shared | Bool | No | CRU | false | {true | false} | When set to True makes this Firewall Rule visible to tenants other than its owner, and can be used in Firewall Policies not owned by its tenant. | |||||||||||||||||||||||||||||||||||||||||||
protocol | String | No | CRU | None | {icmp | tcp | udp | null} | IP Protocol | |||||||||||||||||||||||||||||||||||||||||||
ip_version | Integer | No | CRU | 4 | {4 | 6} | IP Protocol Version | |||||||||||||||||||||||||||||||||||||||||||
source_ip_address | String (IP address or CIDR) | No | CRU | None | valid IP address (v4 or v6), or CIDR | Source IP address or CIDR | |||||||||||||||||||||||||||||||||||||||||||
destination_ip_address | String (IP address or CIDR) | No | CRU | None | Valid IP address (v4 or v6), or CIDR | Destination IP address or CIDR | |||||||||||||||||||||||||||||||||||||||||||
source_port | Integer | No | CRU | None | Valid port number (integer or string), or port range in the format of a ':' separated range). In the case of port range, both ends of the range are included. | Source port number or a range | |||||||||||||||||||||||||||||||||||||||||||
destination_port | Integer | No | CRU | None | Valid port number (integer or string), or port range in the format of a ':' separated range. In the case of port range, both ends of the range are included. | Destination port number or a range | |||||||||||||||||||||||||||||||||||||||||||
position | Integer | No | R | None | N/A | This is a readonly attribute that gets assigned to this rule when the rule is associated with a Firewall Policy. It indicates the position of this rule in that Firewall Policy. This position number starts at 1. The position can be "null" if the firewall rule is not associated with any policy. | |||||||||||||||||||||||||||||||||||||||||||
action | String | No | CRU | deny | {allow | deny} | Action to be performed on the traffic matching the rule (allow, deny) | |||||||||||||||||||||||||||||||||||||||||||
enabled | Bool | No | CRU | true | {true | false} | When set to False will disable this rule in the Firewall Policy. Facilitates selectively turning off rules without having to disassociate the rule from the Firewall Policy | |||||||||||||||||||||||||||||||||||||||||||
[a]
|