1. Packages
  2. OVH
  3. API Docs
  4. Ip
  5. FirewallRule
OVHCloud v2.1.1 published on Thursday, Apr 10, 2025 by OVHcloud

ovh.Ip.FirewallRule

Explore with Pulumi AI

Use this resource to manage a rule on an IP firewall.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ovh from "@ovhcloud/pulumi-ovh";

const myFirewallRule = new ovh.ip.FirewallRule("myFirewallRule", {
    action: "deny",
    ip: "XXXXXX",
    ipOnFirewall: "XXXXXX",
    protocol: "tcp",
    sequence: 0,
});
Copy
import pulumi
import pulumi_ovh as ovh

my_firewall_rule = ovh.ip.FirewallRule("myFirewallRule",
    action="deny",
    ip="XXXXXX",
    ip_on_firewall="XXXXXX",
    protocol="tcp",
    sequence=0)
Copy
package main

import (
	"github.com/ovh/pulumi-ovh/sdk/v2/go/ovh/ip"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ip.NewFirewallRule(ctx, "myFirewallRule", &ip.FirewallRuleArgs{
			Action:       pulumi.String("deny"),
			Ip:           pulumi.String("XXXXXX"),
			IpOnFirewall: pulumi.String("XXXXXX"),
			Protocol:     pulumi.String("tcp"),
			Sequence:     pulumi.Float64(0),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ovh = Pulumi.Ovh;

return await Deployment.RunAsync(() => 
{
    var myFirewallRule = new Ovh.Ip.FirewallRule("myFirewallRule", new()
    {
        Action = "deny",
        Ip = "XXXXXX",
        IpOnFirewall = "XXXXXX",
        Protocol = "tcp",
        Sequence = 0,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.ovhcloud.pulumi.ovh.Ip.FirewallRule;
import com.ovhcloud.pulumi.ovh.Ip.FirewallRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myFirewallRule = new FirewallRule("myFirewallRule", FirewallRuleArgs.builder()
            .action("deny")
            .ip("XXXXXX")
            .ipOnFirewall("XXXXXX")
            .protocol("tcp")
            .sequence(0.0)
            .build());

    }
}
Copy
resources:
  myFirewallRule:
    type: ovh:Ip:FirewallRule
    properties:
      action: deny
      ip: XXXXXX
      ipOnFirewall: XXXXXX
      protocol: tcp
      sequence: 0
Copy

Create FirewallRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FirewallRule(name: string, args: FirewallRuleArgs, opts?: CustomResourceOptions);
@overload
def FirewallRule(resource_name: str,
                 args: FirewallRuleArgs,
                 opts: Optional[ResourceOptions] = None)

@overload
def FirewallRule(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 action: Optional[str] = None,
                 ip: Optional[str] = None,
                 ip_on_firewall: Optional[str] = None,
                 protocol: Optional[str] = None,
                 sequence: Optional[float] = None,
                 destination_port: Optional[float] = None,
                 fragments: Optional[bool] = None,
                 source: Optional[str] = None,
                 source_port: Optional[float] = None,
                 tcp_option: Optional[str] = None)
func NewFirewallRule(ctx *Context, name string, args FirewallRuleArgs, opts ...ResourceOption) (*FirewallRule, error)
public FirewallRule(string name, FirewallRuleArgs args, CustomResourceOptions? opts = null)
public FirewallRule(String name, FirewallRuleArgs args)
public FirewallRule(String name, FirewallRuleArgs args, CustomResourceOptions options)
type: ovh:Ip:FirewallRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. FirewallRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. FirewallRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. FirewallRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. FirewallRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FirewallRuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var firewallRuleResource = new Ovh.Ip.FirewallRule("firewallRuleResource", new()
{
    Action = "string",
    Ip = "string",
    IpOnFirewall = "string",
    Protocol = "string",
    Sequence = 0,
    DestinationPort = 0,
    Fragments = false,
    Source = "string",
    SourcePort = 0,
    TcpOption = "string",
});
Copy
example, err := Ip.NewFirewallRule(ctx, "firewallRuleResource", &Ip.FirewallRuleArgs{
	Action:          pulumi.String("string"),
	Ip:              pulumi.String("string"),
	IpOnFirewall:    pulumi.String("string"),
	Protocol:        pulumi.String("string"),
	Sequence:        pulumi.Float64(0),
	DestinationPort: pulumi.Float64(0),
	Fragments:       pulumi.Bool(false),
	Source:          pulumi.String("string"),
	SourcePort:      pulumi.Float64(0),
	TcpOption:       pulumi.String("string"),
})
Copy
var firewallRuleResource = new FirewallRule("firewallRuleResource", FirewallRuleArgs.builder()
    .action("string")
    .ip("string")
    .ipOnFirewall("string")
    .protocol("string")
    .sequence(0)
    .destinationPort(0)
    .fragments(false)
    .source("string")
    .sourcePort(0)
    .tcpOption("string")
    .build());
Copy
firewall_rule_resource = ovh.ip.FirewallRule("firewallRuleResource",
    action="string",
    ip="string",
    ip_on_firewall="string",
    protocol="string",
    sequence=0,
    destination_port=0,
    fragments=False,
    source="string",
    source_port=0,
    tcp_option="string")
Copy
const firewallRuleResource = new ovh.ip.FirewallRule("firewallRuleResource", {
    action: "string",
    ip: "string",
    ipOnFirewall: "string",
    protocol: "string",
    sequence: 0,
    destinationPort: 0,
    fragments: false,
    source: "string",
    sourcePort: 0,
    tcpOption: "string",
});
Copy
type: ovh:Ip:FirewallRule
properties:
    action: string
    destinationPort: 0
    fragments: false
    ip: string
    ipOnFirewall: string
    protocol: string
    sequence: 0
    source: string
    sourcePort: 0
    tcpOption: string
Copy

FirewallRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FirewallRule resource accepts the following input properties:

Action This property is required. string
Possible values for action (deny|permit)
Ip This property is required. string
The IP or the CIDR
IpOnFirewall This property is required. string
IPv4 address
Protocol This property is required. string
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
Sequence This property is required. double
Rule position in the rules array
DestinationPort double
Destination port for your rule. Only with TCP/UDP protocol
Fragments bool
Fragments option
Source string
IPv4 CIDR notation (e.g., 192.0.2.0/24)
SourcePort double
Source port for your rule. Only with TCP/UDP protocol
TcpOption string
TCP option on your rule (syn|established)
Action This property is required. string
Possible values for action (deny|permit)
Ip This property is required. string
The IP or the CIDR
IpOnFirewall This property is required. string
IPv4 address
Protocol This property is required. string
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
Sequence This property is required. float64
Rule position in the rules array
DestinationPort float64
Destination port for your rule. Only with TCP/UDP protocol
Fragments bool
Fragments option
Source string
IPv4 CIDR notation (e.g., 192.0.2.0/24)
SourcePort float64
Source port for your rule. Only with TCP/UDP protocol
TcpOption string
TCP option on your rule (syn|established)
action This property is required. String
Possible values for action (deny|permit)
ip This property is required. String
The IP or the CIDR
ipOnFirewall This property is required. String
IPv4 address
protocol This property is required. String
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
sequence This property is required. Double
Rule position in the rules array
destinationPort Double
Destination port for your rule. Only with TCP/UDP protocol
fragments Boolean
Fragments option
source String
IPv4 CIDR notation (e.g., 192.0.2.0/24)
sourcePort Double
Source port for your rule. Only with TCP/UDP protocol
tcpOption String
TCP option on your rule (syn|established)
action This property is required. string
Possible values for action (deny|permit)
ip This property is required. string
The IP or the CIDR
ipOnFirewall This property is required. string
IPv4 address
protocol This property is required. string
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
sequence This property is required. number
Rule position in the rules array
destinationPort number
Destination port for your rule. Only with TCP/UDP protocol
fragments boolean
Fragments option
source string
IPv4 CIDR notation (e.g., 192.0.2.0/24)
sourcePort number
Source port for your rule. Only with TCP/UDP protocol
tcpOption string
TCP option on your rule (syn|established)
action This property is required. str
Possible values for action (deny|permit)
ip This property is required. str
The IP or the CIDR
ip_on_firewall This property is required. str
IPv4 address
protocol This property is required. str
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
sequence This property is required. float
Rule position in the rules array
destination_port float
Destination port for your rule. Only with TCP/UDP protocol
fragments bool
Fragments option
source str
IPv4 CIDR notation (e.g., 192.0.2.0/24)
source_port float
Source port for your rule. Only with TCP/UDP protocol
tcp_option str
TCP option on your rule (syn|established)
action This property is required. String
Possible values for action (deny|permit)
ip This property is required. String
The IP or the CIDR
ipOnFirewall This property is required. String
IPv4 address
protocol This property is required. String
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
sequence This property is required. Number
Rule position in the rules array
destinationPort Number
Destination port for your rule. Only with TCP/UDP protocol
fragments Boolean
Fragments option
source String
IPv4 CIDR notation (e.g., 192.0.2.0/24)
sourcePort Number
Source port for your rule. Only with TCP/UDP protocol
tcpOption String
TCP option on your rule (syn|established)

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallRule resource produces the following output properties:

CreationDate string
Creation date of the rule
Destination string
Destination IP for your rule
DestinationPortDesc string
String description of field destination_port
Id string
The provider-assigned unique ID for this managed resource.
Rule string
Description of the rule
SourcePortDesc string
String description of field source_port
State string
Current state of your rule
CreationDate string
Creation date of the rule
Destination string
Destination IP for your rule
DestinationPortDesc string
String description of field destination_port
Id string
The provider-assigned unique ID for this managed resource.
Rule string
Description of the rule
SourcePortDesc string
String description of field source_port
State string
Current state of your rule
creationDate String
Creation date of the rule
destination String
Destination IP for your rule
destinationPortDesc String
String description of field destination_port
id String
The provider-assigned unique ID for this managed resource.
rule String
Description of the rule
sourcePortDesc String
String description of field source_port
state String
Current state of your rule
creationDate string
Creation date of the rule
destination string
Destination IP for your rule
destinationPortDesc string
String description of field destination_port
id string
The provider-assigned unique ID for this managed resource.
rule string
Description of the rule
sourcePortDesc string
String description of field source_port
state string
Current state of your rule
creation_date str
Creation date of the rule
destination str
Destination IP for your rule
destination_port_desc str
String description of field destination_port
id str
The provider-assigned unique ID for this managed resource.
rule str
Description of the rule
source_port_desc str
String description of field source_port
state str
Current state of your rule
creationDate String
Creation date of the rule
destination String
Destination IP for your rule
destinationPortDesc String
String description of field destination_port
id String
The provider-assigned unique ID for this managed resource.
rule String
Description of the rule
sourcePortDesc String
String description of field source_port
state String
Current state of your rule

Look up Existing FirewallRule Resource

Get an existing FirewallRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallRuleState, opts?: CustomResourceOptions): FirewallRule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        creation_date: Optional[str] = None,
        destination: Optional[str] = None,
        destination_port: Optional[float] = None,
        destination_port_desc: Optional[str] = None,
        fragments: Optional[bool] = None,
        ip: Optional[str] = None,
        ip_on_firewall: Optional[str] = None,
        protocol: Optional[str] = None,
        rule: Optional[str] = None,
        sequence: Optional[float] = None,
        source: Optional[str] = None,
        source_port: Optional[float] = None,
        source_port_desc: Optional[str] = None,
        state: Optional[str] = None,
        tcp_option: Optional[str] = None) -> FirewallRule
func GetFirewallRule(ctx *Context, name string, id IDInput, state *FirewallRuleState, opts ...ResourceOption) (*FirewallRule, error)
public static FirewallRule Get(string name, Input<string> id, FirewallRuleState? state, CustomResourceOptions? opts = null)
public static FirewallRule get(String name, Output<String> id, FirewallRuleState state, CustomResourceOptions options)
resources:  _:    type: ovh:Ip:FirewallRule    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Action string
Possible values for action (deny|permit)
CreationDate string
Creation date of the rule
Destination string
Destination IP for your rule
DestinationPort double
Destination port for your rule. Only with TCP/UDP protocol
DestinationPortDesc string
String description of field destination_port
Fragments bool
Fragments option
Ip string
The IP or the CIDR
IpOnFirewall string
IPv4 address
Protocol string
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
Rule string
Description of the rule
Sequence double
Rule position in the rules array
Source string
IPv4 CIDR notation (e.g., 192.0.2.0/24)
SourcePort double
Source port for your rule. Only with TCP/UDP protocol
SourcePortDesc string
String description of field source_port
State string
Current state of your rule
TcpOption string
TCP option on your rule (syn|established)
Action string
Possible values for action (deny|permit)
CreationDate string
Creation date of the rule
Destination string
Destination IP for your rule
DestinationPort float64
Destination port for your rule. Only with TCP/UDP protocol
DestinationPortDesc string
String description of field destination_port
Fragments bool
Fragments option
Ip string
The IP or the CIDR
IpOnFirewall string
IPv4 address
Protocol string
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
Rule string
Description of the rule
Sequence float64
Rule position in the rules array
Source string
IPv4 CIDR notation (e.g., 192.0.2.0/24)
SourcePort float64
Source port for your rule. Only with TCP/UDP protocol
SourcePortDesc string
String description of field source_port
State string
Current state of your rule
TcpOption string
TCP option on your rule (syn|established)
action String
Possible values for action (deny|permit)
creationDate String
Creation date of the rule
destination String
Destination IP for your rule
destinationPort Double
Destination port for your rule. Only with TCP/UDP protocol
destinationPortDesc String
String description of field destination_port
fragments Boolean
Fragments option
ip String
The IP or the CIDR
ipOnFirewall String
IPv4 address
protocol String
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
rule String
Description of the rule
sequence Double
Rule position in the rules array
source String
IPv4 CIDR notation (e.g., 192.0.2.0/24)
sourcePort Double
Source port for your rule. Only with TCP/UDP protocol
sourcePortDesc String
String description of field source_port
state String
Current state of your rule
tcpOption String
TCP option on your rule (syn|established)
action string
Possible values for action (deny|permit)
creationDate string
Creation date of the rule
destination string
Destination IP for your rule
destinationPort number
Destination port for your rule. Only with TCP/UDP protocol
destinationPortDesc string
String description of field destination_port
fragments boolean
Fragments option
ip string
The IP or the CIDR
ipOnFirewall string
IPv4 address
protocol string
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
rule string
Description of the rule
sequence number
Rule position in the rules array
source string
IPv4 CIDR notation (e.g., 192.0.2.0/24)
sourcePort number
Source port for your rule. Only with TCP/UDP protocol
sourcePortDesc string
String description of field source_port
state string
Current state of your rule
tcpOption string
TCP option on your rule (syn|established)
action str
Possible values for action (deny|permit)
creation_date str
Creation date of the rule
destination str
Destination IP for your rule
destination_port float
Destination port for your rule. Only with TCP/UDP protocol
destination_port_desc str
String description of field destination_port
fragments bool
Fragments option
ip str
The IP or the CIDR
ip_on_firewall str
IPv4 address
protocol str
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
rule str
Description of the rule
sequence float
Rule position in the rules array
source str
IPv4 CIDR notation (e.g., 192.0.2.0/24)
source_port float
Source port for your rule. Only with TCP/UDP protocol
source_port_desc str
String description of field source_port
state str
Current state of your rule
tcp_option str
TCP option on your rule (syn|established)
action String
Possible values for action (deny|permit)
creationDate String
Creation date of the rule
destination String
Destination IP for your rule
destinationPort Number
Destination port for your rule. Only with TCP/UDP protocol
destinationPortDesc String
String description of field destination_port
fragments Boolean
Fragments option
ip String
The IP or the CIDR
ipOnFirewall String
IPv4 address
protocol String
Possible values for protocol (ah|esp|gre|icmp|ipv4|tcp|udp)
rule String
Description of the rule
sequence Number
Rule position in the rules array
source String
IPv4 CIDR notation (e.g., 192.0.2.0/24)
sourcePort Number
Source port for your rule. Only with TCP/UDP protocol
sourcePortDesc String
String description of field source_port
state String
Current state of your rule
tcpOption String
TCP option on your rule (syn|established)

Import

The resource can be imported using the properties ip, ip_on_firewall and sequence, separated by “|” E.g.,

bash

$ pulumi import ovh:Ip/firewallRule:FirewallRule my_firewall_rule '127.0.0.1|127.0.0.2|0'
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
ovh ovh/pulumi-ovh
License
Apache-2.0
Notes
This Pulumi package is based on the ovh Terraform Provider.