FirewallRule

Name for the rule.

The action to be applied to all the traffic that meets the firewall rule criteria. It determines if the rule permits or blocks traffic. This property is now deprecated and replaced with actionValue. Property is required if actionValue is not set.

The list of application ports where this firewall rule is applicable. Null value or an empty list will be treated as “ANY” which means rule applies to all ports.

Used to limit application of this firewall rule to the specified Org VDC or segment backed external network. Only networks connected as service interfaces are usable.

Text for user entered comments on the firewall rule. Length cannot exceed 2048 characters.

List of source groups for firewall rule. It specifies the destinations of network traffic for the firewall rule. Null value or an empty list will be treated as “ANY” which means traffic to any destination. For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.

Specifies the direction of the network traffic. Default value is IN_OUT.

Whether the firewall rule is enabled.

The unique id of this firewall rule. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated.

Type of IP packet that should be matched while enforcing the rule. Default value is IPV4_IPV6.

Whether packet logging is enabled for firewall rule.

The action to be applied to all the traffic that meets the firewall rule criteria. It determines if the rule permits or blocks traffic. Property is required if action is not set. Below are valid values.

• ALLOW permits traffic to go through the firewall.
• DROP blocks the traffic at the firewall. No response is sent back to the source.
• REJECT blocks the traffic at the firewall. A response is sent back to the source.

The list of layer 7 network context profiles where this firewall rule is applicable. Null value or an empty list will be treated as “ANY” which means rule applies to all applications and domains.

List of source groups for firewall rule. It specifies the sources of network traffic for the firewall rule. Null value or an empty list will be treated as “ANY” which means traffic from any source. For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.

This property describes the current version of the entity. To prevent clients from overwriting each other’s changes, update operations must include the version which can be obtained by issuing a GET operation. If the version number on an update call is missing, the operation will be rejected. This is only needed on update calls.