FirewallRule

Describes a Firewall rule.


Properties

action Optional

The action to be applied to all the traffic that meets the firewall rule criteria. It determines if the rule permits or blocks traffic. This property is now deprecated and replaced with actionValue. Property is required if actionValue is not set.

Possible values are: ALLOWDROP


string
actionValue Optional

The action to be applied to all the traffic that meets the firewall rule criteria. It determines if the rule permits or blocks traffic. Property is required if action is not set. Below are valid values.

  • ALLOW permits traffic to go through the firewall.
  • DROP blocks the traffic at the firewall. No response is sent back to the source.
  • REJECT blocks the traffic at the firewall. A response is sent back to the source.

Added in 35.2

array of EntityReference
applicationPortProfiles Optional

The list of application ports where this firewall rule is applicable. Null value or an empty list will be treated as “ANY” which means rule applies to all ports.


string
description Optional
Description not available

array of EntityReference
destinationFirewallGroups Optional

List of source groups for firewall rule. It specifies the destinations of network traffic for the firewall rule. Null value or an empty list will be treated as “ANY” which means traffic to any destination. For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.


direction Optional

Specifies the direction of the network traffic. Default value is IN_OUT.

Possible values are: INOUTIN_OUT


boolean
enabled Optional

Whether the firewall rule is enabled.


string
id Optional

The unique id of this firewall rule. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated.


ipProtocol Optional

Type of IP packet that should be matched while enforcing the rule. Default value is IPV4_IPV6.

Possible values are: IPV4IPV6IPV4_IPV6


boolean
logging Optional

Whether packet logging is enabled for firewall rule.


string
name Required

Name for the rule.


array of EntityReference
networkContextProfiles Optional

The list of layer 7 network context profiles where this firewall rule is applicable. Null value or an empty list will be treated as “ANY” which means rule applies to all applications and domains.


array of EntityReference
sourceFirewallGroups Optional

List of source groups for firewall rule. It specifies the sources of network traffic for the firewall rule. Null value or an empty list will be treated as “ANY” which means traffic from any source. For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.


version Optional

This property describes the current version of the entity. To prevent clients from overwriting each other’s changes, update operations must include the version which can be obtained by issuing a GET operation. If the version number on an update call is missing, the operation will be rejected. This is only needed on update calls.

JSON Example

{
    "name": "string"
}
Availability
Added in 34.0
Used By

EdgeFirewallRule
DfwRule
Feedback

Was this page helpful?