cloudflare_magic_firewall_ruleset

Magic Firewall is a network-level firewall to protect networks that are onboarded to Cloudflare's Magic Transit. This resource creates a root ruleset on the account level and contains one or more rules. Rules can be crafted in Wireshark syntax and are evaluated in order, with the first rule having the highest priority.

Example Usage

resource "cloudflare_magic_firewall_ruleset" "example" {
  account_id = "d41d8cd98f00b204e9800998ecf8427e"
  name = "Magic Transit Ruleset"
  description = "Global mitigations"

  rules = [
    {
      action = "allow"
      expression = "tcp.dstport in { 32768..65535 }"
      description = "Allow TCP Ephemeral Ports"
      enabled = "true"
    },
    {
      action = "block"
      expression = "ip.len >= 0"
      description = "Block all"
      enabled = "true"
    }
  ]
}

Argument Reference

The following arguments are supported:

The rules block is a list of maps with the following attributes:

Import

An existing Magic Firewall Ruleset can be imported using the account ID and ruleset ID

$ terraform import cloudflare_magic_firewall_ruleset.example d41d8cd98f00b204e9800998ecf8427e/cb029e245cfdd66dc8d2e570d5dd3322