This resource provides the Network Firewall Policy Security Rule resource in Oracle Cloud Infrastructure Network Firewall service.
Creates a new Security Rule for the Network Firewall Policy.
resource "oci_network_firewall_network_firewall_policy_security_rule" "test_network_firewall_policy_security_rule" {
lifecycle {
ignore_changes = [position]
}
#Required
action = var.network_firewall_policy_security_rule_action
name = var.network_firewall_policy_security_rule_name
condition {
application = var.network_firewall_policy_security_rule_condition_application
destination_address = var.network_firewall_policy_security_rule_condition_destination_address
service = var.network_firewall_policy_security_rule_condition_service
source_address = var.network_firewall_policy_security_rule_condition_source_address
url = var.network_firewall_policy_security_rule_condition_url
}
network_firewall_policy_id = oci_network_firewall_network_firewall_policy.test_network_firewall_policy.id
#Optional
inspection = var.network_firewall_policy_security_rule_inspection
position {
#Optional
after_rule = var.network_firewall_policy_security_rule_position_after_rule
before_rule = var.network_firewall_policy_security_rule_position_before_rule
}
}
The following arguments are supported:
action
- (Required) (Updatable) Types of Action on the Traffic flow.
inspection
, which may result in rejection. condition
- (Required) (Updatable) Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic. The resources mentioned must already be present in the policy before being referenced in the rule.
application
- (Optional) (Updatable) An array of application group names to be evaluated against the traffic protocol and protocol-specific parameters.destination_address
- (Optional) (Updatable) An array of address list names to be evaluated against the traffic destination address.service
- (Optional) (Updatable) An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters.source_address
- (Optional) (Updatable) An array of address list names to be evaluated against the traffic source address.url
- (Optional) (Updatable) An array of URL list names to be evaluated against the HTTP(S) request target.inspection
- (Optional) (Updatable) Type of inspection to affect the traffic flow. This is only applicable if action is INSPECT.
type
. name
- (Required) Name for the Security rule, must be unique within the policy.network_firewall_policy_id
- (Required) Unique Network Firewall Policy identifierposition
- (Optional) (Updatable) An object which defines the position of the rule. Only one of the following position references should be provided.
after_rule
- (Optional) (Updatable) Identifier for rule after which this rule lies.before_rule
- (Optional) (Updatable) Identifier for rule before which this rule lies.* IMPORTANT * Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
The following attributes are exported:
action
- Types of Action on the Traffic flow.
inspection
, which may result in rejection. condition
- Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.
application
- An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.destination_address
- An array of address list names to be evaluated against the traffic destination address.service
- An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters.source_address
- An array of address list names to be evaluated against the traffic source address.url
- An array of URL list names to be evaluated against the HTTP(S) request target.inspection
- Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.
type
. name
- Name for the Security rule, must be unique within the policy.parent_resource_id
- OCID of the Network Firewall Policy this security rule belongs to.position
- An object which defines the position of the rule.
after_rule
- Identifier for rule after which this rule lies.before_rule
- Identifier for rule before which this rule lies.The timeouts
block allows you to specify timeouts for certain operations:
* create
- (Defaults to 20 minutes), when creating the Network Firewall Policy Security Rule
* update
- (Defaults to 20 minutes), when updating the Network Firewall Policy Security Rule
* delete
- (Defaults to 20 minutes), when destroying the Network Firewall Policy Security Rule
NetworkFirewallPolicySecurityRules can be imported using the name
, e.g.
$ terraform import oci_network_firewall_network_firewall_policy_security_rule.test_network_firewall_policy_security_rule "networkFirewallPolicies/{networkFirewallPolicyId}/securityRules/{securityRuleName}"