Firewall
Provides a DigitalOcean Cloud Firewall resource. This can be used to create, modify, and delete Firewalls.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as digitalocean from "@pulumi/digitalocean";
const web = new digitalocean.Droplet("web", {
name: "web-1",
size: digitalocean.DropletSlug.DropletS1VCPU1GB,
image: "ubuntu-18-04-x64",
region: digitalocean.Region.NYC3,
});
const webFirewall = new digitalocean.Firewall("web", {
name: "only-22-80-and-443",
dropletIds: [web.id],
inboundRules: [
{
protocol: "tcp",
portRange: "22",
sourceAddresses: [
"192.168.1.0/24",
"2002:1:2::/48",
],
},
{
protocol: "tcp",
portRange: "80",
sourceAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "tcp",
portRange: "443",
sourceAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "icmp",
sourceAddresses: [
"0.0.0.0/0",
"::/0",
],
},
],
outboundRules: [
{
protocol: "tcp",
portRange: "53",
destinationAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "udp",
portRange: "53",
destinationAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "icmp",
destinationAddresses: [
"0.0.0.0/0",
"::/0",
],
},
],
});Content copied to clipboard
import pulumi
import pulumi_digitalocean as digitalocean
web = digitalocean.Droplet("web",
name="web-1",
size=digitalocean.DropletSlug.DROPLET_S1_VCPU1_GB,
image="ubuntu-18-04-x64",
region=digitalocean.Region.NYC3)
web_firewall = digitalocean.Firewall("web",
name="only-22-80-and-443",
droplet_ids=[web.id],
inbound_rules=[
{
"protocol": "tcp",
"port_range": "22",
"source_addresses": [
"192.168.1.0/24",
"2002:1:2::/48",
],
},
{
"protocol": "tcp",
"port_range": "80",
"source_addresses": [
"0.0.0.0/0",
"::/0",
],
},
{
"protocol": "tcp",
"port_range": "443",
"source_addresses": [
"0.0.0.0/0",
"::/0",
],
},
{
"protocol": "icmp",
"source_addresses": [
"0.0.0.0/0",
"::/0",
],
},
],
outbound_rules=[
{
"protocol": "tcp",
"port_range": "53",
"destination_addresses": [
"0.0.0.0/0",
"::/0",
],
},
{
"protocol": "udp",
"port_range": "53",
"destination_addresses": [
"0.0.0.0/0",
"::/0",
],
},
{
"protocol": "icmp",
"destination_addresses": [
"0.0.0.0/0",
"::/0",
],
},
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using DigitalOcean = Pulumi.DigitalOcean;
return await Deployment.RunAsync(() =>
{
var web = new DigitalOcean.Droplet("web", new()
{
Name = "web-1",
Size = DigitalOcean.DropletSlug.DropletS1VCPU1GB,
Image = "ubuntu-18-04-x64",
Region = DigitalOcean.Region.NYC3,
});
var webFirewall = new DigitalOcean.Firewall("web", new()
{
Name = "only-22-80-and-443",
DropletIds = new[]
{
web.Id,
},
InboundRules = new[]
{
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "tcp",
PortRange = "22",
SourceAddresses = new[]
{
"192.168.1.0/24",
"2002:1:2::/48",
},
},
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "tcp",
PortRange = "80",
SourceAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "tcp",
PortRange = "443",
SourceAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "icmp",
SourceAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
},
OutboundRules = new[]
{
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "tcp",
PortRange = "53",
DestinationAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "udp",
PortRange = "53",
DestinationAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "icmp",
DestinationAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-digitalocean/sdk/v4/go/digitalocean"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
web, err := digitalocean.NewDroplet(ctx, "web", &digitalocean.DropletArgs{
Name: pulumi.String("web-1"),
Size: pulumi.String(digitalocean.DropletSlugDropletS1VCPU1GB),
Image: pulumi.String("ubuntu-18-04-x64"),
Region: pulumi.String(digitalocean.RegionNYC3),
})
if err != nil {
return err
}
_, err = digitalocean.NewFirewall(ctx, "web", &digitalocean.FirewallArgs{
Name: pulumi.String("only-22-80-and-443"),
DropletIds: pulumi.IntArray{
web.ID(),
},
InboundRules: digitalocean.FirewallInboundRuleArray{
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("22"),
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
pulumi.String("2002:1:2::/48"),
},
},
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("80"),
SourceAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("443"),
SourceAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("icmp"),
SourceAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
},
OutboundRules: digitalocean.FirewallOutboundRuleArray{
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("53"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("udp"),
PortRange: pulumi.String("53"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("icmp"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.digitalocean.Droplet;
import com.pulumi.digitalocean.DropletArgs;
import com.pulumi.digitalocean.Firewall;
import com.pulumi.digitalocean.FirewallArgs;
import com.pulumi.digitalocean.inputs.FirewallInboundRuleArgs;
import com.pulumi.digitalocean.inputs.FirewallOutboundRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var web = new Droplet("web", DropletArgs.builder()
.name("web-1")
.size("s-1vcpu-1gb")
.image("ubuntu-18-04-x64")
.region("nyc3")
.build());
var webFirewall = new Firewall("webFirewall", FirewallArgs.builder()
.name("only-22-80-and-443")
.dropletIds(web.id())
.inboundRules(
FirewallInboundRuleArgs.builder()
.protocol("tcp")
.portRange("22")
.sourceAddresses(
"192.168.1.0/24",
"2002:1:2::/48")
.build(),
FirewallInboundRuleArgs.builder()
.protocol("tcp")
.portRange("80")
.sourceAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallInboundRuleArgs.builder()
.protocol("tcp")
.portRange("443")
.sourceAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallInboundRuleArgs.builder()
.protocol("icmp")
.sourceAddresses(
"0.0.0.0/0",
"::/0")
.build())
.outboundRules(
FirewallOutboundRuleArgs.builder()
.protocol("tcp")
.portRange("53")
.destinationAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallOutboundRuleArgs.builder()
.protocol("udp")
.portRange("53")
.destinationAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallOutboundRuleArgs.builder()
.protocol("icmp")
.destinationAddresses(
"0.0.0.0/0",
"::/0")
.build())
.build());
}
}Content copied to clipboard
resources:
web:
type: digitalocean:Droplet
properties:
name: web-1
size: s-1vcpu-1gb
image: ubuntu-18-04-x64
region: nyc3
webFirewall:
type: digitalocean:Firewall
name: web
properties:
name: only-22-80-and-443
dropletIds:
- ${web.id}
inboundRules:
- protocol: tcp
portRange: '22'
sourceAddresses:
- 192.168.1.0/24
- 2002:1:2::/48
- protocol: tcp
portRange: '80'
sourceAddresses:
- 0.0.0.0/0
- ::/0
- protocol: tcp
portRange: '443'
sourceAddresses:
- 0.0.0.0/0
- ::/0
- protocol: icmp
sourceAddresses:
- 0.0.0.0/0
- ::/0
outboundRules:
- protocol: tcp
portRange: '53'
destinationAddresses:
- 0.0.0.0/0
- ::/0
- protocol: udp
portRange: '53'
destinationAddresses:
- 0.0.0.0/0
- ::/0
- protocol: icmp
destinationAddresses:
- 0.0.0.0/0
- ::/0Content copied to clipboard
Import
Firewalls can be imported using the firewall id, e.g.
$ pulumi import digitalocean:index/firewall:Firewall myfirewall b8ecd2ab-2267-4a5e-8692-cbf1d32583e3Content copied to clipboard
Properties
Link copied to clipboard
The list of the IDs of the Droplets assigned to the Firewall (max. 10). If you want to assign more droplets to the Firewall, add Tags to them and use the tags argument below.
Link copied to clipboard
The inbound access rule block for the Firewall. The inbound_rule block is documented below.
Link copied to clipboard
The outbound access rule block for the Firewall. The outbound_rule block is documented below.
Link copied to clipboard
An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard