InlineFirewallRule1
InlineFirewallRule1
JSON Example
{
"direction": "string",
"rule_tag": "string",
"ip_protocol": "string",
"notes": "string",
"applied_tos": [
{
"target_display_name": "string",
"is_valid": false,
"target_id": "string",
"target_type": "string"
}
],
"logged": false,
"destinations_excluded": false,
"disabled": false,
"sources": [
{
"target_display_name": "string",
"is_valid": false,
"target_id": "string",
"target_type": "string"
}
],
"services": [
{
"target_display_name": "string",
"is_valid": false,
"target_id": "string",
"target_type": "string",
"service": {
"resource_type": "string"
}
}
],
"sources_excluded": false,
"action": "string",
"destinations": [
{
"target_display_name": "string",
"is_valid": false,
"target_id": "string",
"target_type": "string"
}
]
}string
direction
Optional
Rule direction in case of stateless firewall rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified.
Possible values are : IN, OUT, IN_OUT,
string
rule_tag
Optional
User level field which will be printed in CLI and packet logs.
string
ip_protocol
Optional
Type of IP packet that should be matched while enforcing the rule.
Possible values are : IPV4, IPV6, IPV4_IPV6,
string
notes
Optional
User notes specific to the rule.
array of ResourceReference
applied_tos
Optional
List of object where rule will be enforced. The section level field overrides this one. Null will be treated as any.
boolean
logged
Optional
Flag to enable packet logging. Default is disabled.
boolean
destinations_excluded
Optional
Negation of the destination.
boolean
disabled
Optional
Flag to disable rule. Disabled will only be persisted but never provisioned/realized.
boolean
sources_excluded
Optional
Negation of the source.
string
action
Required
Action enforced on the packets which matches the firewall rule.
Possible values are : ALLOW, DROP, REJECT,
array of ResourceReference
destinations
Optional
List of the destinations. Null will be treated as any.