VAppNetworkDescriptor_FirewallRule
Represents a firewall rule.
{
"description": "Some description.",
"destinationIp": "any",
"destinationPortRange": "any",
"destinationVm": {
"ipType": "assigned",
"vmName": "myvm",
"vmNicId": 1
},
"direction": "in",
"enableLogging": false,
"icmpSubType": "address-mask-request",
"id": "3b09cb36-1736-4bbf-a693-1a4947bdfeee",
"isEnabled": true,
"matchOnTranslate": true,
"policy": "allow",
"port": -1,
"position": 1,
"protocol": {
"any": true,
"icmp": true,
"other": "string",
"tcp": true,
"udp": true
},
"sourceIp": "10.71.80.255",
"sourcePort": -1,
"sourcePortRange": "any",
"sourceVm": {
"ipType": "assigned",
"vmName": "myvm",
"vmNicId": 1
}
}A description of the rule.
Destination IP address to which the rule applies. A value of Any matches any IP address.
Destination port range to which this rule applies.
Direction of traffic to which rule applies. One of: in (rule applies to incoming traffic. This is the default value), out (rule applies to outgoing traffic).
Used to enable or disable firewall rule logging. Default value is false
ICMP subtype. One of: address-mask-request, address-mask-reply, destination-unreachable, echo-request, echo-reply, parameter-problem, redirect, router-advertisement, router-solicitation, source-quench, time-exceeded, timestamp-request, timestamp-reply, any.
Firewall rule identifier.
Used to enable or disable the firewall rule. Default value is true.
For DNATed traffic, match the firewall rules only after the destination IP is translated.
One of: drop (drop packets that match the rule), allow (allow packets that match the rule to pass through the firewall)
The port to which this rule applies. A value of -1 matches any port.
The position of the firewall rule.
Source IP address to which the rule applies. A value of Any matches any IP address.
Source port to which this rule applies. A value of -1 matches any port.
Source port range to which this rule applies.