Create Firewall Rule
Creates a single firewall rule based on a given Provider Gateway.
externalNetworkId
externalNetworkId
{
"id": "string",
"name": "string",
"description": "string",
"sourceFirewallGroups": [
{
"name": "string",
"id": "string"
}
],
"sourceFirewallIpAddresses": [
"string"
],
"destinationFirewallGroups": [
{
"name": "string",
"id": "string"
}
],
"destinationFirewallIpAddresses": [
"string"
],
"applicationPortProfiles": [
{
"name": "string",
"id": "string"
}
],
"rawPortProtocols": [
{
"layer4Item": {
"protocol": "string",
"sourcePorts": [
"8080",
"8090-8095"
],
"destinationPorts": [
"20",
"21",
"139-445"
]
}
}
],
"ipProtocol": "string",
"actionValue": "string",
"direction": "string",
"logging": false,
"networkContextProfiles": [
{
"name": "string",
"id": "string"
}
],
"active": false,
"version": {
"version": 0
},
"comments": "string",
"appliedTo": {
"name": "string",
"id": "string"
},
"loggingId": "string",
"relativePosition": {
"adjacentRuleId": "string",
"rulePosition": "string"
}
}
The unique id of this firewall rule. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated.
Name for the rule.
description
List of source groups for firewall rule. It specifies the sources of network traffic for the firewall rule. Null values in both this property and sourceFirewallIpAddresses will be treated as "ANY" For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.
List of source IP addresses, IP Ranges, or CIDRs. This specifies the source of the traffic which the firewall rule will be applied to Null values in both this property and sourceFirewallGroups will be treated as "ANY"
List of source groups for firewall rule. It specifies the destinations of network traffic for the firewall rule. Null values in both this property and destinationFirewallIpAddresses will be treated as "ANY" For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.
List of destination IP addresses, IP Ranges, or CIDRs. This specifies the destination of the traffic which the firewall rule will be applied to Null values in both this property and destinationFirewallGroups will be treated as "ANY"
The list of application ports where this firewall rule is applicable. Null value or an empty list will be treated as "ANY" which means rule applies to all ports.
A list of raw port-protocol entries where this firewall rule is applicable.
Type of IP packet that should be matched while enforcing the rule. Default value is IPV4_IPV6.
IPV4
IPV6
IPV4_IPV6
The action to be applied to all the traffic that meets the firewall rule criteria. It determines if the rule permits or blocks traffic. Property is required if action is not set. Below are valid values.
ALLOW
permits traffic to go through the firewall.DROP
blocks the traffic at the firewall. No response is sent back to the source.REJECT
blocks the traffic at the firewall. A response is sent back to the source.
Specifies the direction of the network traffic. Default value is IN_OUT.
IN
OUT
IN_OUT
Whether packet logging is active for firewall rule.
The list of layer 7 network context profiles where this firewall rule is applicable. Null value or an empty list will be treated as "ANY" which means rule applies to all applications and domains.
Whether the firewall rule is active.
This property describes the current version of the entity. To prevent clients from overwriting each other's changes, update operations must include the version which can be obtained by issuing a GET operation. If the version number on an update call is missing, the operation will be rejected. This is only needed on update calls.
Text for user entered comments on the firewall rule. Length cannot exceed 2048 characters.
Unique ID assigned by the backing NSX-T network provider. Passed all the way down to the datapath, and is used for logging by NSX-T. Only applies to NSX-T.
Defines a relative position to place a firewall rule.
The request have been accepted and the task to monitor the request is in the Location header.