| Attribute | Type | Required | CRUD
|
Default Value | Validation Constraints | Notes |
|---|---|---|---|---|---|---|
| id | uuid-str | N/A | R | generated | N/A | Unique identifier for the Firewall Rule object. |
| tenant_id | uuid-str | Yes | CR | Derived from Authentication token | N/A | Owner of the Firewall Rule. Only admin users can specify a tenant identifier other than their own. |
| name | String | No | CRU | None | N/A | Human readable name for the Firewall Rule (255 characters limit). Does not have to be unique. |
| description | String | No | CRU | None | N/A | Human readable description for the Firewall Rule (1024 characters limit). |
| firewall_policy_id | uuid-str | No | R | None | N/A | This is a readonly attribute which gets populated with the uuid of the Firewall Policy when this Firewall Rule is associated with a Firewall Policy. A Firewall Rule can be associated with one Firewall Policy at a time. The association can however be updated to a different Firewall Policy. This attribute can be "null" if the rule is not associated with any firewall policy. |
| shared | Bool | No | CRU | false | {true | false} | When set to True makes this Firewall Rule visible to tenants other than its owner, and can be used in Firewall Policies not owned by its tenant. |
| protocol | String | No | CRU | None | {icmp | tcp | udp | null} | IP Protocol |
| ip_version | Integer | No | CRU | 4 | {4 | 6} | IP Protocol Version |
| source_ip_address | String (IP address or CIDR) | No | CRU | None | valid IP address (v4 or v6), or CIDR | Source IP address or CIDR |
| destination_ip_address | String (IP address or CIDR) | No | CRU | None | Valid IP address (v4 or v6), or CIDR | Destination IP address or CIDR |
| source_port | Integer | No | CRU | None | Valid port number (integer or string), or port range in the format of a ':' separated range). In the case of port range, both ends of the range are included. | Source port number or a range |
| destination_port | Integer | No | CRU | None | Valid port number (integer or string), or port range in the format of a ':' separated range. In the case of port range, both ends of the range are included. | Destination port number or a range |
| position | Integer | No | R | None | N/A | This is a readonly attribute that gets assigned to this rule when the rule is associated with a Firewall Policy. It indicates the position of this rule in that Firewall Policy. This position number starts at 1. The position can be "null" if the firewall rule is not associated with any policy. |
| action | String | No | CRU | deny | {allow | deny} | Action to be performed on the traffic matching the rule (allow, deny) |
| enabled | Bool | No | CRU | true | {true | false} | When set to False will disable this rule in the Firewall Policy. Facilitates selectively turning off rules without having to disassociate the rule from the Firewall Policy |
| Attribute | Type | Required | CRUD
|
Default Value | Validation Constraints | Notes |
|---|---|---|---|---|---|---|
| id | uuid-str | N/A | R | generated | N/A | Unique identifier for the Firewall Policy object. |
| tenant_id | uuid-str | Yes | CR | Derived from Authentication token | N/A | Owner of the Firewall Policy. Only admin users can specify a tenant identifier other than their own. |
| name | String | No | CRU | None | N/A | Human readable name for the Firewall Policy (255 characters limit). Does not have to be unique. |
| description | String | No | CRU | None | N/A | Human readable description for the Firewall Policy (1024 characters limit) |
| shared | Bool | No | CRU | false | {true | false} | When set to True makes this Firewall Policy visible to tenants other than its owner. |
| firewall_rules | List | No | CRU | Empty list | JSON list of Firewall Rule uuids | This is an ordered list of Firewall Rule uuids. The Firewall applies the rules in the order in which they appear in this list. |
| audited | Bool | No | CRU | false | {true | false} | When set to True by the policy owner indicates that the Firewall Policy has been audited. This attribute is meant to aid in the firewall policy audit workflows. Each time the Firewall Policy or the associated Firewall Rules are changed, this attribute will be set to False and will have to be explicitly set to True through an update operation. |
| Attribute | Type | Required | CRUD
|
Default Value | Validation Constraints | Notes |
|---|---|---|---|---|---|---|
| id | uuid-str | N/A | R | generated | N/A | Unique identifier for the Firewall object. |
| tenant_id | uuid-str | Yes | CR | Derived from Authentication token | N/A | Owner of the Firewall. Only admin users can specify a tenant identifier other than their own. |
| name | String | No | CRU | None | N/A | Human readable name for the Firewall (255 characters limit). Does not have to be unique. |
| description | String | No | CRU | None | N/A | Human readable description for the Firewall (1024 characters limit) |
| admin_state_up | Bool | N/A | CRU | true | {true | false } | Administrative state of the Firewall. If false (down), firewall does not forward packets and will drop all traffic to/from VMs behind the firewall. |
| status | String | N/A | R | N/A | N/A | Indicates whether Firewall resource is currently operational. Possible values include: ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE. |
| shared | Bool | No | CRU | false | {true | false} | When set to True makes this Firewall Rule visible to tenants other than its owner, and can be used in Firewall Policies not owned by its tenant. |
| firewall_policy_id | uuid-str | No | CRU | None | valid Firewall Policy uuid | The Firewall Policy uuid that this Firewall is associated with. This Firewall will implement the rules contained in the Firewall Policy represented by this uuid. |