@pulumi/linode/firewall.d.ts

A Pulumi package for creating and managing linode cloud resources.

import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
 * Manages a Linode Firewall.
 * For more information, see the [Linode APIv4 docs](https://techdocs.akamai.com/linode-api/reference/post-firewalls).
 *
 * ## Example Usage
 *
 * Accept only inbound HTTP(s) requests and drop outbound HTTP(s) requests:
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as linode from "@pulumi/linode";
 *
 * const myInstance = new linode.Instance("my_instance", {
 *     label: "my_instance",
 *     image: "linode/ubuntu22.04",
 *     region: "us-southeast",
 *     type: "g6-standard-1",
 *     rootPass: "bogusPassword$",
 *     swapSize: 256,
 * });
 * const myFirewall = new linode.Firewall("my_firewall", {
 *     label: "my_firewall",
 *     inbounds: [
 *         {
 *             label: "allow-http",
 *             action: "ACCEPT",
 *             protocol: "TCP",
 *             ports: "80",
 *             ipv4s: ["0.0.0.0/0"],
 *             ipv6s: ["::/0"],
 *         },
 *         {
 *             label: "allow-https",
 *             action: "ACCEPT",
 *             protocol: "TCP",
 *             ports: "443",
 *             ipv4s: ["0.0.0.0/0"],
 *             ipv6s: ["::/0"],
 *         },
 *     ],
 *     inboundPolicy: "DROP",
 *     outbounds: [
 *         {
 *             label: "reject-http",
 *             action: "DROP",
 *             protocol: "TCP",
 *             ports: "80",
 *             ipv4s: ["0.0.0.0/0"],
 *             ipv6s: ["::/0"],
 *         },
 *         {
 *             label: "reject-https",
 *             action: "DROP",
 *             protocol: "TCP",
 *             ports: "443",
 *             ipv4s: ["0.0.0.0/0"],
 *             ipv6s: ["::/0"],
 *         },
 *     ],
 *     outboundPolicy: "ACCEPT",
 *     linodes: [myInstance.id],
 * });
 * ```
 *
 * ## Import
 *
 * Firewalls can be imported using the `id`, e.g.
 *
 * ```sh
 * $ pulumi import linode:index/firewall:Firewall my_firewall 12345
 * ```
 */
export declare class Firewall extends pulumi.CustomResource {
    /**
     * Get an existing Firewall resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FirewallState, opts?: pulumi.CustomResourceOptions): Firewall;
    /**
     * Returns true if the given object is an instance of Firewall.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is Firewall;
    /**
     * When this firewall was created
     */
    readonly created: pulumi.Output<string>;
    /**
     * The devices associated with this firewall.
     */
    readonly devices: pulumi.Output<outputs.FirewallDevice[]>;
    /**
     * If `true`, the Firewall's rules are not enforced (defaults to `false`).
     *
     * * `inbound` - (Optional) A firewall rule that specifies what inbound network traffic is allowed.
     */
    readonly disabled: pulumi.Output<boolean>;
    /**
     * The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (`ACCEPT`, `DROP`)
     *
     * * `outbound` - (Optional) A firewall rule that specifies what outbound network traffic is allowed.
     */
    readonly inboundPolicy: pulumi.Output<string>;
    /**
     * A firewall rule that specifies what inbound network traffic is allowed.
     */
    readonly inbounds: pulumi.Output<outputs.FirewallInbound[] | undefined>;
    /**
     * This Firewall's unique label.
     */
    readonly label: pulumi.Output<string>;
    /**
     * A list of IDs of Linodes this Firewall should govern network traffic for.
     */
    readonly linodes: pulumi.Output<number[]>;
    /**
     * A list of IDs of NodeBalancers this Firewall should govern network traffic for.
     */
    readonly nodebalancers: pulumi.Output<number[]>;
    /**
     * The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (`ACCEPT`, `DROP`)
     */
    readonly outboundPolicy: pulumi.Output<string>;
    /**
     * A firewall rule that specifies what outbound network traffic is allowed.
     */
    readonly outbounds: pulumi.Output<outputs.FirewallOutbound[] | undefined>;
    /**
     * The status of the Firewall.
     */
    readonly status: pulumi.Output<string>;
    /**
     * A list of tags applied to the Kubernetes cluster. Tags are case-insensitive and are for organizational purposes only.
     */
    readonly tags: pulumi.Output<string[]>;
    /**
     * When this firewall was last updated
     */
    readonly updated: pulumi.Output<string>;
    /**
     * Create a Firewall resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: FirewallArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering Firewall resources.
 */
export interface FirewallState {
    /**
     * When this firewall was created
     */
    created?: pulumi.Input<string>;
    /**
     * The devices associated with this firewall.
     */
    devices?: pulumi.Input<pulumi.Input<inputs.FirewallDevice>[]>;
    /**
     * If `true`, the Firewall's rules are not enforced (defaults to `false`).
     *
     * * `inbound` - (Optional) A firewall rule that specifies what inbound network traffic is allowed.
     */
    disabled?: pulumi.Input<boolean>;
    /**
     * The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (`ACCEPT`, `DROP`)
     *
     * * `outbound` - (Optional) A firewall rule that specifies what outbound network traffic is allowed.
     */
    inboundPolicy?: pulumi.Input<string>;
    /**
     * A firewall rule that specifies what inbound network traffic is allowed.
     */
    inbounds?: pulumi.Input<pulumi.Input<inputs.FirewallInbound>[]>;
    /**
     * This Firewall's unique label.
     */
    label?: pulumi.Input<string>;
    /**
     * A list of IDs of Linodes this Firewall should govern network traffic for.
     */
    linodes?: pulumi.Input<pulumi.Input<number>[]>;
    /**
     * A list of IDs of NodeBalancers this Firewall should govern network traffic for.
     */
    nodebalancers?: pulumi.Input<pulumi.Input<number>[]>;
    /**
     * The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (`ACCEPT`, `DROP`)
     */
    outboundPolicy?: pulumi.Input<string>;
    /**
     * A firewall rule that specifies what outbound network traffic is allowed.
     */
    outbounds?: pulumi.Input<pulumi.Input<inputs.FirewallOutbound>[]>;
    /**
     * The status of the Firewall.
     */
    status?: pulumi.Input<string>;
    /**
     * A list of tags applied to the Kubernetes cluster. Tags are case-insensitive and are for organizational purposes only.
     */
    tags?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * When this firewall was last updated
     */
    updated?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a Firewall resource.
 */
export interface FirewallArgs {
    /**
     * If `true`, the Firewall's rules are not enforced (defaults to `false`).
     *
     * * `inbound` - (Optional) A firewall rule that specifies what inbound network traffic is allowed.
     */
    disabled?: pulumi.Input<boolean>;
    /**
     * The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule. (`ACCEPT`, `DROP`)
     *
     * * `outbound` - (Optional) A firewall rule that specifies what outbound network traffic is allowed.
     */
    inboundPolicy: pulumi.Input<string>;
    /**
     * A firewall rule that specifies what inbound network traffic is allowed.
     */
    inbounds?: pulumi.Input<pulumi.Input<inputs.FirewallInbound>[]>;
    /**
     * This Firewall's unique label.
     */
    label: pulumi.Input<string>;
    /**
     * A list of IDs of Linodes this Firewall should govern network traffic for.
     */
    linodes?: pulumi.Input<pulumi.Input<number>[]>;
    /**
     * A list of IDs of NodeBalancers this Firewall should govern network traffic for.
     */
    nodebalancers?: pulumi.Input<pulumi.Input<number>[]>;
    /**
     * The default behavior for outbound traffic. This setting can be overridden by updating the outbound.action property for an individual Firewall Rule. (`ACCEPT`, `DROP`)
     */
    outboundPolicy: pulumi.Input<string>;
    /**
     * A firewall rule that specifies what outbound network traffic is allowed.
     */
    outbounds?: pulumi.Input<pulumi.Input<inputs.FirewallOutbound>[]>;
    /**
     * A list of tags applied to the Kubernetes cluster. Tags are case-insensitive and are for organizational purposes only.
     */
    tags?: pulumi.Input<pulumi.Input<string>[]>;
}