Data Source: oci_network_firewall_network_firewall_policy_security_rules
This data source provides the list of Network Firewall Policy Security Rules in Oracle Cloud Infrastructure Network Firewall service.
Returns a list of Security Rule for the Network Firewall Policy.
Example Usage
data "oci_network_firewall_network_firewall_policy_security_rules" "test_network_firewall_policy_security_rules" {
#Required
network_firewall_policy_id = oci_network_firewall_network_firewall_policy.test_network_firewall_policy.id
#Optional, only one of the following should be provided
display_name = var.network_firewall_policy_security_rule_display_name
security_rule_priority_order = var.network_firewall_policy_security_rule_security_rule_priority_order
}
Argument Reference
The following arguments are supported:
display_name
- (Optional) A filter to return only resources that match the entire display name given.network_firewall_policy_id
- (Required) Unique Network Firewall Policy identifiersecurity_rule_priority_order
- (Optional) Unique priority order for Security Rules in the network firewall policy.
Attributes Reference
The following attributes are exported:
security_rule_summary_collection
- The list of security_rule_summary_collection.
NetworkFirewallPolicySecurityRule Reference
The following attributes are exported:
action
- Types of Action on the Traffic flow.- ALLOW - Allows the traffic.
- DROP - Silently drops the traffic, e.g. without sending a TCP reset.
- REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
- INSPECT - Inspects traffic for vulnerability as specified in
inspection
, which may result in rejection.
condition
- Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.application
- An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.destination_address
- An array of IP address list names to be evaluated against the traffic destination address.service
- An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters.source_address
- An array of IP address list names to be evaluated against the traffic source address.url
- An array of URL pattern list names to be evaluated against the HTTP(S) request target.
inspection
- Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.- INTRUSION_DETECTION - Intrusion Detection.
- INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in
type
.
name
- Name for the Security rule, must be unique within the policy.parent_resource_id
- OCID of the Network Firewall Policy this security rule belongs to.position
- An object which defines the position of the rule.after_rule
- Identifier for rule after which this rule lies.before_rule
- Identifier for rule before which this rule lies.