Orchestration v2 Attributes for SecurityRule

The following sample JSON shows the key attributes of the SecurityRule object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

           {
                       "acl": "/Compute-acme/joe/acl_1",
                       "description": "Sec Rule 1",
                       "flowDirection": "egress",
                       "name": "/Compute-acme/joe/ipnetSecrule1",
                       "secProtocols": ["/Compute-acme/joe/secprotocol_1"],
                       "srcIpAddressPrefixSets": ["/Compute-acme/joe/ext_ip_address_list_1"]
            }
            
Parameter Required or Optional Description

name

required

The three-part name of the object (/Compute-identity_domain/user/object).

Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive.

When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.

flowDirection

required

The direction of flow of traffic that this rule applies to. Allowed values are ingress or egress.

srcVnicSet

optional

The vNICset from which you want to permit traffic. Only packets from vNICs in the specified vNICset are permitted. When no source vNICset is specified, traffic from any vNIC is permitted.

dstVnicSet

optional

The vNICset to which you want to permit traffic. Only packets to vNICs in the specified vNICset are permitted. When no destination vNICset is specified, traffic to any vNIC is permitted.

srcIpAddressPrefixSets

optional

A list of IP address prefix sets from which you want to permit traffic. Only packets from IP addresses in the specified IP address prefix sets are permitted. When no source IP address prefix sets are specified, traffic from any IP address is permitted.

dstIpAddressPrefixSets

optional

A list of IP address prefix sets to which you want to permit traffic. Only packets to IP addresses in the specified IP address prefix sets are permitted. When no destination IP address prefix sets are specified, traffic to any IP address is permitted.

secProtocols

optional

A list of security protocols for which you want to permit traffic. Only packets that match the specified protocols and ports are permitted. When no security protocols are specified, traffic using any protocol over any port is permitted.

enabledFlag

optional

Allows the security rule to be enabled or disabled. This parameter is set to true by default. Specify false to disable the security rule.

acl

optional

The name of the access control list (ACL) that contains this security rule.

description

optional

Description of the security rule.

tags

optional

Strings that you can use to tag the security rule.