You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please list the resources as a list, for example:
google_compute_firewall
In GCE you can put priority on firewall rules so that you can do something like:
block tcp:22 to 10.128.0.0/16 priority 5000
allow tcp:22 ONLY to 10.128.0.5/32 priority 100
This would allow tcp22 to 10.128.0.5 but block tcp:22 to the rest of the subnet. We heavily utilize rules in this fashion and need to be able to input priority into terraform configs. Its not currently documented as being supported at all. Hopefully this is an easy fix.
Here is the gcloud command that would use priority:
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
ghost
locked and limited conversation to collaborators
Mar 31, 2020
Terraform Version
terraform -v
Terraform v0.10.2
Affected Resource(s)
Please list the resources as a list, for example:
google_compute_firewall
In GCE you can put priority on firewall rules so that you can do something like:
This would allow tcp22 to 10.128.0.5 but block tcp:22 to the rest of the subnet. We heavily utilize rules in this fashion and need to be able to input priority into terraform configs. Its not currently documented as being supported at all. Hopefully this is an easy fix.
Here is the gcloud command that would use priority:
gcloud beta compute --project=blah firewall-rules create block --direction=EGRESS --priority=5000 --network=default --deny=all --destination-ranges=10.128.0.0/16
And the REST call:
POST https://www.googleapis.com/compute/v1/projects/blah/global/firewalls
{
"name": "block",
"selfLink": "projects/blah/global/firewalls/block",
"network": "projects/blah/global/networks/default",
"direction": "EGRESS",
"priority": 5000,
"denied": [
{
"IPProtocol": "all"
}
],
"destinationRanges": [
"10.128.0.0/16"
]
}
The text was updated successfully, but these errors were encountered: