Skip to content

Latest commit

 

History

History

nsxt-distributed-firewall-manager

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

VMWare NSX-T Distributed Firewall Terraform Module

This Terraform configures a distributed firewall policy section and rules.

Requirements

Name Version
terraform >= 1.3.0
nsxt >= 3.2.7

Usage

Basic usage of this module is as follows:

module "example" {
	 source  = "<module-path>"

	 # Required variables
	 nsxt_dfw_insert_before_section  = 
	 nsxt_dfw_section_description  = 
	 nsxt_dfw_section_display_name  = 

	 # Optional variables
	 nsxt_dfw_custom_l4_services  = {}
	 nsxt_dfw_ip_sets  = {}
	 nsxt_dfw_resource_description  = "Terraform provisioned"
	 nsxt_dfw_rules  = []
	 nsxt_dfw_section_applied_to  = {}
	 nsxt_dfw_section_tags  = {}
	 nsxt_dfw_section_type  = "LAYER3"
}

Resources

Name Type
nsxt_firewall_section.firewall_sect resource
nsxt_ip_set.ip_sets resource
nsxt_l4_port_set_ns_service.ns_service_l4 resource
nsxt_firewall_section.insert_before_section data source

Inputs

Name Description Type Default Required
nsxt_dfw_custom_l4_services A map of objects which is used to define custom TCP/UDP services which can be
added to firewall rules. Service objects allow all properties in the Terraform
[nsxt_policy_service l4_port_set_entry object]
(https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_service#l4_port_set_entry)		 
map(object({
    description       = string
    protocol          = optional(string)
    destination_ports = optional(list(number))
    source_ports      = optional(list(number))
    tags              = optional(map(string))
  }))
 {} no
nsxt_dfw_insert_before_section Firewall section name that should come immediately after the one created. string n/a yes
nsxt_dfw_ip_sets IP sets as key value pairs. Example:
{
"ip_set_source_1" = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"],
"ip_set_source_2" = ["10.0.7.0/24", "10.0.8.0/24", "10.0.9.0/24"],
"ip_set_dest_1" = ["10.0.10.0/24", "10.0.11.0/24", "10.0.12.0/24"]
}		 map(list(string)) {} no
nsxt_dfw_resource_description A string added to the description field of all created resources string "Terraform provisioned" no
nsxt_dfw_rules A list of objects which describe firewall rules. Rule objects allow all properties in the Terraform nsxt_policy_gateway_policy rule object. 
list(object({
    display_name             = string
    description              = optional(string)
    disabled                 = optional(bool)
    action                   = optional(string)
    direction                = optional(string)
    logged                   = optional(bool)
    ip_protocol              = optional(string)
    destinations_excluded    = optional(bool)
    source_ip_set_names      = optional(list(string))
    destination_ip_set_names = optional(list(string))
    services                 = optional(list(string))
    tags                     = optional(map(string))
  }))
 [] no
nsxt_dfw_section_applied_to A map of NSX-T target_type:target_id pairs map(string) {} no
nsxt_dfw_section_description Description of the DFW Section to be created. string n/a yes
nsxt_dfw_section_display_name Display Name of the DFW Section to be created. string n/a yes
nsxt_dfw_section_tags A map of NSX-T tag:scope pairs map(string) {} no
nsxt_dfw_section_type Firewall section for DFW rules string "LAYER3" no

Outputs

Name Description
nsxt_firewall_ipsets The NSX resource ID for created Ip Sets.
nsxt_firewall_section The NSX resource ID for the created policy.
nsxt_firewall_service The NSX firewall service.