Firewall

Manage firewall rule sets and attach them to virtual machines using the NetActuate Terraform provider v2.

Repository

git clone https://github.com/netactuate/netactuate-terraform-firewall
cd netactuate-terraform-firewall

Firewall Set

Create a named firewall set to hold your rules:

resource "netactuate_firewall_set" "web" {
  name = "web-server-rules"
}

Firewall Rules

Add rules to the set. Rules are evaluated by priority (lower numbers are evaluated first).

IPv4 Example

resource "netactuate_firewall_rule" "allow_http" {
  firewall_set_id      = netactuate_firewall_set.web.id
  direction            = "IN"
  protocol             = "tcp"
  destination_port_start = 80
  destination_port_end   = 80
  source_net           = ["0.0.0.0/0"]
  action               = "ACCEPT"
  rule_priority        = 100
  ip_version           = "IPv4"
  enabled              = true
}

resource "netactuate_firewall_rule" "allow_https" {
  firewall_set_id      = netactuate_firewall_set.web.id
  direction            = "IN"
  protocol             = "tcp"
  destination_port_start = 443
  destination_port_end   = 443
  source_net           = ["0.0.0.0/0"]
  action               = "ACCEPT"
  rule_priority        = 110
  ip_version           = "IPv4"
  enabled              = true
}

resource "netactuate_firewall_rule" "deny_all_tcp" {
  firewall_set_id = netactuate_firewall_set.web.id
  direction       = "IN"
  protocol        = "tcp"
  source_net      = ["0.0.0.0/0"]
  action          = "DROP"
  rule_priority   = 1000
  ip_version      = "IPv4"
  enabled         = true
}

resource "netactuate_firewall_rule" "deny_all_udp" {
  firewall_set_id = netactuate_firewall_set.web.id
  direction       = "IN"
  protocol        = "udp"
  source_net      = ["0.0.0.0/0"]
  action          = "DROP"
  rule_priority   = 1010
  ip_version      = "IPv4"
  enabled         = true
}

resource "netactuate_firewall_rule" "deny_all_icmp" {
  firewall_set_id = netactuate_firewall_set.web.id
  direction       = "IN"
  protocol        = "icmp"
  source_net      = ["0.0.0.0/0"]
  action          = "DROP"
  rule_priority   = 1020
  ip_version      = "IPv4"
  enabled         = true
}

IPv6 Example

resource "netactuate_firewall_rule" "allow_http_v6" {
  firewall_set_id      = netactuate_firewall_set.web.id
  direction            = "IN"
  protocol             = "tcp"
  destination_port_start = 80
  destination_port_end   = 80
  source_net           = ["::/0"]
  action               = "ACCEPT"
  rule_priority        = 200
  ip_version           = "IPv6"
  enabled              = true
}

resource "netactuate_firewall_rule" "deny_all_v6_tcp" {
  firewall_set_id = netactuate_firewall_set.web.id
  direction       = "IN"
  protocol        = "tcp"
  source_net      = ["::/0"]
  action          = "DROP"
  rule_priority   = 1100
  ip_version      = "IPv6"
  enabled         = true
}

resource "netactuate_firewall_rule" "deny_all_v6_udp" {
  firewall_set_id = netactuate_firewall_set.web.id
  direction       = "IN"
  protocol        = "udp"
  source_net      = ["::/0"]
  action          = "DROP"
  rule_priority   = 1110
  ip_version      = "IPv6"
  enabled         = true
}

resource "netactuate_firewall_rule" "deny_all_v6_icmp" {
  firewall_set_id = netactuate_firewall_set.web.id
  direction       = "IN"
  protocol        = "icmp"
  source_net      = ["::/0"]
  action          = "DROP"
  rule_priority   = 1120
  ip_version      = "IPv6"
  enabled         = true
}

Attach to VM

Apply the firewall set to a virtual machine:

resource "netactuate_firewall_set_vm" "web_server" {
  firewall_set_id = netactuate_firewall_set.web.id
  mbpkgid         = netactuate_server.web.id
}

A VM can have one firewall set attached at a time. Changing the set replaces all rules applied to that VM.

Need Help?

If you need assistance with firewall configuration, visit our support page.

Repository​

Firewall Set​

Firewall Rules​

IPv4 Example​

IPv6 Example​

Attach to VM​

Need Help?​