lxd 2.5.0, Mar 13 25

lxd 2.5.0 published on Thursday, Mar 13, 2025 by terraform-lxd

lxd.NetworkAcl

Explore with Pulumi AI

lxd 2.5.0 published on Thursday, Mar 13, 2025 by terraform-lxd

Create NetworkAcl Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new NetworkAcl(name: string, args?: NetworkAclArgs, opts?: CustomResourceOptions);

@overload
def NetworkAcl(resource_name: str,
               args: Optional[NetworkAclArgs] = None,
               opts: Optional[ResourceOptions] = None)

@overload
def NetworkAcl(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               config: Optional[Mapping[str, str]] = None,
               description: Optional[str] = None,
               egresses: Optional[Sequence[NetworkAclEgressArgs]] = None,
               ingresses: Optional[Sequence[NetworkAclIngressArgs]] = None,
               name: Optional[str] = None,
               project: Optional[str] = None,
               remote: Optional[str] = None)

func NewNetworkAcl(ctx *Context, name string, args *NetworkAclArgs, opts ...ResourceOption) (*NetworkAcl, error)

public NetworkAcl(string name, NetworkAclArgs? args = null, CustomResourceOptions? opts = null)

public NetworkAcl(String name, NetworkAclArgs args)
public NetworkAcl(String name, NetworkAclArgs args, CustomResourceOptions options)

type: lxd:NetworkAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args NetworkAclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args NetworkAclArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args NetworkAclArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NetworkAclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args NetworkAclArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var networkAclResource = new Lxd.NetworkAcl("networkAclResource", new()
{
    Config = 
    {
        { "string", "string" },
    },
    Description = "string",
    Egresses = new[]
    {
        new Lxd.Inputs.NetworkAclEgressArgs
        {
            Action = "string",
            State = "string",
            Description = "string",
            Destination = "string",
            DestinationPort = "string",
            IcmpCode = "string",
            IcmpType = "string",
            Protocol = "string",
            Source = "string",
        },
    },
    Ingresses = new[]
    {
        new Lxd.Inputs.NetworkAclIngressArgs
        {
            Action = "string",
            State = "string",
            Description = "string",
            Destination = "string",
            DestinationPort = "string",
            IcmpCode = "string",
            IcmpType = "string",
            Protocol = "string",
            Source = "string",
        },
    },
    Name = "string",
    Project = "string",
    Remote = "string",
});

example, err := lxd.NewNetworkAcl(ctx, "networkAclResource", &lxd.NetworkAclArgs{
Config: pulumi.StringMap{
"string": pulumi.String("string"),
},
Description: pulumi.String("string"),
Egresses: .NetworkAclEgressArray{
&.NetworkAclEgressArgs{
Action: pulumi.String("string"),
State: pulumi.String("string"),
Description: pulumi.String("string"),
Destination: pulumi.String("string"),
DestinationPort: pulumi.String("string"),
IcmpCode: pulumi.String("string"),
IcmpType: pulumi.String("string"),
Protocol: pulumi.String("string"),
Source: pulumi.String("string"),
},
},
Ingresses: .NetworkAclIngressArray{
&.NetworkAclIngressArgs{
Action: pulumi.String("string"),
State: pulumi.String("string"),
Description: pulumi.String("string"),
Destination: pulumi.String("string"),
DestinationPort: pulumi.String("string"),
IcmpCode: pulumi.String("string"),
IcmpType: pulumi.String("string"),
Protocol: pulumi.String("string"),
Source: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
Project: pulumi.String("string"),
Remote: pulumi.String("string"),
})

var networkAclResource = new NetworkAcl("networkAclResource", NetworkAclArgs.builder()
    .config(Map.of("string", "string"))
    .description("string")
    .egresses(NetworkAclEgressArgs.builder()
        .action("string")
        .state("string")
        .description("string")
        .destination("string")
        .destinationPort("string")
        .icmpCode("string")
        .icmpType("string")
        .protocol("string")
        .source("string")
        .build())
    .ingresses(NetworkAclIngressArgs.builder()
        .action("string")
        .state("string")
        .description("string")
        .destination("string")
        .destinationPort("string")
        .icmpCode("string")
        .icmpType("string")
        .protocol("string")
        .source("string")
        .build())
    .name("string")
    .project("string")
    .remote("string")
    .build());

network_acl_resource = lxd.NetworkAcl("networkAclResource",
    config={
        "string": "string",
    },
    description="string",
    egresses=[{
        "action": "string",
        "state": "string",
        "description": "string",
        "destination": "string",
        "destination_port": "string",
        "icmp_code": "string",
        "icmp_type": "string",
        "protocol": "string",
        "source": "string",
    }],
    ingresses=[{
        "action": "string",
        "state": "string",
        "description": "string",
        "destination": "string",
        "destination_port": "string",
        "icmp_code": "string",
        "icmp_type": "string",
        "protocol": "string",
        "source": "string",
    }],
    name="string",
    project="string",
    remote="string")

const networkAclResource = new lxd.NetworkAcl("networkAclResource", {
    config: {
        string: "string",
    },
    description: "string",
    egresses: [{
        action: "string",
        state: "string",
        description: "string",
        destination: "string",
        destinationPort: "string",
        icmpCode: "string",
        icmpType: "string",
        protocol: "string",
        source: "string",
    }],
    ingresses: [{
        action: "string",
        state: "string",
        description: "string",
        destination: "string",
        destinationPort: "string",
        icmpCode: "string",
        icmpType: "string",
        protocol: "string",
        source: "string",
    }],
    name: "string",
    project: "string",
    remote: "string",
});

type: lxd:NetworkAcl
properties:
    config:
        string: string
    description: string
    egresses:
        - action: string
          description: string
          destination: string
          destinationPort: string
          icmpCode: string
          icmpType: string
          protocol: string
          source: string
          state: string
    ingresses:
        - action: string
          description: string
          destination: string
          destinationPort: string
          icmpCode: string
          icmpType: string
          protocol: string
          source: string
          state: string
    name: string
    project: string
    remote: string

NetworkAcl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The NetworkAcl resource accepts the following input properties:

Config Dictionary<string, string>

Optional - Map of key/value pairs of network ACL config settings.

Description string

Optional - Description of the network ACL rule.

Egresses List<NetworkAclEgress>

Optional - List of network ACL rules for egress traffic. See reference below.

Ingresses List<NetworkAclIngress>

Optional - List of network ACL rules for ingress traffic. See reference below.

Name string

Required - Name of the network ACL.

Project string

Optional - Name of the project where the network ACL will be created.

Remote string

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

Config map[string]string

Optional - Map of key/value pairs of network ACL config settings.

Description string

Optional - Description of the network ACL rule.

Egresses []NetworkAclEgressArgs

Optional - List of network ACL rules for egress traffic. See reference below.

Ingresses []NetworkAclIngressArgs

Optional - List of network ACL rules for ingress traffic. See reference below.

Name string

Required - Name of the network ACL.

Project string

Optional - Name of the project where the network ACL will be created.

Remote string

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

config Map<String,String>

Optional - Map of key/value pairs of network ACL config settings.

description String

Optional - Description of the network ACL rule.

egresses List<NetworkAclEgress>

Optional - List of network ACL rules for egress traffic. See reference below.

ingresses List<NetworkAclIngress>

Optional - List of network ACL rules for ingress traffic. See reference below.

name String

Required - Name of the network ACL.

project String

Optional - Name of the project where the network ACL will be created.

remote String

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

config {[key: string]: string}

Optional - Map of key/value pairs of network ACL config settings.

description string

Optional - Description of the network ACL rule.

egresses NetworkAclEgress[]

Optional - List of network ACL rules for egress traffic. See reference below.

ingresses NetworkAclIngress[]

Optional - List of network ACL rules for ingress traffic. See reference below.

name string

Required - Name of the network ACL.

project string

Optional - Name of the project where the network ACL will be created.

remote string

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

config Mapping[str, str]

Optional - Map of key/value pairs of network ACL config settings.

description str

Optional - Description of the network ACL rule.

egresses Sequence[NetworkAclEgressArgs]

Optional - List of network ACL rules for egress traffic. See reference below.

ingresses Sequence[NetworkAclIngressArgs]

Optional - List of network ACL rules for ingress traffic. See reference below.

name str

Required - Name of the network ACL.

project str

Optional - Name of the project where the network ACL will be created.

remote str

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

config Map<String>

Optional - Map of key/value pairs of network ACL config settings.

description String

Optional - Description of the network ACL rule.

egresses List<Property Map>

Optional - List of network ACL rules for egress traffic. See reference below.

ingresses List<Property Map>

Optional - List of network ACL rules for ingress traffic. See reference below.

name String

Required - Name of the network ACL.

project String

Optional - Name of the project where the network ACL will be created.

remote String

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

Outputs

All input properties are implicitly available as output properties. Additionally, the NetworkAcl resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing NetworkAcl Resource

Get an existing NetworkAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NetworkAclState, opts?: CustomResourceOptions): NetworkAcl

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        config: Optional[Mapping[str, str]] = None,
        description: Optional[str] = None,
        egresses: Optional[Sequence[NetworkAclEgressArgs]] = None,
        ingresses: Optional[Sequence[NetworkAclIngressArgs]] = None,
        name: Optional[str] = None,
        project: Optional[str] = None,
        remote: Optional[str] = None) -> NetworkAcl

func GetNetworkAcl(ctx *Context, name string, id IDInput, state *NetworkAclState, opts ...ResourceOption) (*NetworkAcl, error)

public static NetworkAcl Get(string name, Input<string> id, NetworkAclState? state, CustomResourceOptions? opts = null)

public static NetworkAcl get(String name, Output<String> id, NetworkAclState state, CustomResourceOptions options)

resources:  _:    type: lxd:NetworkAcl    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Config Dictionary<string, string>

Optional - Map of key/value pairs of network ACL config settings.

Description string

Optional - Description of the network ACL rule.

Egresses List<NetworkAclEgress>

Optional - List of network ACL rules for egress traffic. See reference below.

Ingresses List<NetworkAclIngress>

Optional - List of network ACL rules for ingress traffic. See reference below.

Name string

Required - Name of the network ACL.

Project string

Optional - Name of the project where the network ACL will be created.

Remote string

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

Config map[string]string

Optional - Map of key/value pairs of network ACL config settings.

Description string

Optional - Description of the network ACL rule.

Egresses []NetworkAclEgressArgs

Optional - List of network ACL rules for egress traffic. See reference below.

Ingresses []NetworkAclIngressArgs

Optional - List of network ACL rules for ingress traffic. See reference below.

Name string

Required - Name of the network ACL.

Project string

Optional - Name of the project where the network ACL will be created.

Remote string

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

config Map<String,String>

Optional - Map of key/value pairs of network ACL config settings.

description String

Optional - Description of the network ACL rule.

egresses List<NetworkAclEgress>

Optional - List of network ACL rules for egress traffic. See reference below.

ingresses List<NetworkAclIngress>

Optional - List of network ACL rules for ingress traffic. See reference below.

name String

Required - Name of the network ACL.

project String

Optional - Name of the project where the network ACL will be created.

remote String

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

config {[key: string]: string}

Optional - Map of key/value pairs of network ACL config settings.

description string

Optional - Description of the network ACL rule.

egresses NetworkAclEgress[]

Optional - List of network ACL rules for egress traffic. See reference below.

ingresses NetworkAclIngress[]

Optional - List of network ACL rules for ingress traffic. See reference below.

name string

Required - Name of the network ACL.

project string

Optional - Name of the project where the network ACL will be created.

remote string

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

config Mapping[str, str]

Optional - Map of key/value pairs of network ACL config settings.

description str

Optional - Description of the network ACL rule.

egresses Sequence[NetworkAclEgressArgs]

Optional - List of network ACL rules for egress traffic. See reference below.

ingresses Sequence[NetworkAclIngressArgs]

Optional - List of network ACL rules for ingress traffic. See reference below.

name str

Required - Name of the network ACL.

project str

Optional - Name of the project where the network ACL will be created.

remote str

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

config Map<String>

Optional - Map of key/value pairs of network ACL config settings.

description String

Optional - Description of the network ACL rule.

egresses List<Property Map>

Optional - List of network ACL rules for egress traffic. See reference below.

ingresses List<Property Map>

Optional - List of network ACL rules for ingress traffic. See reference below.

name String

Required - Name of the network ACL.

project String

Optional - Name of the project where the network ACL will be created.

remote String

Optional - The remote in which the resource will be created. If not provided, the provider's default remote will be used.

The network ACL rule supports:

Supporting Types

NetworkAclEgress, NetworkAclEgressArgs

Action string: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
State string: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
Description string: Optional - Description of the network ACL rule.
Destination string: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
DestinationPort string: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
IcmpCode string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
IcmpType string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
Protocol string: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
Source string: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

Action string: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
State string: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
Description string: Optional - Description of the network ACL rule.
Destination string: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
DestinationPort string: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
IcmpCode string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
IcmpType string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
Protocol string: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
Source string: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

action String: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
state String: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
description String: Optional - Description of the network ACL rule.
destination String: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
destinationPort String: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
icmpCode String: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
icmpType String: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
protocol String: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
source String: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

action string: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
state string: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
description string: Optional - Description of the network ACL rule.
destination string: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
destinationPort string: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
icmpCode string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
icmpType string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
protocol string: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
source string: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

action str: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
state str: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
description str: Optional - Description of the network ACL rule.
destination str: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
destination_port str: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
icmp_code str: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
icmp_type str: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
protocol str: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
source str: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

action String: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
state String: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
description String: Optional - Description of the network ACL rule.
destination String: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
destinationPort String: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
icmpCode String: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
icmpType String: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
protocol String: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
source String: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

NetworkAclIngress, NetworkAclIngressArgs

Action string: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
State string: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
Description string: Optional - Description of the network ACL rule.
Destination string: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
DestinationPort string: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
IcmpCode string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
IcmpType string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
Protocol string: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
Source string: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

Action string: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
State string: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
Description string: Optional - Description of the network ACL rule.
Destination string: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
DestinationPort string: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
IcmpCode string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
IcmpType string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
Protocol string: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
Source string: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

action String: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
state String: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
description String: Optional - Description of the network ACL rule.
destination String: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
destinationPort String: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
icmpCode String: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
icmpType String: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
protocol String: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
source String: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

action string: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
state string: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
description string: Optional - Description of the network ACL rule.
destination string: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
destinationPort string: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
icmpCode string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
icmpType string: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
protocol string: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
source string: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

action str: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
state str: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
description str: Optional - Description of the network ACL rule.
destination str: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
destination_port str: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
icmp_code str: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
icmp_type str: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
protocol str: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
source str: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

action String: Required - Action to take for the matching traffic. Possible values are allow, allow-stateless, drop, or reject.
state String: Optional - State of the rule. Possible values are enabled, disabled, and logged. Defaults to enabled.
description String: Optional - Description of the network ACL rule.
destination String: Optional - Comma-separated list of CIDR or IP ranges, destination subject name selectors (for egress rules), or leave the value empty for any.
destinationPort String: Optional - If the protocol is udp or tcp you can specify a comma-separated list of ports or port ranges (start-end), or leave the value empty for any.
icmpCode String: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP code number, or leave the value empty for any.
icmpType String: Optional - If the protocol is icmp4 or icmp6 you can specify the ICMP type number, or leave the value empty for any.
protocol String: Optional - Protocol to match. Possible values are icmp4, icmp6, tcp, or udp. Leave the value empty for any protocol.
source String: Optional - Comma-separated list of CIDR or IP ranges, source subject name selectors (for ingress rules), or leave the value empty for any.

Package Details

Repository: lxd terraform-lxd/terraform-provider-lxd
License
Notes: This Pulumi package is based on the lxd Terraform Provider.

lxd 2.5.0 published on Thursday, Mar 13, 2025 by terraform-lxd

terraform-lxd/terraform-provider-lxd

lxd.NetworkAcl

On this page

On this page

Create NetworkAcl Resource

Constructor syntax

Parameters

Constructor example

NetworkAcl Resource Properties

Inputs

Outputs

Look up Existing NetworkAcl Resource

Supporting Types

NetworkAclEgress, NetworkAclEgressArgs

NetworkAclIngress, NetworkAclIngressArgs

Package Details

On this page

On this page