Question

ICMP outbound rule port range for use with API?

Posted September 24, 2017 2.4k views
Ubuntu API Firewall

I am looking to configure a DO cloud firewall through the API/Terraform provider. The default firewall on DO is SSH inbound and all TCP,UDP and ICMP outbound. When trying to configure this exact firewall setup through the API I cannot add the ICMP outbound rule because no port range is required. I have tried to set the port range to 0 which is what I see if i manually add the rule through the UI ad list the firewall but then i get the error “You must specify a positive value for ports.” I have also tried adding “all” and “none” in the port range.

Does anybody know what value I must specify?

Add a comment
TheYorkshireDev
By:
TheYorkshireDev
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

3 answers
guy1234 September 25, 2017
[deleted]
Reply Report
guy1234 September 25, 2017

Just drop the port range field from the icmp outbound rule in your request.

Reply Report
cloudoptimus September 30, 2017

i tried to launch a firewall from terraform as well, but it doesn’t really work yet. terraform’s documentation basically copies digitalocean’s documentation verbatim, so this is definitely a bug with digitalocean’s api.

the only way i could get it to work (creating a firewall from scratch using terraform), was to setup the firewall config as you would normally (using all does work for port_range on inbound rules). comment out the entire outbound_rule block. run terraform plan then terraform apply and it will create the firewall. add the three outbound rules from the digitalocean web console. run terraform refresh then uncomment the outbound_rule block. if your outbound rules are like any other firewall, terraform plan should be green now with no changes to be made.

also worth noting - any inbound rules created from terraform using port_range = "all" will need to be changed back to port_range = "0" once the rule has been created to make terraform happy again.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help