I am looking to configure a DO cloud firewall through the API/Terraform provider. The default firewall on DO is SSH inbound and all TCP,UDP and ICMP outbound. When trying to configure this exact firewall setup through the API I cannot add the ICMP outbound rule because no port range is required. I have tried to set the port range to 0 which is what I see if i manually add the rule through the UI ad list the firewall but then i get the error “You must specify a positive value for ports.” I have also tried adding “all” and “none” in the port range.
Does anybody know what value I must specify?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
i tried to launch a firewall from terraform as well, but it doesn’t really work yet. terraform’s documentation basically copies digitalocean’s documentation verbatim, so this is definitely a bug with digitalocean’s api.
the only way i could get it to work (creating a firewall from scratch using terraform), was to setup the firewall config as you would normally (using
alldoes work forport_rangeon inbound rules). comment out the entireoutbound_ruleblock. runterraform planthenterraform applyand it will create the firewall. add the three outbound rules from the digitalocean web console. runterraform refreshthen uncomment theoutbound_ruleblock. if your outbound rules are like any other firewall,terraform planshould be green now with no changes to be made.also worth noting - any inbound rules created from terraform using
port_range = "all"will need to be changed back toport_range = "0"once the rule has been created to make terraform happy again.Just drop the port range field from the icmp outbound rule in your request.
This comment has been deleted