DigitalOcean

Report this

What is the reason for this report?
Question

ICMP outbound rule port range for use with API?

Posted on September 24, 2017
Firewall
API
Ubuntu
TheYorkshireDev

By TheYorkshireDev

I am looking to configure a DO cloud firewall through the API/Terraform provider. The default firewall on DO is SSH inbound and all TCP,UDP and ICMP outbound. When trying to configure this exact firewall setup through the API I cannot add the ICMP outbound rule because no port range is required. I have tried to set the port range to 0 which is what I see if i manually add the rule through the UI ad list the firewall but then i get the error “You must specify a positive value for ports.” I have also tried adding “all” and “none” in the port range.

Does anybody know what value I must specify?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
guy1234
guy1234
September 25, 2017

Just drop the port range field from the icmp outbound rule in your request.

guy1234
guy1234
September 25, 2017

This comment has been deleted

0
Benjamin Perove
Benjamin Perove
September 30, 2017

i tried to launch a firewall from terraform as well, but it doesn’t really work yet. terraform’s documentation basically copies digitalocean’s documentation verbatim, so this is definitely a bug with digitalocean’s api.

the only way i could get it to work (creating a firewall from scratch using terraform), was to setup the firewall config as you would normally (using all does work for port_range on inbound rules). comment out the entire outbound_rule block. run terraform plan then terraform apply and it will create the firewall. add the three outbound rules from the digitalocean web console. run terraform refresh then uncomment the outbound_rule block. if your outbound rules are like any other firewall, terraform plan should be green now with no changes to be made.

also worth noting - any inbound rules created from terraform using port_range = "all" will need to be changed back to port_range = "0" once the rule has been created to make terraform happy again.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.