TheYorkshireDev
By:
TheYorkshireDev

ICMP outbound rule port range for use with API?

September 24, 2017 806 views
Firewall API Ubuntu

I am looking to configure a DO cloud firewall through the API/Terraform provider. The default firewall on DO is SSH inbound and all TCP,UDP and ICMP outbound. When trying to configure this exact firewall setup through the API I cannot add the ICMP outbound rule because no port range is required. I have tried to set the port range to 0 which is what I see if i manually add the rule through the UI ad list the firewall but then i get the error "You must specify a positive value for ports." I have also tried adding "all" and "none" in the port range.

Does anybody know what value I must specify?

Log In to Comment
3 Answers
guy1234 September 25, 2017
[deleted]
Reply
guy1234 September 25, 2017

Just drop the port range field from the icmp outbound rule in your request.

Reply
cloudoptimus September 30, 2017

i tried to launch a firewall from terraform as well, but it doesn't really work yet. terraform's documentation basically copies digitalocean's documentation verbatim, so this is definitely a bug with digitalocean's api.

the only way i could get it to work (creating a firewall from scratch using terraform), was to setup the firewall config as you would normally (using all does work for port_range on inbound rules). comment out the entire outbound_rule block. run terraform plan then terraform apply and it will create the firewall. add the three outbound rules from the digitalocean web console. run terraform refresh then uncomment the outbound_rule block. if your outbound rules are like any other firewall, terraform plan should be green now with no changes to be made.

also worth noting - any inbound rules created from terraform using port_range = "all" will need to be changed back to port_range = "0" once the rule has been created to make terraform happy again.

Reply
Have another answer? Share your knowledge.

Related Questions