ICMP outbound rule port range for use with API?

I am looking to configure a DO cloud firewall through the API/Terraform provider. The default firewall on DO is SSH inbound and all TCP,UDP and ICMP outbound. When trying to configure this exact firewall setup through the API I cannot add the ICMP outbound rule because no port range is required. I have tried to set the port range to 0 which is what I see if i manually add the rule through the UI ad list the firewall but then i get the error “You must specify a positive value for ports.” I have also tried adding “all” and “none” in the port range.

Does anybody know what value I must specify?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

i tried to launch a firewall from terraform as well, but it doesn’t really work yet. terraform’s documentation basically copies digitalocean’s documentation verbatim, so this is definitely a bug with digitalocean’s api.

the only way i could get it to work (creating a firewall from scratch using terraform), was to setup the firewall config as you would normally (using all does work for port_range on inbound rules). comment out the entire outbound_rule block. run terraform plan then terraform apply and it will create the firewall. add the three outbound rules from the digitalocean web console. run terraform refresh then uncomment the outbound_rule block. if your outbound rules are like any other firewall, terraform plan should be green now with no changes to be made.

also worth noting - any inbound rules created from terraform using port_range = "all" will need to be changed back to port_range = "0" once the rule has been created to make terraform happy again.

Just drop the port range field from the icmp outbound rule in your request.

This comment has been deleted