import * as pulumi from "@pulumi/pulumi"; /** * The zia_firewall_dns_rule resource manages firewall DNS control rules in the Zscaler Internet Access (ZIA) cloud service. DNS control rules allow you to control DNS traffic by allowing, blocking, or redirecting DNS requests based on various criteria such as source, destination, applications, and DNS request types. * * For more information, see the [ZIA DNS Control Policies documentation](https://help.zscaler.com/zia/dns-control-policies). * * ## Example Usage * ### Basic Firewall DNS Rule * * ```typescript * import * as zia from "@bdzscaler/pulumi-zia"; * * const example = new zia.FirewallDNSRule("example", { * name: "Example DNS Rule", * description: "Block malicious DNS requests", * order: 1, * state: "ENABLED", * action: "BLOCK_DROP", * }); * ``` * * ## Import * * An existing Firewall DNS Rule can be imported using its resource ID, e.g. * * ```sh * $ pulumi import zia:index:FirewallDNSRule example 12345 * ``` */ export declare class FirewallDNSRule extends pulumi.CustomResource { /** * Get an existing FirewallDNSRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): FirewallDNSRule; /** * Returns true if the given object is an instance of FirewallDNSRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FirewallDNSRule; /** * The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `REDIR_REQ`. */ readonly action: pulumi.Output; /** * DNS application values to which the rule applies. */ readonly applications: pulumi.Output; /** * The DNS response code to return when blocking. Valid values: `ANY`, `NONE`, `FORMERR`, `SERVFAIL`, `NXDOMAIN`, `NOTIMP`, `REFUSED`, `NOTAUTH`, `NXRRSET`. */ readonly blockResponseCode: pulumi.Output; /** * If set to true, enables packet capture (PCAP) for the rule. */ readonly capturePcap: pulumi.Output; /** * Indicates whether this is the default firewall DNS rule. */ readonly defaultRule: pulumi.Output; /** * IDs of departments to which the rule must be applied. */ readonly departments: pulumi.Output; /** * Additional information about the firewall DNS rule. */ readonly description: pulumi.Output; /** * Destination IP addresses, FQDNs, or wildcard FQDNs for the rule. */ readonly destAddresses: pulumi.Output; /** * Destination countries (ISO 3166-1 alpha-2 codes) for the rule. */ readonly destCountries: pulumi.Output; /** * Destination IP address URL categories for the rule. */ readonly destIpCategories: pulumi.Output; /** * IDs of destination IP address groups for the rule. */ readonly destIpGroups: pulumi.Output; /** * IDs of destination IPv6 address groups for the rule. */ readonly destIpv6Groups: pulumi.Output; /** * IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector. */ readonly deviceGroups: pulumi.Output; /** * IDs of devices for which the rule must be applied. */ readonly devices: pulumi.Output; /** * The ID of the DNS gateway associated with the rule. */ readonly dnsGateway: pulumi.Output; /** * DNS request types to which the rule applies. Valid values: `A`, `AAAA`, `CNAME`, `MX`, `NS`, `SOA`, `TXT`, `SRV`, `PTR`, `ANY`. */ readonly dnsRuleRequestTypes: pulumi.Output; /** * The ID of the EDNS ECS object associated with the rule. */ readonly ednsEcsObject: pulumi.Output; /** * IDs of groups to which the rule must be applied. */ readonly groups: pulumi.Output; /** * If set to true, enables web end user notification for the rule. */ readonly isWebEunEnabled: pulumi.Output; /** * IDs of labels associated with the rule. */ readonly labels: pulumi.Output; /** * IDs of location groups to which the rule must be applied. */ readonly locationGroups: pulumi.Output; /** * IDs of locations to which the rule must be applied. */ readonly locations: pulumi.Output; /** * The name of the firewall DNS rule. Must be unique. */ readonly name: pulumi.Output; /** * The order of execution of the rule with respect to other firewall DNS rules. */ readonly order: pulumi.Output; /** * Indicates whether this is a predefined rule. */ readonly predefined: pulumi.Output; /** * Protocols to which the rule applies. Valid values: `ANY_RULE`, `TCP_RULE`, `UDP_RULE`. */ readonly protocols: pulumi.Output; /** * Admin rank of the firewall DNS policy rule. Valid values: 0-7. Default: 7. */ readonly rank: pulumi.Output; /** * The IP address to redirect DNS requests to. Required when action is `REDIR_REQ`. */ readonly redirectIp: pulumi.Output; /** * URL categories that apply to the response for the rule. */ readonly resCategories: pulumi.Output; /** * The system-generated ID of the firewall DNS rule. */ readonly ruleId: pulumi.Output; /** * Source countries (ISO 3166-1 alpha-2 codes) for the rule. */ readonly sourceCountries: pulumi.Output; /** * IDs of source IP address groups for the rule. */ readonly srcIpGroups: pulumi.Output; /** * Source IP addresses or CIDR ranges for the rule. */ readonly srcIps: pulumi.Output; /** * IDs of source IPv6 address groups for the rule. */ readonly srcIpv6Groups: pulumi.Output; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ readonly state: pulumi.Output; /** * IDs of time intervals during which the rule must be enforced. */ readonly timeWindows: pulumi.Output; /** * IDs of users to which the rule must be applied. */ readonly users: pulumi.Output; /** * The ID of the ZPA IP group associated with the rule. */ readonly zpaIpGroup: pulumi.Output; /** * Create a FirewallDNSRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FirewallDNSRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a FirewallDNSRule resource. */ export interface FirewallDNSRuleArgs { /** * The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `REDIR_REQ`. */ action?: pulumi.Input; /** * DNS application values to which the rule applies. */ applications?: pulumi.Input[] | undefined>; /** * The DNS response code to return when blocking. Valid values: `ANY`, `NONE`, `FORMERR`, `SERVFAIL`, `NXDOMAIN`, `NOTIMP`, `REFUSED`, `NOTAUTH`, `NXRRSET`. */ blockResponseCode?: pulumi.Input; /** * If set to true, enables packet capture (PCAP) for the rule. */ capturePcap?: pulumi.Input; /** * Indicates whether this is the default firewall DNS rule. */ defaultRule?: pulumi.Input; /** * IDs of departments to which the rule must be applied. */ departments?: pulumi.Input[] | undefined>; /** * Additional information about the firewall DNS rule. */ description?: pulumi.Input; /** * Destination IP addresses, FQDNs, or wildcard FQDNs for the rule. */ destAddresses?: pulumi.Input[] | undefined>; /** * Destination countries (ISO 3166-1 alpha-2 codes) for the rule. */ destCountries?: pulumi.Input[] | undefined>; /** * Destination IP address URL categories for the rule. */ destIpCategories?: pulumi.Input[] | undefined>; /** * IDs of destination IP address groups for the rule. */ destIpGroups?: pulumi.Input[] | undefined>; /** * IDs of destination IPv6 address groups for the rule. */ destIpv6Groups?: pulumi.Input[] | undefined>; /** * IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector. */ deviceGroups?: pulumi.Input[] | undefined>; /** * IDs of devices for which the rule must be applied. */ devices?: pulumi.Input[] | undefined>; /** * The ID of the DNS gateway associated with the rule. */ dnsGateway?: pulumi.Input; /** * DNS request types to which the rule applies. Valid values: `A`, `AAAA`, `CNAME`, `MX`, `NS`, `SOA`, `TXT`, `SRV`, `PTR`, `ANY`. */ dnsRuleRequestTypes?: pulumi.Input[] | undefined>; /** * The ID of the EDNS ECS object associated with the rule. */ ednsEcsObject?: pulumi.Input; /** * IDs of groups to which the rule must be applied. */ groups?: pulumi.Input[] | undefined>; /** * If set to true, enables web end user notification for the rule. */ isWebEunEnabled?: pulumi.Input; /** * IDs of labels associated with the rule. */ labels?: pulumi.Input[] | undefined>; /** * IDs of location groups to which the rule must be applied. */ locationGroups?: pulumi.Input[] | undefined>; /** * IDs of locations to which the rule must be applied. */ locations?: pulumi.Input[] | undefined>; /** * The name of the firewall DNS rule. Must be unique. */ name: pulumi.Input; /** * The order of execution of the rule with respect to other firewall DNS rules. */ order: pulumi.Input; /** * Indicates whether this is a predefined rule. */ predefined?: pulumi.Input; /** * Protocols to which the rule applies. Valid values: `ANY_RULE`, `TCP_RULE`, `UDP_RULE`. */ protocols?: pulumi.Input[] | undefined>; /** * Admin rank of the firewall DNS policy rule. Valid values: 0-7. Default: 7. */ rank?: pulumi.Input; /** * The IP address to redirect DNS requests to. Required when action is `REDIR_REQ`. */ redirectIp?: pulumi.Input; /** * URL categories that apply to the response for the rule. */ resCategories?: pulumi.Input[] | undefined>; /** * Source countries (ISO 3166-1 alpha-2 codes) for the rule. */ sourceCountries?: pulumi.Input[] | undefined>; /** * IDs of source IP address groups for the rule. */ srcIpGroups?: pulumi.Input[] | undefined>; /** * Source IP addresses or CIDR ranges for the rule. */ srcIps?: pulumi.Input[] | undefined>; /** * IDs of source IPv6 address groups for the rule. */ srcIpv6Groups?: pulumi.Input[] | undefined>; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ state?: pulumi.Input; /** * IDs of time intervals during which the rule must be enforced. */ timeWindows?: pulumi.Input[] | undefined>; /** * IDs of users to which the rule must be applied. */ users?: pulumi.Input[] | undefined>; /** * The ID of the ZPA IP group associated with the rule. */ zpaIpGroup?: pulumi.Input; } //# sourceMappingURL=firewallDNSRule.d.ts.map