import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * The zia_firewall_filtering_rule resource manages firewall filtering rules in the Zscaler Internet Access (ZIA) cloud service. Cloud firewall rules control traffic that is forwarded to the Zscaler service for inspection, allowing you to allow, block, or apply specific actions based on source, destination, applications, and other criteria. * * For more information, see the [ZIA Cloud Firewall documentation](https://help.zscaler.com/zia/firewall-policies). * * ## Example Usage * ### Basic Firewall Filtering Rule * * ```typescript * import * as zia from "@bdzscaler/pulumi-zia"; * * const example = new zia.FirewallFilteringRule("example", { * name: "Example Firewall Rule", * description: "Allow outbound traffic", * order: 1, * state: "ENABLED", * action: "ALLOW", * }); * ``` * * ## Import * * An existing Firewall Filtering Rule can be imported using its resource ID, e.g. * * ```sh * $ pulumi import zia:index:FirewallFilteringRule example 12345 * ``` */ export declare class FirewallFilteringRule extends pulumi.CustomResource { /** * Get an existing FirewallFilteringRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): FirewallFilteringRule; /** * Returns true if the given object is an instance of FirewallFilteringRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FirewallFilteringRule; /** * The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `EVAL_NWAPP`. */ readonly action: pulumi.Output; /** * IDs of application service groups to which the rule applies. */ readonly appServiceGroups: pulumi.Output; /** * IDs of application services to which the rule applies. */ readonly appServices: pulumi.Output; /** * Indicates whether this is the default firewall filtering rule. */ readonly defaultRule: pulumi.Output; /** * IDs of departments to which the rule must be applied. */ readonly departments: pulumi.Output; /** * Additional information about the firewall filtering rule. */ readonly description: pulumi.Output; /** * Destination IP addresses, FQDNs, or wildcard FQDNs for the rule. */ readonly destAddresses: pulumi.Output; /** * Destination countries (ISO 3166-1 alpha-2 codes) for the rule. */ readonly destCountries: pulumi.Output; /** * Destination IP address URL categories. Allows you to identify destinations based on the URL category of the domain. */ readonly destIpCategories: pulumi.Output; /** * IDs of destination IP address groups for the rule. */ readonly destIpGroups: pulumi.Output; /** * IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector. */ readonly deviceGroups: pulumi.Output; /** * Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`. */ readonly deviceTrustLevels: pulumi.Output; /** * IDs of devices for which the rule must be applied. */ readonly devices: pulumi.Output; /** * If set to true, enables full logging for the rule. */ readonly enableFullLogging: pulumi.Output; /** * If set to true, the countries specified in sourceCountries are excluded from the rule. */ readonly excludeSrcCountries: pulumi.Output; /** * IDs of groups to which the rule must be applied. */ readonly groups: pulumi.Output; /** * IDs of labels associated with the rule. */ readonly labels: pulumi.Output; /** * IDs of location groups to which the rule must be applied. */ readonly locationGroups: pulumi.Output; /** * IDs of locations to which the rule must be applied. */ readonly locations: pulumi.Output; /** * The name of the firewall filtering rule. Must be unique. */ readonly name: pulumi.Output; /** * IDs of network application groups to which the rule applies. */ readonly nwApplicationGroups: pulumi.Output; /** * Network application values to which the rule applies (e.g., `APNS`, `DNS`, `HTTP`). */ readonly nwApplications: pulumi.Output; /** * IDs of network service groups to which the rule applies. */ readonly nwServiceGroups: pulumi.Output; /** * IDs of network services to which the rule applies. */ readonly nwServices: pulumi.Output; /** * The order of execution of the rule with respect to other firewall filtering rules. */ readonly order: pulumi.Output; /** * Indicates whether this is a predefined rule. */ readonly predefined: pulumi.Output; /** * Admin rank of the firewall filtering policy rule. Valid values: 0-7. Default: 7. */ readonly rank: pulumi.Output; /** * The system-generated ID of the firewall filtering rule. */ readonly ruleId: pulumi.Output; /** * Source countries (ISO 3166-1 alpha-2 codes) for the rule. */ readonly sourceCountries: pulumi.Output; /** * IDs of source IP address groups for the rule. */ readonly srcIpGroups: pulumi.Output; /** * Source IP addresses or CIDR ranges for the rule. */ readonly srcIps: pulumi.Output; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ readonly state: pulumi.Output; /** * IDs of time intervals during which the rule must be enforced. */ readonly timeWindows: pulumi.Output; /** * IDs of users to which the rule must be applied. */ readonly users: pulumi.Output; /** * List of preconfigured workload groups to which the policy must be applied. */ readonly workloadGroups: pulumi.Output; /** * List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method. */ readonly zpaAppSegments: pulumi.Output; /** * Create a FirewallFilteringRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FirewallFilteringRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a FirewallFilteringRule resource. */ export interface FirewallFilteringRuleArgs { /** * The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `EVAL_NWAPP`. */ action?: pulumi.Input; /** * IDs of application service groups to which the rule applies. */ appServiceGroups?: pulumi.Input[] | undefined>; /** * IDs of application services to which the rule applies. */ appServices?: pulumi.Input[] | undefined>; /** * Indicates whether this is the default firewall filtering rule. */ defaultRule?: pulumi.Input; /** * IDs of departments to which the rule must be applied. */ departments?: pulumi.Input[] | undefined>; /** * Additional information about the firewall filtering rule. */ description?: pulumi.Input; /** * Destination IP addresses, FQDNs, or wildcard FQDNs for the rule. */ destAddresses?: pulumi.Input[] | undefined>; /** * Destination countries (ISO 3166-1 alpha-2 codes) for the rule. */ destCountries?: pulumi.Input[] | undefined>; /** * Destination IP address URL categories. Allows you to identify destinations based on the URL category of the domain. */ destIpCategories?: pulumi.Input[] | undefined>; /** * IDs of destination IP address groups for the rule. */ destIpGroups?: pulumi.Input[] | undefined>; /** * IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector. */ deviceGroups?: pulumi.Input[] | undefined>; /** * Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`. */ deviceTrustLevels?: pulumi.Input[] | undefined>; /** * IDs of devices for which the rule must be applied. */ devices?: pulumi.Input[] | undefined>; /** * If set to true, enables full logging for the rule. */ enableFullLogging?: pulumi.Input; /** * If set to true, the countries specified in sourceCountries are excluded from the rule. */ excludeSrcCountries?: pulumi.Input; /** * IDs of groups to which the rule must be applied. */ groups?: pulumi.Input[] | undefined>; /** * IDs of labels associated with the rule. */ labels?: pulumi.Input[] | undefined>; /** * IDs of location groups to which the rule must be applied. */ locationGroups?: pulumi.Input[] | undefined>; /** * IDs of locations to which the rule must be applied. */ locations?: pulumi.Input[] | undefined>; /** * The name of the firewall filtering rule. Must be unique. */ name: pulumi.Input; /** * IDs of network application groups to which the rule applies. */ nwApplicationGroups?: pulumi.Input[] | undefined>; /** * Network application values to which the rule applies (e.g., `APNS`, `DNS`, `HTTP`). */ nwApplications?: pulumi.Input[] | undefined>; /** * IDs of network service groups to which the rule applies. */ nwServiceGroups?: pulumi.Input[] | undefined>; /** * IDs of network services to which the rule applies. */ nwServices?: pulumi.Input[] | undefined>; /** * The order of execution of the rule with respect to other firewall filtering rules. */ order: pulumi.Input; /** * Indicates whether this is a predefined rule. */ predefined?: pulumi.Input; /** * Admin rank of the firewall filtering policy rule. Valid values: 0-7. Default: 7. */ rank?: pulumi.Input; /** * Source countries (ISO 3166-1 alpha-2 codes) for the rule. */ sourceCountries?: pulumi.Input[] | undefined>; /** * IDs of source IP address groups for the rule. */ srcIpGroups?: pulumi.Input[] | undefined>; /** * Source IP addresses or CIDR ranges for the rule. */ srcIps?: pulumi.Input[] | undefined>; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ state?: pulumi.Input; /** * IDs of time intervals during which the rule must be enforced. */ timeWindows?: pulumi.Input[] | undefined>; /** * IDs of users to which the rule must be applied. */ users?: pulumi.Input[] | undefined>; /** * List of preconfigured workload groups to which the policy must be applied. */ workloadGroups?: pulumi.Input[] | undefined>; /** * List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method. */ zpaAppSegments?: pulumi.Input[] | undefined>; } //# sourceMappingURL=firewallFilteringRule.d.ts.map