import * as pulumi from "@pulumi/pulumi"; /** * Manages Proxmox VE Node Firewall options. * * > This resource in fact updates existing node firewall configuration created by PVE on bootstrap. All optional attributes have explicit defaults for deterministic behavior (PVE may change defaults in the future). See [API documentation](https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}/firewall/options). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as proxmoxve from "@muhlba91/pulumi-proxmoxve"; * * const node_pve1 = new proxmoxve.node.Firewall("node-pve1", { * nodeName: "pve1", * enabled: false, * }); * const pve2 = new proxmoxve.node.Firewall("pve2", { * nodeName: "pve2", * enabled: true, * logLevelIn: "alert", * logLevelOut: "alert", * logLevelForward: "alert", * ndp: true, * nftables: true, * nosmurfs: true, * smurfLogLevel: "alert", * tcpFlagsLogLevel: "alert", * }); * ``` * * ## Import * * ```sh * $ pulumi import proxmoxve:node/firewall:Firewall node-pve1 pve1 * ``` */ export declare class Firewall extends pulumi.CustomResource { /** * Get an existing Firewall resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: FirewallState, opts?: pulumi.CustomResourceOptions): Firewall; /** * Returns true if the given object is an instance of Firewall. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Firewall; /** * Enable host firewall rules (defaults to `true`). */ readonly enabled: pulumi.Output; /** * Log level for forwarded traffic. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ readonly logLevelForward: pulumi.Output; /** * Log level for incoming traffic. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ readonly logLevelIn: pulumi.Output; /** * Log level for outgoing traffic. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ readonly logLevelOut: pulumi.Output; /** * Enable NDP - Neighbor Discovery Protocol (defaults to `true`). */ readonly ndp: pulumi.Output; /** * Maximum number of tracked connections (defaults to `262144`). Minimum value is `32768`. */ readonly nfConntrackMax: pulumi.Output; /** * Conntrack established timeout in seconds (defaults to `432000` - 5 days). Minimum value is `7875`. */ readonly nfConntrackTcpTimeoutEstablished: pulumi.Output; /** * Enable nftables based firewall (tech preview, defaults to `false`). */ readonly nftables: pulumi.Output; /** * The cluster node name. */ readonly nodeName: pulumi.Output; /** * Enable SMURFS filter (defaults to `true`). */ readonly nosmurfs: pulumi.Output; /** * Log level for SMURFS filter. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ readonly smurfLogLevel: pulumi.Output; /** * Log level for illegal tcp flags filter. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ readonly tcpFlagsLogLevel: pulumi.Output; /** * Create a Firewall resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FirewallArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Firewall resources. */ export interface FirewallState { /** * Enable host firewall rules (defaults to `true`). */ enabled?: pulumi.Input; /** * Log level for forwarded traffic. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ logLevelForward?: pulumi.Input; /** * Log level for incoming traffic. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ logLevelIn?: pulumi.Input; /** * Log level for outgoing traffic. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ logLevelOut?: pulumi.Input; /** * Enable NDP - Neighbor Discovery Protocol (defaults to `true`). */ ndp?: pulumi.Input; /** * Maximum number of tracked connections (defaults to `262144`). Minimum value is `32768`. */ nfConntrackMax?: pulumi.Input; /** * Conntrack established timeout in seconds (defaults to `432000` - 5 days). Minimum value is `7875`. */ nfConntrackTcpTimeoutEstablished?: pulumi.Input; /** * Enable nftables based firewall (tech preview, defaults to `false`). */ nftables?: pulumi.Input; /** * The cluster node name. */ nodeName?: pulumi.Input; /** * Enable SMURFS filter (defaults to `true`). */ nosmurfs?: pulumi.Input; /** * Log level for SMURFS filter. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ smurfLogLevel?: pulumi.Input; /** * Log level for illegal tcp flags filter. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ tcpFlagsLogLevel?: pulumi.Input; } /** * The set of arguments for constructing a Firewall resource. */ export interface FirewallArgs { /** * Enable host firewall rules (defaults to `true`). */ enabled?: pulumi.Input; /** * Log level for forwarded traffic. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ logLevelForward?: pulumi.Input; /** * Log level for incoming traffic. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ logLevelIn?: pulumi.Input; /** * Log level for outgoing traffic. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ logLevelOut?: pulumi.Input; /** * Enable NDP - Neighbor Discovery Protocol (defaults to `true`). */ ndp?: pulumi.Input; /** * Maximum number of tracked connections (defaults to `262144`). Minimum value is `32768`. */ nfConntrackMax?: pulumi.Input; /** * Conntrack established timeout in seconds (defaults to `432000` - 5 days). Minimum value is `7875`. */ nfConntrackTcpTimeoutEstablished?: pulumi.Input; /** * Enable nftables based firewall (tech preview, defaults to `false`). */ nftables?: pulumi.Input; /** * The cluster node name. */ nodeName: pulumi.Input; /** * Enable SMURFS filter (defaults to `true`). */ nosmurfs?: pulumi.Input; /** * Log level for SMURFS filter. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ smurfLogLevel?: pulumi.Input; /** * Log level for illegal tcp flags filter. Must be one of: `emerg`, `alert`, `crit`, `err`, `warning`, `notice`, `info`, `debug`, `nolog` (defaults to `nolog`). */ tcpFlagsLogLevel?: pulumi.Input; } //# sourceMappingURL=firewall.d.ts.map