Open benperove opened 6 years ago
@benperove thanks for reporting it, it's very useful feedback. We do have this issue on our radar and some ideas to fix it, we just didn't get there yet. We will update this issue when it's done, I'll do my best to increase it's priority.
I have used this to represent "all" when sending a firewall update:
"ports": "1-65535"
The API accepts it and the web UI shows an empty space or "All ports" so I assume that means all in both cases :)
hi there - i tried to launch a firewall from terraform, but it doesn't really work yet 100%. terraform's documentation basically copies digitalocean's documentation verbatim, which states that the use of
port_range
is optional, and thatall
can be used to include all ports.the api docs state this should be possible: https://developers.digitalocean.com/documentation/v2/#add-rules-to-a-firewall
the only way i could get it to work (creating a digitalocean firewall from scratch using terraform), was to setup the firewall config as you would normally (using
all
does work forport_range
on inbound rules). comment out the entireoutbound_rule
block. runterraform plan
thenterraform apply
and it will create the firewall.here's the hcl that i'm using to create the firewall with terraform.
next, add the three outbound rules from the digitalocean web console.
now uncomment the
outbound_rule
block and runterraform refresh
. also worth noting - any inbound rules created from terraform usingport_range = "all"
will need to be changed back toport_range = "0"
in order to make terraform happy.if your outbound rules are setup like the hcl config here,
terraform plan
should now be green with no changes to be made.so something is not quite right when adding rules via the api with the use of "all" to give sources/tags full access to whatever the protocol specified.