{"id":26716834,"url":"https://github.com/global-vmware/vcd_nsxt_distributed_firewall","last_synced_at":"2025-09-08T12:46:06.473Z","repository":{"id":171774134,"uuid":"648395579","full_name":"global-vmware/vcd_nsxt_distributed_firewall","owner":"global-vmware","description":"This Repository contains the \"vcd_nsxt_distributed_firewall\" Terraform Module. You can use this Module to deploy Distributed Firewall Rules into a VMware Cloud Director (VCD) Environment.","archived":false,"fork":false,"pushed_at":"2023-12-11T19:38:47.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-27T15:53:55.936Z","etag":null,"topics":["firewall","infrastructure-as-code","security","security-automation","terraform","terraform-module","vmware","vmware-nsx"],"latest_commit_sha":null,"homepage":"https://www.rackspace.com/cloud/vmware","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/global-vmware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-06-01T21:54:42.000Z","updated_at":"2023-06-20T14:20:33.000Z","dependencies_parsed_at":"2023-07-01T20:30:28.467Z","dependency_job_id":null,"html_url":"https://github.com/global-vmware/vcd_nsxt_distributed_firewall","commit_stats":null,"previous_names":["global-vmware/vcd_nsxt_distributed_firewall"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/global-vmware/vcd_nsxt_distributed_firewall","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/global-vmware%2Fvcd_nsxt_distributed_firewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/global-vmware%2Fvcd_nsxt_distributed_firewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/global-vmware%2Fvcd_nsxt_distributed_firewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/global-vmware%2Fvcd_nsxt_distributed_firewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/global-vmware","download_url":"https://codeload.github.com/global-vmware/vcd_nsxt_distributed_firewall/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/global-vmware%2Fvcd_nsxt_distributed_firewall/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274188218,"owners_count":25237847,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-08T02:00:09.813Z","response_time":121,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firewall","infrastructure-as-code","security","security-automation","terraform","terraform-module","vmware","vmware-nsx"],"created_at":"2025-03-27T15:47:57.142Z","updated_at":"2025-09-08T12:46:06.448Z","avatar_url":"https://github.com/global-vmware.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# VCD NSX-T Distributed Firewall Rules Terraform Module\n\nThis Terraform module deploys NSX-T Distributed Firewall Rules into an existing VMware Cloud Director (VCD) environment. It enables the provisioning of new Distributed Firewall Rules into [Rackspace Technology SDDC Flex](https://www.rackspace.com/cloud/private/software-defined-data-center-flex) VCD Data Center Regions.\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| terraform | ~\u003e 1.2 |\n| vcd | ~\u003e 3.8 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [vcd_nsxt_edgegateway](https://registry.terraform.io/providers/vmware/vcd/latest/docs/data-sources/nsxt_edgegateway) | Data Source |\n| [vcd_vdc_group](https://registry.terraform.io/providers/vmware/vcd/latest/docs/data-sources/vdc_group) | Data Source |\n| [vcd_nsxt_security_group](https://registry.terraform.io/providers/vmware/vcd/latest/docs/resources/nsxt_security_group) | Data Source |\n| [vcd_nsxt_distributed_firewall](https://registry.terraform.io/providers/vmware/vcd/latest/docs/resources/nsxt_distributed_firewall) | Resource |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|----------|\n| vdc_org_name | The name of the Data Center Group Organization in VCD | string | `\"Organization Name Format: \u003cAccount_Number\u003e-\u003cRegion\u003e-\u003cAccount_Name\u003e\"` | yes |\n| vdc_group_name | The name of the Data Center Group in VCD | string | `\"Data Center Group Name Format: \u003cAccount_Number\u003e-\u003cRegion\u003e-\u003cAccount_Name\u003e \u003cdatacenter group\u003e\"` | yes |\n| vdc_edge_name | Name of the Data Center Group Edge Gateway | string | `\"Edge Gateway Name Format: \u003cAccount_Number\u003e-\u003cRegion\u003e-\u003cEdge_GW_Identifier\u003e-\u003cedge\u003e\"` | yes |\n| app_port_profiles | Map of app port profiles with their corresponding scopes | map(string) | {} | yes |\n| ip_set_names | List of IP set names | list(string) | [] | yes |\n| dynamic_security_group_names | List of dynamic security group names | list(string) | [] | no |\n| security_group_names | List of security group names | list(string) | [] | no |\n| rules | List of rules to apply | list(object({ name = string, direction = string, ip_protocol = string, action = string, enabled = optional(bool), logging = optional(bool), source_ids = optional(list(string)), destination_ids = optional(list(string)), app_port_profile_ids = optional(list(string)) })) | [] | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| firewall_id | The ID of the firewall |\n| firewall_rule_names | The names of the firewall rules |\n\n## Example Usage\n\n```terraform\nmodule \"vcd_nsxt_distributed_firewall\" {\n source = \"github.com/global-vmware/vcd_nsxt_distributed_firewall.git?ref=v1.3.1\"\n\n vdc_org_name = \"\u003cVDC-ORG-NAME\u003e\"\n vdc_group_name = \"\u003cVDC-GRP-NAME\u003e\"\n vdc_edge_name = \"\u003cVDC-EDGE-NAME\u003e\"\n\n app_port_profiles = {\n \"HTTP\" = \"SYSTEM\",\n \"HTTPS\" = \"SYSTEM\",\n \"MS-SQL-S\" = \"SYSTEM\",\n \"MySQL\" = \"SYSTEM\",\n \"RDP\" = \"SYSTEM\",\n \"SSH\" = \"SYSTEM\",\n \"ICMP ALL\" = \"SYSTEM\"\n}\n\n ip_set_names = [\n \"US1-Segment-01-Network_172.16.0.0/24_IP-Set\",\n \"US1-Segment-02-Network_172.16.1.0/24_IP-Set\",\n \"US1-Segment-03-Network_172.16.2.0/24_IP-Set\",\n \"US1-Segment-04-Network_172.16.3.0/24_IP-Set\",\n \"US1-Segment-05-Network_172.16.4.0/24_IP-Set\",\n \"Default_IP_SET_10.0.2.0/24\",\n \"US1-NSXT-ALB_Service\"\n ]\n\n dynamic_security_group_names = [\n \"Prod-App-Web_Dynamic-SG\",\n \"Prod-App-DB_Dynamic-SG\"\n ]\n\n rules = [\n {\n name = \"Allow_Prod-App-Web--\u003eProd-App-DB\"\n direction = \"IN_OUT\"\n ip_protocol = \"IPV4\"\n action = \"ALLOW\"\n app_port_profile_ids = [\"MS-SQL-S\"]\n source_ids = [\"Prod-App-Web_Dynamic-SG\"]\n destination_ids = [\"Prod-App-DB_Dynamic-SG\"]\n },\n {\n name = \"Allow_US1-NSXT-ALB--\u003eProd-App-Web\"\n direction = \"IN_OUT\"\n ip_protocol = \"IPV4\"\n action = \"ALLOW\"\n app_port_profile_ids = [\"HTTPS\"]\n source_ids = [\"US1-NSXT-ALB_Service\"]\n destination_ids = [\"Prod-App-Web_Dynamic-SG\"]\n },\n {\n name = \"Allow_US1-Segment-03--\u003eUS1-Segment-01\"\n direction = \"IN_OUT\"\n ip_protocol = \"IPV4\"\n action = \"ALLOW\"\n app_port_profile_ids = [\"SSH\", \"RDP\", \"HTTP\", \"HTTPS\"]\n source_ids = [\"US1-Segment-03-Network_172.16.2.0/24_IP-Set\"]\n destination_ids = [\"US1-Segment-01-Network_172.16.0.0/24_IP-Set\"]\n },\n {\n name = \"Allow_US1-Segment03--\u003eUS1-Segment-04\"\n direction = \"IN_OUT\"\n ip_protocol = \"IPV4\"\n action = \"ALLOW\"\n app_port_profile_ids = [\"HTTP\", \"HTTPS\", \"MS-SQL-S\", \"MySQL\"]\n source_ids = [\"US1-Segment-03-Network_172.16.2.0/24_IP-Set\"]\n destination_ids = [\"US1-Segment-04-Network_172.16.3.0/24_IP-Set\"]\n },\n {\n name = \"Allow_ICMP-ALL\"\n direction = \"IN_OUT\"\n ip_protocol = \"IPV4\"\n action = \"ALLOW\"\n app_port_profile_ids = [\"ICMP ALL\"]\n },\n {\n name = \"Allow_Outbound-Internet\"\n direction = \"IN_OUT\"\n ip_protocol = \"IPV4\"\n action = \"ALLOW\"\n source_ids = [\n \"US1-Segment-01-Network_172.16.0.0/24_IP-Set\",\n \"US1-Segment-02-Network_172.16.1.0/24_IP-Set\",\n \"US1-Segment-03-Network_172.16.2.0/24_IP-Set\",\n \"US1-Segment-04-Network_172.16.3.0/24_IP-Set\",\n \"US1-Segment-05-Network_172.16.4.0/24_IP-Set\",\n \"Default_IP_SET_10.0.2.0/24\"\n ]\n },\n {\n name = \"Default_Drop\"\n direction = \"IN_OUT\"\n ip_protocol = \"IPV4\"\n action = \"DROP\"\n }\n ]\n}\n```\n\n## Authors\n\nThis module is maintained by the [Global VMware Cloud Automation Services Team](https://github.com/global-vmware).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglobal-vmware%2Fvcd_nsxt_distributed_firewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fglobal-vmware%2Fvcd_nsxt_distributed_firewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglobal-vmware%2Fvcd_nsxt_distributed_firewall/lists"}