{"id":26716830,"url":"https://github.com/global-vmware/vcd_nsxt_firewall","last_synced_at":"2025-03-27T15:47:57.282Z","repository":{"id":171774251,"uuid":"648395886","full_name":"global-vmware/vcd_nsxt_firewall","owner":"global-vmware","description":"This Repository contains the \"vcd_nsxt_firewall\" Terraform Module. You can use this Module to deploy Edge Gateway Firewall Rules into a VMware Cloud Director (VCD) Environment.","archived":false,"fork":false,"pushed_at":"2023-12-11T20:35:16.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2023-12-11T21:28:58.016Z","etag":null,"topics":["firewall","infrastructure-as-code","security","security-automation","terraform","terraform-module","vmware","vmware-nsx"],"latest_commit_sha":null,"homepage":"https://www.rackspace.com/cloud/vmware","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/global-vmware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-06-01T21:55:56.000Z","updated_at":"2023-12-11T21:29:01.475Z","dependencies_parsed_at":"2023-12-11T21:29:01.221Z","dependency_job_id":"f1782514-e92e-4afe-9023-9e471ce919fb","html_url":"https://github.com/global-vmware/vcd_nsxt_firewall","commit_stats":null,"previous_names":["global-vmware/vcd_nsxt_firewall"],"tags_count":4,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/global-vmware%2Fvcd_nsxt_firewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/global-vmware%2Fvcd_nsxt_firewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/global-vmware%2Fvcd_nsxt_firewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/global-vmware%2Fvcd_nsxt_firewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/global-vmware","download_url":"https://codeload.github.com/global-vmware/vcd_nsxt_firewall/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245874774,"owners_count":20686834,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firewall","infrastructure-as-code","security","security-automation","terraform","terraform-module","vmware","vmware-nsx"],"created_at":"2025-03-27T15:47:56.587Z","updated_at":"2025-03-27T15:47:57.273Z","avatar_url":"https://github.com/global-vmware.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# VCD NSX-T Edge Gateway Firewall Rules Terraform Module\n\nThis Terraform module deploys NSX-T Edge Gateway Firewall Rules into an existing VMware Cloud Director (VCD) environment. It enables the provisioning of new Edge Gateway Firewall Rules into [Rackspace Technology SDDC Flex](https://www.rackspace.com/cloud/private/software-defined-data-center-flex) VCD Data Center Regions.\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| terraform | ~\u003e 1.2 |\n| vcd | ~\u003e 3.8 |\n\n## Resources\n\n| Name                                                                 | Type         |\n|----------------------------------------------------------------------|--------------|\n| [vcd_nsxt_edgegateway](https://registry.terraform.io/providers/vmware/vcd/latest/docs/data-sources/nsxt_edgegateway) | Data Source |\n| [vcd_vdc_group](https://registry.terraform.io/providers/vmware/vcd/latest/docs/data-sources/vdc_group)| Data Source |\n| [vcd_nsxt_security_group](https://registry.terraform.io/providers/vmware/vcd/latest/docs/resources/nsxt_security_group) | Data Source |\n| [vcd_nsxt_firewall](https://registry.terraform.io/providers/vmware/vcd/latest/docs/resources/nsxt_firewall) | Resource |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|----------|\n| vdc_org_name | The name of the Data Center Group Organization in VCD | string | `\"Organization Name Format: \u003cAccount_Number\u003e-\u003cRegion\u003e-\u003cAccount_Name\u003e\"` | yes |\n| vdc_group_name | The name of the Data Center Group in VCD | string | `\"Data Center Group Name Format: \u003cAccount_Number\u003e-\u003cRegion\u003e-\u003cAccount_Name\u003e \u003cdatacenter group\u003e\"` | yes |\n| vdc_edge_name | Name of the Data Center Group Edge Gateway | string | `\"Edge Gateway Name Format: \u003cAccount_Number\u003e-\u003cRegion\u003e-\u003cEdge_GW_Identifier\u003e-\u003cedge\u003e\"` | yes |\n| app_port_profiles | Map of app port profiles with their corresponding scopes | map(string) | {} | yes |\n| ip_set_names | List of IP set names | list(string) | [] | yes |\n| dynamic_security_group_names | List of dynamic security group names | list(string) | [] | no |\n| security_group_names | List of security group names | list(string) | [] | no |\n| rules | List of rules to apply | list(object({ name = string, direction = string, ip_protocol = string, action = string, enabled = optional(bool), logging = optional(bool), source_ids = optional(list(string)), destination_ids = optional(list(string)), app_port_profile_ids = optional(list(string)) })) | [] | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| firewall_id | The ID of the firewall |\n| firewall_rule_names | The names of the firewall rules |\n\n## Example Usage\n\n```terraform\nmodule \"vcd_nsxt_firewall\" {\n  source = \"github.com/global-vmware/vcd_nsxt_firewall.git?ref=v1.3.1\"\n\n  vdc_org_name          = \"\u003cVDC-ORG-NAME\u003e\"\n  vdc_group_name        = \"\u003cVDC-GRP-NAME\u003e\"\n  vdc_edge_name         = \"\u003cVDC-EDGE-NAME\u003e\"\n\n  app_port_profiles = {\n  \"HTTPS\"       = \"SYSTEM\",\n  }\n\n  ip_set_names = [\n    \"US1-Segment-01-Network_172.16.0.0/24_IP-Set\",\n    \"US1-Segment-02-Network_172.16.1.0/24_IP-Set\",\n    \"US1-Segment-03-Network_172.16.2.0/24_IP-Set\",\n    \"US1-Segment-04-Network_172.16.3.0/24_IP-Set\",\n    \"US1-Segment-05-Network_172.16.4.0/24_IP-Set\",\n    \"Prod-App-NSXT-ALB-VIP\"\n  ]\n\n  rules = [\n    {\n      name                  = \"Allow_HTTPS--\u003eProd-App-NSXT-ALB-VIP\"\n      direction             = \"IN_OUT\"\n      ip_protocol           = \"IPV4\"\n      action                = \"ALLOW\"\n      app_port_profile_ids  = [\"HTTPS\"]\n      destination_ids       = [\"Prod-App-NSXT-ALB-VIP\"]\n    },\n    {\n      name                  = \"Allow_Outbound-Internet\"\n      direction             = \"IN_OUT\"\n      ip_protocol           = \"IPV4\"\n      action                = \"ALLOW\"\n      source_ids            = [\n        \"US1-Segment-01-Network_172.16.0.0/24_IP-Set\",\n        \"US1-Segment-02-Network_172.16.1.0/24_IP-Set\",\n        \"US1-Segment-03-Network_172.16.2.0/24_IP-Set\",\n        \"US1-Segment-04-Network_172.16.3.0/24_IP-Set\",\n        \"US1-Segment-05-Network_172.16.4.0/24_IP-Set\"\n      ]\n    }\n  ]\n}\n```\n\n## Authors\n\nThis module is maintained by the [Global VMware Cloud Automation Services Team](https://github.com/global-vmware).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglobal-vmware%2Fvcd_nsxt_firewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fglobal-vmware%2Fvcd_nsxt_firewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglobal-vmware%2Fvcd_nsxt_firewall/lists"}