Oracle Cloud Infrastructure v2.33.0, May 1 25

Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi

oci.NetworkFirewall.getNetworkFirewallPolicySecurityRules

Explore with Pulumi AI

Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testNetworkFirewallPolicySecurityRules = oci.NetworkFirewall.getNetworkFirewallPolicySecurityRules({
    networkFirewallPolicyId: testNetworkFirewallPolicy.id,
    displayName: networkFirewallPolicySecurityRuleDisplayName,
    securityRulePriorityOrder: networkFirewallPolicySecurityRuleSecurityRulePriorityOrder,
});

import pulumi
import pulumi_oci as oci

test_network_firewall_policy_security_rules = oci.NetworkFirewall.get_network_firewall_policy_security_rules(network_firewall_policy_id=test_network_firewall_policy["id"],
    display_name=network_firewall_policy_security_rule_display_name,
    security_rule_priority_order=network_firewall_policy_security_rule_security_rule_priority_order)

package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/networkfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkfirewall.GetNetworkFirewallPolicySecurityRules(ctx, &networkfirewall.GetNetworkFirewallPolicySecurityRulesArgs{
			NetworkFirewallPolicyId:   testNetworkFirewallPolicy.Id,
			DisplayName:               pulumi.StringRef(networkFirewallPolicySecurityRuleDisplayName),
			SecurityRulePriorityOrder: pulumi.IntRef(networkFirewallPolicySecurityRuleSecurityRulePriorityOrder),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testNetworkFirewallPolicySecurityRules = Oci.NetworkFirewall.GetNetworkFirewallPolicySecurityRules.Invoke(new()
    {
        NetworkFirewallPolicyId = testNetworkFirewallPolicy.Id,
        DisplayName = networkFirewallPolicySecurityRuleDisplayName,
        SecurityRulePriorityOrder = networkFirewallPolicySecurityRuleSecurityRulePriorityOrder,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.NetworkFirewall.NetworkFirewallFunctions;
import com.pulumi.oci.NetworkFirewall.inputs.GetNetworkFirewallPolicySecurityRulesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testNetworkFirewallPolicySecurityRules = NetworkFirewallFunctions.getNetworkFirewallPolicySecurityRules(GetNetworkFirewallPolicySecurityRulesArgs.builder()
            .networkFirewallPolicyId(testNetworkFirewallPolicy.id())
            .displayName(networkFirewallPolicySecurityRuleDisplayName)
            .securityRulePriorityOrder(networkFirewallPolicySecurityRuleSecurityRulePriorityOrder)
            .build());

    }
}

variables:
  testNetworkFirewallPolicySecurityRules:
    fn::invoke:
      function: oci:NetworkFirewall:getNetworkFirewallPolicySecurityRules
      arguments:
        networkFirewallPolicyId: ${testNetworkFirewallPolicy.id}
        displayName: ${networkFirewallPolicySecurityRuleDisplayName}
        securityRulePriorityOrder: ${networkFirewallPolicySecurityRuleSecurityRulePriorityOrder}

Using getNetworkFirewallPolicySecurityRules

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getNetworkFirewallPolicySecurityRules(args: GetNetworkFirewallPolicySecurityRulesArgs, opts?: InvokeOptions): Promise<GetNetworkFirewallPolicySecurityRulesResult>
function getNetworkFirewallPolicySecurityRulesOutput(args: GetNetworkFirewallPolicySecurityRulesOutputArgs, opts?: InvokeOptions): Output<GetNetworkFirewallPolicySecurityRulesResult>

def get_network_firewall_policy_security_rules(display_name: Optional[str] = None,
                                               filters: Optional[Sequence[GetNetworkFirewallPolicySecurityRulesFilter]] = None,
                                               network_firewall_policy_id: Optional[str] = None,
                                               security_rule_priority_order: Optional[int] = None,
                                               opts: Optional[InvokeOptions] = None) -> GetNetworkFirewallPolicySecurityRulesResult
def get_network_firewall_policy_security_rules_output(display_name: Optional[pulumi.Input[str]] = None,
                                               filters: Optional[pulumi.Input[Sequence[pulumi.Input[GetNetworkFirewallPolicySecurityRulesFilterArgs]]]] = None,
                                               network_firewall_policy_id: Optional[pulumi.Input[str]] = None,
                                               security_rule_priority_order: Optional[pulumi.Input[int]] = None,
                                               opts: Optional[InvokeOptions] = None) -> Output[GetNetworkFirewallPolicySecurityRulesResult]

func GetNetworkFirewallPolicySecurityRules(ctx *Context, args *GetNetworkFirewallPolicySecurityRulesArgs, opts ...InvokeOption) (*GetNetworkFirewallPolicySecurityRulesResult, error)
func GetNetworkFirewallPolicySecurityRulesOutput(ctx *Context, args *GetNetworkFirewallPolicySecurityRulesOutputArgs, opts ...InvokeOption) GetNetworkFirewallPolicySecurityRulesResultOutput

> Note: This function is named GetNetworkFirewallPolicySecurityRules in the Go SDK.

public static class GetNetworkFirewallPolicySecurityRules 
{
    public static Task<GetNetworkFirewallPolicySecurityRulesResult> InvokeAsync(GetNetworkFirewallPolicySecurityRulesArgs args, InvokeOptions? opts = null)
    public static Output<GetNetworkFirewallPolicySecurityRulesResult> Invoke(GetNetworkFirewallPolicySecurityRulesInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetNetworkFirewallPolicySecurityRulesResult> getNetworkFirewallPolicySecurityRules(GetNetworkFirewallPolicySecurityRulesArgs args, InvokeOptions options)
public static Output<GetNetworkFirewallPolicySecurityRulesResult> getNetworkFirewallPolicySecurityRules(GetNetworkFirewallPolicySecurityRulesArgs args, InvokeOptions options)

fn::invoke:
  function: oci:NetworkFirewall/getNetworkFirewallPolicySecurityRules:getNetworkFirewallPolicySecurityRules
  arguments:
    # arguments dictionary

The following arguments are supported:

NetworkFirewallPolicyId string: Unique Network Firewall Policy identifier
DisplayName string: A filter to return only resources that match the entire display name given.
Filters List<GetNetworkFirewallPolicySecurityRulesFilter>
SecurityRulePriorityOrder int: Unique priority order for Security Rules in the network firewall policy.

NetworkFirewallPolicyId string: Unique Network Firewall Policy identifier
DisplayName string: A filter to return only resources that match the entire display name given.
Filters []GetNetworkFirewallPolicySecurityRulesFilter
SecurityRulePriorityOrder int: Unique priority order for Security Rules in the network firewall policy.

networkFirewallPolicyId String: Unique Network Firewall Policy identifier
displayName String: A filter to return only resources that match the entire display name given.
filters List<GetPolicySecurityRulesFilter>
securityRulePriorityOrder Integer: Unique priority order for Security Rules in the network firewall policy.

networkFirewallPolicyId string: Unique Network Firewall Policy identifier
displayName string: A filter to return only resources that match the entire display name given.
filters GetNetworkFirewallPolicySecurityRulesFilter[]
securityRulePriorityOrder number: Unique priority order for Security Rules in the network firewall policy.

network_firewall_policy_id str: Unique Network Firewall Policy identifier
display_name str: A filter to return only resources that match the entire display name given.
filters Sequence[GetNetworkFirewallPolicySecurityRulesFilter]
security_rule_priority_order int: Unique priority order for Security Rules in the network firewall policy.

networkFirewallPolicyId String: Unique Network Firewall Policy identifier
displayName String: A filter to return only resources that match the entire display name given.
filters List<Property Map>
securityRulePriorityOrder Number: Unique priority order for Security Rules in the network firewall policy.

getNetworkFirewallPolicySecurityRules Result

The following output properties are available:

Id string: The provider-assigned unique ID for this managed resource.
NetworkFirewallPolicyId string
SecurityRuleSummaryCollections List<GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollection>: The list of security_rule_summary_collection.
DisplayName string
Filters List<GetNetworkFirewallPolicySecurityRulesFilter>
SecurityRulePriorityOrder int

Id string: The provider-assigned unique ID for this managed resource.
NetworkFirewallPolicyId string
SecurityRuleSummaryCollections []GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollection: The list of security_rule_summary_collection.
DisplayName string
Filters []GetNetworkFirewallPolicySecurityRulesFilter
SecurityRulePriorityOrder int

id String: The provider-assigned unique ID for this managed resource.
networkFirewallPolicyId String
securityRuleSummaryCollections List<GetPolicySecurityRulesSecurityRuleSummaryCollection>: The list of security_rule_summary_collection.
displayName String
filters List<GetPolicySecurityRulesFilter>
securityRulePriorityOrder Integer

id string: The provider-assigned unique ID for this managed resource.
networkFirewallPolicyId string
securityRuleSummaryCollections GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollection[]: The list of security_rule_summary_collection.
displayName string
filters GetNetworkFirewallPolicySecurityRulesFilter[]
securityRulePriorityOrder number

id str: The provider-assigned unique ID for this managed resource.
network_firewall_policy_id str
security_rule_summary_collections Sequence[GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollection]: The list of security_rule_summary_collection.
display_name str
filters Sequence[GetNetworkFirewallPolicySecurityRulesFilter]
security_rule_priority_order int

id String: The provider-assigned unique ID for this managed resource.
networkFirewallPolicyId String
securityRuleSummaryCollections List<Property Map>: The list of security_rule_summary_collection.
displayName String
filters List<Property Map>
securityRulePriorityOrder Number

Supporting Types

GetNetworkFirewallPolicySecurityRulesFilter

Name string: Name for the Security rule, must be unique within the policy.
Values List<string>
Regex bool

Name string: Name for the Security rule, must be unique within the policy.
Values []string
Regex bool

name String: Name for the Security rule, must be unique within the policy.
values List<String>
regex Boolean

name string: Name for the Security rule, must be unique within the policy.
values string[]
regex boolean

name str: Name for the Security rule, must be unique within the policy.
values Sequence[str]
regex bool

name String: Name for the Security rule, must be unique within the policy.
values List<String>
regex Boolean

GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollection

Items List<GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItem>

Items []GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItem

items List<GetPolicySecurityRulesSecurityRuleSummaryCollectionItem>

items GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItem[]

items Sequence[GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItem]

items List<Property Map>

GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItem

Action string

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

Condition GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

Name string

Name for the Security rule, must be unique within the policy.

NetworkFirewallPolicyId string

Unique Network Firewall Policy identifier

ParentResourceId string

OCID of the Network Firewall Policy this security rule belongs to.

Positions List<GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemPosition>

An object which defines the position of the rule.

Inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

PriorityOrder string

Action string

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

Condition GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

Name string

Name for the Security rule, must be unique within the policy.

NetworkFirewallPolicyId string

Unique Network Firewall Policy identifier

ParentResourceId string

OCID of the Network Firewall Policy this security rule belongs to.

Positions []GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemPosition

An object which defines the position of the rule.

Inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

PriorityOrder string

action String

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

condition GetPolicySecurityRulesSecurityRuleSummaryCollectionItemCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

name String

Name for the Security rule, must be unique within the policy.

networkFirewallPolicyId String

Unique Network Firewall Policy identifier

parentResourceId String

OCID of the Network Firewall Policy this security rule belongs to.

positions List<GetPolicySecurityRulesSecurityRuleSummaryCollectionItemPosition>

An object which defines the position of the rule.

inspection String

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

priorityOrder String

action string

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

condition GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

name string

Name for the Security rule, must be unique within the policy.

networkFirewallPolicyId string

Unique Network Firewall Policy identifier

parentResourceId string

OCID of the Network Firewall Policy this security rule belongs to.

positions GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemPosition[]

An object which defines the position of the rule.

inspection string

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

priorityOrder string

action str

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

condition GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemCondition

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

name str

Name for the Security rule, must be unique within the policy.

network_firewall_policy_id str

Unique Network Firewall Policy identifier

parent_resource_id str

OCID of the Network Firewall Policy this security rule belongs to.

positions Sequence[GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemPosition]

An object which defines the position of the rule.

inspection str

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

priority_order str

action String

Types of Action on the Traffic flow.

ALLOW - Allows the traffic.
DROP - Silently drops the traffic, e.g. without sending a TCP reset.
REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.
INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

condition Property Map

Criteria to evaluate against network traffic. A match occurs when at least one item in the array associated with each specified property corresponds with the relevant aspect of the traffic.

name String

Name for the Security rule, must be unique within the policy.

networkFirewallPolicyId String

Unique Network Firewall Policy identifier

parentResourceId String

OCID of the Network Firewall Policy this security rule belongs to.

positions List<Property Map>

An object which defines the position of the rule.

inspection String

Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.
INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

priorityOrder String

GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemCondition

Applications List<string>: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
DestinationAddresses List<string>: An array of IP address list names to be evaluated against the traffic destination address.
Services List<string>: An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters.
SourceAddresses List<string>: An array of IP address list names to be evaluated against the traffic source address.
Urls List<string>: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

Applications []string: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
DestinationAddresses []string: An array of IP address list names to be evaluated against the traffic destination address.
Services []string: An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters.
SourceAddresses []string: An array of IP address list names to be evaluated against the traffic source address.
Urls []string: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications List<String>: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
destinationAddresses List<String>: An array of IP address list names to be evaluated against the traffic destination address.
services List<String>: An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters.
sourceAddresses List<String>: An array of IP address list names to be evaluated against the traffic source address.
urls List<String>: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications string[]: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
destinationAddresses string[]: An array of IP address list names to be evaluated against the traffic destination address.
services string[]: An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters.
sourceAddresses string[]: An array of IP address list names to be evaluated against the traffic source address.
urls string[]: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications Sequence[str]: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
destination_addresses Sequence[str]: An array of IP address list names to be evaluated against the traffic destination address.
services Sequence[str]: An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters.
source_addresses Sequence[str]: An array of IP address list names to be evaluated against the traffic source address.
urls Sequence[str]: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

applications List<String>: An array of application list names to be evaluated against the traffic protocol and protocol-specific parameters.
destinationAddresses List<String>: An array of IP address list names to be evaluated against the traffic destination address.
services List<String>: An array of service list names to be evaluated against the traffic protocol and protocol-specific parameters.
sourceAddresses List<String>: An array of IP address list names to be evaluated against the traffic source address.
urls List<String>: An array of URL pattern list names to be evaluated against the HTTP(S) request target.

GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemPosition

AfterRule string: Identifier for rule after which this rule lies.
BeforeRule string: Identifier for rule before which this rule lies.

AfterRule string: Identifier for rule after which this rule lies.
BeforeRule string: Identifier for rule before which this rule lies.

afterRule String: Identifier for rule after which this rule lies.
beforeRule String: Identifier for rule before which this rule lies.

afterRule string: Identifier for rule after which this rule lies.
beforeRule string: Identifier for rule before which this rule lies.

after_rule str: Identifier for rule after which this rule lies.
before_rule str: Identifier for rule before which this rule lies.

afterRule String: Identifier for rule after which this rule lies.
beforeRule String: Identifier for rule before which this rule lies.

Package Details

Repository: oci pulumi/pulumi-oci
License: Apache-2.0
Notes: This Pulumi package is based on the oci Terraform Provider.

Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi

pulumi/pulumi-oci

oci.NetworkFirewall.getNetworkFirewallPolicySecurityRules

On this page

On this page

Example Usage

Using getNetworkFirewallPolicySecurityRules

getNetworkFirewallPolicySecurityRules Result

Supporting Types

GetNetworkFirewallPolicySecurityRulesFilter

GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollection

GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItem

GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemCondition

GetNetworkFirewallPolicySecurityRulesSecurityRuleSummaryCollectionItemPosition

Package Details

On this page

On this page