firewall_policies
This data source provides information about firewall policies in Falcon.
API Scopes
Section titled “API Scopes”The following API scopes are required:
- Firewall management: READ
Example Usage
Section titled “Example Usage”terraform { required_providers { crowdstrike = { source = "registry.terraform.io/crowdstrike/crowdstrike" } }}
provider "crowdstrike" {}
# Get all firewall policiesdata "crowdstrike_firewall_policies" "all" {}
# Get firewall policies filtered by platformdata "crowdstrike_firewall_policies" "windows" { platform_name = "Windows"}
# Get firewall policies filtered by name (supports wildcards)data "crowdstrike_firewall_policies" "production" { name = "Production*"}
# Get specific firewall policies by IDdata "crowdstrike_firewall_policies" "specific" { ids = ["policy_id_1", "policy_id_2"]}
# Get enabled firewall policiesdata "crowdstrike_firewall_policies" "enabled" { enabled = true}
# Use FQL filter for advanced queriesdata "crowdstrike_firewall_policies" "fql" { filter = "platform_name:'Windows'+enabled:true"}
output "all_policy_names" { value = [for p in data.crowdstrike_firewall_policies.all.policies : p.name]}
output "windows_policy_ids" { value = [for p in data.crowdstrike_firewall_policies.windows.policies : p.id]}Schema
Section titled “Schema”Optional
Section titled “Optional”enabled(Boolean) Filter policies by enabled status. Cannot be used together with ‘filter’ or ‘ids’.filter(String) FQL filter to apply to the firewall policies query. Cannot be used together with ‘ids’ or other filter attributes.ids(List of String) List of firewall policy IDs to retrieve. Cannot be used together with ‘filter’ or other filter attributes.name(String) Filter policies by name. Supports wildcard matching with ’*’. Cannot be used together with ‘filter’ or ‘ids’.platform_name(String) Filter policies by platform (Windows, Linux, Mac). Cannot be used together with ‘filter’ or ‘ids’.
Read-Only
Section titled “Read-Only”policies(Attributes List) The list of firewall policies (see below for nested schema)
Nested Schema for policies
Section titled “Nested Schema for policies”Read-Only:
created_by(String) User who created the policycreated_timestamp(String) Timestamp when the policy was createddefault_inbound(String) The default action for inbound traffic.ALLOWis shown as “Allow all” in the console;DENYas “Block all”.default_outbound(String) The default action for outbound traffic.ALLOWis shown as “Allow all” in the console;DENYas “Block all”.description(String) The firewall policy descriptionenabled(Boolean) Whether the firewall policy is enabledenforce(Boolean) Whether the policy’s rules override the firewall settings on each assigned host and disable native firewall rules. When false, the policy’s rules are not applied.host_groups(List of String) Host group IDs attached to the policyid(String) The firewall policy IDlocal_logging(Boolean) Whether a record of all firewall rule events is saved on the host’s local drive to allow for easier troubleshooting.modified_by(String) User who last modified the policymodified_timestamp(String) Timestamp when the policy was last modifiedmonitor_mode(Boolean) Whether monitor mode (labeled “Monitor mode” in the Falcon console) is enabled. Overrides all block rules in the policy and turns on monitoring, allowing all traffic while showing block events as “would be blocked.”name(String) The firewall policy nameplatform_name(String) The platform name (Windows, Linux, Mac)rule_group_ids(List of String) Firewall rule group IDs attached to the policy, in precedence order