firewall_policy
This resource allows management of CrowdStrike Firewall policies. A firewall policy defines the firewall settings and rule groups that apply to hosts in assigned host groups.
API Scopes
Section titled “API Scopes”The following API scopes are required:
- Firewall management: READ
- Firewall management: WRITE
Example Usage
Section titled “Example Usage”terraform { required_providers { crowdstrike = { source = "registry.terraform.io/crowdstrike/crowdstrike" } }}
provider "crowdstrike" {}
# Basic firewall policy for Windowsresource "crowdstrike_firewall_policy" "windows_basic" { name = "Windows Firewall Policy" description = "Basic firewall policy for Windows endpoints" platform_name = "Windows" enabled = true
# Policy settings default_inbound = "DENY" default_outbound = "ALLOW" enforce = false monitor_mode = false local_logging = false}
# Firewall policy with rule groups attachedresource "crowdstrike_firewall_policy" "windows_with_rules" { name = "Windows Web Server Policy" description = "Firewall policy for Windows web servers with rule groups" platform_name = "Windows" enabled = true
rule_group_ids = [ crowdstrike_firewall_rule_group.web_servers.id, ]}
# Firewall policy with host groups attachedresource "crowdstrike_firewall_policy" "linux_servers" { name = "Linux Server Policy" description = "Firewall policy for Linux servers" platform_name = "Linux" enabled = true
host_groups = [ "abc123def456", # Replace with actual host group ID ]
rule_group_ids = [ crowdstrike_firewall_rule_group.linux_rules.id, ]}
# Mac firewall policyresource "crowdstrike_firewall_policy" "mac_endpoints" { name = "Mac Endpoint Policy" description = "Firewall policy for Mac endpoints" platform_name = "Mac" enabled = false # Disabled by default}
# Example rule group to attach to policyresource "crowdstrike_firewall_rule_group" "web_servers" { name = "Web Server Rules" description = "Rules for web server traffic" platform = "Windows" enabled = true
rules = [ { name = "Allow HTTPS" description = "Allow inbound HTTPS traffic" enabled = true action = "ALLOW" direction = "IN" protocol = "TCP" local_port = [{ start = 443, end = 0 }] } ]}
resource "crowdstrike_firewall_rule_group" "linux_rules" { name = "Linux Server Rules" description = "Rules for Linux servers" platform = "Linux" enabled = true
rules = [ { name = "Allow SSH" description = "Allow inbound SSH traffic" enabled = true action = "ALLOW" direction = "IN" protocol = "TCP" local_port = [{ start = 22, end = 0 }] } ]}
output "windows_policy_id" { value = crowdstrike_firewall_policy.windows_basic.id}
output "linux_policy_id" { value = crowdstrike_firewall_policy.linux_servers.id}Schema
Section titled “Schema”Required
Section titled “Required”name(String) Name of the firewall policy.platform_name(String) Platform for the firewall policy. One of:Windows,Mac,Linux. Changing this value will require replacing the resource.
Optional
Section titled “Optional”default_inbound(String) Default action for inbound traffic. One of:ALLOW(shown as “Allow all” in the console),DENY(“Block all”). Defaults toDENY.default_outbound(String) Default action for outbound traffic. One of:ALLOW(shown as “Allow all” in the console),DENY(“Block all”). Defaults toALLOW.description(String) Description of the firewall policy.enabled(Boolean) Enable the firewall policy.enforce(Boolean) Enforce this policy’s rules and override the firewall settings on each assigned host. Disables native firewall rules. When false, the policy’s rules are not applied.host_groups(Set of String) Host group IDs to attach to the policy.local_logging(Boolean) Save a record of all firewall rule events on the host’s local drive to allow for easier troubleshooting.monitor_mode(Boolean) Enable monitor mode (labeled “Monitor mode” in the Falcon console). Overrides all block rules in the policy and turns on monitoring, allowing all traffic while showing block events as “would be blocked.” Requiresenforceto be true.rule_group_ids(List of String) Firewall rule group IDs to attach to the policy. Order determines precedence (first has highest priority).
Read-Only
Section titled “Read-Only”id(String) Identifier for the firewall policy.
Import
Section titled “Import”Import is supported using the following syntax:
# Firewall policies can be imported by specifying the policy ID.# The policy ID can be found in the CrowdStrike console or via the API.
terraform import crowdstrike_firewall_policy.example abc123def456789