firewall_rule_group
This resource allows management of CrowdStrike Firewall rule groups. A rule group is a collection of firewall rules that can be assigned to firewall policies.
API Scopes
Section titled “API Scopes”The following API scopes are required:
- Firewall management: READ
- Firewall management: WRITE
Example Usage
Section titled “Example Usage”terraform { required_providers { crowdstrike = { source = "registry.terraform.io/crowdstrike/crowdstrike" } }}
provider "crowdstrike" {}
# Basic firewall rule group with a single ruleresource "crowdstrike_firewall_rule_group" "web_servers" { name = "Web Server Rules" description = "Firewall rules for web servers" platform = "Windows" enabled = true
rules = [ { name = "Allow HTTPS Inbound" description = "Allow inbound HTTPS traffic" enabled = true action = "ALLOW" direction = "IN" protocol = "TCP"
remote_port = [ { start = 443 end = 0 } ] }, { name = "Allow HTTP Inbound" description = "Allow inbound HTTP traffic" enabled = true action = "ALLOW" direction = "IN" protocol = "TCP"
remote_port = [ { start = 80 end = 0 } ] }, { name = "Block All Other Inbound" description = "Block all other inbound traffic" enabled = true action = "DENY" direction = "IN" protocol = "ANY" } ]}
# Firewall rule group with IP restrictionsresource "crowdstrike_firewall_rule_group" "database_servers" { name = "Database Server Rules" description = "Firewall rules for database servers" platform = "Linux" enabled = true
rules = [ { name = "Allow PostgreSQL from App Servers" description = "Allow PostgreSQL connections from application server subnet" enabled = true action = "ALLOW" direction = "IN" protocol = "TCP"
remote_address = [ { address = "10.0.1.0" netmask = 24 } ]
local_port = [ { start = 5432 end = 0 } ] }, { name = "Allow MySQL from App Servers" description = "Allow MySQL connections from application server subnet" enabled = true action = "ALLOW" direction = "IN" protocol = "TCP"
remote_address = [ { address = "10.0.1.0" netmask = 24 } ]
local_port = [ { start = 3306 end = 0 } ] } ]}
# Firewall rule group with FQDN-based rules (outbound only)resource "crowdstrike_firewall_rule_group" "outbound_rules" { name = "Outbound Access Rules" description = "Control outbound access to specific domains" platform = "Windows" enabled = true
rules = [ { name = "Allow Updates" description = "Allow outbound HTTPS to update servers" enabled = true action = "ALLOW" direction = "OUT" protocol = "TCP" fqdn = "update.microsoft.com;download.windowsupdate.com"
remote_port = [ { start = 443 end = 0 } ] } ]}
# Mac platform example (note: executable_path and service_name not supported on Mac)resource "crowdstrike_firewall_rule_group" "mac_rules" { name = "Mac Workstation Rules" description = "Firewall rules for Mac workstations" platform = "Mac" enabled = true
rules = [ { name = "Allow Outbound HTTPS" description = "Allow outbound HTTPS traffic" enabled = true action = "ALLOW" direction = "OUT" protocol = "TCP"
remote_port = [ { start = 443 end = 0 } ] } ]}
output "firewall_rule_group" { value = crowdstrike_firewall_rule_group.web_servers}Schema
Section titled “Schema”Required
Section titled “Required”enabled(Boolean) Whether the rule group is enabled.name(String) Name of the firewall rule group.platform(String) Platform for the rule group. One of:Windows,Mac,Linux.
Optional
Section titled “Optional”description(String) Description of the firewall rule group.rules(Attributes List) List of firewall rules in this rule group. Rule precedence is determined by the order in the list. (see below for nested schema)
Read-Only
Section titled “Read-Only”id(String) Identifier for the firewall rule group.
Nested Schema for rules
Section titled “Nested Schema for rules”Required:
action(String) Action to take when the rule matches. One of:ALLOW,DENY.direction(String) Traffic direction for the rule. One of:IN,OUT,BOTH.name(String) Name of the firewall rule.protocol(String) Protocol for the rule. Named protocols:TCP,UDP,ICMPV4,ICMPV6,IPV6 ENCAPSULATION,ANY. Additional protocols reachable via the console’s Advanced (numeric protocol) option:GRE,ESP,IGMP,IP-IN-IP. Note: Some protocols have platform restrictions (see platform documentation).
Optional:
address_family(String) Address family for the rule. One of:IP4,IP6,ANY(ANYmatches any address family and clears any configured addresses).description(String) Description of the firewall rule.enabled(Boolean) Whether the rule is enabled.executable_path(String) Path to executable that this rule applies to.fqdn(String) Fully qualified domain name for the rule. Only valid for outbound rules. Multiple FQDNs can be separated by semicolons. Wildcard (*.example.com) and glob syntax are supported.icmp_code(String) ICMP code for ICMP protocol rules. Use*for any.icmp_type(String) ICMP type for ICMP protocol rules. Use*for any.local_address(Attributes List) Local IP addresses for the rule. If empty, matches any local address. (see below for nested schema)local_port(Attributes List) Local ports for the rule. Only applicable for TCP/UDP protocols. If empty, matches any port. (see below for nested schema)network_location(String) Network location restriction. One of the built-in valuesANY,DOMAIN,PRIVATE,PUBLIC, or a custom network location ID. Not supported on Linux (onlyANYis valid there).remote_address(Attributes List) Remote IP addresses for the rule. If empty, matches any remote address. (see below for nested schema)remote_port(Attributes List) Remote ports for the rule. Only applicable for TCP/UDP protocols. If empty, matches any port. (see below for nested schema)service_name(String) Windows service name that this rule applies to. Only valid for Windows platform.watch_mode(Boolean) Enable watch mode (monitoring) for this rule instead of enforcing.
Read-Only:
id(String) Identifier for the firewall rule. Note: Rule IDs may change when the rule group is updated.
Nested Schema for rules.local_address
Section titled “Nested Schema for rules.local_address”Required:
address(String) IP address for the rule, or*to match any address.
Optional:
netmask(Number) CIDR netmask. Use 0 for a single IP or any.
Nested Schema for rules.local_port
Section titled “Nested Schema for rules.local_port”Required:
start(Number) Start port (1-65535).
Optional:
end(Number) End port for range (1-65535). Use 0 for single port.
Nested Schema for rules.remote_address
Section titled “Nested Schema for rules.remote_address”Required:
address(String) IP address for the rule, or*to match any address.
Optional:
netmask(Number) CIDR netmask. Use 0 for a single IP or any.
Nested Schema for rules.remote_port
Section titled “Nested Schema for rules.remote_port”Required:
start(Number) Start port (1-65535).
Optional:
end(Number) End port for range (1-65535). Use 0 for single port.
Import
Section titled “Import”Import is supported using the following syntax:
#!/bin/bash# Import an existing firewall rule group by its IDterraform import crowdstrike_firewall_rule_group.web_servers <rule_group_id>