diff --git a/modules/net-firewall-policy/README.md b/modules/net-firewall-policy/README.md
index ffdd15c2..8a71d6b6 100644
--- a/modules/net-firewall-policy/README.md
+++ b/modules/net-firewall-policy/README.md
@@ -235,14 +235,14 @@ icmp:
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [name](variables.tf#L113) | Policy name. | string
| ✓ | |
-| [parent_id](variables.tf#L119) | Parent node where the policy will be created, `folders/nnn` or `organizations/nnn` for hierarchical policy, project id for a network policy. | string
| ✓ | |
+| [name](variables.tf#L100) | Policy name. | string
| ✓ | |
+| [parent_id](variables.tf#L106) | Parent node where the policy will be created, `folders/nnn` or `organizations/nnn` for hierarchical policy, project id for a network policy. | string
| ✓ | |
| [attachments](variables.tf#L17) | Ids of the resources to which this policy will be attached, in descriptive name => self link format. Specify folders or organization for hierarchical policy, VPCs for network policy. | map(string)
| | {}
|
| [description](variables.tf#L24) | Policy description. | string
| | null
|
| [egress_rules](variables.tf#L30) | List of egress rule definitions, action can be 'allow', 'deny', 'goto_next'. The match.layer4configs map is in protocol => optional [ports] format. | map(object({…}))
| | {}
|
-| [ingress_rules](variables.tf#L71) | List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'. | map(object({…}))
| | {}
|
-| [region](variables.tf#L125) | Policy region. Leave null for hierarchical policy, set to 'global' for a global network policy. | string
| | null
|
-| [rules_factory_config](variables.tf#L131) | Configuration for the optional rules factory. | object({…})
| | {}
|
+| [ingress_rules](variables.tf#L65) | List of ingress rule definitions, action can be 'allow', 'deny', 'goto_next'. | map(object({…}))
| | {}
|
+| [region](variables.tf#L112) | Policy region. Leave null for hierarchical policy, set to 'global' for a global network policy. | string
| | null
|
+| [rules_factory_config](variables.tf#L118) | Configuration for the optional rules factory. | object({…})
| | {}
|
## Outputs
diff --git a/modules/net-firewall-policy/variables.tf b/modules/net-firewall-policy/variables.tf
index b7d48d96..891c0af4 100644
--- a/modules/net-firewall-policy/variables.tf
+++ b/modules/net-firewall-policy/variables.tf
@@ -53,12 +53,6 @@ variable "egress_rules" {
}))
default = {}
nullable = false
- validation {
- condition = alltrue([
- for k, v in var.egress_rules : v.match.destination_ranges != null
- ])
- error_message = "Engress rules need destination ranges."
- }
validation {
condition = alltrue([
for k, v in var.egress_rules :
@@ -94,13 +88,6 @@ variable "ingress_rules" {
}))
default = {}
nullable = false
- validation {
- condition = alltrue([
- for k, v in var.ingress_rules :
- v.match.source_ranges != null || v.match.source_tags != null
- ])
- error_message = "Ingress rules need source ranges or tags."
- }
validation {
condition = alltrue([
for k, v in var.ingress_rules :