# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. values: module.firewall-policy.google_compute_network_firewall_policy.net-global[0]: name: test-1 project: my-project module.firewall-policy.google_compute_network_firewall_policy_association.net-global["my-vpc"]: firewall_policy: test-1 name: test-1-my-vpc project: my-project module.firewall-policy.google_compute_network_firewall_policy_rule.net-global["egress/smtp"]: action: deny direction: EGRESS disabled: false enable_logging: null firewall_policy: test-1 match: - dest_address_groups: null dest_fqdns: null dest_ip_ranges: - 0.0.0.0/0 dest_region_codes: null dest_threat_intelligences: null layer4_configs: - ip_protocol: tcp ports: - '25' src_address_groups: null src_fqdns: null src_ip_ranges: null src_region_codes: null src_secure_tags: [] src_threat_intelligences: null priority: 900 project: my-project rule_name: smtp target_secure_tags: [] target_service_accounts: null module.firewall-policy.google_compute_network_firewall_policy_rule.net-global["ingress/icmp"]: action: allow direction: INGRESS disabled: false enable_logging: null firewall_policy: test-1 match: - dest_address_groups: null dest_fqdns: null dest_ip_ranges: null dest_region_codes: null dest_threat_intelligences: null layer4_configs: - ip_protocol: icmp ports: null src_address_groups: null src_fqdns: null src_ip_ranges: - 0.0.0.0/0 src_region_codes: null src_secure_tags: [] src_threat_intelligences: null priority: 1000 project: my-project rule_name: icmp target_secure_tags: [] target_service_accounts: null module.firewall-policy.google_compute_network_firewall_policy_rule.net-global["ingress/mgmt"]: action: allow direction: INGRESS disabled: false enable_logging: null firewall_policy: test-1 match: - dest_address_groups: null dest_fqdns: null dest_ip_ranges: null dest_region_codes: null dest_threat_intelligences: null layer4_configs: - ip_protocol: all ports: null src_address_groups: null src_fqdns: null src_ip_ranges: - 10.1.1.0/24 src_region_codes: null src_secure_tags: [] src_threat_intelligences: null priority: 1001 project: my-project rule_name: mgmt target_secure_tags: [] target_service_accounts: null module.firewall-policy.google_compute_network_firewall_policy_rule.net-global["ingress/ssh"]: action: allow direction: INGRESS disabled: false enable_logging: null firewall_policy: test-1 match: - dest_address_groups: null dest_fqdns: null dest_ip_ranges: null dest_region_codes: null dest_threat_intelligences: null layer4_configs: - ip_protocol: tcp ports: - '22' src_address_groups: null src_fqdns: null src_ip_ranges: - 10.0.0.0/8 src_region_codes: null src_secure_tags: [] src_threat_intelligences: null priority: 1002 project: my-project rule_name: ssh target_secure_tags: [] target_service_accounts: null counts: google_compute_network_firewall_policy: 1 google_compute_network_firewall_policy_association: 1 google_compute_network_firewall_policy_rule: 4