你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Microsoft.Network firewallPolicies/ruleGroups 2019-09-01
Bicep resource definition
The firewallPolicies/ruleGroups resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/firewallPolicies/ruleGroups resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/firewallPolicies/ruleGroups@2019-09-01' = {
parent: resourceSymbolicName
name: 'string'
properties: {
priority: int
rules: [
{
name: 'string'
priority: int
ruleType: 'string'
// For remaining properties, see FirewallPolicyRule objects
}
]
}
}
FirewallPolicyRuleCondition objects
Set the ruleConditionType property to specify the type of object.
For ApplicationRuleCondition, use:
{
destinationAddresses: [
'string'
]
fqdnTags: [
'string'
]
protocols: [
{
port: int
protocolType: 'string'
}
]
ruleConditionType: 'ApplicationRuleCondition'
sourceAddresses: [
'string'
]
targetFqdns: [
'string'
]
}
For NetworkRuleCondition, use:
{
destinationAddresses: [
'string'
]
destinationPorts: [
'string'
]
ipProtocols: [
'string'
]
ruleConditionType: 'NetworkRuleCondition'
sourceAddresses: [
'string'
]
}
FirewallPolicyRule objects
Set the ruleType property to specify the type of object.
For FirewallPolicyFilterRule, use:
{
action: {
type: 'string'
}
ruleConditions: [
{
description: 'string'
name: 'string'
ruleConditionType: 'string'
// For remaining properties, see FirewallPolicyRuleCondition objects
}
]
ruleType: 'FirewallPolicyFilterRule'
}
For FirewallPolicyNatRule, use:
{
action: {
type: 'string'
}
ruleCondition: {
description: 'string'
name: 'string'
ruleConditionType: 'string'
// For remaining properties, see FirewallPolicyRuleCondition objects
}
ruleType: 'FirewallPolicyNatRule'
translatedAddress: 'string'
translatedPort: 'string'
}
Property values
ApplicationRuleCondition
| Name | Description | Value |
|---|---|---|
| destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
| fqdnTags | List of FQDN Tags for this rule condition. | string[] |
| protocols | Array of Application Protocols. | FirewallPolicyRuleConditionApplicationProtocol[] |
| ruleConditionType | Rule Condition Type. | 'ApplicationRuleCondition' (required) |
| sourceAddresses | List of source IP addresses for this rule. | string[] |
| targetFqdns | List of FQDNs for this rule condition. | string[] |
FirewallPolicyFilterRule
| Name | Description | Value |
|---|---|---|
| action | The action type of a Filter rule. | FirewallPolicyFilterRuleAction |
| ruleConditions | Collection of rule conditions used by a rule. | FirewallPolicyRuleCondition[] |
| ruleType | The type of the rule. | 'FirewallPolicyFilterRule' (required) |
FirewallPolicyFilterRuleAction
| Name | Description | Value |
|---|---|---|
| type | The type of action. | 'Allow' 'Deny' |
FirewallPolicyNatRule
| Name | Description | Value |
|---|---|---|
| action | The action type of a Nat rule. | FirewallPolicyNatRuleAction |
| ruleCondition | The match conditions for incoming traffic. | FirewallPolicyRuleCondition |
| ruleType | The type of the rule. | 'FirewallPolicyNatRule' (required) |
| translatedAddress | The translated address for this NAT rule. | string |
| translatedPort | The translated port for this NAT rule. | string |
FirewallPolicyNatRuleAction
| Name | Description | Value |
|---|---|---|
| type | The type of action. | 'DNAT' |
FirewallPolicyRule
| Name | Description | Value |
|---|---|---|
| name | The name of the rule. | string |
| priority | Priority of the Firewall Policy Rule resource. | int Constraints: Min value = 100 Max value = 65000 |
| ruleType | Set to 'FirewallPolicyFilterRule' for type FirewallPolicyFilterRule. Set to 'FirewallPolicyNatRule' for type FirewallPolicyNatRule. | 'FirewallPolicyFilterRule' 'FirewallPolicyNatRule' (required) |
FirewallPolicyRuleCondition
| Name | Description | Value |
|---|---|---|
| description | Description of the rule condition. | string |
| name | Name of the rule condition. | string |
| ruleConditionType | Set to 'ApplicationRuleCondition' for type ApplicationRuleCondition. Set to 'NetworkRuleCondition' for type NetworkRuleCondition. | 'ApplicationRuleCondition' 'NetworkRuleCondition' (required) |
FirewallPolicyRuleConditionApplicationProtocol
| Name | Description | Value |
|---|---|---|
| port | Port number for the protocol, cannot be greater than 64000. | int Constraints: Min value = 0 Max value = 64000 |
| protocolType | Protocol type. | 'Http' 'Https' |
FirewallPolicyRuleGroupProperties
| Name | Description | Value |
|---|---|---|
| priority | Priority of the Firewall Policy Rule Group resource. | int Constraints: Min value = 100 Max value = 65000 |
| rules | Group of Firewall Policy rules. | FirewallPolicyRule[] |
Microsoft.Network/firewallPolicies/ruleGroups
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: firewallPolicies |
| properties | The properties of the firewall policy rule group. | FirewallPolicyRuleGroupProperties |
NetworkRuleCondition
| Name | Description | Value |
|---|---|---|
| destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
| destinationPorts | List of destination ports. | string[] |
| ipProtocols | Array of FirewallPolicyRuleConditionNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
| ruleConditionType | Rule Condition Type. | 'NetworkRuleCondition' (required) |
| sourceAddresses | List of source IP addresses for this rule. | string[] |
ARM template resource definition
The firewallPolicies/ruleGroups resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/firewallPolicies/ruleGroups resource, add the following JSON to your template.
{
"type": "Microsoft.Network/firewallPolicies/ruleGroups",
"apiVersion": "2019-09-01",
"name": "string",
"properties": {
"priority": "int",
"rules": [ {
"name": "string",
"priority": "int",
"ruleType": "string"
// For remaining properties, see FirewallPolicyRule objects
} ]
}
}
FirewallPolicyRuleCondition objects
Set the ruleConditionType property to specify the type of object.
For ApplicationRuleCondition, use:
{
"destinationAddresses": [ "string" ],
"fqdnTags": [ "string" ],
"protocols": [
{
"port": "int",
"protocolType": "string"
}
],
"ruleConditionType": "ApplicationRuleCondition",
"sourceAddresses": [ "string" ],
"targetFqdns": [ "string" ]
}
For NetworkRuleCondition, use:
{
"destinationAddresses": [ "string" ],
"destinationPorts": [ "string" ],
"ipProtocols": [ "string" ],
"ruleConditionType": "NetworkRuleCondition",
"sourceAddresses": [ "string" ]
}
FirewallPolicyRule objects
Set the ruleType property to specify the type of object.
For FirewallPolicyFilterRule, use:
{
"action": {
"type": "string"
},
"ruleConditions": [ {
"description": "string",
"name": "string",
"ruleConditionType": "string"
// For remaining properties, see FirewallPolicyRuleCondition objects
} ],
"ruleType": "FirewallPolicyFilterRule"
}
For FirewallPolicyNatRule, use:
{
"action": {
"type": "string"
},
"ruleCondition": {
"description": "string",
"name": "string",
"ruleConditionType": "string"
// For remaining properties, see FirewallPolicyRuleCondition objects
},
"ruleType": "FirewallPolicyNatRule",
"translatedAddress": "string",
"translatedPort": "string"
}
Property values
ApplicationRuleCondition
| Name | Description | Value |
|---|---|---|
| destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
| fqdnTags | List of FQDN Tags for this rule condition. | string[] |
| protocols | Array of Application Protocols. | FirewallPolicyRuleConditionApplicationProtocol[] |
| ruleConditionType | Rule Condition Type. | 'ApplicationRuleCondition' (required) |
| sourceAddresses | List of source IP addresses for this rule. | string[] |
| targetFqdns | List of FQDNs for this rule condition. | string[] |
FirewallPolicyFilterRule
| Name | Description | Value |
|---|---|---|
| action | The action type of a Filter rule. | FirewallPolicyFilterRuleAction |
| ruleConditions | Collection of rule conditions used by a rule. | FirewallPolicyRuleCondition[] |
| ruleType | The type of the rule. | 'FirewallPolicyFilterRule' (required) |
FirewallPolicyFilterRuleAction
| Name | Description | Value |
|---|---|---|
| type | The type of action. | 'Allow' 'Deny' |
FirewallPolicyNatRule
| Name | Description | Value |
|---|---|---|
| action | The action type of a Nat rule. | FirewallPolicyNatRuleAction |
| ruleCondition | The match conditions for incoming traffic. | FirewallPolicyRuleCondition |
| ruleType | The type of the rule. | 'FirewallPolicyNatRule' (required) |
| translatedAddress | The translated address for this NAT rule. | string |
| translatedPort | The translated port for this NAT rule. | string |
FirewallPolicyNatRuleAction
| Name | Description | Value |
|---|---|---|
| type | The type of action. | 'DNAT' |
FirewallPolicyRule
| Name | Description | Value |
|---|---|---|
| name | The name of the rule. | string |
| priority | Priority of the Firewall Policy Rule resource. | int Constraints: Min value = 100 Max value = 65000 |
| ruleType | Set to 'FirewallPolicyFilterRule' for type FirewallPolicyFilterRule. Set to 'FirewallPolicyNatRule' for type FirewallPolicyNatRule. | 'FirewallPolicyFilterRule' 'FirewallPolicyNatRule' (required) |
FirewallPolicyRuleCondition
| Name | Description | Value |
|---|---|---|
| description | Description of the rule condition. | string |
| name | Name of the rule condition. | string |
| ruleConditionType | Set to 'ApplicationRuleCondition' for type ApplicationRuleCondition. Set to 'NetworkRuleCondition' for type NetworkRuleCondition. | 'ApplicationRuleCondition' 'NetworkRuleCondition' (required) |
FirewallPolicyRuleConditionApplicationProtocol
| Name | Description | Value |
|---|---|---|
| port | Port number for the protocol, cannot be greater than 64000. | int Constraints: Min value = 0 Max value = 64000 |
| protocolType | Protocol type. | 'Http' 'Https' |
FirewallPolicyRuleGroupProperties
| Name | Description | Value |
|---|---|---|
| priority | Priority of the Firewall Policy Rule Group resource. | int Constraints: Min value = 100 Max value = 65000 |
| rules | Group of Firewall Policy rules. | FirewallPolicyRule[] |
Microsoft.Network/firewallPolicies/ruleGroups
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2019-09-01' |
| name | The resource name | string (required) |
| properties | The properties of the firewall policy rule group. | FirewallPolicyRuleGroupProperties |
| type | The resource type | 'Microsoft.Network/firewallPolicies/ruleGroups' |
NetworkRuleCondition
| Name | Description | Value |
|---|---|---|
| destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
| destinationPorts | List of destination ports. | string[] |
| ipProtocols | Array of FirewallPolicyRuleConditionNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
| ruleConditionType | Rule Condition Type. | 'NetworkRuleCondition' (required) |
| sourceAddresses | List of source IP addresses for this rule. | string[] |
Terraform (AzAPI provider) resource definition
The firewallPolicies/ruleGroups resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/firewallPolicies/ruleGroups resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/firewallPolicies/ruleGroups@2019-09-01"
name = "string"
body = jsonencode({
properties = {
priority = int
rules = [
{
name = "string"
priority = int
ruleType = "string"
// For remaining properties, see FirewallPolicyRule objects
}
]
}
})
}
FirewallPolicyRuleCondition objects
Set the ruleConditionType property to specify the type of object.
For ApplicationRuleCondition, use:
{
destinationAddresses = [
"string"
]
fqdnTags = [
"string"
]
protocols = [
{
port = int
protocolType = "string"
}
]
ruleConditionType = "ApplicationRuleCondition"
sourceAddresses = [
"string"
]
targetFqdns = [
"string"
]
}
For NetworkRuleCondition, use:
{
destinationAddresses = [
"string"
]
destinationPorts = [
"string"
]
ipProtocols = [
"string"
]
ruleConditionType = "NetworkRuleCondition"
sourceAddresses = [
"string"
]
}
FirewallPolicyRule objects
Set the ruleType property to specify the type of object.
For FirewallPolicyFilterRule, use:
{
action = {
type = "string"
}
ruleConditions = [
{
description = "string"
name = "string"
ruleConditionType = "string"
// For remaining properties, see FirewallPolicyRuleCondition objects
}
]
ruleType = "FirewallPolicyFilterRule"
}
For FirewallPolicyNatRule, use:
{
action = {
type = "string"
}
ruleCondition = {
description = "string"
name = "string"
ruleConditionType = "string"
// For remaining properties, see FirewallPolicyRuleCondition objects
}
ruleType = "FirewallPolicyNatRule"
translatedAddress = "string"
translatedPort = "string"
}
Property values
ApplicationRuleCondition
| Name | Description | Value |
|---|---|---|
| destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
| fqdnTags | List of FQDN Tags for this rule condition. | string[] |
| protocols | Array of Application Protocols. | FirewallPolicyRuleConditionApplicationProtocol[] |
| ruleConditionType | Rule Condition Type. | 'ApplicationRuleCondition' (required) |
| sourceAddresses | List of source IP addresses for this rule. | string[] |
| targetFqdns | List of FQDNs for this rule condition. | string[] |
FirewallPolicyFilterRule
| Name | Description | Value |
|---|---|---|
| action | The action type of a Filter rule. | FirewallPolicyFilterRuleAction |
| ruleConditions | Collection of rule conditions used by a rule. | FirewallPolicyRuleCondition[] |
| ruleType | The type of the rule. | 'FirewallPolicyFilterRule' (required) |
FirewallPolicyFilterRuleAction
| Name | Description | Value |
|---|---|---|
| type | The type of action. | 'Allow' 'Deny' |
FirewallPolicyNatRule
| Name | Description | Value |
|---|---|---|
| action | The action type of a Nat rule. | FirewallPolicyNatRuleAction |
| ruleCondition | The match conditions for incoming traffic. | FirewallPolicyRuleCondition |
| ruleType | The type of the rule. | 'FirewallPolicyNatRule' (required) |
| translatedAddress | The translated address for this NAT rule. | string |
| translatedPort | The translated port for this NAT rule. | string |
FirewallPolicyNatRuleAction
| Name | Description | Value |
|---|---|---|
| type | The type of action. | 'DNAT' |
FirewallPolicyRule
| Name | Description | Value |
|---|---|---|
| name | The name of the rule. | string |
| priority | Priority of the Firewall Policy Rule resource. | int Constraints: Min value = 100 Max value = 65000 |
| ruleType | Set to 'FirewallPolicyFilterRule' for type FirewallPolicyFilterRule. Set to 'FirewallPolicyNatRule' for type FirewallPolicyNatRule. | 'FirewallPolicyFilterRule' 'FirewallPolicyNatRule' (required) |
FirewallPolicyRuleCondition
| Name | Description | Value |
|---|---|---|
| description | Description of the rule condition. | string |
| name | Name of the rule condition. | string |
| ruleConditionType | Set to 'ApplicationRuleCondition' for type ApplicationRuleCondition. Set to 'NetworkRuleCondition' for type NetworkRuleCondition. | 'ApplicationRuleCondition' 'NetworkRuleCondition' (required) |
FirewallPolicyRuleConditionApplicationProtocol
| Name | Description | Value |
|---|---|---|
| port | Port number for the protocol, cannot be greater than 64000. | int Constraints: Min value = 0 Max value = 64000 |
| protocolType | Protocol type. | 'Http' 'Https' |
FirewallPolicyRuleGroupProperties
| Name | Description | Value |
|---|---|---|
| priority | Priority of the Firewall Policy Rule Group resource. | int Constraints: Min value = 100 Max value = 65000 |
| rules | Group of Firewall Policy rules. | FirewallPolicyRule[] |
Microsoft.Network/firewallPolicies/ruleGroups
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: firewallPolicies |
| properties | The properties of the firewall policy rule group. | FirewallPolicyRuleGroupProperties |
| type | The resource type | "Microsoft.Network/firewallPolicies/ruleGroups@2019-09-01" |
NetworkRuleCondition
| Name | Description | Value |
|---|---|---|
| destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
| destinationPorts | List of destination ports. | string[] |
| ipProtocols | Array of FirewallPolicyRuleConditionNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
| ruleConditionType | Rule Condition Type. | 'NetworkRuleCondition' (required) |
| sourceAddresses | List of source IP addresses for this rule. | string[] |