← Back to index

opnsense_firewall_alias (Resource)

Aliases are named lists of networks, hosts or ports that can be used as one entity by selecting the alias name in the various supported sections of the firewall. These aliases are particularly useful to condense firewall rules and minimize changes.

Example Usage

// Network example
resource "opnsense_firewall_alias" "example_one" {
  name = "example_one"

  type = "network"
  content = [
    "10.8.0.1/24",
    "10.8.0.2/24"
  ]

  stats       = true
  description = "Example"
}

// With category
resource "opnsense_firewall_category" "example_one" {
  name  = "example"
  color = "ffaa00"
}

resource "opnsense_firewall_alias" "example_two" {
  name = "example_two"

  type = "geoip"
  content = [
    "FR",
    "CA",
  ]

  categories = [
    opnsense_firewall_category.example_one.id
  ]

  description = "Example two"
}

Schema

Required

  • name (String) The name must start with a letter or single underscore, be less than 32 characters and only consist of alphanumeric characters or underscores. Aliases can be nested using this name.
  • type (String) The type of alias.

Optional

  • categories (Set of String) Set of category IDs to apply. Defaults to [].
  • content (Set of String) The content of the alias. Enter ISO 3166-1 country codes when type = "geoip" (e.g. ["CA", "FR"]). Enter __<int>_network, or alias when type = "networkgroup" (e.g. ["__wan_network", "otheralias"]). Enter OpenVPN group when type = "authgroup" (e.g. ["admins"]). Set to [] when type = "external". Defaults to [].
  • description (String) Optional description here for your reference (not parsed).
  • enabled (Boolean) Enable this firewall alias. Defaults to true.
  • interface (String) Choose on which interface this alias applies. Only applies (and must be set) when type = "dynipv6host". Defaults to "".
  • ip_protocol (Set of String) Select the Internet Protocol version this alias applies to. Available values: IPv4, IPv6. Only applies when type = "asn", type = "geoip", or type = "external". Defaults to ["IPv4"].
  • stats (Boolean) Whether to maintain a set of counters for each table entry.
  • update_freq (Number) The frequency that the list will be refreshed, in days (e.g. for 30 hours, enter 1.25). Only applies (and must be set) when type = "urltable". Defaults to -1.

Read-Only

  • id (String) UUID of the resource.

Import

In Terraform v1.5.0 and later, use an import block to import opnsense_firewall_alias using the id. For example:

import {
  to = opnsense_firewall_alias.example
  id = "<opnsense-resource-id>"
}

Using terraform import, import opnsense_firewall_alias using the id. For example:

% terraform import opnsense_firewall_alias.example <opnsense-resource-id>