create_dfw_rule
Create distributed firewall rules in VMware NSX to control network traffic between sources, destinations, and services with configurable actions and logging.
Instructions
Create a DFW rule under the specified policy.
Args: policy_id: Parent policy identifier. rule_id: Unique rule identifier within the policy. display_name: Human-readable rule name. action: Firewall action — ALLOW, DROP, REJECT, or JUMP_TO_APPLICATION (default: ALLOW). sources: List of source group paths. Use ['ANY'] for any source (default: ANY). destinations: List of destination group paths. Use ['ANY'] for any destination (default: ANY). services: List of service paths. Use ['ANY'] for all services (default: ANY). scope: List of scope paths (groups/segments) limiting where the rule is applied. direction: Traffic direction — IN, OUT, or IN_OUT (default: IN_OUT). ip_protocol: IP version — IPV4, IPV6, or IPV4_IPV6 (default: IPV4_IPV6). logged: Log matched traffic (default: False). disabled: Create the rule in disabled state (default: False). sequence_number: Rule priority within the policy (default: 10). description: Optional description. target: Optional NSX Manager target name from config.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| policy_id | Yes | ||
| rule_id | Yes | ||
| display_name | Yes | ||
| action | No | ALLOW | |
| sources | No | ||
| destinations | No | ||
| services | No | ||
| scope | No | ||
| direction | No | IN_OUT | |
| ip_protocol | No | IPV4_IPV6 | |
| logged | No | ||
| disabled | No | ||
| sequence_number | No | ||
| description | No | ||
| target | No |