diff --git a/docs/data-sources/firewall_filter.md b/docs/data-sources/firewall_filter.md
index 42bd83a..225d462 100644
--- a/docs/data-sources/firewall_filter.md
+++ b/docs/data-sources/firewall_filter.md
@@ -41,7 +41,7 @@ Read-Only:
- `invert` (Boolean) Use this option to invert the sense of the match.
- `net` (String) Specify the IP address, CIDR or alias for the destination of the packet for this mapping.
-- `port` (Number) Specify the port for the destination of the packet for this mapping.
+- `port` (String) Specify the port for the destination of the packet for this mapping.
@@ -51,5 +51,5 @@ Read-Only:
- `invert` (Boolean) Use this option to invert the sense of the match.
- `net` (String) Specify the IP address, CIDR or alias for the source of the packet for this mapping.
-- `port` (Number) Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `-1`).
+- `port` (String) Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `""`).
diff --git a/docs/data-sources/firewall_nat.md b/docs/data-sources/firewall_nat.md
index 57aa053..8cc566c 100644
--- a/docs/data-sources/firewall_nat.md
+++ b/docs/data-sources/firewall_nat.md
@@ -39,7 +39,7 @@ Read-Only:
- `invert` (Boolean) Use this option to invert the sense of the match.
- `net` (String) Specify the IP address, CIDR or alias for the destination of the packet for this mapping.
-- `port` (Number) Specify the port for the destination of the packet for this mapping.
+- `port` (String) Specify the port for the destination of the packet for this mapping.
@@ -49,7 +49,7 @@ Read-Only:
- `invert` (Boolean) Use this option to invert the sense of the match.
- `net` (String) Specify the IP address, CIDR or alias for the source of the packet for this mapping.
-- `port` (Number) Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `-1`).
+- `port` (String) Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `""`).
@@ -58,5 +58,5 @@ Read-Only:
Read-Only:
- `ip` (String) Specify the IP address or alias for the packets to be mapped to.
-- `port` (Number) Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash.
+- `port` (String) Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash.
diff --git a/docs/resources/firewall_filter.md b/docs/resources/firewall_filter.md
index 7180a68..59babaf 100644
--- a/docs/resources/firewall_filter.md
+++ b/docs/resources/firewall_filter.md
@@ -37,7 +37,7 @@ resource "opnsense_firewall_filter" "example_one" {
destination = {
net = "examplealias"
- port = 443
+ port = "https"
}
log = false
@@ -59,7 +59,7 @@ resource "opnsense_firewall_filter" "example_two" {
destination = {
net = "10.8.0.1"
- port = 443
+ port = "443"
}
description = "example rule"
@@ -80,7 +80,7 @@ resource "opnsense_firewall_filter" "example_three" {
destination = {
net = "wanip" # This is equiv. to WAN Address
- port = 443
+ port = "80-443"
}
description = "example rule"
@@ -121,7 +121,7 @@ Optional:
- `invert` (Boolean) Use this option to invert the sense of the match. Defaults to `false`.
- `net` (String) Specify the IP address, CIDR or alias for the destination of the packet for this mapping. For ` net`, enter `` (e.g. `lan`). For ` address`, enter `ip` (e.g. `lanip`). Defaults to `any`.
-- `port` (Number) Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `-1`.
+- `port` (String) Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `""`.
@@ -131,5 +131,5 @@ Optional:
- `invert` (Boolean) Use this option to invert the sense of the match. Defaults to `false`.
- `net` (String) Specify the IP address, CIDR or alias for the source of the packet for this mapping. For ` net`, enter `` (e.g. `lan`). For ` address`, enter `ip` (e.g. `lanip`). Defaults to `any`.
-- `port` (Number) Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `-1`). Defaults to `-1`.
+- `port` (String) Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `""`). Defaults to `""`.
diff --git a/docs/resources/firewall_nat.md b/docs/resources/firewall_nat.md
index d9ab664..500f1e1 100644
--- a/docs/resources/firewall_nat.md
+++ b/docs/resources/firewall_nat.md
@@ -40,12 +40,12 @@ resource "opnsense_firewall_nat" "example_two" {
destination = {
net = "10.8.0.1"
- port = 443
+ port = "443"
}
target = {
ip = "wanip"
- port = 80
+ port = "http"
}
log = true
@@ -63,12 +63,12 @@ resource "opnsense_firewall_nat" "example_three" {
destination = {
net = "examplealias"
- port = 443
+ port = "80-443"
}
target = {
ip = "wanip"
- port = 443
+ port = "443"
}
description = "Example"
@@ -108,7 +108,7 @@ Required:
Optional:
-- `port` (Number) Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `-1`.
+- `port` (String) Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `""`.
@@ -118,7 +118,7 @@ Optional:
- `invert` (Boolean) Use this option to invert the sense of the match. Defaults to `false`.
- `net` (String) Specify the IP address, CIDR or alias for the destination of the packet for this mapping. For ` net`, enter `` (e.g. `lan`). For ` address`, enter `ip` (e.g. `lanip`). Defaults to `any`.
-- `port` (Number) Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `-1`.
+- `port` (String) Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `""`.
@@ -128,5 +128,5 @@ Optional:
- `invert` (Boolean) Use this option to invert the sense of the match. Defaults to `false`.
- `net` (String) Specify the IP address, CIDR or alias for the source of the packet for this mapping. For ` net`, enter `` (e.g. `lan`). For ` address`, enter `ip` (e.g. `lanip`). Defaults to `any`.
-- `port` (Number) Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `-1`). Defaults to `-1`.
+- `port` (String) Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `""`). Defaults to `""`.
diff --git a/examples/resources/opnsense_firewall_filter/resource.tf b/examples/resources/opnsense_firewall_filter/resource.tf
index cfe1fde..e3eb5da 100644
--- a/examples/resources/opnsense_firewall_filter/resource.tf
+++ b/examples/resources/opnsense_firewall_filter/resource.tf
@@ -21,7 +21,7 @@ resource "opnsense_firewall_filter" "example_one" {
destination = {
net = "examplealias"
- port = 443
+ port = "https"
}
log = false
@@ -43,7 +43,7 @@ resource "opnsense_firewall_filter" "example_two" {
destination = {
net = "10.8.0.1"
- port = 443
+ port = "443"
}
description = "example rule"
@@ -64,7 +64,7 @@ resource "opnsense_firewall_filter" "example_three" {
destination = {
net = "wanip" # This is equiv. to WAN Address
- port = 443
+ port = "80-443"
}
description = "example rule"
diff --git a/examples/resources/opnsense_firewall_nat/resource.tf b/examples/resources/opnsense_firewall_nat/resource.tf
index 99e71d3..70eb352 100644
--- a/examples/resources/opnsense_firewall_nat/resource.tf
+++ b/examples/resources/opnsense_firewall_nat/resource.tf
@@ -24,12 +24,12 @@ resource "opnsense_firewall_nat" "example_two" {
destination = {
net = "10.8.0.1"
- port = 443
+ port = "443"
}
target = {
ip = "wanip"
- port = 80
+ port = "http"
}
log = true
@@ -47,12 +47,12 @@ resource "opnsense_firewall_nat" "example_three" {
destination = {
net = "examplealias"
- port = 443
+ port = "80-443"
}
target = {
ip = "wanip"
- port = 443
+ port = "443"
}
description = "Example"
diff --git a/internal/service/firewall_filter_schema.go b/internal/service/firewall_filter_schema.go
index 7a62714..4555917 100644
--- a/internal/service/firewall_filter_schema.go
+++ b/internal/service/firewall_filter_schema.go
@@ -24,7 +24,7 @@ import (
type firewallLocation struct {
Net types.String `tfsdk:"net"`
- Port types.Int64 `tfsdk:"port"`
+ Port types.String `tfsdk:"port"`
Invert types.Bool `tfsdk:"invert"`
}
@@ -117,12 +117,12 @@ func FirewallFilterResourceSchema() schema.Schema {
types.ObjectValueMust(
map[string]attr.Type{
"net": types.StringType,
- "port": types.Int64Type,
+ "port": types.StringType,
"invert": types.BoolType,
},
map[string]attr.Value{
"net": types.StringValue("any"),
- "port": types.Int64Value(-1),
+ "port": types.StringValue(""),
"invert": types.BoolValue(false),
},
),
@@ -134,11 +134,15 @@ func FirewallFilterResourceSchema() schema.Schema {
Computed: true,
Default: stringdefault.StaticString("any"),
},
- "port": schema.Int64Attribute{
- MarkdownDescription: "Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `-1`). Defaults to `-1`.",
+ "port": schema.StringAttribute{
+ MarkdownDescription: "Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `\"\"`). Defaults to `\"\"`.",
Optional: true,
Computed: true,
- Default: int64default.StaticInt64(-1),
+ Default: stringdefault.StaticString(""),
+ Validators: []validator.String{
+ stringvalidator.RegexMatches(regexp.MustCompile("^(\\d|-)+$|^([a-z])+$"),
+ "must be number (80), range (80-443) or well known name (http)"),
+ },
},
"invert": schema.BoolAttribute{
MarkdownDescription: "Use this option to invert the sense of the match. Defaults to `false`.",
@@ -155,12 +159,12 @@ func FirewallFilterResourceSchema() schema.Schema {
types.ObjectValueMust(
map[string]attr.Type{
"net": types.StringType,
- "port": types.Int64Type,
+ "port": types.StringType,
"invert": types.BoolType,
},
map[string]attr.Value{
"net": types.StringValue("any"),
- "port": types.Int64Value(-1),
+ "port": types.StringValue(""),
"invert": types.BoolValue(false),
},
),
@@ -172,11 +176,15 @@ func FirewallFilterResourceSchema() schema.Schema {
Computed: true,
Default: stringdefault.StaticString("any"),
},
- "port": schema.Int64Attribute{
- MarkdownDescription: "Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `-1`.",
+ "port": schema.StringAttribute{
+ MarkdownDescription: "Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `\"\"`.",
Optional: true,
Computed: true,
- Default: int64default.StaticInt64(-1),
+ Default: stringdefault.StaticString(""),
+ Validators: []validator.String{
+ stringvalidator.RegexMatches(regexp.MustCompile("^(\\d|-)+$|^([a-z])+$"),
+ "must be number (80), range (80-443) or well known name (http)"),
+ },
},
"invert": schema.BoolAttribute{
MarkdownDescription: "Use this option to invert the sense of the match. Defaults to `false`.",
@@ -262,8 +270,8 @@ func FirewallFilterDataSourceSchema() dschema.Schema {
MarkdownDescription: "Specify the IP address, CIDR or alias for the source of the packet for this mapping.",
Computed: true,
},
- "port": dschema.Int64Attribute{
- MarkdownDescription: "Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `-1`).",
+ "port": dschema.StringAttribute{
+ MarkdownDescription: "Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `\"\"`).",
Computed: true,
},
"invert": dschema.BoolAttribute{
@@ -279,7 +287,7 @@ func FirewallFilterDataSourceSchema() dschema.Schema {
MarkdownDescription: "Specify the IP address, CIDR or alias for the destination of the packet for this mapping.",
Computed: true,
},
- "port": dschema.Int64Attribute{
+ "port": dschema.StringAttribute{
MarkdownDescription: "Specify the port for the destination of the packet for this mapping.",
Computed: true,
},
@@ -327,10 +335,10 @@ func convertFirewallFilterSchemaToStruct(d *FirewallFilterResourceModel) (*firew
IPProtocol: api.SelectedMap(d.IPProtocol.ValueString()),
Protocol: api.SelectedMap(d.Protocol.ValueString()),
SourceNet: d.Source.Net.ValueString(),
- SourcePort: tools.Int64ToStringNegative(d.Source.Port.ValueInt64()),
+ SourcePort: d.Source.Port.ValueString(),
SourceInvert: tools.BoolToString(d.Source.Invert.ValueBool()),
DestinationNet: d.Destination.Net.ValueString(),
- DestinationPort: tools.Int64ToStringNegative(d.Destination.Port.ValueInt64()),
+ DestinationPort: d.Destination.Port.ValueString(),
DestinationInvert: tools.BoolToString(d.Destination.Invert.ValueBool()),
Gateway: api.SelectedMap(d.Gateway.ValueString()),
Log: tools.BoolToString(d.Log.ValueBool()),
@@ -350,12 +358,12 @@ func convertFirewallFilterStructToSchema(d *firewall.Filter) (*FirewallFilterRes
Protocol: types.StringValue(d.Protocol.String()),
Source: &firewallLocation{
Net: types.StringValue(d.SourceNet),
- Port: types.Int64Value(tools.StringToInt64(d.SourcePort)),
+ Port: types.StringValue(d.SourcePort),
Invert: types.BoolValue(tools.StringToBool(d.SourceInvert)),
},
Destination: &firewallLocation{
Net: types.StringValue(d.DestinationNet),
- Port: types.Int64Value(tools.StringToInt64(d.DestinationPort)),
+ Port: types.StringValue(d.DestinationPort),
Invert: types.BoolValue(tools.StringToBool(d.DestinationInvert)),
},
Gateway: types.StringValue(d.Gateway.String()),
diff --git a/internal/service/firewall_nat_schema.go b/internal/service/firewall_nat_schema.go
index 89b823f..2d62e3e 100644
--- a/internal/service/firewall_nat_schema.go
+++ b/internal/service/firewall_nat_schema.go
@@ -21,7 +21,7 @@ import (
type firewallTarget struct {
IP types.String `tfsdk:"ip"`
- Port types.Int64 `tfsdk:"port"`
+ Port types.String `tfsdk:"port"`
}
// FirewallNATResourceModel describes the resource data model.
@@ -92,12 +92,12 @@ func FirewallNATResourceSchema() schema.Schema {
types.ObjectValueMust(
map[string]attr.Type{
"net": types.StringType,
- "port": types.Int64Type,
+ "port": types.StringType,
"invert": types.BoolType,
},
map[string]attr.Value{
"net": types.StringValue("any"),
- "port": types.Int64Value(-1),
+ "port": types.StringValue(""),
"invert": types.BoolValue(false),
},
),
@@ -109,11 +109,15 @@ func FirewallNATResourceSchema() schema.Schema {
Computed: true,
Default: stringdefault.StaticString("any"),
},
- "port": schema.Int64Attribute{
- MarkdownDescription: "Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `-1`). Defaults to `-1`.",
+ "port": schema.StringAttribute{
+ MarkdownDescription: "Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `\"\"`). Defaults to `\"\"`.",
Optional: true,
Computed: true,
- Default: int64default.StaticInt64(-1),
+ Default: stringdefault.StaticString(""),
+ Validators: []validator.String{
+ stringvalidator.RegexMatches(regexp.MustCompile("^(\\d|-)+$|^([a-z])+$"),
+ "must be number (80), range (80-443) or well known name (http)"),
+ },
},
"invert": schema.BoolAttribute{
MarkdownDescription: "Use this option to invert the sense of the match. Defaults to `false`.",
@@ -130,12 +134,12 @@ func FirewallNATResourceSchema() schema.Schema {
types.ObjectValueMust(
map[string]attr.Type{
"net": types.StringType,
- "port": types.Int64Type,
+ "port": types.StringType,
"invert": types.BoolType,
},
map[string]attr.Value{
"net": types.StringValue("any"),
- "port": types.Int64Value(-1),
+ "port": types.StringValue(""),
"invert": types.BoolValue(false),
},
),
@@ -147,11 +151,15 @@ func FirewallNATResourceSchema() schema.Schema {
Computed: true,
Default: stringdefault.StaticString("any"),
},
- "port": schema.Int64Attribute{
- MarkdownDescription: "Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `-1`.",
+ "port": schema.StringAttribute{
+ MarkdownDescription: "Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `\"\"`.",
Optional: true,
Computed: true,
- Default: int64default.StaticInt64(-1),
+ Default: stringdefault.StaticString(""),
+ Validators: []validator.String{
+ stringvalidator.RegexMatches(regexp.MustCompile("^(\\d|-)+$|^([a-z])+$"),
+ "must be number (80), range (80-443) or well known name (http)"),
+ },
},
"invert": schema.BoolAttribute{
MarkdownDescription: "Use this option to invert the sense of the match. Defaults to `false`.",
@@ -168,11 +176,15 @@ func FirewallNATResourceSchema() schema.Schema {
MarkdownDescription: "Specify the IP address or alias for the packets to be mapped to. For ` address`, enter `ip` (e.g. `lanip`).",
Required: true,
},
- "port": schema.Int64Attribute{
- MarkdownDescription: "Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `-1`.",
+ "port": schema.StringAttribute{
+ MarkdownDescription: "Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash. Defaults to `\"\"`.",
Optional: true,
Computed: true,
- Default: int64default.StaticInt64(-1),
+ Default: stringdefault.StaticString(""),
+ Validators: []validator.String{
+ stringvalidator.RegexMatches(regexp.MustCompile("^(\\d|-)+$|^([a-z])+$"),
+ "must be number (80), range (80-443) or well known name (http)"),
+ },
},
},
},
@@ -244,8 +256,8 @@ func FirewallNATDataSourceSchema() dschema.Schema {
MarkdownDescription: "Specify the IP address, CIDR or alias for the source of the packet for this mapping.",
Computed: true,
},
- "port": dschema.Int64Attribute{
- MarkdownDescription: "Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `-1`).",
+ "port": dschema.StringAttribute{
+ MarkdownDescription: "Specify the source port for this rule. This is usually random and almost never equal to the destination port range (and should usually be `\"\"`).",
Computed: true,
},
"invert": dschema.BoolAttribute{
@@ -261,7 +273,7 @@ func FirewallNATDataSourceSchema() dschema.Schema {
MarkdownDescription: "Specify the IP address, CIDR or alias for the destination of the packet for this mapping.",
Computed: true,
},
- "port": dschema.Int64Attribute{
+ "port": dschema.StringAttribute{
MarkdownDescription: "Specify the port for the destination of the packet for this mapping.",
Computed: true,
},
@@ -278,7 +290,7 @@ func FirewallNATDataSourceSchema() dschema.Schema {
MarkdownDescription: "Specify the IP address or alias for the packets to be mapped to.",
Computed: true,
},
- "port": schema.Int64Attribute{
+ "port": schema.StringAttribute{
MarkdownDescription: "Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash.",
Computed: true,
},
@@ -305,13 +317,13 @@ func convertFirewallNATSchemaToStruct(d *FirewallNATResourceModel) (*firewall.NA
IPProtocol: api.SelectedMap(d.IPProtocol.ValueString()),
Protocol: api.SelectedMap(d.Protocol.ValueString()),
SourceNet: d.Source.Net.ValueString(),
- SourcePort: tools.Int64ToStringNegative(d.Source.Port.ValueInt64()),
+ SourcePort: d.Source.Port.ValueString(),
SourceInvert: tools.BoolToString(d.Source.Invert.ValueBool()),
DestinationNet: d.Destination.Net.ValueString(),
- DestinationPort: tools.Int64ToStringNegative(d.Destination.Port.ValueInt64()),
+ DestinationPort: d.Destination.Port.ValueString(),
DestinationInvert: tools.BoolToString(d.Destination.Invert.ValueBool()),
Target: d.Target.IP.ValueString(),
- TargetPort: tools.Int64ToStringNegative(d.Target.Port.ValueInt64()),
+ TargetPort: d.Target.Port.ValueString(),
Log: tools.BoolToString(d.Log.ValueBool()),
Description: d.Description.ValueString(),
}, nil
@@ -327,17 +339,17 @@ func convertFirewallNATStructToSchema(d *firewall.NAT) (*FirewallNATResourceMode
Protocol: types.StringValue(d.Protocol.String()),
Source: &firewallLocation{
Net: types.StringValue(d.SourceNet),
- Port: types.Int64Value(tools.StringToInt64(d.SourcePort)),
+ Port: types.StringValue(d.SourcePort),
Invert: types.BoolValue(tools.StringToBool(d.SourceInvert)),
},
Destination: &firewallLocation{
Net: types.StringValue(d.DestinationNet),
- Port: types.Int64Value(tools.StringToInt64(d.DestinationPort)),
+ Port: types.StringValue(d.DestinationPort),
Invert: types.BoolValue(tools.StringToBool(d.DestinationInvert)),
},
Target: &firewallTarget{
IP: types.StringValue(d.Target),
- Port: types.Int64Value(tools.StringToInt64(d.TargetPort)),
+ Port: types.StringValue(d.TargetPort),
},
Log: types.BoolValue(tools.StringToBool(d.Log)),
Description: tools.StringOrNull(d.Description),