Cloudflare_ruleset via terraform module

What is the name of the domain?

all zones

What is the error message?

A similar configuration with rules already exists and overwriting will have │ unintended consequences. If you are migrating from the Dashboard, you will │ need to first import the existing rules using cf-terraforming. You can find │ details about how to do this at

What is the issue you’re encountering

I am trying to upgrade all the old firewall rules syntax to the new using cf_terrafroming to and apply some as a module as previously

What is the current SSL/TLS setting?

Off

There is an issue when applying a specific firewall rule to all zones via Terrafrom module. The old syntax, which is now commented out, used to work with the module, but the new syntax does not allow multiple Cloudflare_ruleset blocks—only an individual block with all the rules listed per that zone. Steps I took to debug:
If the old rule in Terraform is commented out and it’s ensured that it’s not in the UI, there should not be complaints about another rule.

resource “cloudflare_filter” “filter_block_bad_ips” {

count = var.enable_block_bad_ips ? 1 : 0

zone_id = var.zone_id

expression = “ip.src in {${local.formatted_bad_ips}}”

}

resource “cloudflare_firewall_rule” “firewall_rule_block_bad_ips” {

count = var.enable_block_bad_ips ? 1 : 0

zone_id = var.zone_id

description = “Block ips that are malicious”

filter_id = cloudflare_filter.filter_block_bad_ips[0].id

action = “block”

priority = 101000

}

resource “cloudflare_ruleset” “firewall_rule_block_bad_ips” {
count = var.enable_block_bad_ips ? 1 : 0
kind = “zone”
name = “Block Malicious IPs (SYS-1908)”
description = “Block Malicious IPs (SYS-1908)”
phase = “http_request_firewall_custom”
zone_id = var.zone_id
rules {
action = “block”
description = “Block Malicious IPs”
enabled = true
expression = “ip.src in {${local.formatted_bad_ips}}”
}
}

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.