Firewall changes rules order after apply about terraform-provider-digitalocean HOT 5 CLOSED

This fixes it indeed. Once I updated the ICMP rules with 1-65535 plan and apply did some changes, but any invocation of plan after that suggests there's nothing to do.

I still find it very strange that I have to specify the port range on the digitalocean_firewall resources in the case of protocol being ICMP though.

from terraform-provider-digitalocean.

This seems to affect ability to update a firewall since order changes,
rendering it impossible to update, so taint is required to make changes to firewall.

Only seems to happen when port_range = "all" is used.

from terraform-provider-digitalocean.

I have this same issue, it's caused by the icmp rule. Even though port_range is optional, and doesn't make any sense in the ICMP context, it has to be set for things to not continuously reorder/reapply. It seems to work reliably once you set port_range = "0" for the icmp rules.

However, if you set port_range = "0" on an ICMP rule before it has been created it'll fail, since port_range is supposed to be between 1-65565. So it's all rather inconsistent. If you then add a rule and want the firewall to apply you'll need to temporarily uncomment a port_range = "0" too.

from terraform-provider-digitalocean.

I believe this issue is fixed with changes in docs cd07772
and can be closed.

from terraform-provider-digitalocean.

As the original report consider this issue to be fixed by the doc changes in hashicorp@cd07772, I'm going to go ahead and close this issue. There is more discussion of the ICMP situation in https://github.com/terraform-providers/terraform-provider-digitalocean/issues/30, so we can continue it there.

from terraform-provider-digitalocean.