create_firewall_group
create_firewall_group
Section titled “create_firewall_group”Create a reusable firewall group of addresses, IPv6 addresses, or ports.
Side effects:
- Adds a new reusable object. It does nothing on its own until a
firewall rule or policy references it by
_id. - Mutates controller state. Use dry_run=True to preview the change without applying.
Example
Section titled “Example”create_firewall_group(name="IoT Subnets", group_type="address-group", members=["10.50.0.0/24", "10.60.0.0/24"])Parameters
Section titled “Parameters”| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | yes | — | Display name for the group (e.g. "IoT Subnets"). |
group_type | string | yes | — | One of "address-group" (IPv4 CIDRs/IPs), "ipv6-address-group" (IPv6 CIDRs/IPs), or "port-group" (TCP/UDP port numbers and ranges). |
members | array | yes | — | The group’s members as strings. For address groups: CIDRs or IPs ("10.50.0.0/24"). For IPv6 address groups: IPv6 CIDRs/IPs. For port groups: ports or ranges ("443", "8000-8100"). |
controller | string | no | ”default” | Name of the UniFi controller to target. Defaults to "default". |
dry_run | boolean | no | false | Preview the change without applying it. Returns the predicted change set. |