Allow specifying private end port & public end port for port forward rules

vishesh92 · ianc769 · commit eaf7578f24f9 · 2025-09-03T10:27:54.000-04:00
diff --git a/cloudstack/resource_cloudstack_port_forward.go b/cloudstack/resource_cloudstack_port_forward.go
@@ -73,11 +73,23 @@ func resourceCloudStackPortForward() *schema.Resource {
 							Required: true,
 						},
 
+						"private_end_port": {
+							Type:     schema.TypeInt,
+							Optional: true,
+							Computed: true,
+						},
+
 						"public_port": {
 							Type:     schema.TypeInt,
 							Required: true,
 						},
 
+						"public_end_port": {
+							Type:     schema.TypeInt,
+							Optional: true,
+							Computed: true,
+						},
+
 						"virtual_machine_id": {
 							Type:     schema.TypeString,
 							Required: true,
@@ -175,6 +187,12 @@ func createPortForward(d *schema.ResourceData, meta interface{}, forward map[str
 	// Create a new parameter struct
 	p := cs.Firewall.NewCreatePortForwardingRuleParams(d.Id(), forward["private_port"].(int),
 		forward["protocol"].(string), forward["public_port"].(int), vm.Id)
+	if val, ok := forward["private_end_port"]; ok && val != nil && val.(int) != 0 {
+		p.SetPrivateendport(val.(int))
+	}
+	if val, ok := forward["public_end_port"]; ok && val != nil && val.(int) != 0 {
+		p.SetPublicendport(val.(int))
+	}
 
 	if vmGuestIP, ok := forward["vm_guest_ip"]; ok && vmGuestIP.(string) != "" {
 		p.SetVmguestip(vmGuestIP.(string))
@@ -288,6 +306,21 @@ func resourceCloudStackPortForwardRead(d *schema.ResourceData, meta interface{})
 			forward["protocol"] = f.Protocol
 			forward["private_port"] = privPort
 			forward["public_port"] = pubPort
+			// Only set end ports if they differ from start ports (indicating a range)
+			if f.Privateendport != "" && f.Privateendport != f.Privateport {
+				privEndPort, err := strconv.Atoi(f.Privateendport)
+				if err != nil {
+					return err
+				}
+				forward["private_end_port"] = privEndPort
+			}
+			if f.Publicendport != "" && f.Publicendport != f.Publicport {
+				pubEndPort, err := strconv.Atoi(f.Publicendport)
+				if err != nil {
+					return err
+				}
+				forward["public_end_port"] = pubEndPort
+			}
 			forward["virtual_machine_id"] = f.Virtualmachineid
 
 			// This one is a bit tricky. We only want to update this optional value
diff --git a/website/docs/r/port_forward.html.markdown b/website/docs/r/port_forward.html.markdown
@@ -47,9 +47,15 @@ The `forward` block supports:
 * `protocol` - (Required) The name of the protocol to allow. Valid options are:
     `tcp` and `udp`.
 
-* `private_port` - (Required) The private port to forward to.
+* `private_port` - (Required) The starting port of port forwarding rule's private port range.
 
-* `public_port` - (Required) The public port to forward from.
+* `private_end_port` - (Optional) The ending port of port forwarding rule's private port range.
+    If not specified, the private port will be used as the end port.
+
+* `public_port` - (Required) The starting port of port forwarding rule's public port range.
+
+* `public_end_port` - (Optional) The ending port of port forwarding rule's public port range.
+    If not specified, the public port will be used as the end port.
 
 * `virtual_machine_id` - (Required) The ID of the virtual machine to forward to.
 
