Skip to main content
Explore
Sign in
Explore
Snippets Groups Projects
Select Git revision
  • a180810f4ea43b771530537f5c2b48431aad0204
  • master default protected
  • ci-bullseye
  • wip/bigtop-3.0.0
  • bio3
  • feature/certificates2
6 results

firewall.tf

Blame
    • firewall.tf 1.51 KiB 
    resource "openstack_networking_secgroup_v2" "secgroup" {
	name = var.domain
	description = "${title(var.domain)} security group"
}

resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_self4" {
	direction = "ingress"
	ethertype = "IPv4"
	remote_group_id = openstack_networking_secgroup_v2.secgroup.id
	security_group_id = openstack_networking_secgroup_v2.secgroup.id
}

resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_self6" {
	direction = "ingress"
	ethertype = "IPv6"
	remote_group_id = openstack_networking_secgroup_v2.secgroup.id
	security_group_id = openstack_networking_secgroup_v2.secgroup.id
}

resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp4" {
	direction = "ingress"
	ethertype = "IPv4"
	protocol = "icmp"
	security_group_id = openstack_networking_secgroup_v2.secgroup.id
}

resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_icmp6" {
	direction = "ingress"
	ethertype = "IPv6"
	protocol = "ipv6-icmp"
	security_group_id = openstack_networking_secgroup_v2.secgroup.id
}

resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_other4" {
	for_each = var.security_trusted_cidr4
	direction = "ingress"
	ethertype = "IPv4"
	remote_ip_prefix = each.key
	security_group_id = openstack_networking_secgroup_v2.secgroup.id
}

resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_other6" {
	for_each = var.security_trusted_cidr6
	direction = "ingress"
	ethertype = "IPv6"
	remote_ip_prefix = each.key
	security_group_id = openstack_networking_secgroup_v2.secgroup.id
}