Skip to content
Snippets Groups Projects
Normal view Permalink
firewall.tf 2.05 KiB
Newer Older
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 
resource "openstack_networking_secgroup_v2" "ping" {
  name        = "ping"
  description = "ICMP for ping"
}

resource "openstack_networking_secgroup_v2" "ssh" {
  name        = "ssh"
  description = "ssh connection"
}

resource "openstack_networking_secgroup_v2" "http" {
  name        = "http"
  description = "http/https"
}
František Dvořák's avatar
Fancy firewall rules with description  
František Dvořák committed
16 17 18 
resource "openstack_networking_secgroup_rule_v2" "ping" {
  for_each          = var.security_public_cidr
  description       = each.value
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
19 
  direction         = "ingress"
František Dvořák's avatar
Fancy firewall rules with description  
František Dvořák committed
20 21 
  ethertype         = strcontains(each.key, ":") ? "IPv6" : "IPv4"
  port_range_min    = strcontains(each.key, ":") ? 128 : 8
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
22 23 
  port_range_max    = 0
  protocol          = "icmp"
František Dvořák's avatar
Make firewall in terraform configurable  
František Dvořák committed
24 
  remote_ip_prefix  = each.key
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
25 
  security_group_id = openstack_networking_secgroup_v2.ping.id
František Dvořák's avatar
Terraform linting  
František Dvořák committed
26 27 
  # for update:
  # protocol          = strcontains(each.key, ":") ? "ipv6-icmp" : "icmp"
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
28 29 
}
František Dvořák's avatar
Fancy firewall rules with description  
František Dvořák committed
30 31 32 
resource "openstack_networking_secgroup_rule_v2" "ssh" {
  for_each          = var.security_public_cidr
  description       = each.value
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
33 
  direction         = "ingress"
František Dvořák's avatar
Fancy firewall rules with description  
František Dvořák committed
34 
  ethertype         = strcontains(each.key, ":") ? "IPv6" : "IPv4"
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
35 36 37 
  port_range_min    = 22
  port_range_max    = 22
  protocol          = "tcp"
František Dvořák's avatar
Make firewall in terraform configurable  
František Dvořák committed
38 
  remote_ip_prefix  = each.key
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
39 40 41 
  security_group_id = openstack_networking_secgroup_v2.ssh.id
}
František Dvořák's avatar
Fancy firewall rules with description  
František Dvořák committed
42 43 44 
resource "openstack_networking_secgroup_rule_v2" "http" {
  for_each          = var.security_public_cidr
  description       = each.value
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
45 
  direction         = "ingress"
František Dvořák's avatar
Fancy firewall rules with description  
František Dvořák committed
46 
  ethertype         = strcontains(each.key, ":") ? "IPv6" : "IPv4"
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
47 48 49 
  port_range_min    = 80
  port_range_max    = 80
  protocol          = "tcp"
František Dvořák's avatar
Make firewall in terraform configurable  
František Dvořák committed
50 
  remote_ip_prefix  = each.key
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
51 52 53 
  security_group_id = openstack_networking_secgroup_v2.http.id
}
František Dvořák's avatar
Fancy firewall rules with description  
František Dvořák committed
54 55 56 
resource "openstack_networking_secgroup_rule_v2" "https" {
  for_each          = var.security_public_cidr
  description       = each.value
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
57 
  direction         = "ingress"
František Dvořák's avatar
Fancy firewall rules with description  
František Dvořák committed
58 
  ethertype         = strcontains(each.key, ":") ? "IPv6" : "IPv4"
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
59 60 61 
  port_range_min    = 443
  port_range_max    = 443
  protocol          = "tcp"
František Dvořák's avatar
Make firewall in terraform configurable  
František Dvořák committed
62 
  remote_ip_prefix  = each.key
František Dvořák's avatar
Terraform security groups in separate file and symlinks
František Dvořák committed
63 64 
  security_group_id = openstack_networking_secgroup_v2.http.id
}