Skip to content
Snippets Groups Projects
firewall.tf 2.05 KiB
Newer Older
resource "openstack_networking_secgroup_v2" "ping" {
  name        = "ping"
  description = "ICMP for ping"
}

resource "openstack_networking_secgroup_v2" "ssh" {
  name        = "ssh"
  description = "ssh connection"
}

resource "openstack_networking_secgroup_v2" "http" {
  name        = "http"
  description = "http/https"
}

resource "openstack_networking_secgroup_rule_v2" "ping" {
  for_each          = var.security_public_cidr
  description       = each.value
  ethertype         = strcontains(each.key, ":") ? "IPv6" : "IPv4"
  port_range_min    = strcontains(each.key, ":") ? 128 : 8
  port_range_max    = 0
  protocol          = "icmp"
  remote_ip_prefix  = each.key
  security_group_id = openstack_networking_secgroup_v2.ping.id
František Dvořák's avatar
František Dvořák committed
  # for update:
  # protocol          = strcontains(each.key, ":") ? "ipv6-icmp" : "icmp"
resource "openstack_networking_secgroup_rule_v2" "ssh" {
  for_each          = var.security_public_cidr
  description       = each.value
  ethertype         = strcontains(each.key, ":") ? "IPv6" : "IPv4"
  port_range_min    = 22
  port_range_max    = 22
  protocol          = "tcp"
  remote_ip_prefix  = each.key
  security_group_id = openstack_networking_secgroup_v2.ssh.id
}

resource "openstack_networking_secgroup_rule_v2" "http" {
  for_each          = var.security_public_cidr
  description       = each.value
  ethertype         = strcontains(each.key, ":") ? "IPv6" : "IPv4"
  port_range_min    = 80
  port_range_max    = 80
  protocol          = "tcp"
  remote_ip_prefix  = each.key
  security_group_id = openstack_networking_secgroup_v2.http.id
}

resource "openstack_networking_secgroup_rule_v2" "https" {
  for_each          = var.security_public_cidr
  description       = each.value
  ethertype         = strcontains(each.key, ":") ? "IPv6" : "IPv4"
  port_range_min    = 443
  port_range_max    = 443
  protocol          = "tcp"
  remote_ip_prefix  = each.key
  security_group_id = openstack_networking_secgroup_v2.http.id
}