-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloudfw.tf
52 lines (44 loc) · 1.47 KB
/
cloudfw.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
resource "google_compute_firewall" "allow_mgmt" {
name = "${local.prefix}fw-mgmt-allow-admin"
network = data.google_compute_subnetwork.connected[local.mgmt_port].network
source_ranges = var.admin_acl
target_tags = var.fgt_tags
allow {
protocol = "TCP"
ports = ["22", "80", "443"]
}
}
resource "google_compute_firewall" "allow_fgsp" {
name = "${local.prefix}fw-allow-fgsp"
network = data.google_compute_subnetwork.connected[local.fgsp_port].network
source_tags = var.fgt_tags
target_tags = var.fgt_tags
allow {
protocol = "UDP"
ports = ["708"]
}
allow {
protocol = "TCP"
ports = ["703", "23"]
}
}
resource "google_compute_firewall" "allow_health_check" {
for_each = { for indx,net in data.google_compute_subnetwork.connected : indx=>net if indx != local.mgmt_port }
name = "${local.prefix}fw-${trimprefix(each.value.name, local.prefix)}-allow-healthcheck"
network = each.value.network
source_ranges = each.key == "port1" ? local.hc_ranges_elb : local.hc_ranges_ilb
target_tags = var.fgt_tags
allow {
protocol = "TCP"
ports = [ var.healthcheck_port ]
}
}
resource "google_compute_firewall" "allowall_port1" {
name = "${local.prefix}fw-${trimprefix(var.subnets[0], local.prefix)}-allowall"
network = data.google_compute_subnetwork.connected["port1"].network
source_ranges = ["0.0.0.0/0"]
target_tags = var.fgt_tags
allow {
protocol = "all"
}
}