-
Notifications
You must be signed in to change notification settings - Fork 0
/
packet_filter.tf
110 lines (106 loc) · 2.19 KB
/
packet_filter.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
variable "ssh_source_network" {
default = null
}
variable "ntp_source_network" {
default = null
}
resource "sakuracloud_packet_filter" "default" {
name = "default"
expressions {
description = "HTTP"
protocol = "tcp"
dest_port = "80"
allow = true
}
expressions {
description = "HTTPS"
protocol = "tcp"
dest_port = "443"
allow = true
}
# expressions {
# description = "SMTP"
# protocol = "tcp"
# source_port = "25"
# dest_port = "25"
# allow = true
# }
# expressions {
# description = "SMTP Submission"
# protocol = "tcp"
# source_port = "587"
# dest_port = "587"
# allow = true
# }
# expressions {
# description = "SMTPS"
# protocol = "tcp"
# source_port = "465"
# dest_port = "465"
# allow = true
# }
# expressions {
# description = "POP3"
# protocol = "tcp"
# source_port = "110"
# dest_port = "110"
# allow = true
# }
# expressions {
# description = "POP3S"
# protocol = "tcp"
# source_port = "995"
# dest_port = "995"
# allow = true
# }
# expressions {
# description = "IMAP"
# protocol = "tcp"
# source_port = "143"
# dest_port = "143"
# allow = true
# }
# expressions {
# description = "IMAPS"
# protocol = "tcp"
# source_port = "993"
# dest_port = "993"
# allow = true
# }
expressions {
description = "SSH"
protocol = "tcp"
source_nw = var.ssh_source_network
dest_port = "22"
allow = true
}
expressions {
description = "NTP"
protocol = "udp"
source_nw = var.ntp_source_network
source_port = "123"
allow = true
}
expressions {
description = "DHCP"
protocol = "udp"
dest_port = "68"
allow = true
}
expressions {
description = "icmp"
protocol = "icmp"
allow = true
}
expressions {
description = "fragment"
protocol = "fragment"
allow = true
}
expressions {
description = "Deny all"
protocol = "ip"
source_port = "0-65535"
allow = false
}
}