freezer/mareshq-cthulhunetes-infrastructure-v3
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2025-08-23. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
mareshq-cthulhunetes-infras.../firewalls.tf

95 lines
1.7 KiB
HCL
Raw Blame History

resource "hcloud_firewall" "cthulhu_nodes_public" {
name = "cthulhu-nodes-public"
rule {
description = "Allow ICMP (ping)"
direction = "in"
protocol = "icmp"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
description = "Allow SSH"
direction = "in"
protocol = "tcp"
port = "22"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
description = "Allow HTTP"
direction = "in"
protocol = "tcp"
port = "80"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
description = "Allow HTTPS"
direction = "in"
protocol = "tcp"
port = "443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
description = "Allow HTTP/3"
direction = "in"
protocol = "udp"
port = "443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
description = "Allow Kubernetes API Server"
direction = "in"
protocol = "tcp"
port = "6443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
}
resource "hcloud_firewall" "cthulhu_nodes_private" {
name = "cthulhu-nodes-private"
rule {
description = "Allow ICMP (ping)"
direction = "in"
protocol = "icmp"
source_ips = [hcloud_network.cthulhu.ip_range]
}
rule {
description = "Allow eveyrthing TCP on all ports"
direction = "in"
protocol = "tcp"
port = "any"
source_ips = [hcloud_network.cthulhu.ip_range]
}
rule {
description = "Allow eveyrthing UDP on all ports"
direction = "in"
protocol = "udp"
port = "any"
source_ips = [hcloud_network.cthulhu.ip_range]
}
}
View git blame Copy permalink