import some common modulesv0.0.1

author: Egor Tensin <Egor.Tensin@gmail.com> 2023-08-04 14:18:08 +0200
committer: Egor Tensin <Egor.Tensin@gmail.com> 2023-08-04 14:18:08 +0200
commit: 15b9dea7a95765f1f3c09fe0dcb2ea5b5cb669c1 (patch)
tree: c0c192e00c419ade1779ae62b3aed91bbb3e8778 /digitalocean/firewall/main.tf
parent: initial commit (diff)
download: infra-terraform-15b9dea7a95765f1f3c09fe0dcb2ea5b5cb669c1.tar.gz
infra-terraform-15b9dea7a95765f1f3c09fe0dcb2ea5b5cb669c1.zip
1 files changed, 34 insertions, 0 deletions
diff --git a/digitalocean/firewall/main.tf b/digitalocean/firewall/main.tf
new file mode 100644
index 0000000..937a76a
--- /dev/null
+++ b/digitalocean/firewall/main.tf
@@ -0,0 +1,34 @@
+resource "digitalocean_firewall" "this" {
+  name        = var.name
+  droplet_ids = var.droplet_ids
+
+  inbound_rule {
+    protocol         = "icmp"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  outbound_rule {
+    protocol              = "icmp"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  dynamic "inbound_rule" {
+    for_each = var.open_ports
+
+    content {
+      protocol         = "tcp"
+      port_range       = inbound_rule.value
+      source_addresses = ["0.0.0.0/0", "::/0"]
+    }
+  }
+
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "1-65535"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  outbound_rule {
+    protocol              = "udp"
+    port_range            = "1-65535"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+}
author	Egor Tensin <Egor.Tensin@gmail.com>	2023-08-04 14:18:08 +0200
committer	Egor Tensin <Egor.Tensin@gmail.com>	2023-08-04 14:18:08 +0200
commit	15b9dea7a95765f1f3c09fe0dcb2ea5b5cb669c1 (patch)
tree	c0c192e00c419ade1779ae62b3aed91bbb3e8778 /digitalocean/firewall/main.tf
parent	initial commit (diff)
download	infra-terraform-15b9dea7a95765f1f3c09fe0dcb2ea5b5cb669c1.tar.gz infra-terraform-15b9dea7a95765f1f3c09fe0dcb2ea5b5cb669c1.zip