-
Notifications
You must be signed in to change notification settings - Fork 0
/
firewall.tf
42 lines (35 loc) · 1.21 KB
/
firewall.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#####################################################################
# region: Allow other internet nodes to connect with SSV node (Ingress)
resource "google_compute_firewall" "fw_de_allow_2" {
name = "fw-de-allow-${local.vm.name}-2"
network = var.gcp_network_name
description = "Allow P2P node connections from the internet"
priority = var.firewall_priority
allow {
protocol = "tcp"
ports = ["${local.ssv.network.tcp_port}"]
}
allow {
protocol = "udp"
ports = ["${local.ssv.network.udp_port}"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = local.network.subnet_1.tags
}
# endregion
#####################################################################
# region: Monitoring (Ingress)
resource "google_compute_firewall" "fw_de_allow_7" {
name = "fw-de-allow-${local.vm.name}-7"
network = var.gcp_network_name
description = "Allow inbound monitoring connections"
priority = var.firewall_priority
allow {
protocol = "tcp"
ports = ["${local.ssv.network.metrics_port}"]
}
source_tags = var.firewall_source_tags
target_tags = local.network.subnet_1.tags
}
# endregion
#####################################################################