This repository has been archived by the owner on Nov 17, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathnetwork-subnet-public.tf
143 lines (121 loc) · 3.7 KB
/
network-subnet-public.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
resource "oci_core_subnet" "vcn-public-subnet" {
compartment_id = oci_identity_compartment.homelab.id
vcn_id = module.vcn.vcn_id
cidr_block = "10.0.0.0/24"
freeform_tags = var.tags
route_table_id = module.vcn.ig_route_id
security_list_ids = [
oci_core_security_list.public-security-list.id,
]
display_name = "public-subnet"
dhcp_options_id = oci_core_dhcp_options.dhcp-options.id
dns_label = "publicsubnet"
}
resource "oci_core_security_list" "public-security-list" {
compartment_id = oci_identity_compartment.homelab.id
vcn_id = module.vcn.vcn_id
display_name = "security-list-public"
freeform_tags = var.tags
egress_security_rules {
stateless = false
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
protocol = "all"
}
ingress_security_rules {
stateless = false
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
protocol = "6"
description = "SSH traffic"
tcp_options {
min = 22
max = 22
}
}
## If you wish to open further network ports to the internet,
## add your firewall ACLs as the following:
# ingress_security_rules {
# stateless = false
# source = "0.0.0.0/0"
# source_type = "CIDR_BLOCK"
# protocol = "6"
# description = "HTTP traffic"
# tcp_options {
# min = 80
# max = 80
# }
# ingress_security_rules {
# stateless = false
# source = "0.0.0.0/0"
# source_type = "CIDR_BLOCK"
# protocol = "6"
# description = "HTTPS traffic"
# tcp_options {
# min = 443
# max = 443
# }
ingress_security_rules {
stateless = false
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
protocol = "1"
description = "ICMP Port Unreachable"
icmp_options {
type = 3
code = 4
}
}
ingress_security_rules {
stateless = false
source = "10.0.0.0/16"
source_type = "CIDR_BLOCK"
protocol = "1"
description = "ICMP Destination Unreachable"
icmp_options {
type = 3
}
}
ingress_security_rules {
stateless = false
source = "10.0.0.0/16"
source_type = "CIDR_BLOCK"
protocol = "1"
description = "ICMP Echo Reply"
icmp_options {
type = 0
}
}
ingress_security_rules {
stateless = false
source = "10.0.0.0/16"
source_type = "CIDR_BLOCK"
protocol = "1"
description = "ICMP Echo"
icmp_options {
type = 8
}
}
}
resource "oci_core_network_security_group" "homelab-network-security-group" {
compartment_id = oci_identity_compartment.homelab.id
vcn_id = module.vcn.vcn_id
display_name = "network-security-group-homelab"
freeform_tags = var.tags
}
resource "oci_core_network_security_group_security_rule" "homelab-network-security-group-list-ingress" {
network_security_group_id = oci_core_network_security_group.homelab-network-security-group.id
direction = "INGRESS"
source = oci_core_network_security_group.homelab-network-security-group.id
source_type = "NETWORK_SECURITY_GROUP"
protocol = "all"
stateless = true
}
resource "oci_core_network_security_group_security_rule" "homelab-network-security-group-list-egress" {
network_security_group_id = oci_core_network_security_group.homelab-network-security-group.id
direction = "EGRESS"
destination = oci_core_network_security_group.homelab-network-security-group.id
destination_type = "NETWORK_SECURITY_GROUP"
protocol = "all"
stateless = true
}