-
Notifications
You must be signed in to change notification settings - Fork 3
/
gcp-firewall.tf
98 lines (82 loc) · 2.88 KB
/
gcp-firewall.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
resource "google_compute_firewall" "avi_controller_mgmt" {
count = var.create_firewall_rules ? 1 : 0
name = "${var.name_prefix}-avi-controller-mgmt"
project = var.network_project != "" ? var.network_project : var.project
network = var.create_networking ? google_compute_network.vpc_network[0].name : var.custom_vpc_name
allow {
protocol = "tcp"
ports = ["22", "443", "5054"]
}
source_ranges = [var.firewall_controller_allow_source_range]
target_tags = ["avi-controller"]
depends_on = [google_compute_network.vpc_network]
}
resource "google_compute_firewall" "avi_controller_to_controller" {
count = var.create_firewall_rules ? 1 : 0
name = "${var.name_prefix}-avi-controller-to-controller"
project = var.network_project != "" ? var.network_project : var.project
network = var.create_networking ? google_compute_network.vpc_network[0].name : var.custom_vpc_name
allow {
protocol = "tcp"
ports = ["22", "443", "8443"]
}
source_tags = ["avi-controller"]
target_tags = ["avi-controller"]
depends_on = [google_compute_network.vpc_network]
}
resource "google_compute_firewall" "avi_se_to_se" {
count = var.create_firewall_rules ? 1 : 0
name = "${var.name_prefix}-avi-se-to-se"
project = var.network_project != "" ? var.network_project : var.project
network = var.create_networking ? google_compute_network.vpc_network[0].name : var.custom_vpc_name
allow {
protocol = 75
}
allow {
protocol = 97
}
allow {
protocol = "udp"
ports = ["1550"]
}
allow {
protocol = "tcp"
ports = ["4001"]
}
source_tags = ["avi-se"]
target_tags = ["avi-se"]
depends_on = [google_compute_network.vpc_network]
}
resource "google_compute_firewall" "avi_se_mgmt" {
count = var.create_firewall_rules ? 1 : 0
name = "${var.name_prefix}-avi-se-mgmt"
project = var.network_project != "" ? var.network_project : var.project
network = var.create_networking ? google_compute_network.vpc_network[0].name : var.custom_vpc_name
allow {
protocol = "udp"
ports = ["123"]
}
allow {
protocol = "tcp"
ports = ["22", "8443"]
}
source_tags = ["avi-se"]
target_tags = ["avi-controller"]
depends_on = [google_compute_network.vpc_network]
}
resource "google_compute_firewall" "avi_se_data" {
count = var.create_firewall_rules ? var.configure_firewall_se_data ? 1 : 0 : 0
name = "${var.name_prefix}-avi-se-data"
project = var.network_project != "" ? var.network_project : var.project
network = var.create_networking ? google_compute_network.vpc_network[0].name : var.custom_vpc_name
dynamic "allow" {
for_each = var.firewall_se_data_rules
content {
protocol = allow.value["protocol"]
ports = allow.value["port"]
}
}
source_ranges = [var.firewall_se_data_source_range]
target_tags = ["avi-se"]
depends_on = [google_compute_network.vpc_network]
}