IaC/terraform/hetzner/firewall.tf

resource "hcloud_firewall" "opnsense" {
  name = "opnsense"
  # HTTP
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "80"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  # HTTPS
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "443"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  # Wireguard
  rule {
    direction = "in"
    protocol  = "udp"
    port      = "51820"
    source_ips = [
      "0.0.0.0/0"
    ]
  }
  # DNS UDP
  rule {
    direction = "in"
    protocol  = "udp"
    port      = "53"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  # DNS TCP
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "53"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  # SMTP
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "25"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  # SMTPS
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "465"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  # IMAPS
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "993"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }  
  # Matrix Federation
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "8448"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }  
  # ICMP IPv6
  rule {
    direction = "in"
    protocol  = "icmp"
    source_ips = [
      "::/0"
    ]
  }   
}

resource "hcloud_firewall_attachment" "opnsense" {
  firewall_id = hcloud_firewall.opnsense.id
  server_ids  = [
    hcloud_server.opnsense_a.id,
    hcloud_server.opnsense_b.id
  ]
}
split resources into multiple tf files 2024-04-16 10:56:53 -04:00			`resource "hcloud_firewall" "opnsense" {`
			`name = "opnsense"`
			`# HTTP`
			`rule {`
			`direction = "in"`
			`protocol = "tcp"`
			`port = "80"`
			`source_ips = [`
			`"0.0.0.0/0",`
			`"::/0"`
			`]`
			`}`
			`# HTTPS`
			`rule {`
			`direction = "in"`
			`protocol = "tcp"`
			`port = "443"`
			`source_ips = [`
			`"0.0.0.0/0",`
			`"::/0"`
			`]`
			`}`
			`# Wireguard`
			`rule {`
			`direction = "in"`
			`protocol = "udp"`
			`port = "51820"`
			`source_ips = [`
			`"0.0.0.0/0"`
			`]`
			`}`
			`# DNS UDP`
			`rule {`
			`direction = "in"`
			`protocol = "udp"`
			`port = "53"`
			`source_ips = [`
			`"0.0.0.0/0",`
			`"::/0"`
			`]`
			`}`
			`# DNS TCP`
			`rule {`
			`direction = "in"`
			`protocol = "tcp"`
			`port = "53"`
			`source_ips = [`
			`"0.0.0.0/0",`
			`"::/0"`
			`]`
			`}`
			`# SMTP`
			`rule {`
			`direction = "in"`
			`protocol = "tcp"`
			`port = "25"`
			`source_ips = [`
			`"0.0.0.0/0",`
			`"::/0"`
			`]`
			`}`
			`# SMTPS`
			`rule {`
			`direction = "in"`
			`protocol = "tcp"`
			`port = "465"`
			`source_ips = [`
			`"0.0.0.0/0",`
			`"::/0"`
			`]`
			`}`
			`# IMAPS`
			`rule {`
			`direction = "in"`
			`protocol = "tcp"`
			`port = "993"`
			`source_ips = [`
			`"0.0.0.0/0",`
			`"::/0"`
			`]`
			`}`
			`# Matrix Federation`
			`rule {`
			`direction = "in"`
			`protocol = "tcp"`
			`port = "8448"`
			`source_ips = [`
			`"0.0.0.0/0",`
			`"::/0"`
			`]`
			`}`
			`# ICMP IPv6`
			`rule {`
			`direction = "in"`
			`protocol = "icmp"`
			`source_ips = [`
			`"::/0"`
			`]`
			`}`
opnsense b created 2024-04-16 12:06:14 -04:00			`}`

			`resource "hcloud_firewall_attachment" "opnsense" {`
			`firewall_id = hcloud_firewall.opnsense.id`
			`server_ids = [`
			`hcloud_server.opnsense_a.id,`
			`hcloud_server.opnsense_b.id`
			`]`
split resources into multiple tf files 2024-04-16 10:56:53 -04:00			`}`