108 lines
1.6 KiB
HCL
108 lines
1.6 KiB
HCL
resource "hcloud_firewall" "opnsense" {
|
|
name = "opnsense"
|
|
# HTTP
|
|
rule {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = "80"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
# HTTPS
|
|
rule {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = "443"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
# Wireguard
|
|
rule {
|
|
direction = "in"
|
|
protocol = "udp"
|
|
port = "51820"
|
|
source_ips = [
|
|
"0.0.0.0/0"
|
|
]
|
|
}
|
|
# DNS UDP
|
|
rule {
|
|
direction = "in"
|
|
protocol = "udp"
|
|
port = "53"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
# DNS TCP
|
|
rule {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = "53"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
# SMTP
|
|
rule {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = "25"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
# SMTPS
|
|
rule {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = "465"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
# IMAPS
|
|
rule {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = "993"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
# Matrix Federation
|
|
rule {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = "8448"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
# ICMP IPv6
|
|
rule {
|
|
direction = "in"
|
|
protocol = "icmp"
|
|
source_ips = [
|
|
"::/0"
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "hcloud_firewall_attachment" "opnsense" {
|
|
firewall_id = hcloud_firewall.opnsense.id
|
|
server_ids = [
|
|
hcloud_server.opnsense_a.id,
|
|
hcloud_server.opnsense_b.id
|
|
]
|
|
} |