Refactor firewall rules and add network resources for production environment

2025-12-23 10:54:03 +01:00
parent 34dd484004
commit f850066aad
4 changed files with 230 additions and 11 deletions
--- a/terraform/prod__firewall.tf
+++ b/terraform/prod__firewall.tf
@@ -2,21 +2,49 @@ resource "hcloud_firewall" "production_fw" {
  name = "production-fw"
  rule {
    direction = "in"
-    protocol  = "icmp"
+    protocol  = "tcp"
+    port      = "80"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
-
-  rule {
+    rule {
    direction = "in"
    protocol  = "tcp"
-    port      = "80-85"
+    port      = "443"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
+    rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+    rule {
+    direction = "out"
+    protocol  = "tcp"
+    port      = "any"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+    rule {
+    direction = "out"
+    protocol  = "udp"
+    port      = "any"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  

 }