Refactor firewall rules and add network resources for production environment

terraform/prod__firewall.tf

@@ -2,21 +2,49 @@ resource "hcloud_firewall" "production_fw" {
   name = "production-fw"
   rule {
     direction = "in"
-    protocol  = "icmp"
+    protocol  = "tcp"
+    port      = "80"
     source_ips = [
       "0.0.0.0/0",
       "::/0"
     ]
   }
-
+    rule {
-  rule {
     direction = "in"
     protocol  = "tcp"
-    port      = "80-85"
+    port      = "443"
     source_ips = [
       "0.0.0.0/0",
       "::/0"
     ]
   }
+    rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+    rule {
+    direction = "out"
+    protocol  = "tcp"
+    port      = "any"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+    rule {
+    direction = "out"
+    protocol  = "udp"
+    port      = "any"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  
 
 }

terraform/prod_network.tf

@@ -0,0 +1,9 @@
+resource "hcloud_network" "prodnet" {
+  name     = "prod-network"
+  ip_range = "10.0.0.0/16"
+}
+
+resource "netbox_ip_range" "prodnet" {
+  start_address = "10.0.0.1/16"
+  end_address   = "10.0.255.254/16"
+}

terraform/terraform.tfstate

@@ -1,9 +1,136 @@
 {
   "version": 4,
   "terraform_version": "1.14.3",
-  "serial": 3,
+  "serial": 10,
   "lineage": "2f42bf18-041f-78d9-24cc-d9a193bc3daf",
   "outputs": {},
-  "resources": [],
+  "resources": [
+    {
+      "mode": "managed",
+      "type": "hcloud_firewall",
+      "name": "production_fw",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "apply_to": [],
+            "id": "10323541",
+            "labels": {},
+            "name": "production-fw",
+            "rule": [
+              {
+                "description": "",
+                "destination_ips": [
+                  "0.0.0.0/0",
+                  "::/0"
+                ],
+                "direction": "out",
+                "port": "any",
+                "protocol": "tcp",
+                "source_ips": []
+              },
+              {
+                "description": "",
+                "destination_ips": [
+                  "0.0.0.0/0",
+                  "::/0"
+                ],
+                "direction": "out",
+                "port": "any",
+                "protocol": "udp",
+                "source_ips": []
+              },
+              {
+                "description": "",
+                "destination_ips": [],
+                "direction": "in",
+                "port": "22",
+                "protocol": "tcp",
+                "source_ips": [
+                  "0.0.0.0/0",
+                  "::/0"
+                ]
+              },
+              {
+                "description": "",
+                "destination_ips": [],
+                "direction": "in",
+                "port": "443",
+                "protocol": "tcp",
+                "source_ips": [
+                  "0.0.0.0/0",
+                  "::/0"
+                ]
+              },
+              {
+                "description": "",
+                "destination_ips": [],
+                "direction": "in",
+                "port": "80",
+                "protocol": "tcp",
+                "source_ips": [
+                  "0.0.0.0/0",
+                  "::/0"
+                ]
+              }
+            ]
+          },
+          "sensitive_attributes": [],
+          "identity_schema_version": 0,
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "hcloud_network",
+      "name": "prodnet",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "delete_protection": false,
+            "expose_routes_to_vswitch": false,
+            "id": "11773043",
+            "ip_range": "10.0.0.0/16",
+            "labels": {},
+            "name": "prod-network"
+          },
+          "sensitive_attributes": [],
+          "identity_schema_version": 0,
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "netbox_ip_range",
+      "name": "prodnet",
+      "provider": "provider[\"registry.terraform.io/e-breuninger/netbox\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "description": null,
+            "end_address": "10.0.255.254/16",
+            "id": "1",
+            "role_id": null,
+            "size": 65534,
+            "start_address": "10.0.0.1/16",
+            "status": "active",
+            "tags": null,
+            "tags_all": [],
+            "tenant_id": null,
+            "vrf_id": null
+          },
+          "sensitive_attributes": [],
+          "identity_schema_version": 0,
+          "private": "bnVsbA=="
+        }
+      ]
+    }
+  ],
   "check_results": null
 }

terraform/terraform.tfstate.backup

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "1.14.3",
-  "serial": 1,
+  "serial": 8,
   "lineage": "2f42bf18-041f-78d9-24cc-d9a193bc3daf",
   "outputs": {},
   "resources": [
@@ -15,16 +15,38 @@
           "schema_version": 0,
           "attributes": {
             "apply_to": [],
-            "id": "10322075",
+            "id": "10323541",
             "labels": {},
             "name": "production-fw",
             "rule": [
+              {
+                "description": "",
+                "destination_ips": [
+                  "0.0.0.0/0",
+                  "::/0"
+                ],
+                "direction": "out",
+                "port": "any",
+                "protocol": "tcp",
+                "source_ips": []
+              },
+              {
+                "description": "",
+                "destination_ips": [
+                  "0.0.0.0/0",
+                  "::/0"
+                ],
+                "direction": "out",
+                "port": "any",
+                "protocol": "udp",
+                "source_ips": []
+              },
               {
                 "description": "",
                 "destination_ips": [],
                 "direction": "in",
-                "port": "",
+                "port": "22",
-                "protocol": "icmp",
+                "protocol": "tcp",
                 "source_ips": [
                   "0.0.0.0/0",
                   "::/0"
@@ -34,7 +56,18 @@
                 "description": "",
                 "destination_ips": [],
                 "direction": "in",
-                "port": "80-85",
+                "port": "443",
+                "protocol": "tcp",
+                "source_ips": [
+                  "0.0.0.0/0",
+                  "::/0"
+                ]
+              },
+              {
+                "description": "",
+                "destination_ips": [],
+                "direction": "in",
+                "port": "80",
                 "protocol": "tcp",
                 "source_ips": [
                   "0.0.0.0/0",
@@ -48,6 +81,28 @@
           "private": "bnVsbA=="
         }
       ]
+    },
+    {
+      "mode": "managed",
+      "type": "hcloud_network",
+      "name": "prodnet",
+      "provider": "provider[\"registry.terraform.io/hetznercloud/hcloud\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "delete_protection": false,
+            "expose_routes_to_vswitch": false,
+            "id": "11773043",
+            "ip_range": "10.0.0.0/16",
+            "labels": null,
+            "name": "prod-network"
+          },
+          "sensitive_attributes": [],
+          "identity_schema_version": 0,
+          "private": "bnVsbA=="
+        }
+      ]
     }
   ],
   "check_results": null