[RAN] Add firewall

2026-02-09 12:29:19 -08:00 · 2023-05-01 09:47:57 -07:00 · 2023-05-01 09:47:57 -07:00 · 019731411e
commit 019731411e
parent b0a7fa16c1
3 changed files with 53 additions and 7 deletions
--- a/tf/ran-hcloud.tf
+++ b/tf/ran-hcloud.tf
@ -27,6 +27,9 @@ resource "hcloud_server" "ran" {
        ipv6_enabled = true
        ipv6 = hcloud_primary_ip.ran_ipv6.id
    }
+    firewall_ids = [
+        hcloud_firewall.ran.id
+    ]

    lifecycle {
        ignore_changes = [
@ -46,4 +49,53 @@ resource "hcloud_rdns" "ran-v6" {
    server_id  = hcloud_server.ran.id
    ip_address = hcloud_server.ran.ipv6_address
    dns_ptr    = "ran.gensokyo.zone"
+}
+
+resource "hcloud_firewall" "ran" {
+    name = "ran-firewall"
+    rule {
+        direction = "in"
+        protocol  = "icmp"
+        source_ips = [
+        "0.0.0.0/0",
+        "::/0"
+        ]
+    }
+
+    rule {
+        direction = "in"
+        protocol = "tcp"
+        port = "80"
+        source_ips = [
+            "0.0.0.0/0",
+            "::/0"
+        ]
+    }
+    rule {
+        direction = "in"
+        protocol = "tcp"
+        port = "443"
+        source_ips = [
+            "0.0.0.0/0",
+            "::/0"
+        ]
+    }
+    rule {
+        direction = "in"
+        protocol = "udp"
+        port = "60000-61000"
+        source_ips = [
+            "0.0.0.0/0",
+            "::/0"
+        ]
+    }
+    rule {
+        direction = "in"
+        protocol = "tcp"
+        port = "22"
+        source_ips = [
+            "0.0.0.0/0",
+            "::/0"
+        ]
+    }
 }