[upcloud] Fixed issue where DNS would be blocked while using allowlist (#9510)
* [upcloud] Fixed issue where DNS would be blocked while using allowlist * Missed one NTP rule
This commit is contained in:
parent
4db5e663c3
commit
07ad5ecfce
1 changed files with 48 additions and 20 deletions
|
@ -251,8 +251,8 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
destination_port_end = "53"
|
source_port_end = "53"
|
||||||
destination_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -267,8 +267,8 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
destination_port_end = "53"
|
source_port_end = "53"
|
||||||
destination_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -283,8 +283,8 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
destination_port_end = "53"
|
source_port_end = "53"
|
||||||
destination_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -299,8 +299,8 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
destination_port_end = "53"
|
source_port_end = "53"
|
||||||
destination_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -315,8 +315,8 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "NTP Port"
|
comment = "NTP Port"
|
||||||
destination_port_end = "123"
|
source_port_end = "123"
|
||||||
destination_port_start = "123"
|
source_port_start = "123"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -325,6 +325,20 @@ resource "upcloud_firewall_rules" "master" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dynamic firewall_rule {
|
||||||
|
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
||||||
|
|
||||||
|
content {
|
||||||
|
action = "accept"
|
||||||
|
comment = "NTP Port"
|
||||||
|
source_port_end = "123"
|
||||||
|
source_port_start = "123"
|
||||||
|
direction = "in"
|
||||||
|
family = "IPv6"
|
||||||
|
protocol = firewall_rule.value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
firewall_rule {
|
firewall_rule {
|
||||||
action = var.firewall_default_deny_in ? "drop" : "accept"
|
action = var.firewall_default_deny_in ? "drop" : "accept"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
|
@ -394,8 +408,8 @@ resource "upcloud_firewall_rules" "k8s" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
destination_port_end = "53"
|
source_port_end = "53"
|
||||||
destination_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -410,8 +424,8 @@ resource "upcloud_firewall_rules" "k8s" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
destination_port_end = "53"
|
source_port_end = "53"
|
||||||
destination_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -426,8 +440,8 @@ resource "upcloud_firewall_rules" "k8s" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
destination_port_end = "53"
|
source_port_end = "53"
|
||||||
destination_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -442,8 +456,8 @@ resource "upcloud_firewall_rules" "k8s" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "UpCloud DNS"
|
comment = "UpCloud DNS"
|
||||||
destination_port_end = "53"
|
source_port_end = "53"
|
||||||
destination_port_start = "53"
|
source_port_start = "53"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv6"
|
family = "IPv6"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -458,8 +472,8 @@ resource "upcloud_firewall_rules" "k8s" {
|
||||||
content {
|
content {
|
||||||
action = "accept"
|
action = "accept"
|
||||||
comment = "NTP Port"
|
comment = "NTP Port"
|
||||||
destination_port_end = "123"
|
source_port_end = "123"
|
||||||
destination_port_start = "123"
|
source_port_start = "123"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
family = "IPv4"
|
family = "IPv4"
|
||||||
protocol = firewall_rule.value
|
protocol = firewall_rule.value
|
||||||
|
@ -468,6 +482,20 @@ resource "upcloud_firewall_rules" "k8s" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dynamic firewall_rule {
|
||||||
|
for_each = var.firewall_default_deny_in ? ["udp"] : []
|
||||||
|
|
||||||
|
content {
|
||||||
|
action = "accept"
|
||||||
|
comment = "NTP Port"
|
||||||
|
source_port_end = "123"
|
||||||
|
source_port_start = "123"
|
||||||
|
direction = "in"
|
||||||
|
family = "IPv6"
|
||||||
|
protocol = firewall_rule.value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
firewall_rule {
|
firewall_rule {
|
||||||
action = var.firewall_default_deny_in ? "drop" : "accept"
|
action = var.firewall_default_deny_in ? "drop" : "accept"
|
||||||
direction = "in"
|
direction = "in"
|
||||||
|
|
Loading…
Reference in a new issue