[upcloud] Fixed issue where DNS would be blocked while using allowlist (#9510)

* [upcloud] Fixed issue where DNS would be blocked while using allowlist

* Missed one NTP rule
This commit is contained in:
Fredrik Liv 2022-12-01 06:36:26 +01:00 committed by GitHub
parent 4db5e663c3
commit 07ad5ecfce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -251,8 +251,8 @@ resource "upcloud_firewall_rules" "master" {
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
destination_port_end = "53" source_port_end = "53"
destination_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -267,8 +267,8 @@ resource "upcloud_firewall_rules" "master" {
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
destination_port_end = "53" source_port_end = "53"
destination_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -283,8 +283,8 @@ resource "upcloud_firewall_rules" "master" {
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
destination_port_end = "53" source_port_end = "53"
destination_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -299,8 +299,8 @@ resource "upcloud_firewall_rules" "master" {
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
destination_port_end = "53" source_port_end = "53"
destination_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -315,8 +315,8 @@ resource "upcloud_firewall_rules" "master" {
content { content {
action = "accept" action = "accept"
comment = "NTP Port" comment = "NTP Port"
destination_port_end = "123" source_port_end = "123"
destination_port_start = "123" source_port_start = "123"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -325,6 +325,20 @@ resource "upcloud_firewall_rules" "master" {
} }
} }
dynamic firewall_rule {
for_each = var.firewall_default_deny_in ? ["udp"] : []
content {
action = "accept"
comment = "NTP Port"
source_port_end = "123"
source_port_start = "123"
direction = "in"
family = "IPv6"
protocol = firewall_rule.value
}
}
firewall_rule { firewall_rule {
action = var.firewall_default_deny_in ? "drop" : "accept" action = var.firewall_default_deny_in ? "drop" : "accept"
direction = "in" direction = "in"
@ -394,8 +408,8 @@ resource "upcloud_firewall_rules" "k8s" {
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
destination_port_end = "53" source_port_end = "53"
destination_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -410,8 +424,8 @@ resource "upcloud_firewall_rules" "k8s" {
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
destination_port_end = "53" source_port_end = "53"
destination_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -426,8 +440,8 @@ resource "upcloud_firewall_rules" "k8s" {
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
destination_port_end = "53" source_port_end = "53"
destination_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -442,8 +456,8 @@ resource "upcloud_firewall_rules" "k8s" {
content { content {
action = "accept" action = "accept"
comment = "UpCloud DNS" comment = "UpCloud DNS"
destination_port_end = "53" source_port_end = "53"
destination_port_start = "53" source_port_start = "53"
direction = "in" direction = "in"
family = "IPv6" family = "IPv6"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -458,8 +472,8 @@ resource "upcloud_firewall_rules" "k8s" {
content { content {
action = "accept" action = "accept"
comment = "NTP Port" comment = "NTP Port"
destination_port_end = "123" source_port_end = "123"
destination_port_start = "123" source_port_start = "123"
direction = "in" direction = "in"
family = "IPv4" family = "IPv4"
protocol = firewall_rule.value protocol = firewall_rule.value
@ -468,6 +482,20 @@ resource "upcloud_firewall_rules" "k8s" {
} }
} }
dynamic firewall_rule {
for_each = var.firewall_default_deny_in ? ["udp"] : []
content {
action = "accept"
comment = "NTP Port"
source_port_end = "123"
source_port_start = "123"
direction = "in"
family = "IPv6"
protocol = firewall_rule.value
}
}
firewall_rule { firewall_rule {
action = var.firewall_default_deny_in ? "drop" : "accept" action = var.firewall_default_deny_in ? "drop" : "accept"
direction = "in" direction = "in"