From ec9d591d5b6e02e5fe9ff082bf013b874fd788e5 Mon Sep 17 00:00:00 2001 From: William Graef Date: Wed, 1 May 2024 14:31:02 -0400 Subject: [PATCH] update egress and ingress rules --- ocne/templates/egress_security_rules.j2 | 18 --------- ocne/templates/ingress_security_rules.j2 | 48 +++++++++++++----------- 2 files changed, 27 insertions(+), 39 deletions(-) diff --git a/ocne/templates/egress_security_rules.j2 b/ocne/templates/egress_security_rules.j2 index a0f2a86..21bc3cc 100644 --- a/ocne/templates/egress_security_rules.j2 +++ b/ocne/templates/egress_security_rules.j2 @@ -7,21 +7,3 @@ instance_egress_security_rules: - destination: "0.0.0.0/0" protocol: 6 - - destination: "10.0.0.0/24" - protocol: 6 - tcp_options: - source_port_range: - min: 2048 - max: 2050 - - destination: "10.0.0.0/24" - protocol: 6 - tcp_options: - source_port_range: - min: 111 - max: 111 - - destination: "10.0.0.0/24" - protocol: 17 - udp_options: - source_port_range: - min: 111 - max: 111 \ No newline at end of file diff --git a/ocne/templates/ingress_security_rules.j2 b/ocne/templates/ingress_security_rules.j2 index f962000..11fb388 100644 --- a/ocne/templates/ingress_security_rules.j2 +++ b/ocne/templates/ingress_security_rules.j2 @@ -12,6 +12,18 @@ instance_ingress_security_rules: destination_port_range: max: 22 min: 22 + - source: "0.0.0.0/0" + protocol: 6 + tcp_options: + destination_port_range: + min: 80 + max: 80 + - source: "0.0.0.0/0" + protocol: 6 + tcp_options: + destination_port_range: + min: 443 + max: 443 - source: "10.0.0.0/24" protocol: 6 tcp_options: @@ -36,25 +48,13 @@ instance_ingress_security_rules: destination_port_range: min: 111 max: 111 - - source: "0.0.0.0/0" + - source: "10.0.0.0/24" protocol: 17 udp_options: destination_port_range: min: 2049 max: 2049 - - source: "0.0.0.0/0" - protocol: 6 - tcp_options: - destination_port_range: - min: 80 - max: 80 - - source: "0.0.0.0/0" - protocol: 6 - tcp_options: - destination_port_range: - min: 443 - max: 443 - - source: "0.0.0.0/0" + - source: "10.0.0.0/24" protocol: 6 tcp_options: destination_port_range: @@ -66,48 +66,54 @@ instance_ingress_security_rules: destination_port_range: min: 8080 max: 8080 - - source: "0.0.0.0/0" + - source: "10.0.0.0/24" protocol: 6 tcp_options: destination_port_range: min: 50002 max: 50002 - - source: "0.0.0.0/0" + - source: "10.0.0.0/24" protocol: 6 tcp_options: destination_port_range: min: 8090 max: 8091 - - source: "0.0.0.0/0" + - source: "10.0.0.0/24" protocol: 6 tcp_options: destination_port_range: min: 2379 max: 2380 - - source: "0.0.0.0/0" + - source: "10.0.0.0/24" protocol: 6 tcp_options: destination_port_range: min: 5443 max: 5444 - - source: "0.0.0.0/0" + - source: "10.0.0.0/24" protocol: 6 tcp_options: destination_port_range: min: 6443 max: 6444 - - source: "0.0.0.0/0" + - source: "10.0.0.0/24" protocol: 6 tcp_options: destination_port_range: min: 8472 max: 8472 - - source: "0.0.0.0/0" + - source: "10.0.0.0/24" protocol: 6 tcp_options: destination_port_range: min: 10250 max: 10256 + - source: "10.0.0.0/24" + protocol: 6 + tcp_options: + destination_port_range: + min: 30000 + max: 32767 - source: "0.0.0.0/0" protocol: 1 icmp_options: