professional-service-best-practices/terraform-pfsense-deployment
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

adjusted network settings

Browse source
This commit is contained in:
StackedDane 2025-03-28 11:15:01 +01:00
parent 8dd4c5fd03
commit b093c98da7
1 changed files with 70 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
03-pfsense-network.tf
View file

@ -19,18 +19,87 @@ resource "stackit_network" "lan_network" {
project_id = var.STACKIT_PROJECT_ID project_id = var.STACKIT_PROJECT_ID
name = "lan_network" name = "lan_network"
ipv4_nameservers = ["208.67.222.222", "9.9.9.9"] ipv4_nameservers = ["208.67.222.222", "9.9.9.9"]
ipv4_prefix_length = 24
routed = true routed = true
} }
resource "stackit_security_group" "sec_group_wan" {
project_id = var.STACKIT_PROJECT_ID
name = "sec_group"
labels = {
"key" = "value"
}
}
resource "stackit_security_group_rule" "sec_icmp" {
project_id = var.STACKIT_PROJECT_ID
security_group_id = stackit_security_group.sec_group_wan.security_group_id
direction = "ingress"
icmp_parameters = {
code = 0
type = 8
}
protocol = {
name = "icmp"
}
}
resource "stackit_security_group_rule" "sec_tcp" {
project_id = var.STACKIT_PROJECT_ID
security_group_id = stackit_security_group.sec_group_wan.security_group_id
direction = "ingress"
port_range = {
max = 443
min = 443
}
protocol = {
name = "tcp"
}
}
resource "stackit_security_group" "sec_group_lan" {
project_id = var.STACKIT_PROJECT_ID
name = "sec_group"
labels = {
"key" = "value"
}
}
#resource "stackit_security_group_rule" "lan_sec_icmp" {
# project_id = var.STACKIT_PROJECT_ID
# security_group_id = stackit_security_group.sec_group_lan.security_group_id
# direction = "ingress"
# icmp_parameters = {
# code = 0
# type = 8
# }
# protocol = {
# name = "icmp"
# }
#}
#resource "stackit_security_group_rule" "lan_sec_tcp" {
# project_id = var.STACKIT_PROJECT_ID
# security_group_id = stackit_security_group.sec_group_lan.security_group_id
# direction = "ingress"
# port_range = {
# max = 443
# min = 443
# }
# protocol = {
# name = "tcp"
# }
#}
resource "stackit_network_interface" "nic_wan" { resource "stackit_network_interface" "nic_wan" {
project_id = var.STACKIT_PROJECT_ID project_id = var.STACKIT_PROJECT_ID
network_id = stackit_network.wan_network.network_id network_id = stackit_network.wan_network.network_id
security_group_ids = [stackit_security_group.sec_group_wan.security_group_id]
} }
resource "stackit_network_interface" "nic_lan" { resource "stackit_network_interface" "nic_lan" {
project_id = var.STACKIT_PROJECT_ID project_id = var.STACKIT_PROJECT_ID
network_id = stackit_network.lan_network.network_id network_id = stackit_network.lan_network.network_id
security_group_ids = [stackit_security_group.sec_group_lan.security_group_id]
depends_on = [stackit_network_interface.nic_wan] depends_on = [stackit_network_interface.nic_wan]
} }