adjusted network settings

2025-03-28 11:15:01 +01:00 · 2025-03-28 11:15:01 +01:00 · b093c98da7
commit b093c98da7
parent 8dd4c5fd03
1 changed files with 70 additions and 1 deletions
--- a/03-pfsense-network.tf
+++ b/03-pfsense-network.tf
@ -19,18 +19,87 @@ resource "stackit_network" "lan_network" {
  project_id         = var.STACKIT_PROJECT_ID
  name               = "lan_network"
  ipv4_nameservers   = ["208.67.222.222", "9.9.9.9"]
-  ipv4_prefix_length = 24
  routed             = true
 }

+resource "stackit_security_group" "sec_group_wan" {
+  project_id = var.STACKIT_PROJECT_ID
+  name       = "sec_group"
+  labels = {
+    "key" = "value"
+  }
+}
+
+resource "stackit_security_group_rule" "sec_icmp" {
+  project_id        = var.STACKIT_PROJECT_ID
+  security_group_id = stackit_security_group.sec_group_wan.security_group_id
+  direction         = "ingress"
+  icmp_parameters = {
+    code = 0
+    type = 8
+  }
+  protocol = {
+    name = "icmp"
+  }
+}
+
+resource "stackit_security_group_rule" "sec_tcp" {
+  project_id        = var.STACKIT_PROJECT_ID
+  security_group_id = stackit_security_group.sec_group_wan.security_group_id
+  direction         = "ingress"
+  port_range = {
+    max = 443
+    min = 443
+  }
+  protocol = {
+    name = "tcp"
+  }
+}
+
+resource "stackit_security_group" "sec_group_lan" {
+  project_id = var.STACKIT_PROJECT_ID
+  name       = "sec_group"
+  labels = {
+    "key" = "value"
+  }
+}
+
+#resource "stackit_security_group_rule" "lan_sec_icmp" {
+#  project_id        = var.STACKIT_PROJECT_ID
+#  security_group_id = stackit_security_group.sec_group_lan.security_group_id
+#  direction         = "ingress"
+#  icmp_parameters = {
+#    code = 0
+#    type = 8
+#  }
+#  protocol = {
+#    name = "icmp"
+#  }
+#}
+
+#resource "stackit_security_group_rule" "lan_sec_tcp" {
+#  project_id        = var.STACKIT_PROJECT_ID
+#  security_group_id = stackit_security_group.sec_group_lan.security_group_id
+#  direction         = "ingress"
+#  port_range = {
+#    max = 443
+#    min = 443
+#  }
+#  protocol = {
+#    name = "tcp"
+#  }
+#}
+
 resource "stackit_network_interface" "nic_wan" {
  project_id         = var.STACKIT_PROJECT_ID
  network_id         = stackit_network.wan_network.network_id
+  security_group_ids = [stackit_security_group.sec_group_wan.security_group_id]
 }

 resource "stackit_network_interface" "nic_lan" {
  project_id         = var.STACKIT_PROJECT_ID
  network_id         = stackit_network.lan_network.network_id
+  security_group_ids = [stackit_security_group.sec_group_lan.security_group_id]
  depends_on         = [stackit_network_interface.nic_wan]
 }