Skip to content

Instantly share code, notes, and snippets.

@jhanley-com
Created November 29, 2023 21:33
Show Gist options
  • Save jhanley-com/13c09d31e43dd20031092149fa150a88 to your computer and use it in GitHub Desktop.
Save jhanley-com/13c09d31e43dd20031092149fa150a88 to your computer and use it in GitHub Desktop.
Civo Terraform: Create Firewall and Rules to Allow Traffic From Home
terraform {
required_providers {
civo = {
source = "civo/civo"
version = "~>1.0.39"
}
}
}
provider "civo" {
token = "YOUR_API_KEY"
region = "NYC1"
}
variable "firewall_name" {
description = "Fireall Name"
type = string
default = "allow_from_home"
}
variable "ip_address" {
description = "Your Public IP Address"
type = string
# default = "1.2.3.4"
}
# Create a firewall
resource "civo_firewall" "allow_from_home" {
name = var.firewall_name
network_id = "default"
create_default_rules = false
ingress_rule {
label = "Allow all TCP traffic from home"
protocol = "tcp"
port_range = "1-65535"
cidr = [format("%s/%s", var.ip_address, "32")]
action = "allow"
}
ingress_rule {
label = "Allow all UDP traffic from home"
protocol = "udp"
port_range = "1-65535"
cidr = [format("%s/%s", var.ip_address, "32")]
action = "allow"
}
ingress_rule {
label = "Allow all ICMP traffic from home"
protocol = "icmp"
cidr = [format("%s/%s", var.ip_address, "32")]
action = "allow"
}
egress_rule {
label = "All TCP ports open"
protocol = "tcp"
port_range = "1-65535"
cidr = ["0.0.0.0/0"]
action = "allow"
}
egress_rule {
label = "All UDP ports open"
protocol = "udp"
port_range = "1-65535"
cidr = ["0.0.0.0/0"]
action = "allow"
}
egress_rule {
label = "Ping/traceroute"
protocol = "icmp"
cidr = ["0.0.0.0/0"]
action = "allow"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment