58 lines
1.2 KiB
Go
58 lines
1.2 KiB
Go
|
package main
|
||
|
|
||
|
import (
|
||
|
"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
|
||
|
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
||
|
)
|
||
|
|
||
|
func firewall(ctx *pulumi.Context) error {
|
||
|
allowHttp := linode.FirewallInboundArgs{
|
||
|
Label: pulumi.String("accept-inbound-tcp-80"),
|
||
|
Action: pulumi.String("ACCEPT"),
|
||
|
Protocol: pulumi.String("TCP"),
|
||
|
Ports: pulumi.String("80"),
|
||
|
Ipv4s: pulumi.StringArray{
|
||
|
pulumi.String("0.0.0.0/0"),
|
||
|
},
|
||
|
Ipv6s: pulumi.StringArray{
|
||
|
pulumi.String("::/0"),
|
||
|
},
|
||
|
}
|
||
|
|
||
|
allowHttps := linode.FirewallInboundArgs{
|
||
|
Label: pulumi.String("accept-inbound-tcp-443"),
|
||
|
Action: pulumi.String("ACCEPT"),
|
||
|
Protocol: pulumi.String("TCP"),
|
||
|
Ports: pulumi.String("443"),
|
||
|
Ipv4s: pulumi.StringArray{
|
||
|
pulumi.String("0.0.0.0/0"),
|
||
|
},
|
||
|
Ipv6s: pulumi.StringArray{
|
||
|
pulumi.String("::/0"),
|
||
|
},
|
||
|
}
|
||
|
|
||
|
tags := []string{"flow"}
|
||
|
|
||
|
label := "fireflow"
|
||
|
|
||
|
firewallArgs := linode.FirewallArgs{
|
||
|
Label: pulumi.String(label),
|
||
|
Tags: pulumi.ToStringArray(tags),
|
||
|
InboundPolicy: pulumi.String("DROP"),
|
||
|
Inbounds: linode.FirewallInboundArray{
|
||
|
&allowHttp,
|
||
|
&allowHttps,
|
||
|
},
|
||
|
OutboundPolicy: pulumi.String("ACCEPT"),
|
||
|
}
|
||
|
|
||
|
_, err := linode.NewFirewall(ctx, label, &firewallArgs)
|
||
|
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
return nil
|
||
|
}
|