57 lines
1.2 KiB
Go
57 lines
1.2 KiB
Go
package main
|
|
|
|
import (
|
|
"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
|
)
|
|
|
|
func firewall(ctx *pulumi.Context) error {
|
|
allowHttp := linode.FirewallInboundArgs{
|
|
Label: pulumi.String("accept-inbound-tcp-80"),
|
|
Action: pulumi.String("ACCEPT"),
|
|
Protocol: pulumi.String("TCP"),
|
|
Ports: pulumi.String("80"),
|
|
Ipv4s: pulumi.StringArray{
|
|
pulumi.String("0.0.0.0/0"),
|
|
},
|
|
Ipv6s: pulumi.StringArray{
|
|
pulumi.String("::/0"),
|
|
},
|
|
}
|
|
|
|
allowHttps := linode.FirewallInboundArgs{
|
|
Label: pulumi.String("accept-inbound-tcp-443"),
|
|
Action: pulumi.String("ACCEPT"),
|
|
Protocol: pulumi.String("TCP"),
|
|
Ports: pulumi.String("443"),
|
|
Ipv4s: pulumi.StringArray{
|
|
pulumi.String("0.0.0.0/0"),
|
|
},
|
|
Ipv6s: pulumi.StringArray{
|
|
pulumi.String("::/0"),
|
|
},
|
|
}
|
|
|
|
tags := []string{"flow"}
|
|
|
|
label := "fireflow"
|
|
|
|
firewallArgs := linode.FirewallArgs{
|
|
Label: pulumi.String(label),
|
|
Tags: pulumi.ToStringArray(tags),
|
|
InboundPolicy: pulumi.String("DROP"),
|
|
Inbounds: linode.FirewallInboundArray{
|
|
&allowHttp,
|
|
&allowHttps,
|
|
},
|
|
OutboundPolicy: pulumi.String("ACCEPT"),
|
|
}
|
|
|
|
_, err := linode.NewFirewall(ctx, label, &firewallArgs)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|