From b809b315f613b866a5af993c283071c49a6cae98 Mon Sep 17 00:00:00 2001
From: ajlopezn <ajln@google.com>
Date: Tue, 11 Apr 2023 10:43:32 +0000
Subject: [PATCH] added example for source&destination ranges usage in fw rules

---
 modules/net-vpc-firewall/README.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md
index f886035b..52c6b328 100644
--- a/modules/net-vpc-firewall/README.md
+++ b/modules/net-vpc-firewall/README.md
@@ -136,6 +136,36 @@ module "firewall" {
 # tftest modules=0 resources=0
 ```
 
+#### Including source & destination ranges
+
+Custom rules now support including both source & destination ranges in Ingress and Egress rules:
+
+```hcl
+module "firewall" {
+  source     = "./fabric/modules/net-vpc-firewall"
+  project_id = "my-project"
+  network    = "my-network"
+  default_rules_config = {
+    disabled = true
+  }
+  egress_rules = {
+    allow-egress-source-destination-ranges = {
+      description   = "Deny egress using source and destination ranges"
+      source_ranges = ["10.132.0.0/20", "10.138.0.0/20"]
+      destination_ranges = ["172.16.0.0/12"]
+    }
+  }
+  ingress_rules = {
+    allow-ingress-source-destination-ranges = {
+      description   = "Allow ingress using source and destination ranges"
+      source_ranges = ["172.16.0.0/12"]
+      destination_ranges = ["10.132.0.0/20", "10.138.0.0/20"]
+    }
+  }
+}
+# tftest modules=1 resources=2
+```
+
 ### Rules Factory
 
 The module includes a rules factory (see [Resource Factories](../../blueprints/factories/)) for the massive creation of rules leveraging YaML configuration files. Each configuration file can optionally contain more than one rule which a structure that reflects the `custom_rules` variable.