From b809b315f613b866a5af993c283071c49a6cae98 Mon Sep 17 00:00:00 2001 From: ajlopezn Date: Tue, 11 Apr 2023 10:43:32 +0000 Subject: [PATCH] added example for source&destination ranges usage in fw rules --- modules/net-vpc-firewall/README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md index f886035b..52c6b328 100644 --- a/modules/net-vpc-firewall/README.md +++ b/modules/net-vpc-firewall/README.md @@ -136,6 +136,36 @@ module "firewall" { # tftest modules=0 resources=0 ``` +#### Including source & destination ranges + +Custom rules now support including both source & destination ranges in Ingress and Egress rules: + +```hcl +module "firewall" { + source = "./fabric/modules/net-vpc-firewall" + project_id = "my-project" + network = "my-network" + default_rules_config = { + disabled = true + } + egress_rules = { + allow-egress-source-destination-ranges = { + description = "Deny egress using source and destination ranges" + source_ranges = ["10.132.0.0/20", "10.138.0.0/20"] + destination_ranges = ["172.16.0.0/12"] + } + } + ingress_rules = { + allow-ingress-source-destination-ranges = { + description = "Allow ingress using source and destination ranges" + source_ranges = ["172.16.0.0/12"] + destination_ranges = ["10.132.0.0/20", "10.138.0.0/20"] + } + } +} +# tftest modules=1 resources=2 +``` + ### Rules Factory The module includes a rules factory (see [Resource Factories](../../blueprints/factories/)) for the massive creation of rules leveraging YaML configuration files. Each configuration file can optionally contain more than one rule which a structure that reflects the `custom_rules` variable.