# skip boilerplate check
---
# Terraform will be unable to decode this file if it does not contain valid YAML
# You can retain `---` (start of the document) to indicate an empty document.

ingress:
  allow-hc-nva-ssh-landing:
    description: "Allow traffic from Google healthchecks to NVA appliances"
    source_ranges:
      - healthchecks
    rules:
      - protocol: tcp
        ports:
          - 22
  allow-onprem-probes-landing-example:
    description: "Allow traffic from onprem probes"
    source_ranges:
      - onprem_probes
    rules:
      - protocol: tcp
        ports:
          - 12345
  # This is not really needed, but it's good to have it
  # in place if the more generic hierarchical firewall policies
  # get deleted
  allow-ncc-nva-bgp-landing:
    description: "Allow BGP traffic from NCC Cloud Routers to NVAs"
    source_ranges:
      - ncc_cloud_routers_landing
    targets: ["nva"]
    rules:
      - protocol: tcp
        ports:
          - 179