From 001e057c295000b7209da67d48b739c95399ce52 Mon Sep 17 00:00:00 2001
From: phahulin
Date: Fri, 10 Nov 2017 19:37:37 +0300
Subject: [PATCH] Try to use NSG
---
TestTestNet/bootnode/template.json | 85 +++++++++++++++++++++++++++++-
1 file changed, 83 insertions(+), 2 deletions(-)
diff --git a/TestTestNet/bootnode/template.json b/TestTestNet/bootnode/template.json
index b22be00..706c97f 100644
--- a/TestTestNet/bootnode/template.json
+++ b/TestTestNet/bootnode/template.json
@@ -78,7 +78,8 @@
"nodeFullName": "[trim(parameters('nodeFullName'))]",
"nodeAdminEmail": "[trim(parameters('nodeAdminEmail'))]",
"netstatsServer": "[trim(parameters('netstatsServer'))]",
- "netstatsSecret": "[trim(parameters('netstatsSecret'))]"
+ "netstatsSecret": "[trim(parameters('netstatsSecret'))]",
+ "networkSecurityGroupName": "OraclesTest-NSG-1"
},
"resources": [
{
@@ -132,6 +133,7 @@
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
+ "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
@@ -148,7 +150,10 @@
}
}
}
- ]
+ ],
+ "networkSecurityGroup": {
+ "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
+ }
}
},
{
@@ -240,6 +245,82 @@
}
}
]
+ },
+ {
+ "name": "[variables('networkSecurityGroupName')]",
+ "type": "Microsoft.Network/networkSecurityGroups",
+ "apiVersion": "2016-09-01",
+ "location": "[resourceGroup().location]",
+ "comments": "Network Security Group (NSG) for your Primary NIC",
+ "properties": {
+ "securityRules": [
+ {
+ "name": "allow-ssh",
+ "properties": {
+ "priority": 1000,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "Tcp",
+ "access": "Allow",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "22"
+ }
+ },
+ {
+ "name": "allow-rpc",
+ "properties": {
+ "priority": 1000,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "Tcp",
+ "access": "Allow",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "8545"
+ }
+ },
+ {
+ "name": "allow-discovery",
+ "properties": {
+ "priority": 1000,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "*",
+ "access": "Allow",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "30303"
+ }
+ },
+ {
+ "name": "allow-https",
+ "properties": {
+ "priority": 1000,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "*",
+ "access": "Allow",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "443"
+ }
+ },
+ {
+ "name": "disallow-other",
+ "properties": {
+ "priority": 2000,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "*",
+ "access": "Deny",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "*"
+ }
+ }
+ ]
+ }
}
],
"outputs": {