From 001e057c295000b7209da67d48b739c95399ce52 Mon Sep 17 00:00:00 2001 From: phahulin Date: Fri, 10 Nov 2017 19:37:37 +0300 Subject: [PATCH] Try to use NSG --- TestTestNet/bootnode/template.json | 85 +++++++++++++++++++++++++++++- 1 file changed, 83 insertions(+), 2 deletions(-) diff --git a/TestTestNet/bootnode/template.json b/TestTestNet/bootnode/template.json index b22be00..706c97f 100644 --- a/TestTestNet/bootnode/template.json +++ b/TestTestNet/bootnode/template.json @@ -78,7 +78,8 @@ "nodeFullName": "[trim(parameters('nodeFullName'))]", "nodeAdminEmail": "[trim(parameters('nodeAdminEmail'))]", "netstatsServer": "[trim(parameters('netstatsServer'))]", - "netstatsSecret": "[trim(parameters('netstatsSecret'))]" + "netstatsSecret": "[trim(parameters('netstatsSecret'))]", + "networkSecurityGroupName": "OraclesTest-NSG-1" }, "resources": [ { @@ -132,6 +133,7 @@ "location": "[resourceGroup().location]", "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" ], "properties": { @@ -148,7 +150,10 @@ } } } - ] + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + } } }, { @@ -240,6 +245,82 @@ } } ] + }, + { + "name": "[variables('networkSecurityGroupName')]", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2016-09-01", + "location": "[resourceGroup().location]", + "comments": "Network Security Group (NSG) for your Primary NIC", + "properties": { + "securityRules": [ + { + "name": "allow-ssh", + "properties": { + "priority": 1000, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "Tcp", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "22" + } + }, + { + "name": "allow-rpc", + "properties": { + "priority": 1000, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "Tcp", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "8545" + } + }, + { + "name": "allow-discovery", + "properties": { + "priority": 1000, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "*", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "30303" + } + }, + { + "name": "allow-https", + "properties": { + "priority": 1000, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "*", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "443" + } + }, + { + "name": "disallow-other", + "properties": { + "priority": 2000, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "*", + "access": "Deny", + "destinationAddressPrefix": "*", + "destinationPortRange": "*" + } + } + ] + } } ], "outputs": {