From 3f26447f1ba6c4a953482694d6b9d38b709c6ed8 Mon Sep 17 00:00:00 2001
From: phahulin
Date: Thu, 16 Nov 2017 16:45:28 +0300
Subject: [PATCH] Add network security groups setup
---
TestTestNet/mining-node/template.json | 85 ++++++++++++++++++++++++++-
1 file changed, 83 insertions(+), 2 deletions(-)
diff --git a/TestTestNet/mining-node/template.json b/TestTestNet/mining-node/template.json
index 8e84c15..6f9d208 100644
--- a/TestTestNet/mining-node/template.json
+++ b/TestTestNet/mining-node/template.json
@@ -84,7 +84,8 @@
"miningKeypass": "[trim(parameters('MiningKeyPassword'))]",
"netstatsServer": "[trim(parameters('NetstatsServer'))]",
"netstatsSecret": "[trim(parameters('NetstatsSecret'))]",
- "dnsLabelPrefix": "[toLower(concat('oracles-', uniqueString(resourceGroup().id, variables('miningAddress'))))]"
+ "dnsLabelPrefix": "[toLower(concat('oracles-', uniqueString(resourceGroup().id, variables('miningAddress'))))]",
+ "networkSecurityGroupName": "OraclesTest-NSG-1"
},
"resources": [
{
@@ -138,6 +139,7 @@
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
+ "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
@@ -154,7 +156,10 @@
}
}
}
- ]
+ ],
+ "networkSecurityGroup": {
+ "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
+ }
}
},
{
@@ -246,6 +251,82 @@
}
}
]
+ },
+ {
+ "name": "[variables('networkSecurityGroupName')]",
+ "type": "Microsoft.Network/networkSecurityGroups",
+ "apiVersion": "2016-09-01",
+ "location": "[resourceGroup().location]",
+ "comments": "Network Security Group (NSG) for your Primary NIC",
+ "properties": {
+ "securityRules": [
+ {
+ "name": "allow-ssh",
+ "properties": {
+ "priority": 1000,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "Tcp",
+ "access": "Allow",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "22"
+ }
+ },
+ {
+ "name": "allow-rpc",
+ "properties": {
+ "priority": 1100,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "Tcp",
+ "access": "Allow",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "8545"
+ }
+ },
+ {
+ "name": "allow-discovery",
+ "properties": {
+ "priority": 1200,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "*",
+ "access": "Allow",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "30303"
+ }
+ },
+ {
+ "name": "allow-https",
+ "properties": {
+ "priority": 1300,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "*",
+ "access": "Allow",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "443"
+ }
+ },
+ {
+ "name": "disallow-other",
+ "properties": {
+ "priority": 2000,
+ "direction": "Inbound",
+ "sourceAddressPrefix": "*",
+ "sourcePortRange": "*",
+ "protocol": "*",
+ "access": "Deny",
+ "destinationAddressPrefix": "*",
+ "destinationPortRange": "*"
+ }
+ }
+ ]
+ }
}
],
"outputs": {