Add network security groups setup
This commit is contained in:
parent
d31820072e
commit
3f26447f1b
|
@ -84,7 +84,8 @@
|
|||
"miningKeypass": "[trim(parameters('MiningKeyPassword'))]",
|
||||
"netstatsServer": "[trim(parameters('NetstatsServer'))]",
|
||||
"netstatsSecret": "[trim(parameters('NetstatsSecret'))]",
|
||||
"dnsLabelPrefix": "[toLower(concat('oracles-', uniqueString(resourceGroup().id, variables('miningAddress'))))]"
|
||||
"dnsLabelPrefix": "[toLower(concat('oracles-', uniqueString(resourceGroup().id, variables('miningAddress'))))]",
|
||||
"networkSecurityGroupName": "OraclesTest-NSG-1"
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
|
@ -138,6 +139,7 @@
|
|||
"location": "[resourceGroup().location]",
|
||||
"dependsOn": [
|
||||
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
|
||||
"[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]",
|
||||
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
|
||||
],
|
||||
"properties": {
|
||||
|
@ -154,7 +156,10 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
],
|
||||
"networkSecurityGroup": {
|
||||
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -246,6 +251,82 @@
|
|||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "[variables('networkSecurityGroupName')]",
|
||||
"type": "Microsoft.Network/networkSecurityGroups",
|
||||
"apiVersion": "2016-09-01",
|
||||
"location": "[resourceGroup().location]",
|
||||
"comments": "Network Security Group (NSG) for your Primary NIC",
|
||||
"properties": {
|
||||
"securityRules": [
|
||||
{
|
||||
"name": "allow-ssh",
|
||||
"properties": {
|
||||
"priority": 1000,
|
||||
"direction": "Inbound",
|
||||
"sourceAddressPrefix": "*",
|
||||
"sourcePortRange": "*",
|
||||
"protocol": "Tcp",
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefix": "*",
|
||||
"destinationPortRange": "22"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-rpc",
|
||||
"properties": {
|
||||
"priority": 1100,
|
||||
"direction": "Inbound",
|
||||
"sourceAddressPrefix": "*",
|
||||
"sourcePortRange": "*",
|
||||
"protocol": "Tcp",
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefix": "*",
|
||||
"destinationPortRange": "8545"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-discovery",
|
||||
"properties": {
|
||||
"priority": 1200,
|
||||
"direction": "Inbound",
|
||||
"sourceAddressPrefix": "*",
|
||||
"sourcePortRange": "*",
|
||||
"protocol": "*",
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefix": "*",
|
||||
"destinationPortRange": "30303"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "allow-https",
|
||||
"properties": {
|
||||
"priority": 1300,
|
||||
"direction": "Inbound",
|
||||
"sourceAddressPrefix": "*",
|
||||
"sourcePortRange": "*",
|
||||
"protocol": "*",
|
||||
"access": "Allow",
|
||||
"destinationAddressPrefix": "*",
|
||||
"destinationPortRange": "443"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "disallow-other",
|
||||
"properties": {
|
||||
"priority": 2000,
|
||||
"direction": "Inbound",
|
||||
"sourceAddressPrefix": "*",
|
||||
"sourcePortRange": "*",
|
||||
"protocol": "*",
|
||||
"access": "Deny",
|
||||
"destinationAddressPrefix": "*",
|
||||
"destinationPortRange": "*"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"outputs": {
|
||||
|
|
Loading…
Reference in New Issue