diff --git a/TestTestNet/netstats-server/template.json b/TestTestNet/netstats-server/template.json index 927f979..4134cab 100644 --- a/TestTestNet/netstats-server/template.json +++ b/TestTestNet/netstats-server/template.json @@ -55,7 +55,8 @@ "sshPublicKey": "[trim(parameters('sshPublicKey'))]", "nodeFullName": "[trim(parameters('nodeFullName'))]", "nodeAdminEmail": "[trim(parameters('nodeAdminEmail'))]", - "netstatsSecret": "[trim(parameters('netstatsSecret'))]" + "netstatsSecret": "[trim(parameters('netstatsSecret'))]", + "networkSecurityGroupName": "OraclesTest-NSG-1" }, "resources": [ { @@ -109,6 +110,7 @@ "location": "[resourceGroup().location]", "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" ], "properties": { @@ -126,6 +128,9 @@ } } ] + }, + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" } }, { @@ -217,6 +222,82 @@ } } ] + }, + { + "name": "[variables('networkSecurityGroupName')]", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2016-09-01", + "location": "[resourceGroup().location]", + "comments": "Network Security Group (NSG) for your Primary NIC", + "properties": { + "securityRules": [ + { + "name": "allow-ssh", + "properties": { + "priority": 1000, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "Tcp", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "22" + } + }, + { + "name": "allow-rpc", + "properties": { + "priority": 1100, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "Tcp", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "8545" + } + }, + { + "name": "allow-discovery", + "properties": { + "priority": 1200, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "*", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "30303" + } + }, + { + "name": "allow-https", + "properties": { + "priority": 1300, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "*", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "443" + } + }, + { + "name": "disallow-other", + "properties": { + "priority": 2000, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "*", + "access": "Deny", + "destinationAddressPrefix": "*", + "destinationPortRange": "*" + } + } + ] + } } ], "outputs": {