From a5b96e208e3a9689203549b6d0ab16dc66e08784 Mon Sep 17 00:00:00 2001 From: phahulin Date: Thu, 16 Nov 2017 16:50:46 +0300 Subject: [PATCH] Add network security groups --- TestTestNet/netstats-server/template.json | 83 ++++++++++++++++++++++- 1 file changed, 82 insertions(+), 1 deletion(-) diff --git a/TestTestNet/netstats-server/template.json b/TestTestNet/netstats-server/template.json index 927f979..4134cab 100644 --- a/TestTestNet/netstats-server/template.json +++ b/TestTestNet/netstats-server/template.json @@ -55,7 +55,8 @@ "sshPublicKey": "[trim(parameters('sshPublicKey'))]", "nodeFullName": "[trim(parameters('nodeFullName'))]", "nodeAdminEmail": "[trim(parameters('nodeAdminEmail'))]", - "netstatsSecret": "[trim(parameters('netstatsSecret'))]" + "netstatsSecret": "[trim(parameters('netstatsSecret'))]", + "networkSecurityGroupName": "OraclesTest-NSG-1" }, "resources": [ { @@ -109,6 +110,7 @@ "location": "[resourceGroup().location]", "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" ], "properties": { @@ -126,6 +128,9 @@ } } ] + }, + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" } }, { @@ -217,6 +222,82 @@ } } ] + }, + { + "name": "[variables('networkSecurityGroupName')]", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2016-09-01", + "location": "[resourceGroup().location]", + "comments": "Network Security Group (NSG) for your Primary NIC", + "properties": { + "securityRules": [ + { + "name": "allow-ssh", + "properties": { + "priority": 1000, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "Tcp", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "22" + } + }, + { + "name": "allow-rpc", + "properties": { + "priority": 1100, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "Tcp", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "8545" + } + }, + { + "name": "allow-discovery", + "properties": { + "priority": 1200, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "*", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "30303" + } + }, + { + "name": "allow-https", + "properties": { + "priority": 1300, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "*", + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationPortRange": "443" + } + }, + { + "name": "disallow-other", + "properties": { + "priority": 2000, + "direction": "Inbound", + "sourceAddressPrefix": "*", + "sourcePortRange": "*", + "protocol": "*", + "access": "Deny", + "destinationAddressPrefix": "*", + "destinationPortRange": "*" + } + } + ] + } } ], "outputs": {