fc84c4f60d
This pull request introduces the `net-vpc-factory` module. This new factory handles: * Project setup (most of what's supported by the `project` module) * VPC setup * Routing * Subnets * Connectivity options * NCC (hub, VPC spokes and VPN hybrid spokes) * Peerings * VPN (GCP-to-onprem and GCP-to-GCP) * NAT (everything supported by the `net-cloudnat` module) * DNS (everything supported by the `dns` module) * Firewall (everything supported by the `net-vpc-firewall` module)
29 lines
714 B
YAML
29 lines
714 B
YAML
# skip boilerplate check
|
|
---
|
|
# start of document (---) avoids errors if the file only contains comments
|
|
|
|
# yaml-language-server: $schema=../../../schemas/firewall-rules.schema.json
|
|
|
|
ingress:
|
|
ingress-icmp-allow:
|
|
description: "Allow ICMP from anywhere."
|
|
rules:
|
|
- protocol: icmp
|
|
ports: []
|
|
priority: 1000
|
|
ingress-ssh-from-iap-allow:
|
|
description: "Allow SSH connections from IAP ranges."
|
|
source_ranges:
|
|
- 35.235.240.0/20
|
|
rules:
|
|
- protocol: tcp
|
|
ports:
|
|
- 22
|
|
priority: 1001
|
|
ingress-default-deny:
|
|
description: "Deny and log any unmatched ingress traffic."
|
|
deny: true
|
|
priority: 65535
|
|
enable_logging:
|
|
include_metadata: false
|