search

TritonDataCenter / terraform-provider-triton

Terraform Joyent Triton provider
https://www.terraform.io/docs/providers/triton/
Mozilla Public License 2.0
15 stars 24 forks source link

No way to specify anti-spoofing settings on new machines #139

Open john-terrell opened 3 years ago

john-terrell commented 3 years ago

There's currently no way (that I can find) to specify anti-spoofing changes to triton_machine resources. When setting up VPN servers inside a fabric, one has to manually set the ip_spoofing flag on a machine and reboot it.

Terraform Version

Terraform v1.0.3

siepkes commented 3 years ago

As far as I know you can't use the allow IP spoofing flag in the cloud API and therefor in the current state of things it can't be added to the Terraform provider.

It has to be done via a privileged way like the vmapi (which in turn sets it via the network API). Which makes sense because if a normal Triton user can spoof IP's you can bypass the Triton firewall and other nastyness which makes it a dangerous capability. Adding this capability to Terraform would first require being able to delegate the IP spoofing flag to a user account (as far as I know this currently is not possible). After that it could be added to the cloud API and then ultimately to the Terraform provider.

If you want to use a non-privileged way to use a VPN in a zone you might try to PAT the traffic.