[BUG] can we change default rules to be less permissive? - Githubissues

civo / terraform-provider-civo

Terraform Civo provider

https://www.civo.com

Mozilla Public License 2.0

65 stars 51 forks source link

[BUG] can we change default rules to be less permissive? #228

Open fernando-villalba opened 2 weeks ago

fernando-villalba commented 2 weeks ago

Description

The current default rules are a little too permissive, allowing all ingress traffic.

terraform {
  required_providers {
    civo = {
      source = "civo/civo"
      version = "1.0.44"

    }
  }
}

resource "civo_network" "test-issue" {
    label = "test-something"
}

resource "civo_firewall" "default_rules" {
  name                 = "default_rules"
  network_id           = civo_network.test-issue.id
  create_default_rules = true
}

This creates the following rules

Acceptance Criteria

Instead of allowing all ingress by default, we should perhaps deny all ingress traffic on all ports and instead:
Allow all egress from all ports
Allow ICMP as it is now.

May be worth discussing this if it's part of the API

Screenshots

No response

Additional information

No response