diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2021-08-16 18:53:34 +0200 |
---|---|---|
committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2021-08-16 18:53:34 +0200 |
commit | e6941a9ebb865d70207e49c1156ce0ab7ff7f967 (patch) | |
tree | 03fd9f17ecf9f9bff143c3f4e72a4620c5ac6675 | |
parent | db7d1ba7561ac328e80dc983ec5e05ae2571a893 (diff) | |
download | infrastructure-e6941a9ebb865d70207e49c1156ce0ab7ff7f967.tar.gz |
clean and simplify
-rw-r--r-- | terraform/infra.tf | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/terraform/infra.tf b/terraform/infra.tf index daaea057..c413239e 100644 --- a/terraform/infra.tf +++ b/terraform/infra.tf @@ -63,6 +63,7 @@ resource "openstack_networking_subnet_v2" "baserock_subnet" { resource "openstack_networking_secgroup_v2" "sg_base" { name = "base" description = "Allow all outgoing traffic, and allow incoming ICMP (ping) and SSH connections" + delete_default_rules = "true" } resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_icmp" { @@ -73,19 +74,17 @@ resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_icmp" { security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}" } -resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_tcp" { +resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_any" { direction = "egress" ethertype = "IPv4" - protocol = "tcp" remote_ip_prefix = "0.0.0.0/0" security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}" } -resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_udp" { +resource "openstack_networking_secgroup_rule_v2" "sg_base_egress_any_v6" { direction = "egress" - ethertype = "IPv4" - protocol = "udp" - remote_ip_prefix = "0.0.0.0/0" + ethertype = "IPv6" + remote_ip_prefix = "::/0" security_group_id = "${openstack_networking_secgroup_v2.sg_base.id}" } |