Skip to content

Commit

Permalink
v0.2.0 (#30)
Browse files Browse the repository at this point in the history 
* update changes to modules and examples

* changed version

* push changes
  • Loading branch information
@cshea-msft
cshea-msft authored Jun 2, 2024
1 parent b62014e commit 6128ace
Show file tree
Hide file tree
Showing 5 changed files with 65 additions and 121 deletions.
90 changes: 31 additions & 59 deletions examples/deploy_fw_policy_for_avd/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,102 +66,85 @@ module "avd_core_rule_collection_group" {
firewall_policy_rule_collection_group_priority = 1000
firewall_policy_rule_collection_group_network_rule_collection = [{
action = "Allow"
name = "AVDRequiredNetworkRules"
name = "AVDCoreNetworkRules"
priority = 500
rule = [
{
name = "Login to Microsoft"
source_addresses = ["10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["login.microsoftonline.com"]
protocols = ["TCP"]
destination_ports = ["443"]
}
]
rule = [
},
{
name = "AVD"
source_addresses = ["10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_addresses = ["WindowsVirtualDesktop", "AzureFrontDoor.Frontend", "AzureMonitor"]
protocols = ["TCP"]
destination_ports = ["443"]
}
]
rule = [
},
{
name = "GCS"
source_addresses = [" 10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["gcs.prod.monitoring.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
}
]
rule = [
},
{
name = "DNS"
source_addresses = ["10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_addresses = ["AzureDNS"]
protocols = ["TCP", "UDP"]
destination_ports = ["53"]
}
]
rule = [
},
{
name = "azkms"
source_addresses = ["10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["azkms.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["1688"]
}
]
rule = [
},
{
name = "KMS"
source_addresses = ["10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["kms.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["1688"]
}
]
rule = [
},
{
name = "mrglobalblob"
source_addresses = ["10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["mrsglobalsteus2prod.blob.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
}
]
rule = [
},
{
name = "wvdportalstorageblob"
source_addresses = ["10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["wvdportalstorageblob.blob.core.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
}
]
rule = [
},
{
name = "oneocsp"
source_addresses = ["10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["oneocsp.microsoft.com"]
protocols = ["TCP"]
destination_ports = ["443"]
}
]
rule = [
},
{
name = "microsoft.com"
source_addresses = ["10.0.0.0/24"]
source_addresses = ["10.100.0.0/24"]
destination_fqdns = ["www.microsoft.com"]
protocols = ["TCP"]
destination_ports = ["443"]
}
},
]
}
]
}
module "avd_optional_rule_collection_group" {
source = "../../modules/rule_collection_groups"
# source = "Azure/avm-res-network-firewallpolicy/azurerm//modules/rule_collection_groups"
Expand All @@ -179,28 +162,25 @@ module "avd_optional_rule_collection_group" {
destination_fqdns = ["time.windows.com"]
protocols = ["UDP"]
destination_ports = ["123"]
}
]
rule = [
},
{
name = "login windows.net"
source_addresses = ["10.0.0.0/24"]
destination_fqdns = ["login.windows.net"]
protocols = ["TCP"]
destination_ports = ["443"]
}
]
rule = [
},
{
name = "msftconnecttest"
source_addresses = ["10.0.0.0/24"]
destination_fqdns = ["www.msftconnecttest.com"]
protocols = ["TCP"]
destination_ports = ["443"]
}
},
]
}
]
firewall_policy_rule_collection_group_application_rule_collection = [{
action = "Allow"
name = "AVDOptionalApplicationRules"
Expand All @@ -216,9 +196,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
}
]
rule = [
},
{
name = "Events"
source_addresses = ["10.0.0.0/24"]
Expand All @@ -229,9 +207,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
}
]
rule = [
},
{
name = "sfx"
source_addresses = ["10.0.0.0/24"]
Expand All @@ -242,9 +218,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
}
]
rule = [
},
{
name = "digicert"
source_addresses = ["10.0.0.0/24"]
Expand All @@ -255,9 +229,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
}
]
rule = [
},
{
name = "Azure DNS"
source_addresses = ["10.0.0.0/24"]
Expand All @@ -268,7 +240,7 @@ module "avd_optional_rule_collection_group" {
type = "Https"
}
]
}
},
]
}
]
Expand Down
Loading

0 comments on commit 6128ace

Please sign in to comment.