disable firewall

mrsimonemms · Oct 31, 2024 · 5a659c0 · 5a659c0
1 parent 0ef7d2c
commit 5a659c0
Showing 1 changed file with 53 additions and 53 deletions.
diff --git a/modules/hetzner/networks.tf b/modules/hetzner/networks.tf
@@ -26,60 +26,60 @@ resource "hcloud_network_subnet" "subnet" {
   ip_range     = var.network_subnet
 }
 
-resource "hcloud_firewall" "firewall" {
-  name = format(local.name_format, "firewall")
+# resource "hcloud_firewall" "firewall" {
+#   name = format(local.name_format, "firewall")
 
-  dynamic "rule" {
-    for_each = [for each in [
-      {
-        description = "SSH port"
-        port        = var.ssh_port
-        source_ips  = var.firewall_allow_ssh_access
-      },
-      {
-        description = "Allow ICMP (ping)"
-        source_ips = [
-          local.global_ipv4_cidr,
-          local.global_ipv6_cidr,
-        ]
-        protocol = "icmp"
-        port     = null
-      },
-      {
-        description = "Allow all TCP traffic on private network"
-        source_ips = [
-          hcloud_network.network.ip_range
-        ]
-      },
-      {
-        description = "Allow all UDP traffic on private network"
-        source_ips = [
-          hcloud_network.network.ip_range
-        ]
-        protocol = "udp"
-      },
-      # Direct public access only allowed if single manager node
-      {
-        description = "Allow access to Kubernetes API"
-        port        = local.kubernetes_api_port
-        source_ips  = var.firewall_allow_api_access
-        disabled    = var.k3s_manager_pool.count > 1
-      }
-    ] : each if lookup(each, "disabled", false) != true]
+#   dynamic "rule" {
+#     for_each = [for each in [
+#       {
+#         description = "SSH port"
+#         port        = var.ssh_port
+#         source_ips  = var.firewall_allow_ssh_access
+#       },
+#       {
+#         description = "Allow ICMP (ping)"
+#         source_ips = [
+#           local.global_ipv4_cidr,
+#           local.global_ipv6_cidr,
+#         ]
+#         protocol = "icmp"
+#         port     = null
+#       },
+#       {
+#         description = "Allow all TCP traffic on private network"
+#         source_ips = [
+#           hcloud_network.network.ip_range
+#         ]
+#       },
+#       {
+#         description = "Allow all UDP traffic on private network"
+#         source_ips = [
+#           hcloud_network.network.ip_range
+#         ]
+#         protocol = "udp"
+#       },
+#       # Direct public access only allowed if single manager node
+#       {
+#         description = "Allow access to Kubernetes API"
+#         port        = local.kubernetes_api_port
+#         source_ips  = var.firewall_allow_api_access
+#         disabled    = var.k3s_manager_pool.count > 1
+#       }
+#     ] : each if lookup(each, "disabled", false) != true]
 
-    content {
-      description     = lookup(rule.value, "description", "")
-      destination_ips = lookup(rule.value, "destination_ips", [])
-      direction       = lookup(rule.value, "direction", "in")
-      port            = lookup(rule.value, "port", "any")
-      protocol        = lookup(rule.value, "protocol", "tcp")
-      source_ips      = lookup(rule.value, "source_ips", [])
-    }
-  }
+#     content {
+#       description     = lookup(rule.value, "description", "")
+#       destination_ips = lookup(rule.value, "destination_ips", [])
+#       direction       = lookup(rule.value, "direction", "in")
+#       port            = lookup(rule.value, "port", "any")
+#       protocol        = lookup(rule.value, "protocol", "tcp")
+#       source_ips      = lookup(rule.value, "source_ips", [])
+#     }
+#   }
 
-  apply_to {
-    label_selector = join(",", [for key, value in local.labels : "${key}=${value}"])
-  }
+#   apply_to {
+#     label_selector = join(",", [for key, value in local.labels : "${key}=${value}"])
+#   }
 
-  labels = merge(local.labels, {})
-}
+#   labels = merge(local.labels, {})
+# }