This is a module that provides an IP blocklist for publicly-accessible internet resources.
It basically transforms the following sources to something terraform can understand and consume in things like firewall rules.
module "ipblocklist" {
source = "github.com/test-in-prod/tfblocklist"
}
resource "azurerm_network_security_rule" "blocklist" {
resource_group_name = "${azurerm_resource_group.main.name}"
network_security_group_name = "${azurerm_network_security_group.main.name}"
name = "blocklist"
priority = 100
direction = "Inbound"
access = "Deny"
protocol = "*"
source_address_prefixes = "${module.ipblocklist.all}"
source_port_range = "*"
destination_address_prefix = "*"
destination_port_range = "*"
}This will use the combined all list of IPs in CIDR notation to block traffic to your vnet in Azure.
- On Linux, you must install powershell and may need to alias
powershellto/usr/bin/pwsh