Remove firewall configuration and make it static with a debug flag

2025-07-23 15:30:44 -04:00 · 2022-09-05 16:53:37 +02:00 · 2022-09-05 16:53:37 +02:00 · 1a4b4f564a
commit 1a4b4f564a
parent 23bf4aa665
6 changed files with 157 additions and 155 deletions
--- a/internal/constants/firewall.go
+++ b/internal/constants/firewall.go
@ -0,0 +1,60 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package constants
+
+import (
+	"github.com/edgelesssys/constellation/internal/cloud/cloudtypes"
+)
+
+var (
+	// IngressRulesNoDebug is the default set of ingress rules for a Constellation cluster without debug mode.
+	IngressRulesNoDebug = cloudtypes.Firewall{
+		{
+			Name:        "bootstrapper",
+			Description: "bootstrapper default port",
+			Protocol:    "tcp",
+			IPRange:     "0.0.0.0/0",
+			FromPort:    BootstrapperPort,
+		},
+		{
+			Name:        "ssh",
+			Description: "SSH",
+			Protocol:    "tcp",
+			IPRange:     "0.0.0.0/0",
+			FromPort:    SSHPort,
+		},
+		{
+			Name:        "nodeport",
+			Description: "NodePort",
+			Protocol:    "tcp",
+			IPRange:     "0.0.0.0/0",
+			FromPort:    NodePortFrom,
+			ToPort:      NodePortTo,
+		},
+		{
+			Name:        "kubernetes",
+			Description: "Kubernetes",
+			Protocol:    "tcp",
+			IPRange:     "0.0.0.0/0",
+			FromPort:    KubernetesPort,
+		},
+	}
+
+	// IngressRulesDebug is the default set of ingress rules for a Constellation cluster with debug mode.
+	IngressRulesDebug = append(IngressRulesNoDebug, cloudtypes.Firewall{
+		{
+			Name:        "debugd",
+			Description: "debugd",
+			Protocol:    "tcp",
+			IPRange:     "0.0.0.0/0",
+			FromPort:    DebugdPort,
+		},
+	}...)
+
+	// EgressRules is the default set of egress rules for a Constellation cluster.
+	EgressRules = cloudtypes.Firewall{}
+)