Skip to content

Commit

Permalink
Adding NSG rules for nodemanager and admin channel ports (#55)
Browse files Browse the repository at this point in the history 
* Adding NSG rules for nodemanager and admin channel ports

* Added post deloyment NSG rule

* Corrected sourceAddressPrefix
  • Loading branch information
@sanjaymantoor
sanjaymantoor committed Oct 21, 2020
1 parent 8f4d83d commit edffa5a
Show file tree
Hide file tree
Showing 2 changed files with 114 additions and 0 deletions.
88 changes: 88 additions & 0 deletions addnsgrule/src/main/arm/mainTemplate.json
View file
@@ -0,0 +1,88 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"metadata": {
"description": "Location for all resources."
}
},
"name_networkSecurityGroup": {
"type": "string",
"metadata": {
"description": "Network Security Group name"
}
},
"const_subnetPrefix": {
"type": "string",
"defaultValue": "10.0.0.0/24"
}
},
"variables": {
"const_requiredAppGatewayPortrange": "65200-65535"
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"name": "[concat(parameters('name_networkSecurityGroup'),'/','AppgatewayPorts')]",
"apiVersion": "2018-08-01",
"properties": {
"protocol": "TCP",
"sourcePortRange": "*",
"sourceAddressPrefix": "GatewayManager",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 200,
"direction": "Inbound",
"destinationPortRanges": "[split(variables('const_requiredAppGatewayPortrange'), ',')]"
}
},
{
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"name": "[concat(parameters('name_networkSecurityGroup'),'/','WebLogicAdminPortsAllowed')]",
"apiVersion": "2018-08-01",
"properties": {
"protocol": "TCP",
"sourcePortRange": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 210,
"direction": "Inbound",
"destinationPortRanges": [
"7001",
"7002"
],
"sourceAddressPrefix": "[parameters('const_subnetPrefix')]",
}
},
{
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"name": "[concat(parameters('name_networkSecurityGroup'),'/','WebLogicAdminPortsDenied')]",
"apiVersion": "2018-08-01",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 211,
"direction": "Inbound",
"destinationPortRanges": [
"7001",
"7002"
],
"sourceAddressPrefix": "Internet"
}
}
],
"outputs": {
"nsg": {
"type": "string",
"value": "[resourceId('Microsoft.Network/networkSecurityGroups').name]"
},
"subnet" : {
"type": "string",
"value": "[resourceId('Microsoft.Network/virtualNetworks').name]"
}
}
}
26 changes: 26 additions & 0 deletions src/main/arm/nestedtemplates/adminTemplate.json
View file
Expand Up @@ -189,6 +189,32 @@
"direction": "Inbound",
"destinationPortRanges": "[split(concat(parameters('portsToExpose'),variables('const_requiredPortrange')), ',')]"
}
},
{
"name": "WebLogicNMPort",
"properties": {
"protocol": "TCP",
"sourcePortRange": "*",
"sourceAddressPrefix": "Internet",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 201,
"direction": "Inbound",
"destinationPortRanges": [ "5556" ]
}
},
{
"name": "WebLogicAdminChannelPort",
"properties": {
"protocol": "TCP",
"sourcePortRange": "*",
"sourceAddressPrefix": "Internet",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 202,
"direction": "Inbound",
"destinationPortRanges": [ "7005" ]
}
}
]
}
Expand Down

0 comments on commit edffa5a

Please sign in to comment.