Allow azure collector on internal IPs only (#144)

metlo-labs · Nov 29, 2022 · 6f1dea8 · 6f1dea8
1 parent d34d74b
commit 6f1dea8
Show file tree

Hide file tree

Showing 2 changed files with 252 additions and 278 deletions.
diff --git a/deploy/azure/deployment.bicep b/deploy/azure/deployment.bicep
@@ -85,48 +85,35 @@ resource nsg 'Microsoft.Network/networkSecurityGroups@2021-05-01' = {
         }
       }
       {
-        name: 'Metlo-Collector'
+        name: 'Metlo-Collector-10-8'
         properties: {
           priority: 1001
           protocol: 'Tcp'
           access: 'Allow'
           direction: 'Inbound'
-          sourceAddressPrefix: '*'
+          sourceAddressPrefix: '10.0.0.0/8'
           sourcePortRange: '*'
           destinationAddressPrefix: '*'
           destinationPortRange: '8081'
         }
       }
       {
-        name: 'Metlo-Frontend-10-8'
+        name: 'Metlo-Collector-172.16-12'
         properties: {
           priority: 1002
           protocol: 'Tcp'
           access: 'Allow'
           direction: 'Inbound'
-          sourceAddressPrefix: '10.0.0.0/8'
-          sourcePortRange: '*'
-          destinationAddressPrefix: '*'
-          destinationPortRange: '8000'
-        }
-      }
-      {
-        name: 'Metlo-Frontend-172.16-12'
-        properties: {
-          priority: 1003
-          protocol: 'Tcp'
-          access: 'Allow'
-          direction: 'Inbound'
           sourceAddressPrefix: '172.16.0.0/12'
           sourcePortRange: '*'
           destinationAddressPrefix: '*'
           destinationPortRange: '8000'
         }
       }
       {
-        name: 'Metlo-Frontend-192.168-16'
+        name: 'Metlo-Collector-192.168-16'
         properties: {
-          priority: 1004
+          priority: 1003
           protocol: 'Tcp'
           access: 'Allow'
           direction: 'Inbound'