|
|
@@ -204,6 +204,17 @@ resource "aws_security_group_rule" "openvpn-https-in" {
|
|
|
security_group_id = aws_security_group.openvpn_security_group.id
|
|
|
}
|
|
|
|
|
|
+resource "aws_security_group_rule" "openvpn-permissive-out" {
|
|
|
+ # We allow all outbound for openvpn
|
|
|
+ type = "egress"
|
|
|
+ from_port = -1
|
|
|
+ to_port = -1
|
|
|
+ protocol = "all"
|
|
|
+ cidr_blocks = [ "10.0.0.0/8" ]
|
|
|
+ security_group_id = aws_security_group.openvpn_security_group.id
|
|
|
+}
|
|
|
+
|
|
|
+# We have specific egress rules, as well, but the list may be incomplete.
|
|
|
resource "aws_security_group_rule" "openvpn-splunk-out" {
|
|
|
type = "egress"
|
|
|
from_port = 8000
|
Frederick Damstra