-
Notifications
You must be signed in to change notification settings - Fork 6
/
rcg-global.json
93 lines (93 loc) · 3.59 KB
/
rcg-global.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"policyName": {
"type": "string",
"defaultValue": "myazurepolicy",
"metadata": {
"description": "Name of the Azure Firewall Policy"
}
},
"rcgName": {
"type": "string",
"defaultValue": "global-rcg",
"metadata": {
"description": "Name of the Rule Collection Group"
}
}
},
"variables": {
"location": "[resourceGroup().location]"
},
"resources": [
{
"apiVersion": "2021-08-01",
"dependsOn": [],
"location": "[variables('location')]",
"name": "[concat(parameters('policyName'), '/', parameters('rcgName'))]",
"properties": {
"priority": "10000",
"ruleCollections": [
{
"action": {
"type": "allow"
},
"name": "Global network rules",
"priority": "10100",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"name": "Windows-activation",
"destinationAddresses": [
"20.118.99.224", "40.83.235.53"
],
"destinationFqdns": [],
"destinationIpGroups": [],
"destinationPorts": [
"1688"
],
"ipProtocols": [
"TCP"
],
"ruleType": "NetworkRule",
"sourceAddresses": [ "*" ],
"sourceIpGroups": []
}
]
},
{
"action": {
"type": "allow"
},
"name": "Global application rules",
"priority": "10200",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"name": "Ubuntu repositories",
"destinationAddresses": [],
"targetFqdns": [
"*.ubuntu.com"
],
"protocols": [
{
"protocolType": "Https",
"port": "443"
}
],
"ruleType": "ApplicationRule",
"sourceAddresses": [ "*" ],
"sourceIpGroups": [],
"fqdnTags": [],
"targetUrls": [],
"webCategories": []
}
]
}
]
},
"type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups"
}
]
}