tl;dr The code for the complete Unifi setup is available in the niels-s/unifi-terraform-example repo
This post is part of a small series, go and read the previous post to setup the unifi controller
In the final post, we configure the Digital Ocean Firewall. We used the guidelines from Ubiquiti to configure the right inbound rules. I was lazy and didn’t specify any specific outbound rules. That’s not the best practice, so I should improve them soon.
We use the digitalocean_firewall terraform resource
to configure the rules. The only remarks I have is that we allow inbound
connections on port 2222 for our ssh server, and we apply port range 1-65535
for outbound traffic.
resource "digitalocean_firewall" "unifi" {
name = "unifi-controller"
droplet_ids = [digitalocean_droplet.unifi_controller.id]
inbound_rule {
protocol = "tcp"
port_range = "80"
source_addresses = ["0.0.0.0/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "443"
source_addresses = ["0.0.0.0/0"]
}
# SSH
inbound_rule {
protocol = "tcp"
port_range = "2222"
source_addresses = ["0.0.0.0/0"]
}
inbound_rule {
protocol = "udp"
port_range = "3478"
source_addresses = ["0.0.0.0/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "6789"
source_addresses = ["0.0.0.0/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "8080"
source_addresses = ["0.0.0.0/0"]
}
inbound_rule {
protocol = "icmp"
source_addresses = ["0.0.0.0/0"]
}
# Outbound
outbound_rule {
protocol = "icmp"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "udp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "tcp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
}
The code for the complete Unifi setup is available in the niels-s/unifi-terraform-example repo , the changes of this post can be found in this commit
This post is part of a small series, go and read the next post on my failed attempts
