Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: alan-turing-institute/data-safe-haven
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: ca29007b79d6e0dab717759a8ffbdf280d66d311
Choose a base ref
..
head repository: alan-turing-institute/data-safe-haven
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5bf4bf27991a760ea8f0d526a78fdd008d462ea3
Choose a head ref
Showing with 16 additions and 3 deletions.
  1. +16 −3 data_safe_haven/infrastructure/stacks/shm/firewall.py
19 changes: 16 additions & 3 deletions data_safe_haven/infrastructure/stacks/shm/firewall.py
Original file line number Diff line number Diff line change
@@ -317,8 +317,10 @@ def __init__(
description="Allow external Azure Automation requests",
name="AllowExternalAzureAutomationOperations",
protocols=[
network.AzureFirewallNetworkRuleProtocol.TCP,
network.AzureFirewallNetworkRuleProtocol.UDP,
network.AzureFirewallApplicationRuleProtocolArgs(
port=443,
protocol_type="Https",
)
],
source_addresses=["*"],
target_fqdns=[
@@ -510,8 +512,8 @@ def __init__(
destination_ports=["53"],
name="AllowExternalDnsResolver",
protocols=[
network.AzureFirewallNetworkRuleProtocol.UDP,
network.AzureFirewallNetworkRuleProtocol.TCP,
network.AzureFirewallNetworkRuleProtocol.UDP,
],
source_addresses=[props.subnet_identity_servers_iprange],
),
@@ -522,6 +524,17 @@ def __init__(
name=f"{stack_name}-all",
priority=1010,
rules=[
network.AzureFirewallNetworkRuleArgs(
description="Allow external Azure Automation requests",
destination_addresses=["GuestAndHybridManagement"],
destination_ports=["*"],
name="AllowExternalAzureAutomationOperations",
protocols=[
network.AzureFirewallNetworkRuleProtocol.TCP,
network.AzureFirewallNetworkRuleProtocol.UDP,
],
source_addresses=["*"],
),
network.AzureFirewallNetworkRuleArgs(
description="Allow external NTP requests",
destination_addresses=ntp_ip_addresses,