Assigning a firewall via CloudManager is quite easy and self-explanatory. Create a firewall, add the rules you need and simply select that firewall when you create a load balancer.

More fun part is to use IaC, mainly Terraform.

Example code which will create a NodeBalancer, Firewall device and assign it to a load balancer.

NodeBalancer Terraform code:

resource "linode_nodebalancer" "primaryregion-lb" {
    label = "nodebalancer-web-${var.primary_region}"
    region = var.primary_region
    client_conn_throttle = 0
}

resource "linode_nodebalancer_config" "primaryregion-lb-config" {
    nodebalancer_id = linode_nodebalancer.primaryregion-lb.id
    port = 80
    protocol = "http"
    check = "http"
    check_path = "/"
    check_attempts = 3
    check_timeout = 30
    stickiness = "none"
    algorithm = "leastconn"
}

resource "linode_nodebalancer_node" "primary" {
    count = "2"
    nodebalancer_id = linode_nodebalancer.primaryregion-lb.id
    config_id = linode_nodebalancer_config.primaryregion-lb-config.id
    address = "${element(linode_instance.web-primary.*.private_ip_address, count.index)}:80"
    label = "nodebalancer-web-${var.primary_region}"
    weight = 50
}

Terraform code to create a Firewall and assign it to the said load balancer.

resource "linode_firewall" "lb-fw" {
  label = "lb-pub"

  inbound {
    label    = "allow-http"
    action   = "ACCEPT"
    protocol = "TCP"
    ports    = "80"
    ipv4     = ["0.0.0.0/0"]
    ipv6     = ["::/0"]
  }

  inbound {
    label    = "allow-https"
    action   = "ACCEPT"
    protocol = "TCP"
    ports    = "443"
    ipv4     = ["0.0.0.0/0"]
    ipv6     = ["::/0"]
  }

  inbound_policy = "DROP"

  outbound_policy = "ACCEPT"

  nodebalancers = [linode_nodebalancer.primaryregion-lb.id]
}

If you’ve ever used Terraform and Linode, you will notice it’s exactly the same approach we do when we want to assign a firewall device to a Linode (virtual machine); only difference is that we reference the “nodebalancer” instead of “linodes”.

Cheers,

Alex.

The post Assigning a firewall to Linode NodeBalancer using Terraform and Cloud Manager. first appeared on Architect the cloud.