Complete the code to create an inbound NSG rule allowing HTTP traffic on port 80.
resource "azurerm_network_security_rule" "allow_http_inbound" { name = "Allow-HTTP-Inbound" priority = 100 direction = "[1]" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" destination_address_prefix = "*" network_security_group_name = azurerm_network_security_group.example.name resource_group_name = azurerm_resource_group.example.name }
The direction for inbound traffic must be set to "Inbound" to allow incoming HTTP requests.
Complete the code to create an outbound NSG rule blocking all traffic.
resource "azurerm_network_security_rule" "deny_all_outbound" { name = "Deny-All-Outbound" priority = 4096 direction = "Outbound" access = "[1]" protocol = "*" source_port_range = "*" destination_port_range = "*" source_address_prefix = "*" destination_address_prefix = "*" network_security_group_name = azurerm_network_security_group.example.name resource_group_name = azurerm_resource_group.example.name }
The access must be set to "Deny" to block outbound traffic.
Fix the error in the NSG rule direction to allow outbound SSH traffic on port 22.
resource "azurerm_network_security_rule" "allow_ssh_outbound" { name = "Allow-SSH-Outbound" priority = 200 direction = "[1]" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" destination_address_prefix = "*" network_security_group_name = azurerm_network_security_group.example.name resource_group_name = azurerm_resource_group.example.name }
The direction must be "Outbound" to allow traffic leaving the resource on port 22.
Fill both blanks to create an NSG rule allowing inbound HTTPS traffic on port 443 from a specific IP.
resource "azurerm_network_security_rule" "allow_https_inbound_specific_ip" { name = "Allow-HTTPS-Inbound-Specific-IP" priority = 150 direction = "[1]" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "[2]" destination_address_prefix = "*" network_security_group_name = azurerm_network_security_group.example.name resource_group_name = azurerm_resource_group.example.name }
Inbound direction is needed for incoming traffic. The source IP must be the specific IP address to restrict access.
Fill all three blanks to create an NSG rule denying outbound traffic on port 25 (SMTP) to any destination.
resource "azurerm_network_security_rule" "deny_smtp_outbound" { name = "Deny-SMTP-Outbound" priority = 300 direction = "[1]" access = "[2]" protocol = "Tcp" source_port_range = "*" destination_port_range = "[3]" source_address_prefix = "*" destination_address_prefix = "*" network_security_group_name = azurerm_network_security_group.example.name resource_group_name = azurerm_resource_group.example.name }
Outbound direction is for traffic leaving the network. Access must be 'Deny' to block it. Port 25 is the SMTP port to block.