Skip to content

Disable SNAT regardless of the destination IP address (Firewall) since forced tunneling is turned on#194

Merged
jjansen23 merged 5 commits intomainfrom
disablesnat
May 7, 2021
Merged

Disable SNAT regardless of the destination IP address (Firewall) since forced tunneling is turned on#194
jjansen23 merged 5 commits intomainfrom
disablesnat

Conversation

@jjansen23
Copy link
Copy Markdown
Contributor

@jjansen23 jjansen23 commented May 5, 2021

Description

Configure the firewall to never SNAT regardless of the destination IP address, preventing Azure Firewall from routing traffic directly to the internet

Issue reference

The issue this PR will close: #118

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • [x ] Code compiles or validates correctly
  • BASH scripts have been validated using shellcheck
  • [x ] All tests pass (manual and automated)
  • The documentation is updated to cover any new or changed features
  • Markdown files have been linted using the recommended linter. (See .vscode/extensions.json.)
  • [x ] Relevant issues are linked to this PR

@jjansen23 jjansen23 requested a review from glennmusa May 5, 2021 18:48
@jjansen23
Copy link
Copy Markdown
Contributor Author

jjansen23 commented May 5, 2021

disablesnat

@glennmusa
Copy link
Copy Markdown
Contributor

glennmusa commented May 5, 2021

Looks like a good change to me 👍.

Can we update the PR title to something understandable two months from now?

Since we squash and merge into main in this repository, the title of your PR is what makes it into the git log and it helps to have a succinct, yet descriptive commit message if we need to hunt for a bug or unwind changes.

glennmusa
glennmusa reviewed May 5, 2021
View reviewed changes
Comment thread src/modules/firewall/variables.tf Outdated
@jjansen23 jjansen23 changed the title Disablesnat Disable SNAT regardless of the destination IP address (Firewall) May 6, 2021
@jjansen23 jjansen23 changed the title Disable SNAT regardless of the destination IP address (Firewall) Disable SNAT regardless of the destination IP address (Firewall) since forced tunneling is turned on May 6, 2021
@jjansen23 jjansen23 marked this pull request as ready for review May 6, 2021 09:43
glennmusa
glennmusa approved these changes May 6, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@glennmusa glennmusa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Thanks @jjansen23 for the contribution!

@jjansen23 jjansen23 merged commit b9dcd44 into main May 7, 2021
@jjansen23 jjansen23 deleted the disablesnat branch May 7, 2021 09:43
jwaltireland pushed a commit to ARPA-H/AzureMissionLZ that referenced this pull request Nov 14, 2024
@jjansen23
Disable SNAT regardless of the destination IP address (Firewall) sinc…
5c99272 
…e forced tunneling is turned on (Azure#194)

* testing snat

* corrected string type

* corrected list type

* changed variable for private_ip_ranges to be more readbale to user

Co-authored-by: jjansen23 <jerome@DESKTOP-IMETN7E.localdomain>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@glennmusa glennmusa glennmusa approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Disable SNAT regardless of the destination IP address

2 participants

@jjansen23 @glennmusa