Merge pull request #9492 from ministryofjustice/cica-ras-nat

moontune · web-flow · commit 54810c51aab7 · 2025-03-06T16:23:27.000Z
🛂 CICA Tariff add NATted RAS range
diff --git a/terraform/environments/core-network-services/cidr-ranges.tf b/terraform/environments/core-network-services/cidr-ranges.tf
@@ -97,6 +97,7 @@ locals {
     cica-onprem-uat       = "192.168.4.0/24"
     cica-onprem-prod      = "10.2.30.0/24"
     cica-end-user-devices = "10.9.14.0/23"
+    cica-ras-nat          = "10.7.14.224/28"
 
 
 
diff --git a/terraform/environments/core-network-services/firewall-rules/development_rules.json b/terraform/environments/core-network-services/firewall-rules/development_rules.json
@@ -573,45 +573,31 @@
     "destination_port": "ANY",
     "protocol": "TCP"
   },
-  "cica_devices_to_cica_tariff_dev_oracle": {
+  "cica_devices_to_cica_tariff_dev": {
     "action": "PASS",
     "source_ip": "${cica-end-user-devices}",
     "destination_ip": "${cica-development}",
-    "destination_port": "1521",
-    "protocol": "TCP"
-  },
-  "cica_devices_to_cica_tariff_dev_forms": {
-    "action": "PASS",
-    "source_ip": "${cica-end-user-devices}",
-    "destination_ip": "${cica-development}",
-    "destination_port": "8001",
-    "protocol": "TCP"
-  },
-  "cica_devices_to_cica_tariff_dev_reports": {
-    "action": "PASS",
-    "source_ip": "${cica-end-user-devices}",
-    "destination_ip": "${cica-development}",
-    "destination_port": "8002",
+    "destination_port": "$TARIFF_TCP",
     "protocol": "TCP"
   },
-  "cica_devices_to_cica_tariff_dev_weblogic": {
+  "cica_ras_to_cica_tariff_dev": {
     "action": "PASS",
-    "source_ip": "${cica-end-user-devices}",
+    "source_ip": "${cica-ras-nat}",
     "destination_ip": "${cica-development}",
-    "destination_port": "7001",
+    "destination_port": "$TARIFF_TCP",
     "protocol": "TCP"
   },
-  "cica_devices_to_cica_tariff_dev_weblogic2": {
+  "cica_tariff_dev_to_cica_devices": {
     "action": "PASS",
-    "source_ip": "${cica-end-user-devices}",
-    "destination_ip": "${cica-development}",
-    "destination_port": "7002",
+    "source_ip": "${cica-development}",
+    "destination_ip": "${cica-end-user-devices}",
+    "destination_port": "ANY",
     "protocol": "TCP"
   },
-  "cica_tariff_dev_to_cica_devices": {
+  "cica_tariff_dev_to_cica_ras_nat": {
     "action": "PASS",
     "source_ip": "${cica-development}",
-    "destination_ip": "${cica-end-user-devices}",
+    "destination_ip": "${cica-ras-nat}",
     "destination_port": "ANY",
     "protocol": "TCP"
   },
diff --git a/terraform/environments/core-network-services/firewall-rules/sets.json b/terraform/environments/core-network-services/firewall-rules/sets.json
@@ -34,6 +34,7 @@
       "49152:65535"
     ],
     "DOMAIN_CONTROLLER_UDP": ["53", "88", "123", "389", "464"],
-    "RD_LICENSING_TCP": ["135", "139", "445", "49152:65535"]
+    "RD_LICENSING_TCP": ["135", "139", "445", "49152:65535"],
+    "TARIFF_TCP": ["1521", "7001", "7002", "8001", "8002"]
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@`
`34`	`34`	`"49152:65535"`
`35`	`35`	`],`
`36`	`36`	`"DOMAIN_CONTROLLER_UDP": ["53", "88", "123", "389", "464"],`
`37`		`- "RD_LICENSING_TCP": ["135", "139", "445", "49152:65535"]`
	`37`	`+ "RD_LICENSING_TCP": ["135", "139", "445", "49152:65535"],`
	`38`	`+ "TARIFF_TCP": ["1521", "7001", "7002", "8001", "8002"]`
`38`	`39`	`}`
`39`	`40`	`}`