From ba6b94f779b9a9777c94cd63cd3113bda745eaab Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 17 Feb 2021 08:34:36 +0100 Subject: [PATCH] updated firewall policy for adb --- .../FirewallPolicy/deploy.firewallPolicy.json | 146 ++++++++++++++++++ 1 file changed, 146 insertions(+) diff --git a/infra/FirewallPolicy/deploy.firewallPolicy.json b/infra/FirewallPolicy/deploy.firewallPolicy.json index 02b5a6d..c0a0e2b 100644 --- a/infra/FirewallPolicy/deploy.firewallPolicy.json +++ b/infra/FirewallPolicy/deploy.firewallPolicy.json @@ -169,6 +169,67 @@ "443" ], "description": "Allow OAuth flow for the User to the Workspace Private Endpoint and features like Mount Points, Credential Passthrough, etc." + }, + { + "name": "Databricks-NetworkRule-002", + "ruleType": "NetworkRule", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "destinationAddresses": [ + "AzureDatabricks", + "Storage" + ], + "destinationIpGroups": [], + "destinationFqdns": [], + "destinationPorts": [ + "443" + ], + "description": "Required for workers communication with Azure Storage services and Databricks Webapp" + }, + { + "name": "Databricks-NetworkRule-003", + "ruleType": "NetworkRule", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "destinationAddresses": [ + "Sql" + ], + "destinationIpGroups": [], + "destinationFqdns": [], + "destinationPorts": [ + "3306" + ], + "description": "Required for workers communication with Azure SQL services" + }, + { + "name": "Databricks-NetworkRule-004", + "ruleType": "NetworkRule", + "ipProtocols": [ + "TCP" + ], + "sourceAddresses": [ + "*" + ], + "sourceIpGroups": [], + "destinationAddresses": [ + "EventHub" + ], + "destinationIpGroups": [], + "destinationFqdns": [], + "destinationPorts": [ + "9093" + ], + "description": "Required for workers communication with Azure Eventhub services" } ] } @@ -377,6 +438,91 @@ "description": "Allows download of SHIR install script from GitHub" } ] + }, + { + "name": "Databricks-ApplicationRules", + "priority": 20400, + "action": { + "type": "Allow" + }, + "ruleCollectionType": "FirewallPolicyFilterRuleCollection", + "rules": [ + { + "name": "Databricks-ApplicationRule-001", + "ruleType": "ApplicationRule", + "protocols": [ + { + "protocolType": "Http", + "port": 80 + }, + { + "protocolType": "Https", + "port": 443 + } + ], + "fqdnTags": [], + "targetFqdns": [ + "tunnel.australiaeast.azuredatabricks.net", + "tunnel.brazilsouth.azuredatabricks.net", + "tunnel.canadacentral.azuredatabricks.net", + "tunnel.centralindia.azuredatabricks.net", + "tunnel.eastus2.azuredatabricks.net", + "tunnel.eastus2c2.azuredatabricks.net", + "tunnel.eastusc3.azuredatabricks.net", + "tunnel.centralusc2.azuredatabricks.net", + "tunnel.northcentralusc2.azuredatabricks.net", + "tunnel.southeastasia.azuredatabricks.net", + "tunnel.francecentral.azuredatabricks.net", + "tunnel.japaneast.azuredatabricks.net", + "tunnel.koreacentral.azuredatabricks.net", + "tunnel.northeuropec2.azuredatabricks.net", + "tunnel.westus.azuredatabricks.net", + "tunnel.westeurope.azuredatabricks.net", + "tunnel.westeuropec2.azuredatabricks.net", + "tunnel.southafricanorth.azuredatabricks.net", + "tunnel.switzerlandnorth.azuredatabricks.net", + "tunnel.uaenorth.azuredatabricks.net", + "tunnel.ukwest.azuredatabricks.net" + ], + "targetUrls": [], + "terminateTLS": false, + "sourceAddresses": [ + "*" + ], + "destinationAddresses": [], + "sourceIpGroups": [], + "description": "Allows Secure Cluster Connectivity option" + }, + { + "name": "Databricks-ApplicationRule-002", + "ruleType": "ApplicationRule", + "protocols": [ + { + "protocolType": "Http", + "port": 80 + }, + { + "protocolType": "Https", + "port": 443 + } + ], + "fqdnTags": [], + "targetFqdns": [ + "archive.ubuntu.com", + "github.com", + "*.maven.apache.org", + "conjars.org" + ], + "targetUrls": [], + "terminateTLS": false, + "sourceAddresses": [ + "*" + ], + "destinationAddresses": [], + "sourceIpGroups": [], + "description": "Allows Databricks Setup Notebook to run successfully" + } + ] } ] }