🔧 Only allow trafiic on port 53 to/from DNS server

data_safe_haven/pulumi/components/sre_dns_server.py

@@ -98,7 +98,7 @@ def __init__(
                     access=network.SecurityRuleAccess.ALLOW,
                     description="Allow inbound connections from attached.",
                     destination_address_prefix=props.ip_range_prefix,
-                    destination_port_ranges=["53", "3000"],
+                    destination_port_ranges=["53"],
                     direction=network.SecurityRuleDirection.INBOUND,
                     name="AllowSREInbound",
                     priority=NetworkingPriorities.INTERNAL_SRE_ANY,
@@ -235,10 +235,6 @@ def __init__(
                             port=53,
                             protocol=containerinstance.ContainerGroupNetworkProtocol.UDP,
                         ),
-                        containerinstance.ContainerPortArgs(
-                            port=80,
-                            protocol=containerinstance.ContainerGroupNetworkProtocol.TCP,
-                        ),
                     ],
                     resources=containerinstance.ResourceRequirementsArgs(
                         requests=containerinstance.ResourceRequestsArgs(

data_safe_haven/pulumi/components/sre_networking.py

@@ -1034,7 +1034,7 @@ def __init__(
                     access=network.SecurityRuleAccess.ALLOW,
                     description="Allow outbound connections to DNS servers.",
                     destination_address_prefix=dns_servers_prefix,
-                    destination_port_ranges=["53", "3000"],
+                    destination_port_ranges=["53"],
                     direction=network.SecurityRuleDirection.OUTBOUND,
                     name="AllowDNSServersOutbound",
                     priority=NetworkingPriorities.INTERNAL_SRE_DNS_SERVERS,