#resource "google_compute_firewall" "deny" {
#  name        = "deny-all"
#  network     = "default"
#  direction   = "INGRESS"
#  deny {
#    protocol = "all"
#  }
#  target_tags   = ["skz-opack"]
#  source_ranges = ["0.0.0.0/0"]
#  priority = 1001
#}

resource "google_compute_firewall" "icmp" {
  name        = "allow-icmp"
  network     = "default"
  direction   = "INGRESS"
  allow {
    protocol = "icmp"
  }
  target_tags   = ["skz-opack"]
  source_ranges = ["0.0.0.0/0"]
}

resource "google_compute_firewall" "wireguard" {
  name        = "allow-wireguard"
  network     = "default"
  direction   = "INGRESS"
  allow {
    protocol = "udp"
    ports    = ["5353"]
  }
  target_tags   = ["skz-opack"]
  source_ranges = ["0.0.0.0/0"]
}

resource "google_compute_firewall" "ssh" {
  name        = "allow-ssh"
  network     = "default"
  direction   = "INGRESS"
  allow {
    protocol = "tcp"
    ports    = ["22"]
  }
  target_tags   = ["skz-opack"]
  source_ranges = ["0.0.0.0/0"]
}