feat: ACL rules created by the DA will be updated in place. It is not a breaking change. You will see this log when upgrading to the new version in the DA. Current ACL rules have a bug where client side ports are restricted to same as server side port which is wrong as client side port is generated dynamically. With this change, that bug will be corrected. No existing traffic is blocked, only extra traffic will be allowed after this change. (#1106)

Author: vkuma17

solutions/fully-configurable/variables.tf

@@ -199,79 +199,67 @@ variable "network_acls" {
       prepend_ibm_rules            = true
       rules = [
         {
-          name      = "allow-all-443-inbound"
+          name      = "allow-22-inbound"
           action    = "allow"
           direction = "inbound"
           tcp = {
-            port_min        = 443
-            port_max        = 443
-            source_port_min = 443
-            source_port_max = 443
+            port_min = 22
+            port_max = 22
           }
           destination = "0.0.0.0/0"
           source      = "0.0.0.0/0"
         },
         {
-          name      = "allow-all-80-inbound"
+          name      = "allow-22-inbound-response"
           action    = "allow"
-          direction = "inbound"
+          direction = "outbound"
           tcp = {
-            port_min        = 80
-            port_max        = 80
-            source_port_min = 80
-            source_port_max = 80
+            source_port_min = 22
+            source_port_max = 22
           }
           destination = "0.0.0.0/0"
           source      = "0.0.0.0/0"
         },
         {
-          name      = "allow-all-22-inbound"
+          name      = "allow-80-inbound"
           action    = "allow"
           direction = "inbound"
           tcp = {
-            port_min        = 22
-            port_max        = 22
-            source_port_min = 22
-            source_port_max = 22
+            port_min = 80
+            port_max = 80
           }
           destination = "0.0.0.0/0"
           source      = "0.0.0.0/0"
         },
         {
-          name      = "allow-all-443-outbound"
+          name      = "allow-80-inbound-response"
           action    = "allow"
           direction = "outbound"
           tcp = {
-            source_port_min = 443
-            source_port_max = 443
-            port_min        = 443
-            port_max        = 443
+            source_port_min = 80
+            source_port_max = 80
           }
           destination = "0.0.0.0/0"
           source      = "0.0.0.0/0"
         },
         {
-          name      = "allow-all-80-outbound"
+          name      = "allow-443-inbound"
           action    = "allow"
-          direction = "outbound"
+          direction = "inbound"
           tcp = {
-            source_port_min = 80
-            source_port_max = 80
-            port_min        = 80
-            port_max        = 80
+            port_min = 443
+            port_max = 443
           }
           destination = "0.0.0.0/0"
           source      = "0.0.0.0/0"
         },
         {
-          name      = "allow-all-22-outbound"
+          name      = "allow-443-inbound-response"
           action    = "allow"
           direction = "outbound"
           tcp = {
-            source_port_min = 22
-            source_port_max = 22
-            port_min        = 22
-            port_max        = 22
+            source_port_min = 443
+            source_port_max = 443
           }
           destination = "0.0.0.0/0"
           source      = "0.0.0.0/0"