networking-config

# Networking Configuration Skill

## VPC (Virtual Private Cloud)

### Create VPC

```bash
doctl vpcs create \
  --name production-vpc \
  --region nyc1 \
  --ip-range 10.10.10.0/24 \
  --description "Production network"
```

### VPC Best Practices

```
┌─────────────────────────────────────────────────────────┐
│                    VPC: 10.10.10.0/24                   │
├─────────────────────────────────────────────────────────┤
│  10.10.10.0/26    │ Web Servers (Droplets)              │
│  10.10.10.64/26   │ App Servers (Droplets)              │
│  10.10.10.128/26  │ Databases (Managed)                 │
│  10.10.10.192/26  │ Reserved                            │
└─────────────────────────────────────────────────────────┘
```

### Terraform VPC

```hcl
resource "digitalocean_vpc" "production" {
  name     = "production-vpc"
  region   = "nyc1"
  ip_range = "10.10.10.0/24"
}

# Create resources in VPC
resource "digitalocean_droplet" "web" {
  name     = "web-server"
  vpc_uuid = digitalocean_vpc.production.id
  # ...
}

resource "digitalocean_database_cluster" "postgres" {
  name                 = "app-db"
  private_network_uuid = digitalocean_vpc.production.id
  # ...
}
```

## Cloud Firewalls

### Web Server Firewall

```bash
doctl compute firewall create \
  --name web-firewall \
  --inbound-rules "protocol:tcp,ports:22,address:10.0.0.0/8" \
  --inbound-rules "protocol:tcp,ports:80,address:0.0.0.0/0" \
  --inbound-rules "protocol:tcp,ports:443,address:0.0.0.0/0" \
  --outbound-rules "protocol:tcp,ports:all,address:0.0.0.0/0" \
  --outbound-rules "protocol:udp,ports:53,address:0.0.0.0/0" \
  --droplet-ids <droplet-id>
```

### Database Firewall (Internal Only)

```bash
doctl compute firewall create \
  --name db-firewall \
  --inbound-rules "protocol:tcp,ports:5432,address:10.10.10.0/24" \
  --outbound-rules "protocol:tcp,ports:all,address:0.0.0.0/0" \
  --droplet-ids <db-droplet-id>
```

### Terraform Firewall

```hcl
resource "digitalocean_firewall" "web" {
  na