CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fleet pipeline fixes

Browse Source
This commit is contained in:
Josh Brower
2020-04-03 16:10:38 -04:00
parent 69c90fcdc1
commit 051f6d2310
5 changed files with 23 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
salt/firewall/init.sls
View File

@@ -8,6 +8,8 @@
{%- elif grains['role'] == 'so-fleet' %}
{%- set ip = salt['pillar.get']('node:mainip', '') %}
{%- endif %}
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
{%- set FLEET_NODE_IP = salt['pillar.get']('static:fleet_ip') %}
# Quick Fix for Docker being difficult
iptables_fix_docker:
@@ -424,6 +426,22 @@ enable_forwardnode_sensoroni_9822_{{ip}}:
{% endfor %}
# Allow Fleet Node to send its beats traffic
{% if FLEET_NODE %}
enable_fleetnode_beats_5644_{{FLEET_NODE_IP}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ FLEET_NODE_IP }}
- dport: 5644
- position: 1
- save: True
{% endif %}
{% for ip in pillar.get('search_nodes') %}
enable_searchnode_redis_6379_{{ip}}: