Adjust portgroup yaml

salt/firewall/portgroups/portgroups.yaml

@@ -1,23 +1,65 @@
-firewall:
+role:
-  portgroups:
-    role:
   eval:
-        ports:
+    chain:
+      DOCKER-USER:
+        hostgroups:
+          manager:
+            portgroups:
               - playbook
               - mysql
               - kibana
               - redis
+              - minio
               - influxdb
+              - cortex
               - elasticsearch_rest
               - elasticsearch_node
+              - cortex_es_rest
+              - cortex_es_node
+          minion:
+            portgroups:
+              - acng
               - docker_registry
               - influxdb
               - sensoroni
+          sensor:
+            portgroups:
               - beats_5044
               - beats_5644
+          search_node:
+            portgroups:
               - redis
+              - minio
+              - elasticsearch_node
+          heavy_node:
+            portgroups:
+              - redis
+              - minio
+              - elasticsearch_node
+          self:
+            portgroups:
               - syslog
+          beats_endpoint:
+            portgroups:
+              - beats_5044
+          beats_endpoint_ssl:
+            portgroups:
+              - beats_5644
+          elasticsearch_rest:
+            portgroups:
+              - elasticsearch_rest
+          elastic_agent_endpoint:
+            portgroups:
+              - elastic_agent_control
+              - elastic_agent_data
+          strelka_frontend:
+            portgroups:
               - strelka_frontend
+          syslog:
+            portgroups:
+              - syslog
+          analyst:
+            portgroups:
               - nginx
       INPUT:
         hostgroups:
@@ -39,16 +81,12 @@ firewall:
         hostgroups:
           manager:
             portgroups:
-                  - wazuh_agent
-                  - wazuh_api
-                  - wazuh_authd
               - playbook
               - mysql
               - kibana
               - redis
               - minio
               - influxdb
-                  - fleet_api
               - cortex
               - elasticsearch_rest
               - elasticsearch_node
@@ -58,10 +96,7 @@ firewall:
             portgroups:
               - acng
               - docker_registry
-                  - osquery_8080
               - influxdb
-                  - wazuh_api
-                  - fleet_api
               - sensoroni
               - yum
           sensor:
@@ -82,7 +117,7 @@ firewall:
               - beats_5644
           self:
             portgroups:
-                  - syslog}}
+              - syslog
           syslog:
             portgroups:
               - syslog
@@ -98,18 +133,6 @@ firewall:
           endgame:
             portgroups:
               - endgame
-              osquery_endpoint:
-                portgroups:
-                  - fleet_api
-              wazuh_agent:
-                portgroups:
-                  - wazuh_agent 
-              wazuh_api:
-                portgroups:
-                  - wazuh_api
-              wazuh_authd:
-                portgroups:
-                  - wazuh_authd
           analyst:
             portgroups:
               - nginx
@@ -133,16 +156,12 @@ firewall:
         hostgroups:
           manager:
             portgroups:
-                  - wazuh_agent
-                  - wazuh_api
-                  - wazuh_authd
               - playbook
               - mysql
               - kibana
               - redis
               - minio
               - influxdb
-                  - fleet_api
               - cortex
               - elasticsearch_rest
               - elasticsearch_node
@@ -152,10 +171,7 @@ firewall:
             portgroups:
               - acng
               - docker_registry
-                  - osquery_8080
               - influxdb
-                  - wazuh_api
-                  - fleet_api
               - sensoroni
               - yum
           sensor:
@@ -184,24 +200,16 @@ firewall:
           elasticsearch_rest:
             portgroups:
               - elasticsearch_rest
+          elastic_agent_endpoint:
+            portgroups:
+              - elastic_agent_control
+              - elastic_agent_data
           endgame:
             portgroups:
               - endgame
-              osquery_endpoint:
-                portgroups:
-                  - fleet_api
           syslog:
             portgroups:
               - syslog
-              wazuh_agent:
-                portgroups:
-                  - wazuh_agent
-              wazuh_api:
-                portgroups:
-                  - wazuh_api
-              wazuh_authd:
-                portgroups:
-                  - wazuh_authd
           analyst:
             portgroups:
               - nginx
@@ -225,16 +233,12 @@ firewall:
         hostgroups:
           manager:
             portgroups:
-                  - wazuh_agent
-                  - wazuh_api
-                  - wazuh_authd
               - playbook
               - mysql
               - kibana
               - redis
               - minio
               - influxdb
-                  - fleet_api
               - cortex
               - elasticsearch_rest
               - elasticsearch_node
@@ -244,10 +248,7 @@ firewall:
             portgroups:
               - acng
               - docker_registry
-                  - osquery_8080
               - influxdb
-                  - wazuh_api
-                  - fleet_api
               - sensoroni
               - yum              
           sensor:
@@ -276,27 +277,19 @@ firewall:
           elasticsearch_rest:
             portgroups:
               - elasticsearch_rest
+          elastic_agent_endpoint:
+            portgroups:
+              - elastic_agent_control
+              - elastic_agent_data
           endgame:
             portgroups:
               - endgame
-              osquery_endpoint:
-                portgroups:
-                  - fleet_api
           strelka_frontend:
             portgroups:
               - strelka_frontend
           syslog:
             portgroups:
               - syslog
-              wazuh_agent:
-                portgroups:
-                  - wazuh_agent
-              wazuh_api:
-                portgroups:
-                  - wazuh_api
-              wazuh_authd:
-                portgroups:
-                  - wazuh_authd
           analyst:
             portgroups:
               - nginx
@@ -320,13 +313,11 @@ firewall:
         hostgroups:
           manager:
             portgroups:
-                  - wazuh_agent
               - playbook
               - mysql
               - kibana
               - redis
               - influxdb
-                  - fleet_api
               - cortex
               - elasticsearch_rest
               - elasticsearch_node
@@ -336,9 +327,7 @@ firewall:
             portgroups:
               - acng
               - docker_registry
-                  - osquery_8080
               - influxdb
-                  - wazuh_api
               - sensoroni
           sensor:
             portgroups:
@@ -354,12 +343,6 @@ firewall:
           beats_endpoint:
             portgroups:
               - beats_5044
-              osquery_endpoint:
-                portgroups:
-                  - fleet_api
-              wazuh_agent:
-                portgroups:
-                  - wazuh_agent 
           analyst:
             portgroups:
               - nginx
@@ -397,7 +380,7 @@ firewall:
               - elasticsearch_node
           self:
             portgroups:
-                  - syslog}}
+              - syslog
       INPUT:
         hostgroups:
           anywhere:
@@ -447,7 +430,7 @@ firewall:
               - elasticsearch_rest
           self:
             portgroups:
-                  - syslog}}
+              - syslog
           strelka_frontend:
             portgroups:
               - strelka_frontend
@@ -462,39 +445,6 @@ firewall:
           localhost:
             portgroups:
               - all
-      fleet:
-        chain:
-          DOCKER-USER:
-            hostgroups:
-              self:
-                portgroups:
-                  - redis
-                  - mysql
-                  - osquery_8080
-              localhost:
-                portgroups:
-                  - mysql
-                  - osquery_8080
-              analyst:
-                portgroups:
-                  - fleet_webui
-              minion:
-                portgroups:
-                  - fleet_api
-              osquery_endpoint:
-                portgroups:
-                  - fleet_api}}
-          INPUT:
-            hostgroups:
-              anywhere:
-                portgroups:
-                  - ssh
-              dockernet:
-                portgroups:
-                  - all
-              localhost:
-                portgroups:
-                  - all
   import:
     chain:
       DOCKER-USER:
@@ -559,7 +509,7 @@ firewall:
           self:
             portgroups:
               - redis
-                  - syslog}}
+              - syslog
               - beats_5644
           syslog:
             portgroups:
@@ -573,15 +523,6 @@ firewall:
           endgame:
             portgroups:
               - endgame
-              wazuh_agent:
-                portgroups:
-                  - wazuh_agent
-              wazuh_api:
-                portgroups:
-                  - wazuh_api
-              wazuh_authd:
-                portgroups:
-                  - wazuh_authd
       INPUT:
         hostgroups:
           anywhere:
@@ -599,7 +540,7 @@ firewall:
         hostgroups:
           anywhere:
             portgroups:
-                  - idh
+              - ssh
           dockernet:
             portgroups:
               - all