CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

rework so-firewall to work with pillar files

Browse Source
This commit is contained in:
m0duspwnens
2023-05-01 16:49:06 -04:00
parent 9a4ae2b832
commit 1f6463a9bb
4 changed files with 142 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
setup/so-functions
View File

@@ -2291,18 +2291,18 @@ set_initial_firewall_policy() {
case "$install_type" in
'EVAL' | 'MANAGER' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=$install_type --ip=$MAINIP --apply=true
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost $minion_type $MAINIP --apply
;;
esac
}
set_initial_firewall_access() {
if [[ ! -z "$ALLOW_CIDR" ]]; then
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=analyst --ip=$ALLOW_CIDR --apply=true
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost analyst $ALLOW_CIDR --apply
fi
if [[ ! -z "$MINION_CIDR" ]]; then
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=sensors --ip=$MINION_CIDR --apply=false
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=searchnodes --ip=$MINION_CIDR --apply=true
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensors $MINION_CIDR
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost searchnodes $MINION_CIDR --apply
fi
}