From 0d056123934fb754469191ac3ceb6e63abc04e40 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 1 Apr 2021 10:00:55 -0400
Subject: [PATCH 1/3] Reserve ports for Zeek

---
 salt/common/files/99-reserved-ports.conf | 2 +-
 salt/common/init.sls                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/common/files/99-reserved-ports.conf b/salt/common/files/99-reserved-ports.conf
index a846341a5..208ef0acc 100644
--- a/salt/common/files/99-reserved-ports.conf
+++ b/salt/common/files/99-reserved-ports.conf
@@ -1 +1 @@
-net.ipv4.ip_local_reserved_ports=55000,57314
+net.ipv4.ip_local_reserved_ports=55000,57314,47760,47761,47762
diff --git a/salt/common/init.sls b/salt/common/init.sls
index 3e6774219..6d0e567c5 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -268,7 +268,7 @@ docker:
 # Reserve OS ports for Docker proxy in case boot settings are not already applied/present
 dockerapplyports:
     cmd.run:
-      - name: if [ ! -s /etc/sysctl.d/99-reserved-ports.conf ]; then sysctl -w net.ipv4.ip_local_reserved_ports="55000,57314"; fi
+      - name: if [ ! -s /etc/sysctl.d/99-reserved-ports.conf ]; then sysctl -w net.ipv4.ip_local_reserved_ports="55000,57314,47760,47761,47762"; fi
 
 # Reserve OS ports for Docker proxy
 dockerreserveports:

From 40313fc2f5fd9b087f89bb1adda7f4ce0269da52 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 1 Apr 2021 10:29:58 -0400
Subject: [PATCH 2/3] Reserve ports for Zeek

---
 salt/common/files/99-reserved-ports.conf | 2 +-
 salt/common/init.sls                     | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/salt/common/files/99-reserved-ports.conf b/salt/common/files/99-reserved-ports.conf
index 208ef0acc..ac4391693 100644
--- a/salt/common/files/99-reserved-ports.conf
+++ b/salt/common/files/99-reserved-ports.conf
@@ -1 +1 @@
-net.ipv4.ip_local_reserved_ports=55000,57314,47760,47761,47762
+net.ipv4.ip_local_reserved_ports=55000,57314,55000,57314,47760-47860
\ No newline at end of file
diff --git a/salt/common/init.sls b/salt/common/init.sls
index 6d0e567c5..7945a678a 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -266,9 +266,10 @@ docker:
       - file: docker_daemon
 
 # Reserve OS ports for Docker proxy in case boot settings are not already applied/present
+# 55000 = Wazuh, 57314 = Strelka, 47760-47860 = Zeek
 dockerapplyports:
     cmd.run:
-      - name: if [ ! -s /etc/sysctl.d/99-reserved-ports.conf ]; then sysctl -w net.ipv4.ip_local_reserved_ports="55000,57314,47760,47761,47762"; fi
+      - name: if [ ! -s /etc/sysctl.d/99-reserved-ports.conf ]; then sysctl -w net.ipv4.ip_local_reserved_ports="55000,57314,47760-47860"; fi
 
 # Reserve OS ports for Docker proxy
 dockerreserveports:

From 7c6b037ae55ef36727e49b4b3786cc3fd8eff57c Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 1 Apr 2021 10:30:52 -0400
Subject: [PATCH 3/3] Reserve ports for Zeek

---
 salt/common/files/99-reserved-ports.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/files/99-reserved-ports.conf b/salt/common/files/99-reserved-ports.conf
index ac4391693..82eb03f79 100644
--- a/salt/common/files/99-reserved-ports.conf
+++ b/salt/common/files/99-reserved-ports.conf
@@ -1 +1 @@
-net.ipv4.ip_local_reserved_ports=55000,57314,55000,57314,47760-47860
\ No newline at end of file
+net.ipv4.ip_local_reserved_ports=55000,57314,47760-47860
\ No newline at end of file