CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Firewall Module - Fix some docker iptables issues

Browse Source
This commit is contained in:
Mike Reeves
2019-10-09 13:33:07 -04:00
parent 590268550a
commit 32d1641b6e
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
salt/firewall/init.sls
View File

@@ -6,6 +6,21 @@
{%- elif grains['role'] == 'so-sensor' %} {%- elif grains['role'] == 'so-sensor' %}
{%- set ip = salt['pillar.get']('sensor:mainip', '') %} {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
{%- endif %} {%- endif %}
# Quick Fix for Docker being difficult
iptables_fix_docker:
iptables.chain_present:
- name: DOCKER-USER
- table: filter
# Add the Forward Rule since Docker ripped it out
iptables_fix_fwd:
iptables.insert:
- table: filter
- chain: FORWARD
- jump: ACCEPT
- position: 1
- target: DOCKER-USER
# Keep localhost in the game # Keep localhost in the game
iptables_allow_localhost: iptables_allow_localhost:
iptables.append: iptables.append:
@@ -238,7 +253,7 @@ enable_master_playbook_3200_{{ip}}:
- dport: 3200 - dport: 3200
- position: 1 - position: 1
- save: True - save: True
enable_master_navigator_4200_{{ip}}: enable_master_navigator_4200_{{ip}}:
iptables.insert: iptables.insert:
- table: filter - table: filter