Firewall Fun

salt/firewall/defaults.yaml

@@ -1,113 +0,0 @@
-firewall:
-  grid:
-    hosts:
-      analyst_workstations: []
-      analyst: []
-      standalone: []
-      eval: []
-      idh: []
-      manager: []
-      heavynodes: []
-      searchnodes: []
-      receivers: []
-
-    portgroups:
-      standalone:
-        - playbook
-        - mysql 
-        - kibana
-        - redis 
-        - influxdb
-        - elasticsearch_rest
-        - elasticsearch_node
-        - docker_registry
-        - yum
-        - sensoroni
-        - beats_5044
-        - beats_5644
-        - elastic_agent_control
-        - elastic_agent_data
-        - elasticsearch_rest
-        - endgame
-        - strelka_frontend
-        - syslog
-        - nginx
-      analyst_workstation: []
-    ports:
-      all:
-        tcp:
-          - '0:65535'
-        udp:
-          - '0:65535'
-      agrules:
-        tcp:
-          - 7788
-      beats_5044:
-        tcp:
-          - 5044
-      beats_5644:
-        tcp:
-          - 5644
-      beats_5066:
-        tcp:
-          - 5066
-      docker_registry:
-        tcp:
-          - 5000
-      elasticsearch_node:
-        tcp:
-          - 9300
-      elasticsearch_rest:
-        tcp:
-          - 9200
-      elastic_agent_control:
-        tcp:
-          - 8220
-      elastic_agent_data:
-        tcp:
-          - 5055
-      endgame:
-        tcp:
-          - 3765
-      influxdb:
-        tcp:
-          - 8086
-      kibana:
-        tcp:
-          - 5601
-      mysql:
-        tcp:
-          - 3306
-      nginx:
-        tcp:
-          - 80
-          - 443
-      playbook:
-        tcp:
-          - 3200
-      redis:
-        tcp:
-          - 6379
-          - 9696
-      salt_manager:
-        tcp:
-          - 4505
-          - 4506
-      sensoroni:
-        tcp:
-          - 443
-      ssh:
-        tcp:
-          - 22
-      strelka_frontend:
-        tcp:
-          - 57314
-      syslog:
-        tcp:
-          - 514
-        udp:
-          - 514
-      yum:
-        tcp:
-          - 443
-

salt/firewall/portgroups/standalone

@@ -0,0 +1,19 @@
+playbook
+mysql 
+kibana
+redis 
+influxdb
+elasticsearch_rest
+elasticsearch_node
+docker_registry
+yum
+sensoroni
+beats_5044
+beats_5644
+elastic_agent_control
+elastic_agent_data
+elasticsearch_rest
+endgame
+strelka_frontend
+syslog
+nginx

salt/firewall/ports/ports.yaml

@@ -0,0 +1,78 @@
+firewall:
+  ports:
+    all:
+      tcp:
+        - '0:65535'
+      udp:
+        - '0:65535'
+    agrules:
+      tcp:
+        - 7788
+    beats_5044:
+      tcp:
+        - 5044
+    beats_5644:
+      tcp:
+        - 5644
+    beats_5066:
+      tcp:
+        - 5066
+    docker_registry:
+      tcp:
+        - 5000
+    elasticsearch_node:
+      tcp:
+        - 9300
+    elasticsearch_rest:
+      tcp:
+        - 9200
+    elastic_agent_control:
+      tcp:
+        - 8220
+    elastic_agent_data:
+      tcp:
+        - 5055
+    endgame:
+      tcp:
+        - 3765
+    influxdb:
+      tcp:
+        - 8086
+    kibana:
+      tcp:
+        - 5601
+    mysql:
+      tcp:
+        - 3306
+    nginx:
+      tcp:
+        - 80
+        - 443
+    playbook:
+      tcp:
+        - 3200
+    redis:
+      tcp:
+        - 6379
+        - 9696
+    salt_manager:
+      tcp:
+        - 4505
+        - 4506
+    sensoroni:
+      tcp:
+        - 443
+    ssh:
+      tcp:
+        - 22
+    strelka_frontend:
+      tcp:
+        - 57314
+    syslog:
+      tcp:
+        - 514
+      udp:
+        - 514
+    yum:
+      tcp:
+        - 443

salt/firewall/soc_firewall.yaml

@@ -1,42 +1,86 @@
 firewall:
-  grid:
-    hosts:
-      analyst_workstations:
-        description: List of IP Addresses or CIDR blocks to allow analyst workstations.
-        global: True
-        title: Analyst Workstations
-      analyst: 
-        description: List of IP Addresses or CIDR blocks to allow analyst connections.
-        global: True
-        title: Analysts
-      standalone: 
-        description: List of IP Addresses or CIDR blocks to allow standalone connections.
-        global: True
-        title: Standalone
-        advanced: True
-      eval: 
-        description: List of IP Addresses or CIDR blocks to allow eval connections.
-        global: True
-        title: Eval
-        advanced: True
-      idh: 
-        description: List of IP Addresses or CIDR blocks to allow idh connections.
-        global: True
-        title: IDH Nodes
-      manager: 
-        description: List of IP Addresses or CIDR blocks to allow manager connections.
-        global: True
-        title: Manager
-        advanced: True
-      heavynodes: 
-        description: List of IP Addresses or CIDR blocks to allow heavynode connections.
-        global: True
-        title: Heavy Nodes
-      searchnodes: 
-        description: List of IP Addresses or CIDR blocks to allow searchnode connections.
-        global: True
-        title: Searchnodes
-      receivers: 
-        description: List of IP Addresses or CIDR blocks to allow receiver connections.
-        global: True
-        title: Receivers
+  hostgroups:
+    analyst_workstations:
+      description: List of IP Addresses or CIDR blocks to allow analyst workstations.
+      file: True
+      title: Analyst Workstations
+    analyst: 
+      description: List of IP Addresses or CIDR blocks to allow analyst connections.
+      file: True
+      title: Analysts
+    standalone: 
+      description: List of IP Addresses or CIDR blocks to allow standalone connections.
+      file: True
+      title: Standalone
+      advanced: True
+    eval: 
+      description: List of IP Addresses or CIDR blocks to allow eval connections.
+      file: True
+      title: Eval
+      advanced: True
+    idh: 
+      description: List of IP Addresses or CIDR blocks to allow idh connections.
+      file: True
+      title: IDH Nodes
+    manager: 
+      description: List of IP Addresses or CIDR blocks to allow manager connections.
+      file: True
+      title: Manager
+      advanced: True
+    heavynodes: 
+      description: List of IP Addresses or CIDR blocks to allow heavynode connections.
+      file: True
+      title: Heavy Nodes
+    searchnodes: 
+      description: List of IP Addresses or CIDR blocks to allow searchnode connections.
+      file: True
+      title: Searchnodes
+    receivers: 
+      description: List of IP Addresses or CIDR blocks to allow receiver connections.
+      file: True
+      title: Receivers
+  portgroups:
+   analyst_workstations:
+      description: List of ports for analyst workstations.
+      file: True
+      title: Analyst Workstations
+    analyst: 
+      description: List of ports for analyst connections.
+      file: True
+      title: Analysts
+    standalone: 
+      description: List of ports for standalone connections.
+      file: True
+      title: Standalone
+      advanced: True
+    eval: 
+      description: List of ports for eval connections.
+      file: True
+      title: Eval
+      advanced: True
+    idh: 
+      description: List of ports for idh connections.
+      file: True
+      title: IDH Nodes
+    manager: 
+      description: List of ports for manager connections.
+      file: True
+      title: Manager
+      advanced: True
+    heavynodes: 
+      description: List of ports for heavynode connections.
+      file: True
+      title: Heavy Nodes
+    searchnodes: 
+      description: List of ports for searchnode connections.
+      file: True
+      title: Searchnodes
+    receivers: 
+      description: List of ports for receiver connections.
+      file: True
+      title: Receivers
+  ports:
+    ports__yaml:
+      description: List of ports in YAML used for port groups.
+      file: True
+      title: Ports