CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-08 09:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Firewall Fun

Browse Source
This commit is contained in:
Mike Reeves
2022-09-16 13:33:26 -04:00
parent 70c95c7c7b
commit 6649ffd8b5
1 changed files with 112 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

289
salt/firewall/defaults.yaml
View File

@@ -1,178 +1,113 @@
firewall:
rules:
analyst_workstations: []
standalone:
- 1.2.3.4
sensor:
- 1.2.3.3
- 2.3.4.5
searchnode:
- 3.4.5.6
- 7.8.9.10
manager:
- 1.33.2.11
hostgroups:
anywhere:
ips:
delete:
insert:
- 0.0.0.0/0
dockernet:
ips:
delete:
insert:
- 172.17.0.0/24
localhost:
ips:
delete:
insert:
- 127.0.0.1
self:
ips:
delete:
insert: []
analyst:
ips:
delete: []
insert: [127.0.0.1]
beats_endpoint:
ips:
delete: []
insert: [127.0.0.1]
beats_endpoint_ssl:
ips:
delete: []
insert: []
elastic_agent_endpoint:
ips:
delete: []
insert: [127.0.0.1]
elasticsearch_rest:
ips:
delete: []
insert: []
endgame:
ips:
delete: []
insert: [127.0.0.1]
fleet:
ips:
delete: []
insert: []
heavy_node:
ips:
delete: []
insert: []
idh:
ips:
delete: []
insert: []
manager:
ips:
delete: []
insert: [127.0.0.1]
minion:
ips:
delete: []
insert: [127.0.0.1]
node:
ips:
delete: []
insert: []
receiver:
ips:
delete: []
insert: []
search_node:
ips:
delete: []
insert: [127.0.0.1]
sensor:
ips:
delete: []
insert: [127.0.0.1]
strelka_frontend:
ips:
delete: []
insert: []
syslog:
ips:
delete: []
insert: []
portgroups:
all:
tcp:
- '0:65535'
udp:
- '0:65535'
agrules:
tcp:
- 7788
beats_5044:
tcp:
- 5044
beats_5644:
tcp:
- 5644
beats_5066:
tcp:
- 5066
docker_registry:
tcp:
- 5000
elasticsearch_node:
tcp:
- 9300
elasticsearch_rest:
tcp:
- 9200
elastic_agent_control:
tcp:
- 8220
elastic_agent_data:
tcp:
- 5055
endgame:
tcp:
- 3765
influxdb:
tcp:
- 8086
kibana:
tcp:
- 5601
mysql:
tcp:
- 3306
nginx:
tcp:
- 80
- 443
playbook:
tcp:
- 3200
redis:
tcp:
- 6379
- 9696
salt_manager:
tcp:
- 4505
- 4506
sensoroni:
tcp:
- 443
ssh:
tcp:
- 22
strelka_frontend:
tcp:
- 57314
syslog:
tcp:
- 514
udp:
- 514
yum:
tcp:
- 443
grid:
hosts:
analyst_workstations: []
analyst: []
standalone: []
eval: []
idh: []
manager: []
heavynode: []
searchnode: []
receiver: []
portgroups:
standalone:
- playbook
- mysql
- kibana
- redis
- influxdb
- elasticsearch_rest
- elasticsearch_node
- docker_registry
- yum
- sensoroni
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elasticsearch_rest
- endgame
- strelka_frontend
- syslog
- nginx
analyst_workstation: []
ports:
all:
tcp:
- '0:65535'
udp:
- '0:65535'
agrules:
tcp:
- 7788
beats_5044:
tcp:
- 5044
beats_5644:
tcp:
- 5644
beats_5066:
tcp:
- 5066
docker_registry:
tcp:
- 5000
elasticsearch_node:
tcp:
- 9300
elasticsearch_rest:
tcp:
- 9200
elastic_agent_control:
tcp:
- 8220
elastic_agent_data:
tcp:
- 5055
endgame:
tcp:
- 3765
influxdb:
tcp:
- 8086
kibana:
tcp:
- 5601
mysql:
tcp:
- 3306
nginx:
tcp:
- 80
- 443
playbook:
tcp:
- 3200
redis:
tcp:
- 6379
- 9696
salt_manager:
tcp:
- 4505
- 4506
sensoroni:
tcp:
- 443
ssh:
tcp:
- {{ ssh_port }}
strelka_frontend:
tcp:
- 57314
syslog:
tcp:
- 514
udp:
- 514
yum:
tcp:
- 443