From 6649ffd8b53253778d373e50e9f0f78a78f5233a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 16 Sep 2022 13:33:26 -0400 Subject: [PATCH] Firewall Fun --- salt/firewall/defaults.yaml | 289 ++++++++++++++---------------------- 1 file changed, 112 insertions(+), 177 deletions(-) diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index eb1e51eb4..1261a9131 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -1,178 +1,113 @@ firewall: - rules: - analyst_workstations: [] - standalone: - - 1.2.3.4 - sensor: - - 1.2.3.3 - - 2.3.4.5 - searchnode: - - 3.4.5.6 - - 7.8.9.10 - manager: - - 1.33.2.11 - hostgroups: - anywhere: - ips: - delete: - insert: - - 0.0.0.0/0 - dockernet: - ips: - delete: - insert: - - 172.17.0.0/24 - localhost: - ips: - delete: - insert: - - 127.0.0.1 - self: - ips: - delete: - insert: [] - analyst: - ips: - delete: [] - insert: [127.0.0.1] - beats_endpoint: - ips: - delete: [] - insert: [127.0.0.1] - beats_endpoint_ssl: - ips: - delete: [] - insert: [] - elastic_agent_endpoint: - ips: - delete: [] - insert: [127.0.0.1] - elasticsearch_rest: - ips: - delete: [] - insert: [] - endgame: - ips: - delete: [] - insert: [127.0.0.1] - fleet: - ips: - delete: [] - insert: [] - heavy_node: - ips: - delete: [] - insert: [] - idh: - ips: - delete: [] - insert: [] - manager: - ips: - delete: [] - insert: [127.0.0.1] - minion: - ips: - delete: [] - insert: [127.0.0.1] - node: - ips: - delete: [] - insert: [] - receiver: - ips: - delete: [] - insert: [] - search_node: - ips: - delete: [] - insert: [127.0.0.1] - sensor: - ips: - delete: [] - insert: [127.0.0.1] - strelka_frontend: - ips: - delete: [] - insert: [] - syslog: - ips: - delete: [] - insert: [] - portgroups: - all: - tcp: - - '0:65535' - udp: - - '0:65535' - agrules: - tcp: - - 7788 - beats_5044: - tcp: - - 5044 - beats_5644: - tcp: - - 5644 - beats_5066: - tcp: - - 5066 - docker_registry: - tcp: - - 5000 - elasticsearch_node: - tcp: - - 9300 - elasticsearch_rest: - tcp: - - 9200 - elastic_agent_control: - tcp: - - 8220 - elastic_agent_data: - tcp: - - 5055 - endgame: - tcp: - - 3765 - influxdb: - tcp: - - 8086 - kibana: - tcp: - - 5601 - mysql: - tcp: - - 3306 - nginx: - tcp: - - 80 - - 443 - playbook: - tcp: - - 3200 - redis: - tcp: - - 6379 - - 9696 - salt_manager: - tcp: - - 4505 - - 4506 - sensoroni: - tcp: - - 443 - ssh: - tcp: - - 22 - strelka_frontend: - tcp: - - 57314 - syslog: - tcp: - - 514 - udp: - - 514 - yum: - tcp: - - 443 \ No newline at end of file + grid: + hosts: + analyst_workstations: [] + analyst: [] + standalone: [] + eval: [] + idh: [] + manager: [] + heavynode: [] + searchnode: [] + receiver: [] + + portgroups: + standalone: + - playbook + - mysql + - kibana + - redis + - influxdb + - elasticsearch_rest + - elasticsearch_node + - docker_registry + - yum + - sensoroni + - beats_5044 + - beats_5644 + - elastic_agent_control + - elastic_agent_data + - elasticsearch_rest + - endgame + - strelka_frontend + - syslog + - nginx + analyst_workstation: [] + ports: + all: + tcp: + - '0:65535' + udp: + - '0:65535' + agrules: + tcp: + - 7788 + beats_5044: + tcp: + - 5044 + beats_5644: + tcp: + - 5644 + beats_5066: + tcp: + - 5066 + docker_registry: + tcp: + - 5000 + elasticsearch_node: + tcp: + - 9300 + elasticsearch_rest: + tcp: + - 9200 + elastic_agent_control: + tcp: + - 8220 + elastic_agent_data: + tcp: + - 5055 + endgame: + tcp: + - 3765 + influxdb: + tcp: + - 8086 + kibana: + tcp: + - 5601 + mysql: + tcp: + - 3306 + nginx: + tcp: + - 80 + - 443 + playbook: + tcp: + - 3200 + redis: + tcp: + - 6379 + - 9696 + salt_manager: + tcp: + - 4505 + - 4506 + sensoroni: + tcp: + - 443 + ssh: + tcp: + - {{ ssh_port }} + strelka_frontend: + tcp: + - 57314 + syslog: + tcp: + - 514 + udp: + - 514 + yum: + tcp: + - 443 +