From 6cdf1ef857a961210f22cd51944e38469bd3c197 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Tue, 11 Dec 2018 19:44:32 +0000
Subject: [PATCH] Firewall - Add rules for Wazuh Manager

---
 salt/firewall/init.sls | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 71575e3d6..ef2acd81f 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -1,5 +1,19 @@
 # Firewall Magic for the grid
 
+{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
+
+{%- set ip = salt['pillar.get']('static:masterip', '') %}
+
+{% elif grains['role'] == 'so-node'%}
+
+{%- set ip = salt['pillar.get']('node:mainip', '') %}
+
+{% elif grains['role'] == 'so-sensor'%}
+
+{%- set ip = salt['pillar.get']('node:mainip', '') %}
+
+{% endif %}
+
 # Keep localhost in the game
 iptables_allow_localhost:
   iptables.append:
@@ -86,6 +100,29 @@ enable_docker_user_established:
     - match: conntrack
     - ctstate: 'RELATED,ESTABLISHED'
 
+# Add rule(s) for Wazuh manager
+enable_wazuh_manager_1514_tcp_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 1514
+    - position: 1
+    - save: True
+
+enable_wazuh_manager_1514_udp_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: udp
+    - source: {{ ip }}
+    - dport: 1514
+    - position: 1
+    - save: True
+
 # Rules if you are a Master
 {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
 #This should be more granular