CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-12 20:22:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Firewall Module - Allow Minions to connect to salt

Browse Source
This commit is contained in:
Mike Reeves
2018-06-19 10:10:03 -04:00
parent 4d140bc31f
commit 73841b0bc3
1 changed files with 21 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/firewall/init.sls
View File

@@ -1,4 +1,3 @@
{% set minions = salt['pillar.get']('firewall.minions', {}) %}
# Default Rules for everyone # Default Rules for everyone
# Keep localhost in the game # Keep localhost in the game
@@ -53,6 +52,7 @@ enable_reject_policy:
# Rules if you are a Master # Rules if you are a Master
{% if grains['role'] == 'so-master' %} {% if grains['role'] == 'so-master' %}
{% set minions = salt['pillar.get']('firewall.minions', {}) %}
{% for ip in minions.get('minion_ips', []) %} {% for ip in minions.get('minion_ips', []) %}
enable_salt_minions_4505: enable_salt_minions_4505:
@@ -74,7 +74,9 @@ enable_reject_policy:
- source: {{ ip }} - source: {{ ip }}
- dport: 4506 - dport: 4506
- save: True - save: True
{% endfor %} {% endfor %}
{% endif %} {% endif %}
# Rules if you are a Storage Node # Rules if you are a Storage Node