From 89786c16c612b99578fb0c0686db40fb2f342ac6 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 30 Apr 2019 09:44:58 -0400
Subject: [PATCH] Fleet Module - Add some default firewall rules

---
 salt/firewall/init.sls | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 7ff009495..cfde43365 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -217,6 +217,17 @@ enable_masternode_mysql_3306_{{ip}}:
     - position: 1
     - save: True
 
+enable_master_osquery_8080_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 8080
+    - position: 1
+    - save: True
+
 {% endfor %}
 
 # Make it so all the minions can talk to salt and update etc.
@@ -277,6 +288,17 @@ enable_minions_influxdb_8086_{{ip}}:
     - position: 1
     - save: True
 
+enable_minion_osquery_8080_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 8080
+    - position: 1
+    - save: True
+
 {% endfor %}
 
 # Allow Forward Nodes to send their beats traffic