CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fleet Module - Add some default firewall rules

Browse Source
This commit is contained in:
Mike Reeves
2019-04-30 09:44:58 -04:00
parent 85f7137901
commit 89786c16c6
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
salt/firewall/init.sls
View File

@@ -217,6 +217,17 @@ enable_masternode_mysql_3306_{{ip}}:
- position: 1 - position: 1
- save: True - save: True
enable_master_osquery_8080_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 8080
- position: 1
- save: True
{% endfor %} {% endfor %}
# Make it so all the minions can talk to salt and update etc. # Make it so all the minions can talk to salt and update etc.
@@ -277,6 +288,17 @@ enable_minions_influxdb_8086_{{ip}}:
- position: 1 - position: 1
- save: True - save: True
enable_minion_osquery_8080_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 8080
- position: 1
- save: True
{% endfor %} {% endfor %}
# Allow Forward Nodes to send their beats traffic # Allow Forward Nodes to send their beats traffic