From b756a72e30d1622da494fa97f7dd5297d8df83c3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 22 Jun 2018 08:47:33 -0400 Subject: [PATCH] Firewall Module - Add Framework --- pillar/firewall/analyst.sls | 2 ++ pillar/firewall/beats_endpoint.sls | 2 ++ pillar/firewall/forward_nodes.sls | 2 ++ salt/firewall/init.sls | 21 +++++++++++++++++++++ 4 files changed, 27 insertions(+) create mode 100644 pillar/firewall/analyst.sls create mode 100644 pillar/firewall/beats_endpoint.sls create mode 100644 pillar/firewall/forward_nodes.sls diff --git a/pillar/firewall/analyst.sls b/pillar/firewall/analyst.sls new file mode 100644 index 000000000..c32213313 --- /dev/null +++ b/pillar/firewall/analyst.sls @@ -0,0 +1,2 @@ +analyst: + - 127.0.0.1 \ No newline at end of file diff --git a/pillar/firewall/beats_endpoint.sls b/pillar/firewall/beats_endpoint.sls new file mode 100644 index 000000000..f32973d61 --- /dev/null +++ b/pillar/firewall/beats_endpoint.sls @@ -0,0 +1,2 @@ +beats_endpoint: + - 127.0.0.1 \ No newline at end of file diff --git a/pillar/firewall/forward_nodes.sls b/pillar/firewall/forward_nodes.sls new file mode 100644 index 000000000..c8ae301b6 --- /dev/null +++ b/pillar/firewall/forward_nodes.sls @@ -0,0 +1,2 @@ +forward_nodes: + - 127.0.0.1 \ No newline at end of file diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 8ce2e4517..497211cd3 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -104,6 +104,27 @@ enable_salt_minions_3142_{{ip}}: - position: 1 - save: True +{% endfor %} + +# Allow Forward Nodes to send their beats traffic +{% for ip in pillar.get('forward_nodes') %} + +enable_salt_minions_5044_{{ip}}: + iptables.insert: + - table: filter + - chain: DOCKER-USER + - jump: ACCEPT + - proto: tcp + - source: {{ ip }} + - dport: 5044 + - position: 1 + - save: True + +{% endfor %} + +# Allow Forward Nodes to send their beats traffic +{% for ip in pillar.get('beats_endpoint') %} + enable_salt_minions_5044_{{ip}}: iptables.insert: - table: filter