CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Helix - add firewall for mode helix

Browse Source
This commit is contained in:
Mike Reeves
2019-12-10 14:44:10 -05:00
parent ae6fa3f4a4
commit c83decc0a0
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/firewall/init.sls
View File

@@ -20,7 +20,7 @@ iptables_fix_fwd:
- jump: ACCEPT - jump: ACCEPT
- position: 1 - position: 1
- target: DOCKER-USER - target: DOCKER-USER
# Keep localhost in the game # Keep localhost in the game
iptables_allow_localhost: iptables_allow_localhost:
iptables.append: iptables.append:
@@ -131,7 +131,7 @@ enable_wazuh_manager_1514_udp_{{ip}}:
- save: True - save: True
# Rules if you are a Master # Rules if you are a Master
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %} {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix'%}
#This should be more granular #This should be more granular
iptables_allow_master_docker: iptables_allow_master_docker:
iptables.insert: iptables.insert:
@@ -264,7 +264,7 @@ enable_master_navigator_4200_{{ip}}:
- dport: 4200 - dport: 4200
- position: 1 - position: 1
- save: True - save: True
enable_master_cortex_9001_{{ip}}: enable_master_cortex_9001_{{ip}}:
iptables.insert: iptables.insert:
- table: filter - table: filter
@@ -274,7 +274,7 @@ enable_master_cortex_9001_{{ip}}:
- source: {{ ip }} - source: {{ ip }}
- dport: 9001 - dport: 9001
- position: 1 - position: 1
- save: True - save: True
enable_master_cyberchef_9080_{{ip}}: enable_master_cyberchef_9080_{{ip}}:
iptables.insert: iptables.insert: