CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Firewall Module - Add Firewall rules specific to masters

Browse Source
This commit is contained in:
Mike Reeves
2018-09-21 08:57:35 -04:00
parent 27579a6150
commit cc5536a511
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pillar/firewall/masterfw.sls
View File

@@ -1 +1,2 @@
#masterfw.sls masterfw:
- 127.0.0.1

15
salt/firewall/init.sls
View File

@@ -101,6 +101,21 @@ enable_docker_user_established:
# Rules if you are a Master # Rules if you are a Master
{% if grains['role'] == 'so-master' %} {% if grains['role'] == 'so-master' %}
{% for ip in pillar.get('masterfw') %}
# Allow Redis
enable_maternode_redis_6379_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 6379
- position: 1
- save: True
{% endfor %}
# Make it so all the minions can talk to salt and update etc. # Make it so all the minions can talk to salt and update etc.
{% for ip in pillar.get('minions') %} {% for ip in pillar.get('minions') %}