From f14a8f3d0172d93de5f0563652f6704b1f3212b3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 16 Sep 2022 12:55:56 -0400
Subject: [PATCH] Firewall Fun

---
 salt/firewall/defaults.yaml     | 89 +++++++++++++++++++++++++++++++++
 salt/idstools/soc_idstools.yaml |  5 +-
 2 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 salt/firewall/defaults.yaml

diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml
new file mode 100644
index 000000000..246f8f36f
--- /dev/null
+++ b/salt/firewall/defaults.yaml
@@ -0,0 +1,89 @@
+firewall:
+  hostgroups:
+    anywhere:
+      ips:
+        delete:
+        insert:
+          - 0.0.0.0/0
+    dockernet:
+      ips:
+        delete:
+        insert:
+          - 172.17.0.0/24
+    localhost:
+      ips:
+        delete:
+        insert:
+          - 127.0.0.1
+    self:
+      ips:
+        delete:
+        insert: []
+    analyst:
+      ips:
+        delete: []
+        insert: [127.0.0.1]
+    beats_endpoint:
+      ips:
+        delete: []
+        insert: [127.0.0.1]
+    beats_endpoint_ssl:
+      ips: 
+        delete: []
+        insert: []
+    elastic_agent_endpoint:
+      ips:
+        delete: []
+        insert: [127.0.0.1]
+    elasticsearch_rest:
+      ips: 
+        delete: []
+        insert: []
+    endgame:
+      ips:
+        delete: []
+        insert: [127.0.0.1]
+    fleet:
+      ips:
+        delete: []
+        insert: []
+    heavy_node:
+      ips:
+        delete: []
+        insert: [] 
+    idh:
+      ips: 
+        delete: []
+        insert: []
+    manager:
+      ips:
+        delete: []
+        insert: [127.0.0.1]
+    minion:
+      ips:
+        delete: []
+        insert: [127.0.0.1]
+    node:
+      ips:
+        delete: []
+        insert: []
+    receiver:
+      ips: 
+        delete: []
+        insert: []
+    search_node:
+      ips:
+        delete: []
+        insert: [127.0.0.1]
+    sensor:
+      ips:
+        delete: []
+        insert: [127.0.0.1]
+    strelka_frontend:
+      ips:
+        delete: []
+        insert: []
+    syslog:
+      ips: 
+        delete: []
+        insert: []
diff --git a/salt/idstools/soc_idstools.yaml b/salt/idstools/soc_idstools.yaml
index 9c7526c7b..9f1867bb7 100644
--- a/salt/idstools/soc_idstools.yaml
+++ b/salt/idstools/soc_idstools.yaml
@@ -25,13 +25,16 @@ idstools:
       file: True
       global: True
       advanced: True
+      title: Local Rules
     filters__rules:
       description: You can set custom filters for Suricata when using it for meta data creation.
       file: True
       global: True
       advanced: True
+      title: Filter Rules
     extraction__rules:
       description: This is a list of mime types for file extraction when Suricata is used for meta data creation.
       file: True
       global: True
-      advanced: True
\ No newline at end of file
+      advanced: True
+      title: Extraction Rules
\ No newline at end of file