Skip to content

Create OpenNMS ferm IP tables rules #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
indigo423 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Create OpenNMS ferm IP tables rules #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions state/opennms/common.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Firewall configuration
#
# Hardening OpenNMS and don't allow RMI 1099 port on IPv4 and IPv6
ferm.opennms.common:
file.managed:
- name: /etc/ferm.d/20-opennms-common.conf
- source: salt://opennms/ferm.common.conf
- makedirs: True
25 changes: 25 additions & 0 deletions state/opennms/ferm.common.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# DO NOT CHANGE THIS FILE IT IS CONTROLLED BY SALTSTACK!
#
# IPv4 / IPv6 firewall
# - RMI registry 1099
# - Apache Karaf admin console
# - JMX monitoring
# - Active MQ
#
domain ip
table filter {
chain INPUT {
proto tcp dport (1099 8101 18980 61616) {
saddr 127.0.0.1/32 ACCEPT;
}
}
}

domain ip6
table filter {
chain INPUT {
proto tcp dport (1099 8101 18980 61616) {
saddr ::1/128 ACCEPT;
}
}
}
10 changes: 10 additions & 0 deletions state/opennms/ferm.syslogd.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# DO NOT CHANGE THIS FILE IT IS CONTROLLED BY SALTSTACK!
#
# IPv4 / IPv6 firewall - Syslog daemon rule

domain (ip ip6)
table filter {
chain INPUT {
proto udp dport 10514 ACCEPT;
}
}
10 changes: 10 additions & 0 deletions state/opennms/ferm.trapd.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# DO NOT CHANGE THIS FILE IT IS CONTROLLED BY SALTSTACK!
#
# IPv4 / IPv6 firewall - SNMP Trap daemon rule

domain (ip ip6)
table filter {
chain INPUT {
proto udp dport 162 ACCEPT;
}
}
13 changes: 13 additions & 0 deletions state/opennms/ferm.web.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# DO NOT CHANGE THIS FILE IT IS CONTROLLED BY SALTSTACK!
#
# IPv4 / IPv6 firewall - Web application rule

domain (ip ip6)
table filter {
chain INPUT {
proto tcp dport 8980 {
mod conntrack ctstate NEW
ACCEPT;
}
}
}
9 changes: 9 additions & 0 deletions state/opennms/syslogd.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Firewall configuration
#

# Allow OpenNMS to receive Syslog messages
ferm.opennms.syslogd:
file.managed:
- name: /etc/ferm.d/20-opennms-syslogd.conf
- source: salt://opennms/ferm.syslogd.conf
- makedirs: True
9 changes: 9 additions & 0 deletions state/opennms/trapd.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Firewall configuration
#

# Allow OpenNMS to receive SNMP Traps
ferm.opennms.trapd:
file.managed:
- name: /etc/ferm.d/20-opennms-trapd.conf
- source: salt://opennms/ferm.trapd.conf
- makedirs: True
9 changes: 9 additions & 0 deletions state/opennms/web.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Firewall configuration
#

# Allow access to the WebUI
ferm.opennms.web:
file.managed:
- name: /etc/ferm.d/20-opennms-web.conf
- source: salt://opennms/ferm.web.conf
- makedirs: True