-
Notifications
You must be signed in to change notification settings - Fork 0
/
firewall_config_template.yaml
145 lines (118 loc) · 5.28 KB
/
firewall_config_template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#### CONFIG FILE FOR SilverTorch V0.2 ####
firewall_type: firepower
# can be set to None if the device IS NOT MANAGED from a central controller
management_center: 10.11.6.60
# the firewall to make routing and interface reference from FOR now a sample of ONE is supported.
firewall_sensor: 10.11.6.191
# if there is not a routing entry for a specific IP in the IPPP then use this zone to set its zone in the ruleset.
zone_of_last_resort: outside_zone
#/ MANAGEMENT
# whether the controller and the firewall/sensor uses the same creds.
same_creds: true
#/ MANAGEMENT
#/ firepower suite #
access_policy: test_acp
domain: Global
# this is where the rules will be placed and must be created beforehand in the ACP
rule_section: automation_engine
#/ firepower suite #
#/ RULE INGESTION OR CORRECTION
ippp_location: gfrs.csv
# MAPPING: if there's inconsistency with the IPPP such as the same name to a given port change it to the correct name.
# preprocess csv must be created and placed in the main dir, it will be moved and can be used later
preprocess_csv: correction_list.csv
# if you dont want ANY CONFIRMATION on rule ingestion or Silent mode
silent_mode: ~
#/ RULE INGESTION OR CORRECTION
#/ RULE MANAGEMENT
stage_ippp: true
# if you want to use only one rule name from the prepend assignment
single_rule_ippp: true
# if you want to use multi rules names MAKE SURE IN THE IPPP THAT YOU HAVE THE POLICY_NAME COLUMN with rules you want
multi_rule_ippp: true
# check to see if IPPP exist in the firewalls ruleset
ippp_checkup: false
# when pushing a config this will be prepended to the new rules,
# in addition if other functions such as cleanup or checkup is used it will find rules in the ruleset with this specific
# name in the rule name BUT *BE AS CONCISE AS POSSIBLE.*
rule_prepend_name: VOIP_RULES
# CAN ONLY BE ALLOW OR DENY FOR RULE ENTRY
ruleset_type: ALLOW
# APPENDED COMMENT TO RULES if not found in the IPPP
rule_comment: new stuff
#/ RULE MANAGEMENT
#/ CLEAN UP SECTION
cleanup: true
# if there are rules that you want to collapse/reorganize for firewall scaffolding.
rule_cleanup: true
# if you want change the name of host objects to there DNS or IP attributes.
object_cleanup: true
# if you want to remove ZERO hit policies from ruleset. IF TRUE SPECIFY THE LOCATION OF THE RULES THAT NEED TO BE CLEANED
delete_unused_rules: false
# if you want to delete the unused rule before a specific date make sure you are using the "YYYY-MM-DD' format
bestby_date: 2023-04-12
# change the name of the network objects
# resolve: whether you want IP or DNS as the new name value for indiuduval objects
# group: change the whole name of the grouped objects defined by @rule_prepend_name
# DEFAULT: will change convert legacy net_group to NetGroup format
clean_type: group
group_clean_name: false
# if you want to delete ununsed objects in the firewall in conjuction of a cleanup
remove_unused: false
# if you want to merge two ACPs into one you need to specify the two below
# the ACP that these two will merged into WILL USE THE access_policy VARIABLE made above, that ACP should have the
# correct catergory that matches the "rule_section" made above
combine_ruleset:
- test12
- test13
# emergency switch in case something happened(network/power drop) in rule cleanup module since it involved rearranges the firewall configs.
# this switch will reinstall the ACP ruleset that were modified.
# recover old ACP file if the program crashed
recovery_mode: false
#/ CLEAN UP SECTION
#/ GENERAL INFORMATION FROM FIREWALLS
# this will save all or specific rules from the firewall or management device
save_rules: False
# if you need to save specific rules it will use the "rule_prepend_name" mentioned above
save_specific_rules: False
# convert rules in a readable format
pretty_rules: true
# only get rules based on IP or subnet
specific_src_dst:
- 192.168.0/24
- 10.0.0.0/8
- 218.17.85.0/24
# if you want to check for rules that specific to either "src" or "dst" leave as none or do not include if you want to
# check both
check_only_specific_src_dst: none
# if you want to get rules from specific zones
specific_zones:
- inside
#/ GENERAL INFORMATION FROM FIREWALLS
#/ LOG BASED RULE CREATION
# if you want to make rules from the events in the FW use this
conn_events: ~
# currently it limited to ingested html or CSV files for parsing
connections_data: 'Report of Connection Events.html'
# this is needed if the events are not already in IPPP format, this will help ST convert the columns that needs to be
# converted and drop the useless ones.
event_transform_lib:
source: Initiator IP
destination: Responder IP
service: Application Protocol
port_range_low: Source Port / ICMP Type
port_range_high: Destination Port / ICMP Code
protocol: Protocol
#/ LOG BASED RULE CREATION
#/ MODIFY EXISTING RULES
mod_rules: false
#/ MODIFY EXISTING RULES
#/ OBJECT GENERATION AND IDENTIFICATION
# if you want to use the ACTUAL PROTOCOL:PORT pair instead of the port defined name you can enable strict checking
strict_checkup: true
# if you want objects in the firewall to have DNS resolved local hostnames instead of IPs as the object name, enable this
# you can also filter on what domain you just want the hostname for in dont_include_domains
resolve_objects: false
# This will by REGEX
dont_include_domains: '.com|.org'
#/ OBJECT GENERATION AND IDENTIFICATION