From e306a60ea6818f505f4016ba668226c439ca5bf4 Mon Sep 17 00:00:00 2001
From: staticsafe <jogajog@sadiqsaif.com>
Date: Sat, 18 Jan 2020 17:29:03 -0500
Subject: [PATCH] add namshiel related files

---
 ...namshiel-elasticsearch.asininetech.net.yml |  6 ++++++
 .../files/namshiel.asininetech.net.rules.v4   | 11 ++++++++++
 .../files/namshiel.asininetech.net.rules.v6   | 20 +++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 ubuntu/namshiel-elasticsearch.asininetech.net.yml
 create mode 100644 ubuntu/roles/firewall-ruleset-deploy/files/namshiel.asininetech.net.rules.v4
 create mode 100644 ubuntu/roles/firewall-ruleset-deploy/files/namshiel.asininetech.net.rules.v6

diff --git a/ubuntu/namshiel-elasticsearch.asininetech.net.yml b/ubuntu/namshiel-elasticsearch.asininetech.net.yml
new file mode 100644
index 0000000..0bbbd1e
--- /dev/null
+++ b/ubuntu/namshiel-elasticsearch.asininetech.net.yml
@@ -0,0 +1,6 @@
+- hosts: tf-elasticsearch
+  roles:
+    - geerlingguy.java
+    - geerlingguy.elasticsearch
+    elasticsearch_network_host: 0.0.0.0
+    elasticsearch_heap_size_max: 4g
diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/namshiel.asininetech.net.rules.v4 b/ubuntu/roles/firewall-ruleset-deploy/files/namshiel.asininetech.net.rules.v4
new file mode 100644
index 0000000..f2974f0
--- /dev/null
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/namshiel.asininetech.net.rules.v4
@@ -0,0 +1,11 @@
+*filter
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp --icmp-type ping -j ACCEPT
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport 5665 -j ACCEPT
+-A INPUT -p tcp --dport 9200 -s 96.126.113.89/32 -j ACCEPT
+COMMIT
diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/namshiel.asininetech.net.rules.v6 b/ubuntu/roles/firewall-ruleset-deploy/files/namshiel.asininetech.net.rules.v6
new file mode 100644
index 0000000..eb26fab
--- /dev/null
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/namshiel.asininetech.net.rules.v6
@@ -0,0 +1,20 @@
+*filter
+:INPUT DROP
+:FORWARD DROP
+:OUTPUT ACCEPT
+:icmp_in -
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp --dport 5665 -j ACCEPT
+-A INPUT -p tcp --dport 9200 -s 2600:3c00::f03c:91ff:febc:ec5d/128 -j ACCEPT
+-A INPUT -p ipv6-icmp -j icmp_in
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
+-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
+COMMIT