a.gritsenko
/
fw_rules_builder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fw_rules_builder/app/data.json

2080 lines
43 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"servers": {
"cr": {
"hostname": "cr",
"ip": "172.19.20.2",
"prefix": "24",
"gw": "172.19.20.1",
"domain": "avndr.ru",
"description": "ЦР ПУЦ + TLS",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"cs": {
"hostname": "cs",
"ip": "172.19.20.3",
"prefix": "24",
"gw": "172.19.20.1",
"domain": "avndr.ru",
"description": "ЦС ПУЦ + TLS",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"rk-uc": {
"hostname": "rk-uc",
"ip": "172.19.40.3",
"prefix": "24",
"gw": "172.19.40.1",
"domain": "avndr.ru",
"description": "Сервер РК",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"ntp": {
"hostname": "ntp",
"ip": "172.19.40.4",
"prefix": "24",
"gw": "172.19.40.1",
"domain": "avndr.ru",
"description": "Сервер точного времени-1",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"pki": {
"hostname": "pki",
"ip": "172.19.100.4",
"prefix": "24",
"gw": "172.19.100.1",
"domain": "avndr.ru",
"description": "PKI-кластер",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"mps": {
"hostname": "mps",
"ip": "172.19.100.5",
"prefix": "24",
"gw": "172.19.100.1",
"domain": "avndr.ru",
"description": "МПС",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"esia": {
"hostname": "esia",
"ip": "172.19.150.4",
"prefix": "24",
"gw": "172.19.150.1",
"domain": "avndr.ru",
"description": "ТР-ЕСИА",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"ko-app": {
"hostname": "ko-app",
"ip": "172.19.110.4",
"prefix": "24",
"gw": "172.19.110.1",
"domain": "avndr.ru",
"description": "Сервер КО",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"ko-db": {
"hostname": "ko-db",
"ip": "172.19.110.5",
"prefix": "24",
"gw": "172.19.110.1",
"domain": "avndr.ru",
"description": "Сервер КО СУБД",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"ko-csp": {
"hostname": "ko-csp",
"ip": "172.19.110.6",
"prefix": "24",
"gw": "172.19.110.1",
"domain": "avndr.ru",
"description": "Сервер КО СКЗИ",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"kk-app": {
"hostname": "kk-app",
"ip": "172.19.120.4",
"prefix": "24",
"gw": "172.19.120.1",
"domain": "avndr.ru",
"description": "Сервер КК",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"kk-db": {
"hostname": "kk-db",
"ip": "172.19.120.5",
"prefix": "24",
"gw": "172.19.120.1",
"domain": "avndr.ru",
"description": "Сервер КК СУБД",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"kk-csp": {
"hostname": "kk-csp",
"ip": "172.19.120.6",
"prefix": "24",
"gw": "172.19.120.1",
"domain": "avndr.ru",
"description": "Сервер КК СКЗИ",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"core": {
"hostname": "core",
"ip": "172.19.130.4",
"prefix": "24",
"gw": "172.19.130.1",
"domain": "avndr.ru",
"description": "Ядро ВВС",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"core-db": {
"hostname": "core-db",
"ip": "172.19.130.5",
"prefix": "24",
"gw": "172.19.130.1",
"domain": "avndr.ru",
"description": "СУБД Ядро ВВС",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"arch": {
"hostname": "arch",
"ip": "172.19.130.6",
"prefix": "24",
"gw": "172.19.130.1",
"domain": "avndr.ru",
"description": "Модуль архивирования",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"arch-db": {
"hostname": "arch-db",
"ip": "172.19.130.7",
"prefix": "24",
"gw": "172.19.130.1",
"domain": "avndr.ru",
"description": "СУБД Модуль архивирования",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"web-apps": {
"hostname": "web-apps",
"ip": "172.19.130.8",
"prefix": "24",
"gw": "172.19.130.1",
"domain": "avndr.ru",
"description": "Сервер веб-приложений СС",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"aldp": {
"hostname": "aldp",
"ip": "172.19.140.4",
"prefix": "24",
"gw": "172.19.140.1",
"domain": "avndr.ru",
"description": "Сервер ИБ-1 (ALD Pro)",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"alds": {
"hostname": "alds",
"ip": "172.19.140.5",
"prefix": "24",
"gw": "172.19.140.1",
"domain": "avndr.ru",
"description": "Сервер ИБ-2 (ALD Pro)",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"rk": {
"hostname": "rk",
"ip": "172.19.140.6",
"prefix": "24",
"gw": "172.19.140.1",
"domain": "avndr.ru",
"description": "Сервер РК",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"ksc": {
"hostname": "ksc",
"ip": "172.19.140.7",
"prefix": "24",
"gw": "172.19.140.1",
"domain": "avndr.ru",
"description": "ВМ Kaspersky Security Center",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"log": {
"hostname": "log",
"ip": "172.19.140.8",
"prefix": "24",
"gw": "172.19.140.1",
"domain": "avndr.ru",
"description": "ВМ Сервер журналирования",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"repo": {
"hostname": "repo",
"ip": "172.19.140.9",
"prefix": "24",
"gw": "172.19.140.1",
"domain": "avndr.ru",
"description": "ВМ Сервер репозиторий ПО",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"zbx": {
"hostname": "zbx",
"ip": "172.19.140.10",
"prefix": "24",
"gw": "172.19.140.1",
"domain": "avndr.ru",
"description": "ВМ Сервер мониторинга (ZbxProxy)",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"arm-cont4": {
"hostname": "arm-cont4",
"ip": "172.19.210.2",
"prefix": "24",
"gw": "172.19.210.1",
"domain": "avndr.ru",
"description": "АРМ ЦУС Континент 4",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"arm-web-oper": {
"hostname": "arm-web-oper",
"ip": "172.19.220.2",
"prefix": "24",
"gw": "172.19.220.1",
"domain": "avndr.ru",
"description": "ВВС АРМ WEB (1)",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"arm-web-adm": {
"hostname": "arm-web-adm",
"ip": "172.19.230.2",
"prefix": "24",
"gw": "172.19.230.1",
"domain": "avndr.ru",
"description": "ВВС АРМ WEB (2)",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"arm-web-pki": {
"hostname": "arm-web-pki",
"ip": "172.19.230.2",
"prefix": "24",
"gw": "172.19.230.1",
"domain": "avndr.ru",
"description": "АРМ адм САВС",
"type": "host",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
}
},
"nets": {
"net_any": {
"hostname": "net_any",
"ip": "0.0.0.0",
"prefix": "0",
"gw": "",
"domain": "avndr.ru",
"description": "Any",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_uc_srv": {
"hostname": "net_uc_srv",
"ip": "172.19.20.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент УЦ ПУЦ+TLS",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_uc_adm_srv": {
"hostname": "net_uc_adm_srv",
"ip": "172.19.40.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Административный сегмент УЦ",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_pki": {
"hostname": "net_dr_pki",
"ip": "172.19.100.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент САВС",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_ko": {
"hostname": "net_dr_ko",
"ip": "172.19.110.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент КО",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_kk": {
"hostname": "net_dr_kk",
"ip": "172.19.120.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент КК",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_core_srv": {
"hostname": "net_dr_core_srv",
"ip": "172.19.130.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент интеграции",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_adm_srv": {
"hostname": "net_dr_adm_srv",
"ip": "172.19.140.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Административный сегмент",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_gis_esia": {
"hostname": "net_dr_gis_esia",
"ip": "172.19.150.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент ГИС ЕСИА",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_adm_arm_cont4": {
"hostname": "net_dr_adm_arm_cont4",
"ip": "172.19.210.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент администраторов ЦР",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_adm_arm_web1": {
"hostname": "net_dr_adm_arm_web1",
"ip": "172.19.220.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент администраторов ЦР",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_adm_arm_web2": {
"hostname": "net_dr_adm_arm_web2",
"ip": "172.19.230.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент администраторов ЦР",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_adm_arm_pki": {
"hostname": "net_dr_adm_arm_pki",
"ip": "172.19.230.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент администраторов ЦР",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
},
"net_dr_adm_arm_ngate": {
"hostname": "net_dr_adm_arm_ngate",
"ip": "172.19.250.0",
"prefix": "24",
"gw": "",
"domain": "avndr.ru",
"description": "Сегмент администраторов ЦР",
"type": "network",
"affinity": [
"fw_cr",
"fw_cr_ca"
]
}
},
"groups": {
"net_any": {
"name": "net_any",
"items": [
{
"hostname": "0.0.0.0/0"
}
]
},
"prot_set_uc_adm": {
"name": "prot_set_uc_adm",
"items": [
{
"hostname": "arm-cont3"
},
{
"hostname": "arm-cr"
}
]
},
"prot_set_uc_arm_reg_dr": {
"name": "prot_set_uc_arm_reg_dr",
"items": [
{
"hostname": "arm-cr"
}
]
},
"prot_set_uc_arm_reg_tls": {
"name": "prot_set_uc_arm_reg_tls",
"items": [
{
"hostname": "arm-cr"
}
]
},
"prot_set_uc_reg_dr": {
"name": "prot_set_uc_reg_dr",
"items": [
{
"hostname": "cr"
}
]
},
"prot_set_uc_reg_tls": {
"name": "prot_set_uc_reg_tls",
"items": [
{
"hostname": "cr"
}
]
},
"set_abs": {
"name": "set_abs",
"items": []
},
"set_cdp": {
"name": "set_cdp",
"items": []
},
"set_dbo": {
"name": "set_dbo",
"items": []
},
"set_dns": {
"name": "set_dns",
"items": []
},
"set_dr": {
"name": "set_dr",
"items": [
{
"hostname": "net_dr_pki"
},
{
"hostname": "net_dr_gis_esia"
},
{
"hostname": "net_dr_ko"
},
{
"hostname": "net_dr_kk"
},
{
"hostname": "net_dr_core_srv"
},
{
"hostname": "net_dr_adm_arm_cont4"
},
{
"hostname": "net_dr_adm_arm_web1"
},
{
"hostname": "net_dr_adm_arm_web2"
},
{
"hostname": "net_dr_adm_arm_pki"
},
{
"hostname": "net_dr_adm_arm_ngate"
}
]
},
"set_dr_adm_pki_cl": {
"name": "set_dr_adm_pki_cl",
"items": [
{
"hostname": "pki.avndr.ru"
}
]
},
"set_dr_adm_web_adm": {
"name": "set_dr_adm_web_adm",
"items": [
{
"hostname": "arm-web-adm.avndr.ru"
}
]
},
"set_dr_adm_web_oper": {
"name": "set_dr_adm_web_oper",
"items": [
{
"hostname": "arm-web-oper.avndr.ru"
}
]
},
"set_dr_arm_ngate": {
"name": "set_dr_arm_ngate",
"items": [
{
"hostname": "arm-ngate.avndr.ru"
}
]
},
"set_dr_esia_tr": {
"name": "set_dr_esia_tr",
"items": [
{
"hostname": "esia.avndr.ru"
}
]
},
"set_dr_gateout": {
"name": "set_dr_gateout",
"items": [
{
"hostname": "core.avndr.ru"
}
]
},
"set_dr_kk_be": {
"name": "set_dr_kk_be",
"items": [
{
"hostname": "kk-app.avndr.ru"
}
]
},
"set_dr_kk_crypto": {
"name": "set_dr_kk_crypto",
"items": [
{
"hostname": "kk-csp.avnd.ru"
}
]
},
"set_dr_kk_db": {
"name": "set_dr_kk_db",
"items": [
{
"hostname": "kk-db.avndr.ru"
}
]
},
"set_dr_ko_be": {
"name": "set_dr_ko_be",
"items": [
{
"hostname": "ko-app.avndr.ru"
}
]
},
"set_dr_ko_crypto": {
"name": "set_dr_ko_crypto",
"items": [
{
"hostname": "ko-csp.avndr.ru"
}
]
},
"set_dr_ko_db": {
"name": "set_dr_ko_db",
"items": [
{
"hostname": "ko-db.avndr.ru"
}
]
},
"set_dr_ngate": {
"name": "set_dr_ngate",
"items": [
{
"hostname": "ngate-mgmt"
},
{
"hostname": "ngate-node01"
},
{
"hostname": "ngate-node02"
}
]
},
"set_dr_ngate_mgmt": {
"name": "set_dr_ngate_mgmt",
"items": [
{
"hostname": "ngate-mgmt"
}
]
},
"set_dr_ngate_nodes": {
"name": "set_dr_ngate_nodes",
"items": [
{
"hostname": "ngate-node01"
},
{
"hostname": "ngate-node02"
}
]
},
"set_dr_pki_cluster": {
"name": "set_dr_pki_cluster",
"items": [
{
"hostname": "pki.avndr.ru"
}
]
},
"set_dr_plcr": {
"name": "set_dr_plcr",
"items": [
{
"hostname": "cbr_cd-tuz01"
},
{
"hostname": "cbr_cd-tuz02"
},
{
"hostname": "cbr_cd-tuz03"
},
{
"hostname": "cbr_cd-tuz04"
}
]
},
"set_dr_savs_mps": {
"name": "set_dr_savs_mps",
"items": [
{
"hostname": "mps.avndr.ru"
}
]
},
"set_dr_savs_mps_be": {
"name": "set_dr_savs_mps_be",
"items": [
{
"hostname": "mps.avndr.ru"
}
]
},
"set_dr_savs_mps_crypto": {
"name": "set_dr_savs_mps_crypto",
"items": [
{
"hostname": "mps.avndr.ru"
}
]
},
"set_dr_savs_mps_db": {
"name": "set_dr_savs_mps_db",
"items": [
{
"hostname": "mps.avndr.ru"
}
]
},
"set_dr_ss_arch_be": {
"name": "set_dr_ss_arch_be",
"items": [
{
"hostname": "core.avndr.ru"
}
]
},
"set_dr_ss_arch_db": {
"name": "set_dr_ss_arch_db",
"items": [
{
"hostname": "arch-db.avndr.ru"
}
]
},
"set_dr_ss_core_bbs": {
"name": "set_dr_ss_core_bbs",
"items": [
{
"hostname": "core.avndr.ru"
}
]
},
"set_dr_ss_core_bbs_db": {
"name": "set_dr_ss_core_bbs_db",
"items": [
{
"hostname": "core-db.avndr.ru"
}
]
},
"set_dr_ss_integr_be": {
"name": "set_dr_ss_integr_be",
"items": [
{
"hostname": "core.avndr.ru"
}
]
},
"set_dr_ss_keycloak": {
"name": "set_dr_ss_keycloak",
"items": [
{
"hostname": "core.avndr.ru"
}
]
},
"set_dr_ss_nginx": {
"name": "set_dr_ss_nginx",
"items": [
{
"hostname": "core.avndr.ru"
}
]
},
"set_dr_tech_server": {
"name": "set_dr_tech_server",
"items": [
{
"hostname": "-"
}
]
},
"set_hsm": {
"name": "set_hsm",
"items": [
{
"hostname": "-"
}
]
},
"set_ksc": {
"name": "set_ksc",
"items": [
{
"hostname": "ksc.avndr.ru"
}
]
},
"set_ntp": {
"name": "set_ntp",
"items": []
},
"set_rubackup_servers": {
"name": "set_rubackup_servers",
"items": [
{
"hostname": "rk.avndr.ru"
}
]
},
"set_siem": {
"name": "set_siem",
"items": []
},
"set_uc": {
"name": "set_uc",
"items": [
{
"hostname": "net_uc_srv"
},
{
"hostname": "net_uc_adm_srv"
},
{
"hostname": "net_uc_cus_adm"
},
{
"hostname": "net_uc_arm_ra"
}
]
},
"set_uc_adm_arm_reg": {
"name": "set_uc_adm_arm_reg",
"items": [
{
"hostname": "arm-cr"
}
]
},
"set_uc_arm_hsm": {
"name": "set_uc_arm_hsm",
"items": [
{
"hostname": "arm-hsm"
}
]
},
"set_uc_cgw_ncc3": {
"name": "set_uc_cgw_ncc3",
"items": [
{
"hostname": "gw-uc"
},
{
"hostname": "ncc-uc"
}
]
},
"set_uc_cgw_ncc4": {
"name": "set_uc_cgw_ncc4",
"items": [
{
"hostname": "ncc.avndr.ru"
},
{
"hostname": "gw.avndr.ru"
},
{
"hostname": "gw02.avndr.ru"
},
{
"hostname": "gw.avndr.ru"
}
]
},
"set_uc_cgw3": {
"name": "set_uc_cgw3",
"items": [
{
"hostname": "gw-uc"
}
]
},
"set_uc_cgw4": {
"name": "set_uc_cgw4",
"items": [
{
"hostname": "gw.avndr.ru"
},
{
"hostname": "gw02.avndr.ru"
},
{
"hostname": "gw.avndr.ru"
}
]
},
"set_uc_ncc3": {
"name": "set_uc_ncc3",
"items": [
{
"hostname": "ncc-uc"
}
]
},
"set_uc_ncc4": {
"name": "set_uc_ncc4",
"items": [
{
"hostname": "ncc.avndr.ru"
}
]
},
"set_uc_ntp": {
"name": "set_uc_ntp",
"items": [
{
"hostname": "ntp"
}
]
},
"set_uc_ntp_prot": {
"name": "set_uc_ntp_prot",
"items": [
{
"hostname": "ntp"
}
]
},
"set_uc_reg_dr": {
"name": "set_uc_reg_dr",
"items": [
{
"hostname": "cs"
}
]
},
"set_uc_reg_tls": {
"name": "set_uc_reg_tls",
"items": [
{
"hostname": "cr"
}
]
},
"set_uc_rubackup_servers": {
"name": "set_uc_rubackup_servers",
"items": [
{
"hostname": "rk-uc"
}
]
},
"set_zabbix": {
"name": "set_zabbix",
"items": []
},
"set_uc_cert_tls": {
"name": "set_uc_cert_tls",
"items": [
{
"hostname": "cs"
}
]
},
"set_uc_dr": {
"name": "set_uc_dr",
"items": [
{
"hostname": "cs"
}
]
},
"grp_web_servers": {
"name": "grp_web_servers",
"items": [
{
"hostname": "web01"
},
{
"hostname": "web02"
},
{
"hostname": "net_dmz"
}
]
}
},
"services": {
"dc-locator": {
"name": "dc-locator-389-udp",
"sport": "any",
"dport": "389",
"proto": "udp"
},
"dns-tcp": {
"name": "dns-53-tcp",
"sport": "any",
"dport": "53",
"proto": "tcp"
},
"dns-udp": {
"name": "dns-53-udp",
"sport": "any",
"dport": "53",
"proto": "udp"
},
"globalcatalog-tcp": {
"name": "globalcatalog-3268-tcp",
"sport": "any",
"dport": "3268",
"proto": "tcp"
},
"globalcatalog-udp": {
"name": "globalcatalog-3268-udp",
"sport": "any",
"dport": "3268",
"proto": "udp"
},
"ngate-webcon": {
"name": "ngate-webcon-8000-tcp",
"sport": "any",
"dport": "8000",
"proto": "tcp"
},
"icmp": {
"name": "icmp-echo",
"sport": "-",
"dport": "-",
"proto": "icmp-request"
},
"syslog-tcp": {
"name": "syslog-514-tcp",
"sport": "any",
"dport": "514",
"proto": "tcp"
},
"syslog-udp": {
"name": "syslog-514-udp",
"sport": "any",
"dport": "514",
"proto": "udp"
},
"syslog-10514-udp": {
"name": "syslog-10514-udp",
"sport": "any",
"dport": "10514",
"proto": "udp"
},
"ssh": {
"name": "ssh-22-tcp",
"sport": "any",
"dport": "22",
"proto": "tcp"
},
"smtp": {
"name": "smtp-25-tcp",
"sport": "any",
"dport": "25",
"proto": "tcp"
},
"smtp-tls": {
"name": "smtp-tls-587-tcp",
"sport": "any",
"dport": "587",
"proto": "tcp"
},
"smtp-ssl": {
"name": "smtp-ssl-465-tcp",
"sport": "any",
"dport": "465",
"proto": "tcp"
},
"smb": {
"name": "smb-445-tcp",
"sport": "any",
"dport": "445",
"proto": "tcp"
},
"sn-tls": {
"name": "sn-tls-443-tcp",
"sport": "any",
"dport": "443",
"proto": "tcp"
},
"sn-pwd-change-tcp": {
"name": "sn-pwd-change-42464-tcp",
"sport": "any",
"dport": "42464",
"proto": "tcp"
},
"sn-pwd-change-udp": {
"name": "sn-pwd-change-42464-udp",
"sport": "any",
"dport": "42464",
"proto": "udp"
},
"sn-lds-tls": {
"name": "sn-lds-tls-50001-tcp",
"sport": "any",
"dport": "30001",
"proto": "tcp"
},
"sn-lds": {
"name": "sn-lds-50000-tcp",
"sport": "any",
"dport": "30000",
"proto": "tcp"
},
"sn-kerberos-tcp": {
"name": "sn-kerberos-42088-tcp",
"sport": "any",
"dport": "42088",
"proto": "tcp"
},
"sn-kerberos-udp": {
"name": "sn-kerberos-42088-udp",
"sport": "any",
"dport": "42088",
"proto": "udp"
},
"sn-gc-lds-tls": {
"name": "sn-gc-lds-tls-50003-tcp",
"sport": "any",
"dport": "30003",
"proto": "tcp"
},
"sn-gc-lds": {
"name": "sn-gc-lds-50002-tcp",
"sport": "any",
"dport": "30002",
"proto": "tcp"
},
"snmp-trap-162-udp": {
"name": "snmp-trap-162-udp",
"sport": "any",
"dport": "162",
"proto": "udp"
},
"snmp-161-udp": {
"name": "snmp-161-udp",
"sport": "any",
"dport": "161",
"proto": "udp"
},
"tls-pcr-processing-ul": {
"name": "tls-pcr-processing-ul-443-tcp (change)",
"sport": "any",
"dport": "443",
"proto": "tcp"
},
"tls-pcr-processing-fl": {
"name": "tls-pcr-processing-fl-443-tcl (change)",
"sport": "any",
"dport": "443",
"proto": "tcp"
},
"tls-pcr-processing-fp": {
"name": "tls-pcr-processing-fp-443-tcp (change)",
"sport": "any",
"dport": "443",
"proto": "tcp"
},
"rdp-tcp": {
"name": "rdp-3389-tcp",
"sport": "any",
"dport": "3389",
"proto": "tcp"
},
"rdp-udp": {
"name": "rdp-3389-udp",
"sport": "any",
"dport": "3389",
"proto": "udp"
},
"psql-tcp": {
"name": "psql-5432-tcp",
"sport": "any",
"dport": "5432",
"proto": "tcp"
},
"ntp": {
"name": "ntp-123-udp",
"sport": "any",
"dport": "123",
"proto": "udp"
},
"netbios-137-udp": {
"name": "netbios-137-udp",
"sport": "any",
"dport": "137",
"proto": "udp"
},
"netbios-138-udp": {
"name": "netbios-138-udp",
"sport": "any",
"dport": "138",
"proto": "udp"
},
"netbios-139-tcp": {
"name": "netbios-139-tcp",
"sport": "any",
"dport": "139",
"proto": "tcp"
},
"ldaps": {
"name": "ldaps-636-tcp",
"sport": "any",
"dport": "636",
"proto": "tcp"
},
"ldap": {
"name": "ldap-389-tcp",
"sport": "any",
"dport": "389",
"proto": "tcp"
},
"ksc-klserver-13000-udp": {
"name": "ksc-klserver-13000-udp",
"sport": "any",
"dport": "13000",
"proto": "udp"
},
"ksc-klserver-13000-tcp": {
"name": "ksc-klserver-13000-tcp",
"sport": "any",
"dport": "13000",
"proto": "tcp"
},
"ksc-klnagent-14000-tcp": {
"name": "ksc-klnagent-14000-tcp",
"sport": "any",
"dport": "14000",
"proto": "tcp"
},
"ksc-distribution-tls": {
"name": "ksc-distribution-tls-8061-tcp",
"sport": "any",
"dport": "8061",
"proto": "tcp"
},
"ksc-distribution": {
"name": "ksc-distribution-8060-tcp",
"sport": "any",
"dport": "8060",
"proto": "tcp"
},
"ksc-webcon": {
"name": "ksc-webcon-8080-tcp",
"sport": "any",
"dport": "8080",
"proto": "tcp"
},
"klnagent": {
"name": "klnagent-15000-udp",
"sport": "any",
"dport": "15000",
"proto": "udp"
},
"krb-password-tcp": {
"name": "krb-password-464-tcp",
"sport": "any",
"dport": "464",
"proto": "tcp"
},
"krb-password-udp": {
"name": "krb-password-464-udp",
"sport": "any",
"dport": "464",
"proto": "udp"
},
"krb-88-udp": {
"name": "krb-88-udp",
"sport": "any",
"dport": "88",
"proto": "udp"
},
"krb-88-tcp": {
"name": "krb-88-tcp",
"sport": "any",
"dport": "88",
"proto": "tcp"
},
"k3-vpn": {
"name": "k3-vpn-10000-10031-udp",
"sport": "10000-10031",
"dport": "10000-10031",
"proto": "udp"
},
"k3-sd-to-ap": {
"name": "k3-sd-to-ap-7500-udp",
"sport": "any",
"dport": "7500",
"proto": "udp"
},
"k3-filetransfer-5103": {
"name": "k3-filetransfer-5103-tcp",
"sport": "any",
"dport": "5103",
"proto": "tcp"
},
"k3-messages-5100": {
"name": "k3-messages-5100-udp",
"sport": "any",
"dport": "5100",
"proto": "udp"
},
"k3-messages-5106-5107": {
"name": "k3-messages-5106-5107-udp",
"sport": "any",
"dport": "5106,5107",
"proto": "udp"
},
"k3-messages-5109": {
"name": "k3-messages-5109-udp",
"sport": "5100",
"dport": "5109",
"proto": "udp"
},
"k3-messages-5109-tcp": {
"name": "k3-messages-5109-tcp",
"sport": "5100",
"dport": "5109",
"proto": "tcp"
},
"zabbix-agent-active": {
"name": "zabbix-agent(active)-10051-tcp",
"sport": "any",
"dport": "10051",
"proto": "tcp"
},
"zabbix-agent": {
"name": "zabbix-agent-10050-tcp",
"sport": "any",
"dport": "10050",
"proto": "tcp"
},
"http": {
"name": "http-80-tcp",
"sport": "any",
"dport": "80",
"proto": "tcp"
},
"TLS": {
"name": "TLS",
"sport": "any",
"dport": "443",
"proto": "tcp"
},
"nats-tech-4223": {
"name": "nats-tech-4223-tcp",
"sport": "any",
"dport": "4223",
"proto": "tcp"
},
"nats-digrub-4222": {
"name": "nats-digrub-4222-tcp",
"sport": "any",
"dport": "4222",
"proto": "tcp"
},
"nats-tls-4224": {
"name": "nats-tls-4224-tcp",
"sport": "any",
"dport": "4224",
"proto": "tcp"
},
"ra-tech-1443": {
"name": "ra-tech-442-tcp",
"sport": "any",
"dport": "1443",
"proto": "tcp"
},
"ra-digrub-443": {
"name": "ra-digrub-443-tcp",
"sport": "any",
"dport": "443",
"proto": "tcp"
},
"ra-tls-2443": {
"name": "ra-tls-444-tcp",
"sport": "any",
"dport": "2443",
"proto": "tcp"
},
"drweb-ess-2193-tcp": {
"name": "drweb-ess-2193-tcp",
"sport": "any",
"dport": "2193",
"proto": "tcp"
}
},
"service_groups": {
"sg_dns": {
"name": "sg_dns",
"items": [
"dns-tcp",
"dns-udp"
]
},
"sn-in": {
"name": "SecretNet-In",
"items": [
"sn-pwd-change-tcp",
"sn-pwd-change-udp",
"sn-lds-tls",
"sn-lds",
"sn-kerberos-tcp",
"sn-kerberos-udp",
"sn-gc-lds-tls",
"sn-gc-lds"
]
},
"ad-ds-in": {
"name": "ADDS-In",
"items": [
"dns-tcp",
"dns-udp",
"globalcatalog-tcp",
"globalcatalog-udp",
"ntp",
"netbios-137-udp",
"netbios-138-udp",
"netbios-139-tcp",
"ldaps",
"ldap",
"krb-password-tcp",
"krb-password-udp",
"krb-88-udp",
"krb-88-tcp",
"dc-locator",
"smb"
]
},
"ksc-in": {
"name": "KasperskySecurityCenter-In",
"items": [
"ksc-klserver-13000-udp",
"ksc-klserver-13000-tcp",
"ksc-klnagent-14000-tcp",
"ksc-distribution-tls",
"ksc-distribution"
]
},
"klnagent-in": {
"name": "KasperskyLabsNetworkAgent-In",
"items": [
"klnagent"
]
},
"cyberbackup-in": {
"name": "Cyberbackup-In",
"items": [
"cyberbackup-7780",
"cyberbackup-9877",
"smb"
]
}
},
"rules": [
{
"name": "Инфраструктурные правила",
"order": 1000,
"type": "span",
"affinity": [
"fw_cr"
]
},
{
"name": "ICMP Echo",
"order": 1010,
"type": "rule",
"affinity": [
"fw_ca_cgw",
"fw_core"
],
"description": "Разрешить ICMP",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "net_any"
}
],
"service_list": [
"icmp"
],
"service_group_list": []
},
{
"name": "ICMP Echo-ext",
"order": 1020,
"type": "rule",
"affinity": [
"fw_ca_cgw",
"fw_core"
],
"description": "Разрешить ICMP",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "net_any"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"service_list": [
"icmp"
],
"service_group_list": []
},
{
"name": "to_dns",
"order": 1030,
"type": "rule",
"affinity": [
"fw_ca_cgw",
"fw_core"
],
"description": "Разрешить доступ к DNS",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_dns"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "to_syslog",
"order": 1040,
"type": "rule",
"affinity": [
"fw_ca_cgw",
"fw_core"
],
"description": "Разрешить доступ к Syslog",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_siem"
}
],
"service_list": [
"syslog-tcp"
],
"service_group_list": []
},
{
"name": "to_ksc",
"order": 1050,
"type": "rule",
"affinity": [
"fw_ca_cgw",
"fw_core"
],
"description": "Разрешить доступ к Kaspersky Security Center",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_ksc"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "to_kaspersky_updates",
"order": 1060,
"type": "rule",
"affinity": [
"fw_ca_cgw",
"fw_core"
],
"description": "Разрешить доступ к папке обновлений Kaspersky",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_ksc"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "to_zabbix",
"order": 1070,
"type": "rule",
"affinity": [
"fw_ca_cgw",
"fw_core"
],
"description": "Разрешить доступ к серверам Zabbix",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_zabbix"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "Взаимодействие в УЦ",
"order": 1080,
"type": "span",
"affinity": [
"fw_cr"
]
},
{
"name": "pki_cluster_tls",
"order": 1090,
"type": "rule",
"affinity": [
"fw_ca_cgw"
],
"description": "Разрешить обращения PKI-кластер к Центру регистрации УЦ TLS",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "server",
"ref_key": "pki"
},
{
"ref_type": "group",
"ref_key": "set_dr_pki_cluster"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_uc_reg_tls"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "pki_cluster_dr",
"order": 1100,
"type": "rule",
"affinity": [
"fw_ca_cgw"
],
"description": "Разрешить обращения PKI-кластер к Центру регистрации УЦ УНЭП",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr_pki_cluster"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_uc_reg_dr"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "crl_request_tls_external",
"order": 1110,
"type": "rule",
"affinity": [
"fw_ca_cgw"
],
"description": "Разрешить доступ к CRL из сети предприятия",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "net_any"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_uc_reg_tls"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "crl_request_dr_external",
"order": 1120,
"type": "rule",
"affinity": [
"fw_ca_cgw"
],
"description": "Разрешить доступ к CRL из сети предприятия",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "net_any"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_uc_reg_dr"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "rubackup-cmd",
"order": 1130,
"type": "rule",
"affinity": [
"fw_ca_cgw"
],
"description": "Управление операциями на клиенте резервного копирования",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_rubackup_servers"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "rubackup-media",
"order": 1140,
"type": "rule",
"affinity": [
"fw_ca_cgw"
],
"description": "Передача данных между медиасервером и клиентом",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_rubackup_servers"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "rubackup-api",
"order": 1150,
"type": "rule",
"affinity": [
"fw_ca_cgw"
],
"description": "Управление операциями RuBackup через REST API",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_rubackup_servers"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "repo",
"order": 1160,
"type": "rule",
"affinity": [
"fw_cr"
],
"description": "Внутренний репозиторий",
"action": "allow",
"log": "false",
"idp": "false",
"src_list": [
{
"ref_type": "group",
"ref_key": "set_dr"
}
],
"dst_list": [
{
"ref_type": "group",
"ref_key": "set_dr_tech_server"
}
],
"service_list": [
"ssh"
],
"service_group_list": []
},
{
"name": "CC",
"order": 1170,
"type": "span",
"affinity": [
"fw_cr"
]
},
{
"name": "cc_mps_to_pki_cluster",
"order": 2000,
"type": "rule",
"description": "Обращения от МПС до PKI-кластера",
"action": "allow",
"log": "false",
"idp": "false",
"affinity": [
"fw_cr"
],
"src_list": [
{
"ref_key": "set_dr_savs_mps",
"ref_type": "group"
}
],
"dst_list": [
{
"ref_key": "set_dr_pki_cluster",
"ref_type": "group"
}
],
"service_list": [
"TLS"
],
"service_group_list": []
}
]
}
Reference in New Issue View Git Blame Copy Permalink