From 4d13ad114553e72e3fd6601ee5c8b0607060c13d Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@lunch.org.uk>
Date: Tue, 4 Apr 2023 14:28:19 +0100
Subject: [PATCH] Add firewall definitions.

---
 states/firewalls/hedwig.sls   | 21 +++++++++++++++++----
 states/firewalls/scabbers.sls | 22 ++++++++++++++++++----
 2 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/states/firewalls/hedwig.sls b/states/firewalls/hedwig.sls
index 0478385..ac0b8d4 100644
--- a/states/firewalls/hedwig.sls
+++ b/states/firewalls/hedwig.sls
@@ -2,9 +2,22 @@ hedwig_public:
   firewalld.present:
     - name: public
     - default: False
-    - ports:
-      - 22/tcp
-      - 80/tcp
-      - 443/tcp
+    - services:
+      - dhcpv6-client
+      - ssh
+    - prune_services: True
     - require:
       - firewalld
+
+hedwig_mythic_proxy:
+  firewalld.present:
+    - name: mythicproxy
+    - default: False
+    - services:
+      - http
+      - https
+    - prune_services: True
+    - sources:
+      - 2a00:1098::82:1000:3b:1:1
+      - 2a00:1098::80:1000:3b:1:1
+
diff --git a/states/firewalls/scabbers.sls b/states/firewalls/scabbers.sls
index 40ad050..87ccc9c 100644
--- a/states/firewalls/scabbers.sls
+++ b/states/firewalls/scabbers.sls
@@ -2,9 +2,23 @@ scabbers_public:
   firewalld.present:
     - name: public
     - default: False
-    - ports:
-      - 22/tcp
-      - 80/tcp
-      - 443/tcp
+    - services:
+      - dhcpv6-client
+      - ssh
+    - prune_services: True
     - require:
       - firewalld
+
+scabbers_mythic_proxy:
+  firewalld.present:
+    - name: mythicproxy
+    - default: False
+    - services:
+      - http
+      - https
+    - prune_services: True
+    - sources:
+      - 2a00:1098::82:1000:3b:1:1
+      - 2a00:1098::80:1000:3b:1:1
+
+