Merge pull request #1670 from ministryofjustice/MLPAB-2743-implement-…

…allow-list-rules-for-permitted-domains-in-suricata-format

MLPAB-2743 - create an allowlist

terraform/account/network_firewall_rules.rules

@@ -1 +1,10 @@
-drop tls $HOME_NET any -> $EXTERNAL_NET any (tls.sni; content:"evil.com"; startswith; nocase; endswith; msg:"matching TLS denylisted FQDNs"; priority:1; flow:to_server, established; sid:1; rev:1;)
+pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; dotprefix; content:".amazon.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:1; rev:1;)
+pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"api.notifications.service.gov.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:2; rev:1;)
+pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"api.os.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:3; rev:1;)
+pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"current.cvd.clamav.net"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:4; rev:1;)
+pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"database.clamav.net"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:5; rev:1;)
+pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"development.lpa-uid.api.opg.service.justice.gov.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:6; rev:1;)
+pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"integration.lpa-uid.api.opg.service.justice.gov.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:7; rev:1;)
+pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"oidc.integration.account.gov.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:8; rev:1;)
+pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"publicapi.payments.service.gov.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:9; rev:1;)
+drop http $HOME_NET any -> $EXTERNAL_NET any (http.header_names; content:"|0d 0a|"; startswith; msg:"not matching any HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:10; rev:1;)

terraform/account/region/network.tf

@@ -1,5 +1,5 @@
 module "network" {
-  source                         = "github.com/ministryofjustice/opg-terraform-aws-firewalled-network?ref=v0.2.8"
+  source                         = "github.com/ministryofjustice/opg-terraform-aws-firewalled-network?ref=v0.2.9"
   cidr                           = var.network_cidr_block
   enable_dns_hostnames           = true
   enable_dns_support             = true