jsecurity101
commented
5 years ago Hi @Cyb3rWard0g, hope all is well! :)
The code you are referring to is where we are whitelisting port 7443.
Covenant no longer supports command line, but has the listeners, grunts, and launchers all hosted on the web gui. In order to access this, you have to have port 7443 open, so that you can access it via public ip. i.e: https://RTO-PUBLIC-IP:7443. This is documented: https://github.com/Cyb3rWard0g/mordor/blob/master/environment/shire/aws/Date_Documentation/Create-Datasets.md
Here is a screenshot of when my ip is whitelisted to hit port 7443
Here is when it isn't whitelisted:
Since the C2 box will only receive call backs from other boxes in the private subnet and they can connect to the C2 via its private ip address, I don't think there is a need to have the port open in the public subnet (even thought there is a whitelist)
https://github.com/Cyb3rWard0g/mordor/blob/master/environment/shire/aws/terraform/main.tf#L85