From a9b250c0f44cfed6572d9333ae90cbb9dd0960c8 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 13 Oct 2021 21:37:59 +0000
Subject: [PATCH 1/2] Add EG firewall config

---
 files/firewall/hostgroups.local.yaml       |  4 ++++
 salt/firewall/assigned_hostgroups.map.yaml | 11 ++++++++++-
 salt/firewall/portgroups.yaml              |  3 +++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/files/firewall/hostgroups.local.yaml b/files/firewall/hostgroups.local.yaml
index 794105627..d02d7c785 100644
--- a/files/firewall/hostgroups.local.yaml
+++ b/files/firewall/hostgroups.local.yaml
@@ -16,6 +16,10 @@ firewall:
       ips:
         delete:
         insert:
+    endgame:
+      ips:
+        delete:
+        insert:
     fleet:
       ips:
         delete:
diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml
index d3fb79117..d5fca081f 100644
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -162,6 +162,9 @@ role:
           elasticsearch_rest:
             portgroups:
               - {{ portgroups.elasticsearch_rest }}
+          endgame:
+            portgroups:
+              - {{ portgroups.endgame }}
           osquery_endpoint:
             portgroups:
               - {{ portgroups.fleet_api }}
@@ -248,6 +251,9 @@ role:
           elasticsearch_rest:
             portgroups:
               - {{ portgroups.elasticsearch_rest }}
+          endgame:
+            portgroups:
+              - {{ portgroups.endgame }}
           osquery_endpoint:
             portgroups:
               - {{ portgroups.fleet_api }}
@@ -337,6 +343,9 @@ role:
           elasticsearch_rest:
             portgroups:
               - {{ portgroups.elasticsearch_rest }}
+          endgame:
+            portgroups:
+              - {{ portgroups.endgame }}
           osquery_endpoint:
             portgroups:
               - {{ portgroups.fleet_api }}
@@ -594,4 +603,4 @@ role:
               - {{ portgroups.all }}
           minion:
             portgroups:
-              - {{ portgroups.salt_manager }}
\ No newline at end of file
+              - {{ portgroups.salt_manager }}
diff --git a/salt/firewall/portgroups.yaml b/salt/firewall/portgroups.yaml
index 1386267f5..d81d00d6a 100644
--- a/salt/firewall/portgroups.yaml
+++ b/salt/firewall/portgroups.yaml
@@ -39,6 +39,9 @@ firewall:
       elasticsearch_rest:
         tcp:
           - 9200
+      endgame:
+        tcp:
+          - 3765
       fleet_api:
         tcp:
           - 8090

From 78e88e076565efc95d72353b6fa68ce74b9a66b7 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 13 Oct 2021 21:42:54 +0000
Subject: [PATCH 2/2] Add EG firewall allowance via setup

---
 setup/so-setup | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/setup/so-setup b/setup/so-setup
index 7d5ae0a0e..71401602e 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -967,6 +967,11 @@ else
 			so-learn enable logscan --apply >> $setup_log 2>&1
 		fi
 
+		if [[ -n $ENDGAME_SMP_IP ]]; then
+                        set_progress_str 99 'Configuring firewall for Endgame SMP'
+                        so-firewall --apply includehost endgame $ENDGAME_SMP_IP   >> $setup_log 2>&1
+                fi
+
 	} | whiptail_gauge_post_setup "Running post-installation steps..."
 
 	whiptail_setup_complete