Merge pull request #5884 from Security-Onion-Solutions/feature/hl_eg

Add EG firewall allowance via setup

files/firewall/hostgroups.local.yaml

@@ -16,6 +16,10 @@ firewall:
       ips:
         delete:
         insert:
+    endgame:
+      ips:
+        delete:
+        insert:
     fleet:
       ips:
         delete:

salt/firewall/assigned_hostgroups.map.yaml

@@ -162,6 +162,9 @@ role:
           elasticsearch_rest:
             portgroups:
               - {{ portgroups.elasticsearch_rest }}
+          endgame:
+            portgroups:
+              - {{ portgroups.endgame }}
           osquery_endpoint:
             portgroups:
               - {{ portgroups.fleet_api }}
@@ -248,6 +251,9 @@ role:
           elasticsearch_rest:
             portgroups:
               - {{ portgroups.elasticsearch_rest }}
+          endgame:
+            portgroups:
+              - {{ portgroups.endgame }}
           osquery_endpoint:
             portgroups:
               - {{ portgroups.fleet_api }}
@@ -337,6 +343,9 @@ role:
           elasticsearch_rest:
             portgroups:
               - {{ portgroups.elasticsearch_rest }}
+          endgame:
+            portgroups:
+              - {{ portgroups.endgame }}
           osquery_endpoint:
             portgroups:
               - {{ portgroups.fleet_api }}

salt/firewall/portgroups.yaml

@@ -39,6 +39,9 @@ firewall:
       elasticsearch_rest:
         tcp:
           - 9200
+      endgame:
+        tcp:
+          - 3765
       fleet_api:
         tcp:
           - 8090

setup/so-setup

@@ -967,6 +967,11 @@ else
 			so-learn enable logscan --apply >> $setup_log 2>&1
 		fi
 
+		if [[ -n $ENDGAME_SMP_IP ]]; then
+                        set_progress_str 99 'Configuring firewall for Endgame SMP'
+                        so-firewall --apply includehost endgame $ENDGAME_SMP_IP   >> $setup_log 2>&1
+                fi
+
 	} | whiptail_gauge_post_setup "Running post-installation steps..."
 
 	whiptail_setup_complete