From 9eae31e48820326b2e5e02435ba6e7554b4e5969 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 2 Feb 2023 10:03:22 -0500
Subject: [PATCH] add managersearch to allowed roles for so-firewall. fix setup
 error from so-firewall "Please specify a role with --role="

---
 salt/common/tools/sbin/so-firewall | 2 +-
 setup/so-functions                 | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/common/tools/sbin/so-firewall b/salt/common/tools/sbin/so-firewall
index 2a8aed0e7..69808c709 100755
--- a/salt/common/tools/sbin/so-firewall
+++ b/salt/common/tools/sbin/so-firewall
@@ -43,7 +43,7 @@ APPLY=${APPLY,,}
 
 function rolecall() {
 	THEROLE=$1
-	THEROLES="analyst analyst_workstations beats_endpoint beats_endpoint_ssl elastic_agent_endpoint elasticsearch_rest endgame eval heavynodes idh manager receivers searchnodes sensors standalone strelka_frontend syslog"
+	THEROLES="analyst analyst_workstations beats_endpoint beats_endpoint_ssl elastic_agent_endpoint elasticsearch_rest endgame eval heavynodes idh manager managersearch receivers searchnodes sensors standalone strelka_frontend syslog"
 
 	for AROLE in $THEROLES; do
 		if [ "$AROLE" = "$THEROLE" ]; then
diff --git a/setup/so-functions b/setup/so-functions
index a76126519..b70e73965 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1179,8 +1179,8 @@ firewall_generate_templates() {
    
 	logCmd "cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/"
 
-	for i in analyst beats_endpoint endgame sensor manager minion elastic_agent_endpoint search_node; do
-		$default_salt_dir/salt/common/tools/sbin/so-firewall includehost "$i" 127.0.0.1
+	for i in analyst beats_endpoint endgame sensors manager managersearch elastic_agent_endpoint searchnodes; do
+		$default_salt_dir/salt/common/tools/sbin/so-firewall --role="$i" --ip=127.0.0.1
 	done
 
 }