From b3a2680847f4222caa290051859fbd716fea3f63 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@DefensiveDepth.com>
Date: Mon, 13 Mar 2023 11:41:36 -0400
Subject: [PATCH] auto-apply firewall rules

---
 salt/common/tools/sbin/so-firewall        |  2 ++
 salt/common/tools/sbin/so-firewall-minion | 12 ++++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/salt/common/tools/sbin/so-firewall b/salt/common/tools/sbin/so-firewall
index 69808c709..16dcdf729 100755
--- a/salt/common/tools/sbin/so-firewall
+++ b/salt/common/tools/sbin/so-firewall
@@ -97,6 +97,8 @@ echo "$IP" >> $local_salt_dir/hostgroups/$ROLE
 if [ "$APPLY" = "true" ]; then
 	echo "Applying the firewall rules"
 	salt-call state.apply firewall queue=True
+	echo "Firewall rules have been applied... Review logs further if there were errors."
+	echo ""
 else
 	echo "Firewall rules will be applied next salt run"
 fi
diff --git a/salt/common/tools/sbin/so-firewall-minion b/salt/common/tools/sbin/so-firewall-minion
index e796035f9..19ea26864 100755
--- a/salt/common/tools/sbin/so-firewall-minion
+++ b/salt/common/tools/sbin/so-firewall-minion
@@ -54,25 +54,25 @@ fi
 		'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
 			so-firewall --role=manager --ip="$IP"
 			so-firewall --role=sensors --ip="$IP"
-			so-firewall --apply --role=searchnodes --ip="$IP"
+			so-firewall --apply=true --role=searchnodes --ip="$IP"
 			;;
 		'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'IDH' | 'RECEIVER')
 			case "$ROLE" in
 				'SENSOR')
-					so-firewall --apply --role=sensors --ip="$IP"
+					so-firewall --apply=true --role=sensors --ip="$IP"
 					;;
 				'SEARCHNODE')
-					so-firewall --apply --role=searchnodes --ip="$IP"
+					so-firewall --apply=true --role=searchnodes --ip="$IP"
 					;;
 				'HEAVYNODE')
 					so-firewall --role=sensors --ip="$IP"
-					so-firewall --apply --role=heavynodes --ip="$IP"
+					so-firewall --apply=true --role=heavynodes --ip="$IP"
 					;;
 				'IDH')
-				    so-firewall --apply --role=sensors --ip="$IP"
+				    so-firewall --apply=true --role=sensors --ip="$IP"
 					;;
 				'RECEIVER')
-					so-firewall --apply --role=receivers --ip="$IP"
+					so-firewall --apply=true --role=receivers --ip="$IP"
                     ;;
            	esac
 			;;