From d502d95dba620c14509214c6d80093c7b507d72a Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 24 Feb 2023 15:24:02 -0500
Subject: [PATCH] changes for soc firewall

---
 pillar/top.sls                            | 8 ++++++++
 salt/firewall/soc/soc.map.jinja           | 9 ++++++++-
 salt/firewall/soc/soc_firewall.yaml.jinja | 3 +--
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/pillar/top.sls b/pillar/top.sls
index 86de8709e..41d3265f0 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -60,6 +60,8 @@ base:
     - elasticsearch.adv_elasticsearch
     - backup.soc_backup
     - backup.adv_backup
+    - firewall.soc_firewall
+    - firewall.adv_firewall
     - minions.{{ grains.id }}
     - minions.adv_{{ grains.id }}
 
@@ -94,6 +96,8 @@ base:
     - influxdb.adv_influxdb
     - backup.soc_backup
     - backup.adv_backup
+    - firewall.soc_firewall
+    - firewall.adv_firewall
     - minions.{{ grains.id }}
     - minions.adv_{{ grains.id }}
 
@@ -125,6 +129,8 @@ base:
     - soc.soc_soc
     - backup.soc_backup
     - backup.adv_backup
+    - firewall.soc_firewall
+    - firewall.adv_firewall
     - minions.{{ grains.id }}
     - minions.adv_{{ grains.id }}
 
@@ -197,6 +203,8 @@ base:
     - redis.adv_redis
     - influxdb.soc_influxdb
     - influxdb.adv_influxdb
+    - firewall.soc_firewall
+    - firewall.adv_firewall
     - minions.{{ grains.id }}
     - minions.adv_{{ grains.id }}
 
diff --git a/salt/firewall/soc/soc.map.jinja b/salt/firewall/soc/soc.map.jinja
index 7e86d5252..00fc50dd1 100644
--- a/salt/firewall/soc/soc.map.jinja
+++ b/salt/firewall/soc/soc.map.jinja
@@ -1,2 +1,9 @@
 {% import_yaml 'firewall/soc/defaults_soc_firewall.yaml' as DEFAULT_SOC_FIREWALL %}
-{% set SOC_FIREWALL = salt['pillar.get']('firewall:custom_groups:groups', DEFAULT_SOC_FIREWALL.firewall.hostgroups, merge=True) %}
+{% set PILLAR_SOC_FIREWALL_GROUPS = salt['pillar.get']('firewall:custom_groups:groups', {}) %}
+{% set SOC_FIREWALL = DEFAULT_SOC_FIREWALL %}
+
+{% for group in PILLAR_SOC_FIREWALL_GROUPS %}
+{%   set description = 'List of IP addresses or CIDR blocks to allow for ' ~ group ~ ' hostgroup.' %}
+{%   set title = group[0]|upper ~ group[1:] %}
+{%   do SOC_FIREWALL.firewall.hostgroups.update({group:{'description': description, 'file': 'True', 'global': 'True', 'title': title, 'helpLink': 'firewall.html#host-groups'}}) %}
+{% endfor %}
diff --git a/salt/firewall/soc/soc_firewall.yaml.jinja b/salt/firewall/soc/soc_firewall.yaml.jinja
index 0a8a4761f..bc6a429f0 100644
--- a/salt/firewall/soc/soc_firewall.yaml.jinja
+++ b/salt/firewall/soc/soc_firewall.yaml.jinja
@@ -1,3 +1,2 @@
-{% from 'firewall/soc/soc.map.jinja' import SOC_FIREWALL %}
-
+{% from 'firewall/soc/soc.map.jinja' import SOC_FIREWALL -%}
 {{ SOC_FIREWALL | yaml(false) }}