Add FW config for Strelka frontend

files/firewall/hostgroups.local.yaml

@@ -44,6 +44,10 @@ firewall:
       ips:
         delete:
         insert:
+    strelka_frontend:
+      ips:
+        delete:
+        insert:
     syslog:
       ips:
         delete:

salt/common/tools/sbin/so-allow

@@ -38,6 +38,11 @@ do
             FULLROLE="beats_endpoint"
             SKIP=1
             ;;
+	f)
+	    FULLROLE="strelka_frontend"
+            SKIP=1
+            ;;
+
         i)  IP=$OPTARG
             ;;
         o)
@@ -72,6 +77,7 @@ if [ "$SKIP" -eq 0 ]; then
     echo ""
     echo "[a] - Analyst - ports 80/tcp and 443/tcp"
     echo "[b] - Logstash Beat - port 5044/tcp"
+    echo "[f] - Strelka frontend - port 57314/tcp"
     echo "[o] - Osquery endpoint - port 8090/tcp"
     echo "[s] - Syslog device - 514/tcp/udp"
     echo "[w] - Wazuh agent - port 1514/tcp/udp"
@@ -86,6 +92,8 @@ if [ "$SKIP" -eq 0 ]; then
         FULLROLE=analyst
     elif [ "$ROLE" == "b" ]; then
         FULLROLE=beats_endpoint
+    elif [ "$ROLE" == "f" ]; then
+        FULLROLE=strelka_frontend
     elif [ "$ROLE" == "o" ]; then
         FULLROLE=osquery_endpoint
     elif [ "$ROLE" == "w" ]; then

salt/firewall/assigned_hostgroups.map.yaml

@@ -52,6 +52,9 @@ role:
           osquery_endpoint:
             portgroups:
               - {{ portgroups.fleet_api }}
+          strelka_frontend:
+            portgroups:
+              - {{ portgroups.strelka_frontend }}
           syslog:
             portgroups:
               - {{ portgroups.syslog }}

salt/firewall/portgroups.yaml

@@ -74,6 +74,9 @@ firewall:
       ssh:
         tcp:
           - 22
+      strelka_frontend:
+        tcp:
+          - 57314
       syslog:
         tcp:
           - 514