From 3d574e68527cf6d8861f1220c07bcd7d68978b8a Mon Sep 17 00:00:00 2001
From: Jaredy899 <76603258+Jaredy899@users.noreply.github.com>
Date: Sun, 16 Feb 2025 18:32:45 -0500
Subject: [PATCH 1/4] Update and rename firewall-baselines.sh to
 ufw-baselines.sh

---
 core/tabs/security/{firewall-baselines.sh => ufw-baselines.sh} | 3 +++
 1 file changed, 3 insertions(+)
 rename core/tabs/security/{firewall-baselines.sh => ufw-baselines.sh} (93%)

diff --git a/core/tabs/security/firewall-baselines.sh b/core/tabs/security/ufw-baselines.sh
similarity index 93%
rename from core/tabs/security/firewall-baselines.sh
rename to core/tabs/security/ufw-baselines.sh
index 54145ea7..7d403beb 100644
--- a/core/tabs/security/firewall-baselines.sh
+++ b/core/tabs/security/ufw-baselines.sh
@@ -12,6 +12,9 @@ installPkg() {
             apk)
                 "$ESCALATION_TOOL" "$PACKAGER" add ufw
                 ;;
+            xbps-install)
+                "$ESCALATION_TOOL" "$PACKAGER" -Sy ufw
+                ;;
             *)
                 "$ESCALATION_TOOL" "$PACKAGER" install -y ufw
                 ;;

From e83501f9d7375c76a5113e387a97a2c1330caa4c Mon Sep 17 00:00:00 2001
From: Jaredy899 <76603258+Jaredy899@users.noreply.github.com>
Date: Sun, 16 Feb 2025 18:33:00 -0500
Subject: [PATCH 2/4] Update tab_data.toml

---
 core/tabs/security/tab_data.toml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/core/tabs/security/tab_data.toml b/core/tabs/security/tab_data.toml
index fe2c2818..deec6641 100644
--- a/core/tabs/security/tab_data.toml
+++ b/core/tabs/security/tab_data.toml
@@ -1,12 +1,23 @@
 name = "Security"
 
 [[data]]
-name = "Firewall Baselines (CTT)"
+name = "UFW Firewall Baselines (CTT)"
 description = "Developed to ease iptables firewall configuration, UFW provides a user friendly way to create an IPv4 or IPv6 host-based firewall. This command installs UFW and configures UFW based on CTT's recommended rules. For more information visit: https://christitus.com/linux-security-mistakes"
-script = "firewall-baselines.sh"
+script = "ufw-baselines.sh"
 task_list = "I SS"
 
 [[data.preconditions]]
 matches = false
 data = "command_exists"
 values = [ "firewalld" ]
+
+[[data]]
+name = "FirewallD Firewall Baselines (CTT)"
+description = "Configure FirewallD with CTT's recommended baseline rules for improved system security. For more information visit: https://christitus.com/linux-security-mistakes"
+script = "firewalld-baselines.sh"
+task_list = "I SS"
+
+[[data.preconditions]]
+matches = true
+data = "command_exists"
+values = [ "firewalld" ]

From fa23349abf6a139c3651bd90d17a0774b9c2d6bf Mon Sep 17 00:00:00 2001
From: Jaredy899 <76603258+Jaredy899@users.noreply.github.com>
Date: Sun, 16 Feb 2025 18:33:29 -0500
Subject: [PATCH 3/4] Create firewalld-baselines.sh

---
 core/tabs/security/firewalld-baselines.sh | 28 +++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 core/tabs/security/firewalld-baselines.sh

diff --git a/core/tabs/security/firewalld-baselines.sh b/core/tabs/security/firewalld-baselines.sh
new file mode 100644
index 00000000..d19ff32e
--- /dev/null
+++ b/core/tabs/security/firewalld-baselines.sh
@@ -0,0 +1,28 @@
+#!/bin/sh -e
+
+. ../common-script.sh
+
+configureFirewallD() {
+    printf "%b\n" "${YELLOW}Configuring FirewallD with recommended rules${RC}"
+
+    printf "%b\n" "${YELLOW}Setting default zone to drop (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --set-default-zone=drop
+
+    printf "%b\n" "${YELLOW}Allowing SSH service (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --permanent --add-service=ssh
+
+    printf "%b\n" "${YELLOW}Allowing HTTP service (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --permanent --add-service=http
+
+    printf "%b\n" "${YELLOW}Allowing HTTPS service (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --permanent --add-service=https
+
+    printf "%b\n" "${YELLOW}Reloading FirewallD configuration${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --reload
+
+    printf "%b\n" "${GREEN}Enabled FirewallD with Baselines!${RC}"
+}
+
+checkEnv
+checkEscalationTool
+configureFirewallD

From 14dcf2d2ae31eaf62f54461d7c431904d806bbd3 Mon Sep 17 00:00:00 2001
From: Jaredy899 <76603258+Jaredy899@users.noreply.github.com>
Date: Sat, 22 Feb 2025 14:36:01 -0500
Subject: [PATCH 4/4] Update tab_data.toml

---
 core/tabs/security/tab_data.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/tabs/security/tab_data.toml b/core/tabs/security/tab_data.toml
index deec6641..2bffbb35 100644
--- a/core/tabs/security/tab_data.toml
+++ b/core/tabs/security/tab_data.toml
@@ -9,7 +9,7 @@ task_list = "I SS"
 [[data.preconditions]]
 matches = false
 data = "command_exists"
-values = [ "firewalld" ]
+values = [ "firewall-cmd" ]
 
 [[data]]
 name = "FirewallD Firewall Baselines (CTT)"
@@ -20,4 +20,4 @@ task_list = "I SS"
 [[data.preconditions]]
 matches = true
 data = "command_exists"
-values = [ "firewalld" ]
+values = [ "firewall-cmd" ]