From fa23349abf6a139c3651bd90d17a0774b9c2d6bf Mon Sep 17 00:00:00 2001
From: Jaredy899 <76603258+Jaredy899@users.noreply.github.com>
Date: Sun, 16 Feb 2025 18:33:29 -0500
Subject: [PATCH] Create firewalld-baselines.sh

---
 core/tabs/security/firewalld-baselines.sh | 28 +++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 core/tabs/security/firewalld-baselines.sh

diff --git a/core/tabs/security/firewalld-baselines.sh b/core/tabs/security/firewalld-baselines.sh
new file mode 100644
index 00000000..d19ff32e
--- /dev/null
+++ b/core/tabs/security/firewalld-baselines.sh
@@ -0,0 +1,28 @@
+#!/bin/sh -e
+
+. ../common-script.sh
+
+configureFirewallD() {
+    printf "%b\n" "${YELLOW}Configuring FirewallD with recommended rules${RC}"
+
+    printf "%b\n" "${YELLOW}Setting default zone to drop (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --set-default-zone=drop
+
+    printf "%b\n" "${YELLOW}Allowing SSH service (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --permanent --add-service=ssh
+
+    printf "%b\n" "${YELLOW}Allowing HTTP service (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --permanent --add-service=http
+
+    printf "%b\n" "${YELLOW}Allowing HTTPS service (FirewallD)${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --permanent --add-service=https
+
+    printf "%b\n" "${YELLOW}Reloading FirewallD configuration${RC}"
+    "$ESCALATION_TOOL" firewall-cmd --reload
+
+    printf "%b\n" "${GREEN}Enabled FirewallD with Baselines!${RC}"
+}
+
+checkEnv
+checkEscalationTool
+configureFirewallD