From 4485a699d0f990719125a26d0b181c0c9fed3d65 Mon Sep 17 00:00:00 2001
From: Gregory Giguashvili <ggiguash@redhat.com>
Date: Tue, 16 May 2023 12:20:27 +0000
Subject: [PATCH] Add an option to build.sh to customize open firewa ll ports

---
 docs/rhel4edge_iso.md          |  3 +++
 scripts/image-builder/build.sh | 22 +++++++++++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/docs/rhel4edge_iso.md b/docs/rhel4edge_iso.md
index cfe35078fc..c961193bf0 100644
--- a/docs/rhel4edge_iso.md
+++ b/docs/rhel4edge_iso.md
@@ -67,6 +67,9 @@ Optional arguments:
   -authorized_keys_file path_to_file
           Path to an SSH authorized_keys file to allow SSH access
           into the default 'redhat' account
+  -open_firewall_ports port1[:protocol1],...,portN[:protocolN]
+          One or more comma-separated ports (optionally with protocol)
+          to be allowed by firewall (default: none)
   -prometheus
           Add Prometheus process exporter to the image. See
           https://github.com/ncabatoff/process-exporter for more information
diff --git a/scripts/image-builder/build.sh b/scripts/image-builder/build.sh
index 79482a2ce8..34eb4fc243 100755
--- a/scripts/image-builder/build.sh
+++ b/scripts/image-builder/build.sh
@@ -55,6 +55,9 @@ usage() {
     echo "  -authorized_keys_file path_to_file"
     echo "          Path to an SSH authorized_keys file to allow SSH access"
     echo "          into the default 'redhat' account"
+    echo "  -open_firewall_ports port1[:protocol1],...,portN[:protocolN]"
+    echo "          One or more comma-separated ports (optionally with protocol)"
+    echo "          to be allowed by firewall (default: none)"
     echo "  -prometheus"
     echo "          Add Prometheus process exporter to the image. See"
     echo "          https://github.com/ncabatoff/process-exporter for more information"
@@ -62,7 +65,7 @@ usage() {
 }
 
 title() {
-    echo -e "\E[34m\n# $1\E[00m";
+    echo -e "\E[34m\n# $1\E[00m"
 }
 
 waitfor_image() {
@@ -214,6 +217,12 @@ while [ $# -gt 0 ] ; do
         [ -z "${AUTHORIZED_KEYS_FILE}" ] && usage "Authorized keys file not specified"
         shift
         ;;
+     -open_firewall_ports)
+        shift
+        OPEN_FIREWALL_PORTS="$1"
+        [ -z "${OPEN_FIREWALL_PORTS}" ] && usage "Firewall ports not specified"
+        shift
+        ;;
     -prometheus)
         PROMETHEUS=true
         shift
@@ -336,6 +345,17 @@ if ${EMBED_CONTAINERS} ; then
         >> blueprint_v0.0.1.toml
 fi
 
+# Add open firewall ports
+if [ -n "${OPEN_FIREWALL_PORTS}" ] ; then
+    for port in ${OPEN_FIREWALL_PORTS//,/ } ; do
+        cat >> blueprint_v0.0.1.toml <<EOF
+
+[customizations.firewall]
+ports = ["${port}"]
+EOF
+    done
+fi
+
 # Add the firewall customization required by Prometheus
 if ${PROMETHEUS} ; then
     cat >> blueprint_v0.0.1.toml <<EOF