{% set schema = salt['grains.filter_by']({ 'default': { }, }, grain='os_family', merge=salt['pillar.get']('iptables:schema')) %} {% set service = salt['grains.filter_by']({ 'RedHat': { 'v4': { 'enabled': true, 'persistent_config': '/etc/sysconfig/iptables', 'pkgs': [ 'iptables', 'iptables-services' ], 'service': 'iptables', 'modules': [], }, 'v6': { 'enabled': true, 'persistent_config': '/etc/sysconfig/ip6tables', 'pkgs': [ 'iptables', 'iptables-services' ], 'service': 'iptables', 'modules': [], }, }, 'Debian': { 'v4': { 'enabled': true, 'persistent_config': '/etc/iptables/rules.v4', 'pkgs': [ 'iptables','iptables-persistent' ], 'service': 'netfilter-persistent', 'modules': [ 'iptable_filter', 'ip_tables' ], }, 'v6': { 'enabled': true, 'persistent_config': '/etc/iptables/rules.v6', 'pkgs': [ 'iptables','iptables-persistent' ], 'service': 'netfilter-persistent', 'modules': [ 'ip6table_filter', 'ip6_tables' ], }, }, }, grain='os_family', merge=salt['pillar.get']('iptables:service')) %} {% set defaults = salt['grains.filter_by']({ 'default': { 'v4': { 'metadata_rules': false, 'policy': 'ACCEPT', 'ruleset': { 'action': 'ACCEPT', 'params': '', 'rule': '', }, }, 'v6': { 'metadata_rules': false, 'policy': 'ACCEPT', 'ruleset': { 'action': 'ACCEPT', 'params': '', 'rule': '', }, }, }, }, grain='os_family', merge=salt['pillar.get']('iptables:defaults')) %} {% set tables = salt['grains.filter_by']({ 'default': { 'v4': { 'filter': { 'chains': { 'INPUT': {}, 'OUTPUT': {}, 'FORWARD': {}, }, }, }, 'v6': { 'filter': { 'chains': { 'INPUT': {}, 'OUTPUT': {}, 'FORWARD': {}, }, }, }, }, }, grain='os_family', merge=salt['pillar.get']('iptables:tables')) %}