{% from "iptables/map.jinja" import defaults,schema,service with context %}

  {%- if service.v6.enabled %}

iptables_packages_v6:
  pkg.installed:
  - names: {{ service.v6.pkgs }}

iptables_modules_v6_load:
  kmod.present:
  - persist: true
  - mods: {{ service.v6.modules }}
  - require:
    - pkg: iptables_packages_v6

{{ service.v6.persistent_config }}:
  file.managed:
  - user: root
  - group: root
  - mode: 640
  - source: salt://iptables/v{{ schema.epoch }}/files/v6_rules
  - template: jinja
  - require:
    - pkg: iptables_packages_v6

    {% if grains['os'] == 'Ubuntu' %}

iptables_services_v6_start:
  cmd.run:
  - name: find /usr/share/netfilter-persistent/plugins.d/[0-9]*-ip6tables -exec {} start \;
  - onlyif: test $(ip6tables-save | wc -l) -eq 0
  - require:
    - file: {{ service.v6.persistent_config }}
    - kmod: iptables_modules_v6_load

    {%- endif %}

{{ service.v6.service }}:
  service.running:
  - enable: true
  - require:
    - file: {{ service.v6.persistent_config }}
    - kmod: iptables_modules_v6_load
  - watch:
    - file: {{ service.v6.persistent_config }}

iptables_tables_cleanup_v6:
  module.wait:
  - name: iptables_extra.remove_stale_tables
  - config_file: {{ service.v6.persistent_config }}
  - family: ipv6
  - require:
    - file: {{ service.v6.persistent_config }}
  - watch:
    - file: {{ service.v6.persistent_config }}
  {%- else %}

    {% if grains['os'] == 'Ubuntu' %}

iptables_services_v6_stop:
  cmd.run:
  - name: find /usr/share/netfilter-persistent/plugins.d/[0-9]*-ip6tables -exec {} flush \;
  - onlyif: test $(which ip6tables-save) -eq 0 && test $(ip6tables-save | wc -l) -ne 0

{{ service.v6.persistent_config }}:
  file.absent:
  - require:
    - cmd: iptables_services_v6_stop

iptables_tables_flush_v6:
  module.wait:
  - name: iptables_extra.flush_all
  - family: ipv6
  - watch:
    - file: {{ service.v6.persistent_config }}

    {%- endif %}

{%- endif %}