# == State: firewalld # # This state installs/runs firewalld. # {% from "firewalld/map.jinja" import firewalld with context %} {% if salt['pillar.get']('firewalld:enabled') %} include: - firewalld.config - firewalld.ipsets - firewalld.services - firewalld.zones # iptables service that comes with rhel/centos iptables: service.disabled: - enable: False ip6tables: service.disabled: - enable: False package_firewalld: pkg.installed: - name: {{ firewalld.package }} service_firewalld_running: service.running: - name: {{ firewalld.service }} - enable: True # start on boot - require: - pkg: package_firewalld - file: config_firewalld - service: iptables # ensure it's stopped - service: ip6tables # ensure it's stopped service_firewalld: module.wait: - name: service.restart - m_name: {{ firewalld.service }} - require: - pkg: package_firewalld - file: config_firewalld - service: iptables # ensure it's stopped - service: ip6tables # ensure it's stopped {% else %} service_firewalld_dead: service.dead: - name: {{ firewalld.service }} - enable: False # don't start on boot {% endif %}