Added support for 'ufw allow from <ip> to any' & ufw defaults

_modules/ufw.py

     out = __salt__['cmd.run'](cmd, python_shell=True)
     return True if out else False
 
+def get_default_incoming():
+    cmd = 'ufw status verbose | grep "Default:"'
+    out = __salt__['cmd.run'](cmd, python_shell=True)
+    policy = re.search('(\w+) \(incoming\)', out).group(1)
+    return policy
+
+def get_default_outgoing():
+    cmd = 'ufw status verbose | grep "Default:"'
+    out = __salt__['cmd.run'](cmd, python_shell=True)
+    policy = re.search('(\w+) \(outgoing\)', out).group(1)
+    return policy
 
 def set_enabled(enabled):
     cmd = 'ufw --force enable' if enabled else 'ufw disable'
 def add_rule(rule):
     cmd = "ufw " + rule
     out = __salt__['cmd.run'](cmd)
-    __salt__['cmd.run']("ufw reload")
+    # __salt__['cmd.run']("ufw reload") # why reload after adding a rule? :/
     return out

_states/ufw.py

     return _changed(name, "UFW is enabled", enabled=True)
 
 
+def default_incoming(name, default):
+    rule = "default {0} incoming".format(default)
+    if __opts__['test']:
+        return _test(name, "{0}: {1}".format(name, rule))
+
+    current = __salt__['ufw.get_default_incoming']()
+
+    if default != current:
+        try:
+            out = __salt__['ufw.add_rule'](rule)
+        except (CommandExecutionError, CommandNotFoundError) as e:
+            return _error(name, e.message)
+
+        for line in out.split('\n'):
+            if line.startswith("Default incoming policy changed to"):
+                return _changed(name, "{0} set to {1}".format(name, default), rule=rule)
+            return _error(name, line)
+
+    return _unchanged(name, "{0} was already set to {1}".format(name, default))
+
+
+def default_outgoing(name, default):
+    rule = "default {0} outgoing".format(default)
+    if __opts__['test']:
+        return _test(name, "{0}: {1}".format(name, rule))
+
+    current = __salt__['ufw.get_default_outgoing']()
+
+    if default != current:
+        try:
+            out = __salt__['ufw.add_rule'](rule)
+        except (CommandExecutionError, CommandNotFoundError) as e:
+            return _error(name, e.message)
+
+        for line in out.split('\n'):
+            if line.startswith("Default outgoing policy changed to"):
+                return _changed(name, "{0} set to {1}".format(name, default), rule=rule)
+            return _error(name, line)
+
+    return _unchanged(name, "{0} was already set to {1}".format(name, default))
+
+
 def allowed(name, app=None, interface=None, protocol=None,
             from_addr=None, from_port=None, to_addr=None, to_port=None):
 

ufw/init.sls

     - installed
   service.running:
     - enable: True
-  ufw:
-    - enabled
+
+  {%- if ufw.get('defaults', {}).get('incoming', False) %}
+
+ufw-default-incoming:
+  ufw.default_incoming:
+    - default: {{ufw.get('defaults', {}).get('incoming', 'allow')}}
+    - require:
+      - pkg: ufw
+
+  {% endif %}
+
+  {%- if ufw.get('defaults', {}).get('outgoing', False) %}
+
+ufw-default-outgoing:
+  ufw.default_outgoing:
+    - default: {{ufw.get('defaults', {}).get('outgoing', 'deny')}}
     - require:
       - pkg: ufw
 
+  {% endif %}
+
   {%- for service_name, service_details in ufw.get('services', {}).items() %}
 
     {%- for from_addr in service_details.get('from_addr', [None]) %}
 
   {%- endfor %}
 
+  # Open
+  {%- for from_addr in ufw.get('open', []).items() %}
+
+ufw-open-{{from_addr}}:
+  ufw.allowed:
+    - from_addr: {{from_addr}}
+    - require:
+      - pkg: ufw
+
+  {%- endfor %}
+
+enable-ufw:
+  ufw.enabled:
+    - require:
+      - pkg: ufw
+
 {% else %}
   #ufw:
     #ufw: