# UFW management module
{%- set ufw = pillar.get('ufw', {}) %}
{%- if ufw.get('enabled', False) %}

ufw:
  pkg:
    - installed
  service.running:
    - enable: True
  ufw:
    - enabled
    - require:
      - pkg: ufw

  {%- for service_name, service_details in ufw.get('services', {}).items() %}

    {%- for from_addr in service_details.get('from_addr', [None]) %}

      {%- set protocol  = service_details.get('protocol', None) %}
      {%- set from_port = service_details.get('from_port', None) %}
      {%- set to_addr   = service_details.get('to_addr', None) %}

ufw-svc-{{service_name}}-{{from_addr}}:
  ufw.allowed:
    - protocol: {{protocol}}
    {%- if from_addr != None %}
    - from_addr: {{from_addr}}
    {%- endif %}
    {%- if from_port != None %}
    - from_port: "{{from_port}}"
    {%- endif %}
    {%- if to_addr != None %}
    - to_addr: {{to_addr}}
    {%- endif %}
    - to_port: "{{service_name}}"
    - require:
      - pkg: ufw

    {%- endfor %}

  {%- endfor %}

  # Applications
  {%- for app_name in ufw.get('applications', []) %}

ufw-app-{{app_name}}:
  ufw.allowed:
    - app: {{app_name}}
    - require:
      - pkg: ufw

  {%- endfor %}

{% else %}
  #ufw:
    #ufw:
      #- disabled
{% endif %}