Allow setting iptables by support metadata
diff --git a/iptables/_rule.sls b/iptables/_rule.sls
index 35068d0..b0a2d80 100644
--- a/iptables/_rule.sls
+++ b/iptables/_rule.sls
@@ -6,7 +6,7 @@
iptables.append:
{%- if loop.index != 1 %}
- require:
- - iptables: iptables_{{ chain_name }}_{{ loop.index - 1 }}
+ - iptables: iptables_{{ chain_name }}_{% if service_name is defined %}{{ service_name }}_{% endif %}{{ loop.index - 1 }}
{%- endif %}
{%- endif %}
- table: {{ rule.get('table', 'filter') }}
diff --git a/iptables/rules.sls b/iptables/rules.sls
index afc238b..67282d1 100644
--- a/iptables/rules.sls
+++ b/iptables/rules.sls
@@ -10,6 +10,21 @@
- table: filter
{%- endif %}
+{%- for service_name, service in pillar.items() %}
+{%- if service.get('_support', {}).get('iptables', {}).get('enabled', False) %}
+
+{%- set grains_fragment_file = service_name+'/meta/iptables.yml' %}
+{%- macro load_grains_file() %}{% include grains_fragment_file %}{% endmacro %}
+{%- set grains_yaml = load_grains_file()|load_yaml %}
+
+{%- for rule in grains_yaml.iptables.rules %}
+{%- set rule_name = service_name+'_'+loop.index|string %}
+{% include "iptables/_rule.sls" %}
+{%- endfor %}
+
+{%- endif %}
+{%- endfor %}
+
{%- for rule in chain.get('rules', []) %}
{%- set rule_name = loop.index %}
{% include "iptables/_rule.sls" %}