Allow setting iptables chain policy

commit: 9dc2a1a4fa27960e1085a1e79eea157155b89108 [log] [tgz]
author: Filip Pytloun <filip@pytloun.cz> Mon Nov 09 12:50:14 2015 +0100
committer: Filip Pytloun <filip@pytloun.cz> Mon Nov 09 12:50:31 2015 +0100
tree: 395d1e492e9eeeaf66649cd27af75ed6a2f60b58
parent: ab43e7b3a628d48b2136ed7defa16a3b08b0eb4b [diff]
diff --git a/README.rst b/README.rst
index 1a2d8e1..19e037c 100644
--- a/README.rst
+++ b/README.rst

@@ -18,6 +18,7 @@
           chain:
             INPUT:
               enabled: true
+              policy: DROP
               rule:
                 httpd:
                   position: 1

diff --git a/iptables/service.sls b/iptables/service.sls
index f126bd2..ebccf0a 100644
--- a/iptables/service.sls
+++ b/iptables/service.sls

@@ -15,7 +15,14 @@
     - pkg: iptables_packages
 
 {%- for chain_name, chain in service.get('chain', {}).iteritems() %}
- 
+
+{%- if chain.policy is defined %}
+iptables_{{ chain_name }}_policy:
+  iptables.set_policy:
+    - chain: {{ chain_name }}
+    - policy: {{ chain.policy }}
+{%- endif %}
+
 {%- for rule_name, rule in chain.get('rule', {}).iteritems() %}
 
 iptables_{{ chain_name }}_{{ rule_name }}:
commit	9dc2a1a4fa27960e1085a1e79eea157155b89108	[log] [tgz]
author	Filip Pytloun <filip@pytloun.cz>	Mon Nov 09 12:50:14 2015 +0100
committer	Filip Pytloun <filip@pytloun.cz>	Mon Nov 09 12:50:31 2015 +0100
tree	395d1e492e9eeeaf66649cd27af75ed6a2f60b58
parent	ab43e7b3a628d48b2136ed7defa16a3b08b0eb4b [diff]