iptables/v1/v6_service.sls - salt-formulas/iptables - Gitiles

 {% from "iptables/map.jinja" import defaults,schema,service with context %}

   {%- if service.v6.enabled %}

 iptables_packages_v6:
   pkg.installed:
   - names: {{ service.v6.pkgs }}

 iptables_modules_v6_load:
   kmod.present:
   - persist: true
   - mods: {{ service.v6.modules }}
   - require:
     - pkg: iptables_packages_v6

 {{ service.v6.persistent_config }}:
   file.managed:
   - user: root
   - group: root
   - mode: 640
   - source: salt://iptables/v{{ schema.epoch }}/files/v6_rules
   - template: jinja
   - require:
     - pkg: iptables_packages_v6

     {% if grains['os'] == 'Ubuntu' %}

 iptables_services_v6_start:
   cmd.run:
   - name: find /usr/share/netfilter-persistent/plugins.d/[0-9]*-ip6tables -exec {} start \;
   - onlyif: test $(ip6tables-save | wc -l) -eq 0
   - require:
     - file: {{ service.v6.persistent_config }}
     - kmod: iptables_modules_v6_load

     {%- endif %}

 {{ service.v6.service }}:
   service.running:
   - enable: true
   - require:
     - file: {{ service.v6.persistent_config }}
     - kmod: iptables_modules_v6_load
   - watch:
     - file: {{ service.v6.persistent_config }}

 iptables_tables_cleanup_v6:
   module.wait:
   - name: iptables_extra.remove_stale_tables
   - config_file: {{ service.v6.persistent_config }}
   - family: ipv6
   - require:
     - file: {{ service.v6.persistent_config }}
   - watch:
     - file: {{ service.v6.persistent_config }}
   {%- else %}

     {% if grains['os'] == 'Ubuntu' %}

 iptables_services_v6_stop:
   cmd.run:
   - name: find /usr/share/netfilter-persistent/plugins.d/[0-9]*-ip6tables -exec {} flush \;
   - onlyif: test $(which ip6tables-save) -eq 0 && test $(ip6tables-save | wc -l) -ne 0

 {{ service.v6.persistent_config }}:
   file.absent:
   - require:
     - cmd: iptables_services_v6_stop

 iptables_tables_flush_v6:
   module.wait:
   - name: iptables_extra.flush_all
   - family: ipv6
   - watch:
     - file: {{ service.v6.persistent_config }}

     {%- endif %}

 {%- endif %}
	{% from "iptables/map.jinja" import defaults,schema,service with context %}

	{%- if service.v6.enabled %}

	iptables_packages_v6:
	pkg.installed:
	- names: {{ service.v6.pkgs }}

	iptables_modules_v6_load:
	kmod.present:
	- persist: true
	- mods: {{ service.v6.modules }}
	- require:
	- pkg: iptables_packages_v6

	{{ service.v6.persistent_config }}:
	file.managed:
	- user: root
	- group: root
	- mode: 640
	- source: salt://iptables/v{{ schema.epoch }}/files/v6_rules
	- template: jinja
	- require:
	- pkg: iptables_packages_v6

	{% if grains['os'] == 'Ubuntu' %}

	iptables_services_v6_start:
	cmd.run:
	- name: find /usr/share/netfilter-persistent/plugins.d/[0-9]*-ip6tables -exec {} start \;
	- onlyif: test $(ip6tables-save \| wc -l) -eq 0
	- require:
	- file: {{ service.v6.persistent_config }}
	- kmod: iptables_modules_v6_load

	{%- endif %}

	{{ service.v6.service }}:
	service.running:
	- enable: true
	- require:
	- file: {{ service.v6.persistent_config }}
	- kmod: iptables_modules_v6_load
	- watch:
	- file: {{ service.v6.persistent_config }}

	iptables_tables_cleanup_v6:
	module.wait:
	- name: iptables_extra.remove_stale_tables
	- config_file: {{ service.v6.persistent_config }}
	- family: ipv6
	- require:
	- file: {{ service.v6.persistent_config }}
	- watch:
	- file: {{ service.v6.persistent_config }}
	{%- else %}

	{% if grains['os'] == 'Ubuntu' %}

	iptables_services_v6_stop:
	cmd.run:
	- name: find /usr/share/netfilter-persistent/plugins.d/[0-9]*-ip6tables -exec {} flush \;
	- onlyif: test $(which ip6tables-save) -eq 0 && test $(ip6tables-save \| wc -l) -ne 0

	{{ service.v6.persistent_config }}:
	file.absent:
	- require:
	- cmd: iptables_services_v6_stop

	iptables_tables_flush_v6:
	module.wait:
	- name: iptables_extra.flush_all
	- family: ipv6
	- watch:
	- file: {{ service.v6.persistent_config }}

	{%- endif %}

	{%- endif %}