updated nftables state

states/_modules/bl.py

@@ -0,0 +1,15 @@
+#!/usr/bin/python3
+
+import json
+from urllib.request import urlopen, Request
+
+
+def get_ips(url="https://ipbl.paulbsd.com"):
+    """get_jobs fetch jobs from dkron"""
+    fullurl = f"{url}/ips"
+    req = Request(method="GET", url=fullurl)
+    res = urlopen(req)
+    results = json.loads(res.read())
+    if res.status == 200:
+        return results
+    return None

states/nftables/blacklist.nft.j2

@@ -1,2 +1,8 @@
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+{% set blackips = salt["bl.get_ips"]() %}
+
+{% if len(blackips) > 0 %}
+define blacklist = { {% blackips.join(",") %} }
+{% else %}
 define blacklist = { 127.255.255.255 }
+{% endif %}

states/nftables/config.sls

@@ -4,7 +4,6 @@ nftables-config-dir:
   file.directory:
     - name: {{ nftables.config_dir }}
 
-{%- if not salt['file.file_exists'](nftables.config_dir + "/blacklist.nft") %}
 nftables-blacklist-config:
   file.managed:
     - name: {{ nftables.config_dir }}/blacklist.nft
@@ -15,7 +14,6 @@ nftables-blacklist-config:
     - require:
       - pkg: nftables-pkg
       - file: nftables-config-dir
-{%- endif %}
 
 nftables-rules-config:
   file.managed: