---
iptables-service-config-1:
  file.managed:
    - name: /etc/systemd/system/iptables.service
    - source: salt://firewall/iptables.service.j2
    - template: jinja
    - watch_in:
      cmd: iptables-reload-systemd
    - require:
      - pkg: iptables-pkg

iptables-service-config-2:
  file.managed:
    - name: /lib/systemd/system/iptables.service
    - source: salt://firewall/iptables.service.j2
    - template: jinja
    - watch_in:
      cmd: iptables-reload-systemd
    - require:
      - pkg: iptables-pkg

iptables-reload-systemd:
  cmd.run:
    - name: systemctl daemon-reload
    - require:
      - pkg: iptables-pkg

iptables-service-script:
  file.managed:
    - name: /sbin/iptables-service
    - source: salt://firewall/iptables-service.j2
    - template: jinja
    - user: root
    - group: root
    - mode: 0755
    - require:
      - pkg: iptables-pkg

iptables-config-dir:
  file.directory:
    - name: /etc/iptables

iptables-main-config:
  file.managed:
    - name: /etc/iptables/iptables.conf
    - source: salt://firewall/iptables.conf.j2
    - template: jinja
    - watch_in:
      - service: iptables-service
    - require:
      - pkg: iptables-pkg
      - file: iptables-config-dir

iptables-reset-config:
  file.managed:
    - name: /etc/iptables/iptables.reset.conf
    - source: salt://firewall/iptables.conf.reset.j2
    - template: jinja
    - watch_in:
      - service: iptables-service
    - require:
      - pkg: iptables-pkg
      - file: iptables-config-dir

ip6tables-main-config:
  file.managed:
    - name: /etc/iptables/ip6tables.conf
    - source: salt://firewall/ip6tables.conf.j2
    - template: jinja
    - watch_in:
      - service: iptables-service
    - require:
      - pkg: iptables-pkg
      - file: iptables-config-dir

ip6tables-reset-config:
  file.managed:
    - name: /etc/iptables/ip6tables.reset.conf
    - source: salt://firewall/ip6tables.conf.reset.j2
    - template: jinja
    - watch_in:
      - service: iptables-service
    - require:
      - pkg: iptables-pkg
      - file: iptables-config-dir

iptables-service:
  service.running:
    - name: iptables
    - enable: true
    - require:
      - pkg: iptables-pkg