CUL Handling of iptables rules within individual states, using Salt Stack

CUL iptables handling

iptables:
  pkg:
    - installed
  service:
    - running
    - enable: True
    - reload: True
    - require:
      - pkg: iptables

/etc/sysconfig/iptables.d:
  file:
    - directory
    - user: root
    - group: root
    - mode: 550
    - require:
      - pkg: iptables

iptables_update:
  cmd:
    - wait
    - name: /usr/bin/salt-compose-file /etc/sysconfig/iptables.d/ iptables /etc/sysconfig/iptables
    - stateful: True
    - watch_in:
      - service: iptables
    - require:
      - file: /usr/bin/salt-compose-file
      
# /usr/bin/salt-compose file <source dir> <look for files ending in .this> <output to this file>
# In source dir, cat together everything ending in .<this>, if the generated file is different
# than <output to this file>, replace it. The output of the command follows the Salt `stateful'
# protocol

# Example use
# IPTables Rules
/etc/sysconfig/iptables.d/50-mail-server.iptables:
  file:
    - managed
    - user: root
    - group: root
    - mode: 444
    - source: salt://mailserver/50-mail-server.iptables
    - template: jinja
    - require:
      - file: /etc/sysconfig/iptables.d
    - watch_in:
      - cmd: iptables_update