system_firewall_pkgs:
  pkg.installed:
    - pkgs:
        - iptables

system_firewall_rules:
  file.managed:
    - name: /etc/iptables/rules-save
    - source: salt://{{ tpldir }}/files/firewall_rules.v4.jinja
    - template: jinja
    - context:
        STATE: {{ sls }}
        ALLOWED_PORTS: [443, 25565]
    - user: root
    - group: root
    - mode: '0600'
    - makedirs: true
    - require:
      - system_firewall_pkgs

system_firewall_service_enable:
  service.enabled:
    - name: iptables
    - require:
      - system_firewall_pkgs
      - system_firewall_rules

system_firewall_service_reload:
  service.running:
    - name: iptables
    - enable: true
    - reload: true
    - watch:
      - file: /etc/iptables/rules-save
    - require:
      - system_firewall_pkgs
      - system_firewall_service_reload