Salt modules in state file

Question

salt.modules.iptables is great to use from command line but how can I use this in a state file.

First I want to check if iptables is running:

check_process:
  cmd.run:
    - name: ps aux | grep 'iptables'

Return True

If true: Then I will use salt.modules.iptables

salt 'myhost.domain.local' iptables.check filter INPUT rule='-m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT'

If false

salt 'myhost.domain.local' iptables.insert filter INPUT rule='-m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT'

Thanks for your information

iptables is almost never running. It only runs when someone is changing or querying the firewall rules. So is your test right? — Andrew Schulman, Apr 24 '18 at 14:02
Extra info: we use iptables and after installing check_mk (Nagios client) we would like to change iptables if necessary. That's it. — BdK, Apr 24 '18 at 14:23

score 0 · Answer 1 · answered May 05 '18 at 03:16

Your requirements are not that clear, but something like this should work. You will need to substitute the right package for your OS.

check_mk.sls:

install_check_mk:
  pkg.installed:
    - sources:
      - check_mk-agent: https://mathias-kettner.de/support/1.4.0p31/check-mk-raw-1.4.0p31_0.xenial_amd64.deb

check_mk_iptables:
  iptables.append:
    - table: filter
    - chain: INPUT
    - jump: ACCEPT
    - match: state
    - connstate: NEW
    - dport: 22
    - protocol: tcp
    - sport: 1025:65535
    - save: True
    - require:
      - pkg: install_check_mk

Salt modules in state file

1 Answers1