From 373298430be766c9a8803f98bafde3c3ca0f08bd Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 26 Jul 2023 16:31:22 -0400
Subject: [PATCH] only run iptables-restore if config file is valid

---
 salt/firewall/init.sls | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index f59a39aca..e4255ebbf 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -23,6 +23,10 @@ disable_firewalld:
 iptables_restore:
   cmd.run:
     - name: iptables-restore < /etc/sysconfig/iptables
+    - require:
+      - file: iptables_config
+    - onlyif:
+      - iptables-restore --test /etc/sysconfig/iptables
 
 enable_firewalld:
   service.running: