From 73841b0bc3d4405cb36edb39bc4509cf8837dbf4 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 19 Jun 2018 10:10:03 -0400
Subject: [PATCH] Firewall Module - Allow Minions to connect to salt

---
 salt/firewall/init.sls | 40 +++++++++++++++++++++-------------------
 1 file changed, 21 insertions(+), 19 deletions(-)

diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index b6ff6e549..2d1ca8b3f 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -1,4 +1,3 @@
-{% set minions = salt['pillar.get']('firewall.minions', {}) %}
 # Default Rules for everyone
 
 # Keep localhost in the game
@@ -53,28 +52,31 @@ enable_reject_policy:
 
 # Rules if you are a Master
 {% if grains['role'] == 'so-master' %}
+{% set minions = salt['pillar.get']('firewall.minions', {}) %}
 {% for ip in minions.get('minion_ips', []) %}
 
-  enable_salt_minions_4505:
-    iptables.append:
-      - table: filter
-      - chain: INPUT
-      - jump: ACCEPT
-      - proto: tcp
-      - source: {{ ip }}
-      - dport: 4505
-      - save: True
+enable_salt_minions_4505:
+  iptables.append:
+    - table: filter
+    - chain: INPUT
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 4505
+    - save: True
+
+enable_salt_minions_4506:
+  iptables.append:
+    - table: filter
+    - chain: INPUT
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 4506
+    - save: True
 
-  enable_salt_minions_4506:
-    iptables.append:
-      - table: filter
-      - chain: INPUT
-      - jump: ACCEPT
-      - proto: tcp
-      - source: {{ ip }}
-      - dport: 4506
-      - save: True
 {% endfor %}
+
 {% endif %}
 
 # Rules if you are a Storage Node