From cc5536a5115684eca2cc585531e392ab4a77d6ba Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Fri, 21 Sep 2018 08:57:35 -0400
Subject: [PATCH] Firewall Module - Add Firewall rules specific to masters

---
 pillar/firewall/masterfw.sls |  3 ++-
 salt/firewall/init.sls       | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/pillar/firewall/masterfw.sls b/pillar/firewall/masterfw.sls
index 3945ddb68..d424812c4 100644
--- a/pillar/firewall/masterfw.sls
+++ b/pillar/firewall/masterfw.sls
@@ -1 +1,2 @@
-#masterfw.sls
\ No newline at end of file
+masterfw:
+  - 127.0.0.1
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 4720d7f32..c3fdac0e3 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -101,6 +101,21 @@ enable_docker_user_established:
 # Rules if you are a Master
 {% if grains['role'] == 'so-master' %}
 
+{% for ip in pillar.get('masterfw')  %}
+# Allow Redis
+enable_maternode_redis_6379_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 6379
+    - position: 1
+    - save: True
+
+{% endfor %}
+
 # Make it so all the minions can talk to salt and update etc.
 {% for ip in pillar.get('minions')  %}