[root@host]# cat /srv/pillar/firewalld/init.sls # CentOS7 FirewallD firewall firewalld: enabled: True default_zone: public zones: public: short: Public description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted." services: - http - zabbixcustom - https - ssh - salt-minion rich_rules: - family: ipv4 source: address: 8.8.8.8/24 accept: true ports: {% if grains['id'] == 'myhost.alexlinux.lan' %} - comment: salt-master port: 4505 protocol: tcp - comment: salt-python port: 4506 protocol: tcp {% endif %} - comment: zabbix-agent port: 10050 protocol: tcp - comment: bacula-client port: 9102 protocol: tcp - comment: vsftpd port: 21 protocol: tcp