From 8702781e3f712a009559d3d0793e05d2fa51394c Mon Sep 17 00:00:00 2001
From: "David J. M. Karlsen" <david@davidkarlsen.com>
Date: Thu, 24 Apr 2014 08:00:25 +0200
Subject: [PATCH] move out in separate state file

---
 openssh/init.sls           | 10 ----------
 openssh/iptables-input.sls | 12 ++++++++++++
 2 files changed, 12 insertions(+), 10 deletions(-)
 create mode 100644 openssh/iptables-input.sls

diff --git a/openssh/init.sls b/openssh/init.sls
index aeb7369..6d447fe 100644
--- a/openssh/init.sls
+++ b/openssh/init.sls
@@ -8,13 +8,3 @@ openssh:
     - name: {{ openssh.service }}
     - require:
       - pkg: {{ openssh.server }}
-  iptables.insert:
-    - table: filter
-    - chain: INPUT
-    - position: 1
-    - match: state
-    - connstate: NEW,ESTABLISHED
-    - dport: 22
-    - proto: tcp
-    - jump: ACCEPT
-    - save: True
diff --git a/openssh/iptables-input.sls b/openssh/iptables-input.sls
new file mode 100644
index 0000000..d8414f2
--- /dev/null
+++ b/openssh/iptables-input.sls
@@ -0,0 +1,12 @@
+sshd.iptables.input:
+  iptables.insert:
+    - table: filter
+    - chain: INPUT
+    - position: 1
+    - match: state
+    - connstate: NEW,ESTABLISHED
+    - dport: 22
+    - proto: tcp
+    - jump: ACCEPT
+    - save: True
+