From 102e666a35452cf60469d1196c87b97e37dcc678 Mon Sep 17 00:00:00 2001
From: "David J. M. Karlsen" <david@davidkarlsen.com>
Date: Wed, 23 Apr 2014 21:50:54 +0200
Subject: [PATCH] add inbound iptables rule

---
 postfix/iptables-input.sls | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 postfix/iptables-input.sls

diff --git a/postfix/iptables-input.sls b/postfix/iptables-input.sls
new file mode 100644
index 0000000..9510c6c
--- /dev/null
+++ b/postfix/iptables-input.sls
@@ -0,0 +1,24 @@
+smtp.input:
+  iptables.chain_present:
+    -
+
+tcp:
+  iptables.insert:
+    - table: filter
+    - position: 1
+    - chain: smtp.input
+    - jump: ACCEPT
+    - match: state
+    - connstate: NEW,ESTABLISHED
+    - dport: 25
+    - proto: tcp
+    - save: True
+
+filter:
+  iptables.insert:
+    - table: filter
+    - position: 1
+    - chain: INPUT
+    - jump: smtp.input
+    - save: True
+