ufw not installed:
  pkg.removed:
    - name: ufw

firewalld installed:
  pkg.installed:
    - name: firewalld

firewalld service running:
  service.running:
    - name: firewalld

fail2ban installed:
  pkg.installed:
    - name: fail2ban

fail2ban service running:
  service.running:
    - name: fail2ban

firewalld public zone setup:
  firewalld.present:
    - name: public
    - block_icmp:
      - echo-reply
      - echo-request
    - default: True
    - masquerade: True
    - ports:
      {% for port, protocol in salt['pillar.get']('basics:firewall:ports').items() %}
      - {{ port }}/{{ protocol }}
      {% endfor %}