.

salt/states/firewalld/init.sls

@@ -65,3 +65,14 @@ Configure firewalld for vlan networks:
       - https
       - dns
       - ntp
+
+Add forwarding on Internal zone:
+  cmd.run:
+    - name: firewall-cmd --permanent --zone=internal --add-forward
+    - unless: bash -c "if [[ \"$(firewall-cmd --zone=internal --list-all | sed -n 's/.* forward. \(.*\)$/\1/p')\" = \"yes\" ]]; then exit 0; else exit 1;fi"
+
+Reload firewalld:
+  cmd.run:
+    - name: firewall-cmd --reload
+    - onchanges:
+      - cmd: Add forwarding on Internal zone