friwall/web/templates/rules/edit.html

{% extends 'base.html' %}
{% block header %}
<style>
hr {
    border-style: dotted;
    border-color: gray;
    border-width: 1px 0 0;
}
tbody > tr:nth-child(odd) {
    background-color: #eeeeee;
}
td {
    vertical-align: top;
}
</style>
{% endblock %}

{% block content %}
<p>
Urejate pravilo #{{ index }} (<a href="{{ url_for('rules.index') }}">seznam pravil</a>). Pravila so vključena v <a href="https://wiki.nftables.org">nftables</a> <em>filter chain</em> na požarnem zidu. Povzetek filtrov najdemo <a href="https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Matches">v dokumentaciji</a>.
<form id="request" method="POST">
<p>
<label for="name">Ime</label><br>
<input id="name" name="name" value="{{ rule.name }}" />

<p>
<label for="newmanager">Skupine, ki lahko o(ne)mogočijo pravilo</label>
<br>
{% for manager in rule.managers %}
<input name="manager" type="text" style="width: 50%" value="{{ manager }}" /><br>
{% endfor %}
<input id="newmanager" name="manager" type="text" style="width: 50%" value="" />

<p>
<label for="text">Pravila nftables</label>
<textarea id="text" name="text" style="width: 100%; height: 8em;" placeholder="iif @inside ip saddr @from ip daddr @to accept
iif @inside ip6 saddr @from/6 ip6 daddr @to/6 accept">
{{- rule.text }}
</textarea>
<p><button id="submit" type="submit">Shrani</button>
</form>

<hr>

<p>
Promet z naslova <em>src</em> iz zunanjega omrežja na naslov <em>dst</em> na notranjem dovolimo z

<pre><code>iif @outside oif @inside ip saddr src ip daddr dst accept</code></pre>

<p>
Za naslova <em>src</em> in <em>dst</em> lahko uporabimo <a href="{{ url_for('ipsets.index') }}">definirana omrežja</a>, prikazana v spodnji tabeli. Za omrežje <code>net</code> uporabimo oznaki <code>@net</code> in <code>@net/6</code> za naslove IPv4 in IPv6. Da npr. preprečimo povezave iz omrežja <code>classroom</code> izven omrežja FRI, uporabimo pravili

<pre><code>iif @inside ip saddr @classroom ip daddr != @fri drop
iif @inside ip6 saddr @classroom/6 ip6 daddr != @fri/6 drop</code></pre>

<table style="width: 100%;">
<thead>
<th>Omrežje
<th>IP
<th>IPv6
<th>VPN
<tbody>
{% for name, data in ipsets.items() %}
<tr>
<td>{{ name }}
<td>{{ data.ip|join('<br>')|safe }}
<td>{{ data.ip6|join('<br>')|safe }}
<td>{{ data.vpn }}
{% endfor %}
</table>

{% endblock %}
Add support for managing forwarding rules 2023-05-29 10:24:21 +00:00			`{% extends 'base.html' %}`
Consolidate NAT and VPN settings into IP sets I have tried every possible permutation and I think this is the one. NetBox-managed IP prefixes are pushed with ansible to firewall master. The managed prefixes are added to custom IP sets defined in the app, but only NAT addresses and VPN groups can be configured for them. This way all NAT and VPN policy is (again) configured in the app. Also both NetBox-managed and user-defined networks are treated the same. Also improve^Wtweak config generation. Also templates. 2024-04-30 13:13:50 +00:00			`{% block header %}`
			`<style>`
Add some words to templates Also some tags. Also remove some other words and some other tags. 2024-05-02 21:33:13 +00:00			`hr {`
			`border-style: dotted;`
			`border-color: gray;`
			`border-width: 1px 0 0;`
			`}`
Consolidate NAT and VPN settings into IP sets I have tried every possible permutation and I think this is the one. NetBox-managed IP prefixes are pushed with ansible to firewall master. The managed prefixes are added to custom IP sets defined in the app, but only NAT addresses and VPN groups can be configured for them. This way all NAT and VPN policy is (again) configured in the app. Also both NetBox-managed and user-defined networks are treated the same. Also improve^Wtweak config generation. Also templates. 2024-04-30 13:13:50 +00:00			`tbody > tr:nth-child(odd) {`
			`background-color: #eeeeee;`
			`}`
			`td {`
			`vertical-align: top;`
			`}`
			`</style>`
			`{% endblock %}`
Add support for managing forwarding rules 2023-05-29 10:24:21 +00:00
			`{% block content %}`
			`<p>`
Add some words to templates Also some tags. Also remove some other words and some other tags. 2024-05-02 21:33:13 +00:00			`Urejate pravilo #{{ index }} (<a href="{{ url_for('rules.index') }}">seznam pravil</a>). Pravila so vključena v <a href="https://wiki.nftables.org">nftables</a> <em>filter chain</em> na požarnem zidu. Povzetek filtrov najdemo <a href="https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Matches">v dokumentaciji</a>.`
Add support for managing forwarding rules 2023-05-29 10:24:21 +00:00			`<form id="request" method="POST">`
			`<p>`
			`<label for="name">Ime</label><br>`
Add some words to templates Also some tags. Also remove some other words and some other tags. 2024-05-02 21:33:13 +00:00			`<input id="name" name="name" value="{{ rule.name }}" />`
Add support for managing forwarding rules 2023-05-29 10:24:21 +00:00
			`<p>`
Add some words to templates Also some tags. Also remove some other words and some other tags. 2024-05-02 21:33:13 +00:00			`<label for="newmanager">Skupine, ki lahko o(ne)mogočijo pravilo</label>`
			`<br>`
Add support for managing forwarding rules 2023-05-29 10:24:21 +00:00			`{% for manager in rule.managers %}`
			`<input name="manager" type="text" style="width: 50%" value="{{ manager }}" /><br>`
			`{% endfor %}`
Add some words to templates Also some tags. Also remove some other words and some other tags. 2024-05-02 21:33:13 +00:00			`<input id="newmanager" name="manager" type="text" style="width: 50%" value="" />`
Add support for managing forwarding rules 2023-05-29 10:24:21 +00:00
			`<p>`
			`<label for="text">Pravila nftables</label>`
Add some words to templates Also some tags. Also remove some other words and some other tags. 2024-05-02 21:33:13 +00:00			`<textarea id="text" name="text" style="width: 100%; height: 8em;" placeholder="iif @inside ip saddr @from ip daddr @to accept iif @inside ip6 saddr @from/6 ip6 daddr @to/6 accept">`
Consolidate NAT and VPN settings into IP sets I have tried every possible permutation and I think this is the one. NetBox-managed IP prefixes are pushed with ansible to firewall master. The managed prefixes are added to custom IP sets defined in the app, but only NAT addresses and VPN groups can be configured for them. This way all NAT and VPN policy is (again) configured in the app. Also both NetBox-managed and user-defined networks are treated the same. Also improve^Wtweak config generation. Also templates. 2024-04-30 13:13:50 +00:00			`{{- rule.text }}`
			`</textarea>`
Add support for managing forwarding rules 2023-05-29 10:24:21 +00:00			`<p><button id="submit" type="submit">Shrani</button>`
			`</form>`

Add some words to templates Also some tags. Also remove some other words and some other tags. 2024-05-02 21:33:13 +00:00			`<hr>`

Consolidate NAT and VPN settings into IP sets I have tried every possible permutation and I think this is the one. NetBox-managed IP prefixes are pushed with ansible to firewall master. The managed prefixes are added to custom IP sets defined in the app, but only NAT addresses and VPN groups can be configured for them. This way all NAT and VPN policy is (again) configured in the app. Also both NetBox-managed and user-defined networks are treated the same. Also improve^Wtweak config generation. Also templates. 2024-04-30 13:13:50 +00:00			`<p>`
Add some words to templates Also some tags. Also remove some other words and some other tags. 2024-05-02 21:33:13 +00:00			`Promet z naslova <em>src</em> iz zunanjega omrežja na naslov <em>dst</em> na notranjem dovolimo z`

			`<pre><code>iif @outside oif @inside ip saddr src ip daddr dst accept</code></pre>`

			`<p>`
			`Za naslova <em>src</em> in <em>dst</em> lahko uporabimo <a href="{{ url_for('ipsets.index') }}">definirana omrežja</a>, prikazana v spodnji tabeli. Za omrežje <code>net</code> uporabimo oznaki <code>@net</code> in <code>@net/6</code> za naslove IPv4 in IPv6. Da npr. preprečimo povezave iz omrežja <code>classroom</code> izven omrežja FRI, uporabimo pravili`

			`<pre><code>iif @inside ip saddr @classroom ip daddr != @fri drop`
			`iif @inside ip6 saddr @classroom/6 ip6 daddr != @fri/6 drop</code></pre>`
Consolidate NAT and VPN settings into IP sets I have tried every possible permutation and I think this is the one. NetBox-managed IP prefixes are pushed with ansible to firewall master. The managed prefixes are added to custom IP sets defined in the app, but only NAT addresses and VPN groups can be configured for them. This way all NAT and VPN policy is (again) configured in the app. Also both NetBox-managed and user-defined networks are treated the same. Also improve^Wtweak config generation. Also templates. 2024-04-30 13:13:50 +00:00
			`<table style="width: 100%;">`
Add form for editing ipsets 2023-07-24 13:45:45 +00:00			`<thead>`
Consolidate NAT and VPN settings into IP sets I have tried every possible permutation and I think this is the one. NetBox-managed IP prefixes are pushed with ansible to firewall master. The managed prefixes are added to custom IP sets defined in the app, but only NAT addresses and VPN groups can be configured for them. This way all NAT and VPN policy is (again) configured in the app. Also both NetBox-managed and user-defined networks are treated the same. Also improve^Wtweak config generation. Also templates. 2024-04-30 13:13:50 +00:00			`<th>Omrežje`
			`<th>IP`
			`<th>IPv6`
			`<th>VPN`
Add form for editing ipsets 2023-07-24 13:45:45 +00:00			`<tbody>`
Consolidate NAT and VPN settings into IP sets I have tried every possible permutation and I think this is the one. NetBox-managed IP prefixes are pushed with ansible to firewall master. The managed prefixes are added to custom IP sets defined in the app, but only NAT addresses and VPN groups can be configured for them. This way all NAT and VPN policy is (again) configured in the app. Also both NetBox-managed and user-defined networks are treated the same. Also improve^Wtweak config generation. Also templates. 2024-04-30 13:13:50 +00:00			`{% for name, data in ipsets.items() %}`
Add form for editing ipsets 2023-07-24 13:45:45 +00:00			`<tr>`
Consolidate NAT and VPN settings into IP sets I have tried every possible permutation and I think this is the one. NetBox-managed IP prefixes are pushed with ansible to firewall master. The managed prefixes are added to custom IP sets defined in the app, but only NAT addresses and VPN groups can be configured for them. This way all NAT and VPN policy is (again) configured in the app. Also both NetBox-managed and user-defined networks are treated the same. Also improve^Wtweak config generation. Also templates. 2024-04-30 13:13:50 +00:00			`<td>{{ name }}`
			`<td>{{ data.ip\|join('<br>')\|safe }}`
			`<td>{{ data.ip6\|join('<br>')\|safe }}`
			`<td>{{ data.vpn }}`
Add form for editing ipsets 2023-07-24 13:45:45 +00:00			`{% endfor %}`
			`</table>`

Add support for managing forwarding rules 2023-05-29 10:24:21 +00:00			`{% endblock %}`