rc/friwall
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Do not configure prefixes defined in NetBox

Browse source 
Push them to firewall nodes with ansible instead, as they will only
change in NetBox. Also don’t mess around with ipset “groups” based on
hyphenation, which was probably a bad idea.

With more data included in NetBox I am thinking we should configure
NAT and other stuff with ansible also, but let’s start small.
This commit is contained in:
Timotej Lazar 2024-03-18 17:33:12 +01:00
parent a8abf580f9
commit c3e35777e0
1 changed files with 3 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
web/system.py
View file

@ -42,15 +42,6 @@ def run(fun, args=()):
fun(*args)
multiprocessing.Process(target=task).start()
# For a network named 'xyzzy-foo', return xyzzy. Used for creating
# ipsets for office-* and server-* networks.
def network_group(name):
match name.split('-'):
case group, _:
return group
case _:
return None
def ipset_add(ipsets, name, ip=None, ip6=None):
ipsets[name].update(ip or ())
ipsets[f'{name}/6'].update(ip6 or ())
@ -95,11 +86,10 @@ def save_config():
# Populate IP sets.
ipsets = collections.defaultdict(set)
# Sets corresponding to VLANs in NetBox. Prefixes for these sets are configured on firewall nodes with ansible.
for name, network in db.read('networks').items():
if group := network_group(name):
ipset_add(ipsets, group, network.get('ip'), network.get('ip6'))
ipset_add(ipsets, name, network.get('ip'), network.get('ip6'))
ipset_add(ipsets, name)
# Sets defined by user in friwall app.
for name, network in db.read('ipsets').items():
ipset_add(ipsets, name, network.get('ip'), network.get('ip6'))
@ -110,8 +100,6 @@ def save_config():
ip4 = [f'{ip}/32']
ip6 = [f'{key["ip6"]}'] if key.get('ip6') else None
for network in user_networks.get(key.get('user', ''), ()):
if group := network_group(network):
ipset_add(ipsets, group, ip4, ip6)
ipset_add(ipsets, network, ip4, ip6)
# Create config files.