Before we relied on the combined data being present in ipsets.json
when generating a new config, but ipsets.json is only updated through
the form at /ipsets. So submitting any other form after changing
NetBox definitions might crash when trying to find an entry from
networks.json in ipsets.json.
Now we introduce a helper functon to always read both files and
combine the prefixes fron networks.json with ipsets.json. This way it
is not necessary to save a new ipsets.json before other changes.
Also don’t crash when enumerating networks for each VPN group.
Address rules by name instead of index. Still problematic if the rules
are changed while someone is managing them, but with names it’s
more likely to just not work instead of enabling or disabling the
wrong rule.
Also prevent bringing down the whole network with a single click.
I have tried every possible permutation and I think this is the one.
NetBox-managed IP prefixes are pushed with ansible to firewall master.
The managed prefixes are added to custom IP sets defined in the app,
but only NAT addresses and VPN groups can be configured for them.
This way all NAT and VPN policy is (again) configured in the app. Also
both NetBox-managed and user-defined networks are treated the same.
Also improve^Wtweak config generation. Also templates.
Timotej Lazar