exit: import firewalls’ addresses into inside VRFs

Mostly so that the backup firewall is reachable from inside. Without this, such traffic would be routed towards the active firewall and dropped there.
2025-07-18 15:11:11 +02:00 · 2025-07-18 15:11:11 +02:00 · 9b03b002f7
commit 9b03b002f7
parent 617e0689f1
2 changed files with 23 additions and 0 deletions
--- a/filter_plugins/netbox.py
+++ b/filter_plugins/netbox.py
@ -8,6 +8,7 @@ class FilterModule(object):
    def filters(self):
        return {
            'compact_numlist': self.compact_numlist,
+            'device_address': self.device_address,
            'iface_real': self.iface_real,
            'iface_peer': self.iface_peer,
            'iface_vlans': self.iface_vlans
@ -27,6 +28,13 @@ class FilterModule(object):
            i = j
        return delimiter.join(spans)

+    def device_address(self, device):
+        '''Return loopback IP addresses for an L3 attached device'''
+        for iface in device['interfaces']:
+            for addr in iface['ip_addresses']:
+                if addr.get('role') and addr['role'].get('value') == 'loopback':
+                    yield addr
+
    def iface_real(self, interfaces):
        '''Return only non-virtual interfaces'''
        for iface in interfaces: