rc/network
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

firewall_master: don’t define ipsets for VLAN groups

Browse source 
Was a harebrained idea from the start.
This commit is contained in:
Timotej Lazar 2024-03-19 09:45:23 +01:00
parent a97d133873
commit aa82e5aa18
1 changed files with 1 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
roles/firewall_master/templates/networks.json.j2
View file

@ -1,6 +1,4 @@
{% set groups = vlans | map(attribute='name') | select('match', '.+-.+')
| map('split', '-') | map('first') | unique -%}
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', raw_data=true) %}
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', raw_data=true) -%}
{
{% for vlan in vlans %}
@ -8,14 +6,6 @@
"{{ vlan.name }}": {
"ip": {{ vlan_prefixes | ipv4 | to_json }},
"ip6": {{ vlan_prefixes | ipv6 | to_json }}
}{% if not loop.last or groups %},{% endif +%}
{% endfor %}
{% for group in groups %}
{% set group_prefixes = prefixes | selectattr('vlan') | selectattr('vlan.name', 'match', '^'~group) | map(attribute='prefix') %}
"{{ group }}": {
"ip": {{ group_prefixes | ipv4 | to_json }},
"ip6": {{ group_prefixes | ipv6 | to_json }}
}{% if not loop.last %},{% endif +%}
{% endfor %}
}