firewall_master: don’t define ipsets for VLAN groups
Was a harebrained idea from the start.
This commit is contained in:
parent
a97d133873
commit
aa82e5aa18
|
|
@ -1,6 +1,4 @@
|
||||||
{% set groups = vlans | map(attribute='name') | select('match', '.+-.+')
|
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', raw_data=true) -%}
|
||||||
| map('split', '-') | map('first') | unique -%}
|
|
||||||
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', raw_data=true) %}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
{% for vlan in vlans %}
|
{% for vlan in vlans %}
|
||||||
|
|
@ -8,14 +6,6 @@
|
||||||
"{{ vlan.name }}": {
|
"{{ vlan.name }}": {
|
||||||
"ip": {{ vlan_prefixes | ipv4 | to_json }},
|
"ip": {{ vlan_prefixes | ipv4 | to_json }},
|
||||||
"ip6": {{ vlan_prefixes | ipv6 | to_json }}
|
"ip6": {{ vlan_prefixes | ipv6 | to_json }}
|
||||||
}{% if not loop.last or groups %},{% endif +%}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
{% for group in groups %}
|
|
||||||
{% set group_prefixes = prefixes | selectattr('vlan') | selectattr('vlan.name', 'match', '^'~group) | map(attribute='prefix') %}
|
|
||||||
"{{ group }}": {
|
|
||||||
"ip": {{ group_prefixes | ipv4 | to_json }},
|
|
||||||
"ip6": {{ group_prefixes | ipv6 | to_json }}
|
|
||||||
}{% if not loop.last %},{% endif +%}
|
}{% if not loop.last %},{% endif +%}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue