Add inside and outside roles for VLANs

Will probably rename inside/outside and office/server to int/ext.
2024-01-30 12:35:33 +01:00 · 2024-01-30 12:35:33 +01:00 · aeb124e346
commit aeb124e346
parent 0802dc8637
6 changed files with 65 additions and 22 deletions
--- a/roles/firewall/templates/frr.conf.j2
+++ b/roles/firewall/templates/frr.conf.j2
@ -86,11 +86,11 @@ ipv6 prefix-list default permit ::/0

 ip prefix-list fabric permit 10.34.0.0/24 ge 32

-{% for vlan in vlans %}
+{% for vlan in vlans | selectattr('role.slug', '==', 'inside') %}
 {% for prefix in query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vlan_id='~vlan.id, raw_data=true) %}
 {% if prefix.family.value == 4 %}
 ip prefix-list office permit {{ prefix.prefix }} ge 24
-{% else %}
+{% elif prefix.family.value == 6 %}
 ipv6 prefix-list office permit {{ prefix.prefix }} ge 64
 {% endif %}
 {% endfor %}
--- a/roles/firewall/templates/networks.nft.j2
+++ b/roles/firewall/templates/networks.nft.j2
@ -0,0 +1,9 @@
+{% for vlan in vlans %}
+set {{ vlan.name }}  {
+    type ipv4_addr; flags interval
+}
+set {{ vlan.name }}/6 {
+    type ipv6_addr; flags interval
+}
+
+{% endfor %}