rc/network
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

exit: store VLAN interface addresses in NetBox

Browse source 
… instead of generating them from prefixes. A NetBox script can be
used to create and configure all necessary data for a new VLAN.

Instead of VLAN roles “inside" and “outside” we now create separate
VRFs for inside VLANs to match the actual exit/firewall configuration.
The “outside” VRF is for all VLANs that are directly accessible from
the internet.
This commit is contained in:
Timotej Lazar 2024-04-10 14:03:50 +02:00
parent ece3b8a377
commit db397cb2b1
7 changed files with 32 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/firewall/templates/frr.conf.j2
View file

@ -82,13 +82,15 @@ ipv6 prefix-list default permit ::/0
ip prefix-list fabric permit 10.34.0.0/24 ge 32
{% for vlan in vlans | selectattr('role.slug', '==', 'inside') %}
{% for vlan in vlans %}
{% for prefix in query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vlan_id='~vlan.id, raw_data=true) %}
{% if prefix.vrf and prefix.vrf.name != 'outside' %}
{% if prefix.family.value == 4 %}
ip prefix-list office permit {{ prefix.prefix }} ge 24
{% elif prefix.family.value == 6 %}
ipv6 prefix-list office permit {{ prefix.prefix }} ge 64
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}