Timotej Lazar
db397cb2b1
… instead of generating them from prefixes. A NetBox script can be used to create and configure all necessary data for a new VLAN. Instead of VLAN roles “inside" and “outside” we now create separate VRFs for inside VLANs to match the actual exit/firewall configuration. The “outside” VRF is for all VLANs that are directly accessible from the internet.
12 lines
455 B
Django/Jinja
12 lines
455 B
Django/Jinja
{# VRF outside is special, all others are inside but also firewalled from each other. #}
|
|
{% set inside_vrfs = interfaces | selectattr('parent') | selectattr('parent.name', '==', 'bridge')
|
|
| selectattr('vrf') | map(attribute='vrf') | rejectattr('name', '==', 'outside') -%}
|
|
|
|
# A separate VRF for each inside network so we can firewall between them.
|
|
{% for vrf in inside_vrfs %}
|
|
auto {{ vrf.name }}
|
|
iface {{ vrf.name }}
|
|
vrf-table auto
|
|
|
|
{% endfor %}
|