26 lines
1.2 KiB
Django/Jinja
26 lines
1.2 KiB
Django/Jinja
{% set services = query('netbox.netbox.nb_lookup', 'clusters', raw_data=true, api_filter='name='+cluster)
|
|
| map(attribute='custom_fields.services') | flatten -%}
|
|
[OPTIONS]
|
|
|
|
enable: 1
|
|
|
|
[RULES]
|
|
|
|
IN Ping(ACCEPT) -log nolog # don’t be rude
|
|
IN SSH(ACCEPT) -i mgmt # for ansible etc.
|
|
IN ACCEPT -source {{ nodes | map('device_address') | flatten | selectattr('family.value', '==', 4) | map(attribute='address') | join(',') }} # my cluster
|
|
IN ACCEPT -source {{ nodes | map('device_address') | flatten | selectattr('family.value', '==', 6) | map(attribute='address') | join(',') }} # my cluster
|
|
{% for service in services %}
|
|
{% set prefixes = service | allowed_prefixes %}
|
|
{% set prefixes4 = prefixes | selectattr('family.value', '==', 4) | map('string') %}
|
|
{% set prefixes6 = prefixes | selectattr('family.value', '==', 6) | map('string') %}
|
|
{% set ports = service.ports | compact_numlist(range_delimiter=':') %}
|
|
{% if prefixes4 %}
|
|
IN ACCEPT -source {{ prefixes4 | join(',') }} -p {{ service.protocol }} -dport {{ ports }} # {{ service.name }}
|
|
{% endif %}
|
|
{% if prefixes6 %}
|
|
IN ACCEPT -source {{ prefixes6 | join(',') }} -p {{ service.protocol }} -dport {{ ports }} # {{ service.name }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|