Timotej Lazar
29598ef4bb
Allow running playbooks without NetBox access. Mainly to bootstrap NetBox itself. Would prefer not to access network from filter plugins, so maybe do that at some point also.
27 lines
789 B
Django/Jinja
27 lines
789 B
Django/Jinja
table inet filter {
|
|
chain input {
|
|
tcp dport ssh accept
|
|
|
|
{% for service in services %}
|
|
{% set prefixes = service | allowed_prefixes %}
|
|
{% set prefixes4 = prefixes | selectattr('family.value', '==', 4) | map('string') %}
|
|
{% set prefixes6 = prefixes | selectattr('family.value', '==', 6) | map('string') %}
|
|
{% set ports = service.ports | compact_numlist %}
|
|
{% if 'name' in service %}
|
|
# service {{ service.name }}
|
|
{% endif %}
|
|
{% if prefixes4 or prefixes6 %}
|
|
{% if prefixes4 %}
|
|
ip saddr { {{ prefixes4 | join(', ') }} } tcp dport { {{ ports }} } accept
|
|
{% endif %}
|
|
{% if prefixes6 %}
|
|
ip6 saddr { {{ prefixes6 | join(', ') }} } tcp dport { {{ ports }} } accept
|
|
{% endif %}
|
|
{% else %}
|
|
tcp dport { {{ ports }} } accept
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
}
|
|
}
|