summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2023-11-14 19:50:21 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2023-11-14 19:50:21 +0100
commit2c76aa98d5fe49f57c94bde4cbe2ba5ca1ff338a (patch)
tree91ea002c66a77de393fa9a334eaa97f4d6b3dc27
parent2caac53749dece14825991ffcc267e913091e842 (diff)
downloadprolog-firewall-2c76aa98d5fe49f57c94bde4cbe2ba5ca1ff338a.tar.gz
prolog-firewall-2c76aa98d5fe49f57c94bde4cbe2ba5ca1ff338a.tar.bz2
prolog-firewall-2c76aa98d5fe49f57c94bde4cbe2ba5ca1ff338a.tar.xz
prolog-firewall-2c76aa98d5fe49f57c94bde4cbe2ba5ca1ff338a.zip
wip
-rw-r--r--6/bgp.pl2
-rwxr-xr-x6/bgp.py14
-rw-r--r--6/host_vars/hash/firewall.yaml13
-rw-r--r--6/host_vars/knot/firewall.yaml13
-rw-r--r--6/host_vars/kv24ix/firewall.yaml9
-rw-r--r--6/host_vars/lhn2ix/firewall.yaml9
-rw-r--r--6/main.pl2
7 files changed, 59 insertions, 3 deletions
diff --git a/6/bgp.pl b/6/bgp.pl
index f5f6597..0bf2e89 100644
--- a/6/bgp.pl
+++ b/6/bgp.pl
@@ -2,7 +2,7 @@
:- module(bgp, [
warning/1,
- create_firewall/1,
+ create_firewall/0,
neighbor/2,
bgp_config/2,
bird_config/1,
diff --git a/6/bgp.py b/6/bgp.py
index 2bd756a..d508762 100755
--- a/6/bgp.py
+++ b/6/bgp.py
@@ -13,10 +13,22 @@ def to_ansible(kind, hosts):
with PrologMQI() as mqi:
with mqi.create_thread() as p:
- result = p.query("consult(main)")
+ result = p.query("consult(main), main.")
print(result)
result = p.query("bgp:bird_config(BirdDict)")
r = result[0]["BirdDict"]
print(yaml.dump(r))
to_ansible("bgp", r)
+
+ hosts = {}
+ result = p.query("firewall:fw_rule(Host, Attrs).")
+# print(yaml.dump(result))
+ for r in result:
+ host = r["Host"]
+ if host not in hosts:
+ hosts[host] = h = {}
+ h["firewall_rules"] = rules = []
+ rules.append(r["Attrs"])
+
+ to_ansible("firewall", hosts)
diff --git a/6/host_vars/hash/firewall.yaml b/6/host_vars/hash/firewall.yaml
new file mode 100644
index 0000000..ce96f99
--- /dev/null
+++ b/6/host_vars/hash/firewall.yaml
@@ -0,0 +1,13 @@
+firewall_rules:
+- dst: fdf3:aad9:a885:0b3a::13
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::1
+- dst: fdf3:aad9:a885:0b3a::13
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::16
+- dst: fdf3:aad9:a885:0b3a::13
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::15
diff --git a/6/host_vars/knot/firewall.yaml b/6/host_vars/knot/firewall.yaml
new file mode 100644
index 0000000..a4f96d0
--- /dev/null
+++ b/6/host_vars/knot/firewall.yaml
@@ -0,0 +1,13 @@
+firewall_rules:
+- dst: fdf3:aad9:a885:0b3a::1
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::13
+- dst: fdf3:aad9:a885:0b3a::1
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::15
+- dst: fdf3:aad9:a885:0b3a::1
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::16
diff --git a/6/host_vars/kv24ix/firewall.yaml b/6/host_vars/kv24ix/firewall.yaml
new file mode 100644
index 0000000..e385a73
--- /dev/null
+++ b/6/host_vars/kv24ix/firewall.yaml
@@ -0,0 +1,9 @@
+firewall_rules:
+- dst: fdf3:aad9:a885:0b3a::16
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::1
+- dst: fdf3:aad9:a885:0b3a::16
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::13
diff --git a/6/host_vars/lhn2ix/firewall.yaml b/6/host_vars/lhn2ix/firewall.yaml
new file mode 100644
index 0000000..5a5beda
--- /dev/null
+++ b/6/host_vars/lhn2ix/firewall.yaml
@@ -0,0 +1,9 @@
+firewall_rules:
+- dst: fdf3:aad9:a885:0b3a::15
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::13
+- dst: fdf3:aad9:a885:0b3a::15
+ family: ip6
+ from: bgp
+ src: fdf3:aad9:a885:0b3a::1
diff --git a/6/main.pl b/6/main.pl
index ecfc295..5256ac0 100644
--- a/6/main.pl
+++ b/6/main.pl
@@ -1,7 +1,7 @@
:- dynamic fw_rule/2.
:- use_module(bgp, [
- create_firewall/1]).
+ create_firewall/0]).
print_warnings([]).
print_warnings([W|Ws]) :- format("Warning: ~w~n", [W]), print_warnings(Ws).