diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2023-11-25 20:21:17 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2023-11-25 20:21:17 +0100 |
commit | 9b7f4894467d8763419d8c29a49df72ee149be06 (patch) | |
tree | 49b624a19848cdab372cff55bf8d110ee72a858e | |
parent | b239a07aa42d0fcba8cb84c554674c744d872041 (diff) | |
download | prolog-firewall-9b7f4894467d8763419d8c29a49df72ee149be06.tar.gz prolog-firewall-9b7f4894467d8763419d8c29a49df72ee149be06.tar.bz2 prolog-firewall-9b7f4894467d8763419d8c29a49df72ee149be06.tar.xz prolog-firewall-9b7f4894467d8763419d8c29a49df72ee149be06.zip |
-rw-r--r-- | 7/bgp.pl | 4 | ||||
-rw-r--r-- | 7/firewall.pl | 10 | ||||
-rw-r--r-- | 7/host_vars/hash/firewall.csv | 4 | ||||
-rw-r--r-- | 7/host_vars/knot/firewall.csv | 4 | ||||
-rw-r--r-- | 7/host_vars/kv24ix/firewall.csv | 3 | ||||
-rw-r--r-- | 7/host_vars/lhn2ix/firewall.csv | 3 |
6 files changed, 22 insertions, 6 deletions
@@ -97,7 +97,7 @@ create_firewall :- maplist(assert_fw, Goals). assert_fw(fw(Host, Attrs)) :- - put_assoc("from", Attrs, bgp, Attrs2), + put_assoc(from, Attrs, bgp, Attrs2), R = firewall:fw_rule(Host, Attrs2), format("~w", [R]),nl, asserta(R). @@ -108,4 +108,4 @@ fw(Host, Attr) :- hosts:host_config(Remote, RemoteConfig), get_assoc(ip, RemoteConfig, Src), get_assoc(ip, HostConfig, Dst), - utils:to_assoc({src:Src, dst:Dst, family:ip6}, Attr). + utils:to_assoc({src:Src, dst:Dst, family:ip6, port: 179}, Attr). diff --git a/7/firewall.pl b/7/firewall.pl index 7e7b7e7..b1c2a14 100644 --- a/7/firewall.pl +++ b/7/firewall.pl @@ -22,7 +22,7 @@ warning(Msg) :- fw_rule(Host, Attr), - \+ get_assoc("from", Attr, _), + \+ get_assoc(from, Attr, _), format("Missing 'from' on fw_rule for host '~w', ~w", [Host, Attr], Msg). rules_from(From, Rules) :- @@ -30,7 +30,7 @@ rules_from(From, Rules) :- fw_rule(H, Attr), ( fw_rule(H, Attr), - get_assoc("from", Attr, From) + get_assoc(from, Attr, From) ), Rules). @@ -62,10 +62,12 @@ to_csv(Host, Attrs, Row) :- get_opt(family, Attrs, Family), get_opt(src, Attrs, Src), get_opt(dst, Attrs, Dst), - Row = [Host, Family, Src, Dst]. + get_opt(proto, Attrs, Proto), + get_opt(port, Attrs, Port), + Row = [Host, Family, Src, Dst, Proto, Port]. ansible_firewall(File, Host) :- format("ansible_firewall: ~s~n", [File]), findall(Attrs, fw_rule(Host, Attrs), Rules), maplist(to_csv(Host), Rules, Rows), - write_csv(File, frame(['host','family','src','dst'], Rows)). + write_csv(File, frame(['host','family','src','dst', 'port'], Rows)). diff --git a/7/host_vars/hash/firewall.csv b/7/host_vars/hash/firewall.csv new file mode 100644 index 0000000..5fbf83b --- /dev/null +++ b/7/host_vars/hash/firewall.csv @@ -0,0 +1,4 @@ +host,family,src,dst,port +hash,ip6,fdf3:aad9:a885:0b3a::15,fdf3:aad9:a885:0b3a::13,,179 +hash,ip6,fdf3:aad9:a885:0b3a::16,fdf3:aad9:a885:0b3a::13,,179 +hash,ip6,fdf3:aad9:a885:0b3a::1,fdf3:aad9:a885:0b3a::13,,179
\ No newline at end of file diff --git a/7/host_vars/knot/firewall.csv b/7/host_vars/knot/firewall.csv new file mode 100644 index 0000000..5f74bd9 --- /dev/null +++ b/7/host_vars/knot/firewall.csv @@ -0,0 +1,4 @@ +host,family,src,dst,port +knot,ip6,fdf3:aad9:a885:0b3a::16,fdf3:aad9:a885:0b3a::1,,179 +knot,ip6,fdf3:aad9:a885:0b3a::15,fdf3:aad9:a885:0b3a::1,,179 +knot,ip6,fdf3:aad9:a885:0b3a::13,fdf3:aad9:a885:0b3a::1,,179
\ No newline at end of file diff --git a/7/host_vars/kv24ix/firewall.csv b/7/host_vars/kv24ix/firewall.csv new file mode 100644 index 0000000..164bbac --- /dev/null +++ b/7/host_vars/kv24ix/firewall.csv @@ -0,0 +1,3 @@ +host,family,src,dst,port +kv24ix,ip6,fdf3:aad9:a885:0b3a::13,fdf3:aad9:a885:0b3a::16,,179 +kv24ix,ip6,fdf3:aad9:a885:0b3a::1,fdf3:aad9:a885:0b3a::16,,179
\ No newline at end of file diff --git a/7/host_vars/lhn2ix/firewall.csv b/7/host_vars/lhn2ix/firewall.csv new file mode 100644 index 0000000..92b876c --- /dev/null +++ b/7/host_vars/lhn2ix/firewall.csv @@ -0,0 +1,3 @@ +host,family,src,dst,port +lhn2ix,ip6,fdf3:aad9:a885:0b3a::1,fdf3:aad9:a885:0b3a::15,,179 +lhn2ix,ip6,fdf3:aad9:a885:0b3a::13,fdf3:aad9:a885:0b3a::15,,179
\ No newline at end of file |