From 9b7f4894467d8763419d8c29a49df72ee149be06 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Sat, 25 Nov 2023 20:21:17 +0100 Subject: wip --- 7/bgp.pl | 4 ++-- 7/firewall.pl | 10 ++++++---- 7/host_vars/hash/firewall.csv | 4 ++++ 7/host_vars/knot/firewall.csv | 4 ++++ 7/host_vars/kv24ix/firewall.csv | 3 +++ 7/host_vars/lhn2ix/firewall.csv | 3 +++ 6 files changed, 22 insertions(+), 6 deletions(-) create mode 100644 7/host_vars/hash/firewall.csv create mode 100644 7/host_vars/knot/firewall.csv create mode 100644 7/host_vars/kv24ix/firewall.csv create mode 100644 7/host_vars/lhn2ix/firewall.csv diff --git a/7/bgp.pl b/7/bgp.pl index 95b8f58..c4843d0 100644 --- a/7/bgp.pl +++ b/7/bgp.pl @@ -97,7 +97,7 @@ create_firewall :- maplist(assert_fw, Goals). assert_fw(fw(Host, Attrs)) :- - put_assoc("from", Attrs, bgp, Attrs2), + put_assoc(from, Attrs, bgp, Attrs2), R = firewall:fw_rule(Host, Attrs2), format("~w", [R]),nl, asserta(R). @@ -108,4 +108,4 @@ fw(Host, Attr) :- hosts:host_config(Remote, RemoteConfig), get_assoc(ip, RemoteConfig, Src), get_assoc(ip, HostConfig, Dst), - utils:to_assoc({src:Src, dst:Dst, family:ip6}, Attr). + utils:to_assoc({src:Src, dst:Dst, family:ip6, port: 179}, Attr). diff --git a/7/firewall.pl b/7/firewall.pl index 7e7b7e7..b1c2a14 100644 --- a/7/firewall.pl +++ b/7/firewall.pl @@ -22,7 +22,7 @@ warning(Msg) :- fw_rule(Host, Attr), - \+ get_assoc("from", Attr, _), + \+ get_assoc(from, Attr, _), format("Missing 'from' on fw_rule for host '~w', ~w", [Host, Attr], Msg). rules_from(From, Rules) :- @@ -30,7 +30,7 @@ rules_from(From, Rules) :- fw_rule(H, Attr), ( fw_rule(H, Attr), - get_assoc("from", Attr, From) + get_assoc(from, Attr, From) ), Rules). @@ -62,10 +62,12 @@ to_csv(Host, Attrs, Row) :- get_opt(family, Attrs, Family), get_opt(src, Attrs, Src), get_opt(dst, Attrs, Dst), - Row = [Host, Family, Src, Dst]. + get_opt(proto, Attrs, Proto), + get_opt(port, Attrs, Port), + Row = [Host, Family, Src, Dst, Proto, Port]. ansible_firewall(File, Host) :- format("ansible_firewall: ~s~n", [File]), findall(Attrs, fw_rule(Host, Attrs), Rules), maplist(to_csv(Host), Rules, Rows), - write_csv(File, frame(['host','family','src','dst'], Rows)). + write_csv(File, frame(['host','family','src','dst', 'port'], Rows)). diff --git a/7/host_vars/hash/firewall.csv b/7/host_vars/hash/firewall.csv new file mode 100644 index 0000000..5fbf83b --- /dev/null +++ b/7/host_vars/hash/firewall.csv @@ -0,0 +1,4 @@ +host,family,src,dst,port +hash,ip6,fdf3:aad9:a885:0b3a::15,fdf3:aad9:a885:0b3a::13,,179 +hash,ip6,fdf3:aad9:a885:0b3a::16,fdf3:aad9:a885:0b3a::13,,179 +hash,ip6,fdf3:aad9:a885:0b3a::1,fdf3:aad9:a885:0b3a::13,,179 \ No newline at end of file diff --git a/7/host_vars/knot/firewall.csv b/7/host_vars/knot/firewall.csv new file mode 100644 index 0000000..5f74bd9 --- /dev/null +++ b/7/host_vars/knot/firewall.csv @@ -0,0 +1,4 @@ +host,family,src,dst,port +knot,ip6,fdf3:aad9:a885:0b3a::16,fdf3:aad9:a885:0b3a::1,,179 +knot,ip6,fdf3:aad9:a885:0b3a::15,fdf3:aad9:a885:0b3a::1,,179 +knot,ip6,fdf3:aad9:a885:0b3a::13,fdf3:aad9:a885:0b3a::1,,179 \ No newline at end of file diff --git a/7/host_vars/kv24ix/firewall.csv b/7/host_vars/kv24ix/firewall.csv new file mode 100644 index 0000000..164bbac --- /dev/null +++ b/7/host_vars/kv24ix/firewall.csv @@ -0,0 +1,3 @@ +host,family,src,dst,port +kv24ix,ip6,fdf3:aad9:a885:0b3a::13,fdf3:aad9:a885:0b3a::16,,179 +kv24ix,ip6,fdf3:aad9:a885:0b3a::1,fdf3:aad9:a885:0b3a::16,,179 \ No newline at end of file diff --git a/7/host_vars/lhn2ix/firewall.csv b/7/host_vars/lhn2ix/firewall.csv new file mode 100644 index 0000000..92b876c --- /dev/null +++ b/7/host_vars/lhn2ix/firewall.csv @@ -0,0 +1,3 @@ +host,family,src,dst,port +lhn2ix,ip6,fdf3:aad9:a885:0b3a::1,fdf3:aad9:a885:0b3a::15,,179 +lhn2ix,ip6,fdf3:aad9:a885:0b3a::13,fdf3:aad9:a885:0b3a::15,,179 \ No newline at end of file -- cgit v1.2.3