Skip to content
Snippets Groups Projects
Commit fe37ef36 authored by Aleksandr Kurbatov's avatar Aleksandr Kurbatov
Browse files

Merge branch 'feature/nat-704-pe-cpm-fw' into 'develop' 

FW_filters template reworked

See merge request !159
parents d0fa6e83 483da56e
No related branches found
No related tags found
1 merge request!159FW_filters template reworked
Pipeline #88188 passed
Stage: linting
Hide whitespace changes
Inline Side-by-side
geant/gap_ansible/roles/base_config/tasks/merge_variables.yaml
+ 12
0
View file @ fe37ef36
...@@ -27,3 +27,15 @@ ...@@ -27,3 +27,15 @@
- name: Merge Nokia CPM filters - name: Merge Nokia CPM filters
ansible.builtin.set_fact: ansible.builtin.set_fact:
cpm_filters: "{{ lookup('community.general.merge_variables', 'cpmf__to_merge', pattern_type='suffix') }}" cpm_filters: "{{ lookup('community.general.merge_variables', 'cpmf__to_merge', pattern_type='suffix') }}"
- name: Prepare PE-specific vars
when: promote_to_pe | ansible.builtin.bool # FIX: check the exact verb / keyword
block:
- name: Merge Nokia PE CPM filters
ansible.builtin.set_fact:
pe_cpm: "{{ lookup('community.general.merge_variables', 'cpm_pe__to_merge') }}"
- name: Combine P and PE CPM filters
ansible.builtin.set_fact:
cpm_filters: "{{ [cpm_filters, pe_cpm] | community.general.lists_mergeby('family',
list_merge='append') }}"
geant/gap_ansible/roles/base_config/templates/routers/nokia/filters/fw_filters.j2
+ 61
4
View file @ fe37ef36
...@@ -17,10 +17,16 @@ ...@@ -17,10 +17,16 @@
<admin-state>{{ filter.admin_state }}</admin-state> <admin-state>{{ filter.admin_state }}</admin-state>
{% endif %} {% endif %}
{% for term in filter.terms %} {% for term in filter.terms %}
{% if term.offset is defined %}
{% set ns3 = namespace(entry_id = term.offset | int) %}
{% endif %}
{% if term.from is not defined %} {% if term.from is not defined %}
<entry> <entry>
<entry-id>{{ ns3.entry_id }}</entry-id> <entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description> <description>{{ term.name }}</description>
{% if term.log is defined %}
<log>{{ term.log }}</log>
{% endif %}
<action> <action>
<{{term.action}}></{{term.action}}> <{{term.action}}></{{term.action}}>
</action> </action>
...@@ -29,10 +35,13 @@ ...@@ -29,10 +35,13 @@
{% if term.from is defined %} {% if term.from is defined %}
{# This is the case for TCP_ESTABLISHED #} {# This is the case for TCP_ESTABLISHED #}
{% if term.from.protocol == "tcp" and term.from.tcp_flag is defined %} {% if term.from.protocol is defined and term.from.protocol == "tcp" and term.from.tcp_flag is defined %}
<entry> <entry>
<entry-id>{{ ns3.entry_id }}</entry-id> <entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description> <description>{{ term.name }}</description>
{% if term.log is defined %}
<log>{{ term.log }}</log>
{% endif %}
<match> <match>
{% if filter.family == "ipv4" %} {% if filter.family == "ipv4" %}
<protocol>{{ term.from.protocol }}</protocol> <protocol>{{ term.from.protocol }}</protocol>
...@@ -50,11 +59,14 @@ ...@@ -50,11 +59,14 @@
{% set ns3.entry_id = ns3.entry_id + 10 %} {% set ns3.entry_id = ns3.entry_id + 10 %}
{% endif %} {% endif %}
{# This is to cover CPM-ipv6 ND case where dst_prefix_list is defined, but not src_prefix_list #} {# This is to cover CPM-ipv6 ND case where dst_prefix_list is defined, but not src_prefix_list #}
{% if term.from.protocol == "ipv6-icmp" and term.from.dst_prefix_list is defined %} {% if term.from.protocol is defined and term.from.protocol == "ipv6-icmp" and term.from.dst_prefix_list is defined %}
{% for dst_prefix_list_item in term.from.dst_prefix_list %} {% for dst_prefix_list_item in term.from.dst_prefix_list %}
<entry> <entry>
<entry-id>{{ ns3.entry_id }}</entry-id> <entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description> <description>{{ term.name }}</description>
{% if term.log is defined %}
<log>{{ term.log }}</log>
{% endif %}
<match> <match>
<next-header>{{ term.from.protocol }}</next-header> <next-header>{{ term.from.protocol }}</next-header>
<dst-ip> <dst-ip>
...@@ -69,12 +81,15 @@ ...@@ -69,12 +81,15 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{# Generic ICMP filters with ICMP types #} {# Generic ICMP filters with ICMP types #}
{% if term.from.protocol == "icmp" or term.from.protocol == "ipv6-icmp" %} {% if term.from.protocol is defined and (term.from.protocol == "icmp" or term.from.protocol == "ipv6-icmp") %}
{% if term.from.icmp_types is defined %} {% if term.from.icmp_types is defined %}
{% for icmp_type in term.from.icmp_types %} {% for icmp_type in term.from.icmp_types %}
<entry> <entry>
<entry-id>{{ ns3.entry_id }}</entry-id> <entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description> <description>{{ term.name }}</description>
{% if term.log is defined %}
<log>{{ term.log }}</log>
{% endif %}
<match> <match>
{% if filter.family == "ipv4" %} {% if filter.family == "ipv4" %}
<protocol>{{ term.from.protocol }}</protocol> <protocol>{{ term.from.protocol }}</protocol>
...@@ -94,10 +109,13 @@ ...@@ -94,10 +109,13 @@
{% endif %} {% endif %}
{% endif %} {% endif %}
{# Case when only need to match on protocol, e.g. PIM #} {# Case when only need to match on protocol, e.g. PIM #}
{% if term.from.protocol == 'pim' %} {% if term.from.protocol is defined and term.from.protocol == 'pim' %}
<entry> <entry>
<entry-id>{{ ns3.entry_id }}</entry-id> <entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description> <description>{{ term.name }}</description>
{% if term.log is defined %}
<log>{{ term.log }}</log>
{% endif %}
<match> <match>
{% if filter.family == "ipv4" %} {% if filter.family == "ipv4" %}
<protocol>{{ term.from.protocol }}</protocol> <protocol>{{ term.from.protocol }}</protocol>
...@@ -120,6 +138,9 @@ ...@@ -120,6 +138,9 @@
<entry> <entry>
<entry-id>{{ ns3.entry_id }}</entry-id> <entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description> <description>{{ term.name }}</description>
{% if term.log is defined %}
<log>{{ term.log }}</log>
{% endif %}
<match> <match>
{% if term.from.protocol is defined %} {% if term.from.protocol is defined %}
{% if filter.family == "ipv4" %} {% if filter.family == "ipv4" %}
...@@ -155,6 +176,9 @@ ...@@ -155,6 +176,9 @@
<entry> <entry>
<entry-id> {{ ns3.entry_id }} </entry-id> <entry-id> {{ ns3.entry_id }} </entry-id>
<description>{{ term.name }}</description> <description>{{ term.name }}</description>
{% if term.log is defined %}
<log>{{ term.log }}</log>
{% endif %}
<match> <match>
{% if term.from.protocol is defined %} {% if term.from.protocol is defined %}
{% if filter.family == "ipv4" %} {% if filter.family == "ipv4" %}
...@@ -180,6 +204,39 @@ ...@@ -180,6 +204,39 @@
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{# Case where only DST prefix list is defined #}
{% if term.from.dst_prefix_list is defined %}
{% for dst_prefix_list_item in term.from.dst_prefix_list %}
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description>
{% if term.log is defined %}
<log>{{ term.log }}</log>
{% endif %}
<match>
{% if term.from.protocol is defined %}
{% if filter.family == "ipv4" %}
<protocol>{{term.from.protocol}}</protocol>
{% else %}
<next-header>{{ term.from.protocol }}</next-header>
{% endif %}
{% endif %}
{% include 'port_list_entries.j2' %}
<dst-ip>
{% if filter.family == "ipv4" %}
<ip-prefix-list>{{term.from.dst_prefix_list[loop.index0]}}</ip-prefix-list>
{% else %}
<ipv6-prefix-list>{{term.from.dst_prefix_list[loop.index0]}}</ipv6-prefix-list>
{% endif %}
</dst-ip>
</match>
{% set ns3.entry_id = ns3.entry_id + 10 %}
<action>
<{{term.action}}></{{term.action}}>
</action>
</entry>
{% endfor %}
{% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{# Terms end #} {# Terms end #}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment