mirror/jerikan-network-cmdb
1
0
Fork 0
mirror of https://github.com/jerikan-network/cmdb.git synced 2024-05-06 04:54:50 +00:00
Code Activity

[templates] IOSXR access-list should be numbered to not keep changing

Browse Source
This commit is contained in:
Vincent Bernat
2021-05-21 20:03:56 +02:00
parent 6fe6a0d997
commit eb43cf19d2
2 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
templates/iosxr/base.j2
View File

@@ -31,22 +31,24 @@ lldp
ipv4 access-list ACL-INTERNET-IN-V4
{% for rule in lookup("system", "firewall") | default([], true) %}
{% if rule.protocol is not defined %}
{{ rule.action }} ipv4 {{ rule.src | default("any") }} {{ rule.dst | default("any") }}
{{ loop.index0 * 10 + 100 }} {{ rule.action }} ipv4 {{ rule.src | default("any") }} {{ rule.dst | default("any") }}
{% else %}
{{ rule.action }} {{ rule.protocol }} {{ rule.src | default("any") }} {% if rule.sport is defined %} eq {{ rule.sport }}{% endif %} {{ rule.dst | default("any") }} {% if rule.dport is defined %} eq {{ rule.dport }}{% endif %}
{{ loop.index0 * 10 + 100 }} {{ rule.action }} {{ rule.protocol }} {{ rule.src | default("any") }} {% if rule.sport is defined %} eq {{ rule.sport }}{% endif %} {{ rule.dst | default("any") }} {% if rule.dport is defined %} eq {{ rule.dport }}{% endif %}
{% endif %}
{% if loop.last %}
{{ loop.index0 * 10 + 110 }} permit ipv4 any any
{% endif %}
{% endfor %}
permit ipv4 any any
!
ipv4 access-list ACL-SNMP
{% if "edge" in groups and lookup("system", "sampling").type is not none %}
permit ipv4 {{ lookup("system", "sampling")["snmp-prefix"] }} any
100 permit ipv4 {{ lookup("system", "sampling")["snmp-prefix"] }} any
{% endif %}
!
snmp-server vrf VRF-MANAGEMENT
snmp-server community {{ lookup("system", 'snmp')["ro-community"] }} RO IPv4 ACL-SNMP
snmp-server contact Blade Network team <someone@example.com>
snmp-server contact Blade Network team <noc@blade-group.com>
snmp-server location {{ lookup("system", "datacenter") }}, {{ lookup("system", "country") }}
snmp-server ifindex persist
!

4
templates/iosxr/ssh.j2
View File

@@ -1,9 +1,9 @@
ipv4 access-list ACL-SSH
{% if lookup("topology", "addresses").main is defined %}
permit ipv4 {{ lookup('topology', 'addresses').main | ipaddr('subnet') }} any
100 permit ipv4 {{ lookup('topology', 'addresses').main | ipaddr('subnet') }} any
{% endif %}
{% for items, prefix in lookup('topology', 'acl-addresses').admin.items() %}
permit ipv4 {{ prefix }} any
{{ loop.index0 * 10 + 110 }} permit ipv4 {{ prefix }} any
{% endfor %}
!
{% for user, value in lookup("system", "users").items() if user != "blade" %}