feat(pydantic): Add ZoneEntries
This commit is contained in:
parent
e827d4b1c6
commit
7e5608081d
GPG key ID:
F46CAAD27C7AB0D5
2 changed files with 29 additions and 16 deletions
30
example.yaml
30
example.yaml
|
|
@ -2,23 +2,23 @@
|
|||
zones:
|
||||
- name: users-internet-allowed
|
||||
include:
|
||||
- rules.yaml
|
||||
files: [example.yaml]
|
||||
|
||||
- name: mgmt
|
||||
include:
|
||||
- 10.203.0.0/16
|
||||
addrs: [10.203.0.0/16]
|
||||
|
||||
- name: adm
|
||||
include:
|
||||
- 2a09:6840::/29
|
||||
- 10.128.0.0/16
|
||||
addrs: [2a09:6840::/29, 10.128.0.0/16]
|
||||
|
||||
- name: internet
|
||||
exclude:
|
||||
- adm
|
||||
- mgmt
|
||||
zones: [adm, mgmt]
|
||||
|
||||
blacklist:
|
||||
enabled: true
|
||||
addr:
|
||||
- 0.0.0.0
|
||||
addr: [0.0.0.0]
|
||||
|
||||
reverse_path_filter:
|
||||
enabled: true
|
||||
|
|
@ -27,11 +27,13 @@ filter:
|
|||
input:
|
||||
- iif: lo
|
||||
verdict: accept
|
||||
|
||||
- src: mgmt
|
||||
protocols:
|
||||
tcp:
|
||||
dport: [22, 240..242]
|
||||
verdict: accept
|
||||
|
||||
- src: backbone
|
||||
protocols:
|
||||
ospf: true
|
||||
|
|
@ -39,27 +41,33 @@ filter:
|
|||
tcp:
|
||||
dport: [179]
|
||||
verdict: accept
|
||||
|
||||
- protocols:
|
||||
icmp: true
|
||||
verdict: accept
|
||||
|
||||
output:
|
||||
- verdict: accept
|
||||
|
||||
forward:
|
||||
- src: interco-crans
|
||||
verdict: accept
|
||||
|
||||
- src: users-internet-allowed
|
||||
protocols:
|
||||
tcp:
|
||||
dport: [25]
|
||||
verdict: drop
|
||||
|
||||
- src: users-internet-allowed
|
||||
dest:
|
||||
- internet
|
||||
- 10.0.0.1
|
||||
addrs: [10.0.0.1]
|
||||
zones: [internet]
|
||||
verdict: accept
|
||||
|
||||
nat:
|
||||
- src: mgmt
|
||||
- src:
|
||||
zones: [mgmt]
|
||||
snat:
|
||||
addr: 45.66.108.14
|
||||
persistent: true
|
||||
|
|
|
|||
15
nftables.py
15
nftables.py
|
|
@ -1,6 +1,5 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
from __future__ import annotations
|
||||
from argparse import ArgumentParser, FileType
|
||||
from enum import Enum
|
||||
from pydantic import (
|
||||
|
|
@ -49,10 +48,16 @@ class ZoneName(str):
|
|||
pass
|
||||
|
||||
|
||||
class ZoneEntries(RestrictiveBaseModel):
|
||||
addrs: list[IPvAnyNetwork] | None
|
||||
files: list[FilePath] | None
|
||||
zones: list[ZoneName] | None
|
||||
|
||||
|
||||
class Zone(RestrictiveBaseModel):
|
||||
name: ZoneName
|
||||
exclude: list[IPvAnyNetwork | ZoneName | FilePath] | None
|
||||
include: list[IPvAnyNetwork | ZoneName | FilePath] | None
|
||||
exclude: ZoneEntries | None
|
||||
include: ZoneEntries | None
|
||||
|
||||
@root_validator()
|
||||
def validate_mutually_exactly_one(cls, values):
|
||||
|
|
@ -110,7 +115,7 @@ class Rule(RestrictiveBaseModel):
|
|||
|
||||
|
||||
class ForwardRule(Rule):
|
||||
dest: ZoneName | list[IPvAnyNetwork | ZoneName | FilePath] | None
|
||||
dest: ZoneEntries | None
|
||||
|
||||
|
||||
class Filter(RestrictiveBaseModel):
|
||||
|
|
@ -126,7 +131,7 @@ class SNat(RestrictiveBaseModel):
|
|||
|
||||
|
||||
class Nat(RestrictiveBaseModel):
|
||||
src: ZoneName | list[IPvAnyNetwork | ZoneName | FilePath] | None
|
||||
src: ZoneEntries | None
|
||||
snat: SNat
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue