Comments (3)
bvilajol
commented on June 22, 2024
Attached serialization of a custom class 'Service Catalog'. Service Catalog can contain Service Groups, Services and Packets (as builing block for upper objects).
{
"name": "PGR_ITIST07_AVD",
"description": "A Service Catalog Containing 2 complex Service Groups",
"packets": [
"PGR_ITIST07_UDP_53",
"PGR_ITIST07_TCP_700-750",
"PGR_ITIST07_TCP_22",
"PGR_ITIST07_TCP_5000-6000",
"PGR_ITIST07_TCP_21",
"PGR_ITIST07_ICMP_6",
"PGR_ITIST07_UDP_7000-8000",
"PGR_ITIST07_TCP_2000",
"PGR_ITIST07_ICMP_7",
"PGR_ITIST07_TCP_3000",
"PGR_ITIST07_ICMP_8",
"PGR_ITIST07_UDP_67",
"PGR_ITIST07_TCP_9000-10000",
"PGR_ITIST07_IP_51"
],
"inner_packets": [{
"name": "PGR_ITIST07_UDP_53",
"protocol": 17,
"protocol_name": "UDP",
"description": "UDP 53 for DNS",
"icon": "static/PGR_ITIST07_UDP_53.png",
"ports": [
53
]
},
{
"name": "PGR_ITIST07_TCP_700-750",
"protocol": 6,
"protocol_name": "TCP",
"description": null,
"icon": "static/PGR_ITIST07_TCP_700-750.png",
"ports": [
700,
750
]
},
{
"name": "PGR_ITIST07_TCP_22",
"protocol": 6,
"protocol_name": "TCP",
"description": "SSH",
"icon": "static/PGR_ITIST07_TCP_22.png",
"ports": [
22
]
},
{
"name": "PGR_ITIST07_TCP_5000-6000",
"protocol": 6,
"protocol_name": "TCP",
"description": "SFTP Data Ports",
"icon": "static/PGR_ITIST07_TCP_5000-6000.png",
"ports": [
5000,
6000
]
},
{
"name": "PGR_ITIST07_TCP_21",
"protocol": 6,
"protocol_name": "TCP",
"description": "SFTP Control Port",
"icon": "static/PGR_ITIST07_TCP_21.png",
"ports": [
21
]
},
{
"name": "PGR_ITIST07_ICMP_6",
"protocol": 1,
"protocol_name": "Destination network unknown",
"description": "ICMP",
"icon": "static/PGR_ITIST07_ICMP_6.png",
"icmp_code": 6
},
{
"name": "PGR_ITIST07_UDP_7000-8000",
"protocol": 17,
"protocol_name": "UDP",
"description": null,
"icon": "static/PGR_ITIST07_UDP_7000-8000.png",
"ports": [
7000,
8000
]
},
{
"name": "PGR_ITIST07_TCP_2000",
"protocol": 6,
"protocol_name": "TCP",
"description": "A random port for testing",
"icon": "static/PGR_ITIST07_TCP_2000.png",
"ports": [
2000
]
},
{
"name": "PGR_ITIST07_ICMP_7",
"protocol": 1,
"protocol_name": "Destination host unknown",
"description": "ICMP",
"icon": "static/PGR_ITIST07_ICMP_7.png",
"icmp_code": 7
},
{
"name": "PGR_ITIST07_TCP_3000",
"protocol": 6,
"protocol_name": "TCP",
"description": "A random port for testing",
"icon": "static/PGR_ITIST07_TCP_3000.png",
"ports": [
3000
]
},
{
"name": "PGR_ITIST07_ICMP_8",
"protocol": 1,
"protocol_name": "Source host isolated error (military use only)",
"description": "ICMP",
"icon": "static/PGR_ITIST07_ICMP_8.png",
"icmp_code": 8
},
{
"name": "PGR_ITIST07_UDP_67",
"protocol": 17,
"protocol_name": "UDP",
"description": "UDP 67 for",
"icon": "static/PGR_ITIST07_UDP_67.png",
"ports": [
67
]
},
{
"name": "PGR_ITIST07_TCP_9000-10000",
"protocol": 6,
"protocol_name": "TCP",
"description": "A random port for testing",
"icon": "static/PGR_ITIST07_TCP_9000-10000.png",
"ports": [
9000,
10000
]
},
{
"name": "PGR_ITIST07_IP_51",
"protocol": 51,
"protocol_name": "AH Header",
"description": "VPN",
"icon": "static/PGR_ITIST07_IP_51.png"
}
],
"services": [
"PGR_ITIST07_AVDT02RWDC",
"PGR_ITIST07_AVDT12RWDC",
"PGR_ITIST07_AVDT22RWDC",
"PGR_ITIST07_AVD2SCCM",
"PGR_ITIST07_BOGUS"
],
"inner_services": [{
"name": "PGR_ITIST07_AVDT02RWDC",
"description": "Protocols and ports from AVD T0 to RWDC",
"packets": [
"PGR_ITIST07_UDP_53",
"PGR_ITIST07_TCP_700-750",
"PGR_ITIST07_TCP_22",
"PGR_ITIST07_TCP_5000-6000",
"PGR_ITIST07_TCP_21",
"PGR_ITIST07_ICMP_6"
]
},
{
"name": "PGR_ITIST07_AVDT12RWDC",
"description": "Protocols and ports from AVD T1 to RWDC",
"packets": [
"PGR_ITIST07_UDP_53",
"PGR_ITIST07_UDP_7000-8000",
"PGR_ITIST07_TCP_2000",
"PGR_ITIST07_ICMP_7"
]
},
{
"name": "PGR_ITIST07_AVDT22RWDC",
"description": "Protocols and ports from AVD T2 to RWDC",
"packets": [
"PGR_ITIST07_UDP_7000-8000",
"PGR_ITIST07_TCP_3000",
"PGR_ITIST07_ICMP_8"
]
},
{
"name": "PGR_ITIST07_AVD2SCCM",
"description": "Protocols and ports from AVD to SCCM",
"packets": [
"PGR_ITIST07_UDP_7000-8000",
"PGR_ITIST07_UDP_67",
"PGR_ITIST07_TCP_9000-10000",
"PGR_ITIST07_IP_51"
]
},
{
"name": "PGR_ITIST07_BOGUS",
"description": null,
"packets": [
"PGR_ITIST07_UDP_7000-8000",
"PGR_ITIST07_UDP_67"
]
}
],
"groups": [
"PGR_ITIST07_GROUP1",
"PGR_ITIST07_GROUP2"
],
"inner_groups": [{
"name": "PGR_ITIST07_GROUP1",
"parent": null,
"description": "PGR_ITIST07_GROUP1",
"services": [
"PGR_ITIST07_AVD2SCCM",
"PGR_ITIST07_AVDT22RWDC"
],
"packets": [
"PGR_ITIST07_TCP_21",
"PGR_ITIST07_ICMP_6"
]
},
{
"name": "PGR_ITIST07_GROUP2",
"parent": "PGR_ITIST07_GROUP1",
"description": "PGR_ITIST07_GROUP2",
"services": [ ],
"packets": [
"PGR_ITIST07_TCP_3000"
]
}
]
}
from nautobot-app-firewall-models.
whitej6
commented on June 22, 2024
Great idea, will need to review internally on introducing nested groups and what level of sanity validation would be needed from the Django ORM perspective.
from nautobot-app-firewall-models.
bvilajol
commented on June 22, 2024
Hi there, as per now I went deep into two different and quite opposite firewall manufacturer API's. Main focus is to serialize custom objects yet extending a base one (service, address, etc up to ruleset). Implemented. For both cases I could say (testing alternatives) to achive "infinite" levels of inheretance between service and service group is to use same serializer object towards foreign API endpoint: the existance of "members" or similar key within the returned object is the only difference between a service and a service group. Altough this code is not yet into own dev-lab for nauto (azure extension for secrets procider is) there is no problem to share. Btw: what an evolution in 6 month, nice to see!
from nautobot-app-firewall-models.
Related Issues (20)
- Firewall plugin HOT 1
- Offer a rule policy existence checker HOT 2
- Add the "Tenant" field to the "Address Object" model.
- Sorting by Prefix in Address Object view results in error
- `service_objects` Isn't Documented in Swagger/OpenAPI Spec for Service Object Groups Create/POST
- Allow policy rules to have a souce_zone and destination_zone filter field
- Include IP protocol number in IP-based service objects HOT 1
- v2 migration failure
- Wrong URL field in API for Application Object Group
- Use Netutils libmapper for capirca platform.
- Add Aerleon support for generating rules HOT 2
- Docs: Incorrect documentation around slugs in admin install and configure guide
- firewall plugins - capirca policies - Missing views for action(s) add
- default job "Generate FW Config via Capirca" issue
- server error on device after running "Generate FW Config via Capirca" job
- another server error on device after running "Generate FW Config via Capirca" job
- AttributeError in running Generate FW Config via Capirca job
- Add M2M pre_change signal to `Policy.policy_rules` & signal for `PolicyRule.index` to enforce uniqueness on index of rules in a single policy
- More flexibly link zones to addresses/subnet/prefixes
- Server Error on policy when assigned to dynamic group
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nautobot-app-firewall-models.