move rule merging to python plugin

2021-09-25 15:58:57 +02:00 · 2021-09-25 15:58:57 +02:00 · d83605dca8
commit d83605dca8
parent fb6e4ad1df
2 changed files with 26 additions and 11 deletions
--- a/filter_plugins/filters.py
+++ b/filter_plugins/filters.py
@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+import collections
+
+class FilterModule(object):
+	def filters(self):
+		return {
+				'expand_nft_rules': self.expand_nft_rules
+			}
+
+	def expand_nft_rules(self, input_rules, rule_defaults):
+		rules = []
+		for rule_name in input_rules:
+			rule = {
+					'name': rule_name,
+					'comment': rule_name,
+				}
+			for override in rule_defaults:
+				rule.update(override)
+			if not isinstance(input_rules[rule_name], collections.Mapping):
+				rule['matches'] = input_rules[rule_name]
+			else:
+				rule.update(input_rules[rule_name])
+			rules.append(rule)
+		return rules
--- a/templates/nftables.conf.j2
+++ b/templates/nftables.conf.j2
@ -6,17 +6,8 @@
 {% endmacro %}

 {%- macro nftchain(name) -%}
-	{% set chain_rules = [] %}
-	{% for i in firewall.chains[name] %}
-		{% if not firewall.chains[name][i] is mapping %}
-			{% set tmprule = { 'matches': firewall.chains[name][i] }%}
-		{% else %}
-			{% set tmprule = firewall.chains[name][i] %}
-		{% endif%}
-		{% set rule = {}|combine(firewall.defaults.all, firewall.defaults[name], {'comment': i}, tmprule, recursive=True) %}{{ chain_rules.append(rule) }}
-	{% endfor %}
-	{% for rule in chain_rules|sort(attribute='priority') %}
-	{{ nftrule(rule) }}
+	{% for rule in firewall.chains[name]|expand_nft_rules([firewall.defaults.all, firewall.defaults[name]])|sort(attribute='priority') %}
+		{{ nftrule(rule) }}
 	{% endfor %}
 {% endmacro%}