Include IP protocol number in IP-based service objects

Question

Include IP protocol number in IP-based service objects

mroe1234 opened this issue a year ago · comments

Environment

Nautobot version: 1.5
nautobot-plugin-firewall-model version: 1.2.1

Within the service_object model, there is a rather complete selection of IANA IP Protocol options. However, only the human-readable name of the protocol seems to be available in the data model, and not the actual IP protocol number. When automating firewall rules, some firewalls need the actual protocol number (ESP = 50, etc.).

Rather than adding additional lookup to the glue scripts, it seems simple and prudent to add this additional data as a field. Something like

      {
        "id": "2cbdfc0d-d108-4c7c-8f3f-ddda7b9f60ca",
        "name": "ESP",
        "ip_protocol": "ESP",
        "ip_protocol_number": 50,
      }

Granted to be pedantic it might be more correct to do:

      {
        "id": "2cbdfc0d-d108-4c7c-8f3f-ddda7b9f60ca",
        "name": "ESP",
        "ip_protocol_name": "ESP",
        "ip_protocol_number": 50,
      }

but I understand that renaming ip_protocol to ip_protocol_name would be much more disruptive than just adding a field. Additionally, the IP protocol should be exposed as a model itself and thus allow it to be customized.

Ken Celenza · Answer 1 · Thu Sep 28 2023 00:27:26 GMT+0800 (China Standard Time)

"All" that is needed is a property here: https://github.com/nautobot/nautobot-plugin-firewall-models/blob/d31ed36dea96025589e52b1d81eefce7e10bcc26/nautobot_firewall_models/models/service.py#L164

    @property
    def ip_protocol_number(self):
        return PROTO_NAME_TO_NUM[self.ip_protocol]

You would have to extend to the serializer and template, but that should roughly do what you are asking for.