"""
.. versionadded:: 0.5.6
Requires engine version >=6.3, SMC >=6.3
Interface Policies are applied at the engine level when layer 3 single
FW's or cluster layer 3 FW's have layer 2 interfaces. The configuration
is identical to creating Layer 2 Rules for layer 2 or IPS engines.
"""
from smc.base.collection import rule_collection
from smc.policy.policy import Policy
from smc.policy.rule import IPv4Layer2Rule, EthernetRule
from smc.api.exceptions import ElementNotFound, LoadPolicyFailed,\
CreateElementFailed, CreatePolicyFailed
from smc.base.model import ElementCreator
[docs]class InterfaceRule(object):
"""
Layer 2 Interface Rules are the same as Layer 2 FW/IPS rules.
"""
@property
def layer2_ipv4_access_rules(self):
"""
Layer2 IPv4 access rule
:rtype: rule_collection(IPv4Layer2Rule)
"""
return rule_collection(
self.get_relation('l2_interface_ipv4_access_rules'),
IPv4Layer2Rule)
@property
def layer2_ipv6_access_rules(self):
"""
Layer 2 IPv6 access rule
"""
# l2_interface_ipv6_access_rules
# return create_collection(self.layer2_ipv6_access_rules)
pass
@property
def layer2_ethernet_rules(self):
"""
Layer 2 Ethernet access rule
:rtype: rule_collection(EthernetRule)
"""
return rule_collection(
self.get_relation('l2_interface_ethernet_rules'),
EthernetRule)
[docs]class InterfacePolicy(InterfaceRule, Policy):
"""
Layer 2 Interface Policy represents a set of rules applied to layer 2
interfaces installed on a single or cluster layer 3 FW. Set the interface
policy on the engine properties.
Interface policies do not have inspection policies and instead inherit
from the engines primary policy.
Instance Resources:
:ivar layer2_ipv4_access_rules: :py:class:`~Layer2Rule.layer2_ipv4_access_rules`
:ivar layer2_ipv6_access_rules: :py:class:`~Layer2Rule.layer2_ipv6_access_rules`
:ivar layer2_ethernet_rules: :py:class:`~Layer2Rule.layer2_ethernet_rules`
"""
typeof = 'l2_interface_policy'
[docs] @classmethod
def create(cls, name, template):
"""
Create a new Layer 2 Interface Policy.
:param str name: name of policy
:param str template: name of the FW template to base policy on
:raises LoadPolicyFailed: cannot find policy by name
:raises CreatePolicyFailed: cannot create policy with reason
:return: Layer2InterfacePolicy
"""
try:
fw_template = InterfaceTemplatePolicy(template).href
except ElementNotFound:
raise LoadPolicyFailed(
'Cannot find specified layer2 firewall template: {}'
.format(template))
json = {
'name': name,
'template': fw_template}
try:
return ElementCreator(cls, json)
except CreateElementFailed as err:
raise CreatePolicyFailed(err)
[docs] def inspection_policy(self): pass
[docs]class InterfaceTemplatePolicy(InterfaceRule, Policy):
"""
Interface Template Policy. Required when creating a new
Interface Policy. Useful for containing global rules or
best practice configurations which will be inherited by
the assigned policy.
::
print(list(InterfaceTemplatePolicy.objects.all())
"""
typeof = 'l2_interface_template_policy'
[docs] def inspection_policy(self): pass
[docs] def upload(self): pass # Not supported on the template