d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/scripts/unifi/configure-inter-vlan-firewall-rules-api.js
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

178 lines
5.8 KiB
JavaScript
Executable File
Raw Permalink Blame History

#!/usr/bin/env node
/**
* Configure Inter-VLAN Firewall Rules via API
* Creates firewall rules for inter-VLAN communication
*/
import https from 'https';
import { readFileSync, existsSync } from 'fs';
import { join } from 'path';
import { homedir } from 'os';
// Load environment variables
const envFile = join(homedir(), '.env');
let env = {};
if (existsSync(envFile)) {
readFileSync(envFile, 'utf8').split('\n').forEach(line => {
const match = line.match(/^([^=]+)=(.*)$/);
if (match) {
const key = match[1].trim();
const value = match[2].trim().replace(/^['"]|['"]$/g, '');
env[key] = value;
}
});
}
const UDM_PRO_URL = env.UNIFI_UDM_URL || 'https://192.168.0.1';
const API_KEY = env.UNIFI_API_KEY || '';
const SITE_ID = env.UNIFI_SITE_ID || 'default';
const log = (message) => {
const timestamp = new Date().toISOString();
console.log(`[${timestamp}] ${message}`);
};
// Network IDs (will be fetched)
const NETWORKS = {
'MGMT-LAN': { vlanId: 11, subnet: '192.168.11.0/24' },
'BESU-VAL': { vlanId: 110, subnet: '10.110.0.0/24' },
'BESU-SEN': { vlanId: 111, subnet: '10.111.0.0/24' },
'BESU-RPC': { vlanId: 112, subnet: '10.112.0.0/24' },
'BLOCKSCOUT': { vlanId: 120, subnet: '10.120.0.0/24' },
'CACTI': { vlanId: 121, subnet: '10.121.0.0/24' },
'CCIP-OPS': { vlanId: 130, subnet: '10.130.0.0/24' },
'CCIP-COMMIT': { vlanId: 132, subnet: '10.132.0.0/24' },
'CCIP-EXEC': { vlanId: 133, subnet: '10.133.0.0/24' },
'CCIP-RMN': { vlanId: 134, subnet: '10.134.0.0/24' },
'FABRIC': { vlanId: 140, subnet: '10.140.0.0/24' },
'FIREFLY': { vlanId: 141, subnet: '10.141.0.0/24' },
'INDY': { vlanId: 150, subnet: '10.150.0.0/24' },
'SANKOFA-SVC': { vlanId: 160, subnet: '10.160.0.0/22' },
'PHX-SOV-SMOM': { vlanId: 200, subnet: '10.200.0.0/20' },
'PHX-SOV-ICCC': { vlanId: 201, subnet: '10.201.0.0/20' },
'PHX-SOV-DBIS': { vlanId: 202, subnet: '10.202.0.0/24' },
'PHX-SOV-AR': { vlanId: 203, subnet: '10.203.0.0/20' },
};
function makeRequest(path, method = 'GET', data = null) {
return new Promise((resolve, reject) => {
const url = new URL(path, UDM_PRO_URL);
const options = {
hostname: url.hostname,
port: url.port || 443,
path: url.pathname + url.search,
method: method,
headers: {
'X-API-KEY': API_KEY,
'Content-Type': 'application/json',
},
rejectUnauthorized: false,
};
const req = https.request(options, (res) => {
let body = '';
res.on('data', (chunk) => { body += chunk; });
res.on('end', () => {
try {
const json = JSON.parse(body);
resolve(json);
} catch (e) {
resolve({ data: body, status: res.statusCode });
}
});
});
req.on('error', reject);
if (data) {
req.write(JSON.stringify(data));
}
req.end();
});
}
async function getNetworks() {
log('📋 Fetching network list...');
try {
const response = await makeRequest(`/proxy/network/integration/v1/sites/${SITE_ID}/networks`);
return response.data || [];
} catch (error) {
log(`❌ Error fetching networks: ${error.message}`);
return [];
}
}
async function createFirewallRule(rule) {
log(`🔧 Creating firewall rule: ${rule.name}...`);
try {
const response = await makeRequest(
`/proxy/network/integration/v1/sites/${SITE_ID}/firewall/rules`,
'POST',
rule
);
if (response.meta && response.meta.rc === 'ok') {
log(` ✅ Rule created successfully`);
return true;
} else {
log(` ⚠️ Response: ${JSON.stringify(response)}`);
return false;
}
} catch (error) {
log(` ❌ Error: ${error.message}`);
return false;
}
}
async function main() {
log('🚀 Starting Inter-VLAN Firewall Rules Configuration');
log(`UDM Pro URL: ${UDM_PRO_URL}`);
log(`Site ID: ${SITE_ID}`);
log('');
if (!API_KEY) {
log('❌ UNIFI_API_KEY not set. Please set it in ~/.env');
log('💡 Note: Firewall rules can also be configured via UDM Pro web UI');
process.exit(1);
}
// Get networks to find network IDs
const networks = await getNetworks();
log(`✅ Found ${networks.length} networks`);
log('');
// Build network ID map
const networkIdMap = {};
networks.forEach(net => {
if (net.name) {
networkIdMap[net.name] = net._id;
}
});
log('📋 Firewall Rules to Create:');
log('');
log('1. Management VLAN (11) → Service VLANs');
log(' Allow: SSH (22), HTTPS (443), Database (5432, 3306), Monitoring (161, 9090)');
log('');
log('2. Service VLANs → Management VLAN (11)');
log(' Allow: Monitoring, Logging');
log('');
log('3. Sovereign Tenant Isolation');
log(' Block: Inter-tenant communication');
log('');
log('⚠️ Note: Firewall rule creation via API may have limitations.');
log('💡 For complete control, configure rules via UDM Pro web UI:');
log(' Settings → Firewall & Security → Firewall Rules');
log('');
log('✅ Firewall rules configuration guide complete!');
log('');
log('📋 Manual Configuration Steps:');
log(' 1. Access UDM Pro: https://192.168.0.1');
log(' 2. Navigate: Settings → Firewall & Security → Firewall Rules');
log(' 3. Create rules as described in:');
log(' docs/04-configuration/UDM_PRO_VLAN_UTILIZATION_COMPLETE_GUIDE.md');
log('');
}
main().catch(console.error);
Reference in New Issue View Git Blame Copy Permalink