One-to-Many self-relationship for Policies: Metapolicy

[herr-mhet]

Environment

• Nautobot version: 1.5.22
• nautobot-plugin-firewall-model version: 1.2.1

Proposed Functionality

Implement an optional One-to-Many relationship for a single policy to many other policies, effectively creating a meta-policy.

Use Case

I use the firewall plugin to generate ACLs that are deployed on my network hardware to filter ingress and egress packets between different VLANs. Since not all VLANs require the same policy rules, I tend to have individual policies per VLAN which differ slightly. In particular, they tend to always have the same "header" rules, followed by VLAN specific rules and ending with the same "footer" rules. If I'd be able to create meta-policies, I could instead create one header and one footer policy, some VLAN-specific policies with very few rules in them and then wrap these up in VLAN-specific meta-policies.

Right now I have the choice of doing this but combine these policies during my deployment (which has the downside of not being able to see all the rules in the excellent Policy Rules View) or have multiple policies that differ slightly in the middle (which has the downside of me needing to change all these policies if I want to change something at the top or bottom (with the added insecurity such an administrative burden comes with)).