Skip to main content

A NetBox plugin for documenting network security policy: rulebooks, zones, and NSM object links

Project description

netbox-nsm

NetBox plugin for security policy documentation (zones, rulebooks, object links).
No firewall push — inventory and policy only.

⚠️ Work in progress — Not recommended for production use yet. Breaking changes possible (e.g. 0.4.5 permission migration).

Status: NetBox: 4.5–4.6 · Plugin: 0.4.7 · Requires: netbox-custom-objects

Features

  • Security Panel on prefix, IP, device, VM, custom objects — + Assign for zones, addresses, …
  • Rulebooks with flexible columns (zones, addresses, labels, …)
  • Rules — table, grouping, zone matrix
  • IP Analyzer — address resolution via the IP Analyzer applet on rule pages (loupe icon)
  • Object Analyzer — graph from any NetBox object
  • Object Report — daily background audit of NSM addresses/groups (status, duplicates, orphans, groups), TOML export

Screenshots

Setup — import COT types and run demos:

Setup wizard

Object config — nsm_config per COT type:

Object config

Rulebooks list and detail (fields, enforcement targets):

Rulebooks

Rulebook detail

Rules tab — zone grouping (Starter demo, 62.5k rules) and address-based rules:

Rules by zone

Rules by address

Zone matrix — permit/deny between zones:

Zone matrix

IP Analyzer — destination tree with merge/diff:

IP Analyzer

Installation

pip install netbox-nsm
PLUGINS = ["netbox_custom_objects", "netbox_nsm"]

PLUGINS_CONFIG = {
    "netbox_nsm": {
        "menu_label": "Security",
        "panel_label": "Security",
        "setup_menu": True,
        "setup_allow_destructive_actions": True,  # demos only; disable in prod
        # Optional: Jinja2 address naming — see docs/address_name_templates.md
        # "address_name_templates": [
        #     {"template": "h-{ipam>ip}", "match": "host"},
        #     {"template": "n-{ipam>prefix>network}-{ipam>prefix>cidr}", "match": "prefix"},
        # ],
    },
}
./manage.py migrate netbox_custom_objects --no-input
./manage.py migrate netbox_nsm --no-input

First run

Security → Configuration → Setup§2 Custom Object Schema (import the built-in nsm_* COT types; nsm_config is written into each type's comments), then optional §3 Demo (Starter demo).

Then: open a prefix → Security Panel → + Assign → zone. Rulebooks under Security → Rulebooks.

Details: docs/using_netbox_nsm.md

API

/api/plugins/netbox-nsm/nsm-configs/<slug>/, object-links/, ip-analyzer/
Rules and policy objects: netbox-custom-objects API.

Demos

Demo Where Notes
Starter Setup §4 Sync; recommended — zone matrix + addresses schema
Enterprise DC Setup §4 Empty IPAM DB only
Zone / Address demos Setup → Bundles (Preview → Apply) JSON portable schema only

Documentation

File Topic
docs/using_netbox_nsm.md Operations
docs/DATABASE.md PostgreSQL tables
docs/RULE_DATA_STORAGE.md UI vs DB data model
docs/object_report.md Daily object report: job, checks, scaling
ARCHITECTURE.md Code (developers)
CHANGELOG.md Versions

License

LICENSE

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

netbox_nsm-0.4.8.tar.gz (510.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

netbox_nsm-0.4.8-py3-none-any.whl (669.5 kB view details)

Uploaded Python 3

File details

Details for the file netbox_nsm-0.4.8.tar.gz.

File metadata

  • Download URL: netbox_nsm-0.4.8.tar.gz
  • Upload date:
  • Size: 510.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for netbox_nsm-0.4.8.tar.gz
Algorithm Hash digest
SHA256 03bfdc9b8ebabde6b5eaad50412b9324fac18b3b21e8bccd7e2487550df8ffeb
MD5 c319c0600b27543e0fdbe21d2119514e
BLAKE2b-256 cbeb4c3d745f672c8c354258309a29ef9a303d986b9a12a71ef6b866beb20e4b

See more details on using hashes here.

Provenance

The following attestation bundles were made for netbox_nsm-0.4.8.tar.gz:

Publisher: publish.yml on christianbur/netbox-nsm

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file netbox_nsm-0.4.8-py3-none-any.whl.

File metadata

  • Download URL: netbox_nsm-0.4.8-py3-none-any.whl
  • Upload date:
  • Size: 669.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for netbox_nsm-0.4.8-py3-none-any.whl
Algorithm Hash digest
SHA256 404bc850215ac3fcc3384d772c5798663e278d42c56052cb029339d3fb9ada00
MD5 192d8906cf2ea1cbb3b0cfe474cd5060
BLAKE2b-256 2c811f498f7f1027af3aa03d44f38540f582b9edd181895d4dc40c7c2e42fda1

See more details on using hashes here.

Provenance

The following attestation bundles were made for netbox_nsm-0.4.8-py3-none-any.whl:

Publisher: publish.yml on christianbur/netbox-nsm

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page