netbox-community/netbox-acls 2.0.0

on GitHub

Major Rewrite for NetBox 4.5 and future functionality by @pheus

• API and GraphQL consumers should review changes to assignment, rule, sequence, and port field names before upgrading.
• Test upgrades against representative datasets, especially installations with legacy or inconsistent data. **

Breaking Changes

• Updated compatibility to NetBox 4.5.x and Python 3.12+.
• Replaced ACLInterfaceAssignment with a unified ACLAssignment model. The API route changes from interface-assignments to assignments, GraphQL assignment names were updated, and existing assignment data is migrated.
• Replaced prefix-only rule endpoints (source_prefix / destination_prefix) with generic source / destination relations backed by *_type / *_id.
• Renamed ACL rule field index to sequence.
• Added an ACL family field with IPv4, IPv6, and Dual values and introduced stricter validation for rules and assignments.
• Replaced source_ports / destination_ports on extended ACL rules with source_port_ranges / destination_port_ranges.

New Features

• Added support for assigning a single ACL to multiple devices, virtual chassis, virtual machines, and interfaces through a unified ACLAssignment model.
• Added GraphQL support for assigned_object relations, aligned with the REST API.
• Added an ACL assignments view so an ACL’s applied objects can be inspected directly from the ACL page.
• Added generic source and destination object support for ACL rules across the UI, REST API, and GraphQL. Rules can now reference Prefixes, IP Addresses, IP Ranges, and Aggregates.
• Added NetBox global search support for AccessList, ACLStandardRule, and ACLExtendedRule.
• Added ACL family support with IPv4, IPv6, and Dual values across models, forms, filters, tables, serializers, and GraphQL.
• Added support for the generic IP protocol in extended ACL rules.
• Added support for attached remarks on permit and deny ACL rules.
• Added parent ACL changelog entries for ACL rule changes.
• Added source and destination port range support for extended ACL rules.
• Added normalized serializer helper fields source_port_terms and destination_port_terms.
• Added native owner support to ACL objects.
• Added automatic ACL rule sequence suggestions for new rules.
• Added the rule_sequence_step plugin setting to control the increment used for suggested rule sequences.
• Added BulkEdit support for all editable plugin models.
• Added a read-only preflight migration check for incompatible legacy data before the v2.0 migration chain runs.
• Added a squashed initial migration for fresh installs, consolidating the early schema migration chain.
• Assignment validation is now family-aware, allowing one IPv4 ACL and one IPv6 ACL per interface and direction while rejecting conflicting same-family or dual assignments.
• Forms now use selectors in place of the previous parameter-based approach.
• AccessList.name validation now uses Django’s built-in validate_slug.
• Plugin models now rely on NetBox’s default get_absolute_url() behavior instead of plugin-specific overrides.
• Extended ACL rule handling now uses port ranges as the authoritative representation for source and destination ports.
• Forms, filters, tables, serializers, GraphQL types, and templates were updated to use the new range-based port fields.
• GraphQL filters were updated to replace deprecated Strawberry Django filter decorators and align with current NetBox patterns.
• Linting and formatting were standardized on Ruff.
• Migration performance was improved with bulk operations and by skipping unchanged rules where possible.

Bug Fixes

• Fixed assignment uniqueness handling by enforcing family-aware validation.
• Fixed ACLAssignment cloning so the assigned object reference is preserved.
• Fixed extended-rule migration behavior when only one legacy prefix side is populated.
• Fixed duplicate standalone remark rows sharing a sequence with a permit or deny rule. Attached remarks remain supported.
• Fixed extended-rule port validation to reject non-TCP/UDP port use, out-of-range values, and invalid normalized port range input.
• Fixed OpenAPI schema generation for source_port_terms and destination_port_terms.
• Fixed ACL views to hide unsupported actions such as Import.
• Fixed navigation settings lookup by defaulting top_level_menu to True when the setting is not explicitly configured.
• Migration notes

Notes

• Existing ACL assignments are migrated to the new unified ACLAssignment model.
• Existing prefix-based rule endpoints are migrated to the new generic source / destination relations.
• Existing ACL rule field index is migrated to sequence.
• Existing ACLs are assigned a family value during migration based on their current rules and assignments.
• Existing source_ports / destination_ports data is migrated automatically to source_port_ranges / destination_port_ranges.
• The preflight migration checks ACL name format, orphaned generic foreign key references, and family-related assignment conflicts before schema-changing v2.0 migrations continue.

Other Changes

• Add ACL rule changes to ACL changelog by @alehaa in #272
• Use default absolute model URL by @alehaa in #269
• Use slug validation for AccessList name by @alehaa in #270
• Support Netbox 4.5 by @olemathias in #301

New Contributors

• @alehaa made their first contribution in #272
• @olemathias made their first contribution in #301
• With thanks to @jbrassell for his testing assistance

Full Changelog: 1.9.1...2.0.0