diff options
Diffstat (limited to 'data/templates')
-rw-r--r-- | data/templates/accel-ppp/ipoe.config.j2 | 2 | ||||
-rw-r--r-- | data/templates/accel-ppp/pppoe.config.j2 | 2 | ||||
-rwxr-xr-x[-rw-r--r--] | data/templates/firewall/nftables.j2 | 6 | ||||
-rw-r--r-- | data/templates/ids/suricata.j2 | 2 |
4 files changed, 7 insertions, 5 deletions
diff --git a/data/templates/accel-ppp/ipoe.config.j2 b/data/templates/accel-ppp/ipoe.config.j2 index 9729b295e..81f63c53b 100644 --- a/data/templates/accel-ppp/ipoe.config.j2 +++ b/data/templates/accel-ppp/ipoe.config.j2 @@ -56,7 +56,7 @@ verbose=1 {% set relay = ',' ~ 'relay=' ~ iface_config.external_dhcp.dhcp_relay if iface_config.external_dhcp.dhcp_relay is vyos_defined else '' %} {% set giaddr = ',' ~ 'giaddr=' ~ iface_config.external_dhcp.giaddr if iface_config.external_dhcp.giaddr is vyos_defined else '' %} {{ tmp }},{{ shared }}mode={{ iface_config.mode | upper }},ifcfg=1,{{ range }}start=dhcpv4,ipv6=1{{ relay }}{{ giaddr }} -{% if iface_config.vlan is vyos_defined %} +{% if iface_config.vlan_mon is vyos_defined %} vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }} {% endif %} {% endfor %} diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2 index 73ffe0963..beab46936 100644 --- a/data/templates/accel-ppp/pppoe.config.j2 +++ b/data/templates/accel-ppp/pppoe.config.j2 @@ -61,7 +61,9 @@ interface={{ iface }} {% for vlan in iface_config.vlan %} interface=re:^{{ iface }}\.{{ vlan | range_to_regex }}$ {% endfor %} +{% if iface_config.vlan_mon is vyos_defined %} vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }} +{% endif %} {% endif %} {% endfor %} {% endif %} diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2 index 82dcefac0..155b7f4d0 100644..100755 --- a/data/templates/firewall/nftables.j2 +++ b/data/templates/firewall/nftables.j2 @@ -135,7 +135,7 @@ table ip vyos_filter { {% endif %} {% endfor %} {% endif %} - {{ conf | nft_default_rule(name_text, 'ipv4') }} + {{ conf | nft_default_rule('NAM-' + name_text, 'ipv4') }} } {% endfor %} {% endif %} @@ -287,7 +287,7 @@ table ip6 vyos_filter { {% endif %} {% endfor %} {% endif %} - {{ conf | nft_default_rule(name_text, 'ipv6') }} + {{ conf | nft_default_rule('NAM-' + name_text, 'ipv6') }} } {% endfor %} {% endif %} @@ -416,7 +416,7 @@ table bridge vyos_filter { {% endif %} {% endfor %} {% endif %} - {{ conf | nft_default_rule(name_text, 'bri') }} + {{ conf | nft_default_rule('NAM-' + name_text, 'bri') }} } {% endfor %} {% endif %} diff --git a/data/templates/ids/suricata.j2 b/data/templates/ids/suricata.j2 index 585db93eb..d76994c47 100644 --- a/data/templates/ids/suricata.j2 +++ b/data/templates/ids/suricata.j2 @@ -79,7 +79,7 @@ af-packet: {% for interface in suricata.interface %} - interface: {{ interface }} # Default clusterid. AF_PACKET will load balance packets based on flow. - cluster-id: 99 + cluster-id: {{ 100 - loop.index }} # Default AF_PACKET cluster type. AF_PACKET can load balance per flow or per hash. # This is only supported for Linux kernel > 3.1 # possible value are: |