summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/configd-include.json3
-rw-r--r--data/templates/accel-ppp/chap-secrets.ipoe.tmpl26
-rw-r--r--data/templates/accel-ppp/config_chap_secrets_radius.j22
-rw-r--r--data/templates/accel-ppp/ipoe.config.tmpl24
-rw-r--r--data/templates/accel-ppp/l2tp.config.tmpl28
-rw-r--r--data/templates/accel-ppp/pppoe.config.tmpl2
-rw-r--r--data/templates/accel-ppp/pptp.config.tmpl18
-rw-r--r--data/templates/bcast-relay/udp-broadcast-relay.tmpl2
-rw-r--r--data/templates/dhcp-relay/config.tmpl4
-rw-r--r--data/templates/dhcp-relay/dhcrelay.conf.tmpl6
-rw-r--r--data/templates/dhcp-relay/dhcrelay6.conf.tmpl21
-rw-r--r--data/templates/dhcp-server/dhcpd.conf.tmpl180
-rw-r--r--data/templates/dhcpv6-relay/config.tmpl4
-rw-r--r--data/templates/dhcpv6-server/dhcpdv6.conf.tmpl100
-rw-r--r--data/templates/firewall/nftables-nat.tmpl142
-rw-r--r--data/templates/frr/bfd.frr.tmpl8
-rw-r--r--data/templates/frr/bgp.frr.tmpl1243
-rw-r--r--data/templates/frr/igmp.frr.tmpl50
-rw-r--r--data/templates/frr/ldpd.frr.tmpl273
-rw-r--r--data/templates/frr/pimd.frr.tmpl40
-rw-r--r--data/templates/frr/rip.frr.tmpl188
-rw-r--r--data/templates/frr/static_mcast.frr.tmpl28
-rw-r--r--data/templates/ids/fastnetmon.tmpl18
-rw-r--r--data/templates/igmp-proxy/igmpproxy.conf.tmpl51
-rw-r--r--data/templates/lldp/vyos.conf.tmpl18
-rw-r--r--data/templates/netflow/uacctd.conf.tmpl80
-rw-r--r--data/templates/ntp/ntp.conf.tmpl14
-rw-r--r--data/templates/openvpn/auth.pw.tmpl5
-rw-r--r--data/templates/openvpn/server.conf.tmpl35
-rw-r--r--data/templates/pppoe/ip-pre-up.script.tmpl2
-rw-r--r--data/templates/pppoe/ip-up.script.tmpl6
-rw-r--r--data/templates/pppoe/ipv6-up.script.tmpl8
-rw-r--r--data/templates/pppoe/peer.tmpl8
-rw-r--r--data/templates/router-advert/radvd.conf.tmpl2
-rw-r--r--data/templates/salt-minion/minion.tmpl2
-rw-r--r--data/templates/snmp/usr.snmpd.conf.tmpl4
-rw-r--r--data/templates/snmp/var.snmpd.conf.tmpl14
-rw-r--r--data/templates/syslog/rsyslog.conf.tmpl8
-rw-r--r--data/templates/vrf/vrf.conf.tmpl4
-rw-r--r--data/templates/vrrp/keepalived.conf.tmpl68
-rw-r--r--data/templates/vyos-hostsd/hosts.tmpl16
-rw-r--r--data/templates/vyos-hostsd/resolv.conf.tmpl25
-rw-r--r--data/templates/wifi/hostapd.conf.tmpl8
-rw-r--r--data/templates/wwan/ip-pre-up.script.tmpl2
44 files changed, 1001 insertions, 1789 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index 2e44405ee..eb1dd13f9 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -29,6 +29,7 @@
"lldp.py",
"nat.py",
"ntp.py",
+"policy-local-route.py",
"protocols_igmp.py",
"protocols_isis.py",
"protocols_mpls.py",
@@ -46,7 +47,7 @@
"system-ip.py",
"system-ipv6.py",
"system-login-banner.py",
-"system-options.py",
+"system-option.py",
"system-syslog.py",
"system-timezone.py",
"system_console.py",
diff --git a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl b/data/templates/accel-ppp/chap-secrets.ipoe.tmpl
index a7d899354..1df878fcf 100644
--- a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl
+++ b/data/templates/accel-ppp/chap-secrets.ipoe.tmpl
@@ -1,18 +1,18 @@
# username server password acceptable local IP addresses shaper
-{% for interface in auth_interfaces -%}
-{% for mac in interface.mac -%}
-{% if mac.rate_upload and mac.rate_download -%}
-{% if mac.vlan_id -%}
+{% for interface in auth_interfaces %}
+{% for mac in interface.mac %}
+{% if mac.rate_upload and mac.rate_download %}
+{% if mac.vlan_id %}
{{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }}
-{% else -%}
+{% else %}
{{ interface.name }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }}
-{% endif -%}
-{% else -%}
-{% if mac.vlan_id -%}
+{% endif %}
+{% else %}
+{% if mac.vlan_id %}
{{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} *
-{% else -%}
+{% else %}
{{ interface.name }} * {{ mac.address | lower }} *
-{% endif -%}
-{% endif -%}
-{% endfor -%}
-{% endfor -%}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endfor %}
diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2
index c94e75a23..52d5d40e7 100644
--- a/data/templates/accel-ppp/config_chap_secrets_radius.j2
+++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2
@@ -27,7 +27,7 @@ called-sid={{ authentication.radius.called_sid_format }}
{% endif %}
{% if authentication.radius.dynamic_author.server is defined and authentication.radius.dynamic_author.server is not none %}
dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }}
-{% endif -%}
+{% endif %}
{% endif %}
{# Both chap-secrets and radius block required the gw-ip-address #}
{% if gateway_address is defined and gateway_address is not none %}
diff --git a/data/templates/accel-ppp/ipoe.config.tmpl b/data/templates/accel-ppp/ipoe.config.tmpl
index ab61f7f5a..1cf2ab0be 100644
--- a/data/templates/accel-ppp/ipoe.config.tmpl
+++ b/data/templates/accel-ppp/ipoe.config.tmpl
@@ -35,7 +35,7 @@ password=csid
{% endif %}
proxy-arp=1
-{%- for interface in interfaces %}
+{% for interface in interfaces %}
{% if (interface.shared == '0') and (interface.vlan_mon) %}
vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }}
{% endif %}
@@ -43,16 +43,16 @@ vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }}
{% if dnsv4 %}
[dns]
-{% for dns in dnsv4 -%}
+{% for dns in dnsv4 %}
dns{{ loop.index }}={{ dns }}
-{% endfor -%}
+{% endfor %}
{% endif %}
{% if dnsv6 %}
[ipv6-dns]
-{% for dns in dnsv6 -%}
+{% for dns in dnsv6 %}
{{ dns }}
-{% endfor -%}
+{% endfor %}
{% endif %}
[ipv6-nd]
@@ -79,7 +79,7 @@ chap-secrets={{ chap_secrets_file }}
verbose=1
{% for r in radius_server %}
server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
-{% endfor -%}
+{% endfor %}
{% if radius_acct_inter_jitter %}
acct-interim-jitter={{ radius_acct_inter_jitter }}
@@ -90,17 +90,17 @@ timeout={{ radius_timeout }}
max-try={{ radius_max_try }}
{% if radius_nas_id %}
nas-identifier={{ radius_nas_id }}
-{% endif -%}
+{% endif %}
{% if radius_nas_ip %}
nas-ip-address={{ radius_nas_ip }}
-{% endif -%}
+{% endif %}
{% if radius_source_address %}
bind={{ radius_source_address }}
-{% endif -%}
+{% endif %}
{% if radius_dynamic_author %}
dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }}
-{% endif -%}
+{% endif %}
{% if radius_shaper_attr %}
[shaper]
@@ -108,8 +108,8 @@ verbose=1
attr={{ radius_shaper_attr }}
{% if radius_shaper_vendor %}
vendor={{ radius_shaper_vendor }}
-{% endif -%}
-{% endif -%}
+{% endif %}
+{% endif %}
{% endif %}
[cli]
diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.tmpl
index 9a3c27912..070a966b7 100644
--- a/data/templates/accel-ppp/l2tp.config.tmpl
+++ b/data/templates/accel-ppp/l2tp.config.tmpl
@@ -9,7 +9,7 @@ chap-secrets
{% if auth_mode == 'radius' %}
radius
-{% endif -%}
+{% endif %}
ippool
shaper
@@ -27,23 +27,23 @@ level=5
{% if dnsv4 %}
[dns]
-{% for dns in dnsv4 -%}
+{% for dns in dnsv4 %}
dns{{ loop.index }}={{ dns }}
-{% endfor -%}
+{% endfor %}
{% endif %}
{% if dnsv6 %}
[ipv6-dns]
-{% for dns in dnsv6 -%}
+{% for dns in dnsv6 %}
{{ dns }}
-{% endfor -%}
+{% endfor %}
{% endif %}
{% if wins %}
[wins]
-{% for server in wins -%}
+{% for server in wins %}
wins{{ loop.index }}={{ server }}
-{% endfor -%}
+{% endfor %}
{% endif %}
[l2tp]
@@ -65,11 +65,11 @@ secret={{ lns_shared_secret }}
[ip-pool]
{% if client_ip_pool %}
{{ client_ip_pool }}
-{% endif -%}
+{% endif %}
{% if client_ip_subnets %}
{% for sn in client_ip_subnets %}
{{sn}}
-{% endfor -%}
+{% endfor %}
{% endif %}
{% endif %}
{% if gateway_address %}
@@ -84,7 +84,7 @@ chap-secrets={{ chap_secrets_file }}
verbose=1
{% for r in radius_server %}
server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
-{% endfor -%}
+{% endfor %}
{% if radius_acct_inter_jitter %}
acct-interim-jitter={{ radius_acct_inter_jitter }}
@@ -96,13 +96,13 @@ max-try={{ radius_max_try }}
{% if radius_nas_id %}
nas-identifier={{ radius_nas_id }}
-{% endif -%}
+{% endif %}
{% if radius_nas_ip %}
nas-ip-address={{ radius_nas_ip }}
-{% endif -%}
+{% endif %}
{% if radius_source_address %}
bind={{ radius_source_address }}
-{% endif -%}
+{% endif %}
{% endif %}
{% if gateway_address %}
gw-ip-address={{ gateway_address }}
@@ -144,7 +144,7 @@ verbose=1
attr={{ radius_shaper_attr }}
{% if radius_shaper_vendor %}
vendor={{ radius_shaper_vendor }}
-{% endif -%}
+{% endif %}
{% endif %}
[cli]
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl
index 19adbc890..1d6c1fefc 100644
--- a/data/templates/accel-ppp/pppoe.config.tmpl
+++ b/data/templates/accel-ppp/pppoe.config.tmpl
@@ -108,7 +108,7 @@ interface=re:{{ interface.name }}\.\d+
{% if service_name %}
service-name={{ service_name | join(',') }}
-{% endif -%}
+{% endif %}
{% if pado_delay %}
pado-delay={{ pado_delay }}
diff --git a/data/templates/accel-ppp/pptp.config.tmpl b/data/templates/accel-ppp/pptp.config.tmpl
index dc77b42e9..5a6cfe749 100644
--- a/data/templates/accel-ppp/pptp.config.tmpl
+++ b/data/templates/accel-ppp/pptp.config.tmpl
@@ -7,7 +7,7 @@ ippool
chap-secrets
{% elif auth_mode == 'radius' %}
radius
-{% endif -%}
+{% endif %}
{% for proto in auth_proto %}
{{proto}}
{% endfor %}
@@ -22,16 +22,16 @@ level=5
{% if dnsv4 %}
[dns]
-{% for dns in dnsv4 -%}
+{% for dns in dnsv4 %}
dns{{ loop.index }}={{ dns }}
-{% endfor -%}
+{% endfor %}
{% endif %}
{% if wins %}
[wins]
-{% for server in wins -%}
+{% for server in wins %}
wins{{ loop.index }}={{ server }}
-{% endfor -%}
+{% endfor %}
{% endif %}
@@ -67,7 +67,7 @@ chap-secrets={{ chap_secrets_file }}
verbose=1
{% for r in radius_server %}
server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
-{% endfor -%}
+{% endfor %}
{% if radius_acct_inter_jitter %}
acct-interim-jitter={{ radius_acct_inter_jitter }}
@@ -79,13 +79,13 @@ max-try={{ radius_max_try }}
{% if radius_nas_id %}
nas-identifier={{ radius_nas_id }}
-{% endif -%}
+{% endif %}
{% if radius_nas_ip %}
nas-ip-address={{ radius_nas_ip }}
-{% endif -%}
+{% endif %}
{% if radius_source_address %}
bind={{ radius_source_address }}
-{% endif -%}
+{% endif %}
{% endif %}
[cli]
diff --git a/data/templates/bcast-relay/udp-broadcast-relay.tmpl b/data/templates/bcast-relay/udp-broadcast-relay.tmpl
index d0c7d8bf9..73e9acad4 100644
--- a/data/templates/bcast-relay/udp-broadcast-relay.tmpl
+++ b/data/templates/bcast-relay/udp-broadcast-relay.tmpl
@@ -1,7 +1,7 @@
### Autogenerated by bcast_relay.py ###
# UDP broadcast relay configuration for instance {{ id }}
-{%- if description %}
+{% if description %}
# Comment: {{ description }}
{% endif %}
DAEMON_ARGS="{{ '-s ' + address if address is defined }} {{ instance }} {{ port }} {{ interface | join(' ') }}"
diff --git a/data/templates/dhcp-relay/config.tmpl b/data/templates/dhcp-relay/config.tmpl
deleted file mode 100644
index b223807cf..000000000
--- a/data/templates/dhcp-relay/config.tmpl
+++ /dev/null
@@ -1,4 +0,0 @@
-### Autogenerated by dhcp_relay.py ###
-
-# Defaults for isc-dhcp-relay6.service
-OPTIONS="{{ options | join(' ') }} -i {{ interface | join(' -i ') }} {{ server | join(' ') }}"
diff --git a/data/templates/dhcp-relay/dhcrelay.conf.tmpl b/data/templates/dhcp-relay/dhcrelay.conf.tmpl
new file mode 100644
index 000000000..a9d17ed9a
--- /dev/null
+++ b/data/templates/dhcp-relay/dhcrelay.conf.tmpl
@@ -0,0 +1,6 @@
+### Autogenerated by dhcp_relay.py ###
+
+{% set max_size = '-A ' + relay_options.max_size if relay_options.max_size is defined and relay_options.max_size is not none %}
+{# hop_count and relay_agents_packets is a default option, thus it is always present #}
+OPTIONS="-c {{ relay_options.hop_count }} -a -m {{ relay_options.relay_agents_packets }} {{ max_size }} -i {{ interface | join(' -i ') }} {{ server | join(' ') }}"
+
diff --git a/data/templates/dhcp-relay/dhcrelay6.conf.tmpl b/data/templates/dhcp-relay/dhcrelay6.conf.tmpl
new file mode 100644
index 000000000..58c216b7c
--- /dev/null
+++ b/data/templates/dhcp-relay/dhcrelay6.conf.tmpl
@@ -0,0 +1,21 @@
+### Autogenerated by dhcpv6_relay.py ###
+
+{# upstream_interface is mandatory so it's always present #}
+{% set upstream = namespace(value='') %}
+{% for interface, config in upstream_interface.items() %}
+{% for address in config.address %}
+{% set upstream.value = upstream.value + '-u ' + address + '%' + interface + ' ' %}
+{% endfor %}
+{% endfor %}
+{# listen_interface is mandatory so it's always present #}
+{% set listen = namespace(value='') %}
+{% for interface, config in listen_interface.items() %}
+{% if config.address is defined and config.address is not none %}
+{% set listen.value = listen.value + '-l ' + config.address + '%' + interface + ' ' %}
+{% else %}
+{% set listen.value = listen.value + '-l ' + interface + ' ' %}
+{% endif %}
+{% endfor %}
+
+OPTIONS="{{ listen.value }} {{ upstream.value }} -c {{ max_hop_count }} {{ '-I' if use_interface_id_option is defined }}"
+
diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl
index 5f5129451..f431d3207 100644
--- a/data/templates/dhcp-server/dhcpd.conf.tmpl
+++ b/data/templates/dhcp-server/dhcpd.conf.tmpl
@@ -23,38 +23,38 @@ on expiry {
execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "release", ClientName, ClientIp, ClientMac, ClientDomain);
}
{% endif %}
-{%- if host_decl_name %}
+{% if host_decl_name %}
use-host-decl-names on;
-{%- endif %}
-ddns-update-style {% if ddns_enable -%} interim {%- else -%} none {%- endif %};
-{% if static_route -%}
+{% endif %}
+ddns-update-style {% if ddns_enable %} interim {% else %} none {% endif %};
+{% if static_route %}
option rfc3442-static-route code 121 = array of integer 8;
option windows-static-route code 249 = array of integer 8;
-{%- endif %}
-{% if wpad -%}
+{% endif %}
+{% if wpad %}
option wpad-url code 252 = text;
{% endif %}
-{%- if global_parameters %}
+{% if global_parameters %}
# The following {{ global_parameters | length }} line(s) were added as global-parameters in the CLI and have not been validated
-{%- for param in global_parameters %}
+{% for param in global_parameters %}
{{ param }}
-{%- endfor -%}
-{%- endif %}
+{% endfor %}
+{% endif %}
# Failover configuration
{% for network in shared_network %}
-{%- if not network.disabled -%}
-{%- for subnet in network.subnet %}
-{%- if subnet.failover_name -%}
+{% if not network.disabled %}
+{% for subnet in network.subnet %}
+{% if subnet.failover_name %}
failover peer "{{ subnet.failover_name }}" {
-{%- if subnet.failover_status == 'primary' %}
+{% if subnet.failover_status == 'primary' %}
primary;
mclt 1800;
split 128;
-{%- elif subnet.failover_status == 'secondary' %}
+{% elif subnet.failover_status == 'secondary' %}
secondary;
-{%- endif %}
+{% endif %}
address {{ subnet.failover_local_addr }};
port 520;
peer address {{ subnet.failover_peer_addr }};
@@ -63,133 +63,133 @@ failover peer "{{ subnet.failover_name }}" {
max-unacked-updates 10;
load balance max seconds 3;
}
-{% endif -%}
-{% endfor -%}
-{% endif -%}
+{% endif %}
+{% endfor %}
+{% endif %}
{% endfor %}
# Shared network configration(s)
{% for network in shared_network %}
-{%- if not network.disabled -%}
+{% if not network.disabled %}
shared-network {{ network.name }} {
- {%- if network.authoritative %}
+ {% if network.authoritative %}
authoritative;
- {%- endif %}
- {%- if network.network_parameters %}
+ {% endif %}
+ {% if network.network_parameters %}
# The following {{ network.network_parameters | length }} line(s) were added as shared-network-parameters in the CLI and have not been validated
- {%- for param in network.network_parameters %}
+ {% for param in network.network_parameters %}
{{ param }}
- {%- endfor %}
- {%- endif %}
- {%- for subnet in network.subnet %}
+ {% endfor %}
+ {% endif %}
+ {% for subnet in network.subnet %}
subnet {{ subnet.address }} netmask {{ subnet.netmask }} {
- {%- if subnet.dns_server %}
+ {% if subnet.dns_server %}
option domain-name-servers {{ subnet.dns_server | join(', ') }};
- {%- endif %}
- {%- if subnet.domain_search %}
+ {% endif %}
+ {% if subnet.domain_search %}
option domain-search {{ subnet.domain_search | join(', ') }};
- {%- endif %}
- {%- if subnet.ntp_server %}
+ {% endif %}
+ {% if subnet.ntp_server %}
option ntp-servers {{ subnet.ntp_server | join(', ') }};
- {%- endif %}
- {%- if subnet.pop_server %}
+ {% endif %}
+ {% if subnet.pop_server %}
option pop-server {{ subnet.pop_server | join(', ') }};
- {%- endif %}
- {%- if subnet.smtp_server %}
+ {% endif %}
+ {% if subnet.smtp_server %}
option smtp-server {{ subnet.smtp_server | join(', ') }};
- {%- endif %}
- {%- if subnet.time_server %}
+ {% endif %}
+ {% if subnet.time_server %}
option time-servers {{ subnet.time_server | join(', ') }};
- {%- endif %}
- {%- if subnet.wins_server %}
+ {% endif %}
+ {% if subnet.wins_server %}
option netbios-name-servers {{ subnet.wins_server | join(', ') }};
- {%- endif %}
- {%- if subnet.static_route %}
+ {% endif %}
+ {% if subnet.static_route %}
option rfc3442-static-route {{ subnet.static_route }}{% if subnet.rfc3442_default_router %}, {{ subnet.rfc3442_default_router }}{% endif %};
option windows-static-route {{ subnet.static_route }};
- {%- endif %}
- {%- if subnet.ip_forwarding %}
+ {% endif %}
+ {% if subnet.ip_forwarding %}
option ip-forwarding true;
- {%- endif -%}
- {%- if subnet.default_router %}
+ {% endif %}
+ {% if subnet.default_router %}
option routers {{ subnet.default_router }};
- {%- endif -%}
- {%- if subnet.server_identifier %}
+ {% endif %}
+ {% if subnet.server_identifier %}
option dhcp-server-identifier {{ subnet.server_identifier }};
- {%- endif -%}
- {%- if subnet.domain_name %}
+ {% endif %}
+ {% if subnet.domain_name %}
option domain-name "{{ subnet.domain_name }}";
- {%- endif -%}
- {%- if subnet.subnet_parameters %}
+ {% endif %}
+ {% if subnet.subnet_parameters %}
# The following {{ subnet.subnet_parameters | length }} line(s) were added as subnet-parameters in the CLI and have not been validated
- {%- for param in subnet.subnet_parameters %}
+ {% for param in subnet.subnet_parameters %}
{{ param }}
- {%- endfor -%}
- {%- endif %}
- {%- if subnet.tftp_server %}
+ {% endfor %}
+ {% endif %}
+ {% if subnet.tftp_server %}
option tftp-server-name "{{ subnet.tftp_server }}";
- {%- endif -%}
- {%- if subnet.bootfile_name %}
+ {% endif %}
+ {% if subnet.bootfile_name %}
option bootfile-name "{{ subnet.bootfile_name }}";
filename "{{ subnet.bootfile_name }}";
- {%- endif -%}
- {%- if subnet.bootfile_server %}
+ {% endif %}
+ {% if subnet.bootfile_server %}
next-server {{ subnet.bootfile_server }};
- {%- endif -%}
- {%- if subnet.time_offset %}
+ {% endif %}
+ {% if subnet.time_offset %}
option time-offset {{ subnet.time_offset }};
- {%- endif -%}
- {%- if subnet.wpad_url %}
+ {% endif %}
+ {% if subnet.wpad_url %}
option wpad-url "{{ subnet.wpad_url }}";
- {%- endif -%}
- {%- if subnet.client_prefix_length %}
+ {% endif %}
+ {% if subnet.client_prefix_length %}
option subnet-mask {{ subnet.client_prefix_length }};
- {%- endif -%}
+ {% endif %}
{% if subnet.lease %}
default-lease-time {{ subnet.lease }};
max-lease-time {{ subnet.lease }};
- {%- endif -%}
- {%- for host in subnet.static_mapping %}
- {% if not host.disabled -%}
- host {% if host_decl_name -%} {{ host.name }} {%- else -%} {{ network.name }}_{{ host.name }} {%- endif %} {
- {%- if host.ip_address %}
+ {% endif %}
+ {% for host in subnet.static_mapping %}
+ {% if not host.disabled %}
+ host {% if host_decl_name %} {{ host.name }} {% else %} {{ network.name }}_{{ host.name }} {% endif %} {
+ {% if host.ip_address %}
fixed-address {{ host.ip_address }};
- {%- endif %}
+ {% endif %}
hardware ethernet {{ host.mac_address }};
- {%- if host.static_parameters %}
+ {% if host.static_parameters %}
# The following {{ host.static_parameters | length }} line(s) were added as static-mapping-parameters in the CLI and have not been validated
- {%- for param in host.static_parameters %}
+ {% for param in host.static_parameters %}
{{ param }}
- {%- endfor -%}
- {%- endif %}
+ {% endfor %}
+ {% endif %}
}
- {%- endif %}
- {%- endfor %}
- {%- if subnet.failover_name %}
+ {% endif %}
+ {% endfor %}
+ {% if subnet.failover_name %}
pool {
failover peer "{{ subnet.failover_name }}";
deny dynamic bootp clients;
- {%- for range in subnet.range %}
+ {% for range in subnet.range %}
range {{ range.start }} {{ range.stop }};
- {%- endfor %}
+ {% endfor %}
}
- {%- else %}
- {%- for range in subnet.range %}
+ {% else %}
+ {% for range in subnet.range %}
range {{ range.start }} {{ range.stop }};
- {%- endfor %}
- {%- endif %}
+ {% endfor %}
+ {% endif %}
}
- {%- endfor %}
+ {% endfor %}
on commit {
set shared-networkname = "{{ network.name }}";
- {% if hostfile_update -%}
+ {% if hostfile_update %}
set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name);
set ClientIp = binary-to-ascii(10, 8, ".", leased-address);
set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));
set ClientDomain = pick-first-value(config-option domain-name, "..YYZ!");
execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "commit", ClientName, ClientIp, ClientMac, ClientDomain);
- {%- endif %}
+ {% endif %}
}
}
-{%- endif %}
+{% endif %}
{% endfor %}
diff --git a/data/templates/dhcpv6-relay/config.tmpl b/data/templates/dhcpv6-relay/config.tmpl
deleted file mode 100644
index 55035ae6c..000000000
--- a/data/templates/dhcpv6-relay/config.tmpl
+++ /dev/null
@@ -1,4 +0,0 @@
-### Autogenerated by dhcpv6_relay.py ###
-
-# Defaults for isc-dhcp-relay6.service
-OPTIONS="-l {{ listen_addr | join(' -l ') }} -u {{ upstream_addr | join(' -u ') }} {{ options | join(' ') }}"
diff --git a/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl b/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl
index bdeea71da..aa6d7fb5d 100644
--- a/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl
+++ b/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl
@@ -4,87 +4,87 @@
# https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html
log-facility local7;
-{%- if preference %}
+{% if preference %}
option dhcp6.preference {{ preference }};
-{%- endif %}
+{% endif %}
# Shared network configration(s)
{% for network in shared_network %}
-{%- if not network.disabled -%}
+{% if not network.disabled %}
shared-network {{ network.name }} {
- {%- if network.common.info_refresh_time %}
+ {% if network.common.info_refresh_time %}
option dhcp6.info-refresh-time {{ network.common.info_refresh_time }};
- {%- endif %}
- {%- if network.common.domain_search %}
+ {% endif %}
+ {% if network.common.domain_search %}
option dhcp6.domain-search "{{ network.common.domain_search | join('", "') }}";
- {%- endif %}
- {%- if network.common.dns_server %}
+ {% endif %}
+ {% if network.common.dns_server %}
option dhcp6.name-servers {{ network.common.dns_server | join(', ') }};
- {%- endif %}
- {%- for subnet in network.subnet %}
+ {% endif %}
+ {% for subnet in network.subnet %}
subnet6 {{ subnet.network }} {
- {%- for range in subnet.range6_prefix %}
+ {% for range in subnet.range6_prefix %}
range6 {{ range.prefix }}{{ " temporary" if range.temporary }};
- {%- endfor %}
- {%- for range in subnet.range6 %}
+ {% endfor %}
+ {% for range in subnet.range6 %}
range6 {{ range.start }} {{ range.stop }};
- {%- endfor %}
- {%- if subnet.domain_search %}
+ {% endfor %}
+ {% if subnet.domain_search %}
option dhcp6.domain-search "{{ subnet.domain_search | join('", "') }}";
- {%- endif %}
- {%- if subnet.lease_def %}
+ {% endif %}
+ {% if subnet.lease_def %}
default-lease-time {{ subnet.lease_def }};
- {%- endif %}
- {%- if subnet.lease_max %}
+ {% endif %}
+ {% if subnet.lease_max %}
max-lease-time {{ subnet.lease_max }};
- {%- endif %}
- {%- if subnet.lease_min %}
+ {% endif %}
+ {% if subnet.lease_min %}
min-lease-time {{ subnet.lease_min }};
- {%- endif %}
- {%- if subnet.dns_server %}
+ {% endif %}
+ {% if subnet.dns_server %}
option dhcp6.name-servers {{ subnet.dns_server | join(', ') }};
- {%- endif %}
- {%- if subnet.nis_domain %}
+ {% endif %}
+ {% if subnet.nis_domain %}
option dhcp6.nis-domain-name "{{ subnet.nis_domain }}";
- {%- endif %}
- {%- if subnet.nis_server %}
+ {% endif %}
+ {% if subnet.nis_server %}
option dhcp6.nis-servers {{ subnet.nis_server | join(', ') }};
- {%- endif %}
- {%- if subnet.nisp_domain %}
+ {% endif %}
+ {% if subnet.nisp_domain %}
option dhcp6.nisp-domain-name "{{ subnet.nisp_domain }}";
- {%- endif %}
- {%- if subnet.nisp_server %}
+ {% endif %}
+ {% if subnet.nisp_server %}
option dhcp6.nisp-servers {{ subnet.nisp_server | join(', ') }};
- {%- endif %}
- {%- if subnet.sip_address %}
+ {% endif %}
+ {% if subnet.sip_address %}
option dhcp6.sip-servers-addresses {{ subnet.sip_address | join(', ') }};
- {%- endif %}
- {%- if subnet.sip_hostname %}
+ {% endif %}
+ {% if subnet.sip_hostname %}
option dhcp6.sip-servers-names "{{ subnet.sip_hostname | join('", "') }}";
- {%- endif %}
- {%- if subnet.sntp_server %}
+ {% endif %}
+ {% if subnet.sntp_server %}
option dhcp6.sntp-servers {{ subnet.sntp_server | join(', ') }};
- {%- endif %}
- {%- for prefix in subnet.prefix_delegation %}
+ {% endif %}
+ {% for prefix in subnet.prefix_delegation %}
prefix6 {{ prefix.start }} {{ prefix.stop }} /{{ prefix.length }};
- {%- endfor %}
- {%- for host in subnet.static_mapping %}
- {% if not host.disabled -%}
+ {% endfor %}
+ {% for host in subnet.static_mapping %}
+ {% if not host.disabled %}
host {{ network.name }}_{{ host.name }} {
- {%- if host.client_identifier %}
+ {% if host.client_identifier %}
host-identifier option dhcp6.client-id {{ host.client_identifier }};
- {%- endif %}
- {%- if host.ipv6_address %}
+ {% endif %}
+ {% if host.ipv6_address %}
fixed-address6 {{ host.ipv6_address }};
- {%- endif %}
+ {% endif %}
}
- {%- endif %}
- {%- endfor %}
+ {% endif %}
+ {% endfor %}
}
- {%- endfor %}
+ {% endfor %}
on commit {
set shared-networkname = "{{ network.name }}";
}
}
-{%- endif %}
+{% endif %}
{% endfor %}
diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl
index 286c21859..8769c2384 100644
--- a/data/templates/firewall/nftables-nat.tmpl
+++ b/data/templates/firewall/nftables-nat.tmpl
@@ -1,161 +1,143 @@
#!/usr/sbin/nft -f
-# Start with clean NAT table
-flush table nat
-
-{% if helper_functions == 'remove' %}
-{# NAT if going to be disabled - remove rules and targets from nftables #}
-
-{% set base_command = "delete rule ip raw" %}
-{{ base_command }} PREROUTING handle {{ pre_ct_ignore }}
-{{ base_command }} OUTPUT handle {{ out_ct_ignore }}
-{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }}
-{{ base_command }} OUTPUT handle {{ out_ct_conntrack }}
-
-delete chain ip raw NAT_CONNTRACK
-
-{% elif helper_functions == 'add' %}
-{# NAT if enabled - add targets to nftables #}
-add chain ip raw NAT_CONNTRACK
-add rule ip raw NAT_CONNTRACK counter accept
-
-{% set base_command = "add rule ip raw" %}
-
-{{ base_command }} PREROUTING position {{ pre_ct_ignore }} counter jump VYATTA_CT_HELPER
-{{ base_command }} OUTPUT position {{ out_ct_ignore }} counter jump VYATTA_CT_HELPER
-{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK
-{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK
-{% endif %}
-
-{% macro nat_rule(rule, chain) %}
+{% macro nat_rule(rule, config, chain) %}
{% set comment = "" %}
{% set base_log = "" %}
-
-{% set src_addr = "ip saddr " + rule.source_address if rule.source_address %}
-{% set dst_addr = "ip daddr " + rule.dest_address if rule.dest_address %}
-
+{% set src_addr = "ip saddr " + config.source.address if config.source is defined and config.source.address is defined and config.source.address is not none %}
+{% set dst_addr = "ip daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %}
{# negated port groups need special treatment, move != in front of { } group #}
-{% if rule.source_port.startswith('!=') %}
-{% set src_port = "sport != { " + rule.source_port.replace('!=','') +" }" if rule.source_port %}
+{% if config.source is defined and config.source.port is defined and config.source.port is not none and config.source.port.startswith('!=') %}
+{% set src_port = "sport != { " + config.source.port.replace('!=','') +" }" %}
{% else %}
-{% set src_port = "sport { " + rule.source_port +" }" if rule.source_port %}
+{% set src_port = "sport { " + config.source.port +" }" if config.source is defined and config.source.port is defined and config.source.port is not none %}
{% endif %}
-
{# negated port groups need special treatment, move != in front of { } group #}
-{% if rule.dest_port.startswith('!=') %}
-{% set dst_port = "dport != { " + rule.dest_port.replace('!=','') +" }" if rule.dest_port %}
+{% if config.destination is defined and config.destination.port is defined and config.destination.port is not none and config.destination.port.startswith('!=') %}
+{% set dst_port = "dport != { " + config.destination.port.replace('!=','') +" }" %}
{% else %}
-{% set dst_port = "dport { " + rule.dest_port +" }" if rule.dest_port %}
+{% set dst_port = "dport { " + config.destination.port +" }" if config.destination is defined and config.destination.port is defined and config.destination.port is not none %}
{% endif %}
-
{% if chain == "PREROUTING" %}
-{% set comment = "DST-NAT-" + rule.number %}
-{% set base_log = "[NAT-DST-" + rule.number %}
-{% set interface = " iifname \"" + rule.interface_in + "\"" if rule.interface_in is defined and rule.interface_in != 'any' else '' %}
-{% set trns_addr = "dnat to " + rule.translation_address %}
-
+{% set comment = "DST-NAT-" + rule %}
+{% set base_log = "[NAT-DST-" + rule %}
+{% set interface = " iifname \"" + config.inbound_interface + "\"" if config.inbound_interface is defined and config.inbound_interface != 'any' else '' %}
+{% set trns_addr = "dnat to " + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %}
{% elif chain == "POSTROUTING" %}
-{% set comment = "SRC-NAT-" + rule.number %}
-{% set base_log = "[NAT-SRC-" + rule.number %}
-{% set interface = " oifname \"" + rule.interface_out + "\"" if rule.interface_out is defined and rule.interface_out != 'any' else '' %}
-{% if rule.translation_address == 'masquerade' %}
-{% set trns_addr = rule.translation_address %}
-{% if rule.translation_port %}
+{% set comment = "SRC-NAT-" + rule %}
+{% set base_log = "[NAT-SRC-" + rule %}
+{% set interface = " oifname \"" + config.outbound_interface + "\"" if config.outbound_interface is defined and config.outbound_interface != 'any' else '' %}
+{% if config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %}
+{% set trns_addr = config.translation.address %}
+{% if config.translation.port is defined and config.translation.port is not none %}
{% set trns_addr = trns_addr + " to " %}
{% endif %}
{% else %}
-{% set trns_addr = "snat to " + rule.translation_address %}
+{% set trns_addr = "snat to " + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %}
{% endif %}
{% endif %}
-{% set trns_port = ":" + rule.translation_port if rule.translation_port %}
-
-{% if rule.protocol == "tcp_udp" %}
+{% set trns_port = ":" + config.translation.port if config.translation is defined and config.translation.port is defined and config.translation.port is not none %}
+{# protocol has a default value thus it is always present #}
+{% if config.protocol == "tcp_udp" %}
{% set protocol = "tcp" %}
{% set comment = comment + " tcp_udp" %}
{% else %}
-{% set protocol = rule.protocol %}
+{% set protocol = config.protocol %}
{% endif %}
-
-{% if rule.log %}
-{% if rule.exclude %}
+{% if config.log is defined %}
+{% if config.exclude is defined %}
{% set log = base_log + "-EXCL]" %}
-{% elif rule.translation_address == 'masquerade' %}
+{% elif config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %}
{% set log = base_log + "-MASQ]" %}
{% else %}
{% set log = base_log + "]" %}
{% endif %}
{% endif %}
-
-{% if rule.exclude %}
+{% if config.exclude is defined %}
{# rule has been marked as "exclude" thus we simply return here #}
{% set trns_addr = "return" %}
{% set trns_port = "" %}
{% endif %}
-
{% set output = "add rule ip nat " + chain + interface %}
-
{% if protocol != "all" %}
{% set output = output + " ip protocol " + protocol %}
{% endif %}
-
{% if src_addr %}
{% set output = output + " " + src_addr %}
{% endif %}
{% if src_port %}
{% set output = output + " " + protocol + " " + src_port %}
{% endif %}
-
{% if dst_addr %}
{% set output = output + " " + dst_addr %}
{% endif %}
{% if dst_port %}
{% set output = output + " " + protocol + " " + dst_port %}
{% endif %}
-
{# Count packets #}
{% set output = output + " counter" %}
-
{# Special handling of log option, we must repeat the entire rule before the #}
{# NAT translation options are added, this is essential #}
{% if log %}
{% set log_output = output + " log prefix \"" + log + "\" comment \"" + comment + "\"" %}
{% endif %}
-
{% if trns_addr %}
{% set output = output + " " + trns_addr %}
{% endif %}
-
{% if trns_port %}
{# Do not add a whitespace here, translation port must be directly added after IP address #}
{# e.g. 192.0.2.10:3389 #}
{% set output = output + trns_port %}
{% endif %}
-
{% if comment %}
{% set output = output + " comment \"" + comment + "\"" %}
{% endif %}
-
{{ log_output if log_output }}
{{ output }}
-
{# Special handling if protocol is tcp_udp, we must repeat the entire rule with udp as protocol #}
-{% if rule.protocol == "tcp_udp" %}
+{% if config.protocol == "tcp_udp" %}
{# Beware of trailing whitespace, without it the comment tcp_udp will be changed to udp_udp #}
{{ log_output | replace("tcp ", "udp ") if log_output }}
{{ output | replace("tcp ", "udp ") }}
{% endif %}
{% endmacro %}
+# Start with clean NAT table
+flush table nat
+{% if helper_functions == 'remove' %}
+{# NAT if going to be disabled - remove rules and targets from nftables #}
+{% set base_command = "delete rule ip raw" %}
+{{ base_command }} PREROUTING handle {{ pre_ct_ignore }}
+{{ base_command }} OUTPUT handle {{ out_ct_ignore }}
+{{ base_command }} PREROUTING handle {{ pre_ct_conntrack }}
+{{ base_command }} OUTPUT handle {{ out_ct_conntrack }}
+
+delete chain ip raw NAT_CONNTRACK
+
+{% elif helper_functions == 'add' %}
+{# NAT if enabled - add targets to nftables #}
+add chain ip raw NAT_CONNTRACK
+add rule ip raw NAT_CONNTRACK counter accept
+{% set base_command = "add rule ip raw" %}
+{{ base_command }} PREROUTING position {{ pre_ct_ignore }} counter jump VYATTA_CT_HELPER
+{{ base_command }} OUTPUT position {{ out_ct_ignore }} counter jump VYATTA_CT_HELPER
+{{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK
+{{ base_command }} OUTPUT position {{ out_ct_conntrack }} counter jump NAT_CONNTRACK
+{% endif %}
+
#
# Destination NAT rules build up here
#
-{% for rule in destination if not rule.disabled -%}
-{{ nat_rule(rule, 'PREROUTING') }}
-{% endfor %}
+{% if destination is defined and destination.rule is defined and destination.rule is not none %}
+{% for rule, config in destination.rule.items() if config.disable is not defined %}
+{{ nat_rule(rule, config, 'PREROUTING') }}
+{% endfor %}
+{% endif %}
#
# Source NAT rules build up here
#
-{% for rule in source if not rule.disabled -%}
-{{ nat_rule(rule, 'POSTROUTING') }}
-{% endfor %}
+{% if source is defined and source.rule is defined and source.rule is not none %}
+{% for rule, config in source.rule.items() if config.disable is not defined %}
+{{ nat_rule(rule, config, 'POSTROUTING') }}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/frr/bfd.frr.tmpl b/data/templates/frr/bfd.frr.tmpl
index 7df4bfd01..95a29e06a 100644
--- a/data/templates/frr/bfd.frr.tmpl
+++ b/data/templates/frr/bfd.frr.tmpl
@@ -1,10 +1,10 @@
!
bfd
-{% for peer in old_peers -%}
+{% for peer in old_peers %}
no peer {{ peer.remote }}{% if peer.multihop %} multihop{% endif %}{% if peer.src_addr %} local-address {{ peer.src_addr }}{% endif %}{% if peer.src_if %} interface {{ peer.src_if }}{% endif %}
-{% endfor -%}
+{% endfor %}
!
-{% for peer in new_peers -%}
+{% for peer in new_peers %}
peer {{ peer.remote }}{% if peer.multihop %} multihop{% endif %}{% if peer.src_addr %} local-address {{ peer.src_addr }}{% endif %}{% if peer.src_if %} interface {{ peer.src_if }}{% endif %}
detect-multiplier {{ peer.multiplier }}
receive-interval {{ peer.rx_interval }}
@@ -12,5 +12,5 @@ bfd
{% if peer.echo_mode %}echo-mode{% endif %}
{% if peer.echo_interval != '' %}echo-interval {{ peer.echo_interval }}{% endif %}
{% if not peer.shutdown %}no {% endif %}shutdown
-{% endfor -%}
+{% endfor %}
!
diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl
index d0857ac2c..86e1aa366 100644
--- a/data/templates/frr/bgp.frr.tmpl
+++ b/data/templates/frr/bgp.frr.tmpl
@@ -1,1016 +1,287 @@
-{% set conf_bgp = nbgp -%}
-{% for asn in nbgp -%}
-!
-router bgp {{ asn }}
- no bgp default ipv4-unicast
-
-{#- set 'conf_bgp[asn].parameters' as bgp_params #}
-{%- set bgp_params = conf_bgp[asn].parameters %}
-{%- set bgp_afi = conf_bgp[asn].address_family %}
-
-{#- START Global ASN address-family section; set protocol bgp xxx address-family #}
-{%- if 'address_family' in conf_bgp[asn] %}
-{%- for type in bgp_afi %}
-{%- if type == "ipv4_unicast" %}
+{### MACRO definition for recurring peer patter, this can be either fed by a ###}
+{### peer-group or an individual BGP neighbor ###}
+{% macro bgp_neighbor(neighbor, config, peer_group=false) %}
+{% if peer_group == true %}
+ neighbor {{ neighbor }} peer-group
+{% elif config.peer_group is defined and config.peer_group is not none %}
+ neighbor {{ neighbor }} peer-group {{ config.peer_group }}
+{% endif %}
+{% if config.remote_as is defined and config.remote_as is not none %}
+ neighbor {{ neighbor }} remote-as {{ config.remote_as }}
+{% endif %}
+{% if config.bfd is defined %}
+ neighbor {{ neighbor }} bfd
+{% endif %}
+{% if config.capability is defined and config.capability is not none %}
+{% if config.capability.dynamic is defined %}
+ neighbor {{ neighbor }} capability dynamic
+{% endif %}
+{% if config.capability.extended_nexthop is defined %}
+ neighbor {{ neighbor }} capability extended-nexthop
+{% endif %}
+{% endif %}
+{% if config.description is defined and config.description is not none %}
+ neighbor {{ neighbor }} description {{ config.description }}
+{% endif %}
+{% if config.disable_capability_negotiation is defined %}
+ neighbor {{ neighbor }} disable-capability-negotiation
+{% endif %}
+{% if config.ebgp_multihop is defined and config.ebgp_multihop is not none %}
+ neighbor {{ neighbor }} ebgp-multihop {{ config.ebgp_multihop }}
+{% endif %}
+{% if config.local_as is defined and config.local_as is not none %}
+{% for local_asn in config.local_as %}
+ neighbor {{ neighbor }} local-as {{ local_asn }} {{ 'no-prepend' if config.local_as[local_asn].no_prepend is defined }}
+{% endfor %}
+{% endif %}
+{% if config.override_capability is defined %}
+ neighbor {{ neighbor }} override-capability
+{% endif %}
+{% if config.passive is defined %}
+ neighbor {{ neighbor }} passive
+{% endif %}
+{% if config.password is defined and config.password is not none %}
+ neighbor {{ neighbor }} password {{ config.password }}
+{% endif %}
+{% if config.shutdown is defined %}
+ neighbor {{ neighbor }} shutdown
+{% endif %}
+{% if config.ttl_security is defined and config.ttl_security.hops is defined and config.ttl_security.hops is not none %}
+ neighbor {{ neighbor }} ttl-security hops {{ config.ttl_security.hops }}
+{% endif %}
+{% if config.update_source is defined and config.update_source is not none %}
+ neighbor {{ neighbor }} update-source {{ config.update_source }}
+{% endif %}
!
+{% if config.address_family is defined and config.address_family is not none %}
+{% for af in config.address_family %}
+{% if af == 'ipv4_unicast' %}
address-family ipv4 unicast
-{%- if 'aggregate_address' in bgp_afi[type] %}
-{%- for ip in bgp_afi[type].aggregate_address %}
-{%- if ( ('as_set' in bgp_afi[type].aggregate_address[ip]) and ('summary_only' in bgp_afi[type].aggregate_address[ip] ) ) %}
- aggregate-address {{ ip }} as-set summary-only
-{%- elif 'as_set' in bgp_afi[type].aggregate_address[ip] %}
- aggregate-address {{ ip }} as-set
-{%- elif 'summary_only' in bgp_afi[type].aggregate_address[ip] %}
- aggregate-address {{ ip }} summary-only
-{%- else %}
- aggregate-address {{ ip }}
-{%- endif %}
-{%- endfor %}
-{%- endif %}
-{#- END aggregate address ipv4 #}
-
-{#- redistribute afi ipv4 #}
-{%- if 'redistribute' in bgp_afi[type] %}
-{%- for protocol in bgp_afi[type].redistribute %}
-{%- if ( ('route_map' in bgp_afi[type].redistribute[protocol]) and ('metric' in bgp_afi[type].redistribute[protocol] ) ) %}
- redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}}
-{%- elif 'metric' in bgp_afi[type].redistribute[protocol] %}
- redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}}
-{%- elif 'route_map' in bgp_afi[type].redistribute[protocol] %}
- redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}}
-{%- elif 'table' in bgp_afi[type].redistribute %}
- redistribute table {{bgp_afi[type].redistribute.table}}
-{%- else %}
- redistribute {{protocol}}
-{%- endif %}
-{%- endfor %}
-{%- endif %}
-{#- END redistribute #}
-
-{%- if 'network' in bgp_afi[type] %}
-{%- for net in bgp_afi[type].network %}
- network {{ net }}
-{%- endfor %}
-{%- endif %}
- exit-address-family
- !
-{%- endif %}
-
-{%- if type == "ipv6_unicast" %}
- !
+{% elif af == 'ipv6_unicast' %}
address-family ipv6 unicast
-{%- if 'aggregate_address' in bgp_afi[type] %}
-{%- for ip in bgp_afi[type].aggregate_address %}
-{%- if ( ('as_set' in bgp_afi[type].aggregate_address[ip]) and ('summary_only' in bgp_afi[type].aggregate_address[ip] ) ) %}
- aggregate-address {{ ip }} as-set summary-only
-{%- elif 'as_set' in bgp_afi[type].aggregate_address[ip] %}
- aggregate-address {{ ip }} as-set
-{%- elif 'summary_only' in bgp_afi[type].aggregate_address[ip] %}
- aggregate-address {{ ip }} summary-only
-{%- else %}
- aggregate-address {{ ip }}
-{%- endif %}
-{%- endfor %}
-{%- endif %}
-{#- END aggregate address ipv6 #}
-
-{#- redistribute afi ipv6 #}
-{%- if 'redistribute' in bgp_afi[type] %}
-{%- for protocol in bgp_afi[type].redistribute %}
-{%- if ( ('route_map' in bgp_afi[type].redistribute[protocol]) and ('metric' in bgp_afi[type].redistribute[protocol] ) ) %}
- redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}} route-map {{bgp_afi[type].redistribute[protocol].route_map}}
-{%- elif 'metric' in bgp_afi[type].redistribute[protocol] %}
- redistribute {{protocol}} metric {{bgp_afi[type].redistribute[protocol].metric}}
-{%- elif 'route_map' in bgp_afi[type].redistribute[protocol] %}
- redistribute {{protocol}} route-map {{bgp_afi[type].redistribute[protocol].route_map}}
-{%- elif 'table' in bgp_afi[type].redistribute %}
- redistribute table {{bgp_afi[type].redistribute.table}}
-{%- else %}
- redistribute {{protocol}}
-{%- endif %}
-{%- endfor %}
-{%- endif %}
-{#- END redistribute #}
-
-{%- if 'network' in bgp_afi[type] %}
-{%- for net in bgp_afi[type].network %}
- network {{ net }}
-{%- endfor %}
-{%- endif %}
+{% endif %}
+{% if config.address_family[af].allowas_in is defined and config.address_family[af].allowas_in is not none %}
+ neighbor {{ neighbor }} allowas-in {{ config.address_family[af].allowas_in.number if config.address_family[af].allowas_in.number is defined }}
+{% endif %}
+{% if config.address_family[af].remove_private_as is defined %}
+ neighbor {{ neighbor }} remove-private-AS
+{% endif %}
+{% if config.address_family[af].route_reflector_client is defined %}
+ neighbor {{ neighbor }} route-reflector-client
+{% endif %}
+{% if config.address_family[af].weight is defined and config.address_family[af].weight is not none %}
+ neighbor {{ neighbor }} weight {{ config.address_family[af].weight }}
+{% endif %}
+{% if config.address_family[af].attribute_unchanged is defined and config.address_family[af].attribute_unchanged is not none %}
+ neighbor {{ neighbor }} attribute-unchanged {{ 'as-path ' if config.address_family[af].attribute_unchanged.as_path is defined }}{{ 'med ' if config.address_family[af].attribute_unchanged.med is defined }}{{ 'next-hop ' if config.address_family[af].attribute_unchanged.next_hop is defined }}
+{% endif %}
+{% if config.address_family[af].capability is defined and config.address_family[af].capability.orf is defined and config.address_family[af].capability.orf.prefix_list is defined and config.address_family[af].capability.orf.prefix_list is not none %}
+ neighbor {{ neighbor }} capability orf prefix-list {{ config.address_family[af].capability.orf.prefix_list }}
+{% endif %}
+{% if config.address_family[af].default_originate is defined %}
+ neighbor {{ neighbor }} default-originate {{ 'route-map ' + config.address_family[af].default_originate.route_map if config.address_family[af].default_originate.route_map is defined }}
+{% endif %}
+{% if config.address_family[af].distribute_list is defined and config.address_family[af].distribute_list is not none %}
+{% if config.address_family[af].distribute_list.export is defined and config.address_family[af].distribute_list.export is not none %}
+ neighbor {{ neighbor }} distribute-list {{ config.address_family[af].distribute_list.export }} out
+{% elif config.address_family[af].distribute_list.import is defined and config.address_family[af].distribute_list.import is not none %}
+ neighbor {{ neighbor }} distribute-list {{ config.address_family[af].distribute_list.export }} in
+{% endif %}
+{% endif %}
+{% if config.address_family[af].filter_list is defined and config.address_family[af].filter_list is not none %}
+{% if config.address_family[af].filter_list.export is defined and config.address_family[af].filter_list.export is not none %}
+ neighbor {{ neighbor }} filter-list {{ config.address_family[af].filter_list.export }} out
+{% elif config.address_family[af].filter_list.import is defined and config.address_family[af].filter_list.import is not none %}
+ neighbor {{ neighbor }} filter-list {{ config.address_family[af].filter_list.import }} in
+{% endif %}
+{% endif %}
+{% if config.address_family[af].maximum_prefix is defined and config.address_family[af].maximum_prefix is not none %}
+ neighbor {{ neighbor }} maximum-prefix {{ config.address_family[af].maximum_prefix }}
+{% endif %}
+{% if config.address_family[af].nexthop_self is defined %}
+{# https://phabricator.vyos.net/T1817 #}
+ neighbor {{ neighbor }} next-hop-self {{ 'force' if config.address_family[af].nexthop_self.force is defined }}
+{% endif %}
+{% if config.address_family[af].route_server_client is defined %}
+ neighbor {{ neighbor }} route-server-client
+{% endif %}
+{% if config.address_family[af].route_map is defined and config.address_family[af].route_map is not none %}
+{% if config.address_family[af].route_map.export is defined and config.address_family[af].route_map.export is not none %}
+ neighbor {{ neighbor }} route-map {{ config.address_family[af].route_map.export }} out
+{% elif config.address_family[af].route_map.import is defined and config.address_family[af].route_map.import is not none %}
+ neighbor {{ neighbor }} route-map {{ config.address_family[af].route_map.import }} in
+{% endif %}
+{% endif %}
+{% if config.address_family[af].prefix_list is defined and config.address_family[af].prefix_list is not none %}
+{% if config.address_family[af].prefix_list.export is defined and config.address_family[af].prefix_list.export is not none %}
+ neighbor {{ neighbor }} route-map {{ config.address_family[af].prefix_list.export }} out
+{% elif config.address_family[af].prefix_list.import is defined and config.address_family[af].prefix_list.import is not none %}
+ neighbor {{ neighbor }} route-map {{ config.address_family[af].prefix_list.export }} in
+{% endif %}
+{% endif %}
+{% if config.address_family[af].soft_reconfiguration is defined and config.address_family[af].soft_reconfiguration.inbound is defined %}
+ neighbor {{ neighbor }} soft-reconfiguration inbound
+{% endif %}
+{% if config.address_family[af].unsuppress_map is defined and config.address_family[af].unsuppress_map is not none %}
+ neighbor {{ neighbor }} unsuppress-map {{ config.address_family[af].unsuppress_map }}
+{% endif %}
+ neighbor {{ neighbor }} activate
exit-address-family
+ !
+{% endfor %}
+{% endif %}
+{% endmacro %}
!
-{%- endif %}
-{%- endfor %}
-{%- endif %}
-{#- END Global ASN address-family section; set protocols bgp 65001 address-family #}
-
-{#- set protocols nbgp xxxx maximum-paths ibgp x, Generated by default for afi_4 #}
-{#- We don't have this parameter in afi_6. But this is supported in the FRR #}
-{%- if 'maximum_paths' in conf_bgp[asn] %}
-{%- if 'ebgp' in conf_bgp[asn].maximum_paths %}
+router bgp {{ asn }}
+ no bgp default ipv4-unicast
+{% if address_family is defined and address_family is not none %}
+{% for af in address_family %}
!
+{% if af == 'ipv4_unicast' %}
address-family ipv4 unicast
- maximum-paths {{ conf_bgp[asn].maximum_paths.ebgp }}
+{% elif af == 'ipv6_unicast' %}
+ address-family ipv6 unicast
+{% endif %}
+{% if address_family[af].aggregate_address is defined and address_family[af].aggregate_address is not none %}
+{% for ip in address_family[af].aggregate_address %}
+ aggregate-address {{ ip }}{{ ' as-set' if address_family[af].aggregate_address[ip].as_set is defined }}{{ ' summary-only' if address_family[af].aggregate_address[ip].summary_only is defined }}
+{% endfor %}
+{% endif %}
+{% if address_family[af].redistribute is defined and address_family[af].redistribute is not none %}
+{% for protocol in address_family[af].redistribute %}
+{% if protocol == 'table' %}
+ redistribute table {{ address_family[af].redistribute[protocol].table }}
+{% else %}
+ redistribute {{ protocol }}{% if address_family[af].redistribute[protocol].metric is defined %} metric {{ address_family[af].redistribute[protocol].metric }}{% endif %}{% if address_family[af].redistribute[protocol].route_map is defined %} route-map {{ address_family[af].redistribute[protocol].route_map }}{% endif %}
+{####### we need this blank line!! #######}
+
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if address_family[af].network is defined and address_family[af].network is not none %}
+{% for network in address_family[af].network %}
+ network {{ network }}{% if address_family[af].network[network].route_map is defined %} route-map {{ address_family[af].network[network].route_map }}{% endif %}{% if address_family[af].network[network].backdoor is defined %} backdoor{% endif %}
+{####### we need this blank line!! #######}
+
+{% endfor %}
+{% endif %}
exit-address-family
+{% endfor %}
+{% endif %}
!
-{%- endif %}
-{%- if 'ibgp' in conf_bgp[asn].maximum_paths %}
+{# set protocols bgp xxxx maximum-paths ibgp x, Generated by default for afi_4 #}
+{# We don't have this parameter in afi_6. But this is supported in FRR #}
+{% if maximum_paths is defined and maximum_paths is not none %}
+{% if maximum_paths.ebgp is defined and maximum_paths.ebgp is not none %}
!
address-family ipv4 unicast
- maximum-paths ibgp {{ conf_bgp[asn].maximum_paths.ibgp }}
+ maximum-paths {{ maximum_paths.ebgp }}
exit-address-family
!
-{%- endif %}
-{%- endif %}
-
-{#- START peer-group; set protocol bgp xxx peer-group #}
-{%- if 'peer_group' in conf_bgp[asn] %}
-{%- for pr_group in conf_bgp[asn].peer_group %}
-{%- set conf_peer_group = conf_bgp[asn].peer_group[pr_group] %}
- neighbor {{pr_group}} peer-group
-
-{#- First parameter for peer-group - remote-as #}
-{%- if 'remote_as' in conf_peer_group %}
- neighbor {{ pr_group }} remote-as {{ conf_peer_group.remote_as }}
-{%- endif %}
-
-{%- if 'bfd' in conf_peer_group %}
- neighbor {{ pr_group }} bfd
-{%- endif %}
-
-{%- if 'capability' in conf_peer_group %}
-{%- if 'dynamic' in conf_peer_group.capability %}
- neighbor {{ pr_group }} capability dynamic
-{%- endif %}
-{%- if 'extended_nexthop' in conf_peer_group.capability %}
- neighbor {{ pr_group }} capability extended-nexthop
-{%- endif %}
-{%- endif %}
-
-{%- if 'description' in conf_peer_group %}
- neighbor {{ pr_group }} description {{ conf_peer_group.description }}
-{%- endif %}
-
-{%- if 'disable_capability_negotiation' in conf_peer_group %}
- neighbor {{ pr_group }} disable-capability-negotiation
-{%- endif %}
-
-{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #}
-{%- if 'disable_send_community' in conf_peer_group %}
- !
-{%- endif %}
-
-{%- if 'ebgp_multihop' in conf_peer_group %}
- neighbor {{ pr_group }} ebgp-multihop {{conf_peer_group.ebgp_multihop}}
-{%- endif %}
-
-{%- if 'local_as' in conf_peer_group %}
-{%- for loc_asn in conf_peer_group.local_as %}
-{%- if 'no_prepend' in conf_peer_group.local_as[loc_asn] %}
- neighbor {{ pr_group }} local-as {{loc_asn}} no-prepend
-{%- else %}
- neighbor {{ pr_group }} local-as {{loc_asn}}
-{%- endif %}
-{%- endfor %}
-{%- endif %}
-
-{%- if 'override_capability' in conf_peer_group %}
- neighbor {{ pr_group }} override-capability
-{%- endif %}
-
-{%- if 'passive' in conf_peer_group %}
- neighbor {{ pr_group }} passive
-{%- endif %}
-
-{%- if 'password' in conf_peer_group %}
- neighbor {{ pr_group }} password {{ conf_peer_group.password }}
-{%- endif %}
-
-{%- if 'shutdown' in conf_peer_group %}
- neighbor {{ pr_group }} shutdown
-{%- endif %}
-
-{%- if 'ttl_security' in conf_peer_group %}
-{%- if 'hops' in conf_peer_group.ttl_security %}
- neighbor {{ pr_group }} ttl-security hops {{conf_peer_group.ttl_security.hops}}
-{%- endif %}
-{%- endif %}
-
-{%- if 'update_source' in conf_peer_group %}
- neighbor {{ pr_group }} update-source {{ conf_peer_group.update_source }}
-{%- endif %}
-
-{#- START peer-group afi; set protocols bgp xxx peer-group FOO address-family #}
-{%- if 'address_family' in conf_peer_group %}
-{%- for afi in conf_peer_group.address_family %}
-{%- if afi == "ipv4_unicast" %}
+{% endif %}
+{% if maximum_paths.ibgp is defined and maximum_paths.ibgp is not none %}
!
address-family ipv4 unicast
-
-{%- if 'allowas_in' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if 'number' in conf_peer_group.address_family.ipv4_unicast.allowas_in %}
- neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv4_unicast.allowas_in.number }}
-{%- else %}
- neighbor {{ pr_group }} allowas-in
-{%- endif %}
-{%- endif %}
-
-{#- START Single Params for peer-group; set protocols bgp xxx peer-group FOO address-family ipv4-unicast #}
-
-{%- if 'remove_private_as' in conf_peer_group.address_family.ipv4_unicast %}
- neighbor {{ pr_group }} remove-private-AS
-{%- endif %}
-
-{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv4_unicast %}
- neighbor {{ pr_group }} route-reflector-client
-{%- endif %}
-
-{%- if 'weight' in conf_peer_group.address_family.ipv4_unicast %}
- neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv4_unicast.weight }}
-{%- endif %}
-{#- END single params for peer-group #}
-
-{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if ( ('as_path' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) and ('med' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) ) %}
- neighbor {{ pr_group }} attribute-unchanged as-path med
-{%- elif ( ('as_path' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) and ('next_hop' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) ) %}
- neighbor {{ pr_group }} attribute-unchanged as-path next-hop
-{%- elif ( ('med' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) and ('next_hop' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged) ) %}
- neighbor {{ pr_group }} attribute-unchanged med next-hop
-{%- elif 'as_path' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged %}
- neighbor {{ pr_group }} attribute-unchanged as-path
-{%- elif 'med' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged %}
- neighbor {{ pr_group }} attribute-unchanged med
-{%- elif 'next_hop' in conf_peer_group.address_family.ipv4_unicast.attribute_unchanged %}
- neighbor {{ pr_group }} attribute-unchanged next-hop
-{%- else %}
- neighbor {{ pr_group }} attribute-unchanged as-path next-hop med
-{%- endif %}
-{%- endif %}
-{#- END attribute-unchanged #}
-
-{%- if 'capability' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if 'orf' in conf_peer_group.address_family.ipv4_unicast.capability %}
-{%- if 'receive' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %}
- neighbor {{ pr_group }} capability orf prefix-list receive
-{%- endif %}
-{%- if 'send' in conf_peer_group.address_family.ipv4_unicast.capability.orf.prefix_list %}
- neighbor {{ pr_group }} capability orf prefix-list send
-{%- endif %}
-{%- endif %}
-{%- endif %}
-
-{%- if 'default_originate' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if 'route_map' in conf_peer_group.address_family.ipv4_unicast.default_originate %}
- neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv4_unicast.default_originate.route_map }}
-{%- else %}
- neighbor {{ pr_group }} default-originate
-{%- endif %}
-{%- endif %}
-
-{%- if 'distribute_list' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.distribute_list %}
- neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.distribute_list %}
- neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv4_unicast.distribute_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'filter_list' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.filter_list %}
- neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.filter_list %}
- neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv4_unicast.filter_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv4_unicast %}
- neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv4_unicast.maximum_prefix }}
-{%- endif %}
-
-{#- https://phabricator.vyos.net/T1817 #}
-{%- if 'nexthop_self' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if 'force' in conf_peer_group.address_family.ipv4_unicast.nexthop_self %}
- neighbor {{ pr_group }} next-hop-self force
- neighbor {{ pr_group }} next-hop-self
-{%- else %}
- neighbor {{ pr_group }} next-hop-self
-{%- endif %}
-{%- endif %}
-
-{%- if 'route_server_client' in conf_peer_group.address_family.ipv4_unicast %}
- neighbor {{ pr_group }} route-server-client
-{%- endif %}
-
-{%- if 'route_map' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.route_map %}
- neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.route_map %}
- neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv4_unicast.route_map.import}} in
-{%- endif %}
-{%- endif %}
-{%- if 'prefix_list' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if 'export' in conf_peer_group.address_family.ipv4_unicast.prefix_list %}
- neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer_group.address_family.ipv4_unicast.prefix_list %}
- neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv4_unicast.prefix_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'soft_reconfiguration' in conf_peer_group.address_family.ipv4_unicast %}
-{%- if 'inbound' is defined %}
- neighbor {{ pr_group }} soft-reconfiguration inbound
-{%- endif %}
-{%- endif %}
-
-{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv4_unicast %}
- neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv4_unicast.unsuppress_map}}
-{%- endif %}
- neighbor {{ pr_group }} activate
+ maximum-paths ibgp {{ maximum_paths.ibgp }}
exit-address-family
!
-{%- endif %}
-
-{%- if afi == "ipv6_unicast" %}
+{% endif %}
+{% endif %}
!
- address-family ipv6 unicast
-
-{%- if 'allowas_in' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if 'number' in conf_peer_group.address_family.ipv6_unicast.allowas_in %}
- neighbor {{ pr_group }} allowas-in {{ conf_peer_group.address_family.ipv6_unicast.allowas_in.number }}
-{%- else %}
- neighbor {{ pr_group }} allowas-in
-{%- endif %}
-{%- endif %}
-
-{#- START Single Params for peer-group afi6; set protocols bgp xxx peer-group FOO address-family ipv6-unicast #}
-{%- if 'remove_private_as' in conf_peer_group.address_family.ipv6_unicast %}
- neighbor {{ pr_group }} remove-private-AS
-{%- endif %}
-
-{%- if 'route_reflector_client' in conf_peer_group.address_family.ipv6_unicast %}
- neighbor {{ pr_group }} route-reflector-client
-{%- endif %}
-
-{%- if 'weight' in conf_peer_group.address_family.ipv6_unicast %}
- neighbor {{ pr_group }} weight {{ conf_peer_group.address_family.ipv6_unicast.weight }}
-{%- endif %}
-{#- END single params for peer-group afi6 #}
-
-{%- if 'attribute_unchanged' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if ( ('as_path' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) and ('med' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) ) %}
- neighbor {{ pr_group }} attribute-unchanged as-path med
-{%- elif ( ('as_path' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) and ('next_hop' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) ) %}
- neighbor {{ pr_group }} attribute-unchanged as-path next-hop
-{%- elif ( ('med' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) and ('next_hop' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged) ) %}
- neighbor {{ pr_group }} attribute-unchanged med next-hop
-{%- elif 'as_path' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged %}
- neighbor {{ pr_group }} attribute-unchanged as-path
-{%- elif 'med' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged %}
- neighbor {{ pr_group }} attribute-unchanged med
-{%- elif 'next_hop' in conf_peer_group.address_family.ipv6_unicast.attribute_unchanged %}
- neighbor {{ pr_group }} attribute-unchanged next-hop
-{%- else %}
- neighbor {{ pr_group }} attribute-unchanged as-path next-hop med
-{%- endif %}
-{%- endif %}
-{#- END attribute-unchanged ipv6 #}
-
-{%- if 'capability' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if 'dynamic' in conf_peer_group.address_family.ipv6_unicast.capability %}
-{#- exit from afi ipv6 unicast because 'dynamic' its a global parameter for peer-group in afi6. Other checks are ongoing in afi6. Also related T3037 #}
- exit-address-family
- neighbor {{ pr_group }} capability dynamic
- address-family ipv6 unicast
-{%- endif %}
-{%- if 'orf' in conf_peer_group.address_family.ipv6_unicast.capability %}
-{%- if 'receive' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %}
- neighbor {{ pr_group }} capability orf prefix-list receive
-{%- endif %}
-{%- if 'send' in conf_peer_group.address_family.ipv6_unicast.capability.orf.prefix_list %}
- neighbor {{ pr_group }} capability orf prefix-list send
-{%- endif %}
-{%- endif %}
-{%- endif %}
-
-{%- if 'default_originate' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if 'route_map' in conf_peer_group.address_family.ipv6_unicast.default_originate %}
- neighbor {{ pr_group }} default-originate route-map {{ conf_peer_group.address_family.ipv6_unicast.default_originate.route_map }}
-{%- else %}
- neighbor {{ pr_group }} default-originate
-{%- endif %}
-{%- endif %}
-
-{%- if 'distribute_list' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.distribute_list %}
- neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.distribute_list %}
- neighbor {{ pr_group }} distribute-list {{conf_peer_group.address_family.ipv6_unicast.distribute_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'filter_list' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.filter_list %}
- neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.filter_list %}
- neighbor {{ pr_group }} filter-list {{conf_peer_group.address_family.ipv6_unicast.filter_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'maximum_prefix' in conf_peer_group.address_family.ipv6_unicast %}
- neighbor {{ pr_group }} maximum-prefix {{ conf_peer_group.address_family.ipv6_unicast.maximum_prefix }}
-{%- endif %}
-
-{#- https://phabricator.vyos.net/T1817 #}
-{%- if 'nexthop_self' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if 'force' in conf_peer_group.address_family.ipv6_unicast.nexthop_self %}
- neighbor {{ pr_group }} next-hop-self force
- neighbor {{ pr_group }} next-hop-self
-{%- else %}
- neighbor {{ pr_group }} next-hop-self
-{%- endif %}
-{%- endif %}
-
-{%- if 'route_server_client' in conf_peer_group.address_family.ipv6_unicast %}
- neighbor {{ pr_group }} route-server-client
-{%- endif %}
-
-{%- if 'route_map' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.route_map %}
- neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.route_map %}
- neighbor {{ pr_group }} route-map {{conf_peer_group.address_family.ipv6_unicast.route_map.import}} in
-{%- endif %}
-{%- endif %}
-{%- if 'prefix_list' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if 'export' in conf_peer_group.address_family.ipv6_unicast.prefix_list %}
- neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer_group.address_family.ipv6_unicast.prefix_list %}
- neighbor {{ pr_group }} prefix-list {{conf_peer_group.address_family.ipv6_unicast.prefix_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'soft_reconfiguration' in conf_peer_group.address_family.ipv6_unicast %}
-{%- if 'inbound' is defined %}
- neighbor {{ pr_group }} soft-reconfiguration inbound
-{%- endif %}
-{%- endif %}
-
-{%- if 'unsuppress_map' in conf_peer_group.address_family.ipv6_unicast %}
- neighbor {{ pr_group }} unsuppress-map {{conf_peer_group.address_family.ipv6_unicast.unsuppress_map}}
-{%- endif %}
- neighbor {{ pr_group }} activate
- exit-address-family
+{% if peer_group is defined and peer_group is not none %}
+{% for peer, config in peer_group.items() %}
+{{ bgp_neighbor(peer, config, true) }}
+{% endfor %}
+{% endif %}
!
-{%- endif %}
-
-{%- endfor %}
-{%- endif %}
-{#- END peer-group afi; set protocols bgp xxx peer-group FOO address-family #}
-
-{%- endfor %}
-{%- endif %}
-{#- END peer-group; set protocol bgp xxx peer-group #}
-
-{#- START peer section; set protocol bgp xxx neighbor #}
-{%- for peer in conf_bgp[asn].neighbor %}
-{#- set peer-group as conf_peer #}
-{%- set conf_peer = conf_bgp[asn].neighbor[peer] %}
-
-{#- First parameter for peer neighbor - remote-as #}
-{%- if 'remote_as' in conf_peer %}
- neighbor {{ peer }} remote-as {{ conf_peer.remote_as }}
-{%- endif %}
-
-{%- if 'advertisement_interval' in conf_peer %}
- neighbor {{ peer }} advertisement-interval {{ conf_peer.advertisement_interval }}
-{%- endif %}
-
-{%- if 'bfd' in conf_peer %}
-{%- if 'check_control_plane_failure' in conf_peer.bfd %}
- neighbor {{ peer }} bfd
- neighbor {{ peer }} bfd check-control-plane-failure
-{%- else %}
- neighbor {{ peer }} bfd
-{%- endif %}
-{%- endif %}
-
-{%- if 'capability' in conf_peer %}
-{%- if 'dynamic' in conf_peer.capability %}
- neighbor {{ peer }} capability dynamic
-{%- endif %}
-{%- if 'extended_nexthop' in conf_peer.capability %}
- neighbor {{ peer }} capability extended-nexthop
-{%- endif %}
-{%- endif %}
-
-{%- if 'disable_capability_negotiation' in conf_peer %}
- neighbor {{ peer }} disable-capability-negotiation
-{%- endif %}
-
-{#- https://phabricator.vyos.net/T2844. 'disable-send-community' only for afi #}
-{%- if 'disable_send_community' in conf_peer %}
+{% if neighbor is defined and neighbor is not none %}
+{% for n, config in neighbor.items() %}
+{{ bgp_neighbor(n, config) }}
+{% endfor %}
+{% endif %}
!
-{%- endif %}
-
-{%- if 'ebgp_multihop' in conf_peer %}
- neighbor {{ peer }} ebgp-multihop {{conf_peer.ebgp_multihop}}
-{%- endif %}
-
-{#- Need to check. 'Peer-group' needs to define before this section #}
-{%- if 'interface' in conf_peer %}
-{%- if 'peer_group' in conf_peer.interface %}
- neighbor {{ peer }} interface peer-group {{conf_peer.interface.peer_group}}
-{%- endif %}
-{%- if 'remote_as' in conf_peer.interface %}
- neighbor {{ peer }} interface remote-as {{conf_peer.interface.remote_as}}
-{%- endif %}
-{%- if 'v6only' in conf_peer.interface %}
-{%- if 'peer_group' in conf_peer.interface.v6only %}
- neighbor {{ peer }} peer-group {{conf_peer.interface.peer_group}}
-{%- endif %}
-{%- if 'remote_as' in conf_peer.interface.v6only %}
- neighbor {{ peer }} interface v6only remote-as {{conf_peer.interface.v6only.remote_as}}
-{%- endif %}
-{%- endif %}
-{%- endif %}
-
-{%- if 'local_as' in conf_peer %}
-{%- for loc_asn in conf_peer.local_as %}
-{%- if 'no_prepend' in conf_peer.local_as[loc_asn] %}
- neighbor {{ peer }} local-as {{loc_asn}} no-prepend
-{%- else %}
- neighbor {{ peer }} local-as {{loc_asn}}
-{%- endif %}
-{%- endfor %}
-{%- endif %}
-
-{%- if 'override_capability' in conf_peer %}
- neighbor {{ peer }} override-capability
-{%- endif %}
-
-{%- if 'passive' in conf_peer %}
- neighbor {{ peer }} passive
-{%- endif %}
-
-{%- if 'password' in conf_peer %}
- neighbor {{ peer }} password {{ conf_peer.password }}
-{%- endif %}
-
-{%- if 'peer_group' in conf_peer %}
- neighbor {{ peer }} peer-group {{ conf_peer.peer_group }}
-{%- endif %}
-
-{%- if 'port' in conf_peer %}
- neighbor {{ peer }} port {{ conf_peer.port }}
-{%- endif %}
-
-{%- if 'shutdown' in conf_peer %}
- neighbor {{ peer }} shutdown
-{%- endif %}
-
-{%- if 'strict_capability_match' in conf_peer %}
- neighbor {{ peer }} strict-capability-match
-{%- endif %}
-
-{#- set protocols bgp xxx neighbor x.x.x.x timers #}
-{%- if 'timers' in conf_peer %}
-{%- if ( ('connect' in conf_peer.timers) and ('holdtime' in conf_peer.timers) and ('keepalive' in conf_peer.timers ) ) %}
- neighbor {{ peer }} timers {{conf_peer.timers.keepalive}} {{conf_peer.timers.holdtime}}
- neighbor {{ peer }} timers connect {{conf_peer.timers.connect}}
-{%- elif ( ('holdtime' in conf_peer.timers) and ('keepalive' in conf_peer.timers ) ) %}
- neighbor {{ peer }} timers {{conf_peer.timers.keepalive}} {{conf_peer.timers.holdtime}}
-{%- elif 'connect' in conf_peer.timers %}
- neighbor {{ peer }} timers connect {{conf_peer.timers.connect}}
-{%- endif %}
-{%- endif %}
-
-{%- if 'ttl_security' in conf_peer %}
-{%- if 'hops' in conf_peer.ttl_security %}
- neighbor {{ peer }} ttl-security hops {{conf_peer.ttl_security.hops}}
-{%- endif %}
-{%- endif %}
-
-{%- if 'update_source' in conf_peer %}
- neighbor {{ peer }} update-source {{ conf_peer.update_source }}
-{%- endif %}
-
-{%- if 'description' in conf_peer %}
- neighbor {{ peer }} description {{ conf_peer.description }}
-{%- endif %}
-
-{#- START address family for peer; set protocols bgp xxx neighbor x.x.x.x address-family ipvX-unicast #}
-{%- if 'address_family' in conf_peer %}
-{%- for afi in conf_peer.address_family %}
-{%- if afi == "ipv4_unicast" %}
- !
- address-family ipv4 unicast
-
-{%- if 'allowas_in' in conf_peer.address_family.ipv4_unicast %}
-{%- if 'number' in conf_peer.address_family.ipv4_unicast.allowas_in %}
- neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv4_unicast.allowas_in.number }}
-{%- else %}
- neighbor {{ peer }} allowas-in
-{%- endif %}
-{%- endif %}
-
-{#- START Single Params for neighbor; #}
-{%- if 'as_override' in conf_peer.address_family.ipv4_unicast %}
- neighbor {{ peer }} as-override
-{%- endif %}
-
-{%- if 'remove_private_as' in conf_peer.address_family.ipv4_unicast %}
- neighbor {{ peer }} remove-private-AS
-{%- endif %}
-
-{%- if 'route_reflector_client' in conf_peer.address_family.ipv4_unicast %}
- neighbor {{ peer }} route-reflector-client
-{%- endif %}
-
-{%- if 'weight' in conf_peer.address_family.ipv4_unicast %}
- neighbor {{ peer }} weight {{ conf_peer.address_family.ipv4_unicast.weight }}
-{%- endif %}
-{#- END single params for neighbor #}
-
-{%- if 'attribute_unchanged' in conf_peer.address_family.ipv4_unicast %}
-{%- if ( ('as_path' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) and ('med' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) ) %}
- neighbor {{ peer }} attribute-unchanged as-path med
-{%- elif ( ('as_path' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) and ('next_hop' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) ) %}
- neighbor {{ peer }} attribute-unchanged as-path next-hop
-{%- elif ( ('med' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) and ('next_hop' in conf_peer.address_family.ipv4_unicast.attribute_unchanged) ) %}
- neighbor {{ peer }} attribute-unchanged med next-hop
-{%- elif 'as_path' in conf_peer.address_family.ipv4_unicast.attribute_unchanged %}
- neighbor {{ peer }} attribute-unchanged as-path
-{%- elif 'med' in conf_peer.address_family.ipv4_unicast.attribute_unchanged %}
- neighbor {{ peer }} attribute-unchanged med
-{%- elif 'next_hop' in conf_peer.address_family.ipv4_unicast.attribute_unchanged %}
- neighbor {{ peer }} attribute-unchanged next-hop
-{%- else %}
- neighbor {{ peer }} attribute-unchanged as-path next-hop med
-{%- endif %}
-{%- endif %}
-{#- END attribute-unchanged #}
-
-{%- if 'capability' in conf_peer.address_family.ipv4_unicast %}
-{%- if 'orf' in conf_peer.address_family.ipv4_unicast.capability %}
-{%- if 'receive' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %}
- neighbor {{ peer }} capability orf prefix-list receive
-{%- endif %}
-{%- if 'send' in conf_peer.address_family.ipv4_unicast.capability.orf.prefix_list %}
- neighbor {{ peer }} capability orf prefix-list send
-{%- endif %}
-{%- endif %}
-{%- endif %}
-
-{%- if 'default_originate' in conf_peer.address_family.ipv4_unicast %}
-{%- if 'route_map' in conf_peer.address_family.ipv4_unicast.default_originate %}
- neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv4_unicast.default_originate.route_map }}
-{%- else %}
- neighbor {{ peer }} default-originate
-{%- endif %}
-{%- endif %}
-
-{%- if 'distribute_list' in conf_peer.address_family.ipv4_unicast %}
-{%- if 'export' in conf_peer.address_family.ipv4_unicast.distribute_list %}
- neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer.address_family.ipv4_unicast.distribute_list %}
- neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv4_unicast.distribute_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'filter_list' in conf_peer.address_family.ipv4_unicast %}
-{%- if 'export' in conf_peer.address_family.ipv4_unicast.filter_list %}
- neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer.address_family.ipv4_unicast.filter_list %}
- neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv4_unicast.filter_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'maximum_prefix' in conf_peer.address_family.ipv4_unicast %}
- neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv4_unicast.maximum_prefix }}
-{%- endif %}
-
-{#- https://phabricator.vyos.net/T1817 #}
-{%- if 'nexthop_self' in conf_peer.address_family.ipv4_unicast %}
-{%- if 'force' in conf_peer.address_family.ipv4_unicast.nexthop_self %}
- neighbor {{ peer }} next-hop-self force
- neighbor {{ peer }} next-hop-self
-{%- else %}
- neighbor {{ peer }} next-hop-self
-{%- endif %}
-{%- endif %}
-
-{%- if 'route_server_client' in conf_peer.address_family.ipv4_unicast %}
- neighbor {{ peer }} route-server-client
-{%- endif %}
-
-{%- if 'route_map' in conf_peer.address_family.ipv4_unicast %}
-{%- if 'export' in conf_peer.address_family.ipv4_unicast.route_map %}
- neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer.address_family.ipv4_unicast.route_map %}
- neighbor {{ peer }} route-map {{conf_peer.address_family.ipv4_unicast.route_map.import}} in
-{%- endif %}
-{%- endif %}
-{%- if 'prefix_list' in conf_peer.address_family.ipv4_unicast %}
-{%- if 'export' in conf_peer.address_family.ipv4_unicast.prefix_list %}
- neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer.address_family.ipv4_unicast.prefix_list %}
- neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv4_unicast.prefix_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'soft_reconfiguration' in conf_peer.address_family.ipv4_unicast %}
-{%- if 'inbound' is defined %}
- neighbor {{ peer }} soft-reconfiguration inbound
-{%- endif %}
-{%- endif %}
-
-{%- if 'unsuppress_map' in conf_peer.address_family.ipv4_unicast %}
- neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv4_unicast.unsuppress_map}}
-{%- endif %}
- neighbor {{ peer }} activate
- exit-address-family
- !
-{%- endif %}
-
-{%- if afi == "ipv6_unicast" %}
- !
- address-family ipv6 unicast
-
-{%- if 'allowas_in' in conf_peer.address_family.ipv6_unicast %}
-{%- if 'number' in conf_peer.address_family.ipv6_unicast.allowas_in %}
- neighbor {{ peer }} allowas-in {{ conf_peer.address_family.ipv6_unicast.allowas_in.number }}
-{%- else %}
- neighbor {{ peer }} allowas-in
-{%- endif %}
-{%- endif %}
-
-{#- START Single Params for neighbor #}
-{%- if 'as_override' in conf_peer.address_family.ipv6_unicast %}
- neighbor {{ peer }} as-override
-{%- endif %}
-
-{%- if 'remove_private_as' in conf_peer.address_family.ipv6_unicast %}
- neighbor {{ peer }} remove-private-AS
-{%- endif %}
-
-{%- if 'route_reflector_client' in conf_peer.address_family.ipv6_unicast %}
- neighbor {{ peer }} route-reflector-client
-{%- endif %}
-
-{%- if 'weight' in conf_peer.address_family.ipv6_unicast %}
- neighbor {{ peer }} weight {{ conf_peer.address_family.ipv6_unicast.weight }}
-{%- endif %}
-{#- END single params for neighbor #}
-
-{%- if 'attribute_unchanged' in conf_peer.address_family.ipv6_unicast %}
-{%- if ( ('as_path' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) and ('med' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) ) %}
- neighbor {{ peer }} attribute-unchanged as-path med
-{%- elif ( ('as_path' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) and ('next_hop' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) ) %}
- neighbor {{ peer }} attribute-unchanged as-path next-hop
-{%- elif ( ('med' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) and ('next_hop' in conf_peer.address_family.ipv6_unicast.attribute_unchanged) ) %}
- neighbor {{ peer }} attribute-unchanged med next-hop
-{%- elif 'as_path' in conf_peer.address_family.ipv6_unicast.attribute_unchanged %}
- neighbor {{ peer }} attribute-unchanged as-path
-{%- elif 'med' in conf_peer.address_family.ipv6_unicast.attribute_unchanged %}
- neighbor {{ peer }} attribute-unchanged med
-{%- elif 'next_hop' in conf_peer.address_family.ipv6_unicast.attribute_unchanged %}
- neighbor {{ peer }} attribute-unchanged next-hop
-{%- else %}
- neighbor {{ peer }} attribute-unchanged as-path next-hop med
-{%- endif %}
-{%- endif %}
-{#- END attribute-unchanged #}
-
-{%- if 'capability' in conf_peer.address_family.ipv6_unicast %}
-{%- if 'orf' in conf_peer.address_family.ipv6_unicast.capability %}
-{%- if 'receive' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %}
- neighbor {{ peer }} capability orf prefix-list receive
-{%- endif %}
-{%- if 'send' in conf_peer.address_family.ipv6_unicast.capability.orf.prefix_list %}
- neighbor {{ peer }} capability orf prefix-list send
-{%- endif %}
-{%- endif %}
-{%- endif %}
-
-{%- if 'default_originate' in conf_peer.address_family.ipv6_unicast %}
-{%- if 'route_map' in conf_peer.address_family.ipv6_unicast.default_originate %}
- neighbor {{ peer }} default-originate route-map {{ conf_peer.address_family.ipv6_unicast.default_originate.route_map }}
-{%- else %}
- neighbor {{ peer }} default-originate
-{%- endif %}
-{%- endif %}
-
-{%- if 'distribute_list' in conf_peer.address_family.ipv6_unicast %}
-{%- if 'export' in conf_peer.address_family.ipv6_unicast.distribute_list %}
- neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer.address_family.ipv6_unicast.distribute_list %}
- neighbor {{ peer }} distribute-list {{conf_peer.address_family.ipv6_unicast.distribute_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'filter_list' in conf_peer.address_family.ipv6_unicast %}
-{%- if 'export' in conf_peer.address_family.ipv6_unicast.filter_list %}
- neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer.address_family.ipv6_unicast.filter_list %}
- neighbor {{ peer }} filter-list {{conf_peer.address_family.ipv6_unicast.filter_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'maximum_prefix' in conf_peer.address_family.ipv6_unicast %}
- neighbor {{ peer }} maximum-prefix {{ conf_peer.address_family.ipv6_unicast.maximum_prefix }}
-{%- endif %}
-
-{#- https://phabricator.vyos.net/T1817 #}
-{%- if 'nexthop_self' in conf_peer.address_family.ipv6_unicast %}
-{%- if 'force' in conf_peer.address_family.ipv6_unicast.nexthop_self %}
- neighbor {{ peer }} next-hop-self force
- neighbor {{ peer }} next-hop-self
-{%- else %}
- neighbor {{ peer }} next-hop-self
-{%- endif %}
-{%- endif %}
-
-{%- if 'route_server_client' in conf_peer.address_family.ipv6_unicast %}
- neighbor {{ peer }} route-server-client
-{%- endif %}
-
-{%- if 'route_map' in conf_peer.address_family.ipv6_unicast %}
-{%- if 'export' in conf_peer.address_family.ipv6_unicast.route_map %}
- neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer.address_family.ipv6_unicast.route_map %}
- neighbor {{ peer }} route-map {{conf_peer.address_family.ipv6_unicast.route_map.import}} in
-{%- endif %}
-{%- endif %}
-{%- if 'prefix_list' in conf_peer.address_family.ipv6_unicast %}
-{%- if 'export' in conf_peer.address_family.ipv6_unicast.prefix_list %}
- neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.export}} out
-{%- endif %}
-{%- if 'import' in conf_peer.address_family.ipv6_unicast.prefix_list %}
- neighbor {{ peer }} prefix-list {{conf_peer.address_family.ipv6_unicast.prefix_list.import}} in
-{%- endif %}
-{%- endif %}
-
-{%- if 'soft_reconfiguration' in conf_peer.address_family.ipv6_unicast %}
-{%- if 'inbound' is defined %}
- neighbor {{ peer }} soft-reconfiguration inbound
-{%- endif %}
-{%- endif %}
-
-{%- if 'unsuppress_map' in conf_peer.address_family.ipv6_unicast %}
- neighbor {{ peer }} unsuppress-map {{conf_peer.address_family.ipv6_unicast.unsuppress_map}}
-{%- endif %}
- neighbor {{ peer }} activate
- exit-address-family
- !
-{%- endif %}
-
-{%- endfor %}
-{%- endif %}
-{#- END address family for peer #}
-
-{%- endfor %}
-{#- END peer section; set protocols bgp xxx neighbor #}
-
-{#- START parameters section; set protocol bgp xxx parameters #}
-{%- if 'always_compare_med' in bgp_params %}
+{% if parameters is defined %}
+{% if parameters.always_compare_med is defined %}
bgp always-compare-med
-{%- endif %}
-
-{%- if 'bestpath' in bgp_params %}
-{%- if 'compare_routerid' in bgp_params.bestpath %}
+{% endif %}
+{% if parameters.bestpath is defined and parameters.bestpath is not none %}
+{% if parameters.bestpath.compare_routerid is defined %}
bgp bestpath compare-routerid
-{%- endif %}
-{%- if 'as_path' in bgp_params.bestpath %}
-{%- if 'confed' in bgp_params.bestpath.as_path %}
- bgp bestpath as-path confed
-{%- endif %}
-{%- if 'ignore' in bgp_params.bestpath.as_path %}
- bgp bestpath as-path ignore
-{%- endif %}
-{%- if 'multipath_relax' in bgp_params.bestpath.as_path %}
- bgp bestpath as-path multipath-relax
-{%- endif %}
-{%- endif %}
-{%- if 'med' in bgp_params.bestpath %}
-{%- if ( ('confed' in bgp_params.bestpath.med) and ('missing_as_worst' in bgp_params.bestpath.med ) ) %}
- bgp bestpath med confed missing-as-worst
-{%- elif 'confed' in bgp_params.bestpath.med %}
- bgp bestpath med confed
-{%- elif 'missing_as_worst' in bgp_params.bestpath.med %}
- bgp bestpath med missing-as-worst
-{%- endif%}
-{%- endif %}
-{%- endif %}
-
-{%- if 'cluster_id' in bgp_params %}
- bgp cluster-id {{ bgp_params.cluster_id }}
-{%- endif %}
-
-{%- if 'confederation' in bgp_params %}
-{%- if 'identifier' in bgp_params.confederation %}
- bgp confederation identifier {{ bgp_params.confederation.identifier }}
-{%- endif %}
-{%- if 'peers' in bgp_params.confederation %}
- bgp confederation peers {{ bgp_params.confederation.peers }}
-{%- endif %}
-{%- endif %}
-
-{#- Doesn't work in current FRR configuration; vtysh (bgp dampening 16 751 2001 61) #}
-{%- if 'dampening' in bgp_params %}
-{%- if ( ('half_life' in bgp_params.dampening) and ('max_suppress_time' in bgp_params.dampening) and ('re_use' in bgp_params.dampening) and ('start_suppress_time' in bgp_params.dampening ) ) %}
- bgp dampening {{ bgp_params.dampening.half_life }} {{ bgp_params.dampening.re_use }} {{ bgp_params.dampening.start_suppress_time }} {{ bgp_params.dampening.max_suppress_time }}
-{%- endif %}
-{%- endif %}
-
-{%- if 'default' in bgp_params %}
-{%- if 'local_pref' in bgp_params.default %}
- bgp default local-preference {{ bgp_params.default.local_pref }}
-{%- endif %}
-{#- We use this is parameter as default in template (5-th string) #}
-{%- if 'no_ipv4_unicast' in bgp_params.default %}
+{% endif %}
+{% if parameters.bestpath.as_path is defined and parameters.bestpath.as_path is not none %}
+{% for option in parameters.bestpath.as_path %}
+ bgp bestpath as-path {{ option|replace('_', '-') }}
+{% endfor %}
+{% endif %}
+{% if parameters.bestpath.med is defined and parameters.bestpath.med is not none %}
+ bgp bestpath med {{ 'confed' if parameters.bestpath.med.confed is defined }} {{ 'missing-as-worst' if parameters.bestpath.med.missing_as_worst is defined }}
+{% endif %}
+{% endif %}
+{% if parameters.cluster_id is defined and parameters.cluster_id is not none %}
+ bgp cluster-id {{ parameters.cluster_id }}
+{% endif %}
+{% if parameters.confederation is defined and parameters.confederation is not none %}
+{% if parameters.confederation.identifier is defined and parameters.confederation.identifier is not none %}
+ bgp confederation identifier {{ parameters.confederation.identifier }}
+{% endif %}
+{% if parameters.confederation.peers is defined and parameters.confederation.peers is not none %}
+ bgp confederation peers {{ parameters.confederation.peers }}
+{% endif %}
+{% endif %}
+{% if parameters.dampening is defined and parameters.dampening is defined and parameters.dampening.half_life is defined and parameters.dampening.half_life is not none %}
+{# Doesn't work in current FRR configuration; vtysh (bgp dampening 16 751 2001 61) #}
+ bgp dampening {{ parameters.dampening.half_life }} {{ parameters.dampening.re_use if parameters.dampening.re_use is defined }} {{ parameters.dampening.start_suppress_time if parameters.dampening.start_suppress_time is defined }} {{ parameters.dampening.max_suppress_time if parameters.dampening.max_suppress_time is defined }}
+{% endif %}
+{% if parameters.default is defined and parameters.default is not none %}
+{% if parameters.default.local_pref is defined and parameters.default.local_pref is not none %}
+ bgp default local-preference {{ parameters.default.local_pref }}
+{% endif %}
+{% if parameters.default.no_ipv4_unicast is defined %}
+{# We use this is parameter as default in template (5-th string) #}
no bgp default ipv4-unicast
-{%- endif %}
-{%- endif %}
-
-{%- if 'deterministic_med' in bgp_params %}
- bgp deterministic-med
-{%- endif %}
-
-{%- if 'distance' in bgp_params %}
-{%- if 'global' in bgp_params.distance %}
-{%- if ( ('external' in bgp_params.distance.global) and ('internal' in bgp_params.distance.global) and ('local' in bgp_params.distance.global ) ) %}
+{% endif %}
+{% endif %}
+{% if parameters.deterministic_med is defined %}
+ bgp deterministic-med
+{% endif %}
+{% if parameters.distance is defined and parameters.distance is not none %}
!
address-family ipv4 unicast
- distance bgp {{ bgp_params.distance.global.external }} {{ bgp_params.distance.global.internal }} {{ bgp_params.distance.global.local }}
+{% if parameters.distance.global is defined and parameters.distance.global.external is defined and parameters.distance.global.internal is defined and parameters.distance.global.local is defined %}
+ distance bgp {{ parameters.distance.global.external }} {{ parameters.distance.global.internal }} {{ parameters.distance.global.local }}
+{% endif %}
+{% if parameters.distance.prefix is defined and parameters.distance.prefix is not none %}
+{% for prefix in parameters.distance.prefix %}
+ distance {{ parameters.distance.prefix[prefix].distance }} {{ prefix }}
+{% endfor %}
+{% endif %}
exit-address-family
-!
-{%- endif %}
-{%- endif %}
-{%- if 'prefix' in bgp_params.distance %}
!
- address-family ipv4 unicast
-{%- for prfx in bgp_params.distance.prefix %}
- distance {{ bgp_params.distance.prefix[prfx].distance }} {{ prfx }}
-{%- endfor %}
- exit-address-family
-!
-{%- endif %}
-{%- endif %}
-
-{%- if 'graceful_restart' in bgp_params %}
-{%- if 'stalepath_time' in bgp_params.graceful_restart %}
- bgp graceful-restart stalepath-time {{ bgp_params.graceful_restart.stalepath_time }}
-{%- endif %}
-{%- endif %}
-
-{%- if 'log_neighbor_changes' in bgp_params %}
+{% endif %}
+{% if parameters.graceful_restart is defined %}
+ bgp graceful-restart {{ 'stalepath-time ' + parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is defined }}
+{% endif %}
+{% if parameters.log_neighbor_changes is defined %}
bgp log-neighbor-changes
-{%- endif %}
-
-{%- if 'network_import_check' in bgp_params %}
- bgp network import-check
-{%- endif %}
-
-{%- if 'no_client_to_client_reflection' in bgp_params %}
+{% endif %}
+{% if parameters.network_import_check is defined %}
+ bgp network import-check
+{% endif %}
+{% if parameters.no_client_to_client_reflection is defined %}
no bgp client-to-client reflection
-{%- endif %}
-
-{%- if 'no_fast_external_failover' in bgp_params %}
+{% endif %}
+{% if parameters.no_fast_external_failover is defined %}
no bgp fast-external-failover
-{%- endif %}
-
-{%- if 'router_id' in bgp_params %}
- bgp router-id {{ bgp_params.router_id }}
-{%- endif %}
-
-{#- END parameters; set protocols bgp xxx parameters #}
-
-{%- if 'timers' in conf_bgp[asn] %}
-{%- if ( ('holdtime' in conf_bgp[asn].timers) and ('keepalive' in conf_bgp[asn].timers ) ) %}
- timers bgp {{conf_bgp[asn].timers.keepalive}} {{conf_bgp[asn].timers.holdtime}}
-{%- endif %}
-{%- endif %}
-
-{%- if 'route_map' in conf_bgp[asn] %}
-!
-ip protocol bgp route-map {{conf_bgp[asn].route_map}}
-{%- endif %}
-!
-{%- endfor -%}
-{#- END asn; router bgp xxx #}
+{% endif %}
+{% if parameters.router_id is defined and parameters.router_id is not none %}
+ bgp router-id {{ parameters.router_id }}
+{% endif %}
+{% endif %}
+{% if timers is defined and timers.keepalive is defined and timers.holdtime is defined %}
+ timers bgp {{ timers.keepalive }} {{ timers.holdtime }}
+{% endif %}
+ !
+{% if route_map is defined and route_map is not none %}
+ ip protocol bgp route-map {{ route_map }}
+{% endif %}
+ !
diff --git a/data/templates/frr/igmp.frr.tmpl b/data/templates/frr/igmp.frr.tmpl
index de4696c1f..cdb7ee6cc 100644
--- a/data/templates/frr/igmp.frr.tmpl
+++ b/data/templates/frr/igmp.frr.tmpl
@@ -1,41 +1,41 @@
!
-{% for iface in old_ifaces -%}
+{% for iface in old_ifaces %}
interface {{ iface }}
-{% for group in old_ifaces[iface].gr_join -%}
-{% if old_ifaces[iface].gr_join[group] -%}
-{% for source in old_ifaces[iface].gr_join[group] -%}
+{% for group in old_ifaces[iface].gr_join %}
+{% if old_ifaces[iface].gr_join[group] %}
+{% for source in old_ifaces[iface].gr_join[group] %}
no ip igmp join {{ group }} {{ source }}
-{% endfor -%}
-{% else -%}
+{% endfor %}
+{% else %}
no ip igmp join {{ group }}
-{% endif -%}
-{% endfor -%}
+{% endif %}
+{% endfor %}
no ip igmp
!
-{% endfor -%}
-{% for iface in ifaces -%}
+{% endfor %}
+{% for iface in ifaces %}
interface {{ iface }}
-{% if ifaces[iface].version -%}
+{% if ifaces[iface].version %}
ip igmp version {{ ifaces[iface].version }}
-{% else -%}
+{% else %}
{# IGMP default version 3 #}
ip igmp
-{% endif -%}
-{% if ifaces[iface].query_interval -%}
+{% endif %}
+{% if ifaces[iface].query_interval %}
ip igmp query-interval {{ ifaces[iface].query_interval }}
-{% endif -%}
-{% if ifaces[iface].query_max_resp_time -%}
+{% endif %}
+{% if ifaces[iface].query_max_resp_time %}
ip igmp query-max-response-time {{ ifaces[iface].query_max_resp_time }}
-{% endif -%}
-{% for group in ifaces[iface].gr_join -%}
-{% if ifaces[iface].gr_join[group] -%}
-{% for source in ifaces[iface].gr_join[group] -%}
+{% endif %}
+{% for group in ifaces[iface].gr_join %}
+{% if ifaces[iface].gr_join[group] %}
+{% for source in ifaces[iface].gr_join[group] %}
ip igmp join {{ group }} {{ source }}
-{% endfor -%}
-{% else -%}
+{% endfor %}
+{% else %}
ip igmp join {{ group }}
-{% endif -%}
-{% endfor -%}
+{% endif %}
+{% endfor %}
!
-{% endfor -%}
+{% endfor %}
!
diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl
index 4b7e5c5ea..280df41eb 100644
--- a/data/templates/frr/ldpd.frr.tmpl
+++ b/data/templates/frr/ldpd.frr.tmpl
@@ -1,187 +1,120 @@
!
-{% if mpls_ldp -%}
+{% if ldp is defined %}
mpls ldp
-{% if old_router_id -%}
-no router-id {{ old_router_id }}
-{% endif -%}
-{% if router_id -%}
-router-id {{ router_id }}
-{% endif -%}
-{% if old_ldp.cisco_interop_tlv -%}
-no dual-stack cisco-interop
-{% endif -%}
-{% if ldp.cisco_interop_tlv -%}
+{% if ldp.router_id is defined %}
+router-id {{ ldp.router_id }}
+{% endif %}
+{% if ldp.parameters is defined %}
+{% if ldp.parameters.cisco_interop_tlv is defined %}
dual-stack cisco-interop
-{% endif -%}
-{% if old_ldp.transport_prefer_ipv4 -%}
-no dual-stack transport-connection prefer ipv4
-{% endif -%}
-{% if ldp.transport_prefer_ipv4 -%}
+{% endif %}
+{% if ldp.parameters.transport_prefer_ipv4 is defined%}
dual-stack transport-connection prefer ipv4
-{% endif -%}
-{% for neighbor_id in old_ldp.neighbors -%}
-no neighbor {{neighbor_id}} password {{old_ldp.neighbors[neighbor_id].password}}
-{% if 'ttl_security' is defined -%}
-{% if 'disable' in old_ldp.neighbors[neighbor_id].ttl_security %}
-no neighbor {{neighbor_id}} ttl-security disable
-{% else -%}
-no neighbor {{neighbor_id}} ttl-security hops {{old_ldp.neighbors[neighbor_id].ttl_security}}
-{% endif -%}
-{% endif -%}
-{% if 'session_holdtime' is defined -%}
-no neighbor {{neighbor_id}} session holdtime {{old_ldp.neighbors[neighbor_id].session_holdtime}}
-{% endif -%}
-{% endfor -%}
-{% for neighbor_id in ldp.neighbors -%}
-neighbor {{neighbor_id}} password {{ldp.neighbors[neighbor_id].password}}
-{% if 'ttl_security' is defined -%}
-{% if 'disable' in ldp.neighbors[neighbor_id].ttl_security %}
-neighbor {{neighbor_id}} ttl-security disable
-{% else -%}
-neighbor {{neighbor_id}} ttl-security hops {{ldp.neighbors[neighbor_id].ttl_security}}
-{% endif -%}
-{% endif -%}
-{% if 'session_holdtime' is defined -%}
-neighbor {{neighbor_id}} session holdtime {{ldp.neighbors[neighbor_id].session_holdtime}}
-{% endif -%}
-{% endfor -%}
+{% endif %}
+{% endif %}
+{% if ldp.neighbor is defined %}
+{% for neighbors in ldp.neighbor %}
+{% if ldp.neighbor[neighbors].password is defined %}
+neighbor {{neighbors}} password {{ldp.neighbor[neighbors].password}}
+{% endif %}
+{% if ldp.neighbor[neighbors].ttl_security is defined %}
+{% if 'disable' in ldp.neighbor[neighbors].ttl_security %}
+neighbor {{neighbors}} ttl-security disable
+{% else %}
+neighbor {{neighbors}} ttl-security hops {{ldp.neighbor[neighbors].ttl_security}}
+{% endif %}
+{% endif %}
+{% if ldp.neighbor[neighbors].session_holdtime is defined %}
+neighbor {{neighbors}} session holdtime {{ldp.neighbor[neighbors].session_holdtime}}
+{% endif %}
+{% endfor %}
+{% endif %}
!
+{% if ldp.discovery is defined %}
+{% if ldp.discovery.transport_ipv4_address is defined %}
address-family ipv4
label local allocate host-routes
-{% if old_ldp.export_ipv4_exp -%}
-no label local advertise explicit-null
-{% endif -%}
-{% if ldp.export_ipv4_exp -%}
+{% if ldp.discovery.transport_ipv4_address is defined %}
+discovery transport-address {{ ldp.discovery.transport_ipv4_address }}
+{% endif %}
+{% if ldp.discovery.hello_ipv4_holdtime is defined %}
+discovery hello holdtime {{ ldp.discovery.hello_ipv4_holdtime }}
+{% endif %}
+{% if ldp.discovery.hello_ipv4_interval is defined %}
+discovery hello interval {{ ldp.discovery.hello_ipv4_interval }}
+{% endif %}
+{% if ldp.discovery.session_ipv4_holdtime is defined %}
+session holdtime {{ ldp.discovery.session_ipv4_holdtime }}
+{% endif %}
+{% if ldp.export is defined %}
+{% if ldp.export.ipv4.explicit_null is defined %}
label local advertise explicit-null
-{% endif -%}
-{% if old_ldp.d_transp_ipv4 -%}
-no discovery transport-address {{ old_ldp.d_transp_ipv4 }}
-{% endif -%}
-{% if ldp.d_transp_ipv4 -%}
-discovery transport-address {{ ldp.d_transp_ipv4 }}
-{% endif -%}
-{% if old_ldp.hello_ipv4_holdtime -%}
-no discovery hello holdtime {{ old_ldp.hello_ipv4_holdtime }}
-{% endif -%}
-{% if ldp.hello_ipv4_holdtime -%}
-discovery hello holdtime {{ ldp.hello_ipv4_holdtime }}
-{% endif -%}
-{% if old_ldp.hello_ipv4_interval -%}
-no discovery hello interval {{ old_ldp.hello_ipv4_interval }}
-{% endif -%}
-{% if ldp.hello_ipv4_interval -%}
-discovery hello interval {{ ldp.hello_ipv4_interval }}
-{% endif -%}
-{% if old_ldp.ses_ipv4_hold -%}
-no session holdtime {{ old_ldp.ses_ipv4_hold }}
-{% endif -%}
-{% if ldp.ses_ipv4_hold -%}
-session holdtime {{ ldp.ses_ipv4_hold }}
-{% endif -%}
-{% if old_ldp.target_ipv4_enable -%}
-no discovery targeted-hello accept
-{% endif -%}
-{% if ldp.target_ipv4_enable -%}
+{% endif %}
+{% endif %}
+{% if ldp.targeted_neighbor is defined %}
+{% if ldp.targeted_neighbor.ipv4.enable is defined %}
discovery targeted-hello accept
-{% endif -%}
-{% if old_ldp.target_ipv4_hello_int -%}
-no discovery targeted-hello interval {{ old_ldp.target_ipv4_hello_int }}
-{% endif -%}
-{% if ldp.target_ipv4_hello_int -%}
-discovery targeted-hello interval {{ ldp.target_ipv4_hello_int }}
-{% endif -%}
-{% if old_ldp.target_ipv4_hello_hold -%}
-no discovery targeted-hello holdtime {{ old_ldp.target_ipv4_hello_hold }}
-{% endif -%}
-{% if ldp.target_ipv4_hello_hold -%}
-discovery targeted-hello holdtime {{ ldp.target_ipv4_hello_hold }}
-{% endif -%}
-{% for address in old_ldp.target_ipv4_addresses -%}
-no neighbor {{address}} targeted
-{% endfor -%}
-{% for address in ldp.target_ipv4_addresses -%}
-neighbor {{address}} targeted
-{% endfor -%}
-{% for interface in old_ldp.interfaces -%}
-no interface {{interface}}
-{% endfor -%}
-{% for interface in ldp.interfaces -%}
-interface {{interface}}
-{% endfor -%}
-!
-!
+{% endif %}
+{% if ldp.targeted_neighbor.ipv4.hello_holdtime is defined %}
+discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv4.hello_holdtime }}
+{% endif %}
+{% if ldp.targeted_neighbor.ipv4.hello_interval is defined %}
+discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv4.hello_interval }}
+{% endif %}
+{% for addresses in ldp.targeted_neighbor.ipv4.address %}
+neighbor {{addresses}} targeted
+{% endfor %}
+{% endif %}
+{% for interfaces in ldp.interface %}
+interface {{interfaces}}
+{% endfor %}
exit-address-family
+{% else %}
+no address-family ipv4
+{% endif %}
+{% endif %}
!
-{% if ldp.d_transp_ipv6 -%}
+{% if ldp.discovery is defined %}
+{% if ldp.discovery.transport_ipv6_address is defined %}
address-family ipv6
label local allocate host-routes
-{% if old_ldp.export_ipv6_exp -%}
-no label local advertise explicit-null
-{% endif -%}
-{% if ldp.export_ipv6_exp -%}
+{% if ldp.discovery.transport_ipv6_address is defined %}
+discovery transport-address {{ ldp.discovery.transport_ipv6_address }}
+{% endif %}
+{% if ldp.discovery.hello_ipv6_holdtime is defined %}
+discovery hello holdtime {{ ldp.discovery.hello_ipv6_holdtime }}
+{% endif %}
+{% if ldp.discovery.hello_ipv6_interval is defined %}
+discovery hello interval {{ ldp.discovery.hello_ipv6_interval }}
+{% endif %}
+{% if ldp.discovery.session_ipv6_holdtime is defined %}
+session holdtime {{ ldp.discovery.session_ipv6_holdtime }}
+{% endif %}
+{% if ldp.export is defined %}
+{% if ldp.export.ipv6.explicit_null is defined %}
label local advertise explicit-null
-{% endif -%}
-{% if old_ldp.ses_ipv6_hold -%}
-no session holdtime {{ old_ldp.ses_ipv6_hold }}
-{% endif -%}
-{% if ldp.ses_ipv6_hold -%}
-session holdtime {{ ldp.ses_ipv6_hold }}
-{% endif -%}
-{% if old_ldp.d_transp_ipv6 -%}
-no discovery transport-address {{ old_ldp.d_transp_ipv6 }}
-{% endif -%}
-{% if ldp.d_transp_ipv6 -%}
-discovery transport-address {{ ldp.d_transp_ipv6 }}
-{% endif -%}
-{% if old_ldp.hello_ipv6_holdtime -%}
-no discovery hello holdtime {{ old_ldp.hello_ipv6_holdtime }}
-{% endif -%}
-{% if ldp.hello_ipv6_holdtime -%}
-discovery hello holdtime {{ ldp.hello_ipv6_holdtime }}
-{% endif -%}
-{% if old_ldp.hello_ipv6_interval -%}
-no discovery hello interval {{ old_ldp.hello_ipv6_interval }}
-{% endif -%}
-{% if ldp.hello_ipv6_interval -%}
-discovery hello interval {{ ldp.hello_ipv6_interval }}
-{% endif -%}
-{% if old_ldp.target_ipv6_enable -%}
-no discovery targeted-hello accept
-{% endif -%}
-{% if ldp.target_ipv6_enable -%}
+{% endif %}
+{% endif %}
+{% if ldp.targeted_neighbor is defined %}
+{% if ldp.targeted_neighbor.ipv6.enable is defined %}
discovery targeted-hello accept
-{% endif -%}
-{% if old_ldp.target_ipv6_hello_int -%}
-no discovery targeted-hello interval {{ old_ldp.target_ipv6_hello_int }}
-{% endif -%}
-{% if ldp.target_ipv6_hello_int -%}
-discovery targeted-hello interval {{ ldp.target_ipv6_hello_int }}
-{% endif -%}
-{% if old_ldp.target_ipv6_hello_hold -%}
-no discovery targeted-hello holdtime {{ old_ldp.target_ipv6_hello_hold }}
-{% endif -%}
-{% if ldp.target_ipv6_hello_hold -%}
-discovery targeted-hello holdtime {{ ldp.target_ipv6_hello_hold }}
-{% endif -%}
-{% for address in old_ldp.target_ipv6_addresses -%}
-no neighbor {{address}} targeted
-{% endfor -%}
-{% for address in ldp.target_ipv6_addresses -%}
-neighbor {{address}} targeted
-{% endfor -%}
-{% for interface in old_ldp.interfaces -%}
-no interface {{interface}}
-{% endfor -%}
-{% for interface in ldp.interfaces -%}
-interface {{interface}}
-{% endfor -%}
-!
+{% endif %}
+{% if ldp.targeted_neighbor.ipv6.hello_holdtime is defined %}
+discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv6.hello_holdtime }}
+{% endif %}
+{% if ldp.targeted_neighbor.ipv6.hello_interval is defined %}
+discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv6.hello_interval }}
+{% endif %}
+{% for addresses in ldp.targeted_neighbor.ipv6.address %}
+neighbor {{addresses}} targeted
+{% endfor %}
+{% endif %}
+{% for interfaces in ldp.interface %}
+interface {{interfaces}}
+{% endfor %}
exit-address-family
-{% else -%}
+{% else %}
no address-family ipv6
-{% endif -%}
-!
-{% else -%}
-no mpls ldp
-{% endif -%}
-! \ No newline at end of file
+{% endif %}
+{% endif %}
+{% endif %}
diff --git a/data/templates/frr/pimd.frr.tmpl b/data/templates/frr/pimd.frr.tmpl
index 1d1532c60..a5b56223a 100644
--- a/data/templates/frr/pimd.frr.tmpl
+++ b/data/templates/frr/pimd.frr.tmpl
@@ -1,34 +1,34 @@
!
-{% for rp_addr in old_pim.rp -%}
-{% for group in old_pim.rp[rp_addr] -%}
+{% for rp_addr in old_pim.rp %}
+{% for group in old_pim.rp[rp_addr] %}
no ip pim rp {{ rp_addr }} {{ group }}
-{% endfor -%}
-{% endfor -%}
-{% if old_pim.rp_keep_alive -%}
+{% endfor %}
+{% endfor %}
+{% if old_pim.rp_keep_alive %}
no ip pim rp keep-alive-timer {{ old_pim.rp_keep_alive }}
-{% endif -%}
-{% for iface in old_pim.ifaces -%}
+{% endif %}
+{% for iface in old_pim.ifaces %}
interface {{ iface }}
no ip pim
!
-{% endfor -%}
-{% for iface in pim.ifaces -%}
+{% endfor %}
+{% for iface in pim.ifaces %}
interface {{ iface }}
ip pim
-{% if pim.ifaces[iface].dr_prio -%}
+{% if pim.ifaces[iface].dr_prio %}
ip pim drpriority {{ pim.ifaces[iface].dr_prio }}
-{% endif -%}
-{% if pim.ifaces[iface].hello -%}
+{% endif %}
+{% if pim.ifaces[iface].hello %}
ip pim hello {{ pim.ifaces[iface].hello }}
-{% endif -%}
+{% endif %}
!
-{% endfor -%}
-{% for rp_addr in pim.rp -%}
-{% for group in pim.rp[rp_addr] -%}
+{% endfor %}
+{% for rp_addr in pim.rp %}
+{% for group in pim.rp[rp_addr] %}
ip pim rp {{ rp_addr }} {{ group }}
-{% endfor -%}
-{% endfor -%}
-{% if pim.rp_keep_alive -%}
+{% endfor %}
+{% endfor %}
+{% if pim.rp_keep_alive %}
ip pim rp keep-alive-timer {{ pim.rp_keep_alive }}
-{% endif -%}
+{% endif %}
!
diff --git a/data/templates/frr/rip.frr.tmpl b/data/templates/frr/rip.frr.tmpl
index 60bc686bd..83df4e203 100644
--- a/data/templates/frr/rip.frr.tmpl
+++ b/data/templates/frr/rip.frr.tmpl
@@ -1,143 +1,143 @@
!
-{% if rip_conf -%}
+{% if rip_conf %}
router rip
-{% if old_default_distance -%}
+{% if old_default_distance %}
no distance {{old_default_distance}}
-{% endif -%}
-{% if default_distance -%}
+{% endif %}
+{% if default_distance %}
distance {{default_distance}}
-{% endif -%}
-{% if old_default_originate -%}
+{% endif %}
+{% if old_default_originate %}
no default-information originate
-{% endif -%}
-{% if default_originate -%}
+{% endif %}
+{% if default_originate %}
default-information originate
-{% endif -%}
-{% if old_rip.default_metric -%}
+{% endif %}
+{% if old_rip.default_metric %}
no default-metric {{old_rip.default_metric}}
-{% endif -%}
-{% if rip.default_metric -%}
+{% endif %}
+{% if rip.default_metric %}
default-metric {{rip.default_metric}}
-{% endif -%}
-{% for protocol in old_rip.redist -%}
-{% if old_rip.redist[protocol]['metric'] and old_rip.redist[protocol]['route_map'] -%}
+{% endif %}
+{% for protocol in old_rip.redist %}
+{% if old_rip.redist[protocol]['metric'] and old_rip.redist[protocol]['route_map'] %}
no redistribute {{protocol}} metric {{rip.redist[protocol]['metric']}} route-map {{rip.redist[protocol]['route_map']}}
-{% elif old_rip.redist[protocol]['metric'] -%}
+{% elif old_rip.redist[protocol]['metric'] %}
no redistribute {{protocol}} metric {{old_rip.redist[protocol]['metric']}}
-{% elif old_rip.redist[protocol]['route_map'] -%}
+{% elif old_rip.redist[protocol]['route_map'] %}
no redistribute {{protocol}} route-map {{old_rip.redist[protocol]['route_map']}}
-{% else -%}
+{% else %}
no redistribute {{protocol}}
-{% endif -%}
-{% endfor -%}
-{% for protocol in rip.redist -%}
-{% if rip.redist[protocol]['metric'] and rip.redist[protocol]['route_map'] -%}
+{% endif %}
+{% endfor %}
+{% for protocol in rip.redist %}
+{% if rip.redist[protocol]['metric'] and rip.redist[protocol]['route_map'] %}
redistribute {{protocol}} metric {{rip.redist[protocol]['metric']}} route-map {{rip.redist[protocol]['route_map']}}
-{% elif rip.redist[protocol]['metric'] -%}
+{% elif rip.redist[protocol]['metric'] %}
redistribute {{protocol}} metric {{rip.redist[protocol]['metric']}}
-{% elif rip.redist[protocol]['route_map'] -%}
+{% elif rip.redist[protocol]['route_map'] %}
redistribute {{protocol}} route-map {{rip.redist[protocol]['route_map']}}
-{% else -%}
+{% else %}
redistribute {{protocol}}
-{% endif -%}
-{% endfor -%}
-{% for iface in old_rip.distribute -%}
-{% if old_rip.distribute[iface].iface_access_list_in -%}
+{% endif %}
+{% endfor %}
+{% for iface in old_rip.distribute %}
+{% if old_rip.distribute[iface].iface_access_list_in %}
no distribute-list {{old_rip.distribute[iface].iface_access_list_in}} in {{iface}}
-{% endif -%}
-{% if old_rip.distribute[iface].iface_access_list_out -%}
+{% endif %}
+{% if old_rip.distribute[iface].iface_access_list_out %}
no distribute-list {{old_rip.distribute[iface].iface_access_list_out}} out {{iface}}
-{% endif -%}
-{% if old_rip.distribute[iface].iface_prefix_list_in -%}
+{% endif %}
+{% if old_rip.distribute[iface].iface_prefix_list_in %}
no distribute-list prefix {{old_rip.distribute[iface].iface_prefix_list_in}} in {{iface}}
-{% endif -%}
-{% if old_rip.distribute[iface].iface_prefix_list_out -%}
+{% endif %}
+{% if old_rip.distribute[iface].iface_prefix_list_out %}
no distribute-list prefix {{old_rip.distribute[iface].iface_prefix_list_out}} out {{iface}}
-{% endif -%}
-{% endfor -%}
-{% for iface in rip.distribute -%}
-{% if rip.distribute[iface].iface_access_list_in -%}
+{% endif %}
+{% endfor %}
+{% for iface in rip.distribute %}
+{% if rip.distribute[iface].iface_access_list_in %}
distribute-list {{rip.distribute[iface].iface_access_list_in}} in {{iface}}
-{% endif -%}
-{% if rip.distribute[iface].iface_access_list_out -%}
+{% endif %}
+{% if rip.distribute[iface].iface_access_list_out %}
distribute-list {{rip.distribute[iface].iface_access_list_out}} out {{iface}}
-{% endif -%}
-{% if rip.distribute[iface].iface_prefix_list_in -%}
+{% endif %}
+{% if rip.distribute[iface].iface_prefix_list_in %}
distribute-list prefix {{rip.distribute[iface].iface_prefix_list_in}} in {{iface}}
-{% endif -%}
-{% if rip.distribute[iface].iface_prefix_list_out -%}
+{% endif %}
+{% if rip.distribute[iface].iface_prefix_list_out %}
distribute-list prefix {{rip.distribute[iface].iface_prefix_list_out}} out {{iface}}
-{% endif -%}
-{% endfor -%}
-{% if old_rip.dist_acl_in -%}
+{% endif %}
+{% endfor %}
+{% if old_rip.dist_acl_in %}
no distribute-list {{old_rip.dist_acl_in}} in
-{% endif -%}
-{% if rip.dist_acl_in -%}
+{% endif %}
+{% if rip.dist_acl_in %}
distribute-list {{rip.dist_acl_in}} in
-{% endif -%}
-{% if old_rip.dist_acl_out -%}
+{% endif %}
+{% if old_rip.dist_acl_out %}
no distribute-list {{old_rip.dist_acl_out}} out
-{% endif -%}
-{% if rip.dist_acl_out -%}
+{% endif %}
+{% if rip.dist_acl_out %}
distribute-list {{rip.dist_acl_out}} out
-{% endif -%}
-{% if old_rip.dist_prfx_in -%}
+{% endif %}
+{% if old_rip.dist_prfx_in %}
no distribute-list prefix {{old_rip.dist_prfx_in}} in
-{% endif -%}
-{% if rip.dist_prfx_in -%}
+{% endif %}
+{% if rip.dist_prfx_in %}
distribute-list prefix {{rip.dist_prfx_in}} in
-{% endif -%}
-{% if old_rip.dist_prfx_out -%}
+{% endif %}
+{% if old_rip.dist_prfx_out %}
no distribute-list prefix {{old_rip.dist_prfx_out}} out
-{% endif -%}
-{% if rip.dist_prfx_out -%}
+{% endif %}
+{% if rip.dist_prfx_out %}
distribute-list prefix {{rip.dist_prfx_out}} out
-{% endif -%}
-{% for network in old_rip.networks -%}
+{% endif %}
+{% for network in old_rip.networks %}
no network {{network}}
-{% endfor -%}
-{% for network in rip.networks -%}
+{% endfor %}
+{% for network in rip.networks %}
network {{network}}
-{% endfor -%}
-{% for iface in old_rip.ifaces -%}
+{% endfor %}
+{% for iface in old_rip.ifaces %}
no network {{iface}}
-{% endfor -%}
-{% for iface in rip.ifaces -%}
+{% endfor %}
+{% for iface in rip.ifaces %}
network {{iface}}
-{% endfor -%}
-{% for neighbor in old_rip.neighbors -%}
+{% endfor %}
+{% for neighbor in old_rip.neighbors %}
no neighbor {{neighbor}}
-{% endfor -%}
-{% for neighbor in rip.neighbors -%}
+{% endfor %}
+{% for neighbor in rip.neighbors %}
neighbor {{neighbor}}
-{% endfor -%}
-{% for net in rip.net_distance -%}
-{% if rip.net_distance[net].access_list and rip.net_distance[net].distance -%}
+{% endfor %}
+{% for net in rip.net_distance %}
+{% if rip.net_distance[net].access_list and rip.net_distance[net].distance %}
distance {{rip.net_distance[net].distance}} {{net}} {{rip.net_distance[net].access_list}}
-{% else -%}
+{% else %}
distance {{rip.net_distance[net].distance}} {{net}}
-{% endif -%}
-{% endfor -%}
-{% for passive_iface in old_rip.passive_iface -%}
+{% endif %}
+{% endfor %}
+{% for passive_iface in old_rip.passive_iface %}
no passive-interface {{passive_iface}}
-{% endfor -%}
-{% for passive_iface in rip.passive_iface -%}
+{% endfor %}
+{% for passive_iface in rip.passive_iface %}
passive-interface {{passive_iface}}
-{% endfor -%}
-{% for route in old_rip.route -%}
+{% endfor %}
+{% for route in old_rip.route %}
no route {{route}}
-{% endfor -%}
-{% for route in rip.route -%}
+{% endfor %}
+{% for route in rip.route %}
route {{route}}
-{% endfor -%}
-{% if old_rip.timer_update or old_rip.timer_timeout or old_rip.timer_garbage -%}
+{% endfor %}
+{% if old_rip.timer_update or old_rip.timer_timeout or old_rip.timer_garbage %}
no timers basic
-{% endif -%}
-{% if rip.timer_update or rip.timer_timeout or rip.timer_garbage -%}
+{% endif %}
+{% if rip.timer_update or rip.timer_timeout or rip.timer_garbage %}
timers basic {{rip.timer_update}} {{rip.timer_timeout}} {{rip.timer_garbage}}
-{% endif -%}
+{% endif %}
!
-{% else -%}
+{% else %}
no router rip
!
-{% endif -%}
+{% endif %}
diff --git a/data/templates/frr/static_mcast.frr.tmpl b/data/templates/frr/static_mcast.frr.tmpl
index 86d619ab0..38635af32 100644
--- a/data/templates/frr/static_mcast.frr.tmpl
+++ b/data/templates/frr/static_mcast.frr.tmpl
@@ -1,20 +1,20 @@
!
-{% for route_gr in old_mroute -%}
-{% for nh in old_mroute[route_gr] -%}
-{% if old_mroute[route_gr][nh] -%}
+{% for route_gr in old_mroute %}
+{% for nh in old_mroute[route_gr] %}
+{% if old_mroute[route_gr][nh] %}
no ip mroute {{ route_gr }} {{ nh }} {{ old_mroute[route_gr][nh] }}
-{% else -%}
+{% else %}
no ip mroute {{ route_gr }} {{ nh }}
-{% endif -%}
-{% endfor -%}
-{% endfor -%}
-{% for route_gr in mroute -%}
-{% for nh in mroute[route_gr] -%}
-{% if mroute[route_gr][nh] -%}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% for route_gr in mroute %}
+{% for nh in mroute[route_gr] %}
+{% if mroute[route_gr][nh] %}
ip mroute {{ route_gr }} {{ nh }} {{ mroute[route_gr][nh] }}
-{% else -%}
+{% else %}
ip mroute {{ route_gr }} {{ nh }}
-{% endif -%}
-{% endfor -%}
-{% endfor -%}
+{% endif %}
+{% endfor %}
+{% endfor %}
!
diff --git a/data/templates/ids/fastnetmon.tmpl b/data/templates/ids/fastnetmon.tmpl
index 71a1b2bd7..1f6a1c808 100644
--- a/data/templates/ids/fastnetmon.tmpl
+++ b/data/templates/ids/fastnetmon.tmpl
@@ -27,34 +27,34 @@ enable_subnet_counters = off
{% if "mirror" in mode %}
mirror_afpacket = on
-{% endif -%}
+{% endif %}
{% if "in" in direction %}
process_incoming_traffic = on
-{% endif -%}
+{% endif %}
{% if "out" in direction %}
process_outgoing_traffic = on
-{% endif -%}
+{% endif %}
{% for th in threshold %}
{% if th == "fps" %}
ban_for_flows = on
threshold_flows = {{ threshold[th] }}
-{% endif -%}
+{% endif %}
{% if th == "mbps" %}
ban_for_bandwidth = on
threshold_mbps = {{ threshold[th] }}
-{% endif -%}
+{% endif %}
{% if th == "pps" %}
ban_for_pps = on
threshold_pps = {{ threshold[th] }}
-{% endif -%}
-{% endfor -%}
+{% endif %}
+{% endfor %}
{% if listen_interface %}
{% set value = listen_interface if listen_interface is string else listen_interface | join(',') %}
interfaces = {{ value }}
-{% endif -%}
+{% endif %}
{% if alert_script %}
notify_script_path = {{ alert_script }}
-{% endif -%}
+{% endif %}
diff --git a/data/templates/igmp-proxy/igmpproxy.conf.tmpl b/data/templates/igmp-proxy/igmpproxy.conf.tmpl
index c7fc5cef5..e3966def3 100644
--- a/data/templates/igmp-proxy/igmpproxy.conf.tmpl
+++ b/data/templates/igmp-proxy/igmpproxy.conf.tmpl
@@ -2,36 +2,39 @@
#
# autogenerated by igmp_proxy.py
#
-# The configuration file must define one upstream
-# interface, and one or more downstream interfaces.
+# The configuration file must define one upstream interface, and one or more
+# downstream interfaces.
#
-# If multicast traffic originates outside the
-# upstream subnet, the "altnet" option can be
-# used in order to define legal multicast sources.
-# (Se example...)
+# If multicast traffic originates outside the upstream subnet, the "altnet"
+# option can be used in order to define legal multicast sources.
#
-# The "quickleave" should be used to avoid saturation
-# of the upstream link. The option should only
-# be used if it's absolutely nessecary to
-# accurately imitate just one Client.
+# The "quickleave" should be used to avoid saturation of the upstream link. The
+# option should only be used if it's absolutely nessecary to accurately imitate
+# just one Client.
#
########################################################
-{% if not disable_quickleave -%}
+{% if disable_quickleave is not defined %}
quickleave
-{% endif -%}
+{% endif %}
+{% if interface is defined and interface is not none %}
+{% for iface, config in interface.items() %}
-{% for interface in interfaces %}
-# Configuration for {{ interface.name }} ({{ interface.role }} interface)
-{% if interface.role == 'disabled' -%}
-phyint {{ interface.name }} disabled
-{%- else -%}
-phyint {{ interface.name }} {{ interface.role }} ratelimit 0 threshold {{ interface.threshold }}
-{%- endif -%}
-{%- for subnet in interface.alt_subnet %}
+# Configuration for {{ iface }} ({{ config.role }} interface)
+{% if config.role == 'disabled' %}
+phyint {{ iface }} disabled
+{% else %}
+phyint {{ iface }} {{ config.role }} ratelimit 0 threshold {{ config.threshold }}
+{% endif %}
+{% if config.alt_subnet is defined and config.alt_subnet is not none %}
+{% for subnet in config.alt_subnet %}
altnet {{ subnet }}
-{%- endfor %}
-{%- for subnet in interface.whitelist %}
+{% endfor %}
+{% endif %}
+{% if config.whitelist is defined and config.whitelist is not none %}
+{% for subnet in config.whitelist %}
whitelist {{ subnet }}
-{%- endfor %}
-{% endfor %}
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/lldp/vyos.conf.tmpl b/data/templates/lldp/vyos.conf.tmpl
index e724f42c6..07bbaf604 100644
--- a/data/templates/lldp/vyos.conf.tmpl
+++ b/data/templates/lldp/vyos.conf.tmpl
@@ -2,19 +2,19 @@
configure system platform VyOS
configure system description "VyOS {{ options.description }}"
-{% if options.listen_on -%}
+{% if options.listen_on %}
configure system interface pattern "{{ ( options.listen_on | select('equalto','all') | map('replace','all','*') | list + options.listen_on | select('equalto','!all') | map('replace','!all','!*') | list + options.listen_on | reject('equalto','all') | reject('equalto','!all') | list ) | unique | join(",") }}"
-{%- endif %}
-{% if options.mgmt_addr -%}
+{% endif %}
+{% if options.mgmt_addr %}
configure system ip management pattern {{ options.mgmt_addr | join(",") }}
-{%- endif %}
-{%- for loc in location -%}
-{%- if loc.elin %}
+{% endif %}
+{% for loc in location %}
+{% if loc.elin %}
configure ports {{ loc.name }} med location elin "{{ loc.elin }}"
-{%- endif %}
-{%- if loc.coordinate_based %}
+{% endif %}
+{% if loc.coordinate_based %}
configure ports {{ loc.name }} med location coordinate {% if loc.coordinate_based.latitude %}latitude {{ loc.coordinate_based.latitude }}{% endif %} {% if loc.coordinate_based.longitude %}longitude {{ loc.coordinate_based.longitude }}{% endif %} {% if loc.coordinate_based.altitude %}altitude {{ loc.coordinate_based.altitude }} m{% endif %} {% if loc.coordinate_based.datum %}datum {{ loc.coordinate_based.datum }}{% endif %}
-{%- endif %}
+{% endif %}
{% endfor %}
diff --git a/data/templates/netflow/uacctd.conf.tmpl b/data/templates/netflow/uacctd.conf.tmpl
index d8615566f..fdf96e7c3 100644
--- a/data/templates/netflow/uacctd.conf.tmpl
+++ b/data/templates/netflow/uacctd.conf.tmpl
@@ -8,62 +8,62 @@ snaplen: {{ snaplen }}
aggregate: in_iface,src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows
plugin_pipe_size: {{ templatecfg['plugin_pipe_size'] }}
plugin_buffer_size: {{ templatecfg['plugin_buffer_size'] }}
-{%- if templatecfg['syslog-facility'] != none %}
+{% if templatecfg['syslog-facility'] != none %}
syslog: {{ templatecfg['syslog-facility'] }}
-{%- endif %}
-{%- if templatecfg['disable-imt'] == none %}
+{% endif %}
+{% if templatecfg['disable-imt'] == none %}
imt_path: /tmp/uacctd.pipe
imt_mem_pools_number: 169
-{%- endif %}
+{% endif %}
plugins:
-{%- if templatecfg['netflow']['servers'] != none -%}
+{% if templatecfg['netflow']['servers'] != none %}
{% for server in templatecfg['netflow']['servers'] %}
- {%- if loop.last -%}nfprobe[nf_{{ server['address'] }}]{%- else %}nfprobe[nf_{{ server['address'] }}],{%- endif %}
- {%- endfor -%}
+ {% if loop.last %}nfprobe[nf_{{ server['address'] }}]{% else %}nfprobe[nf_{{ server['address'] }}],{% endif %}
+ {% endfor %}
{% set plugins_presented = true %}
-{%- endif %}
-{%- if templatecfg['sflow']['servers'] != none -%}
- {% if plugins_presented -%}
- {%- for server in templatecfg['sflow']['servers'] -%}
+{% endif %}
+{% if templatecfg['sflow']['servers'] != none %}
+ {% if plugins_presented %}
+ {% for server in templatecfg['sflow']['servers'] %}
,sfprobe[sf_{{ server['address'] }}]
- {%- endfor %}
- {%- else %}
- {%- for server in templatecfg['sflow']['servers'] %}
- {%- if loop.last -%}sfprobe[sf_{{ server['address'] }}]{%- else %}sfprobe[sf_{{ server['address'] }}],{%- endif %}
- {%- endfor %}
- {%- endif -%}
+ {% endfor %}
+ {% else %}
+ {% for server in templatecfg['sflow']['servers'] %}
+ {% if loop.last %}sfprobe[sf_{{ server['address'] }}]{% else %}sfprobe[sf_{{ server['address'] }}],{% endif %}
+ {% endfor %}
+ {% endif %}
{% set plugins_presented = true %}
-{%- endif %}
-{%- if templatecfg['disable-imt'] == none %}
- {%- if plugins_presented -%},memory{%- else %}memory{%- endif %}
-{%- endif %}
-{%- if templatecfg['netflow']['servers'] != none %}
-{%- for server in templatecfg['netflow']['servers'] %}
+{% endif %}
+{% if templatecfg['disable-imt'] == none %}
+ {% if plugins_presented %},memory{% else %}memory{% endif %}
+{% endif %}
+{% if templatecfg['netflow']['servers'] != none %}
+{% for server in templatecfg['netflow']['servers'] %}
nfprobe_receiver[nf_{{ server['address'] }}]: {{ server['address'] }}:{{ server['port'] }}
nfprobe_version[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['version'] }}
-{%- if templatecfg['netflow']['engine-id'] != none %}
+{% if templatecfg['netflow']['engine-id'] != none %}
nfprobe_engine[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['engine-id'] }}
-{%- endif %}
-{%- if templatecfg['netflow']['max-flows'] != none %}
+{% endif %}
+{% if templatecfg['netflow']['max-flows'] != none %}
nfprobe_maxflows[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['max-flows'] }}
-{%- endif %}
-{%- if templatecfg['netflow']['sampling-rate'] != none %}
+{% endif %}
+{% if templatecfg['netflow']['sampling-rate'] != none %}
sampling_rate[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['sampling-rate'] }}
-{%- endif %}
-{%- if templatecfg['netflow']['source-ip'] != none %}
+{% endif %}
+{% if templatecfg['netflow']['source-ip'] != none %}
nfprobe_source_ip[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['source-ip'] }}
-{%- endif %}
-{%- if templatecfg['netflow']['timeout_string'] != '' %}
+{% endif %}
+{% if templatecfg['netflow']['timeout_string'] != '' %}
nfprobe_timeouts[nf_{{ server['address'] }}]: {{ templatecfg['netflow']['timeout_string'] }}
-{%- endif %}
-{%- endfor %}
-{%- endif %}
-{%- if templatecfg['sflow']['servers'] != none %}
-{%- for server in templatecfg['sflow']['servers'] %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if templatecfg['sflow']['servers'] != none %}
+{% for server in templatecfg['sflow']['servers'] %}
sfprobe_receiver[sf_{{ server['address'] }}]: {{ server['address'] }}:{{ server['port'] }}
sfprobe_agentip[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['agent-address'] }}
-{%- if templatecfg['sflow']['sampling-rate'] != none %}
+{% if templatecfg['sflow']['sampling-rate'] != none %}
sampling_rate[sf_{{ server['address'] }}]: {{ templatecfg['sflow']['sampling-rate'] }}
-{%- endif %}
-{%- endfor %}
+{% endif %}
+{% endfor %}
{% endif %}
diff --git a/data/templates/ntp/ntp.conf.tmpl b/data/templates/ntp/ntp.conf.tmpl
index bb0067bfb..3f319c89b 100644
--- a/data/templates/ntp/ntp.conf.tmpl
+++ b/data/templates/ntp/ntp.conf.tmpl
@@ -13,13 +13,13 @@ restrict -6 ::1
#
# Configurable section
#
-{% if server %}
-{% for srv in server %}
-{% set options = '' %}
-{% set options = options + 'noselect ' if server[srv].noselect is defined else '' %}
-{% set options = options + 'preempt ' if server[srv].preempt is defined else '' %}
-{% set options = options + 'prefer ' if server[srv].prefer is defined else '' %}
-server {{ srv | replace('_', '-') }} iburst {{ options }}
+{% if server is defined and server is not none %}
+{% for server, config in server.items() %}
+{% set association = 'server' %}
+{% if config.pool is defined %}
+{% set association = 'pool' %}
+{% endif %}
+{{ association }} {{ server | replace('_', '-') }} iburst {{ 'noselect' if config.noselect is defined }} {{ 'preempt' if config.preempt is defined }} {{ 'prefer' if config.prefer is defined }}
{% endfor %}
{% endif %}
diff --git a/data/templates/openvpn/auth.pw.tmpl b/data/templates/openvpn/auth.pw.tmpl
new file mode 100644
index 000000000..9b20c9742
--- /dev/null
+++ b/data/templates/openvpn/auth.pw.tmpl
@@ -0,0 +1,5 @@
+{# Autogenerated by interfaces-openvpn.py #}
+{% if authentication is defined and authentication is not none %}
+{{ authentication.username }}
+{{ authentication.password }}
+{% endif %}
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 1fdf6b848..a1daaa078 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -14,9 +14,9 @@ dev {{ ifname }}
persist-key
iproute /usr/libexec/vyos/system/unpriv-ip
{% if protocol == 'tcp-active' %}
-proto tcp6-client
+proto tcp-client
{% elif protocol == 'tcp-passive' %}
-proto tcp6-server
+proto tcp-server
{% else %}
proto udp
{% endif %}
@@ -52,13 +52,14 @@ push "redirect-gateway def1"
compress lzo
{% endif %}
-{% if 'client' in mode %}
+{% if mode == 'client' %}
#
# OpenVPN Client mode
#
client
nobind
-{% elif 'server' in mode %}
+
+{% elif mode == 'server' %}
#
# OpenVPN Server mode
#
@@ -94,7 +95,7 @@ max-clients {{ server.max_connections }}
client-config-dir /run/openvpn/ccd/{{ ifname }}
{% endif %}
{% endif %}
-keepalive {{ keep_alive.interval }} {{ keep_alive.failure_count }}
+keepalive {{ keep_alive.interval }} {{ keep_alive.interval|int * keep_alive.failure_count|int }}
management /run/openvpn/openvpn-mgmt-intf unix
{% if server is defined and server is not none %}
{% if server.reject_unconfigured_clients is defined %}
@@ -129,6 +130,7 @@ push "route-ipv6 {{ route6 }}"
push "dhcp-option DNS6 {{ ns6 }}"
{% endfor %}
{% endif %}
+
{% else %}
#
# OpenVPN site-2-site mode
@@ -136,19 +138,24 @@ push "dhcp-option DNS6 {{ ns6 }}"
ping {{ keep_alive.interval }}
ping-restart {{ keep_alive.failure_count }}
-{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %}
-{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %}
+{% if device_type == 'tap' %}
+{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %}
+{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %}
ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }}
-{% else %}
-{% for raddr in remote_address %}
-{% if raddr | is_ipv4 %}
+{% endif %}
+{% endfor %}
+{% else %}
+{% for laddr in local_address if laddr | is_ipv4 %}
+{% for raddr in remote_address if raddr | is_ipv4 %}
ifconfig {{ laddr }} {{ raddr }}
-{% else %}
+{% endfor %}
+{% endfor %}
+{% for laddr in local_address if laddr | is_ipv6 %}
+{% for raddr in remote_address if raddr | is_ipv6 %}
ifconfig-ipv6 {{ laddr }} {{ raddr }}
-{% endif %}
{% endfor %}
-{% endif %}
-{% endfor %}
+{% endfor %}
+{% endif %}
{% endif %}
{% if tls is defined and tls is not none %}
diff --git a/data/templates/pppoe/ip-pre-up.script.tmpl b/data/templates/pppoe/ip-pre-up.script.tmpl
index cf85ed067..a54e4e9bd 100644
--- a/data/templates/pppoe/ip-pre-up.script.tmpl
+++ b/data/templates/pppoe/ip-pre-up.script.tmpl
@@ -12,7 +12,7 @@ logger -t pppd[$DIALER_PID] "executing $0"
echo "{{ description }}" > /sys/class/net/{{ ifname }}/ifalias
-{% if vrf -%}
+{% if vrf %}
logger -t pppd[$DIALER_PID] "configuring dialer interface $6 for VRF {{ vrf }}"
ip link set dev {{ ifname }} master {{ vrf }}
{% endif %}
diff --git a/data/templates/pppoe/ip-up.script.tmpl b/data/templates/pppoe/ip-up.script.tmpl
index 568e21c4e..302756960 100644
--- a/data/templates/pppoe/ip-up.script.tmpl
+++ b/data/templates/pppoe/ip-up.script.tmpl
@@ -11,7 +11,7 @@ fi
DIALER_PID=$(cat /var/run/{{ ifname }}.pid)
logger -t pppd[$DIALER_PID] "executing $0"
-{% if default_route != 'none' -%}
+{% if default_route != 'none' %}
# See https://phabricator.vyos.net/T2248 & T2220. Determine if we are enslaved
# to a VRF, this is needed to properly insert the default route.
@@ -28,14 +28,14 @@ if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then
VRF_NAME="vrf ${VRF}"
fi
-{% if default_route == 'auto' -%}
+{% if default_route == 'auto' %}
# Only insert a new default route if there is no default route configured
routes=$(vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep 0.0.0.0/0 | wc -l)
if [ "$routes" -ne 0 ]; then
exit 1
fi
-{% elif default_route == 'force' -%}
+{% elif default_route == 'force' %}
# Retrieve current static default routes and remove it from the routing table
vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep 0.0.0.0/0 | while read route ; do
vtysh -c "conf t" ${VTY_OPT} -c "no ${route} ${VRF_NAME}"
diff --git a/data/templates/pppoe/ipv6-up.script.tmpl b/data/templates/pppoe/ipv6-up.script.tmpl
index d0a62478c..ed6102d6c 100644
--- a/data/templates/pppoe/ipv6-up.script.tmpl
+++ b/data/templates/pppoe/ipv6-up.script.tmpl
@@ -7,7 +7,7 @@ if [ "$6" != "{{ ifname }}" ]; then
exit
fi
-{% if ipv6 is defined and ipv6.address is defined and ipv6.address.autoconf is defined -%}
+{% if ipv6 is defined and ipv6.address is defined and ipv6.address.autoconf is defined %}
# add some info to syslog
DIALER_PID=$(cat /var/run/{{ ifname }}.pid)
logger -t pppd[$DIALER_PID] "executing $0"
@@ -45,7 +45,7 @@ echo 1 > /proc/sys/net/ipv6/conf/{{ ifname }}/autoconf
systemctl start dhcp6c@{{ ifname }}.service
{% endif %}
-{% if default_route != 'none' -%}
+{% if default_route != 'none' %}
# See https://phabricator.vyos.net/T2248 & T2220. Determine if we are enslaved
# to a VRF, this is needed to properly insert the default route.
@@ -62,14 +62,14 @@ if [ -d /sys/class/net/{{ ifname }}/upper_* ]; then
VRF_NAME="vrf ${VRF}"
fi
-{% if default_route == 'auto' -%}
+{% if default_route == 'auto' %}
# Only insert a new default route if there is no default route configured
routes=$(vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep ::/0 | wc -l)
if [ "$routes" -ne 0 ]; then
exit 1
fi
-{% elif default_route == 'force' -%}
+{% elif default_route == 'force' %}
# Retrieve current static default routes and remove it from the routing table
vtysh -c "show running-config" | sed -n "/${SED_OPT}/,/!/p" | grep ::/0 | while read route ; do
vtysh -c "conf t" ${VTY_OPT} -c "no ${route} ${VRF_NAME}"
diff --git a/data/templates/pppoe/peer.tmpl b/data/templates/pppoe/peer.tmpl
index e909843a5..dd4272a98 100644
--- a/data/templates/pppoe/peer.tmpl
+++ b/data/templates/pppoe/peer.tmpl
@@ -53,12 +53,12 @@ mru {{ mtu }}
{{ "usepeerdns" if no_peer_dns is not defined }}
-{% if ipv6 is defined and ipv6.enable is defined -%}
+{% if ipv6 is defined and ipv6.enable is defined %}
+ipv6
ipv6cp-use-ipaddr
{% endif %}
-{% if service_name is defined -%}
+{% if service_name is defined %}
rp_pppoe_service "{{ service_name }}"
{% endif %}
@@ -67,9 +67,9 @@ demand
# See T2249. PPP default route options should only be set when in on-demand
# mode. As soon as we are not in on-demand mode the default-route handling is
# passed to the ip-up.d/ip-down.s scripts which is required for VRF support.
-{% if 'auto' in default_route -%}
+{% if 'auto' in default_route %}
defaultroute
-{% elif 'force' in default_route -%}
+{% elif 'force' in default_route %}
defaultroute
replacedefaultroute
{% endif %}
diff --git a/data/templates/router-advert/radvd.conf.tmpl b/data/templates/router-advert/radvd.conf.tmpl
index cebfc54b5..2fde78fec 100644
--- a/data/templates/router-advert/radvd.conf.tmpl
+++ b/data/templates/router-advert/radvd.conf.tmpl
@@ -43,5 +43,5 @@ interface {{ iface }} {
};
{% endif %}
};
-{% endfor -%}
+{% endfor %}
{% endif %}
diff --git a/data/templates/salt-minion/minion.tmpl b/data/templates/salt-minion/minion.tmpl
index 9369573a4..405fb9131 100644
--- a/data/templates/salt-minion/minion.tmpl
+++ b/data/templates/salt-minion/minion.tmpl
@@ -35,7 +35,7 @@ log_level: {{ log_level }}
# Set the location of the salt master server, if the master server cannot be
# resolved, then the minion will fail to start.
master:
-{% for host in master -%}
+{% for host in master %}
- {{ host }}
{% endfor %}
diff --git a/data/templates/snmp/usr.snmpd.conf.tmpl b/data/templates/snmp/usr.snmpd.conf.tmpl
index 9c0337fa8..e2c5ec102 100644
--- a/data/templates/snmp/usr.snmpd.conf.tmpl
+++ b/data/templates/snmp/usr.snmpd.conf.tmpl
@@ -1,6 +1,6 @@
### Autogenerated by snmp.py ###
-{%- for u in v3_users %}
+{% for u in v3_users %}
{{ u.mode }}user {{ u.name }}
-{%- endfor %}
+{% endfor %}
rwuser {{ vyos_user }}
diff --git a/data/templates/snmp/var.snmpd.conf.tmpl b/data/templates/snmp/var.snmpd.conf.tmpl
index 6cbc687ef..c779587df 100644
--- a/data/templates/snmp/var.snmpd.conf.tmpl
+++ b/data/templates/snmp/var.snmpd.conf.tmpl
@@ -1,14 +1,14 @@
### Autogenerated by snmp.py ###
# user
-{%- for u in v3_users %}
-{%- if u.authOID == 'none' %}
+{% for u in v3_users %}
+{% if u.authOID == 'none' %}
createUser {{ u.name }}
-{%- else %}
+{% else %}
usmUser 1 3 0x{{ v3_engineid }} "{{ u.name }}" "{{ u.name }}" NULL {{ u.authOID }} 0x{{ u.authMasterKey }} {{ u.privOID }} 0x{{ u.privMasterKey }} 0x
-{%- endif %}
-{%- endfor %}
+{% endif %}
+{% endfor %}
createUser {{ vyos_user }} MD5 "{{ vyos_user_pass }}" DES
-{%- if v3_engineid %}
+{% if v3_engineid %}
oldEngineID 0x{{ v3_engineid }}
-{%- endif %}
+{% endif %}
diff --git a/data/templates/syslog/rsyslog.conf.tmpl b/data/templates/syslog/rsyslog.conf.tmpl
index a610d132f..10fbb9d3c 100644
--- a/data/templates/syslog/rsyslog.conf.tmpl
+++ b/data/templates/syslog/rsyslog.conf.tmpl
@@ -1,14 +1,14 @@
## generated by syslog.py ##
## file based logging
-{% if files['global']['marker'] -%}
+{% if files['global']['marker'] %}
$ModLoad immark
{% if files['global']['marker-interval'] %}
$MarkMessagePeriod {{files['global']['marker-interval']}}
{% endif %}
-{% endif -%}
-{% if files['global']['preserver_fqdn'] -%}
+{% endif %}
+{% if files['global']['preserver_fqdn'] %}
$PreserveFQDN on
-{% endif -%}
+{% endif %}
{% for file in files %}
$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}}
{{files[file]['selectors']}} :omfile:${{file}}
diff --git a/data/templates/vrf/vrf.conf.tmpl b/data/templates/vrf/vrf.conf.tmpl
index 761b0bb6f..6d01d2b89 100644
--- a/data/templates/vrf/vrf.conf.tmpl
+++ b/data/templates/vrf/vrf.conf.tmpl
@@ -3,6 +3,6 @@
# Routing table ID to name mapping reference
# id vrf name comment
-{% for vrf in vrf_add -%}
+{% for vrf in vrf_add %}
{{ "%-10s" | format(vrf.table) }} {{ "%-16s" | format(vrf.name) }} # {{ vrf.description }}
-{% endfor -%}
+{% endfor %}
diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl
index 210621681..d51522e45 100644
--- a/data/templates/vrrp/keepalived.conf.tmpl
+++ b/data/templates/vrrp/keepalived.conf.tmpl
@@ -9,9 +9,9 @@ global_defs {
notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
}
-{% for group in groups -%}
+{% for group in groups %}
-{% if group.health_check_script -%}
+{% if group.health_check_script %}
vrrp_script healthcheck_{{ group.name }} {
script "{{ group.health_check_script }}"
interval {{ group.health_check_interval }}
@@ -22,9 +22,9 @@ vrrp_script healthcheck_{{ group.name }} {
{% endif %}
vrrp_instance {{ group.name }} {
- {% if group.description -%}
+ {% if group.description %}
# {{ group.description }}
- {% endif -%}
+ {% endif %}
state BACKUP
interface {{ group.interface }}
@@ -32,74 +32,74 @@ vrrp_instance {{ group.name }} {
priority {{ group.priority }}
advert_int {{ group.advertise_interval }}
- {% if group.preempt -%}
+ {% if group.preempt %}
preempt_delay {{ group.preempt_delay }}
- {% else -%}
+ {% else %}
nopreempt
- {% endif -%}
+ {% endif %}
- {% if group.peer_address -%}
+ {% if group.peer_address %}
unicast_peer { {{ group.peer_address }} }
- {% endif -%}
+ {% endif %}
- {% if group.hello_source -%}
- {%- if group.peer_address -%}
+ {% if group.hello_source %}
+ {% if group.peer_address %}
unicast_src_ip {{ group.hello_source }}
- {%- else -%}
+ {% else %}
mcast_src_ip {{ group.hello_source }}
- {%- endif %}
- {% endif -%}
+ {% endif %}
+ {% endif %}
- {% if group.use_vmac and group.peer_address -%}
+ {% if group.use_vmac and group.peer_address %}
use_vmac {{group.interface}}v{{group.vrid}}
vmac_xmit_base
- {% elif group.use_vmac -%}
+ {% elif group.use_vmac %}
use_vmac {{group.interface}}v{{group.vrid}}
- {% endif -%}
+ {% endif %}
- {% if group.auth_password -%}
+ {% if group.auth_password %}
authentication {
auth_pass "{{ group.auth_password }}"
auth_type {{ group.auth_type }}
}
- {% endif -%}
+ {% endif %}
virtual_ipaddress {
- {% for addr in group.virtual_addresses -%}
+ {% for addr in group.virtual_addresses %}
{{ addr }}
- {% endfor -%}
+ {% endfor %}
}
- {% if group.virtual_addresses_excluded -%}
+ {% if group.virtual_addresses_excluded %}
virtual_ipaddress_excluded {
- {% for addr in group.virtual_addresses_excluded -%}
+ {% for addr in group.virtual_addresses_excluded %}
{{ addr }}
- {% endfor -%}
+ {% endfor %}
}
- {% endif -%}
+ {% endif %}
- {% if group.health_check_script -%}
+ {% if group.health_check_script %}
track_script {
healthcheck_{{ group.name }}
}
- {% endif -%}
+ {% endif %}
}
-{% endfor -%}
+{% endfor %}
-{% for sync_group in sync_groups -%}
+{% for sync_group in sync_groups %}
vrrp_sync_group {{ sync_group.name }} {
group {
- {% for member in sync_group.members -%}
+ {% for member in sync_group.members %}
{{ member }}
- {% endfor -%}
+ {% endfor %}
}
- {% if sync_group.conntrack_sync -%}
+ {% if sync_group.conntrack_sync %}
notify_master "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh master {{ sync_group.name }}"
notify_backup "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh backup {{ sync_group.name }}"
notify_fault "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh fault {{ sync_group.name }}"
- {% endif -%}
+ {% endif %}
}
-{% endfor -%}
+{% endfor %}
diff --git a/data/templates/vyos-hostsd/hosts.tmpl b/data/templates/vyos-hostsd/hosts.tmpl
index 566f9a5dd..be8692104 100644
--- a/data/templates/vyos-hostsd/hosts.tmpl
+++ b/data/templates/vyos-hostsd/hosts.tmpl
@@ -12,15 +12,15 @@ ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
-{% if hosts -%}
+{% if hosts %}
# From 'system static-host-mapping' and DHCP server
-{%- for tag, taghosts in hosts.items() %}
+{% for tag, taghosts in hosts.items() %}
# {{ tag }}
-{%- for host, hostprops in taghosts.items() %}
-{%- if hostprops['address'] %}
+{% for host, hostprops in taghosts.items() %}
+{% if hostprops['address'] %}
{{ hostprops['address'] }} {{ host }}{% for a in hostprops['aliases'] %} {{ a }}{% endfor %}
-{%- endif %}
-{%- endfor %}
-{%- endfor %}
-{%- endif %}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endif %}
diff --git a/data/templates/vyos-hostsd/resolv.conf.tmpl b/data/templates/vyos-hostsd/resolv.conf.tmpl
index b920b2e5f..58a5f9312 100644
--- a/data/templates/vyos-hostsd/resolv.conf.tmpl
+++ b/data/templates/vyos-hostsd/resolv.conf.tmpl
@@ -1,26 +1,25 @@
### Autogenerated by VyOS ###
### Do not edit, your changes will get overwritten ###
-{#- the code below ensures the order of nameservers is determined first by #}
+{# the code below ensures the order of nameservers is determined first by #}
{# the order of tags, then by the order of nameservers within that tag #}
-{%- for tag in name_server_tags_system %}
-{%- if tag in name_servers %}
+{% for tag in name_server_tags_system %}
+{% if tag in name_servers %}
# {{ tag }}
-{%- for ns in name_servers[tag] %}
+{% for ns in name_servers[tag] %}
nameserver {{ ns }}
-{%- endfor %}
-{%- endif %}
-{%- endfor %}
+{% endfor %}
+{% endif %}
+{% endfor %}
-{%- if domain_name %}
+{% if domain_name %}
domain {{ domain_name }}
-{%- endif %}
+{% endif %}
{% for tag in name_server_tags_system %}
-{%- if tag in search_domains %}
+{% if tag in search_domains %}
# {{ tag }}
search {{ search_domains[tag]|join(' ') }}
-{%- endif %}
-{%- endfor %}
-
+{% endif %}
+{% endfor %}
diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl
index 16d9f7c98..e66e3472b 100644
--- a/data/templates/wifi/hostapd.conf.tmpl
+++ b/data/templates/wifi/hostapd.conf.tmpl
@@ -451,14 +451,6 @@ macaddr_acl=0
max_num_sta={{ max_stations }}
{% endif %}
-{% if wds is defined %}
-# WDS (4-address frame) mode with per-station virtual interfaces
-# (only supported with driver=nl80211)
-# This mode allows associated stations to use 4-address frames to allow layer 2
-# bridging to be used.
-wds_sta=1
-{% endif %}
-
{% if isolate_stations is defined %}
# Client isolation can be used to prevent low-level bridging of frames between
# associated stations in the BSS. By default, this bridging is allowed.
diff --git a/data/templates/wwan/ip-pre-up.script.tmpl b/data/templates/wwan/ip-pre-up.script.tmpl
index efc065bad..199150947 100644
--- a/data/templates/wwan/ip-pre-up.script.tmpl
+++ b/data/templates/wwan/ip-pre-up.script.tmpl
@@ -17,7 +17,7 @@ logger -t pppd[$DIALER_PID] "executing $0"
echo "{{ description }}" > /sys/class/net/{{ ifname }}/ifalias
-{% if vrf -%}
+{% if vrf %}
logger -t pppd[$DIALER_PID] "configuring interface {{ ifname }} for VRF {{ vrf }}"
ip link set dev {{ ifname }} master {{ vrf }}
{% endif %}