diff options
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/accel-ppp/pppoe.config.j2 | 6 | ||||
-rw-r--r-- | data/templates/dns-forwarding/recursor.conf.lua.j2 | 28 | ||||
-rw-r--r-- | data/templates/firewall/nftables-nat66.j2 | 24 | ||||
-rwxr-xr-x | data/templates/firewall/nftables.j2 | 8 | ||||
-rw-r--r-- | data/templates/router-advert/radvd.conf.j2 | 2 | ||||
-rw-r--r-- | data/templates/wifi/hostapd.conf.j2 | 12 |
6 files changed, 68 insertions, 12 deletions
diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2 index beab46936..cf952c687 100644 --- a/data/templates/accel-ppp/pppoe.config.j2 +++ b/data/templates/accel-ppp/pppoe.config.j2 @@ -70,6 +70,12 @@ vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }} {% if service_name %} service-name={{ service_name | join(',') }} {% endif %} +{% if accept_any_service is vyos_defined %} +accept-any-service=1 +{% endif %} +{% if accept_blank_service is vyos_defined %} +accept-blank-service=1 +{% endif %} {% if pado_delay %} {% set delay_without_sessions = pado_delay.delays_without_sessions[0] | default('0') %} {% set pado_delay_param = namespace(value=delay_without_sessions) %} diff --git a/data/templates/dns-forwarding/recursor.conf.lua.j2 b/data/templates/dns-forwarding/recursor.conf.lua.j2 index 8026442c7..622283ad8 100644 --- a/data/templates/dns-forwarding/recursor.conf.lua.j2 +++ b/data/templates/dns-forwarding/recursor.conf.lua.j2 @@ -6,3 +6,31 @@ dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua") -- Load lua from vyos-hostsd -- dofile("{{ config_dir }}/recursor.vyos-hostsd.conf.lua") + +-- ZoneToCache -- +{% if zone_cache is vyos_defined %} +{% set option_mapping = { + 'refresh': 'refreshPeriod', + 'retry_interval': 'retryOnErrorPeriod', + 'max_zone_size': 'maxReceivedMBytes' +} %} +{% for name, conf in zone_cache.items() %} +{% set source = conf.source.items() | first %} +{% set settings = [] %} +{% for key, val in conf.options.items() %} +{% set mapped_key = option_mapping.get(key, key) %} +{% if key == 'refresh' %} +{% set val = val['interval'] %} +{% endif %} +{% if key in ['dnssec', 'zonemd'] %} +{% set _ = settings.append(mapped_key ~ ' = "' ~ val ~ '"') %} +{% else %} +{% set _ = settings.append(mapped_key ~ ' = ' ~ val) %} +{% endif %} +{% endfor %} + +zoneToCache("{{ name }}", "{{ source[0] }}", "{{ source[1] }}", { {{ settings | join(', ') }} }) + +{% endfor %} + +{% endif %} diff --git a/data/templates/firewall/nftables-nat66.j2 b/data/templates/firewall/nftables-nat66.j2 index 67eb2c109..09b5b6ac2 100644 --- a/data/templates/firewall/nftables-nat66.j2 +++ b/data/templates/firewall/nftables-nat66.j2 @@ -1,8 +1,11 @@ #!/usr/sbin/nft -f +{% import 'firewall/nftables-defines.j2' as group_tmpl %} + {% if first_install is not vyos_defined %} delete table ip6 vyos_nat {% endif %} +{% if deleted is not vyos_defined %} table ip6 vyos_nat { # # Destination NAT66 rules build up here @@ -10,11 +13,11 @@ table ip6 vyos_nat { chain PREROUTING { type nat hook prerouting priority -100; policy accept; counter jump VYOS_DNPT_HOOK -{% if destination.rule is vyos_defined %} -{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %} - {{ config | nat_rule(rule, 'destination', ipv6=True) }} -{% endfor %} -{% endif %} +{% if destination.rule is vyos_defined %} +{% for rule, config in destination.rule.items() if config.disable is not vyos_defined %} + {{ config | nat_rule(rule, 'destination', ipv6=True) }} +{% endfor %} +{% endif %} } # @@ -23,11 +26,11 @@ table ip6 vyos_nat { chain POSTROUTING { type nat hook postrouting priority 100; policy accept; counter jump VYOS_SNPT_HOOK -{% if source.rule is vyos_defined %} -{% for rule, config in source.rule.items() if config.disable is not vyos_defined %} +{% if source.rule is vyos_defined %} +{% for rule, config in source.rule.items() if config.disable is not vyos_defined %} {{ config | nat_rule(rule, 'source', ipv6=True) }} -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} } chain VYOS_DNPT_HOOK { @@ -37,4 +40,7 @@ table ip6 vyos_nat { chain VYOS_SNPT_HOOK { return } + +{{ group_tmpl.groups(firewall_group, True, True) }} } +{% endif %} diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2 index 155b7f4d0..034328400 100755 --- a/data/templates/firewall/nftables.j2 +++ b/data/templates/firewall/nftables.j2 @@ -376,8 +376,14 @@ table bridge vyos_filter { {% if bridge.output is vyos_defined %} {% for prior, conf in bridge.output.items() %} - chain VYOS_OUTUT_{{ prior }} { + chain VYOS_OUTPUT_{{ prior }} { type filter hook output priority {{ prior }}; policy accept; +{% if global_options.apply_to_bridged_traffic is vyos_defined %} +{% if 'invalid_connections' in global_options.apply_to_bridged_traffic %} + ct state invalid udp sport 67 udp dport 68 counter accept + ct state invalid ether type arp counter accept +{% endif %} +{% endif %} {% if global_options.state_policy is vyos_defined %} jump VYOS_STATE_POLICY {% endif %} diff --git a/data/templates/router-advert/radvd.conf.j2 b/data/templates/router-advert/radvd.conf.j2 index 97180d164..a83bd03ac 100644 --- a/data/templates/router-advert/radvd.conf.j2 +++ b/data/templates/router-advert/radvd.conf.j2 @@ -19,7 +19,7 @@ interface {{ iface }} { {% if iface_config.reachable_time is vyos_defined %} AdvReachableTime {{ iface_config.reachable_time }}; {% endif %} - AdvIntervalOpt {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }}; + AdvIntervalOpt {{ 'off' if iface_config.no_send_interval is vyos_defined else 'on' }}; AdvSendAdvert {{ 'off' if iface_config.no_send_advert is vyos_defined else 'on' }}; {% if iface_config.default_lifetime is vyos_defined %} AdvDefaultLifetime {{ iface_config.default_lifetime }}; diff --git a/data/templates/wifi/hostapd.conf.j2 b/data/templates/wifi/hostapd.conf.j2 index 0459fbc69..5f3757216 100644 --- a/data/templates/wifi/hostapd.conf.j2 +++ b/data/templates/wifi/hostapd.conf.j2 @@ -46,7 +46,14 @@ hw_mode=a ieee80211h=1 ieee80211ac=1 {% elif mode is vyos_defined('ax') %} +{#{% if capabilities.ht is vyos_defined and capabilities.vht not vyos_defined %}#} +{% if capabilities.he.channel_set_width is vyos_defined('81') or capabilities.he.channel_set_width is vyos_defined('83') or capabilities.he.channel_set_width is vyos_defined('84') %} +{# This is almost certainly a 2.4GHz network #} +hw_mode=g +{% else %} +{# This is likely a 5GHz or 6GHz network #} hw_mode=a +{% endif %} ieee80211h=1 ieee80211ax=1 {% else %} @@ -202,7 +209,7 @@ require_he=1 {% else %} ieee80211n={{ '1' if 'n' in mode or 'ac' in mode or 'ax' in mode else '0' }} {% endif %} -{# HE (802.11ax 6GHz) #} +{# HE (802.11ax) #} {% if capabilities.he is vyos_defined and mode in 'ax' %} {# For now, hard-code power levels for indoor-only AP #} he_6ghz_reg_pwr_type=0 @@ -220,6 +227,9 @@ op_class={{ capabilities.he.channel_set_width }} {% if capabilities.he.bss_color is vyos_defined %} he_bss_color={{ capabilities.he.bss_color }} {% endif %} +{% if capabilities.he.coding_scheme is vyos_defined %} +he_basic_mcs_nss_set={{ capabilities.he.coding_scheme }} +{% endif %} he_6ghz_rx_ant_pat={{ '1' if capabilities.he.antenna_pattern_fixed is vyos_defined else '0' }} he_su_beamformer={{ '1' if capabilities.he.beamform.single_user_beamformer is vyos_defined else '0' }} he_su_beamformee={{ '1' if capabilities.he.beamform.single_user_beamformee is vyos_defined else '0' }} |