8 files changed, 47 insertions, 13 deletions

diff --git a/data/config-mode-dependencies.json b/data/config-mode-dependencies.json
new file mode 100644
index 000000000..ad12cff87
--- /dev/null
+++ b/data/config-mode-dependencies.json
@@ -0,0 +1,11 @@
+{
+  "firewall": {"group_resync": ["nat", "policy-route"]},
+  "pki": {
+           "ethernet": ["interfaces-ethernet"],
+           "openvpn": ["interfaces-openvpn"],
+           "https": ["https"],
+           "ipsec": ["vpn_ipsec"],
+           "openconnect": ["vpn_openconnect"],
+           "sstp": ["vpn_sstp"]
+         }
+}
diff --git a/data/op-mode-standardized.json b/data/op-mode-standardized.json
index ec950765d..1509975b4 100644
--- a/data/op-mode-standardized.json
+++ b/data/op-mode-standardized.json
@@ -1,10 +1,12 @@
 [
+"accelppp.py",
 "bgp.py",
 "bridge.py",
 "conntrack.py",
 "container.py",
 "cpu.py",
 "dhcp.py",
+"dns.py",
 "log.py",
 "memory.py",
 "nat.py",
diff --git a/data/templates/dns-forwarding/recursor.conf.j2 b/data/templates/dns-forwarding/recursor.conf.j2
index ce1b676d1..e02e6c13d 100644
--- a/data/templates/dns-forwarding/recursor.conf.j2
+++ b/data/templates/dns-forwarding/recursor.conf.j2
@@ -29,6 +29,9 @@ export-etc-hosts={{ 'no' if ignore_hosts_file is vyos_defined else 'yes' }}
 # listen-address
 local-address={{ listen_address | join(',') }}
 
+# listen-port
+local-port={{ port }}
+
 # dnssec
 dnssec={{ dnssec }}
 
diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2
index 40118930b..6cb3b2f95 100644
--- a/data/templates/firewall/nftables-policy.j2
+++ b/data/templates/firewall/nftables-policy.j2
@@ -2,21 +2,24 @@
 
 {% import 'firewall/nftables-defines.j2' as group_tmpl %}
 
-{% if cleanup_commands is vyos_defined %}
-{%     for command in cleanup_commands %}
-{{ command }}
-{%     endfor %}
+{% if first_install is not vyos_defined %}
+delete table ip vyos_mangle
+delete table ip6 vyos_mangle
 {% endif %}
-
-table ip mangle {
-{% if first_install is vyos_defined %}
+table ip vyos_mangle {
     chain VYOS_PBR_PREROUTING {
         type filter hook prerouting priority -150; policy accept;
+{% if route is vyos_defined %}
+{%     for route_text, conf in route.items() if conf.interface is vyos_defined %}
+        iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR_{{ route_text }}
+{%     endfor %}
+{% endif %}
     }
+
     chain VYOS_PBR_POSTROUTING {
         type filter hook postrouting priority -150; policy accept;
     }
-{% endif %}
+
 {% if route is vyos_defined %}
 {%     for route_text, conf in route.items() %}
     chain VYOS_PBR_{{ route_text }} {
@@ -32,15 +35,20 @@ table ip mangle {
 {{ group_tmpl.groups(firewall_group, False) }}
 }
 
-table ip6 mangle {
-{% if first_install is vyos_defined %}
+table ip6 vyos_mangle {
     chain VYOS_PBR6_PREROUTING {
         type filter hook prerouting priority -150; policy accept;
+{% if route6 is vyos_defined %}
+{%     for route_text, conf in route6.items() if conf.interface is vyos_defined %}
+        iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR6_{{ route_text }}
+{%     endfor %}
+{% endif %}
     }
+
     chain VYOS_PBR6_POSTROUTING {
         type filter hook postrouting priority -150; policy accept;
     }
-{% endif %}
+
 {% if route6 is vyos_defined %}
 {%     for route_text, conf in route6.items() %}
     chain VYOS_PBR6_{{ route_text }} {
@@ -52,5 +60,6 @@ table ip6 mangle {
     }
 {%     endfor %}
 {% endif %}
+
 {{ group_tmpl.groups(firewall_group, True) }}
 }
diff --git a/data/templates/frr/ospfd.frr.j2 b/data/templates/frr/ospfd.frr.j2
index 2a8afefbc..882ec8f97 100644
--- a/data/templates/frr/ospfd.frr.j2
+++ b/data/templates/frr/ospfd.frr.j2
@@ -161,6 +161,12 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
 {% if parameters.abr_type is vyos_defined %}
  ospf abr-type {{ parameters.abr_type }}
 {% endif %}
+{% if parameters.opaque_lsa is vyos_defined %}
+ ospf opaque-lsa
+{% endif %}
+{% if parameters.rfc1583_compatibility is vyos_defined %}
+ ospf rfc1583compatibility
+{% endif %}
 {% if parameters.router_id is vyos_defined %}
  ospf router-id {{ parameters.router_id }}
 {% endif %}
diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2
index 5ad4bd28c..9b5e80aed 100644
--- a/data/templates/frr/policy.frr.j2
+++ b/data/templates/frr/policy.frr.j2
@@ -322,6 +322,9 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
 {%                     if rule_config.set.ipv6_next_hop.prefer_global is vyos_defined %}
  set ipv6 next-hop prefer-global
 {%                     endif %}
+{%                     if rule_config.set.l3vpn_nexthop.encapsulation.gre is vyos_defined %}
+set l3vpn next-hop encapsulation gre
+{%                     endif %}
 {%                     if rule_config.set.large_community.replace is vyos_defined %}
  set large-community {{ rule_config.set.large_community.replace | join(' ') }}
 {%                     endif %}
diff --git a/data/templates/ipsec/swanctl/peer.j2 b/data/templates/ipsec/swanctl/peer.j2
index d097a04fc..837fa263c 100644
--- a/data/templates/ipsec/swanctl/peer.j2
+++ b/data/templates/ipsec/swanctl/peer.j2
@@ -124,7 +124,7 @@
 {%             endif %}
 {%         elif tunnel_esp.mode == 'transport' %}
                 local_ts = {{ peer_conf.local_address }}{{ local_suffix }}
-                remote_ts = {{ peer }}{{ remote_suffix }}
+                remote_ts = {{ peer_conf.remote_address | join(",") }}{{ remote_suffix }}
 {%         endif %}
                 ipcomp = {{ 'yes' if tunnel_esp.compression is vyos_defined else 'no' }}
                 mode = {{ tunnel_esp.mode }}
diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2
index d7dc0ba5d..57ad704c0 100644
--- a/data/templates/snmp/etc.snmpd.conf.j2
+++ b/data/templates/snmp/etc.snmpd.conf.j2
@@ -69,7 +69,7 @@ agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vy
 {%             for network in comm_config.network %}
 {%                 if network | is_ipv4 %}
 {{ comm_config.authorization }}community {{ comm }} {{ network }}
-{%                 elif client | is_ipv6 %}
+{%                 elif network | is_ipv6 %}
 {{ comm_config.authorization }}community6 {{ comm }} {{ network }}
 {%                 endif %}
 {%             endfor %}