From 31cd47594aa54f6d04500e16c67e723d548df8d6 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Mon, 12 Sep 2022 22:49:34 +0200
Subject: nhrp: T2199: Use separate table in nftables for NHRP rules

---
 data/templates/nhrp/nftables.conf.j2 | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 data/templates/nhrp/nftables.conf.j2

(limited to 'data/templates')

diff --git a/data/templates/nhrp/nftables.conf.j2 b/data/templates/nhrp/nftables.conf.j2
new file mode 100644
index 000000000..a0d1f6d4c
--- /dev/null
+++ b/data/templates/nhrp/nftables.conf.j2
@@ -0,0 +1,17 @@
+#!/usr/sbin/nft -f
+
+{% if first_install is not vyos_defined %}
+delete table ip vyos_nhrp_filter
+{% endif %}
+table ip vyos_nhrp_filter {
+    chain VYOS_NHRP_OUTPUT {
+        type filter hook output priority 10; policy accept;
+{% if tunnel is vyos_defined %}
+{%     for tun, tunnel_conf in tunnel.items() %}
+{%         if if_tunnel[tun].source_address is vyos_defined %}
+        ip protocol gre ip saddr {{ if_tunnel[tun].source_address }} ip daddr 224.0.0.0/4 counter drop comment "VYOS_NHRP_{{ tun }}"
+{%         endif %}
+{%     endfor %}
+{% endif %}
+    }
+}
-- 
cgit v1.2.3