Merge pull request #4419 from sskaje/T5636HEADcurrent

geoip: T5636: Add geoip for policy route/route6

1 files changed, 33 insertions, 0 deletions

diff --git a/data/templates/firewall/nftables-geoip-update.j2 b/data/templates/firewall/nftables-geoip-update.j2
index 832ccc3e9..d8f80d1f5 100644
--- a/data/templates/firewall/nftables-geoip-update.j2
+++ b/data/templates/firewall/nftables-geoip-update.j2
@@ -31,3 +31,36 @@ table ip6 vyos_filter {
 {%     endfor %}
 }
 {% endif %}
+
+
+{% if ipv4_sets_policy is vyos_defined %}
+{%     for setname, ip_list in ipv4_sets_policy.items() %}
+flush set ip vyos_mangle {{ setname }}
+{%     endfor %}
+
+table ip vyos_mangle {
+{%     for setname, ip_list in ipv4_sets_policy.items() %}
+    set {{ setname }} {
+        type ipv4_addr
+        flags interval
+        elements = { {{ ','.join(ip_list) }} }
+    }
+{%     endfor %}
+}
+{% endif %}
+
+{% if ipv6_sets_policy is vyos_defined %}
+{%     for setname, ip_list in ipv6_sets_policy.items() %}
+flush set ip6 vyos_mangle {{ setname }}
+{%     endfor %}
+
+table ip6 vyos_mangle {
+{%     for setname, ip_list in ipv6_sets_policy.items() %}
+    set {{ setname }} {
+        type ipv6_addr
+        flags interval
+        elements = { {{ ','.join(ip_list) }} }
+    }
+{%     endfor %}
+}
+{% endif %}