vrf: T4353: fix Jinja2 linting errors

author: Christian Poessinger <christian@poessinger.com> 2022-05-01 19:21:35 +0200
committer: Christian Poessinger <christian@poessinger.com> 2022-05-01 19:21:35 +0200
commit: 992c847493665fd2119636d81582aa80e99e388a (patch)
tree: aab41f44ee6f04579f4a8686cdacebdc26b2c82b /data/templates/firewall/nftables-vrf-zones.j2
parent: 3f657383cdd96b984c594bb8323a714d7a692f11 (diff)
download: vyos-1x-992c847493665fd2119636d81582aa80e99e388a.tar.gz
vyos-1x-992c847493665fd2119636d81582aa80e99e388a.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/data/templates/firewall/nftables-vrf-zones.j2 b/data/templates/firewall/nftables-vrf-zones.j2
new file mode 100644
index 000000000..eecf47b78
--- /dev/null
+++ b/data/templates/firewall/nftables-vrf-zones.j2
@@ -0,0 +1,17 @@
+table inet vrf_zones {
+  # Map of interfaces and connections tracking zones
+  map ct_iface_map {
+    typeof iifname : ct zone
+  }
+  # Assign unique zones for each VRF
+  # Chain for inbound traffic
+  chain vrf_zones_ct_in {
+    type filter hook prerouting priority raw; policy accept;
+    counter ct zone set iifname map @ct_iface_map
+  }
+  # Chain for locally-generated traffic
+  chain vrf_zones_ct_out {
+    type filter hook output priority raw; policy accept;
+    counter ct zone set oifname map @ct_iface_map
+  }
+}
author	Christian Poessinger <christian@poessinger.com>	2022-05-01 19:21:35 +0200
committer	Christian Poessinger <christian@poessinger.com>	2022-05-01 19:21:35 +0200
commit	992c847493665fd2119636d81582aa80e99e388a (patch)
tree	aab41f44ee6f04579f4a8686cdacebdc26b2c82b /data/templates/firewall/nftables-vrf-zones.j2
parent	3f657383cdd96b984c594bb8323a714d7a692f11 (diff)
download	vyos-1x-992c847493665fd2119636d81582aa80e99e388a.tar.gz vyos-1x-992c847493665fd2119636d81582aa80e99e388a.zip