Merge pull request #1537 from sarthurdev/nhrp_nftables

nhrp: T2199: Use separate table in nftables for NHRP rules
author: Christian Poessinger <christian@poessinger.com> 2022-09-14 13:24:39 +0200
committer: GitHub <noreply@github.com> 2022-09-14 13:24:39 +0200
commit: 5c21529c812be2d777d71736cd1818744e725bac (patch)
tree: c1cfd91a4be656c28156dbf940c9a3c15e1b67b2 /data/templates/nhrp/nftables.conf.j2
parent: e5c9f290b70c700fbec5acdb3a90bf0c67edd091 (diff)
parent: 31cd47594aa54f6d04500e16c67e723d548df8d6 (diff)
download: vyos-1x-5c21529c812be2d777d71736cd1818744e725bac.tar.gz
vyos-1x-5c21529c812be2d777d71736cd1818744e725bac.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/data/templates/nhrp/nftables.conf.j2 b/data/templates/nhrp/nftables.conf.j2
new file mode 100644
index 000000000..a0d1f6d4c
--- /dev/null
+++ b/data/templates/nhrp/nftables.conf.j2
@@ -0,0 +1,17 @@
+#!/usr/sbin/nft -f
+
+{% if first_install is not vyos_defined %}
+delete table ip vyos_nhrp_filter
+{% endif %}
+table ip vyos_nhrp_filter {
+    chain VYOS_NHRP_OUTPUT {
+        type filter hook output priority 10; policy accept;
+{% if tunnel is vyos_defined %}
+{%     for tun, tunnel_conf in tunnel.items() %}
+{%         if if_tunnel[tun].source_address is vyos_defined %}
+        ip protocol gre ip saddr {{ if_tunnel[tun].source_address }} ip daddr 224.0.0.0/4 counter drop comment "VYOS_NHRP_{{ tun }}"
+{%         endif %}
+{%     endfor %}
+{% endif %}
+    }
+}
author	Christian Poessinger <christian@poessinger.com>	2022-09-14 13:24:39 +0200
committer	GitHub <noreply@github.com>	2022-09-14 13:24:39 +0200
commit	5c21529c812be2d777d71736cd1818744e725bac (patch)
tree	c1cfd91a4be656c28156dbf940c9a3c15e1b67b2 /data/templates/nhrp/nftables.conf.j2
parent	e5c9f290b70c700fbec5acdb3a90bf0c67edd091 (diff)
parent	31cd47594aa54f6d04500e16c67e723d548df8d6 (diff)
download	vyos-1x-5c21529c812be2d777d71736cd1818744e725bac.tar.gz vyos-1x-5c21529c812be2d777d71736cd1818744e725bac.zip