Merge branch 'current' of https://github.com/vyos/vyos-1x into current

author: Daniil Baturin <daniil@vyos.io> 2021-02-22 17:04:15 +0200
committer: Daniil Baturin <daniil@vyos.io> 2021-02-22 17:04:15 +0200
commit: bdc35ac8ad1d3d88c796aa488749e44bda617b44 (patch)
tree: b2c97b7ab02aa6c3c3ed27cb98e46302f797c909 /data
parent: 28cd2e3edb3e2108c43ad20c0084d496a7ffef25 (diff)
parent: cf1156a60e1d03a752cde0baadbc9ac8118b2a52 (diff)
download: vyos-1x-bdc35ac8ad1d3d88c796aa488749e44bda617b44.tar.gz
vyos-1x-bdc35ac8ad1d3d88c796aa488749e44bda617b44.zip
20 files changed, 521 insertions, 310 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index 495000961..aabd7232e 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -32,6 +32,7 @@
 "nat66.py",
 "ntp.py",
 "policy-local-route.py",
+"protocols_bfd.py",
 "protocols_bgp.py",
 "protocols_igmp.py",
 "protocols_isis.py",
@@ -40,6 +41,7 @@
 "protocols_ospfv3.py",
 "protocols_pim.py",
 "protocols_rip.py",
+"protocols_ripng.py",
 "protocols_static.py",
 "protocols_static_multicast.py",
 "protocols_vrf.py",
diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2
index 4e2254b21..49af3a228 100644
--- a/data/templates/accel-ppp/config_chap_secrets_radius.j2
+++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2
@@ -1,33 +1,33 @@
-{% if authentication.mode is defined and authentication.mode == 'local' %}
-[chap-secrets]
-chap-secrets={{ chap_secrets_file }}
-{% elif authentication.mode is defined and authentication.mode == 'radius' %}
-[radius]
-verbose=1
-{%   for server, options in authentication.radius.server.items() if not options.disable is defined %}
-server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }}
-{%   endfor %}
-{%   if authentication.radius.acct_interim_jitter is defined and authentication.radius.acct_interim_jitter is not none %}
-acct-interim-jitter={{ authentication.radius.acct_interim_jitter }}
-{%   endif %}
-acct-timeout={{ authentication.radius.acct_timeout }}
-timeout={{ authentication.radius.timeout }}
-max-try={{ authentication.radius.max_try }}
-{%   if authentication.radius.nas_identifier is defined and authentication.radius.nas_identifier is not none %}
-nas-identifier={{ authentication.radius.nas_identifier }}
-{%   endif %}
-{%   if authentication.radius.nas_ip_address is defined and authentication.radius.nas_ip_address is not none %}
-nas-ip-address={{ authentication.radius.nas_ip_address }}
-{%   endif %}
-{%   if authentication.radius.source_address is defined and authentication.radius.source_address is not none %}
-bind={{ authentication.radius.source_address }}
-{%   endif %}
-{%   if authentication.radius.dynamic_author.server is defined and authentication.radius.dynamic_author.server is not none %}
-dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }}
-{%   endif %}
-{% endif %}
-{# Both chap-secrets and radius block required the gw-ip-address #}
-{% if gateway_address is defined and gateway_address is not none %}
-gw-ip-address={{ gateway_address }}
-{% endif %}
-
+{% if authentication.mode is defined and authentication.mode == 'local' %}
+[chap-secrets]
+chap-secrets={{ chap_secrets_file }}
+{% elif authentication.mode is defined and authentication.mode == 'radius' %}
+[radius]
+verbose=1
+{%   for server, options in authentication.radius.server.items() if not options.disable is defined %}
+server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }}
+{%   endfor %}
+{%   if authentication.radius.acct_interim_jitter is defined and authentication.radius.acct_interim_jitter is not none %}
+acct-interim-jitter={{ authentication.radius.acct_interim_jitter }}
+{%   endif %}
+acct-timeout={{ authentication.radius.acct_timeout }}
+timeout={{ authentication.radius.timeout }}
+max-try={{ authentication.radius.max_try }}
+{%   if authentication.radius.nas_identifier is defined and authentication.radius.nas_identifier is not none %}
+nas-identifier={{ authentication.radius.nas_identifier }}
+{%   endif %}
+{%   if authentication.radius.nas_ip_address is defined and authentication.radius.nas_ip_address is not none %}
+nas-ip-address={{ authentication.radius.nas_ip_address }}
+{%   endif %}
+{%   if authentication.radius.source_address is defined and authentication.radius.source_address is not none %}
+bind={{ authentication.radius.source_address }}
+{%   endif %}
+{%   if authentication.radius.dynamic_author.server is defined and authentication.radius.dynamic_author.server is not none %}
+dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }}
+{%   endif %}
+{% endif %}
+{# Both chap-secrets and radius block required the gw-ip-address #}
+{% if gateway_address is defined and gateway_address is not none %}
+gw-ip-address={{ gateway_address }}
+{% endif %}
+
diff --git a/data/templates/accel-ppp/config_modules_auth_mode.j2 b/data/templates/accel-ppp/config_modules_auth_mode.j2
index 5eca76f91..e3d578b38 100644
--- a/data/templates/accel-ppp/config_modules_auth_mode.j2
+++ b/data/templates/accel-ppp/config_modules_auth_mode.j2
@@ -1,5 +1,5 @@
-{% if authentication is defined and authentication.mode is defined and authentication.mode == 'local' %}
-chap-secrets
-{% elif authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %}
-radius
-{% endif %}
+{% if authentication is defined and authentication.mode is defined and authentication.mode == 'local' %}
+chap-secrets
+{% elif authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %}
+radius
+{% endif %}
diff --git a/data/templates/accel-ppp/config_modules_auth_protocols.j2 b/data/templates/accel-ppp/config_modules_auth_protocols.j2
index e122d6c48..454d37792 100644
--- a/data/templates/accel-ppp/config_modules_auth_protocols.j2
+++ b/data/templates/accel-ppp/config_modules_auth_protocols.j2
@@ -1,10 +1,10 @@
-{% for protocol in authentication.protocols %}
-{#   this should be fixed in the CLI by a migrator #}
-{%   if protocol == 'chap' %}
-auth_chap_md5
-{%   elif protocol == 'mschap' %}
-auth_mschap_v1
-{%   else %}
-auth_{{ protocol.replace('-', '_') }}
-{%   endif %}
-{% endfor %}
+{% for protocol in authentication.protocols %}
+{#   this should be fixed in the CLI by a migrator #}
+{%   if protocol == 'chap' %}
+auth_chap_md5
+{%   elif protocol == 'mschap' %}
+auth_mschap_v1
+{%   else %}
+auth_{{ protocol.replace('-', '_') }}
+{%   endif %}
+{% endfor %}
diff --git a/data/templates/accel-ppp/config_modules_ipv6.j2 b/data/templates/accel-ppp/config_modules_ipv6.j2
index e9ea4924b..02740ce7c 100644
--- a/data/templates/accel-ppp/config_modules_ipv6.j2
+++ b/data/templates/accel-ppp/config_modules_ipv6.j2
@@ -1,5 +1,5 @@
-{% if ppp_options.ipv6 is defined and ppp_options.ipv6 != 'deny' %}
-ipv6pool
-ipv6_nd
-ipv6_dhcp
-{% endif %}
+{% if ppp_options.ipv6 is defined and ppp_options.ipv6 != 'deny' %}
+ipv6pool
+ipv6_nd
+ipv6_dhcp
+{% endif %}
diff --git a/data/templates/accel-ppp/config_shaper_radius.j2 b/data/templates/accel-ppp/config_shaper_radius.j2
index 2a6641245..8de5f5df3 100644
--- a/data/templates/accel-ppp/config_shaper_radius.j2
+++ b/data/templates/accel-ppp/config_shaper_radius.j2
@@ -1,10 +1,10 @@
-{% if authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %}
-{%   if authentication is defined and authentication.radius is defined and authentication.radius.rate_limit is defined and authentication.radius.rate_limit.enable is defined %}
-[shaper]
-verbose=1
-attr={{ authentication.radius.rate_limit.attribute }}
-{%     if authentication.radius.rate_limit.vendor is defined and authentication.radius.rate_limit.vendor is not none %}
-vendor={{ authentication.radius.rate_limit.vendor }}
-{%     endif %}
-{%   endif %}
-{% endif %}
+{% if authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %}
+{%   if authentication is defined and authentication.radius is defined and authentication.radius.rate_limit is defined and authentication.radius.rate_limit.enable is defined %}
+[shaper]
+verbose=1
+attr={{ authentication.radius.rate_limit.attribute }}
+{%     if authentication.radius.rate_limit.vendor is defined and authentication.radius.rate_limit.vendor is not none %}
+vendor={{ authentication.radius.rate_limit.vendor }}
+{%     endif %}
+{%   endif %}
+{% endif %}
diff --git a/data/templates/conserver/dropbear@.service.tmpl b/data/templates/conserver/dropbear@.service.tmpl
new file mode 100644
index 000000000..4bb73f751
--- /dev/null
+++ b/data/templates/conserver/dropbear@.service.tmpl
@@ -0,0 +1,4 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console {{ device }}" -P /run/conserver/dropbear.%I.pid -p %I
+PIDFile=/run/conserver/dropbear.%I.pid
diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl
index 499733225..b80fc1968 100644
--- a/data/templates/firewall/nftables-nat.tmpl
+++ b/data/templates/firewall/nftables-nat.tmpl
@@ -24,9 +24,9 @@
 {%     if config.translation is defined and config.translation.address is defined and config.translation.address is not none %}
 {#       support 1:1 network translation #}
 {%       if config.translation.address | is_ip_network %}
-{%         set trns_addr = 'dnat ip prefix to ip daddr map { ' + config.source.address + ' : ' + config.translation.address + ' }' %}
-{#         we can now clear out the src_addr part as it's already covered in aboves map #}
-{%         set src_addr  = '' %}
+{%         set trns_addr = 'dnat ip prefix to ip daddr map { ' + config.destination.address + ' : ' + config.translation.address + ' }' %}
+{#         we can now clear out the dst_addr part as it's already covered in aboves map #}
+{%         set dst_addr  = '' %}
 {%       else %}
 {%         set trns_addr = 'dnat to ' + config.translation.address %}
 {%       endif %}
diff --git a/data/templates/frr/bfd.frr.tmpl b/data/templates/frr/bfd.frr.tmpl
index 9e5ad3379..16f8be92c 100644
--- a/data/templates/frr/bfd.frr.tmpl
+++ b/data/templates/frr/bfd.frr.tmpl
@@ -1,22 +1,44 @@
 !
 bfd
-{% for peer in old_peers %}
- no peer {{ peer.remote }}{% if peer.multihop %} multihop{% endif %}{% if peer.src_addr %} local-address {{ peer.src_addr }}{% endif %}{% if peer.src_if %} interface {{ peer.src_if }}{% endif %}
-
-{% endfor %}
-!
-{% for peer in new_peers %}
- peer {{ peer.remote }}{% if peer.multihop %} multihop{% endif %}{% if peer.src_addr %} local-address {{ peer.src_addr }}{% endif %}{% if peer.src_if %} interface {{ peer.src_if }}{% endif %}
-
- detect-multiplier {{ peer.multiplier }}
- receive-interval {{ peer.rx_interval }}
- transmit-interval {{ peer.tx_interval }}
-{% if peer.echo_mode %}
- echo-mode
+{% if profile is defined and profile is not none %}
+{%   for profile_name, profile_config in profile.items() %}
+ profile {{ profile_name }}
+  detect-multiplier {{ profile_config.interval.multiplier }}
+  receive-interval {{ profile_config.interval.receive }}
+  transmit-interval {{ profile_config.interval.transmit }}
+{%     if profile_config.interval['echo-interval'] is defined and profile_config.interval['echo-interval'] is not none %}
+  echo-interval {{ profile_config.interval['echo-interval'] }}
+{%     endif %}
+{%     if profile_config['echo-mode'] is defined %}
+  echo-mode
+{%     endif %}
+{%     if profile_config.shutdown is defined %}
+  shutdown
+{%     else %}
+  no shutdown
+{%     endif %}
+  exit
+{%   endfor %}
 {% endif %}
-{% if peer.echo_interval != '' %}
- echo-interval {{ peer.echo_interval }}
+{% if peer is defined and peer is not none %}
+{%   for peer_name, peer_config in peer.items() %}
+ peer {{ peer_name }}{{ ' multihop' if peer_config.multihop is defined }}{{ ' local-address ' + peer_config.source.address if peer_config.source is defined and peer_config.source.address is defined }}{{ ' interface ' + peer_config.source.interface if peer_config.source is defined and peer_config.source.interface is defined }}
+  detect-multiplier {{ peer_config.interval.multiplier }}
+  receive-interval {{ peer_config.interval.receive }}
+  transmit-interval {{ peer_config.interval.transmit }}
+{%     if peer_config.interval['echo-interval'] is defined and peer_config.interval['echo-interval'] is not none %}
+ echo-interval {{ peer_config.interval['echo-interval'] }}
+{%     endif %}
+{%     if peer_config['echo-mode'] is defined %}
+  echo-mode
+{%     endif %}
+{%     if peer_config.shutdown is defined %}
+  shutdown
+{%     else %}
+  no shutdown
+{%     endif %}
+  exit
+{%   endfor %}
 {% endif %}
- {% if not peer.shutdown %}no {% endif %}shutdown
-{% endfor %}
+ end
 !
diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl
index 74874ee43..30741aa27 100644
--- a/data/templates/frr/bgp.frr.tmpl
+++ b/data/templates/frr/bgp.frr.tmpl
@@ -9,6 +9,9 @@
 {%   if config.remote_as is defined and config.remote_as is not none %}
  neighbor {{ neighbor }} remote-as {{ config.remote_as }}
 {%   endif %}
+{%   if config.advertisement_interval is defined and config.advertisement_interval is not none %}
+ neighbor {{ neighbor }} advertisement-interval {{ config.advertisement_interval }}
+{%   endif %}
 {%   if config.bfd is defined %}
  neighbor {{ neighbor }} bfd
 {%   endif %}
@@ -43,12 +46,26 @@
 {%   if config.password is defined and config.password is not none %}
  neighbor {{ neighbor }} password {{ config.password }}
 {%   endif %}
+{%   if config.port is defined and config.port is not none %}
+ neighbor {{ neighbor }} port {{ config.port }}
+{%   endif %}
 {%   if config.shutdown is defined %}
  neighbor {{ neighbor }} shutdown
 {%   endif %}
+{%   if config.strict_capability_match is defined %}
+ neighbor {{ neighbor }} strict-capability-match
+{%   endif %}
 {%   if config.ttl_security is defined and config.ttl_security.hops is defined and config.ttl_security.hops is not none %}
  neighbor {{ neighbor }} ttl-security hops {{ config.ttl_security.hops }}
 {%   endif %}
+{%   if config.timers is defined %}
+{%     if config.timers.connect is defined and config.timers.connect is not none %}
+ neighbor {{ neighbor }} timers connect {{ config.timers.connect }}
+{%     endif %}
+{%     if config.timers.holdtime is defined and config.timers.keepalive is defined and config.timers.holdtime is not none and config.timers.keepalive is not none %}
+ neighbor {{ neighbor }} timers {{ config.timers.keepalive }} {{ config.timers.holdtime }}
+{%     endif %}
+{%   endif %}
 {%   if config.update_source is defined and config.update_source is not none %}
  neighbor {{ neighbor }} update-source {{ config.update_source }}
 {%   endif %}
@@ -70,82 +87,96 @@
 {%   endif %}
  !
 {%   if config.address_family is defined and config.address_family is not none %}
-{%     for af in config.address_family %}
-{%       if af == 'ipv4_unicast' %}
+{%     for afi, afi_config in config.address_family.items() %}
+{%       if afi == 'ipv4_unicast' %}
  address-family ipv4 unicast
-{%       elif af == 'ipv6_unicast' %}
+{%       elif afi == 'ipv6_unicast' %}
  address-family ipv6 unicast
-{%       elif af == 'l2vpn_evpn' %}
+{%       elif afi == 'l2vpn_evpn' %}
  address-family l2vpn evpn
 {%       endif %}
-{%       if config.address_family[af].allowas_in is defined and config.address_family[af].allowas_in is not none %}
-  neighbor {{ neighbor }} allowas-in {{ config.address_family[af].allowas_in.number if config.address_family[af].allowas_in.number is defined }}
+{%       if afi_config.addpath_tx_all is defined %}
+  neighbor {{ neighbor }} addpath-tx-all-paths
 {%       endif %}
-{%       if config.address_family[af].remove_private_as is defined %}
+{%       if afi_config.addpath_tx_per_as is defined %}
+  neighbor {{ neighbor }} addpath-tx-bestpath-per-AS
+{%       endif %}
+{%       if afi_config.allowas_in is defined and afi_config.allowas_in is not none %}
+  neighbor {{ neighbor }} allowas-in {{ afi_config.allowas_in.number if afi_config.allowas_in.number is defined }}
+{%       endif %}
+{%       if afi_config.remove_private_as is defined %}
   neighbor {{ neighbor }} remove-private-AS
 {%       endif %}
-{%       if config.address_family[af].route_reflector_client is defined %}
+{%       if afi_config.route_reflector_client is defined %}
   neighbor {{ neighbor }} route-reflector-client
 {%       endif %}
-{%       if config.address_family[af].weight is defined and config.address_family[af].weight is not none %}
-  neighbor {{ neighbor }} weight {{ config.address_family[af].weight }}
+{%       if afi_config.weight is defined and afi_config.weight is not none %}
+  neighbor {{ neighbor }} weight {{ afi_config.weight }}
+{%       endif %}
+{%       if afi_config.attribute_unchanged is defined and afi_config.attribute_unchanged is not none %}
+  neighbor {{ neighbor }} attribute-unchanged {{ 'as-path ' if afi_config.attribute_unchanged.as_path is defined }}{{ 'med ' if afi_config.attribute_unchanged.med is defined }}{{ 'next-hop ' if afi_config.attribute_unchanged.next_hop is defined }}
 {%       endif %}
-{%       if config.address_family[af].attribute_unchanged is defined and config.address_family[af].attribute_unchanged is not none %}
-  neighbor {{ neighbor }} attribute-unchanged {{ 'as-path ' if config.address_family[af].attribute_unchanged.as_path is defined }}{{ 'med ' if config.address_family[af].attribute_unchanged.med is defined }}{{ 'next-hop ' if config.address_family[af].attribute_unchanged.next_hop is defined }}
+{%       if afi_config.capability is defined and afi_config.capability.orf is defined and afi_config.capability.orf.prefix_list is defined and afi_config.capability.orf.prefix_list.send is defined %}
+  neighbor {{ neighbor }} capability orf prefix-list send
 {%       endif %}
-{%       if config.address_family[af].capability is defined and config.address_family[af].capability.orf is defined and config.address_family[af].capability.orf.prefix_list is defined and config.address_family[af].capability.orf.prefix_list is not none %}
-  neighbor {{ neighbor }} capability orf prefix-list {{ config.address_family[af].capability.orf.prefix_list }}
+{%       if afi_config.capability is defined and afi_config.capability.orf is defined and afi_config.capability.orf.prefix_list is defined and afi_config.capability.orf.prefix_list.receive is defined %}
+  neighbor {{ neighbor }} capability orf prefix-list receive
 {%       endif %}
-{%       if config.address_family[af].default_originate is defined %}
-  neighbor {{ neighbor }} default-originate {{ 'route-map ' + config.address_family[af].default_originate.route_map if config.address_family[af].default_originate.route_map is defined }}
+{%       if afi_config.default_originate is defined %}
+  neighbor {{ neighbor }} default-originate {{ 'route-map ' + afi_config.default_originate.route_map if afi_config.default_originate.route_map is defined }}
 {%       endif %}
-{%       if config.address_family[af].distribute_list is defined and config.address_family[af].distribute_list is not none %}
-{%         if config.address_family[af].distribute_list.export is defined and config.address_family[af].distribute_list.export is not none %}
-  neighbor {{ neighbor }} distribute-list {{ config.address_family[af].distribute_list.export }} out
+{%       if afi_config.distribute_list is defined and afi_config.distribute_list is not none %}
+{%         if afi_config.distribute_list.export is defined and afi_config.distribute_list.export is not none %}
+  neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.export }} out
 {%         endif %}
-{%         if config.address_family[af].distribute_list.import is defined and config.address_family[af].distribute_list.import is not none %}
-  neighbor {{ neighbor }} distribute-list {{ config.address_family[af].distribute_list.import }} in
+{%         if afi_config.distribute_list.import is defined and afi_config.distribute_list.import is not none %}
+  neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.import }} in
 {%         endif %}
 {%       endif %}
-{%       if config.address_family[af].filter_list is defined and config.address_family[af].filter_list is not none %}
-{%         if config.address_family[af].filter_list.export is defined and config.address_family[af].filter_list.export is not none %}
-  neighbor {{ neighbor }} filter-list {{ config.address_family[af].filter_list.export }} out
+{%       if afi_config.filter_list is defined and afi_config.filter_list is not none %}
+{%         if afi_config.filter_list.export is defined and afi_config.filter_list.export is not none %}
+  neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.export }} out
 {%         endif %}
-{%         if config.address_family[af].filter_list.import is defined and config.address_family[af].filter_list.import is not none %}
-  neighbor {{ neighbor }} filter-list {{ config.address_family[af].filter_list.import }} in
+{%         if afi_config.filter_list.import is defined and afi_config.filter_list.import is not none %}
+  neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.import }} in
 {%         endif %}
 {%       endif %}
-{%       if config.address_family[af].maximum_prefix is defined and config.address_family[af].maximum_prefix is not none %}
-  neighbor {{ neighbor }} maximum-prefix {{ config.address_family[af].maximum_prefix }}
+{%       if afi_config.maximum_prefix is defined and afi_config.maximum_prefix is not none %}
+  neighbor {{ neighbor }} maximum-prefix {{ afi_config.maximum_prefix }}
 {%       endif %}
-{%       if config.address_family[af].nexthop_self is defined %}
-{#         https://phabricator.vyos.net/T1817 #}
-  neighbor {{ neighbor }} next-hop-self {{ 'force' if config.address_family[af].nexthop_self.force is defined }}
+{%       if afi_config.nexthop_self is defined %}
+  neighbor {{ neighbor }} next-hop-self {{ 'force' if afi_config.nexthop_self.force is defined }}
 {%       endif %}
-{%       if config.address_family[af].route_server_client is defined %}
+{%       if afi_config.route_server_client is defined %}
   neighbor {{ neighbor }} route-server-client
 {%       endif %}
-{%       if config.address_family[af].route_map is defined and config.address_family[af].route_map is not none %}
-{%         if config.address_family[af].route_map.export is defined and config.address_family[af].route_map.export is not none %}
-  neighbor {{ neighbor }} route-map {{ config.address_family[af].route_map.export }} out
+{%       if afi_config.route_map is defined and afi_config.route_map is not none %}
+{%         if afi_config.route_map.export is defined and afi_config.route_map.export is not none %}
+  neighbor {{ neighbor }} route-map {{ afi_config.route_map.export }} out
 {%         endif %}
-{%         if config.address_family[af].route_map.import is defined and config.address_family[af].route_map.import is not none %}
-  neighbor {{ neighbor }} route-map {{ config.address_family[af].route_map.import }} in
+{%         if afi_config.route_map.import is defined and afi_config.route_map.import is not none %}
+  neighbor {{ neighbor }} route-map {{ afi_config.route_map.import }} in
 {%         endif %}
 {%       endif %}
-{%       if config.address_family[af].prefix_list is defined and config.address_family[af].prefix_list is not none %}
-{%         if config.address_family[af].prefix_list.export is defined and config.address_family[af].prefix_list.export is not none %}
-  neighbor {{ neighbor }} prefix-list  {{ config.address_family[af].prefix_list.export }} out
+{%       if afi_config.prefix_list is defined and afi_config.prefix_list is not none %}
+{%         if afi_config.prefix_list.export is defined and afi_config.prefix_list.export is not none %}
+  neighbor {{ neighbor }} prefix-list  {{ afi_config.prefix_list.export }} out
 {%         endif %}
-{%         if config.address_family[af].prefix_list.import is defined and config.address_family[af].prefix_list.import is not none %}
-  neighbor {{ neighbor }} prefix-list  {{ config.address_family[af].prefix_list.import }} in
+{%         if afi_config.prefix_list.import is defined and afi_config.prefix_list.import is not none %}
+  neighbor {{ neighbor }} prefix-list  {{ afi_config.prefix_list.import }} in
 {%         endif %}
 {%       endif %}
-{%       if config.address_family[af].soft_reconfiguration is defined and config.address_family[af].soft_reconfiguration.inbound is defined %}
+{%       if afi_config.soft_reconfiguration is defined and afi_config.soft_reconfiguration.inbound is defined %}
   neighbor {{ neighbor }} soft-reconfiguration inbound
 {%       endif %}
-{%       if config.address_family[af].unsuppress_map is defined and config.address_family[af].unsuppress_map is not none %}
-  neighbor {{ neighbor }} unsuppress-map {{ config.address_family[af].unsuppress_map }}
+{%       if afi_config.unsuppress_map is defined and afi_config.unsuppress_map is not none %}
+  neighbor {{ neighbor }} unsuppress-map {{ afi_config.unsuppress_map }}
+{%       endif %}
+{%       if afi_config.disable_send_community is defined and afi_config.disable_send_community.extended is defined %}
+ no neighbor {{ neighbor }} send-community extended
+{%       endif %}
+{%       if afi_config.disable_send_community is defined and afi_config.disable_send_community.standard is defined %}
+ no neighbor {{ neighbor }} send-community standard
 {%       endif %}
   neighbor {{ neighbor }} activate
  exit-address-family
@@ -156,57 +187,93 @@
 !
 router bgp {{ asn }}
 {# Disable eBGP policy by default until there is a CLI option #}
-{# https://phabricator.vyos.net/T3183 & https://phabricator.vyos.net/T2100 #}
+{# Workaround for T3183 until we have decided about a migration script #}
  no bgp ebgp-requires-policy
+{# Workaround for T2100 until we have decided about a migration script #}
+ no bgp network import-check
 {% if address_family is defined and address_family is not none %}
-{%   for af in address_family %}
+{%   for afi, afi_config in address_family.items() %}
  !
-{%     if af == 'ipv4_unicast' %}
+{%     if afi == 'ipv4_unicast' %}
  address-family ipv4 unicast
-{%     elif af == 'ipv6_unicast' %}
+{%     elif afi == 'ipv6_unicast' %}
  address-family ipv6 unicast
-{%     elif af == 'l2vpn_evpn' %}
+{%     elif afi == 'l2vpn_evpn' %}
  address-family l2vpn evpn
 {%     endif %}
-{%     if address_family[af].aggregate_address is defined and address_family[af].aggregate_address is not none %}
-{%       for ip in address_family[af].aggregate_address %}
-  aggregate-address {{ ip }}{{ ' as-set' if address_family[af].aggregate_address[ip].as_set is defined }}{{ ' summary-only' if address_family[af].aggregate_address[ip].summary_only is defined }}
+{%     if afi_config.aggregate_address is defined and afi_config.aggregate_address is not none %}
+{%       for ip in afi_config.aggregate_address %}
+  aggregate-address {{ ip }}{{ ' as-set' if afi_config.aggregate_address[ip].as_set is defined }}{{ ' summary-only' if afi_config.aggregate_address[ip].summary_only is defined }}
 {%       endfor %}
 {%     endif %}
-{%     if address_family[af].redistribute is defined and address_family[af].redistribute is not none %}
-{%       for protocol in address_family[af].redistribute %}
+{%     if afi_config.redistribute is defined and afi_config.redistribute is not none %}
+{%       for protocol in afi_config.redistribute %}
 {%         if protocol == 'table' %}
-  redistribute table {{ address_family[af].redistribute[protocol].table }}
+  redistribute table {{ afi_config.redistribute[protocol].table }}
 {%         else %}
 {%           set redistribution_protocol = protocol %}
 {%             if protocol == 'ospfv3' %}
 {%               set redistribution_protocol = 'ospf6' %}
 {%             endif %}
-  redistribute {{ redistribution_protocol }}{% if address_family[af].redistribute[protocol].metric is defined %} metric {{ address_family[af].redistribute[protocol].metric }}{% endif %}{% if address_family[af].redistribute[protocol].route_map is defined %} route-map {{ address_family[af].redistribute[protocol].route_map }}{% endif %}
+  redistribute {{ redistribution_protocol }}{% if afi_config.redistribute[protocol].metric is defined %} metric {{ afi_config.redistribute[protocol].metric }}{% endif %}{% if afi_config.redistribute[protocol].route_map is defined %} route-map {{ afi_config.redistribute[protocol].route_map }}{% endif %}
 {#######   we need this blank line!! #######}
 
 {%         endif %}
 {%       endfor %}
 {%     endif %}
-{%     if address_family[af].network is defined and address_family[af].network is not none %}
-{%       for network in address_family[af].network %}
-  network {{ network }}{% if address_family[af].network[network].route_map is defined %} route-map {{ address_family[af].network[network].route_map }}{% endif %}{% if address_family[af].network[network].backdoor is defined %} backdoor{% endif %}
+{%     if afi_config.network is defined and afi_config.network is not none %}
+{%       for network in afi_config.network %}
+  network {{ network }}{% if afi_config.network[network].route_map is defined %} route-map {{ afi_config.network[network].route_map }}{% endif %}{% if afi_config.network[network].backdoor is defined %} backdoor{% endif %}
 {#######   we need this blank line!! #######}
 
 {%       endfor %}
 {%     endif %}
-{%     if address_family[af].advertise_all_vni is defined %}
+{%     if afi_config.advertise_all_vni is defined %}
   advertise-all-vni
 {%     endif %}
-{%     if address_family[af].advertise_default_gw is defined %}
+{%     if afi_config.advertise_default_gw is defined %}
   advertise-default-gw
 {%     endif %}
-{%     if address_family[af].advertise_svi_ip is defined %}
+{%     if afi_config.advertise_pip is defined and afi_config.advertise_pip is not none %}
+  advertise-pip ip {{ afi_config.advertise_pip }}
+{%     endif %}
+{%     if afi_config.advertise_svi_ip is defined %}
   advertise-svi-ip
 {%     endif %}
-{%     if address_family[af].vni is defined and address_family[af].vni is not none %}
-  vni {{ address_family[af].vni }}
+{%     if afi_config.rt_auto_derive is defined %}
+ autort rfc8365-compatible
+{%     endif %}
+{%     if afi_config.flooding is defined and afi_config.flooding.disable is defined %}
+ flooding disable
+{%     endif %}
+{%     if afi_config.flooding is defined and afi_config.flooding.head_end_replication is defined %}
+ flooding head-end-replication
+{%     endif %}
+{%     if afi_config.rd is defined and afi_config.rd is not none %}
+ rd {{ afi_config.rd }}
+{%     endif %}
+{%     if afi_config.route_target is defined and afi_config.route_target is not none %}
+{%       if afi_config.route_target.both is defined and afi_config.route_target.both is not none %}
+ route-target both {{ afi_config.route_target.both }}
+{%       endif %}
+{%       if afi_config.route_target.export is defined and afi_config.route_target.export is not none %}
+ route-target export {{ afi_config.route_target.export }}
+{%       endif %}
+{%       if afi_config.route_target.import is defined and afi_config.route_target.import is not none %}
+ route-target import {{ afi_config.route_target.import }}
+{%       endif %}
+{%     endif %}
+{%     if afi_config.vni is defined and afi_config.vni is not none %}
+{%       for vni, vni_config in afi_config.vni.items() %}
+  vni {{ vni }}
+{%         if vni_config.advertise_default_gw is defined %}
+   advertise-default-gw
+{%         endif %}
+{%     if vni_config.advertise_svi_ip is defined %}
+   advertise-svi-ip
+{%     endif %}
   exit-vni
+{%       endfor %}
 {%     endif %}
  exit-address-family
 {%   endfor %}
@@ -313,6 +380,9 @@ router bgp {{ asn }}
 {%   if parameters.graceful_restart is defined %}
  bgp graceful-restart {{ 'stalepath-time ' + parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is defined }}
 {%   endif %}
+{%   if parameters.graceful_shutdown is defined %}
+ bgp graceful-shutdown
+{%   endif %}
 {%   if parameters.log_neighbor_changes is defined %}
  bgp log-neighbor-changes
 {%   endif %}
diff --git a/data/templates/frr/ospf.frr.tmpl b/data/templates/frr/ospf.frr.tmpl
index 7ca69eee6..140b6b406 100644
--- a/data/templates/frr/ospf.frr.tmpl
+++ b/data/templates/frr/ospf.frr.tmpl
@@ -159,6 +159,9 @@ router ospf
  passive-interface {{ interface }}
 {% endfor %}
 {% for interface in passive_interface_exclude if passive_interface_exclude is defined %}
+{%   if interface.startswith('vlink') %}
+{%     set interface = interface.upper() %}
+{%   endif %}
  no passive-interface {{ interface }}
 {% endfor %}
 {% if redistribute is defined and redistribute is not none %}
diff --git a/data/templates/frr/ospfv3.frr.tmpl b/data/templates/frr/ospfv3.frr.tmpl
index c63ef80dc..d08972a80 100644
--- a/data/templates/frr/ospfv3.frr.tmpl
+++ b/data/templates/frr/ospfv3.frr.tmpl
@@ -1,4 +1,47 @@
 !
+{% if interface is defined and interface is not none %}
+{%   for iface, iface_config in interface.items() %}
+interface {{ iface }}
+{%     if iface_config.cost is defined and iface_config.cost is not none %}
+ ipv6 ospf6 cost {{ iface_config.cost }}
+{%     endif %}
+{%     if iface_config.priority is defined and iface_config.priority is not none %}
+ ipv6 ospf6 priority {{ iface_config.priority }}
+{%     endif %}
+{%     if iface_config.hello_interval is defined and iface_config.hello_interval is not none %}
+ ipv6 ospf6 hello-interval {{ iface_config.hello_interval }}
+{%     endif %}
+{%     if iface_config.retransmit_interval is defined and iface_config.retransmit_interval is not none %}
+ ipv6 ospf6 retransmit-interval {{ iface_config.retransmit_interval }}
+{%     endif %}
+{%     if iface_config.transmit_delay is defined and iface_config.transmit_delay is not none %}
+ ipv6 ospf6 transmit-delay {{ iface_config.transmit_delay }}
+{%     endif %}
+{%     if iface_config.dead_interval is defined and iface_config.dead_interval is not none %}
+ ipv6 ospf6 dead-interval {{ iface_config.dead_interval }}
+{%     endif %}
+{%     if iface_config.bfd is defined %}
+ ipv6 ospf6 bfd
+{%     endif %}
+{%     if iface_config.mtu_ignore is defined %}
+ ipv6 ospf6 mtu-ignore
+{%     endif %}
+{%     if iface_config.ifmtu is defined and iface_config.ifmtu is not none %}
+ ipv6 ospf6 ifmtu {{ iface_config.ifmtu }}
+{%     endif %}
+{%     if iface_config.network is defined and iface_config.network is not none %}
+ ipv6 ospf6 network {{ iface_config.network }}
+{%     endif %}
+{%     if iface_config.instance_id is defined and iface_config.instance_id is not none %}
+ ipv6 ospf6 instance-id {{ iface_config.instance_id }}
+{%     endif %}
+{%     if iface_config.passive is defined %}
+ ipv6 ospf6 passive
+{%     endif %}
+!
+{%   endfor %}
+{% endif %}
+!
 router ospf6
 {% if area is defined and area is not none %}
 {%   for area_id, area_config in area.items() %}
diff --git a/data/templates/frr/rip.frr.tmpl b/data/templates/frr/rip.frr.tmpl
index c0d062fc6..bc92bddf9 100644
--- a/data/templates/frr/rip.frr.tmpl
+++ b/data/templates/frr/rip.frr.tmpl
@@ -35,12 +35,6 @@ interface {{ iface }}
 {% endif %}
 !
 router rip
-{% if default_information is defined and default_information.originate is defined %}
- default-information originate
-{% endif %}
-{% if default_metric is defined and default_metric is not none %}
- default-metric {{ default_metric }}
-{% endif %}
 {% if default_distance is defined and default_distance is not none %}
  distance {{ default_distance }}
 {% endif %}
@@ -56,33 +50,6 @@ router rip
  neighbor {{ address }}
 {%   endfor %}
 {% endif %}
-{% if network is defined and network is not none %}
-{%   for prefix in network %}
- network {{ prefix }}
-{%   endfor %}
-{% endif %}
-{% if interface is defined and interface is not none %}
-{%   for ifname in interface %}
- network {{ ifname }}
-{%   endfor %}
-{% endif %}
-{% if passive_interface is defined and passive_interface is not none %}
-{%   for ifname in passive_interface %}
- passive-interface {{ ifname }}
-{%   endfor %}
-{% endif %}
-{% if redistribute is defined and redistribute is not none %}
-{%   for protocol, protocol_config in redistribute.items() %}
- redistribute {{ protocol }} {{ 'metric ' + protocol_config.metric if protocol_config.metric is defined }} {{ 'route-map ' + protocol_config.route_map if protocol_config.route_map is defined }}
-{%   endfor %}
-{% endif %}
-{% if route is defined and route is not none %}
-{%   for prefix in route %}
- route {{ prefix }}
-{%   endfor %}
-{% endif %}
-{# timers have default values #}
- timers basic {{ timers['update'] }} {{ timers.timeout }} {{ timers.garbage_collection }}
 {% if distribute_list is defined and distribute_list is not none %}
 {%   if distribute_list.access_list is defined and distribute_list.access_list is not none %}
 {%     if distribute_list.access_list.in is defined and distribute_list.access_list.in is not none %}
@@ -114,11 +81,12 @@ router rip
 {%   endif %}
 {%   if distribute_list.prefix_list is defined and distribute_list.prefix_list is not none %}
 {%     if distribute_list.prefix_list.in is defined and distribute_list.prefix_list.in is not none %}
-distribute-list prefix {{ distribute_list.prefix_list.in }} in
+ distribute-list prefix {{ distribute_list.prefix_list.in }} in
 {%     endif %}
 {%     if distribute_list.prefix_list.out is defined and distribute_list.prefix_list.out is not none %}
-distribute-list prefix {{ distribute_list.prefix_list.out }} out
+ distribute-list prefix {{ distribute_list.prefix_list.out }} out
 {%     endif %}
 {%   endif %}
 {% endif %}
+{% include 'frr/rip_ripng.frr.j2' %}
 !
diff --git a/data/templates/frr/rip_ripng.frr.j2 b/data/templates/frr/rip_ripng.frr.j2
new file mode 100644
index 000000000..de180ee6b
--- /dev/null
+++ b/data/templates/frr/rip_ripng.frr.j2
@@ -0,0 +1,36 @@
+{% if default_information is defined and default_information.originate is defined %}
+ default-information originate
+{% endif %}
+{% if default_metric is defined and default_metric is not none %}
+ default-metric {{ default_metric }}
+{% endif %}
+{% if passive_interface is defined and passive_interface is not none %}
+{%   for interface in passive_interface %}
+ passive-interface {{ interface }}
+{%   endfor %}
+{% endif %}
+{% if network is defined and network is not none %}
+{%   for prefix in network %}
+ network {{ prefix }}
+{%   endfor %}
+{% endif %}
+{% if interface is defined and interface is not none %}
+{%   for ifname in interface %}
+ network {{ ifname }}
+{%   endfor %}
+{% endif %}
+{% if route is defined and route is not none %}
+{%   for prefix in route %}
+ route {{ prefix }}
+{%   endfor %}
+{% endif %}
+{# timers have default values #}
+ timers basic {{ timers['update'] }} {{ timers.timeout }} {{ timers.garbage_collection }}
+{% if redistribute is defined and redistribute is not none %}
+{%   for protocol, protocol_config in redistribute.items() %}
+{%     if protocol == 'ospfv3' %}
+{%       set protocol = 'ospf6' %}
+{%     endif %}
+ redistribute {{ protocol }} {{ 'metric ' + protocol_config.metric if protocol_config.metric is defined }} {{ 'route-map ' + protocol_config.route_map if protocol_config.route_map is defined }}
+{%   endfor %}
+{% endif %}
diff --git a/data/templates/frr/ripng.frr.tmpl b/data/templates/frr/ripng.frr.tmpl
new file mode 100644
index 000000000..25df15121
--- /dev/null
+++ b/data/templates/frr/ripng.frr.tmpl
@@ -0,0 +1,60 @@
+!
+{# Interface specific configuration #}
+{% if interface is defined and interface is not none %}
+{%   for iface, iface_config in interface.items() %}
+interface {{ iface }}
+{%     if iface_config.split_horizon is defined and iface_config.split_horizon.disable is defined %}
+ no ipv6 rip split-horizon
+{%     endif %}
+{%     if iface_config.split_horizon is defined and iface_config.split_horizon.poison_reverse is defined %}
+ ipv6 rip split-horizon poisoned-reverse
+{%     endif %}
+{%   endfor %}
+{% endif %}
+!
+router ripng
+{% if aggregate_address is defined and aggregate_address is not none %}
+{%   for prefix in aggregate_address %}
+ aggregate-address {{ prefix }}
+{%   endfor %}
+{% endif %}
+{% if distribute_list is defined and distribute_list is not none %}
+{%   if distribute_list.access_list is defined and distribute_list.access_list is not none %}
+{%     if distribute_list.access_list.in is defined and distribute_list.access_list.in is not none %}
+ ipv6 distribute-list {{ distribute_list.access_list.in }} in
+{%     endif %}
+{%     if distribute_list.access_list.out is defined and distribute_list.access_list.out is not none %}
+ ipv6 distribute-list {{ distribute_list.access_list.out }} out
+{%     endif %}
+{%   endif %}
+{%   if distribute_list.interface is defined and distribute_list.interface is not none %}
+{%     for interface, interface_config in distribute_list.interface.items() %}
+{%       if interface_config.access_list is defined and interface_config.access_list is not none %}
+{%         if interface_config.access_list.in is defined and interface_config.access_list.in is not none %}
+ ipv6 distribute-list {{ interface_config.access_list.in }} in {{ interface }}
+{%         endif %}
+{%         if interface_config.access_list.out is defined and interface_config.access_list.out is not none %}
+ ipv6 distribute-list {{ interface_config.access_list.out }} out {{ interface }}
+{%         endif %}
+{%       endif %}
+{%       if interface_config.prefix_list is defined and interface_config.prefix_list is not none %}
+{%         if interface_config.prefix_list.in is defined and interface_config.prefix_list.in is not none %}
+ ipv6 distribute-list prefix {{ interface_config.prefix_list.in }} in {{ interface }}
+{%         endif %}
+{%         if interface_config.prefix_list.out is defined and interface_config.prefix_list.out is not none %}
+ ipv6 distribute-list prefix {{ interface_config.prefix_list.out }} out {{ interface }}
+{%         endif %}
+{%       endif %}
+{%     endfor %}
+{%   endif %}
+{%   if distribute_list.prefix_list is defined and distribute_list.prefix_list is not none %}
+{%     if distribute_list.prefix_list.in is defined and distribute_list.prefix_list.in is not none %}
+ ipv6 distribute-list prefix {{ distribute_list.prefix_list.in }} in
+{%     endif %}
+{%     if distribute_list.prefix_list.out is defined and distribute_list.prefix_list.out is not none %}
+ ipv6 distribute-list prefix {{ distribute_list.prefix_list.out }} out
+{%     endif %}
+{%   endif %}
+{% endif %}
+{% include 'frr/rip_ripng.frr.j2' %}
+!
diff --git a/data/templates/frr/static_routes_macro.j2 b/data/templates/frr/static_routes_macro.j2
index aadb2805e..b24232ef3 100644
--- a/data/templates/frr/static_routes_macro.j2
+++ b/data/templates/frr/static_routes_macro.j2
@@ -1,15 +1,15 @@
-{% macro static_routes(ip_ipv6, prefix, prefix_config, table=None) %}
-{%   if prefix_config.blackhole is defined %}
-{{ ip_ipv6 }} route {{ prefix }} blackhole {{ prefix_config.blackhole.distance if prefix_config.blackhole.distance is defined }} {{ 'tag ' + prefix_config.blackhole.tag if prefix_config.blackhole.tag is defined }} {{ 'table ' + table if table is defined and table is not none }}
-{%   endif %}
-{%   if prefix_config.interface is defined and prefix_config.interface is not none %}
-{%     for interface, interface_config in prefix_config.interface.items() if interface_config.disable is not defined %}
-{{ ip_ipv6 }} route {{ prefix }} {{ interface }} {{ interface_config.distance if interface_config.distance is defined }} {{ 'nexthop-vrf ' + interface_config.vrf if interface_config.vrf is defined }} {{ 'table ' + table if table is defined and table is not none }}
-{%     endfor %}
-{%   endif %}
-{%   if prefix_config.next_hop is defined and prefix_config.next_hop is not none %}
-{%     for next_hop, next_hop_config in prefix_config.next_hop.items() if next_hop_config.disable is not defined %}
-{{ ip_ipv6 }} route {{ prefix }} {{ next_hop }} {{ next_hop_config.interface if next_hop_config.interface is defined }} {{ next_hop_config.distance if next_hop_config.distance is defined }} {{ 'nexthop-vrf ' + next_hop_config.vrf if next_hop_config.vrf is defined }} {{ 'table ' + table if table is defined and table is not none }}
-{%     endfor %}
-{%   endif %}
-{% endmacro %}
+{% macro static_routes(ip_ipv6, prefix, prefix_config, table=None) %}
+{%   if prefix_config.blackhole is defined %}
+{{ ip_ipv6 }} route {{ prefix }} blackhole {{ prefix_config.blackhole.distance if prefix_config.blackhole.distance is defined }} {{ 'tag ' + prefix_config.blackhole.tag if prefix_config.blackhole.tag is defined }} {{ 'table ' + table if table is defined and table is not none }}
+{%   endif %}
+{%   if prefix_config.interface is defined and prefix_config.interface is not none %}
+{%     for interface, interface_config in prefix_config.interface.items() if interface_config.disable is not defined %}
+{{ ip_ipv6 }} route {{ prefix }} {{ interface }} {{ interface_config.distance if interface_config.distance is defined }} {{ 'nexthop-vrf ' + interface_config.vrf if interface_config.vrf is defined }} {{ 'table ' + table if table is defined and table is not none }}
+{%     endfor %}
+{%   endif %}
+{%   if prefix_config.next_hop is defined and prefix_config.next_hop is not none %}
+{%     for next_hop, next_hop_config in prefix_config.next_hop.items() if next_hop_config.disable is not defined %}
+{{ ip_ipv6 }} route {{ prefix }} {{ next_hop }} {{ next_hop_config.interface if next_hop_config.interface is defined }} {{ next_hop_config.distance if next_hop_config.distance is defined }} {{ 'nexthop-vrf ' + next_hop_config.vrf if next_hop_config.vrf is defined }} {{ 'table ' + table if table is defined and table is not none }}
+{%     endfor %}
+{%   endif %}
+{% endmacro %}
diff --git a/data/templates/frr/vrf.frr.tmpl b/data/templates/frr/vrf.frr.tmpl
index 0c8726908..8d3d8e9dd 100644
--- a/data/templates/frr/vrf.frr.tmpl
+++ b/data/templates/frr/vrf.frr.tmpl
@@ -3,6 +3,9 @@
 {% if vrf is defined and vrf is not none %}
 {%   for vrf_name, vrf_config in vrf.items() %}
 vrf {{ vrf_name }}
+{%     if vrf_config.vni is defined and vrf_config.vni is not none %}
+ vni {{ vrf_config.vni }}
+{%     endif %}
 {%     if vrf_config.static is defined and vrf_config.static is not none %}
 {#       IPv4 routes #}
 {%       if vrf_config.static.route is defined and vrf_config.static.route is not none %}
diff --git a/data/templates/squid/sg_acl.conf.tmpl b/data/templates/squid/sg_acl.conf.tmpl
index cb1c3ccb0..ce72b173a 100644
--- a/data/templates/squid/sg_acl.conf.tmpl
+++ b/data/templates/squid/sg_acl.conf.tmpl
@@ -1,18 +1,18 @@
-### generated by service_webproxy.py ###
-dbhome {{ squidguard_db_dir }}
-
-dest {{ category }}-{{ rule }} {
-{% if list_type == 'domains' %}
-    domainlist      {{ category }}/domains
-{% elif list_type == 'urls' %}
-    urllist         {{ category }}/urls
-{% elif list_type == 'expressions' %}
-    expressionlist  {{ category }}/expressions
-{% endif %}
-}
-
-acl {
-    default {
-        pass all
-    }
-}
+### generated by service_webproxy.py ###
+dbhome {{ squidguard_db_dir }}
+
+dest {{ category }}-{{ rule }} {
+{% if list_type == 'domains' %}
+    domainlist      {{ category }}/domains
+{% elif list_type == 'urls' %}
+    urllist         {{ category }}/urls
+{% elif list_type == 'expressions' %}
+    expressionlist  {{ category }}/expressions
+{% endif %}
+}
+
+acl {
+    default {
+        pass all
+    }
+}
diff --git a/data/templates/squid/squidGuard.conf.tmpl b/data/templates/squid/squidGuard.conf.tmpl
index 74de3a651..f530d1072 100644
--- a/data/templates/squid/squidGuard.conf.tmpl
+++ b/data/templates/squid/squidGuard.conf.tmpl
@@ -1,91 +1,91 @@
-### generated by service_webproxy.py ###
-
-{% macro sg_rule(category, log, db_dir) %}
-{%   set expressions = db_dir + '/' + category + '/expressions' %}
-dest {{ category }}-default {
-        domainlist     {{ category }}/domains
-        urllist        {{ category }}/urls
-{%   if expressions | is_file %}
-        expressionlist {{ category }}/expressions
-{%   endif %}
-{%   if log is defined %}
-        log            blacklist.log
-{%   endif %}
-}
-{% endmacro %}
-
-{% if url_filtering is defined and url_filtering.disable is not defined %}
-{%   if url_filtering.squidguard is defined and url_filtering.squidguard is not none %}
-{%     set sg_config = url_filtering.squidguard %}
-{%     set acl = namespace(value='local-ok-default') %}
-{%     set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %}
-dbhome {{ squidguard_db_dir }}
-logdir /var/log/squid
-
-rewrite safesearch {
-        s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
-        s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
-        s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
-        s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
-        s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
-        s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
-        log     rewrite.log
-}
-
-{%     if sg_config.local_ok is defined and sg_config.local_ok is not none %}
-{%       set acl.value = acl.value + ' local-ok-default' %}
-dest local-ok-default {
-        domainlist     local-ok-default/domains
-}
-{% endif %}
-{%     if sg_config.local_ok_url is defined and sg_config.local_ok_url is not none %}
-{%       set acl.value = acl.value + ' local-ok-url-default' %}
-dest local-ok-url-default {
-        urllist        local-ok-url-default/urls
-}
-{% endif %}
-{%     if sg_config.local_block is defined and sg_config.local_block is not none %}
-{%       set acl.value = acl.value + ' !local-block-default' %}
-dest local-block-default {
-        domainlist     local-block-default/domains
-}
-{% endif %}
-{%     if sg_config.local_block_url is defined and sg_config.local_block_url is not none %}
-{%       set acl.value = acl.value + ' !local-block-url-default' %}
-dest local-block-url-default {
-        urllist        local-block-url-default/urls
-}
-{% endif %}
-{%     if sg_config.local_block_keyword is defined and sg_config.local_block_keyword is not none %}
-{%       set acl.value = acl.value + ' !local-block-keyword-default' %}
-dest local-block-keyword-default {
-        expressionlist local-block-keyword-default/expressions
-}
-{% endif %}
-
-{%     if sg_config.block_category is defined and sg_config.block_category is not none %}
-{%       for category in sg_config.block_category %}
-{{ sg_rule(category, sg_config.log, squidguard_db_dir) }}
-{%         set acl.value = acl.value + ' !' + category + '-default' %}
-{%       endfor %}
-{%     endif %}
-{%     if sg_config.allow_category is defined and sg_config.allow_category is not none %}
-{%       for category in sg_config.allow_category %}
-{{ sg_rule(category, False, squidguard_db_dir) }}
-{%         set acl.value = acl.value + ' ' + category + '-default' %}
-{%       endfor %}
-{%     endif %}
-acl {
-    default {
-{%     if sg_config.enable_safe_search is defined %}
-        rewrite safesearch
-{%     endif %}
-        pass {{ acl.value }} {{ 'none' if sg_config.default_action is defined and sg_config.default_action == 'block' else 'allow' }}
-        redirect 302:http://{{ sg_config.redirect_url }}
-{%     if sg_config.log is defined and sg_config.log is not none %}
-        log blacklist.log
-{%     endif %}
-    }
-}
-{%   endif %}
-{% endif %}
+### generated by service_webproxy.py ###
+
+{% macro sg_rule(category, log, db_dir) %}
+{%   set expressions = db_dir + '/' + category + '/expressions' %}
+dest {{ category }}-default {
+        domainlist     {{ category }}/domains
+        urllist        {{ category }}/urls
+{%   if expressions | is_file %}
+        expressionlist {{ category }}/expressions
+{%   endif %}
+{%   if log is defined %}
+        log            blacklist.log
+{%   endif %}
+}
+{% endmacro %}
+
+{% if url_filtering is defined and url_filtering.disable is not defined %}
+{%   if url_filtering.squidguard is defined and url_filtering.squidguard is not none %}
+{%     set sg_config = url_filtering.squidguard %}
+{%     set acl = namespace(value='local-ok-default') %}
+{%     set acl.value = acl.value + ' !in-addr' if sg_config.allow_ipaddr_url is not defined else acl.value %}
+dbhome {{ squidguard_db_dir }}
+logdir /var/log/squid
+
+rewrite safesearch {
+        s@(.*\.google\..*/(custom|search|images|groups|news)?.*q=.*)@\1\&safe=active@i
+        s@(.*\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
+        s@(.*\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
+        s@(.*\.live\..*/.*q=.*)@\1\&adlt=strict@i
+        s@(.*\.msn\..*/.*q=.*)@\1\&adlt=strict@i
+        s@(.*\.bing\..*/search.*q=.*)@\1\&adlt=strict@i
+        log     rewrite.log
+}
+
+{%     if sg_config.local_ok is defined and sg_config.local_ok is not none %}
+{%       set acl.value = acl.value + ' local-ok-default' %}
+dest local-ok-default {
+        domainlist     local-ok-default/domains
+}
+{% endif %}
+{%     if sg_config.local_ok_url is defined and sg_config.local_ok_url is not none %}
+{%       set acl.value = acl.value + ' local-ok-url-default' %}
+dest local-ok-url-default {
+        urllist        local-ok-url-default/urls
+}
+{% endif %}
+{%     if sg_config.local_block is defined and sg_config.local_block is not none %}
+{%       set acl.value = acl.value + ' !local-block-default' %}
+dest local-block-default {
+        domainlist     local-block-default/domains
+}
+{% endif %}
+{%     if sg_config.local_block_url is defined and sg_config.local_block_url is not none %}
+{%       set acl.value = acl.value + ' !local-block-url-default' %}
+dest local-block-url-default {
+        urllist        local-block-url-default/urls
+}
+{% endif %}
+{%     if sg_config.local_block_keyword is defined and sg_config.local_block_keyword is not none %}
+{%       set acl.value = acl.value + ' !local-block-keyword-default' %}
+dest local-block-keyword-default {
+        expressionlist local-block-keyword-default/expressions
+}
+{% endif %}
+
+{%     if sg_config.block_category is defined and sg_config.block_category is not none %}
+{%       for category in sg_config.block_category %}
+{{ sg_rule(category, sg_config.log, squidguard_db_dir) }}
+{%         set acl.value = acl.value + ' !' + category + '-default' %}
+{%       endfor %}
+{%     endif %}
+{%     if sg_config.allow_category is defined and sg_config.allow_category is not none %}
+{%       for category in sg_config.allow_category %}
+{{ sg_rule(category, False, squidguard_db_dir) }}
+{%         set acl.value = acl.value + ' ' + category + '-default' %}
+{%       endfor %}
+{%     endif %}
+acl {
+    default {
+{%     if sg_config.enable_safe_search is defined %}
+        rewrite safesearch
+{%     endif %}
+        pass {{ acl.value }} {{ 'none' if sg_config.default_action is defined and sg_config.default_action == 'block' else 'allow' }}
+        redirect 302:http://{{ sg_config.redirect_url }}
+{%     if sg_config.log is defined and sg_config.log is not none %}
+        log blacklist.log
+{%     endif %}
+    }
+}
+{%   endif %}
+{% endif %}
diff --git a/data/templates/system/ssh_config.tmpl b/data/templates/system/ssh_config.tmpl
index 509bd5479..abc03f069 100644
--- a/data/templates/system/ssh_config.tmpl
+++ b/data/templates/system/ssh_config.tmpl
@@ -1,3 +1,3 @@
-{% if ssh_client is defined and ssh_client.source_address is defined and ssh_client.source_address is not none %}
-BindAddress {{ ssh_client.source_address }}
-{% endif %}
+{% if ssh_client is defined and ssh_client.source_address is defined and ssh_client.source_address is not none %}
+BindAddress {{ ssh_client.source_address }}
+{% endif %}
author	Daniil Baturin <daniil@vyos.io>	2021-02-22 17:04:15 +0200
committer	Daniil Baturin <daniil@vyos.io>	2021-02-22 17:04:15 +0200
commit	bdc35ac8ad1d3d88c796aa488749e44bda617b44 (patch)
tree	b2c97b7ab02aa6c3c3ed27cb98e46302f797c909 /data
parent	28cd2e3edb3e2108c43ad20c0084d496a7ffef25 (diff)
parent	cf1156a60e1d03a752cde0baadbc9ac8118b2a52 (diff)
download	vyos-1x-bdc35ac8ad1d3d88c796aa488749e44bda617b44.tar.gz vyos-1x-bdc35ac8ad1d3d88c796aa488749e44bda617b44.zip