diff options
Diffstat (limited to 'data/templates/firewall/nftables-policy.tmpl')
-rw-r--r-- | data/templates/firewall/nftables-policy.tmpl | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/data/templates/firewall/nftables-policy.tmpl b/data/templates/firewall/nftables-policy.tmpl index aa6bb6fc1..484b6f203 100644 --- a/data/templates/firewall/nftables-policy.tmpl +++ b/data/templates/firewall/nftables-policy.tmpl @@ -1,5 +1,13 @@ #!/usr/sbin/nft -f +{% if cleanup_commands is defined %} +{% for command in cleanup_commands %} +{{ command }} +{% endfor %} +{% endif %} + +include "/run/nftables_defines.conf" + table ip mangle { {% if first_install is defined %} chain VYOS_PBR_PREROUTING { @@ -9,7 +17,7 @@ table ip mangle { type filter hook postrouting priority -150; policy accept; } {% endif %} -{% if route is defined -%} +{% if route is defined and route is not none -%} {% for route_text, conf in route.items() %} chain VYOS_PBR_{{ route_text }} { {% if conf.rule is defined %} @@ -36,8 +44,8 @@ table ip6 mangle { type filter hook postrouting priority -150; policy accept; } {% endif %} -{% if ipv6_route is defined %} -{% for route_text, conf in ipv6_route.items() %} +{% if route6 is defined and route6 is not none %} +{% for route_text, conf in route6.items() %} chain VYOS_PBR6_{{ route_text }} { {% if conf.rule is defined %} {% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not defined %} |