summaryrefslogtreecommitdiff
path: root/data/templates/firewall/nftables-policy.tmpl
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/firewall/nftables-policy.tmpl')
-rw-r--r--data/templates/firewall/nftables-policy.tmpl14
1 files changed, 11 insertions, 3 deletions
diff --git a/data/templates/firewall/nftables-policy.tmpl b/data/templates/firewall/nftables-policy.tmpl
index aa6bb6fc1..484b6f203 100644
--- a/data/templates/firewall/nftables-policy.tmpl
+++ b/data/templates/firewall/nftables-policy.tmpl
@@ -1,5 +1,13 @@
#!/usr/sbin/nft -f
+{% if cleanup_commands is defined %}
+{% for command in cleanup_commands %}
+{{ command }}
+{% endfor %}
+{% endif %}
+
+include "/run/nftables_defines.conf"
+
table ip mangle {
{% if first_install is defined %}
chain VYOS_PBR_PREROUTING {
@@ -9,7 +17,7 @@ table ip mangle {
type filter hook postrouting priority -150; policy accept;
}
{% endif %}
-{% if route is defined -%}
+{% if route is defined and route is not none -%}
{% for route_text, conf in route.items() %}
chain VYOS_PBR_{{ route_text }} {
{% if conf.rule is defined %}
@@ -36,8 +44,8 @@ table ip6 mangle {
type filter hook postrouting priority -150; policy accept;
}
{% endif %}
-{% if ipv6_route is defined %}
-{% for route_text, conf in ipv6_route.items() %}
+{% if route6 is defined and route6 is not none %}
+{% for route_text, conf in route6.items() %}
chain VYOS_PBR6_{{ route_text }} {
{% if conf.rule is defined %}
{% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not defined %}