diff options
Diffstat (limited to 'data/templates')
-rw-r--r-- | data/templates/conntrack/nftables-ct.j2 | 4 | ||||
-rw-r--r-- | data/templates/firewall/nftables-vrf-zones.j2 | 4 | ||||
-rw-r--r-- | data/templates/frr/bgpd.frr.j2 | 2 | ||||
-rw-r--r-- | data/templates/frr/daemons.frr.tmpl | 31 | ||||
-rw-r--r-- | data/templates/frr/pim6d.frr.j2 | 38 |
5 files changed, 60 insertions, 19 deletions
diff --git a/data/templates/conntrack/nftables-ct.j2 b/data/templates/conntrack/nftables-ct.j2 index 970869043..3a5b5a87c 100644 --- a/data/templates/conntrack/nftables-ct.j2 +++ b/data/templates/conntrack/nftables-ct.j2 @@ -29,7 +29,7 @@ table raw { return } -{{ group_tmpl.groups(firewall_group, False) }} +{{ group_tmpl.groups(firewall_group, False, True) }} } flush chain ip6 raw {{ nft_ct_ignore_name }} @@ -54,5 +54,5 @@ table ip6 raw { return } -{{ group_tmpl.groups(firewall_group, True) }} +{{ group_tmpl.groups(firewall_group, True, True) }} } diff --git a/data/templates/firewall/nftables-vrf-zones.j2 b/data/templates/firewall/nftables-vrf-zones.j2 index eecf47b78..3bce7312d 100644 --- a/data/templates/firewall/nftables-vrf-zones.j2 +++ b/data/templates/firewall/nftables-vrf-zones.j2 @@ -7,11 +7,11 @@ table inet vrf_zones { # Chain for inbound traffic chain vrf_zones_ct_in { type filter hook prerouting priority raw; policy accept; - counter ct zone set iifname map @ct_iface_map + counter ct original zone set iifname map @ct_iface_map } # Chain for locally-generated traffic chain vrf_zones_ct_out { type filter hook output priority raw; policy accept; - counter ct zone set oifname map @ct_iface_map + counter ct original zone set oifname map @ct_iface_map } } diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2 index 7fa974254..e1c102e16 100644 --- a/data/templates/frr/bgpd.frr.j2 +++ b/data/templates/frr/bgpd.frr.j2 @@ -170,7 +170,7 @@ {% endif %} {% endif %} {% if afi_config.remove_private_as is vyos_defined %} - neighbor {{ neighbor }} remove-private-AS + neighbor {{ neighbor }} remove-private-AS {{ 'all' if afi_config.remove_private_as.all is vyos_defined }} {% endif %} {% if afi_config.route_reflector_client is vyos_defined %} neighbor {{ neighbor }} route-reflector-client diff --git a/data/templates/frr/daemons.frr.tmpl b/data/templates/frr/daemons.frr.tmpl index 3aad8e8dd..fe2610724 100644 --- a/data/templates/frr/daemons.frr.tmpl +++ b/data/templates/frr/daemons.frr.tmpl @@ -6,6 +6,7 @@ ripd=yes ripngd=yes isisd=yes pimd=no +pim6d=yes ldpd=yes nhrpd=no eigrpd=yes @@ -16,39 +17,41 @@ bfdd=yes staticd=yes vtysh_enable=yes -zebra_options=" -s 90000000 --daemon -A 127.0.0.1 +zebra_options=" --daemon -A 127.0.0.1 -s 90000000 {%- if irdp is defined %} -M irdp{% endif -%} {%- if snmp is defined and snmp.zebra is defined %} -M snmp{% endif -%} " -bgpd_options=" --daemon -A 127.0.0.1 +bgpd_options=" --daemon -A 127.0.0.1 -M rpki {%- if bmp is defined %} -M bmp{% endif -%} {%- if snmp is defined and snmp.bgpd is defined %} -M snmp{% endif -%} " -ospfd_options=" --daemon -A 127.0.0.1 +ospfd_options=" --daemon -A 127.0.0.1 {%- if snmp is defined and snmp.ospfd is defined %} -M snmp{% endif -%} " -ospf6d_options=" --daemon -A ::1 +ospf6d_options=" --daemon -A ::1 {%- if snmp is defined and snmp.ospf6d is defined %} -M snmp{% endif -%} " -ripd_options=" --daemon -A 127.0.0.1 +ripd_options=" --daemon -A 127.0.0.1 {%- if snmp is defined and snmp.ripd is defined %} -M snmp{% endif -%} " -ripngd_options=" --daemon -A ::1" -isisd_options=" --daemon -A 127.0.0.1 +ripngd_options=" --daemon -A ::1" +isisd_options=" --daemon -A 127.0.0.1 {%- if snmp is defined and snmp.isisd is defined %} -M snmp{% endif -%} " -pimd_options=" --daemon -A 127.0.0.1" -ldpd_options=" --daemon -A 127.0.0.1 +pimd_options=" --daemon -A 127.0.0.1" +pim6d_options=" --daemon -A ::1" +ldpd_options=" --daemon -A 127.0.0.1 {%- if snmp is defined and snmp.ldpd is defined %} -M snmp{% endif -%} " -mgmtd_options=" --daemon -A 127.0.0.1" -nhrpd_options=" --daemon -A 127.0.0.1" +mgmtd_options=" --daemon -A 127.0.0.1" +nhrpd_options=" --daemon -A 127.0.0.1" eigrpd_options=" --daemon -A 127.0.0.1" babeld_options=" --daemon -A 127.0.0.1" sharpd_options=" --daemon -A 127.0.0.1" -pbrd_options=" --daemon -A 127.0.0.1" -staticd_options=" --daemon -A 127.0.0.1" -bfdd_options=" --daemon -A 127.0.0.1" +pbrd_options=" --daemon -A 127.0.0.1" +staticd_options=" --daemon -A 127.0.0.1" +bfdd_options=" --daemon -A 127.0.0.1" watchfrr_enable=no valgrind_enable=no + diff --git a/data/templates/frr/pim6d.frr.j2 b/data/templates/frr/pim6d.frr.j2 new file mode 100644 index 000000000..8e430541d --- /dev/null +++ b/data/templates/frr/pim6d.frr.j2 @@ -0,0 +1,38 @@ +! +{% if interface is vyos_defined %} +{% for iface, iface_config in interface.items() %} +interface {{ iface }} +{% if iface_config.mld is vyos_defined and iface_config.mld.disable is not vyos_defined %} + ipv6 mld +{% if iface_config.mld.version is vyos_defined %} + ipv6 mld version {{ iface_config.mld.version }} +{% endif %} +{% if iface_config.mld.interval is vyos_defined %} + ipv6 mld query-interval {{ iface_config.mld.interval }} +{% endif %} +{% if iface_config.mld.max_response_time is vyos_defined %} + ipv6 mld query-max-response-time {{ iface_config.mld.max_response_time // 100 }} +{% endif %} +{% if iface_config.mld.last_member_query_count is vyos_defined %} + ipv6 mld last-member-query-count {{ iface_config.mld.last_member_query_count }} +{% endif %} +{% if iface_config.mld.last_member_query_interval is vyos_defined %} + ipv6 mld last-member-query-interval {{ iface_config.mld.last_member_query_interval // 100 }} +{% endif %} +{% if iface_config.mld.join is vyos_defined %} +{% for group, group_config in iface_config.mld.join.items() %} +{% if group_config.source is vyos_defined %} +{% for source in group_config.source %} + ipv6 mld join {{ group }} {{ source }} +{% endfor %} +{% else %} + ipv6 mld join {{ group }} +{% endif %} +{% endfor %} +{% endif %} +{% endif %} +exit +! +{% endfor %} +! +{% endif %} |