5 files changed, 29 insertions, 20 deletions
diff --git a/data/templates/dns-forwarding/recursor.conf.j2 b/data/templates/dns-forwarding/recursor.conf.j2
index e4e8e7044..5ac872f19 100644
--- a/data/templates/dns-forwarding/recursor.conf.j2
+++ b/data/templates/dns-forwarding/recursor.conf.j2
@@ -57,3 +57,17 @@ serve-rfc1918={{ 'no' if no_serve_rfc1918 is vyos_defined else 'yes' }}
 auth-zones={% for z in authoritative_zones %}{{ z.name }}={{ z.file }}{{- "," if not loop.last -}}{% endfor %}
 
 forward-zones-file={{ config_dir }}/recursor.forward-zones.conf
+
+#ecs
+{% if options.ecs_add_for is vyos_defined %}
+ecs-add-for={{ options.ecs_add_for | join(',') }}
+{% endif %}
+
+{% if options.ecs_ipv4_bits is vyos_defined %}
+ecs-ipv4-bits={{ options.ecs_ipv4_bits }}
+{% endif %}
+
+{% if options.edns_subnet_allow_list is vyos_defined %}
+edns-subnet-allow-list={{ options.edns_subnet_allow_list | join(',') }}
+{% endif %}
+
diff --git a/data/templates/firewall/nftables-vrf-zones.j2 b/data/templates/firewall/nftables-vrf-zones.j2
deleted file mode 100644
index 3bce7312d..000000000
--- a/data/templates/firewall/nftables-vrf-zones.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-table inet vrf_zones {
-  # Map of interfaces and connections tracking zones
-  map ct_iface_map {
-    typeof iifname : ct zone
-  }
-  # Assign unique zones for each VRF
-  # Chain for inbound traffic
-  chain vrf_zones_ct_in {
-    type filter hook prerouting priority raw; policy accept;
-    counter ct original zone set iifname map @ct_iface_map
-  }
-  # Chain for locally-generated traffic
-  chain vrf_zones_ct_out {
-    type filter hook output priority raw; policy accept;
-    counter ct original zone set oifname map @ct_iface_map
-  }
-}
diff --git a/data/templates/frr/bfdd.frr.j2 b/data/templates/frr/bfdd.frr.j2
index c4adeb402..f3303e401 100644
--- a/data/templates/frr/bfdd.frr.j2
+++ b/data/templates/frr/bfdd.frr.j2
@@ -13,6 +13,9 @@ bfd
 {%             if profile_config.echo_mode is vyos_defined %}
   echo-mode
 {%             endif %}
+{%             if profile_config.minimum_ttl is vyos_defined %}
+  minimum-ttl {{ profile_config.minimum_ttl }}
+{%             endif %}
 {%             if profile_config.passive is vyos_defined %}
   passive-mode
 {%             endif %}
@@ -38,6 +41,9 @@ bfd
 {%             if peer_config.echo_mode is vyos_defined %}
   echo-mode
 {%             endif %}
+{%             if peer_config.minimum_ttl is vyos_defined %}
+  minimum-ttl {{ peer_config.minimum_ttl }}
+{%             endif %}
 {%             if peer_config.passive is vyos_defined %}
   passive-mode
 {%             endif %}
diff --git a/data/templates/grub/grub_vyos_version.j2 b/data/templates/grub/grub_vyos_version.j2
index 62688e68b..de85f1419 100644
--- a/data/templates/grub/grub_vyos_version.j2
+++ b/data/templates/grub/grub_vyos_version.j2
@@ -1,5 +1,10 @@
-{% set boot_opts_default = "boot=live rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/" + version_name %}
-{% if boot_opts != '' %}
+{% if boot_opts_config is vyos_defined %}
+{%     if boot_opts_config %}
+{%         set boot_opts_rendered = boot_opts_default + " " + boot_opts_config %}
+{%     else %}
+{%         set boot_opts_rendered = boot_opts_default %}
+{%     endif %}
+{% elif boot_opts != '' %}
 {%     set boot_opts_rendered = boot_opts %}
 {% else %}
 {%     set boot_opts_rendered = boot_opts_default %}
diff --git a/data/templates/sflow/override.conf.j2 b/data/templates/sflow/override.conf.j2
index f2a982528..73588fdb2 100644
--- a/data/templates/sflow/override.conf.j2
+++ b/data/templates/sflow/override.conf.j2
@@ -1,3 +1,4 @@
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
 [Unit]
 After=
 After=vyos-router.service
@@ -7,7 +8,7 @@ ConditionPathExists=/run/sflow/hsflowd.conf
 [Service]
 EnvironmentFile=
 ExecStart=
-ExecStart=/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf
+ExecStart={{ vrf_command }}/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf
 WorkingDirectory=
 WorkingDirectory=/run/sflow
 PIDFile=