summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/op-mode-standardized.json7
-rw-r--r--data/templates/dns-forwarding/recursor.conf.j214
-rw-r--r--data/templates/firewall/nftables-vrf-zones.j217
-rw-r--r--data/templates/frr/bfdd.frr.j26
-rw-r--r--data/templates/grub/grub_vyos_version.j29
-rw-r--r--data/templates/sflow/override.conf.j23
-rw-r--r--data/vyos-firewall-init.conf19
7 files changed, 52 insertions, 23 deletions
diff --git a/data/op-mode-standardized.json b/data/op-mode-standardized.json
index ed9bb6cad..d3685caaf 100644
--- a/data/op-mode-standardized.json
+++ b/data/op-mode-standardized.json
@@ -9,21 +9,22 @@
"dhcp.py",
"dns.py",
"interfaces.py",
+"ipsec.py",
"lldp.py",
"log.py",
"memory.py",
+"multicast.py",
"nat.py",
"neighbor.py",
"nhrp.py",
"openconnect.py",
-"otp.py",
"openvpn.py",
+"otp.py",
"reset_vpn.py",
"reverseproxy.py",
"route.py",
-"system.py",
-"ipsec.py",
"storage.py",
+"system.py",
"uptime.py",
"version.py",
"vrf.py"
diff --git a/data/templates/dns-forwarding/recursor.conf.j2 b/data/templates/dns-forwarding/recursor.conf.j2
index e4e8e7044..5ac872f19 100644
--- a/data/templates/dns-forwarding/recursor.conf.j2
+++ b/data/templates/dns-forwarding/recursor.conf.j2
@@ -57,3 +57,17 @@ serve-rfc1918={{ 'no' if no_serve_rfc1918 is vyos_defined else 'yes' }}
auth-zones={% for z in authoritative_zones %}{{ z.name }}={{ z.file }}{{- "," if not loop.last -}}{% endfor %}
forward-zones-file={{ config_dir }}/recursor.forward-zones.conf
+
+#ecs
+{% if options.ecs_add_for is vyos_defined %}
+ecs-add-for={{ options.ecs_add_for | join(',') }}
+{% endif %}
+
+{% if options.ecs_ipv4_bits is vyos_defined %}
+ecs-ipv4-bits={{ options.ecs_ipv4_bits }}
+{% endif %}
+
+{% if options.edns_subnet_allow_list is vyos_defined %}
+edns-subnet-allow-list={{ options.edns_subnet_allow_list | join(',') }}
+{% endif %}
+
diff --git a/data/templates/firewall/nftables-vrf-zones.j2 b/data/templates/firewall/nftables-vrf-zones.j2
deleted file mode 100644
index 3bce7312d..000000000
--- a/data/templates/firewall/nftables-vrf-zones.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-table inet vrf_zones {
- # Map of interfaces and connections tracking zones
- map ct_iface_map {
- typeof iifname : ct zone
- }
- # Assign unique zones for each VRF
- # Chain for inbound traffic
- chain vrf_zones_ct_in {
- type filter hook prerouting priority raw; policy accept;
- counter ct original zone set iifname map @ct_iface_map
- }
- # Chain for locally-generated traffic
- chain vrf_zones_ct_out {
- type filter hook output priority raw; policy accept;
- counter ct original zone set oifname map @ct_iface_map
- }
-}
diff --git a/data/templates/frr/bfdd.frr.j2 b/data/templates/frr/bfdd.frr.j2
index c4adeb402..f3303e401 100644
--- a/data/templates/frr/bfdd.frr.j2
+++ b/data/templates/frr/bfdd.frr.j2
@@ -13,6 +13,9 @@ bfd
{% if profile_config.echo_mode is vyos_defined %}
echo-mode
{% endif %}
+{% if profile_config.minimum_ttl is vyos_defined %}
+ minimum-ttl {{ profile_config.minimum_ttl }}
+{% endif %}
{% if profile_config.passive is vyos_defined %}
passive-mode
{% endif %}
@@ -38,6 +41,9 @@ bfd
{% if peer_config.echo_mode is vyos_defined %}
echo-mode
{% endif %}
+{% if peer_config.minimum_ttl is vyos_defined %}
+ minimum-ttl {{ peer_config.minimum_ttl }}
+{% endif %}
{% if peer_config.passive is vyos_defined %}
passive-mode
{% endif %}
diff --git a/data/templates/grub/grub_vyos_version.j2 b/data/templates/grub/grub_vyos_version.j2
index 62688e68b..de85f1419 100644
--- a/data/templates/grub/grub_vyos_version.j2
+++ b/data/templates/grub/grub_vyos_version.j2
@@ -1,5 +1,10 @@
-{% set boot_opts_default = "boot=live rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/" + version_name %}
-{% if boot_opts != '' %}
+{% if boot_opts_config is vyos_defined %}
+{% if boot_opts_config %}
+{% set boot_opts_rendered = boot_opts_default + " " + boot_opts_config %}
+{% else %}
+{% set boot_opts_rendered = boot_opts_default %}
+{% endif %}
+{% elif boot_opts != '' %}
{% set boot_opts_rendered = boot_opts %}
{% else %}
{% set boot_opts_rendered = boot_opts_default %}
diff --git a/data/templates/sflow/override.conf.j2 b/data/templates/sflow/override.conf.j2
index f2a982528..73588fdb2 100644
--- a/data/templates/sflow/override.conf.j2
+++ b/data/templates/sflow/override.conf.j2
@@ -1,3 +1,4 @@
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
[Unit]
After=
After=vyos-router.service
@@ -7,7 +8,7 @@ ConditionPathExists=/run/sflow/hsflowd.conf
[Service]
EnvironmentFile=
ExecStart=
-ExecStart=/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf
+ExecStart={{ vrf_command }}/usr/sbin/hsflowd -m %m -d -f /run/sflow/hsflowd.conf
WorkingDirectory=
WorkingDirectory=/run/sflow
PIDFile=
diff --git a/data/vyos-firewall-init.conf b/data/vyos-firewall-init.conf
index cd7d5011f..5a4e03015 100644
--- a/data/vyos-firewall-init.conf
+++ b/data/vyos-firewall-init.conf
@@ -54,3 +54,22 @@ table ip6 raw {
type filter hook prerouting priority -300; policy accept;
}
}
+
+# Required by VRF
+table inet vrf_zones {
+ # Map of interfaces and connections tracking zones
+ map ct_iface_map {
+ typeof iifname : ct zone
+ }
+ # Assign unique zones for each VRF
+ # Chain for inbound traffic
+ chain vrf_zones_ct_in {
+ type filter hook prerouting priority raw; policy accept;
+ counter ct original zone set iifname map @ct_iface_map
+ }
+ # Chain for locally-generated traffic
+ chain vrf_zones_ct_out {
+ type filter hook output priority raw; policy accept;
+ counter ct original zone set oifname map @ct_iface_map
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-28 16:34:33 +0000