diff options
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/accel-ppp/config_shaper_radius.j2 | 3 | ||||
-rw-r--r-- | data/templates/container/registries.conf.j2 | 2 | ||||
-rw-r--r-- | data/templates/container/storage.conf.j2 | 5 | ||||
-rw-r--r-- | data/templates/frr/policy.frr.j2 | 6 | ||||
-rw-r--r-- | data/templates/ipsec/swanctl/remote_access.j2 | 3 | ||||
-rw-r--r-- | data/templates/ssh/sshguard_config.j2 | 27 | ||||
-rw-r--r-- | data/templates/ssh/sshguard_whitelist.j2 | 7 |
7 files changed, 48 insertions, 5 deletions
diff --git a/data/templates/accel-ppp/config_shaper_radius.j2 b/data/templates/accel-ppp/config_shaper_radius.j2 index c256647e4..942cdf132 100644 --- a/data/templates/accel-ppp/config_shaper_radius.j2 +++ b/data/templates/accel-ppp/config_shaper_radius.j2 @@ -6,5 +6,8 @@ attr={{ authentication.radius.rate_limit.attribute }} {% if authentication.radius.rate_limit.vendor is vyos_defined %} vendor={{ authentication.radius.rate_limit.vendor }} {% endif %} +{% if authentication.radius.rate_limit.multiplier is vyos_defined %} +rate-multiplier={{ authentication.radius.rate_limit.multiplier }} +{% endif %} {% endif %} {% endif %} diff --git a/data/templates/container/registries.conf.j2 b/data/templates/container/registries.conf.j2 index 6a3be58d0..2e86466a1 100644 --- a/data/templates/container/registries.conf.j2 +++ b/data/templates/container/registries.conf.j2 @@ -1,4 +1,4 @@ -### Autogenerated by /usr/libexec/vyos/conf_mode/container.py ### +### Autogenerated by container.py ### # For more information on this configuration file, see containers-registries.conf(5). # diff --git a/data/templates/container/storage.conf.j2 b/data/templates/container/storage.conf.j2 index 97e1a9d0c..665f9bf95 100644 --- a/data/templates/container/storage.conf.j2 +++ b/data/templates/container/storage.conf.j2 @@ -1,5 +1,4 @@ -### Autogenerated by /usr/libexec/vyos/conf_mode/container.py ### - +### Autogenerated by container.py ### [storage] driver = "vfs" - graphroot = "/config/containers/storage" + graphroot = "/usr/lib/live/mount/persistence/container/storage" diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2 index f0a64cb89..a42b73e98 100644 --- a/data/templates/frr/policy.frr.j2 +++ b/data/templates/frr/policy.frr.j2 @@ -259,6 +259,12 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }} {% if rule_config.set.distance is vyos_defined %} set distance {{ rule_config.set.distance }} {% endif %} +{% if rule_config.set.evpn.gateway.ipv4 is vyos_defined %} + set evpn gateway-ip ipv4 {{ rule_config.set.evpn.gateway.ipv4 }} +{% endif %} +{% if rule_config.set.evpn.gateway.ipv6 is vyos_defined %} + set evpn gateway-ip ipv6 {{ rule_config.set.evpn.gateway.ipv6 }} +{% endif %} {% if rule_config.set.extcommunity.bandwidth is vyos_defined %} set extcommunity bandwidth {{ rule_config.set.extcommunity.bandwidth }} {% endif %} diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2 index 676ad88b3..d2760ec1f 100644 --- a/data/templates/ipsec/swanctl/remote_access.j2 +++ b/data/templates/ipsec/swanctl/remote_access.j2 @@ -18,7 +18,8 @@ {% endif %} local { {% if rw_conf.authentication.id is vyos_defined and rw_conf.authentication.use_x509_id is not vyos_defined %} - id = '{{ rw_conf.authentication.id }}' +{# please use " quotes - else Apple iOS goes crazy #} + id = "{{ rw_conf.authentication.id }}" {% endif %} {% if rw_conf.authentication.server_mode == 'x509' %} auth = pubkey diff --git a/data/templates/ssh/sshguard_config.j2 b/data/templates/ssh/sshguard_config.j2 new file mode 100644 index 000000000..58c6ad48d --- /dev/null +++ b/data/templates/ssh/sshguard_config.j2 @@ -0,0 +1,27 @@ +### Autogenerated by ssh.py ### + +{% if dynamic_protection is vyos_defined %} +# Full path to backend executable (required, no default) +BACKEND="/usr/libexec/sshguard/sshg-fw-nft-sets" + +# Shell command that provides logs on standard output. (optional, no default) +# Example 1: ssh and sendmail from systemd journal: +LOGREADER="LANG=C journalctl -afb -p info -n1 -t sshd -o cat" + +#### OPTIONS #### +# Block attackers when their cumulative attack score exceeds THRESHOLD. +# Most attacks have a score of 10. (optional, default 30) +THRESHOLD={{ dynamic_protection.threshold }} + +# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD. +# Subsequent blocks increase by a factor of 1.5. (optional, default 120) +BLOCK_TIME={{ dynamic_protection.block_time }} + +# Remember potential attackers for up to DETECTION_TIME seconds before +# resetting their score. (optional, default 1800) +DETECTION_TIME={{ dynamic_protection.detect_time }} + +# IP addresses listed in the WHITELIST_FILE are considered to be +# friendlies and will never be blocked. +WHITELIST_FILE=/etc/sshguard/whitelist +{% endif %} diff --git a/data/templates/ssh/sshguard_whitelist.j2 b/data/templates/ssh/sshguard_whitelist.j2 new file mode 100644 index 000000000..47a950a2b --- /dev/null +++ b/data/templates/ssh/sshguard_whitelist.j2 @@ -0,0 +1,7 @@ +### Autogenerated by ssh.py ### + +{% if dynamic_protection.allow_from is vyos_defined %} +{% for address in dynamic_protection.allow_from %} +{{ address }} +{% endfor %} +{% endif %} |