diff options
Diffstat (limited to 'data')
49 files changed, 1294 insertions, 1057 deletions
diff --git a/data/configd-include.json b/data/configd-include.json index 739f2f6c8..b77d48001 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -48,6 +48,7 @@ "protocols_ripng.py", "protocols_static.py", "protocols_static_multicast.py", +"qos.py", "salt-minion.py", "service_console-server.py", "service_ids_fastnetmon.py", @@ -55,6 +56,7 @@ "service_mdns-repeater.py", "service_pppoe-server.py", "service_router-advert.py", +"service_upnp.py", "ssh.py", "system-ip.py", "system-ipv6.py", diff --git a/data/templates/accel-ppp/ipoe.config.tmpl b/data/templates/accel-ppp/ipoe.config.tmpl index 1cf2ab0be..92c2d5715 100644 --- a/data/templates/accel-ppp/ipoe.config.tmpl +++ b/data/templates/accel-ppp/ipoe.config.tmpl @@ -25,11 +25,21 @@ level=5 verbose=1 {% for interface in interfaces %} {% if interface.vlan_mon %} -interface=re:{{ interface.name }}\.\d+,{% else %}interface={{ interface.name }},{% endif %}shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }},range={{ interface.range }},start={{ interface.sess_start }},ipv6=1 +interface=re:{{ interface.name }}\.\d+,{% else %}interface={{ interface.name }},{% endif %}shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }}{{ ',range=' + interface.range if interface.range is defined and interface.range is not none }},start={{ interface.sess_start }},ipv6=1 {% endfor %} -{% if auth_mode == 'noauth' %} +{% if auth_mode == 'noauth' %} noauth=1 -{% elif auth_mode == 'local' %} +{% if client_named_ip_pool %} +{% for pool in client_named_ip_pool %} +{% if pool.subnet is defined %} +ip-pool={{ pool.name }} +{% endif %} +{% if pool.gateway_address is defined %} +gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }} +{% endif %} +{% endfor%} +{% endif %} +{% elif auth_mode == 'local' %} username=ifname password=csid {% endif %} @@ -61,6 +71,18 @@ verbose=1 [ipv6-dhcp] verbose=1 +{% if client_named_ip_pool %} +[ip-pool] +{% for pool in client_named_ip_pool %} +{% if pool.subnet is defined %} +{{ pool.subnet }},name={{ pool.name }} +{% endif %} +{% if pool.gateway_address is defined %} +gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }} +{% endif %} +{% endfor%} +{% endif %} + {% if client_ipv6_pool %} [ipv6-pool] {% for p in client_ipv6_pool %} diff --git a/data/templates/bcast-relay/udp-broadcast-relay.tmpl b/data/templates/bcast-relay/udp-broadcast-relay.tmpl index 73e9acad4..7b2b9b1a2 100644 --- a/data/templates/bcast-relay/udp-broadcast-relay.tmpl +++ b/data/templates/bcast-relay/udp-broadcast-relay.tmpl @@ -1,7 +1,5 @@ ### Autogenerated by bcast_relay.py ### # UDP broadcast relay configuration for instance {{ id }} -{% if description %} -# Comment: {{ description }} -{% endif %} -DAEMON_ARGS="{{ '-s ' + address if address is defined }} {{ instance }} {{ port }} {{ interface | join(' ') }}" +{{ '# ' ~ description if description is vyos_defined }} +DAEMON_ARGS="{{ '-s ' ~ address if address is defined }} {{ instance }} {{ port }} {{ interface | join(' ') }}" diff --git a/data/templates/conntrack/nftables-ct.tmpl b/data/templates/conntrack/nftables-ct.tmpl new file mode 100644 index 000000000..cebc1a54e --- /dev/null +++ b/data/templates/conntrack/nftables-ct.tmpl @@ -0,0 +1,48 @@ +#!/usr/sbin/nft -f + +{% set nft_ct_ignore_name = 'VYOS_CT_IGNORE' %} +{% set nft_ct_timeout_name = 'VYOS_CT_TIMEOUT' %} + +# we first flush all chains and render the content from scratch - this makes +# any delta check obsolete +flush chain raw {{ nft_ct_ignore_name }} +flush chain raw {{ nft_ct_timeout_name }} + +table raw { + chain {{ nft_ct_ignore_name }} { +{% if ignore.rule is vyos_defined %} +{% for rule, rule_config in ignore.rule.items() %} + # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is defined and rule_config.description is not none }} +{% set nft_command = '' %} +{% if rule_config.inbound_interface is vyos_defined %} +{% set nft_command = nft_command ~ ' iifname ' ~ rule_config.inbound_interface %} +{% endif %} +{% if rule_config.protocol is vyos_defined %} +{% set nft_command = nft_command ~ ' ip protocol ' ~ rule_config.protocol %} +{% endif %} +{% if rule_config.destination.address is vyos_defined %} +{% set nft_command = nft_command ~ ' ip daddr ' ~ rule_config.destination.address %} +{% endif %} +{% if rule_config.destination.port is vyos_defined %} +{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' dport { ' ~ rule_config.destination.port ~ ' }' %} +{% endif %} +{% if rule_config.source.address is vyos_defined %} +{% set nft_command = nft_command ~ ' ip saddr ' ~ rule_config.source.address %} +{% endif %} +{% if rule_config.source.port is vyos_defined %} +{% set nft_command = nft_command ~ ' ' ~ rule_config.protocol ~ ' sport { ' ~ rule_config.source.port ~ ' }' %} +{% endif %} + {{ nft_command }} counter notrack comment ignore-{{ rule }} +{% endfor %} +{% endif %} + return + } + chain {{ nft_ct_timeout_name }} { +{% if timeout.custom.rule is vyos_defined %} +{% for rule, rule_config in timeout.custom.rule.items() %} + # rule-{{ rule }} {{ '- ' ~ rule_config.description if rule_config.description is defined and rule_config.description is not none }} +{% endfor %} +{% endif %} + return + } +} diff --git a/data/templates/conntrack/sysctl.conf.tmpl b/data/templates/conntrack/sysctl.conf.tmpl index 9e97c3286..075402c04 100644 --- a/data/templates/conntrack/sysctl.conf.tmpl +++ b/data/templates/conntrack/sysctl.conf.tmpl @@ -6,7 +6,7 @@ net.netfilter.nf_conntrack_max = {{ table_size }} net.ipv4.tcp_max_syn_backlog = {{ tcp.half_open_connections }} -net.netfilter.nf_conntrack_tcp_loose = {{ '1' if tcp.loose == 'enable' else '0' }} +net.netfilter.nf_conntrack_tcp_loose = {{ '1' if tcp.loose is vyos_defined('enable') else '0' }} net.netfilter.nf_conntrack_tcp_max_retrans = {{ tcp.max_retrans }} net.netfilter.nf_conntrack_icmp_timeout = {{ timeout.icmp }} diff --git a/data/templates/containers/registry.tmpl b/data/templates/containers/registry.tmpl index 0347de673..0cbd9ecc2 100644 --- a/data/templates/containers/registry.tmpl +++ b/data/templates/containers/registry.tmpl @@ -1,5 +1,5 @@ ### Autogenerated by /usr/libexec/vyos/conf_mode/containers.py ### -{% if registry is defined and registry is not none %} +{% if registry is vyos_defined %} unqualified-search-registries = {{ registry }} {% endif %} diff --git a/data/templates/dhcp-client/daemon-options.tmpl b/data/templates/dhcp-client/daemon-options.tmpl index 40629dca1..5b3bff73f 100644 --- a/data/templates/dhcp-client/daemon-options.tmpl +++ b/data/templates/dhcp-client/daemon-options.tmpl @@ -1,4 +1,4 @@ ### Autogenerated by interface.py ### -DHCLIENT_OPTS="-nw -cf /var/lib/dhcp/dhclient_{{ifname}}.conf -pf /var/lib/dhcp/dhclient_{{ifname}}.pid -lf /var/lib/dhcp/dhclient_{{ifname}}.leases{{" -e IF_METRIC=" ~ dhcp_options.default_route_distance if dhcp_options.default_route_distance is defined and dhcp_options.default_route_distance is not none}} {{ifname}}" +DHCLIENT_OPTS="-nw -cf /var/lib/dhcp/dhclient_{{ ifname }}.conf -pf /var/lib/dhcp/dhclient_{{ ifname }}.pid -lf /var/lib/dhcp/dhclient_{{ ifname }}.leases{{" -e IF_METRIC=" ~ dhcp_options.default_route_distance if dhcp_options.default_route_distance is vyos_defined }} {{ ifname }}" diff --git a/data/templates/dhcp-client/ipv4.tmpl b/data/templates/dhcp-client/ipv4.tmpl index b3e74c22b..83fb93dc1 100644 --- a/data/templates/dhcp-client/ipv4.tmpl +++ b/data/templates/dhcp-client/ipv4.tmpl @@ -7,7 +7,7 @@ initial-interval 2; interface "{{ ifname }}" { send host-name "{{ dhcp_options.host_name }}"; -{% if dhcp_options.client_id is defined and dhcp_options.client_id is not none %} +{% if dhcp_options.client_id is vyos_defined %} {% set client_id = dhcp_options.client_id %} {# Use HEX representation of client-id as it is send in MAC-address style using hex characters. If not HEX, use double quotes ASCII format #} {% if not dhcp_options.client_id.split(':') | length >= 5 %} @@ -15,18 +15,18 @@ interface "{{ ifname }}" { {% endif %} send dhcp-client-identifier {{ client_id }}; {% endif %} -{% if dhcp_options.vendor_class_id is defined and dhcp_options.vendor_class_id is not none %} +{% if dhcp_options.vendor_class_id is vyos_defined %} send vendor-class-identifier "{{ dhcp_options.vendor_class_id }}"; {% endif %} # The request statement causes the client to request that any server responding to the # client send the client its values for the specified options. - request subnet-mask, broadcast-address,{{ " routers," if dhcp_options.no_default_route is not defined }} domain-name-servers, + request subnet-mask, broadcast-address,{{ " routers," if dhcp_options.no_default_route is not vyos_defined }} domain-name-servers, rfc3442-classless-static-routes, domain-name, interface-mtu; # The require statement lists options that must be sent in order for an offer to be # accepted. Offers that do not contain all the listed options will be ignored! require subnet-mask; -{% if dhcp_options.reject is defined and dhcp_options.reject is not none %} +{% if dhcp_options.reject is vyos_defined %} # Block addresses coming from theses dhcp servers if configured. reject {{ dhcp_options.reject | join(', ') }}; {% endif %} diff --git a/data/templates/dhcp-client/ipv6.tmpl b/data/templates/dhcp-client/ipv6.tmpl index c292664e9..085cfe5a9 100644 --- a/data/templates/dhcp-client/ipv6.tmpl +++ b/data/templates/dhcp-client/ipv6.tmpl @@ -2,54 +2,54 @@ # man https://www.unix.com/man-page/debian/5/dhcp6c.conf/ interface {{ ifname }} { -{% if dhcpv6_options is defined and dhcpv6_options.duid is defined and dhcpv6_options.duid is not none %} +{% if dhcpv6_options.duid is vyos_defined %} send client-id {{ dhcpv6_options.duid }}; {% endif %} -{% if address is defined and 'dhcpv6' in address %} +{% if address is vyos_defined and 'dhcpv6' in address %} request domain-name-servers; request domain-name; -{% if dhcpv6_options is defined and dhcpv6_options.parameters_only is defined %} +{% if dhcpv6_options.parameters_only is vyos_defined %} information-only; {% endif %} -{% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} +{% if dhcpv6_options.temporary is not vyos_defined %} send ia-na 0; # non-temporary address {% endif %} -{% if dhcpv6_options is defined and dhcpv6_options.rapid_commit is defined %} +{% if dhcpv6_options.rapid_commit is vyos_defined %} send rapid-commit; # wait for immediate reply instead of advertisements {% endif %} {% endif %} -{% if dhcpv6_options is defined and dhcpv6_options.pd is defined %} +{% if dhcpv6_options.pd is vyos_defined %} {% for pd in dhcpv6_options.pd %} send ia-pd {{ pd }}; # prefix delegation #{{ pd }} {% endfor %} {% endif %} }; -{% if address is defined and 'dhcpv6' in address %} -{% if dhcpv6_options is not defined or dhcpv6_options.temporary is not defined %} +{% if address is vyos_defined and 'dhcpv6' in address %} +{% if dhcpv6_options.temporary is not vyos_defined %} id-assoc na 0 { # Identity association for non temporary address }; {% endif %} {% endif %} -{% if dhcpv6_options is defined and dhcpv6_options.pd is defined %} -{% for pd in dhcpv6_options.pd %} +{% if dhcpv6_options.pd is vyos_defined %} +{% for pd, pd_config in dhcpv6_options.pd.items() %} id-assoc pd {{ pd }} { {# length got a default value #} - prefix ::/{{ dhcpv6_options.pd[pd].length }} infinity; -{% set sla_len = 64 - dhcpv6_options.pd[pd].length|int %} + prefix ::/{{ pd_config.length }} infinity; +{% set sla_len = 64 - pd_config.length|int %} {% set count = namespace(value=0) %} -{% for interface in dhcpv6_options.pd[pd].interface if dhcpv6_options.pd[pd].interface is defined %} +{% for interface, interface_config in pd_config.interface.items() if pd_config.interface is vyos_defined %} prefix-interface {{ interface }} { sla-len {{ sla_len }}; -{% if dhcpv6_options.pd[pd].interface[interface].sla_id is defined and dhcpv6_options.pd[pd].interface[interface].sla_id is not none %} - sla-id {{ dhcpv6_options.pd[pd].interface[interface].sla_id }}; +{% if interface_config.sla_id is vyos_defined %} + sla-id {{ interface_config.sla_id }}; {% else %} sla-id {{ count.value }}; {% endif %} -{% if dhcpv6_options.pd[pd].interface[interface].address is defined and dhcpv6_options.pd[pd].interface[interface].address is not none %} - ifid {{ dhcpv6_options.pd[pd].interface[interface].address }}; +{% if interface_config.address is vyos_defined %} + ifid {{ interface_config.address }}; {% endif %} }; {% set count.value = count.value + 1 %} diff --git a/data/templates/dhcp-relay/dhcrelay.conf.tmpl b/data/templates/dhcp-relay/dhcrelay.conf.tmpl index a9d17ed9a..11710bd8e 100644 --- a/data/templates/dhcp-relay/dhcrelay.conf.tmpl +++ b/data/templates/dhcp-relay/dhcrelay.conf.tmpl @@ -1,6 +1,6 @@ ### Autogenerated by dhcp_relay.py ### -{% set max_size = '-A ' + relay_options.max_size if relay_options.max_size is defined and relay_options.max_size is not none %} +{% set max_size = '-A ' ~ relay_options.max_size if relay_options.max_size is vyos_defined %} {# hop_count and relay_agents_packets is a default option, thus it is always present #} OPTIONS="-c {{ relay_options.hop_count }} -a -m {{ relay_options.relay_agents_packets }} {{ max_size }} -i {{ interface | join(' -i ') }} {{ server | join(' ') }}" diff --git a/data/templates/dhcp-relay/dhcrelay6.conf.tmpl b/data/templates/dhcp-relay/dhcrelay6.conf.tmpl index 58c216b7c..1fd5de18c 100644 --- a/data/templates/dhcp-relay/dhcrelay6.conf.tmpl +++ b/data/templates/dhcp-relay/dhcrelay6.conf.tmpl @@ -4,18 +4,18 @@ {% set upstream = namespace(value='') %} {% for interface, config in upstream_interface.items() %} {% for address in config.address %} -{% set upstream.value = upstream.value + '-u ' + address + '%' + interface + ' ' %} +{% set upstream.value = upstream.value ~ '-u ' ~ address ~ '%' ~ interface ~ ' ' %} {% endfor %} {% endfor %} {# listen_interface is mandatory so it's always present #} {% set listen = namespace(value='') %} {% for interface, config in listen_interface.items() %} -{% if config.address is defined and config.address is not none %} -{% set listen.value = listen.value + '-l ' + config.address + '%' + interface + ' ' %} +{% if config.address is vyos_defined %} +{% set listen.value = listen.value ~ '-l ' ~ config.address ~ '%' ~ interface ~ ' ' %} {% else %} -{% set listen.value = listen.value + '-l ' + interface + ' ' %} +{% set listen.value = listen.value ~ '-l ' ~ interface ~ ' ' %} {% endif %} {% endfor %} -OPTIONS="{{ listen.value }} {{ upstream.value }} -c {{ max_hop_count }} {{ '-I' if use_interface_id_option is defined }}" +OPTIONS="{{ listen.value }} {{ upstream.value }} -c {{ max_hop_count }} {{ '-I' if use_interface_id_option is vyos_defined }}" diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl index e47838c8c..f4297fe5f 100644 --- a/data/templates/dhcp-server/dhcpd.conf.tmpl +++ b/data/templates/dhcp-server/dhcpd.conf.tmpl @@ -4,7 +4,7 @@ # https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html # # log-facility local7; -{% if hostfile_update is defined %} +{% if hostfile_update is vyos_defined %} on release { set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name); set ClientIp = binary-to-ascii(10, 8, ".",leased-address); @@ -17,13 +17,13 @@ on expiry { } {% endif %} -{{ 'use-host-decl-names on;' if host_decl_name is defined }} -ddns-update-style {{ 'interim' if dynamic_dns_update is defined else 'none' }}; +{{ 'use-host-decl-names on;' if host_decl_name is vyos_defined }} +ddns-update-style {{ 'interim' if dynamic_dns_update is vyos_defined else 'none' }}; option rfc3442-static-route code 121 = array of integer 8; option windows-static-route code 249 = array of integer 8; option wpad-url code 252 = text; -{% if global_parameters is defined and global_parameters is not none %} +{% if global_parameters is vyos_defined %} # The following {{ global_parameters | length }} line(s) have been added as # global-parameters in the CLI and have not been validated !!! {% for parameter in global_parameters %} @@ -31,7 +31,7 @@ option wpad-url code 252 = text; {% endfor %} {% endif %} -{% if failover is defined and failover is not none %} +{% if failover is vyos_defined %} # DHCP failover configuration failover peer "{{ failover.name }}" { {% if failover.status == 'primary' %} @@ -42,15 +42,15 @@ failover peer "{{ failover.name }}" { secondary; {% endif %} address {{ failover.source_address }}; - port 520; + port 647; peer address {{ failover.remote }}; - peer port 520; + peer port 647; max-response-delay 30; max-unacked-updates 10; load balance max seconds 3; } {% endif %} -{% if listen_address is defined and listen_address is not none %} +{% if listen_address is vyos_defined %} # DHCP server serving relay subnet, we need a connector to the real world {% for address in listen_address %} @@ -60,70 +60,70 @@ subnet {{ address | network_from_ipv4 }} netmask {{ address | netmask_from_ipv4 {% endif %} # Shared network configration(s) -{% if shared_network_name is defined and shared_network_name is not none %} -{% for network, network_config in shared_network_name.items() if network_config.disable is not defined %} +{% if shared_network_name is vyos_defined %} +{% for network, network_config in shared_network_name.items() if network_config.disable is not vyos_defined %} shared-network {{ network | replace('_','-') }} { -{% if network_config.authoritative is defined %} +{% if network_config.authoritative is vyos_defined %} authoritative; {% endif %} -{% if network_config.name_server is defined and network_config.name_server is not none %} +{% if network_config.name_server is vyos_defined %} option domain-name-servers {{ network_config.name_server | join(', ') }}; {% endif %} -{% if network_config.domain_name is defined and network_config.domain_name is not none %} +{% if network_config.domain_name is vyos_defined %} option domain-name "{{ network_config.domain_name }}"; {% endif %} -{% if network_config.domain_search is defined and network_config.domain_search is not none %} +{% if network_config.domain_search is vyos_defined %} option domain-search "{{ network_config.domain_search | join('", "') }}"; {% endif %} -{% if network_config.ntp_server is defined and network_config.ntp_server is not none %} +{% if network_config.ntp_server is vyos_defined %} option ntp-servers {{ network_config.ntp_server | join(', ') }}; {% endif %} -{% if network_config.ping_check is defined %} +{% if network_config.ping_check is vyos_defined %} ping-check true; {% endif %} -{% if network_config.shared_network_parameters is defined and network_config.shared_network_parameters is not none %} +{% if network_config.shared_network_parameters is vyos_defined %} # The following {{ network_config.shared_network_parameters | length }} line(s) # were added as shared-network-parameters in the CLI and have not been validated {% for parameter in network_config.shared_network_parameters %} {{ parameter }} {% endfor %} {% endif %} -{% if network_config.subnet is defined and network_config.subnet is not none %} +{% if network_config.subnet is vyos_defined %} {% for subnet, subnet_config in network_config.subnet.items() %} -{% if subnet_config.description is defined and subnet_config.description is not none %} +{% if subnet_config.description is vyos_defined %} # {{ subnet_config.description }} {% endif %} subnet {{ subnet | address_from_cidr }} netmask {{ subnet | netmask_from_cidr }} { -{% if subnet_config.name_server is defined and subnet_config.name_server is not none %} +{% if subnet_config.name_server is vyos_defined %} option domain-name-servers {{ subnet_config.name_server | join(', ') }}; {% endif %} -{% if subnet_config.domain_name is defined and subnet_config.domain_name is not none %} +{% if subnet_config.domain_name is vyos_defined %} option domain-name "{{ subnet_config.domain_name }}"; {% endif %} -{% if subnet_config.domain_search is defined and subnet_config.domain_search is not none %} +{% if subnet_config.domain_search is vyos_defined %} option domain-search "{{ subnet_config.domain_search | join('", "') }}"; {% endif %} -{% if subnet_config.ntp_server is defined and subnet_config.ntp_server is not none %} +{% if subnet_config.ntp_server is vyos_defined %} option ntp-servers {{ subnet_config.ntp_server | join(', ') }}; {% endif %} -{% if subnet_config.pop_server is defined and subnet_config.pop_server is not none %} +{% if subnet_config.pop_server is vyos_defined %} option pop-server {{ subnet_config.pop_server | join(', ') }}; {% endif %} -{% if subnet_config.smtp_server is defined and subnet_config.smtp_server is not none %} +{% if subnet_config.smtp_server is vyos_defined %} option smtp-server {{ subnet_config.smtp_server | join(', ') }}; {% endif %} -{% if subnet_config.time_server is defined and subnet_config.time_server is not none %} +{% if subnet_config.time_server is vyos_defined %} option time-servers {{ subnet_config.time_server | join(', ') }}; {% endif %} -{% if subnet_config.wins_server is defined and subnet_config.wins_server is not none %} +{% if subnet_config.wins_server is vyos_defined %} option netbios-name-servers {{ subnet_config.wins_server | join(', ') }}; {% endif %} -{% if subnet_config.static_route is defined and subnet_config.static_route is not none %} +{% if subnet_config.static_route is vyos_defined %} {% set static_default_route = '' %} -{% if subnet_config.default_router and subnet_config.default_router is not none %} -{% set static_default_route = ', ' + '0.0.0.0/0' | isc_static_route(subnet_config.default_router) %} +{% if subnet_config.default_router is vyos_defined %} +{% set static_default_route = ', ' ~ '0.0.0.0/0' | isc_static_route(subnet_config.default_router) %} {% endif %} -{% if subnet_config.static_route is defined and subnet_config.static_route is not none %} +{% if subnet_config.static_route is vyos_defined %} {% set rfc3442_routes = [] %} {% for route, route_options in subnet_config.static_route.items() %} {% set rfc3442_routes = rfc3442_routes.append(route | isc_static_route(route_options.next_hop)) %} @@ -132,59 +132,59 @@ shared-network {{ network | replace('_','-') }} { option windows-static-route {{ rfc3442_routes | join(', ') }}; {% endif %} {% endif %} -{% if subnet_config.ip_forwarding is defined %} +{% if subnet_config.ip_forwarding is vyos_defined %} option ip-forwarding true; {% endif %} -{% if subnet_config.default_router and subnet_config.default_router is not none %} +{% if subnet_config.default_router is vyos_defined %} option routers {{ subnet_config.default_router }}; {% endif %} -{% if subnet_config.server_identifier is defined and subnet_config.server_identifier is not none %} +{% if subnet_config.server_identifier is vyos_defined %} option dhcp-server-identifier {{ subnet_config.server_identifier }}; {% endif %} -{% if subnet_config.subnet_parameters is defined and subnet_config.subnet_parameters is not none %} +{% if subnet_config.subnet_parameters is vyos_defined %} # The following {{ subnet_config.subnet_parameters | length }} line(s) were added as # subnet-parameters in the CLI and have not been validated!!! {% for parameter in subnet_config.subnet_parameters %} {{ parameter }} {% endfor %} {% endif %} -{% if subnet_config.tftp_server_name is defined and subnet_config.tftp_server_name is not none %} +{% if subnet_config.tftp_server_name is vyos_defined %} option tftp-server-name "{{ subnet_config.tftp_server_name }}"; {% endif %} -{% if subnet_config.bootfile_name is defined and subnet_config.bootfile_name is not none %} +{% if subnet_config.bootfile_name is vyos_defined %} option bootfile-name "{{ subnet_config.bootfile_name }}"; filename "{{ subnet_config.bootfile_name }}"; {% endif %} -{% if subnet_config.bootfile_server is defined and subnet_config.bootfile_server is not none %} +{% if subnet_config.bootfile_server is vyos_defined %} next-server {{ subnet_config.bootfile_server }}; {% endif %} {% if subnet_config.bootfile_size is defined and subnet_config.bootfile_size is not none %} option boot-size {{ subnet_config.bootfile_size }}; {% endif %} -{% if subnet_config.time_offset is defined and subnet_config.time_offset is not none %} +{% if subnet_config.time_offset is vyos_defined %} option time-offset {{ subnet_config.time_offset }}; {% endif %} -{% if subnet_config.wpad_url is defined and subnet_config.wpad_url is not none %} +{% if subnet_config.wpad_url is vyos_defined %} option wpad-url "{{ subnet_config.wpad_url }}"; {% endif %} -{% if subnet_config.client_prefix_length is defined and subnet_config.client_prefix_length is not none %} - option subnet-mask {{ subnet_config.client_prefix_length }}; +{% if subnet_config.client_prefix_length is vyos_defined %} + option subnet-mask {{ ('0.0.0.0/' ~ subnet_config.client_prefix_length) | netmask_from_cidr }}; {% endif %} -{% if subnet_config.lease is defined and subnet_config.lease is not none %} +{% if subnet_config.lease is vyos_defined %} default-lease-time {{ subnet_config.lease }}; max-lease-time {{ subnet_config.lease }}; {% endif %} -{% if network_config.ping_check is not defined and subnet_config.ping_check is defined %} +{% if network_config.ping_check is not vyos_defined and subnet_config.ping_check is vyos_defined %} ping-check true; {% endif %} -{% if subnet_config.static_mapping is defined and subnet_config.static_mapping is not none %} -{% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not defined %} - host {{ host | replace('_','-') if host_decl_name is defined else network | replace('_','-') + '_' + host | replace('_','-') }} { -{% if host_config.ip_address is defined and host_config.ip_address is not none %} +{% if subnet_config.static_mapping is vyos_defined %} +{% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not vyos_defined %} + host {{ host | replace('_','-') if host_decl_name is vyos_defined else network | replace('_','-') ~ '_' ~ host | replace('_','-') }} { +{% if host_config.ip_address is vyos_defined %} fixed-address {{ host_config.ip_address }}; {% endif %} hardware ethernet {{ host_config.mac_address }}; -{% if host_config.static_mapping_parameters is defined and host_config.static_mapping_parameters is not none %} +{% if host_config.static_mapping_parameters is vyos_defined %} # The following {{ host_config.static_mapping_parameters | length }} line(s) were added # as static-mapping-parameters in the CLI and have not been validated {% for parameter in host_config.static_mapping_parameters %} @@ -194,20 +194,20 @@ shared-network {{ network | replace('_','-') }} { } {% endfor %} {% endif %} -{% if subnet_config.range is defined and subnet_config.range is not none %} +{% if subnet_config.range is vyos_defined %} {# pool configuration can only be used if there follows a range option #} pool { {% endif %} -{% if subnet_config.enable_failover is defined %} +{% if subnet_config.enable_failover is vyos_defined %} failover peer "{{ failover.name }}"; deny dynamic bootp clients; {% endif %} -{% if subnet_config.range is defined and subnet_config.range is not none %} +{% if subnet_config.range is vyos_defined %} {% for range, range_options in subnet_config.range.items() %} range {{ range_options.start }} {{ range_options.stop }}; {% endfor %} {% endif %} -{% if subnet_config.range is defined and subnet_config.range is not none %} +{% if subnet_config.range is vyos_defined %} {# pool configuration can only be used if there follows a range option #} } {% endif %} @@ -216,7 +216,7 @@ shared-network {{ network | replace('_','-') }} { {% endif %} on commit { set shared-networkname = "{{ network | replace('_','-') }}"; -{% if hostfile_update is defined %} +{% if hostfile_update is vyos_defined %} set ClientIp = binary-to-ascii(10, 8, ".", leased-address); set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)); set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name, "empty_hostname"); diff --git a/data/templates/dhcp-server/dhcpdv6.conf.tmpl b/data/templates/dhcp-server/dhcpdv6.conf.tmpl index 45d629928..c6a4f4c92 100644 --- a/data/templates/dhcp-server/dhcpdv6.conf.tmpl +++ b/data/templates/dhcp-server/dhcpdv6.conf.tmpl @@ -4,74 +4,74 @@ # https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html log-facility local7; -{% if preference is defined and preference is not none %} +{% if preference is vyos_defined %} option dhcp6.preference {{ preference }}; {% endif %} -{% if global_parameters is defined and global_parameters.name_server is defined and global_parameters.name_server is not none %} +{% if global_parameters.name_server is vyos_defined %} option dhcp6.name-servers {{ global_parameters.name_server | join(', ') }}; {% endif %} # Shared network configration(s) -{% if shared_network_name is defined and shared_network_name is not none %} -{% for network, network_config in shared_network_name.items() if network_config.disable is not defined %} +{% if shared_network_name is vyos_defined %} +{% for network, network_config in shared_network_name.items() if network_config.disable is not vyos_defined %} shared-network {{ network | replace('_','-') }} { -{% if network_config.common_options is defined and network_config.common_options is not none %} -{% if network_config.common_options.info_refresh_time is defined and network_config.common_options.info_refresh_time is not none %} +{% if network_config.common_options is vyos_defined %} +{% if network_config.common_options.info_refresh_time is vyos_defined %} option dhcp6.info-refresh-time {{ network_config.common_options.info_refresh_time }}; {% endif %} -{% if network_config.common_options.domain_search is defined and network_config.common_options.domain_search is not none %} +{% if network_config.common_options.domain_search is vyos_defined %} option dhcp6.domain-search "{{ network_config.common_options.domain_search | join('", "') }}"; {% endif %} -{% if network_config.common_options.name_server is defined and network_config.common_options.name_server is not none %} +{% if network_config.common_options.name_server is vyos_defined %} option dhcp6.name-servers {{ network_config.common_options.name_server | join(', ') }}; {% endif %} {% endif %} -{% if network_config.subnet is defined and network_config.subnet is not none %} +{% if network_config.subnet is vyos_defined %} {% for subnet, subnet_config in network_config.subnet.items() %} subnet6 {{ subnet }} { -{% if subnet_config.address_range is defined and subnet_config.address_range is not none %} -{% if subnet_config.address_range.prefix is defined and subnet_config.address_range.prefix is not none %} +{% if subnet_config.address_range is vyos_defined %} +{% if subnet_config.address_range.prefix is vyos_defined %} {% for prefix, prefix_config in subnet_config.address_range.prefix.items() %} - range6 {{ prefix }} {{ "temporary" if prefix_config.temporary is defined }}; + range6 {{ prefix }} {{ "temporary" if prefix_config.temporary is vyos_defined }}; {% endfor %} {% endif %} -{% if subnet_config.address_range.start is defined and subnet_config.address_range.start is not none %} +{% if subnet_config.address_range.start is vyos_defined %} {% for address, address_config in subnet_config.address_range.start.items() %} range6 {{ address }} {{ address_config.stop }}; {% endfor %} {% endif %} {% endif %} -{% if subnet_config.domain_search is defined and subnet_config.domain_search is not none %} +{% if subnet_config.domain_search is vyos_defined %} option dhcp6.domain-search "{{ subnet_config.domain_search | join('", "') }}"; {% endif %} -{% if subnet_config.lease_time is defined and subnet_config.lease_time is not none %} -{% if subnet_config.lease_time.default is defined and subnet_config.lease_time.default is not none %} +{% if subnet_config.lease_time is vyos_defined %} +{% if subnet_config.lease_time.default is vyos_defined %} default-lease-time {{ subnet_config.lease_time.default }}; {% endif %} -{% if subnet_config.lease_time.maximum is defined and subnet_config.lease_time.maximum is not none %} +{% if subnet_config.lease_time.maximum is vyos_defined %} max-lease-time {{ subnet_config.lease_time.maximum }}; {% endif %} -{% if subnet_config.lease_time.minimum is defined and subnet_config.lease_time.minimum is not none %} +{% if subnet_config.lease_time.minimum is vyos_defined %} min-lease-time {{ subnet_config.lease_time.minimum }}; {% endif %} {% endif %} -{% if subnet_config.name_server is defined and subnet_config.name_server is not none %} +{% if subnet_config.name_server is vyos_defined %} option dhcp6.name-servers {{ subnet_config.name_server | join(', ') }}; {% endif %} -{% if subnet_config.nis_domain is defined and subnet_config.nis_domain is not none %} +{% if subnet_config.nis_domain is vyos_defined %} option dhcp6.nis-domain-name "{{ subnet_config.nis_domain }}"; {% endif %} -{% if subnet_config.nis_server is defined and subnet_config.nis_server is not none %} +{% if subnet_config.nis_server is vyos_defined %} option dhcp6.nis-servers {{ subnet_config.nis_server | join(', ') }}; {% endif %} -{% if subnet_config.nisplus_domain is defined and subnet_config.nisplus_domain is not none %} +{% if subnet_config.nisplus_domain is vyos_defined %} option dhcp6.nisp-domain-name "{{ subnet_config.nisplus_domain }}"; {% endif %} -{% if subnet_config.nisplus_server is defined and subnet_config.nisplus_server is not none %} +{% if subnet_config.nisplus_server is vyos_defined %} option dhcp6.nisp-servers {{ subnet_config.nisplus_server | join(', ') }}; {% endif %} -{% if subnet_config.sip_server is defined and subnet_config.sip_server is not none %} +{% if subnet_config.sip_server is vyos_defined %} {% set server_ip = [] %} {% set server_fqdn = [] %} {% for address in subnet_config.sip_server %} @@ -81,33 +81,33 @@ shared-network {{ network | replace('_','-') }} { {% set server_fqdn = server_fqdn.append(address) %} {% endif %} {% endfor %} -{% if server_ip is defined and server_ip | length > 0 %} +{% if server_ip is vyos_defined and server_ip | length > 0 %} option dhcp6.sip-servers-addresses {{ server_ip | join(', ') }}; {% endif %} -{% if server_fqdn is defined and server_fqdn | length > 0 %} +{% if server_fqdn is vyos_defined and server_fqdn | length > 0 %} option dhcp6.sip-servers-names "{{ server_fqdn | join('", "') }}"; {% endif %} {% endif %} -{% if subnet_config.sntp_server is defined and subnet_config.sntp_server is not none %} +{% if subnet_config.sntp_server is vyos_defined %} option dhcp6.sntp-servers {{ subnet_config.sntp_server | join(', ') }}; {% endif %} -{% if subnet_config.prefix_delegation is defined and subnet_config.prefix_delegation.start is defined and subnet_config.prefix_delegation.start is not none %} +{% if subnet_config.prefix_delegation.start is vyos_defined %} {% for prefix, prefix_config in subnet_config.prefix_delegation.start.items() %} prefix6 {{ prefix }} {{ prefix_config.stop }} /{{ prefix_config.prefix_length }}; {% endfor %} {% endif %} -{% if subnet_config.static_mapping is defined and subnet_config.static_mapping is not none %} +{% if subnet_config.static_mapping is vyos_defined %} # begin configuration of static client mappings -{% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not defined %} +{% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not vyos_defined %} host {{ network | replace('_','-') }}_{{ host | replace('_','-') }} { -{% if host_config.identifier is defined and host_config.identifier is not none %} +{% if host_config.identifier is vyos_defined %} host-identifier option dhcp6.client-id {{ host_config.identifier }}; {% endif %} -{% if host_config.ipv6_address is defined and host_config.ipv6_address is not none %} +{% if host_config.ipv6_address is vyos_defined %} fixed-address6 {{ host_config.ipv6_address }}; {% endif %} -{% if host_config.ipv6_prefix is defined and host_config.ipv6_prefix is not none %} +{% if host_config.ipv6_prefix is vyos_defined %} fixed-prefix6 {{ host_config.ipv6_prefix }}; {% endif %} } diff --git a/data/templates/dns-forwarding/recursor.conf.tmpl b/data/templates/dns-forwarding/recursor.conf.tmpl index 02efe903b..d4ec80a3a 100644 --- a/data/templates/dns-forwarding/recursor.conf.tmpl +++ b/data/templates/dns-forwarding/recursor.conf.tmpl @@ -19,6 +19,9 @@ max-cache-entries={{ cache_size }} # negative TTL for NXDOMAIN max-negative-ttl={{ negative_ttl }} +# timeout +network-timeout={{ timeout }} + # ignore-hosts-file export-etc-hosts={{ 'no' if ignore_hosts_file is defined else 'yes' }} diff --git a/data/templates/firewall/nftables-defines.tmpl b/data/templates/firewall/nftables-defines.tmpl new file mode 100644 index 000000000..d9eb7c199 --- /dev/null +++ b/data/templates/firewall/nftables-defines.tmpl @@ -0,0 +1,32 @@ +{% if group is defined %} +{% if group.address_group is defined %} +{% for group_name, group_conf in group.address_group.items() %} +define A_{{ group_name }} = { {{ group_conf.address | join(",") }} } +{% endfor %} +{% endif %} +{% if group.ipv6_address_group is defined %} +{% for group_name, group_conf in group.ipv6_address_group.items() %} +define A6_{{ group_name }} = { {{ group_conf.address | join(",") }} } +{% endfor %} +{% endif %} +{% if group.mac_group is defined %} +{% for group_name, group_conf in group.mac_group.items() %} +define M_{{ group_name }} = { {{ group_conf.mac_address | join(",") }} } +{% endfor %} +{% endif %} +{% if group.network_group is defined %} +{% for group_name, group_conf in group.network_group.items() %} +define N_{{ group_name }} = { {{ group_conf.network | join(",") }} } +{% endfor %} +{% endif %} +{% if group.ipv6_network_group is defined %} +{% for group_name, group_conf in group.ipv6_network_group.items() %} +define N6_{{ group_name }} = { {{ group_conf.network | join(",") }} } +{% endfor %} +{% endif %} +{% if group.port_group is defined %} +{% for group_name, group_conf in group.port_group.items() %} +define P_{{ group_name }} = { {{ group_conf.port | join(",") }} } +{% endfor %} +{% endif %} +{% endif %}
\ No newline at end of file diff --git a/data/templates/firewall/nftables-policy.tmpl b/data/templates/firewall/nftables-policy.tmpl index aa6bb6fc1..905ffcd09 100644 --- a/data/templates/firewall/nftables-policy.tmpl +++ b/data/templates/firewall/nftables-policy.tmpl @@ -1,5 +1,13 @@ #!/usr/sbin/nft -f +{% if cleanup_commands is defined %} +{% for command in cleanup_commands %} +{{ command }} +{% endfor %} +{% endif %} + +include "/run/nftables_defines.conf" + table ip mangle { {% if first_install is defined %} chain VYOS_PBR_PREROUTING { @@ -9,7 +17,7 @@ table ip mangle { type filter hook postrouting priority -150; policy accept; } {% endif %} -{% if route is defined -%} +{% if route is defined and route is not none -%} {% for route_text, conf in route.items() %} chain VYOS_PBR_{{ route_text }} { {% if conf.rule is defined %} @@ -17,11 +25,7 @@ table ip mangle { {{ rule_conf | nft_rule(route_text, rule_id, 'ip') }} {% endfor %} {% endif %} -{% if conf.default_action is defined %} - counter {{ conf.default_action | nft_action }} comment "{{ name_text }} default-action {{ conf.default_action }}" -{% else %} - counter return -{% endif %} + {{ conf | nft_default_rule(route_text) }} } {% endfor %} {%- endif %} @@ -36,17 +40,15 @@ table ip6 mangle { type filter hook postrouting priority -150; policy accept; } {% endif %} -{% if ipv6_route is defined %} -{% for route_text, conf in ipv6_route.items() %} +{% if route6 is defined and route6 is not none %} +{% for route_text, conf in route6.items() %} chain VYOS_PBR6_{{ route_text }} { {% if conf.rule is defined %} {% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not defined %} {{ rule_conf | nft_rule(route_text, rule_id, 'ip6') }} {% endfor %} {% endif %} -{% if conf.default_action is defined %} - counter {{ conf.default_action | nft_action }} comment "{{ name_text }} default-action {{ conf.default_action }}" -{% endif %} + {{ conf | nft_default_rule(route_text) }} } {% endfor %} {% endif %} diff --git a/data/templates/firewall/nftables.tmpl b/data/templates/firewall/nftables.tmpl index 68e83de64..0cc977cf9 100644 --- a/data/templates/firewall/nftables.tmpl +++ b/data/templates/firewall/nftables.tmpl @@ -6,43 +6,7 @@ {% endfor %} {% endif %} -{% if group is defined %} -{% if group.address_group is defined %} -{% for group_name, group_conf in group.address_group.items() %} -define A_{{ group_name }} = { - {{ group_conf.address | join(",") }} -} -{% endfor %} -{% endif %} -{% if group.ipv6_address_group is defined %} -{% for group_name, group_conf in group.ipv6_address_group.items() %} -define A6_{{ group_name }} = { - {{ group_conf.address | join(",") }} -} -{% endfor %} -{% endif %} -{% if group.network_group is defined %} -{% for group_name, group_conf in group.network_group.items() %} -define N_{{ group_name }} = { - {{ group_conf.network | join(",") }} -} -{% endfor %} -{% endif %} -{% if group.ipv6_network_group is defined %} -{% for group_name, group_conf in group.ipv6_network_group.items() %} -define N6_{{ group_name }} = { - {{ group_conf.network | join(",") }} -} -{% endfor %} -{% endif %} -{% if group.port_group is defined %} -{% for group_name, group_conf in group.port_group.items() %} -define P_{{ group_name }} = { - {{ group_conf.port | join(",") }} -} -{% endfor %} -{% endif %} -{% endif %} +include "/run/nftables_defines.conf" table ip filter { {% if first_install is defined %} @@ -67,19 +31,25 @@ table ip filter { } {% endif %} {% if name is defined %} +{% set ns = namespace(sets=[]) %} {% for name_text, conf in name.items() %} -{% set default_log = 'log' if 'enable_default_log' in conf else '' %} - chain {{ name_text }} { + chain NAME_{{ name_text }} { {% if conf.rule is defined %} {% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not defined %} {{ rule_conf | nft_rule(name_text, rule_id) }} +{% if rule_conf.recent is defined %} +{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %} +{% endif %} {% endfor %} {% endif %} -{% if conf.default_action is defined %} - counter {{ default_log }} {{ conf.default_action | nft_action }} comment "{{ name_text }} default-action {{ conf.default_action }}" -{% else %} - return -{% endif %} + {{ conf | nft_default_rule(name_text) }} + } +{% endfor %} +{% for set_name in ns.sets %} + set RECENT_{{ set_name }} { + type ipv4_addr + size 65535 + flags dynamic } {% endfor %} {% endif %} @@ -122,19 +92,25 @@ table ip6 filter { } {% endif %} {% if ipv6_name is defined %} +{% set ns = namespace(sets=[]) %} {% for name_text, conf in ipv6_name.items() %} -{% set default_log = 'log' if 'enable_default_log' in conf else '' %} - chain {{ name_text }} { + chain NAME6_{{ name_text }} { {% if conf.rule is defined %} {% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not defined %} {{ rule_conf | nft_rule(name_text, rule_id, 'ip6') }} +{% if rule_conf.recent is defined %} +{% set ns.sets = ns.sets + [name_text + '_' + rule_id] %} +{% endif %} {% endfor %} {% endif %} -{% if conf.default_action is defined %} - counter {{ default_log }} {{ conf.default_action | nft_action }} comment "{{ name_text }} default-action {{ conf.default_action }}" -{% else %} - return -{% endif %} + {{ conf | nft_default_rule(name_text) }} + } +{% endfor %} +{% for set_name in ns.sets %} + set RECENT6_{{ set_name }} { + type ipv6_addr + size 65535 + flags dynamic } {% endfor %} {% endif %} @@ -211,6 +187,7 @@ table raw { counter jump VYOS_CT_IGNORE counter jump VYOS_CT_TIMEOUT counter jump VYOS_CT_PREROUTING_HOOK + counter jump FW_CONNTRACK notrack } @@ -219,6 +196,7 @@ table raw { counter jump VYOS_CT_IGNORE counter jump VYOS_CT_TIMEOUT counter jump VYOS_CT_OUTPUT_HOOK + counter jump FW_CONNTRACK notrack } @@ -256,6 +234,10 @@ table raw { chain VYOS_CT_OUTPUT_HOOK { return } + + chain FW_CONNTRACK { + accept + } } table ip6 raw { @@ -266,12 +248,14 @@ table ip6 raw { chain PREROUTING { type filter hook prerouting priority -300; policy accept; counter jump VYOS_CT_PREROUTING_HOOK + counter jump FW_CONNTRACK notrack } chain OUTPUT { type filter hook output priority -300; policy accept; counter jump VYOS_CT_OUTPUT_HOOK + counter jump FW_CONNTRACK notrack } @@ -282,5 +266,9 @@ table ip6 raw { chain VYOS_CT_OUTPUT_HOOK { return } + + chain FW_CONNTRACK { + accept + } } {% endif %} diff --git a/data/templates/firewall/upnpd.conf.tmpl b/data/templates/firewall/upnpd.conf.tmpl new file mode 100644 index 000000000..39cb21373 --- /dev/null +++ b/data/templates/firewall/upnpd.conf.tmpl @@ -0,0 +1,172 @@ +# This is the UPNP configuration file + +# WAN network interface +ext_ifname={{ wan_interface }} +{% if wan_ip is defined %} +# If the WAN interface has several IP addresses, you +# can specify the one to use below +{% for addr in wan_ip %} +ext_ip={{ addr }} +{% endfor %} +{% endif %} + +# LAN network interfaces IPs / networks +{% if listen is defined %} +# There can be multiple listening IPs for SSDP traffic, in that case +# use multiple 'listening_ip=...' lines, one for each network interface. +# It can be IP address or network interface name (ie. "eth0") +# It is mandatory to use the network interface name in order to enable IPv6 +# HTTP is available on all interfaces. +# When MULTIPLE_EXTERNAL_IP is enabled, the external IP +# address associated with the subnet follows. For example: +# listening_ip=192.168.0.1/24 88.22.44.13 +{% for addr in listen %} +{% if addr | is_ipv4 %} +listening_ip={{ addr }} +{% elif addr | is_ipv6 %} +ipv6_listening_ip={{ addr }} +{% else %} +listening_ip={{ addr }} +{% endif %} +{% endfor %} +{% endif %} + +# CAUTION: mixing up WAN and LAN interfaces may introduce security risks! +# Be sure to assign the correct interfaces to LAN and WAN and consider +# implementing UPnP permission rules at the bottom of this configuration file + +# Port for HTTP (descriptions and SOAP) traffic. Set to 0 for autoselect. +#http_port=0 +# Port for HTTPS. Set to 0 for autoselect (default) +#https_port=0 + +# Path to the UNIX socket used to communicate with MiniSSDPd +# If running, MiniSSDPd will manage M-SEARCH answering. +# default is /var/run/minissdpd.sock +#minissdpdsocket=/var/run/minissdpd.sock + +{% if nat_pmp is defined %} +# Enable NAT-PMP support (default is no) +enable_natpmp=yes +{% endif %} + +# Enable UPNP support (default is yes) +enable_upnp=yes + +{% if pcp_lifetime is defined %} +# PCP +# Configure the minimum and maximum lifetime of a port mapping in seconds +# 120s and 86400s (24h) are suggested values from PCP-base +{% if pcp_lifetime.max is defined %} +max_lifetime={{ pcp_lifetime.max }} +{% endif %} +{% if pcp_lifetime.min is defined %} +min_lifetime={{ pcp_lifetime.min }} +{% endif %} +{% endif %} + + +# To enable the next few runtime options, see compile time +# ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h) + +{% if friendly_name is defined %} +# Name of this service, default is "`uname -s` router" +friendly_name= {{ friendly_name }} +{% endif %} + +# Manufacturer name, default is "`uname -s`" +manufacturer_name=VyOS + +# Manufacturer URL, default is URL of OS vendor +manufacturer_url=https://vyos.io/ + +# Model name, default is "`uname -s` router" +model_name=VyOS Router Model + +# Model description, default is "`uname -s` router" +model_description=Vyos open source enterprise router/firewall operating system + +# Model URL, default is URL of OS vendor +model_url=https://vyos.io/ + +{% if secure_mode is defined %} +# Secure Mode, UPnP clients can only add mappings to their own IP +secure_mode=yes +{% else %} +# Secure Mode, UPnP clients can only add mappings to their own IP +secure_mode=no +{% endif %} + +{% if presentation_url is defined %} +# Default presentation URL is HTTP address on port 80 +# If set to an empty string, no presentationURL element will appear +# in the XML description of the device, which prevents MS Windows +# from displaying an icon in the "Network Connections" panel. +#presentation_url= {{ presentation_url }} +{% endif %} + +# Report system uptime instead of daemon uptime +system_uptime=yes + +# Unused rules cleaning. +# never remove any rule before this threshold for the number +# of redirections is exceeded. default to 20 +clean_ruleset_threshold=10 +# Clean process work interval in seconds. default to 0 (disabled). +# a 600 seconds (10 minutes) interval makes sense +clean_ruleset_interval=600 + +# Anchor name in pf (default is miniupnpd) +anchor=VyOS + +uuid={{ uuid }} + +# Lease file location +lease_file=/config/upnp.leases + +# Daemon's serial and model number when reporting to clients +# (in XML description) +#serial=12345678 +#model_number=1 + +{% if rules is defined %} +# UPnP permission rules +# (allow|deny) (external port range) IP/mask (internal port range) +# A port range is <min port>-<max port> or <port> if there is only +# one port in the range. +# IP/mask format must be nnn.nnn.nnn.nnn/nn +# It is advised to only allow redirection of port >= 1024 +# and end the rule set with "deny 0-65535 0.0.0.0/0 0-65535" +# The following default ruleset allows specific LAN side IP addresses +# to request only ephemeral ports. It is recommended that users +# modify the IP ranges to match their own internal networks, and +# also consider implementing network-specific restrictions +# CAUTION: failure to enforce any rules may permit insecure requests to be made! +{% for rule, config in rules.items() %} +{% if config.disable is defined %} +{{ config.action}} {{ config.external_port_range }} {{ config.ip }} {{ config.internal_port_range }} +{% endif %} +{% endfor %} +{% endif %} + +{% if stun is defined %} +# WAN interface must have public IP address. Otherwise it is behind NAT +# and port forwarding is impossible. In some cases WAN interface can be +# behind unrestricted NAT 1:1 when all incoming traffic is NAT-ed and +# routed to WAN interfaces without any filtering. In this cases miniupnpd +# needs to know public IP address and it can be learnt by asking external +# server via STUN protocol. Following option enable retrieving external +# public IP address from STUN server and detection of NAT type. You need +# to specify also external STUN server in stun_host option below. +# This option is disabled by default. +ext_perform_stun=yes +# Specify STUN server, either hostname or IP address +# Some public STUN servers: +# stun.stunprotocol.org +# stun.sipgate.net +# stun.xten.com +# stun.l.google.com (on non standard port 19302) +ext_stun_host={{ stun.host }} +# Specify STUN UDP port, by default it is standard port 3478. +ext_stun_port={{ stun.port }} +{% endif %} diff --git a/data/templates/frr/bfdd.frr.tmpl b/data/templates/frr/bfdd.frr.tmpl index 439f79d67..ac55d4634 100644 --- a/data/templates/frr/bfdd.frr.tmpl +++ b/data/templates/frr/bfdd.frr.tmpl @@ -1,22 +1,22 @@ -{% if profile is defined or peer is defined %} +{% if profile is vyos_defined or peer is vyos_defined %} bfd -{% if profile is defined and profile is not none %} +{% if profile is vyos_defined %} {% for profile_name, profile_config in profile.items() %} profile {{ profile_name }} detect-multiplier {{ profile_config.interval.multiplier }} receive-interval {{ profile_config.interval.receive }} transmit-interval {{ profile_config.interval.transmit }} -{% if profile_config.interval.echo_interval is defined and profile_config.interval.echo_interval is not none %} +{% if profile_config.interval.echo_interval is vyos_defined %} echo transmit-interval {{ profile_config.interval.echo_interval }} echo receive-interval {{ profile_config.interval.echo_interval }} {% endif %} -{% if profile_config.echo_mode is defined %} +{% if profile_config.echo_mode is vyos_defined %} echo-mode {% endif %} -{% if profile_config.passive is defined %} +{% if profile_config.passive is vyos_defined %} passive-mode {% endif %} -{% if profile_config.shutdown is defined %} +{% if profile_config.shutdown is vyos_defined %} shutdown {% else %} no shutdown @@ -25,26 +25,26 @@ bfd ! {% endfor %} {% endif %} -{% if peer is defined and peer is not none %} +{% if peer is vyos_defined %} {% for peer_name, peer_config in peer.items() %} - peer {{ peer_name }}{{ ' multihop' if peer_config.multihop is defined }}{{ ' local-address ' + peer_config.source.address if peer_config.source is defined and peer_config.source.address is defined }}{{ ' interface ' + peer_config.source.interface if peer_config.source is defined and peer_config.source.interface is defined }} {{ ' vrf ' + peer_config.vrf if peer_config.vrf is defined and peer_config.vrf is not none }} + peer {{ peer_name }}{{ ' multihop' if peer_config.multihop is vyos_defined }}{{ ' local-address ' + peer_config.source.address if peer_config.source.address is vyos_defined }}{{ ' interface ' + peer_config.source.interface if peer_config.source.interface is vyos_defined }} {{ ' vrf ' + peer_config.vrf if peer_config.vrf is vyos_defined }} detect-multiplier {{ peer_config.interval.multiplier }} receive-interval {{ peer_config.interval.receive }} transmit-interval {{ peer_config.interval.transmit }} -{% if peer_config.interval.echo_interval is defined and peer_config.interval.echo_interval is not none %} +{% if peer_config.interval.echo_interval is vyos_defined %} echo transmit-interval {{ peer_config.interval.echo_interval }} echo receive-interval {{ peer_config.interval.echo_interval }} {% endif %} -{% if peer_config.echo_mode is defined %} +{% if peer_config.echo_mode is vyos_defined %} echo-mode {% endif %} -{% if peer_config.passive is defined %} +{% if peer_config.passive is vyos_defined %} passive-mode {% endif %} -{% if peer_config.profile is defined and peer_config.profile is not none %} +{% if peer_config.profile is vyos_defined %} profile {{ peer_config.profile }} {% endif %} -{% if peer_config.shutdown is defined %} +{% if peer_config.shutdown is vyos_defined %} shutdown {% else %} no shutdown diff --git a/data/templates/frr/bgpd.frr.tmpl b/data/templates/frr/bgpd.frr.tmpl index 45e0544b7..8baa128a7 100644 --- a/data/templates/frr/bgpd.frr.tmpl +++ b/data/templates/frr/bgpd.frr.tmpl @@ -3,113 +3,113 @@ {% macro bgp_neighbor(neighbor, config, peer_group=false) %} {% if peer_group == true %} neighbor {{ neighbor }} peer-group -{% elif config.peer_group is defined and config.peer_group is not none %} +{% elif config.peer_group is vyos_defined %} neighbor {{ neighbor }} peer-group {{ config.peer_group }} {% endif %} -{% if config.remote_as is defined and config.remote_as is not none %} +{% if config.remote_as is vyos_defined %} neighbor {{ neighbor }} remote-as {{ config.remote_as }} {% endif %} -{% if config.interface is defined and config.interface.remote_as is defined and config.interface.remote_as is not none %} +{% if config.interface.remote_as is vyos_defined %} neighbor {{ neighbor }} interface remote-as {{ config.interface.remote_as }} {% endif %} -{% if config.advertisement_interval is defined and config.advertisement_interval is not none %} +{% if config.advertisement_interval is vyos_defined %} neighbor {{ neighbor }} advertisement-interval {{ config.advertisement_interval }} {% endif %} -{% if config.bfd is defined %} +{% if config.bfd is vyos_defined %} neighbor {{ neighbor }} bfd -{% if config.bfd.check_control_plane_failure is defined %} +{% if config.bfd.check_control_plane_failure is vyos_defined %} neighbor {{ neighbor }} bfd check-control-plane-failure {% endif %} -{% if config.bfd.profile is defined and config.bfd.profile is not none %} +{% if config.bfd.profile is vyos_defined %} neighbor {{ neighbor }} bfd profile {{ config.bfd.profile }} {% endif %} {% endif %} -{% if config.capability is defined and config.capability is not none %} -{% if config.capability.dynamic is defined %} +{% if config.capability is vyos_defined %} +{% if config.capability.dynamic is vyos_defined %} neighbor {{ neighbor }} capability dynamic {% endif %} -{% if config.capability.extended_nexthop is defined %} +{% if config.capability.extended_nexthop is vyos_defined %} neighbor {{ neighbor }} capability extended-nexthop {% endif %} {% endif %} -{% if config.description is defined and config.description is not none %} +{% if config.description is vyos_defined %} neighbor {{ neighbor }} description {{ config.description }} {% endif %} -{% if config.disable_capability_negotiation is defined %} +{% if config.disable_capability_negotiation is vyos_defined %} neighbor {{ neighbor }} dont-capability-negotiate {% endif %} -{% if config.ebgp_multihop is defined and config.ebgp_multihop is not none %} +{% if config.ebgp_multihop is vyos_defined %} neighbor {{ neighbor }} ebgp-multihop {{ config.ebgp_multihop }} {% endif %} -{% if config.graceful_restart is defined and config.graceful_restart is not none %} -{% if config.graceful_restart == 'enable' %} +{% if config.graceful_restart is vyos_defined %} +{% if config.graceful_restart is vyos_defined('enable') %} {% set graceful_restart = 'graceful-restart' %} -{% elif config.graceful_restart == 'disable' %} +{% elif config.graceful_restart is vyos_defined('disable') %} {% set graceful_restart = 'graceful-restart-disable' %} -{% elif config.graceful_restart == 'restart-helper' %} +{% elif config.graceful_restart is vyos_defined('restart-helper') %} {% set graceful_restart = 'graceful-restart-helper' %} {% endif %} neighbor {{ neighbor }} {{ graceful_restart }} {% endif %} -{% if config.local_as is defined and config.local_as is not none %} +{% if config.local_as is vyos_defined %} {% for local_as, local_as_config in config.local_as.items() %} {# There can be only one local-as value, this is checked in the Python code #} - neighbor {{ neighbor }} local-as {{ local_as }} {{ 'no-prepend' if local_as_config.no_prepend is defined }} {{ 'replace-as' if local_as_config.no_prepend is defined and local_as_config.no_prepend.replace_as is defined }} + neighbor {{ neighbor }} local-as {{ local_as }} {{ 'no-prepend' if local_as_config.no_prepend is vyos_defined }} {{ 'replace-as' if local_as_config.no_prepend is vyos_defined and local_as_config.no_prepend.replace_as is vyos_defined }} {% endfor %} {% endif %} -{% if config.override_capability is defined %} +{% if config.override_capability is vyos_defined %} neighbor {{ neighbor }} override-capability {% endif %} -{% if config.passive is defined %} +{% if config.passive is vyos_defined %} neighbor {{ neighbor }} passive {% endif %} -{% if config.password is defined and config.password is not none %} +{% if config.password is vyos_defined %} neighbor {{ neighbor }} password {{ config.password }} {% endif %} -{% if config.port is defined and config.port is not none %} +{% if config.port is vyos_defined %} neighbor {{ neighbor }} port {{ config.port }} {% endif %} -{% if config.shutdown is defined %} +{% if config.shutdown is vyos_defined %} neighbor {{ neighbor }} shutdown {% endif %} -{% if config.solo is defined %} +{% if config.solo is vyos_defined %} neighbor {{ neighbor }} solo {% endif %} -{% if config.strict_capability_match is defined %} +{% if config.strict_capability_match is vyos_defined %} neighbor {{ neighbor }} strict-capability-match {% endif %} -{% if config.ttl_security is defined and config.ttl_security.hops is defined and config.ttl_security.hops is not none %} +{% if config.ttl_security.hops is vyos_defined %} neighbor {{ neighbor }} ttl-security hops {{ config.ttl_security.hops }} {% endif %} -{% if config.timers is defined %} -{% if config.timers.connect is defined and config.timers.connect is not none %} +{% if config.timers is vyos_defined %} +{% if config.timers.connect is vyos_defined %} neighbor {{ neighbor }} timers connect {{ config.timers.connect }} {% endif %} -{% if config.timers.holdtime is defined and config.timers.keepalive is defined and config.timers.holdtime is not none and config.timers.keepalive is not none %} +{% if config.timers.keepalive is vyos_defined and config.timers.holdtime is vyos_defined %} neighbor {{ neighbor }} timers {{ config.timers.keepalive }} {{ config.timers.holdtime }} {% endif %} {% endif %} -{% if config.update_source is defined and config.update_source is not none %} +{% if config.update_source is vyos_defined %} neighbor {{ neighbor }} update-source {{ config.update_source }} {% endif %} -{% if config.interface is defined and config.interface is not none %} -{% if config.interface.peer_group is defined and config.interface.peer_group is not none %} +{% if config.interface is vyos_defined %} +{% if config.interface.peer_group is vyos_defined %} neighbor {{ neighbor }} interface peer-group {{ config.interface.peer_group }} {% endif %} -{% if config.interface.source_interface is defined and config.interface.source_interface is not none %} +{% if config.interface.source_interface is vyos_defined %} neighbor {{ neighbor }} interface {{ config.interface.source_interface }} {% endif %} -{% if config.interface.v6only is defined and config.interface.v6only is not none %} -{% if config.interface.v6only.peer_group is defined and config.interface.v6only.peer_group is not none %} +{% if config.interface.v6only is vyos_defined %} +{% if config.interface.v6only.peer_group is vyos_defined %} neighbor {{ neighbor }} interface v6only peer-group {{ config.interface.v6only.peer_group }} {% endif %} -{% if config.interface.v6only.remote_as is defined and config.interface.v6only.remote_as is not none %} +{% if config.interface.v6only.remote_as is vyos_defined %} neighbor {{ neighbor }} interface v6only remote-as {{ config.interface.v6only.remote_as }} {% endif %} {% endif %} {% endif %} ! -{% if config.address_family is defined and config.address_family is not none %} +{% if config.address_family is vyos_defined %} {% for afi, afi_config in config.address_family.items() %} {% if afi == 'ipv4_unicast' %} address-family ipv4 unicast @@ -134,104 +134,96 @@ {% elif afi == 'l2vpn_evpn' %} address-family l2vpn evpn {% endif %} -{% if afi_config.addpath_tx_all is defined %} +{% if afi_config.addpath_tx_all is vyos_defined %} neighbor {{ neighbor }} addpath-tx-all-paths {% endif %} -{% if afi_config.addpath_tx_per_as is defined %} +{% if afi_config.addpath_tx_per_as is vyos_defined %} neighbor {{ neighbor }} addpath-tx-bestpath-per-AS {% endif %} -{% if afi_config.allowas_in is defined and afi_config.allowas_in is not none %} - neighbor {{ neighbor }} allowas-in {{ afi_config.allowas_in.number if afi_config.allowas_in.number is defined }} +{% if afi_config.allowas_in is vyos_defined %} + neighbor {{ neighbor }} allowas-in {{ afi_config.allowas_in.number if afi_config.allowas_in.number is vyos_defined }} {% endif %} -{% if afi_config.as_override is defined %} +{% if afi_config.as_override is vyos_defined %} neighbor {{ neighbor }} as-override {% endif %} -{% if afi_config.conditionally_advertise is defined and afi_config.conditionally_advertise is not none %} -{% if afi_config.conditionally_advertise.advertise_map is defined and afi_config.conditionally_advertise.advertise_map is not none %} +{% if afi_config.conditionally_advertise is vyos_defined %} +{% if afi_config.conditionally_advertise.advertise_map is vyos_defined %} {% set exist_non_exist_map = 'exist-map' %} -{% if afi_config.conditionally_advertise.exist_map is defined and afi_config.conditionally_advertise.exist_map is not none %} +{% if afi_config.conditionally_advertise.exist_map is vyos_defined %} {% set exist_non_exist_map = 'exist-map ' ~ afi_config.conditionally_advertise.exist_map %} -{% elif afi_config.conditionally_advertise.non_exist_map is defined and afi_config.conditionally_advertise.non_exist_map is not none %} +{% elif afi_config.conditionally_advertise.non_exist_map is vyos_defined %} {% set exist_non_exist_map = 'non-exist-map ' ~ afi_config.conditionally_advertise.non_exist_map %} {% endif %} neighbor {{ neighbor }} advertise-map {{ afi_config.conditionally_advertise.advertise_map }} {{ exist_non_exist_map }} {% endif %} {% endif %} -{% if afi_config.remove_private_as is defined %} +{% if afi_config.remove_private_as is vyos_defined %} neighbor {{ neighbor }} remove-private-AS {% endif %} -{% if afi_config.route_reflector_client is defined %} +{% if afi_config.route_reflector_client is vyos_defined %} neighbor {{ neighbor }} route-reflector-client {% endif %} -{% if afi_config.weight is defined and afi_config.weight is not none %} +{% if afi_config.weight is vyos_defined %} neighbor {{ neighbor }} weight {{ afi_config.weight }} {% endif %} -{% if afi_config.attribute_unchanged is defined and afi_config.attribute_unchanged is not none %} - neighbor {{ neighbor }} attribute-unchanged {{ 'as-path ' if afi_config.attribute_unchanged.as_path is defined }}{{ 'med ' if afi_config.attribute_unchanged.med is defined }}{{ 'next-hop ' if afi_config.attribute_unchanged.next_hop is defined }} +{% if afi_config.attribute_unchanged is vyos_defined %} + neighbor {{ neighbor }} attribute-unchanged {{ 'as-path ' if afi_config.attribute_unchanged.as_path is vyos_defined }}{{ 'med ' if afi_config.attribute_unchanged.med is vyos_defined }}{{ 'next-hop ' if afi_config.attribute_unchanged.next_hop is vyos_defined }} {% endif %} -{% if afi_config.capability is defined and afi_config.capability.orf is defined and afi_config.capability.orf.prefix_list is defined and afi_config.capability.orf.prefix_list.send is defined %} +{% if afi_config.capability.orf.prefix_list.send is vyos_defined %} neighbor {{ neighbor }} capability orf prefix-list send {% endif %} -{% if afi_config.capability is defined and afi_config.capability.orf is defined and afi_config.capability.orf.prefix_list is defined and afi_config.capability.orf.prefix_list.receive is defined %} +{% if afi_config.capability.orf.prefix_list.receive is vyos_defined %} neighbor {{ neighbor }} capability orf prefix-list receive {% endif %} -{% if afi_config.default_originate is defined %} - neighbor {{ neighbor }} default-originate {{ 'route-map ' ~ afi_config.default_originate.route_map if afi_config.default_originate.route_map is defined }} +{% if afi_config.default_originate is vyos_defined %} + neighbor {{ neighbor }} default-originate {{ 'route-map ' ~ afi_config.default_originate.route_map if afi_config.default_originate.route_map is vyos_defined }} {% endif %} -{% if afi_config.distribute_list is defined and afi_config.distribute_list is not none %} -{% if afi_config.distribute_list.export is defined and afi_config.distribute_list.export is not none %} +{% if afi_config.distribute_list.export is vyos_defined %} neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.export }} out -{% endif %} -{% if afi_config.distribute_list.import is defined and afi_config.distribute_list.import is not none %} +{% endif %} +{% if afi_config.distribute_list.import is vyos_defined %} neighbor {{ neighbor }} distribute-list {{ afi_config.distribute_list.import }} in -{% endif %} {% endif %} -{% if afi_config.filter_list is defined and afi_config.filter_list is not none %} -{% if afi_config.filter_list.export is defined and afi_config.filter_list.export is not none %} +{% if afi_config.filter_list.export is vyos_defined %} neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.export }} out -{% endif %} -{% if afi_config.filter_list.import is defined and afi_config.filter_list.import is not none %} +{% endif %} +{% if afi_config.filter_list.import is vyos_defined %} neighbor {{ neighbor }} filter-list {{ afi_config.filter_list.import }} in -{% endif %} {% endif %} -{% if afi_config.maximum_prefix is defined and afi_config.maximum_prefix is not none %} +{% if afi_config.maximum_prefix is vyos_defined %} neighbor {{ neighbor }} maximum-prefix {{ afi_config.maximum_prefix }} {% endif %} -{% if afi_config.maximum_prefix_out is defined and afi_config.maximum_prefix_out is not none %} +{% if afi_config.maximum_prefix_out is vyos_defined %} neighbor {{ neighbor }} maximum-prefix-out {{ afi_config.maximum_prefix_out }} {% endif %} -{% if afi_config.nexthop_self is defined %} - neighbor {{ neighbor }} next-hop-self {{ 'force' if afi_config.nexthop_self.force is defined }} +{% if afi_config.nexthop_self is vyos_defined %} + neighbor {{ neighbor }} next-hop-self {{ 'force' if afi_config.nexthop_self.force is vyos_defined }} {% endif %} -{% if afi_config.route_server_client is defined %} +{% if afi_config.route_server_client is vyos_defined %} neighbor {{ neighbor }} route-server-client {% endif %} -{% if afi_config.route_map is defined and afi_config.route_map is not none %} -{% if afi_config.route_map.export is defined and afi_config.route_map.export is not none %} +{% if afi_config.route_map.export is vyos_defined %} neighbor {{ neighbor }} route-map {{ afi_config.route_map.export }} out -{% endif %} -{% if afi_config.route_map.import is defined and afi_config.route_map.import is not none %} +{% endif %} +{% if afi_config.route_map.import is vyos_defined %} neighbor {{ neighbor }} route-map {{ afi_config.route_map.import }} in -{% endif %} {% endif %} -{% if afi_config.prefix_list is defined and afi_config.prefix_list is not none %} -{% if afi_config.prefix_list.export is defined and afi_config.prefix_list.export is not none %} +{% if afi_config.prefix_list.export is vyos_defined %} neighbor {{ neighbor }} prefix-list {{ afi_config.prefix_list.export }} out -{% endif %} -{% if afi_config.prefix_list.import is defined and afi_config.prefix_list.import is not none %} +{% endif %} +{% if afi_config.prefix_list.import is vyos_defined %} neighbor {{ neighbor }} prefix-list {{ afi_config.prefix_list.import }} in -{% endif %} {% endif %} -{% if afi_config.soft_reconfiguration is defined and afi_config.soft_reconfiguration.inbound is defined %} +{% if afi_config.soft_reconfiguration.inbound is vyos_defined %} neighbor {{ neighbor }} soft-reconfiguration inbound {% endif %} -{% if afi_config.unsuppress_map is defined and afi_config.unsuppress_map is not none %} +{% if afi_config.unsuppress_map is vyos_defined %} neighbor {{ neighbor }} unsuppress-map {{ afi_config.unsuppress_map }} {% endif %} -{% if afi_config.disable_send_community is defined and afi_config.disable_send_community.extended is defined %} +{% if afi_config.disable_send_community.extended is vyos_defined %} no neighbor {{ neighbor }} send-community extended {% endif %} -{% if afi_config.disable_send_community is defined and afi_config.disable_send_community.standard is defined %} +{% if afi_config.disable_send_community.standard is vyos_defined %} no neighbor {{ neighbor }} send-community standard {% endif %} neighbor {{ neighbor }} activate @@ -241,8 +233,8 @@ {% endif %} {% endmacro %} ! -router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none }} -{% if parameters is defined and parameters.ebgp_requires_policy is defined %} +router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }} +{% if parameters.ebgp_requires_policy is vyos_defined %} bgp ebgp-requires-policy {% else %} no bgp ebgp-requires-policy @@ -251,7 +243,7 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none no bgp default ipv4-unicast {# Workaround for T2100 until we have decided about a migration script #} no bgp network import-check -{% if address_family is defined and address_family is not none %} +{% if address_family is vyos_defined %} {% for afi, afi_config in address_family.items() %} ! {% if afi == 'ipv4_unicast' %} @@ -276,25 +268,25 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none address-family ipv6 flowspec {% elif afi == 'l2vpn_evpn' %} address-family l2vpn evpn -{% if afi_config.rd is defined and afi_config.rd is not none %} +{% if afi_config.rd is vyos_defined %} rd {{ afi_config.rd }} {% endif %} {% endif %} -{% if afi_config.aggregate_address is defined and afi_config.aggregate_address is not none %} +{% if afi_config.aggregate_address is vyos_defined %} {% for aggregate, aggregate_config in afi_config.aggregate_address.items() %} - aggregate-address {{ aggregate }}{{ ' as-set' if aggregate_config.as_set is defined }}{{ ' summary-only' if aggregate_config.summary_only is defined }} -{% if aggregate_config.route_map is defined and aggregate_config.route_map is not none %} + aggregate-address {{ aggregate }}{{ ' as-set' if aggregate_config.as_set is vyos_defined }}{{ ' summary-only' if aggregate_config.summary_only is vyos_defined }} +{% if aggregate_config.route_map is vyos_defined %} aggregate-address {{ aggregate }} route-map {{ aggregate_config.route_map }} {% endif %} {% endfor %} {% endif %} -{% if afi_config.maximum_paths is defined and afi_config.maximum_paths.ebgp is defined and afi_config.maximum_paths.ebgp is not none %} +{% if afi_config.maximum_paths.ebgp is vyos_defined %} maximum-paths {{ afi_config.maximum_paths.ebgp }} {% endif %} -{% if afi_config.maximum_paths is defined and afi_config.maximum_paths.ibgp is defined and afi_config.maximum_paths.ibgp is not none %} +{% if afi_config.maximum_paths.ibgp is vyos_defined %} maximum-paths ibgp {{ afi_config.maximum_paths.ibgp }} {% endif %} -{% if afi_config.redistribute is defined and afi_config.redistribute is not none %} +{% if afi_config.redistribute is vyos_defined %} {% for protocol in afi_config.redistribute %} {% if protocol == 'table' %} redistribute table {{ afi_config.redistribute[protocol].table }} @@ -303,135 +295,123 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none {% if protocol == 'ospfv3' %} {% set redistribution_protocol = 'ospf6' %} {% endif %} - redistribute {{ redistribution_protocol }}{% if afi_config.redistribute[protocol].metric is defined %} metric {{ afi_config.redistribute[protocol].metric }}{% endif %}{% if afi_config.redistribute[protocol].route_map is defined %} route-map {{ afi_config.redistribute[protocol].route_map }}{% endif %} + redistribute {{ redistribution_protocol }}{% if afi_config.redistribute[protocol].metric is vyos_defined %} metric {{ afi_config.redistribute[protocol].metric }}{% endif %}{% if afi_config.redistribute[protocol].route_map is vyos_defined %} route-map {{ afi_config.redistribute[protocol].route_map }}{% endif %} {####### we need this blank line!! #######} {% endif %} {% endfor %} {% endif %} -{% if afi_config.network is defined and afi_config.network is not none %} +{% if afi_config.network is vyos_defined %} {% for network in afi_config.network %} - network {{ network }}{% if afi_config.network[network].route_map is defined %} route-map {{ afi_config.network[network].route_map }}{% endif %}{% if afi_config.network[network].backdoor is defined %} backdoor{% endif %}{% if afi_config.network[network].rd is defined and afi_config.network[network].label is defined%} rd {{ afi_config.network[network].rd }} label {{ afi_config.network[network].label }}{% endif %} + network {{ network }}{% if afi_config.network[network].route_map is vyos_defined %} route-map {{ afi_config.network[network].route_map }}{% endif %}{% if afi_config.network[network].backdoor is vyos_defined %} backdoor{% endif %}{% if afi_config.network[network].rd is vyos_defined and afi_config.network[network].label is vyos_defined %} rd {{ afi_config.network[network].rd }} label {{ afi_config.network[network].label }}{% endif %} {####### we need this blank line!! #######} {% endfor %} {% endif %} -{% if afi_config.advertise is defined and afi_config.advertise is not none %} +{% if afi_config.advertise is vyos_defined %} {% for adv_afi, adv_afi_config in afi_config.advertise.items() %} -{% if adv_afi_config.unicast is defined and adv_afi_config.unicast is not none %} - advertise {{ adv_afi }} unicast {{ 'route-map ' ~ adv_afi_config.unicast.route_map if adv_afi_config.unicast.route_map is defined }} +{% if adv_afi_config.unicast is vyos_defined %} + advertise {{ adv_afi }} unicast {{ 'route-map ' ~ adv_afi_config.unicast.route_map if adv_afi_config.unicast.route_map is vyos_defined }} {% endif %} {% endfor %} {% endif %} -{% if afi_config.distance is defined and afi_config.distance is not none %} -{% if afi_config.distance is defined and afi_config.distance.external is defined and afi_config.distance.internal is defined and afi_config.distance.local is defined %} +{% if afi_config.distance.external is vyos_defined and afi_config.distance.internal is vyos_defined and afi_config.distance.local is vyos_defined %} distance bgp {{ afi_config.distance.external }} {{ afi_config.distance.internal }} {{ afi_config.distance.local }} -{% endif %} -{% if afi_config.distance.prefix is defined and afi_config.distance.prefix is not none %} -{% for prefix in afi_config.distance.prefix %} +{% endif %} +{% if afi_config.distance.prefix is vyos_defined %} +{% for prefix in afi_config.distance.prefix %} distance {{ afi_config.distance.prefix[prefix].distance }} {{ prefix }} -{% endfor %} -{% endif %} +{% endfor %} {% endif %} -{% if afi_config.export is defined and afi_config.export.vpn is defined %} +{% if afi_config.export.vpn is vyos_defined %} export vpn {% endif %} -{% if afi_config.import is defined and afi_config.import is not none %} -{% if afi_config.import.vpn is defined %} +{% if afi_config.import.vpn is vyos_defined %} import vpn -{% endif %} -{% if afi_config.import.vrf is defined and afi_config.import.vrf is not none %} -{% for vrf in afi_config.import.vrf %} +{% endif %} +{% if afi_config.import.vrf is vyos_defined %} +{% for vrf in afi_config.import.vrf %} import vrf {{ vrf }} -{% endfor %} -{% endif %} +{% endfor %} {% endif %} -{% if afi_config.label is defined and afi_config.label.vpn is defined and afi_config.label.vpn.export is defined and afi_config.label.vpn.export is not none %} +{% if afi_config.label.vpn.export is vyos_defined %} label vpn export {{ afi_config.label.vpn.export }} {% endif %} -{% if afi_config.local_install is defined and afi_config.local_install is not none %} +{% if afi_config.local_install is vyos_defined %} {% for interface in afi_config.local_install.interface %} local-install {{ interface }} {% endfor %} {% endif %} -{% if afi_config.advertise_all_vni is defined %} +{% if afi_config.advertise_all_vni is vyos_defined %} advertise-all-vni {% endif %} -{% if afi_config.advertise_default_gw is defined %} +{% if afi_config.advertise_default_gw is vyos_defined %} advertise-default-gw {% endif %} -{% if afi_config.advertise_pip is defined and afi_config.advertise_pip is not none %} +{% if afi_config.advertise_pip is vyos_defined %} advertise-pip ip {{ afi_config.advertise_pip }} {% endif %} -{% if afi_config.advertise_svi_ip is defined %} +{% if afi_config.advertise_svi_ip is vyos_defined %} advertise-svi-ip {% endif %} -{% if afi_config.rt_auto_derive is defined %} +{% if afi_config.rt_auto_derive is vyos_defined %} autort rfc8365-compatible {% endif %} -{% if afi_config.flooding is defined and afi_config.flooding.disable is defined %} +{% if afi_config.flooding.disable is vyos_defined %} flooding disable {% endif %} -{% if afi_config.flooding is defined and afi_config.flooding.head_end_replication is defined %} +{% if afi_config.flooding.head_end_replication is vyos_defined %} flooding head-end-replication {% endif %} -{% if afi_config.rd is defined and afi_config.rd.vpn is defined and afi_config.rd.vpn.export is defined %} +{% if afi_config.rd.vpn.export is vyos_defined %} rd vpn export {{ afi_config.rd.vpn.export }} {% endif %} -{% if afi_config.route_target is defined and afi_config.route_target is not none %} -{% if afi_config.route_target.vpn is defined and afi_config.route_target.vpn is not none %} -{% if afi_config.route_target.vpn.both is defined and afi_config.route_target.vpn.both is not none %} +{% if afi_config.route_target.vpn.both is vyos_defined %} route-target vpn both {{ afi_config.route_target.vpn.both }} -{% else %} -{% if afi_config.route_target.vpn.export is defined and afi_config.route_target.vpn.export is not none %} +{% else %} +{% if afi_config.route_target.vpn.export is vyos_defined %} route-target vpn export {{ afi_config.route_target.vpn.export }} -{% endif %} -{% if afi_config.route_target.vpn.import is defined and afi_config.route_target.vpn.import is not none %} +{% endif %} +{% if afi_config.route_target.vpn.import is vyos_defined %} route-target vpn import {{ afi_config.route_target.vpn.import }} -{% endif %} -{% endif %} {% endif %} -{% if afi_config.route_target.both is defined and afi_config.route_target.both is not none %} +{% endif %} +{% if afi_config.route_target.both is vyos_defined %} route-target both {{ afi_config.route_target.both }} -{% else %} -{% if afi_config.route_target.export is defined and afi_config.route_target.export is not none %} +{% else %} +{% if afi_config.route_target.export is vyos_defined %} route-target export {{ afi_config.route_target.export }} -{% endif %} -{% if afi_config.route_target.import is defined and afi_config.route_target.import is not none %} +{% endif %} +{% if afi_config.route_target.import is vyos_defined %} route-target import {{ afi_config.route_target.import }} -{% endif %} {% endif %} {% endif %} -{% if afi_config.route_map is defined and afi_config.route_map.vpn is defined and afi_config.route_map.vpn is not none %} -{% if afi_config.route_map.vpn.export is defined and afi_config.route_map.vpn.export is not none %} +{% if afi_config.route_map.vpn.export is vyos_defined %} route-map vpn export {{ afi_config.route_map.vpn.export }} -{% endif %} -{% if afi_config.route_map.vpn.import is defined and afi_config.route_map.vpn.import is not none %} +{% endif %} +{% if afi_config.route_map.vpn.import is vyos_defined %} route-map vpn import {{ afi_config.route_map.vpn.import }} -{% endif %} {% endif %} -{% if afi_config.vni is defined and afi_config.vni is not none %} +{% if afi_config.vni is vyos_defined %} {% for vni, vni_config in afi_config.vni.items() %} vni {{ vni }} -{% if vni_config.advertise_default_gw is defined %} +{% if vni_config.advertise_default_gw is vyos_defined %} advertise-default-gw {% endif %} -{% if vni_config.advertise_svi_ip is defined %} +{% if vni_config.advertise_svi_ip is vyos_defined %} advertise-svi-ip {% endif %} -{% if vni_config.rd is defined and vni_config.rd is not none %} +{% if vni_config.rd is vyos_defined %} rd {{ vni_config.rd }} {% endif %} -{% if vni_config.route_target is defined and vni_config.route_target is not none %} -{% if vni_config.route_target.both is defined and vni_config.route_target.both is not none %} +{% if vni_config.route_target.both is vyos_defined %} route-target both {{ vni_config.route_target.both }} -{% endif %} -{% if vni_config.route_target.export is defined and vni_config.route_target.export is not none %} +{% endif %} +{% if vni_config.route_target.export is vyos_defined %} route-target export {{ vni_config.route_target.export }} -{% endif %} -{% if vni_config.route_target.import is defined and vni_config.route_target.import is not none %} +{% endif %} +{% if vni_config.route_target.import is vyos_defined %} route-target import {{ vni_config.route_target.import }} -{% endif %} {% endif %} exit-vni {% endfor %} @@ -440,125 +420,116 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none {% endfor %} {% endif %} ! -{% if peer_group is defined and peer_group is not none %} +{% if peer_group is vyos_defined %} {% for peer, config in peer_group.items() %} {{ bgp_neighbor(peer, config, true) }} {% endfor %} {% endif %} ! -{% if neighbor is defined and neighbor is not none %} +{% if neighbor is vyos_defined %} {% for peer, config in neighbor.items() %} {{ bgp_neighbor(peer, config) }} {% endfor %} {% endif %} ! -{% if listen is defined %} -{% if listen.limit is defined and listen.limit is not none %} +{% if listen.limit is vyos_defined %} bgp listen limit {{ listen.limit }} -{% endif %} +{% endif %} +{% if listen.range is vyos_defined %} {% for prefix, options in listen.range.items() %} -{% if options.peer_group is defined and options.peer_group is not none %} +{% if options.peer_group is vyos_defined %} bgp listen range {{ prefix }} peer-group {{ options.peer_group }} {% endif %} {% endfor %} {% endif %} -{% if parameters is defined %} -{% if parameters.always_compare_med is defined %} +{% if parameters.always_compare_med is vyos_defined %} bgp always-compare-med -{% endif %} -{% if parameters.bestpath is defined and parameters.bestpath is not none %} -{% if parameters.bestpath.as_path is defined and parameters.bestpath.as_path is not none %} -{% for option in parameters.bestpath.as_path %} +{% endif %} +{% if parameters.bestpath.as_path is vyos_defined %} +{% for option in parameters.bestpath.as_path %} {# replace is required for multipath-relax option #} bgp bestpath as-path {{ option|replace('_', '-') }} -{% endfor %} -{% endif %} -{% if parameters.bestpath.bandwidth is defined and parameters.bestpath.bandwidth is not none %} +{% endfor %} +{% endif %} +{% if parameters.bestpath.bandwidth is vyos_defined %} bgp bestpath bandwidth {{ parameters.bestpath.bandwidth }} -{% endif %} -{% if parameters.bestpath.compare_routerid is defined %} +{% endif %} +{% if parameters.bestpath.compare_routerid is vyos_defined %} bgp bestpath compare-routerid -{% endif %} -{% if parameters.bestpath.med is defined and parameters.bestpath.med is not none %} - bgp bestpath med {{ 'confed' if parameters.bestpath.med.confed is defined }} {{ 'missing-as-worst' if parameters.bestpath.med.missing_as_worst is defined }} -{% endif %} -{% endif %} -{% if parameters.cluster_id is defined and parameters.cluster_id is not none %} +{% endif %} +{% if parameters.bestpath.med is vyos_defined %} + bgp bestpath med {{ 'confed' if parameters.bestpath.med.confed is vyos_defined }} {{ 'missing-as-worst' if parameters.bestpath.med.missing_as_worst is vyos_defined }} +{% endif %} +{% if parameters.cluster_id is vyos_defined %} bgp cluster-id {{ parameters.cluster_id }} -{% endif %} -{% if parameters.conditional_advertisement is defined and parameters.conditional_advertisement is not none %} -{% if parameters.conditional_advertisement.timer is defined and parameters.conditional_advertisement.timer is not none %} +{% endif %} +{% if parameters.conditional_advertisement.timer is vyos_defined %} bgp conditional-advertisement timer {{ parameters.conditional_advertisement.timer }} -{% endif %} -{% endif %} -{% if parameters.confederation is defined and parameters.confederation is not none %} -{% if parameters.confederation.identifier is defined and parameters.confederation.identifier is not none %} +{% endif %} +{% if parameters.confederation.identifier is vyos_defined %} bgp confederation identifier {{ parameters.confederation.identifier }} -{% endif %} -{% if parameters.confederation.peers is defined and parameters.confederation.peers is not none %} +{% endif %} +{% if parameters.confederation.peers is vyos_defined %} bgp confederation peers {{ parameters.confederation.peers | join(' ') }} -{% endif %} -{% endif %} -{% if parameters.dampening is defined and parameters.dampening is defined and parameters.dampening.half_life is defined and parameters.dampening.half_life is not none %} +{% endif %} +{% if parameters.dampening.half_life is vyos_defined %} {# Doesn't work in current FRR configuration; vtysh (bgp dampening 16 751 2001 61) #} - bgp dampening {{ parameters.dampening.half_life }} {{ parameters.dampening.re_use if parameters.dampening.re_use is defined }} {{ parameters.dampening.start_suppress_time if parameters.dampening.start_suppress_time is defined }} {{ parameters.dampening.max_suppress_time if parameters.dampening.max_suppress_time is defined }} -{% endif %} -{% if parameters.default is defined and parameters.default is not none %} -{% if parameters.default.local_pref is defined and parameters.default.local_pref is not none %} + bgp dampening {{ parameters.dampening.half_life }} {{ parameters.dampening.re_use if parameters.dampening.re_use is vyos_defined }} {{ parameters.dampening.start_suppress_time if parameters.dampening.start_suppress_time is vyos_defined }} {{ parameters.dampening.max_suppress_time if parameters.dampening.max_suppress_time is vyos_defined }} +{% endif %} +{% if parameters.default.local_pref is vyos_defined %} bgp default local-preference {{ parameters.default.local_pref }} -{% endif %} -{% endif %} -{% if parameters.deterministic_med is defined %} +{% endif %} +{% if parameters.deterministic_med is vyos_defined %} bgp deterministic-med -{% endif %} -{% if parameters.distance is defined and parameters.distance is not none %} -{% if parameters.distance.global is defined and parameters.distance.global.external is defined and parameters.distance.global.internal is defined and parameters.distance.global.local is defined %} +{% endif %} +{% if parameters.distance.global.external is vyos_defined and parameters.distance.global.internal is vyos_defined and parameters.distance.global.local is vyos_defined %} distance bgp {{ parameters.distance.global.external }} {{ parameters.distance.global.internal }} {{ parameters.distance.global.local }} -{% endif %} -{% if parameters.distance.prefix is defined and parameters.distance.prefix is not none %} -{% for prefix in parameters.distance.prefix %} +{% endif %} +{% if parameters.distance.prefix is vyos_defined %} +{% for prefix in parameters.distance.prefix %} distance {{ parameters.distance.prefix[prefix].distance }} {{ prefix }} -{% endfor %} -{% endif %} -{% endif %} -{% if parameters.fast_convergence is defined %} +{% endfor %} +{% endif %} +{% if parameters.fast_convergence is vyos_defined %} bgp fast-convergence -{% endif %} -{% if parameters.graceful_restart is defined %} - bgp graceful-restart {{ 'stalepath-time ' ~ parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is defined }} -{% endif %} -{% if parameters.graceful_shutdown is defined %} +{% endif %} +{% if parameters.graceful_restart is vyos_defined %} + bgp graceful-restart {{ 'stalepath-time ' ~ parameters.graceful_restart.stalepath_time if parameters.graceful_restart.stalepath_time is vyos_defined }} +{% endif %} +{% if parameters.graceful_shutdown is vyos_defined %} bgp graceful-shutdown -{% endif %} -{% if parameters.log_neighbor_changes is defined %} +{% endif %} +{% if parameters.log_neighbor_changes is vyos_defined %} bgp log-neighbor-changes -{% endif %} -{% if parameters.minimum_holdtime is defined and parameters.minimum_holdtime is not none %} +{% endif %} +{% if parameters.minimum_holdtime is vyos_defined %} bgp minimum-holdtime {{ parameters.minimum_holdtime }} -{% endif %} -{% if parameters.network_import_check is defined %} +{% endif %} +{% if parameters.network_import_check is vyos_defined %} bgp network import-check -{% endif %} -{% if parameters.no_client_to_client_reflection is defined %} +{% endif %} +{% if parameters.no_client_to_client_reflection is vyos_defined %} no bgp client-to-client reflection -{% endif %} -{% if parameters.no_fast_external_failover is defined %} +{% endif %} +{% if parameters.no_fast_external_failover is vyos_defined %} no bgp fast-external-failover -{% endif %} -{% if parameters.reject_as_sets is defined %} +{% endif %} +{% if parameters.no_suppress_duplicates is vyos_defined %} + no bgp suppress-duplicates +{% endif %} +{% if parameters.reject_as_sets is vyos_defined %} bgp reject-as-sets -{% endif %} -{% if parameters.router_id is defined and parameters.router_id is not none %} +{% endif %} +{% if parameters.router_id is vyos_defined and parameters.router_id is not none %} bgp router-id {{ parameters.router_id }} -{% endif %} -{% if parameters.shutdown is defined %} +{% endif %} +{% if parameters.shutdown is vyos_defined %} bgp shutdown -{% endif %} -{% if parameters.suppress_fib_pending is defined %} +{% endif %} +{% if parameters.suppress_fib_pending is vyos_defined %} bgp suppress-fib-pending -{% endif %} {% endif %} -{% if timers is defined and timers.keepalive is defined and timers.holdtime is defined %} +{% if timers.keepalive is vyos_defined and timers.holdtime is vyos_defined %} timers bgp {{ timers.keepalive }} {{ timers.holdtime }} {% endif %} exit diff --git a/data/templates/frr/isisd.frr.tmpl b/data/templates/frr/isisd.frr.tmpl index b1e3f825b..238541903 100644 --- a/data/templates/frr/isisd.frr.tmpl +++ b/data/templates/frr/isisd.frr.tmpl @@ -1,46 +1,48 @@ ! -{% if interface is defined and interface is not none %} +{% if interface is vyos_defined %} {% for iface, iface_config in interface.items() %} -interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} +interface {{ iface }} ip router isis VyOS ipv6 router isis VyOS -{% if iface_config.bfd is defined %} +{% if iface_config.bfd is vyos_defined %} isis bfd -{% if iface_config.bfd.profile is defined and iface_config.bfd.profile is not none %} +{% if iface_config.bfd.profile is vyos_defined %} isis bfd profile {{ iface_config.bfd.profile }} {% endif %} {% endif %} -{% if iface_config.network is defined and iface_config.network.point_to_point is defined %} +{% if iface_config.network.point_to_point is vyos_defined %} isis network point-to-point {% endif %} -{% if iface_config.circuit_type is defined %} +{% if iface_config.circuit_type is vyos_defined %} isis circuit-type {{ iface_config.circuit_type }} {% endif %} -{% if iface_config.hello_interval is defined and iface_config.hello_interval is not none %} +{% if iface_config.hello_interval is vyos_defined %} isis hello-interval {{ iface_config.hello_interval }} {% endif %} -{% if iface_config.hello_multiplier is defined and iface_config.hello_multiplier is not none %} +{% if iface_config.hello_multiplier is vyos_defined %} isis hello-multiplier {{ iface_config.hello_multiplier }} {% endif %} -{% if iface_config.hello_padding is defined %} +{% if iface_config.hello_padding is vyos_defined %} isis hello padding {% endif %} -{% if iface_config.metric is defined and iface_config.metric is not none %} +{% if iface_config.metric is vyos_defined %} isis metric {{ iface_config.metric }} {% endif %} -{% if iface_config.passive is defined %} +{% if iface_config.passive is vyos_defined %} isis passive {% endif %} -{% if iface_config.password is defined and iface_config.password.plaintext_password is defined and iface_config.password.plaintext_password is not none %} +{% if iface_config.password.md5 is vyos_defined %} + isis password md5 {{ iface_config.password.md5 }} +{% elif iface_config.password.plaintext_password is vyos_defined %} isis password clear {{ iface_config.password.plaintext_password }} {% endif %} -{% if iface_config.priority is defined and iface_config.priority is not none %} +{% if iface_config.priority is vyos_defined %} isis priority {{ iface_config.priority }} {% endif %} -{% if iface_config.psnp_interval is defined and iface_config.psnp_interval is not none %} +{% if iface_config.psnp_interval is vyos_defined %} isis psnp-interval {{ iface_config.psnp_interval }} {% endif %} -{% if iface_config.no_three_way_handshake is defined %} +{% if iface_config.no_three_way_handshake is vyos_defined %} no isis three-way-handshake {% endif %} exit @@ -48,98 +50,95 @@ exit {% endfor %} {% endif %} ! -router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} +router isis VyOS {{ 'vrf ' + vrf if vrf is vyos_defined }} net {{ net }} -{% if dynamic_hostname is defined %} +{% if dynamic_hostname is vyos_defined %} hostname dynamic {% endif %} -{% if purge_originator is defined %} +{% if purge_originator is vyos_defined %} purge-originator {% endif %} -{% if set_attached_bit is defined %} +{% if set_attached_bit is vyos_defined %} set-attached-bit {% endif %} -{% if set_overload_bit is defined %} +{% if set_overload_bit is vyos_defined %} set-overload-bit {% endif %} -{% if domain_password is defined and domain_password is not none %} -{% if domain_password.md5 is defined and domain_password.md5 is not none %} +{% if domain_password.md5 is vyos_defined %} domain-password md5 {{ domain_password.plaintext_password }} -{% elif domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %} +{% elif domain_password.plaintext_password is vyos_defined %} domain-password clear {{ domain_password.plaintext_password }} -{% endif %} {% endif %} -{% if log_adjacency_changes is defined %} +{% if log_adjacency_changes is vyos_defined %} log-adjacency-changes {% endif %} -{% if lsp_gen_interval is defined and lsp_gen_interval is not none %} +{% if lsp_gen_interval is vyos_defined %} lsp-gen-interval {{ lsp_gen_interval }} {% endif %} -{% if lsp_mtu is defined and lsp_mtu is not none %} +{% if lsp_mtu is vyos_defined %} lsp-mtu {{ lsp_mtu }} {% endif %} -{% if lsp_refresh_interval is defined and lsp_refresh_interval is not none %} +{% if lsp_refresh_interval is vyos_defined %} lsp-refresh-interval {{ lsp_refresh_interval }} {% endif %} -{% if max_lsp_lifetime is defined and max_lsp_lifetime is not none %} +{% if max_lsp_lifetime is vyos_defined %} max-lsp-lifetime {{ max_lsp_lifetime }} {% endif %} -{% if spf_interval is defined and spf_interval is not none %} +{% if spf_interval is vyos_defined %} spf-interval {{ spf_interval }} {% endif %} -{% if traffic_engineering is defined and traffic_engineering is not none %} -{% if traffic_engineering.enable is defined %} +{% if traffic_engineering.enable is vyos_defined %} mpls-te on -{% endif %} -{% if traffic_engineering.address is defined %} +{% endif %} +{% if traffic_engineering.address is vyos_defined %} mpls-te router-address {{ traffic_engineering.address }} +{% endif %} +{% if traffic_engineering.inter_as is vyos_defined %} +{% set level = '' %} +{% if traffic_engineering.inter_as.level_1 is vyos_defined %} +{% set level = ' level-1' %} {% endif %} -{% if traffic_engineering.inter_as is defined %} -{% if traffic_engineering.inter_as.level_1 is defined %} - mpls-te inter-as level-1 -{% endif %} -{% if traffic_engineering.inter_as.level_1_2 is defined %} - mpls-te inter-as level-1-2 -{% endif %} -{% if traffic_engineering.inter_as.level_2 is defined %} - mpls-te inter-as level-2-only -{% endif %} -{% else %} - mpls-te inter-as +{% if traffic_engineering.inter_as.level_1_2 is vyos_defined %} +{% set level = ' level-1-2' %} +{% endif %} +{% if traffic_engineering.inter_as.level_2 is vyos_defined %} +{% set level = ' level-2-only' %} {% endif %} + mpls-te inter-as{{ level }} {% endif %} -{% if segment_routing is defined %} -{% if segment_routing.enable is defined %} +{% if segment_routing is vyos_defined %} +{% if segment_routing.enable is vyos_defined %} segment-routing on {% endif %} -{% if segment_routing.maximum_label_depth is defined %} +{% if segment_routing.maximum_label_depth is vyos_defined %} segment-routing node-msd {{ segment_routing.maximum_label_depth }} {% endif %} -{% if segment_routing.global_block is defined %} +{% if segment_routing.global_block is vyos_defined %} +{% if segment_routing.local_block is vyos_defined %} + segment-routing global-block {{ segment_routing.global_block.low_label_value }} {{ segment_routing.global_block.high_label_value }} local-block {{ segment_routing.local_block.low_label_value }} {{ segment_routing.local_block.high_label_value }} +{% else %} segment-routing global-block {{ segment_routing.global_block.low_label_value }} {{ segment_routing.global_block.high_label_value }} +{% endif %} {% endif %} -{% if segment_routing.local_block is defined %} - segment-routing local-block {{ segment_routing.global_block.low_label_value }} {{ segment_routing.local_block.high_label_value }} -{% endif %} -{% if segment_routing.prefix is defined %} +{% if segment_routing.prefix is vyos_defined %} {% for prefixes in segment_routing.prefix %} -{% if segment_routing.prefix[prefixes].absolute is defined %} -{% if segment_routing.prefix[prefixes].absolute.value is defined %} +{% if segment_routing.prefix[prefixes].absolute is vyos_defined %} +{% if segment_routing.prefix[prefixes].absolute.value is vyos_defined %} segment-routing prefix {{ prefixes }} absolute {{ segment_routing.prefix[prefixes].absolute.value }} -{% if segment_routing.prefix[prefixes].absolute.explicit_null is defined %} +{% if segment_routing.prefix[prefixes].absolute.explicit_null is vyos_defined %} segment-routing prefix {{ prefixes }} absolute {{ segment_routing.prefix[prefixes].absolute.value }} explicit-null {% endif %} -{% if segment_routing.prefix[prefixes].absolute.no_php_flag is defined %} +{% if segment_routing.prefix[prefixes].absolute.no_php_flag is vyos_defined %} segment-routing prefix {{ prefixes }} absolute {{ segment_routing.prefix[prefixes].absolute.value }} no-php-flag {% endif %} {% endif %} -{% if segment_routing.prefix[prefixes].index is defined %} -{% if segment_routing.prefix[prefixes].index.value is defined %} +{% if segment_routing.prefix[prefixes].index is vyos_defined %} +{% if segment_routing.prefix[prefixes].index.value is vyos_defined %} segment-routing prefix {{ prefixes }} index {{ segment_routing.prefix[prefixes].index.value }} -{% if segment_routing.prefix[prefixes].index.explicit_null is defined %} +{% if segment_routing.prefix[prefixes].index.explicit_null is vyos_defined %} segment-routing prefix {{ prefixes }} index {{ segment_routing.prefix[prefixes].index.value }} explicit-null {% endif %} -{% if segment_routing.prefix[prefixes].index.no_php_flag is defined %} +{% if segment_routing.prefix[prefixes].index.no_php_flag is vyos_defined %} segment-routing prefix {{ prefixes }} index {{ segment_routing.prefix[prefixes].index.value }} no-php-flag {% endif %} {% endif %} @@ -148,57 +147,51 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% endfor %} {% endif %} {% endif %} -{% if spf_delay_ietf is defined and spf_delay_ietf.init_delay is defined and spf_delay_ietf.init_delay is not none %} +{% if spf_delay_ietf.init_delay is vyos_defined %} spf-delay-ietf init-delay {{ spf_delay_ietf.init_delay }} short-delay {{ spf_delay_ietf.short_delay }} long-delay {{ spf_delay_ietf.long_delay }} holddown {{ spf_delay_ietf.holddown }} time-to-learn {{ spf_delay_ietf.time_to_learn }} {% endif %} -{% if area_password is defined and area_password is not none %} -{% if area_password.md5 is defined and area_password.md5 is not none %} +{% if area_password.md5 is vyos_defined %} area-password md5 {{ area_password.md5 }} -{% elif area_password.plaintext_password is defined and area_password.plaintext_password is not none %} +{% elif area_password.plaintext_password is vyos_defined %} area-password clear {{ area_password.plaintext_password }} -{% endif %} {% endif %} -{% if default_information is defined and default_information.originate is defined and default_information.originate is not none %} +{% if default_information.originate is vyos_defined %} {% for afi, afi_config in default_information.originate.items() %} {% for level, level_config in afi_config.items() %} - default-information originate {{ afi }} {{ level | replace('_', '-') }} {{ 'always' if level_config.always is defined }} {{ 'route-map ' ~ level_config.route_map if level_config.route_map is defined }} {{ 'metric ' ~ level_config.metric if level_config.metric is defined }} + default-information originate {{ afi }} {{ level | replace('_', '-') }} {{ 'always' if level_config.always is vyos_defined }} {{ 'route-map ' ~ level_config.route_map if level_config.route_map is vyos_defined }} {{ 'metric ' ~ level_config.metric if level_config.metric is vyos_defined }} {% endfor %} {% endfor %} {% endif %} -{% if redistribute is defined %} -{% if redistribute.ipv4 is defined and redistribute.ipv4 is not none %} -{% for protocol, protocol_options in redistribute.ipv4.items() %} -{% for level, level_config in protocol_options.items() %} -{% if level_config.metric is defined and level_config.metric is not none %} +{% if redistribute.ipv4 is vyos_defined %} +{% for protocol, protocol_options in redistribute.ipv4.items() %} +{% for level, level_config in protocol_options.items() %} +{% if level_config.metric is vyos_defined %} redistribute ipv4 {{ protocol }} {{ level | replace('_', '-') }} metric {{ level_config.metric }} -{% elif level_config.route_map is defined and level_config.route_map is not none %} +{% elif level_config.route_map is vyos_defined %} redistribute ipv4 {{ protocol }} {{ level | replace('_', '-') }} route-map {{ level_config.route_map }} -{% else %} +{% else %} redistribute ipv4 {{ protocol }} {{ level | replace('_', '-') }} -{% endif %} -{% endfor %} +{% endif %} {% endfor %} -{% endif %} -{% if redistribute.ipv6 is defined and redistribute.ipv6 is not none %} -{% for protocol, protocol_options in redistribute.ipv6.items() %} -{% for level, level_config in protocol_options.items() %} -{% if level_config.metric is defined and level_config.metric is not none %} +{% endfor %} +{% endif %} +{% if redistribute.ipv6 is vyos_defined %} +{% for protocol, protocol_options in redistribute.ipv6.items() %} +{% for level, level_config in protocol_options.items() %} +{% if level_config.metric is vyos_defined %} redistribute ipv6 {{ protocol }} {{ level | replace('_', '-') }} metric {{ level_config.metric }} -{% elif level_config.route_map is defined and level_config.route_map is not none %} +{% elif level_config.route_map is vyos_defined %} redistribute ipv6 {{ protocol }} {{ level | replace('_', '-') }} route-map {{ level_config.route_map }} -{% else %} +{% else %} redistribute ipv6 {{ protocol }} {{ level | replace('_', '-') }} -{% endif %} -{% endfor %} +{% endif %} {% endfor %} -{% endif %} +{% endfor %} {% endif %} -{% if level is defined and level is not none %} -{% if level == 'level-2' %} +{% if level is vyos_defined('level-2') %} is-type level-2-only -{% else %} +{% elif level is vyos_defined %} is-type {{ level }} -{% endif %} {% endif %} exit !
\ No newline at end of file diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl index 537ea4025..5a67b5cdf 100644 --- a/data/templates/frr/ldpd.frr.tmpl +++ b/data/templates/frr/ldpd.frr.tmpl @@ -1,190 +1,157 @@ ! -{% if ldp is defined %} +{% if ldp is vyos_defined %} mpls ldp -{% if ldp.router_id is defined %} +{% if ldp.router_id is vyos_defined %} router-id {{ ldp.router_id }} -{% endif %} -{% if ldp.parameters is defined %} -{% if ldp.parameters.cisco_interop_tlv is defined %} +{% endif %} +{% if ldp.parameters.cisco_interop_tlv is vyos_defined %} dual-stack cisco-interop -{% endif %} -{% if ldp.parameters.transport_prefer_ipv4 is defined%} +{% endif %} +{% if ldp.parameters.transport_prefer_ipv4 is vyos_defined %} dual-stack transport-connection prefer ipv4 -{% endif %} -{% if ldp.parameters.ordered_control is defined%} +{% endif %} +{% if ldp.parameters.ordered_control is vyos_defined %} ordered-control -{% endif %} -{% endif %} -{% if ldp.neighbor is defined %} -{% for neighbors in ldp.neighbor %} -{% if ldp.neighbor[neighbors].password is defined %} - neighbor {{ neighbors }} password {{ ldp.neighbor[neighbors].password }} -{% endif %} -{% if ldp.neighbor[neighbors].ttl_security is defined %} -{% if 'disable' in ldp.neighbor[neighbors].ttl_security %} +{% endif %} +{% if ldp.neighbor is vyos_defined %} +{% for neighbor, neighbor_config in ldp.neighbor %} +{% if neighbor_config.password is vyos_defined %} + neighbor {{ neighbors }} password {{ neighbor_config.password }} +{% endif %} +{% if neighbor_config.ttl_security is vyos_defined %} +{% if neighbor_config.ttl_security.disable is vyos_defined%} neighbor {{ neighbors }} ttl-security disable -{% else %} - neighbor {{ neighbors }} ttl-security hops {{ ldp.neighbor[neighbors].ttl_security }} -{% endif %} -{% endif %} -{% if ldp.neighbor[neighbors].session_holdtime is defined %} - neighbor {{ neighbors }} session holdtime {{ ldp.neighbor[neighbors].session_holdtime }} -{% endif %} -{% endfor %} -{% endif %} +{% else %} + neighbor {{ neighbors }} ttl-security hops {{ neighbor_config.ttl_security }} +{% endif %} +{% endif %} +{% if neighbor_config.session_holdtime is vyos_defined %} + neighbor {{ neighbors }} session holdtime {{ neighbor_config.session_holdtime }} +{% endif %} +{% endfor %} +{% endif %} ! -{% if ldp.discovery is defined %} -{% if ldp.discovery.transport_ipv4_address is defined %} +{% if ldp.discovery.transport_ipv4_address is vyos_defined %} address-family ipv4 -{% if ldp.allocation is defined %} -{% if ldp.allocation.ipv4 is defined %} -{% if ldp.allocation.ipv4.access_list is defined %} +{% if ldp.allocation.ipv4.access_list is vyos_defined %} label local allocate for {{ ldp.allocation.ipv4.access_list }} -{% endif %} -{% endif %} -{% else %} +{% else %} label local allocate host-routes -{% endif %} -{% if ldp.discovery.transport_ipv4_address is defined %} +{% endif %} +{% if ldp.discovery.transport_ipv4_address is vyos_defined %} discovery transport-address {{ ldp.discovery.transport_ipv4_address }} -{% endif %} -{% if ldp.discovery.hello_ipv4_holdtime is defined %} +{% endif %} +{% if ldp.discovery.hello_ipv4_holdtime is vyos_defined %} discovery hello holdtime {{ ldp.discovery.hello_ipv4_holdtime }} -{% endif %} -{% if ldp.discovery.hello_ipv4_interval is defined %} +{% endif %} +{% if ldp.discovery.hello_ipv4_interval is vyos_defined %} discovery hello interval {{ ldp.discovery.hello_ipv4_interval }} -{% endif %} -{% if ldp.discovery.session_ipv4_holdtime is defined %} +{% endif %} +{% if ldp.discovery.session_ipv4_holdtime is vyos_defined %} session holdtime {{ ldp.discovery.session_ipv4_holdtime }} -{% endif %} -{% if ldp.import is defined %} -{% if ldp.import.ipv4 is defined %} -{% if ldp.import.ipv4.import_filter is defined %} -{% if ldp.import.ipv4.import_filter.filter_access_list is defined %} -{% if ldp.import.ipv4.import_filter.neighbor_access_list is defined %} +{% endif %} +{% if ldp.import.ipv4.import_filter.filter_access_list is vyos_defined %} +{% if ldp.import.ipv4.import_filter.neighbor_access_list is vyos_defined %} label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }} from {{ ldp.import.ipv4.import_filter.neighbor_access_list }} -{% else %} +{% else %} label remote accept for {{ ldp.import.ipv4.import_filter.filter_access_list }} -{% endif %} -{% endif %} -{% endif %} -{% endif %} -{% endif %} -{% if ldp.export is defined %} -{% if ldp.export.ipv4 is defined %} -{% if ldp.export.ipv4.explicit_null is defined %} +{% endif %} +{% endif %} +{% if ldp.export.ipv4.explicit_null is vyos_defined %} label local advertise explicit-null -{% endif %} -{% if ldp.export.ipv4.export_filter is defined %} -{% if ldp.export.ipv4.export_filter.filter_access_list is defined %} -{% if ldp.export.ipv4.export_filter.neighbor_access_list is defined %} +{% endif %} +{% if ldp.export.ipv4.export_filter.filter_access_list is vyos_defined %} +{% if ldp.export.ipv4.export_filter.neighbor_access_list is vyos_defined %} label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }} to {{ ldp.export.ipv4.export_filter.neighbor_access_list }} -{% else %} +{% else %} label local advertise for {{ ldp.export.ipv4.export_filter.filter_access_list }} -{% endif %} -{% endif %} -{% endif %} -{% endif %} -{% endif %} -{% if ldp.targeted_neighbor is defined %} -{% if ldp.targeted_neighbor.ipv4.enable is defined %} +{% endif %} +{% endif %} +{% if ldp.targeted_neighbor is vyos_defined %} +{% if ldp.targeted_neighbor.ipv4.enable is vyos_defined %} discovery targeted-hello accept -{% endif %} -{% if ldp.targeted_neighbor.ipv4.hello_holdtime is defined %} +{% endif %} +{% if ldp.targeted_neighbor.ipv4.hello_holdtime is vyos_defined %} discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv4.hello_holdtime }} -{% endif %} -{% if ldp.targeted_neighbor.ipv4.hello_interval is defined %} +{% endif %} +{% if ldp.targeted_neighbor.ipv4.hello_interval is vyos_defined %} discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv4.hello_interval }} -{% endif %} -{% for addresses in ldp.targeted_neighbor.ipv4.address %} - neighbor {{addresses}} targeted -{% endfor %} -{% endif %} -{% for interfaces in ldp.interface %} - interface {{interfaces}} -{% endfor %} +{% endif %} +{% for addresses in ldp.targeted_neighbor.ipv4.address %} + neighbor {{ addresses }} targeted +{% endfor %} +{% endif %} +{% if ldp.interface is vyos_defined %} +{% for interface in ldp.interface %} + interface {{ interface }} + exit +{% endfor %} +{% endif %} exit-address-family -{% else %} +{% else %} no address-family ipv4 -{% endif %} -{% endif %} +{% endif %} ! -{% if ldp.discovery is defined %} -{% if ldp.discovery.transport_ipv6_address is defined %} +{% if ldp.discovery.transport_ipv6_address is vyos_defined %} address-family ipv6 -{% if ldp.allocation is defined %} -{% if ldp.allocation.ipv6 is defined %} -{% if ldp.allocation.ipv6.access_list6 is defined %} +{% if ldp.allocation.ipv6.access_list6 is vyos_defined %} label local allocate for {{ ldp.allocation.ipv6.access_list6 }} -{% endif %} -{% endif %} -{% else %} +{% else %} label local allocate host-routes -{% endif %} -{% if ldp.discovery.transport_ipv6_address is defined %} +{% endif %} +{% if ldp.discovery.transport_ipv6_address is vyos_defined %} discovery transport-address {{ ldp.discovery.transport_ipv6_address }} -{% endif %} -{% if ldp.discovery.hello_ipv6_holdtime is defined %} +{% endif %} +{% if ldp.discovery.hello_ipv6_holdtime is vyos_defined %} discovery hello holdtime {{ ldp.discovery.hello_ipv6_holdtime }} -{% endif %} -{% if ldp.discovery.hello_ipv6_interval is defined %} +{% endif %} +{% if ldp.discovery.hello_ipv6_interval is vyos_defined %} discovery hello interval {{ ldp.discovery.hello_ipv6_interval }} -{% endif %} -{% if ldp.discovery.session_ipv6_holdtime is defined %} +{% endif %} +{% if ldp.discovery.session_ipv6_holdtime is vyos_defined %} session holdtime {{ ldp.discovery.session_ipv6_holdtime }} -{% endif %} -{% if ldp.import is defined %} -{% if ldp.import.ipv6 is defined %} -{% if ldp.import.ipv6.import_filter is defined %} -{% if ldp.import.ipv6.import_filter.filter_access_list6 is defined %} -{% if ldp.import.ipv6.import_filter.neighbor_access_list6 is defined %} +{% endif %} +{% if ldp.import.ipv6.import_filter.filter_access_list6 is vyos_defined %} +{% if ldp.import.ipv6.import_filter.neighbor_access_list6 is vyos_defined %} label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }} from {{ ldp.import.ipv6.import_filter.neighbor_access_list6 }} -{% else %} +{% else %} label remote accept for {{ ldp.import.ipv6.import_filter.filter_access_list6 }} -{% endif %} -{% endif %} -{% endif %} -{% endif %} -{% endif %} -{% if ldp.export is defined %} -{% if ldp.export.ipv6 is defined %} -{% if ldp.export.ipv6.explicit_null is defined %} +{% endif %} +{% endif %} +{% if ldp.export.ipv6.explicit_null is vyos_defined %} label local advertise explicit-null -{% endif %} -{% if ldp.export.ipv6.export_filter is defined %} -{% if ldp.export.ipv6.export_filter.filter_access_list6 is defined %} -{% if ldp.export.ipv6.export_filter.neighbor_access_list6 is defined %} +{% endif %} +{% if ldp.export.ipv6.export_filter.filter_access_list6 is vyos_defined %} +{% if ldp.export.ipv6.export_filter.neighbor_access_list6 is vyos_defined %} label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }} to {{ ldp.export.ipv6.export_filter.neighbor_access_list6 }} -{% else %} +{% else %} label local advertise for {{ ldp.export.ipv6.export_filter.filter_access_list6 }} -{% endif %} -{% endif %} -{% endif %} -{% endif %} -{% endif %} -{% if ldp.targeted_neighbor is defined %} -{% if ldp.targeted_neighbor.ipv6.enable is defined %} +{% endif %} +{% endif %} +{% if ldp.targeted_neighbor is vyos_defined %} +{% if ldp.targeted_neighbor.ipv6.enable is vyos_defined %} discovery targeted-hello accept -{% endif %} -{% if ldp.targeted_neighbor.ipv6.hello_holdtime is defined %} +{% endif %} +{% if ldp.targeted_neighbor.ipv6.hello_holdtime is vyos_defined %} discovery targeted-hello holdtime {{ ldp.targeted_neighbor.ipv6.hello_holdtime }} -{% endif %} -{% if ldp.targeted_neighbor.ipv6.hello_interval is defined %} +{% endif %} +{% if ldp.targeted_neighbor.ipv6.hello_interval is vyos_defined %} discovery targeted-hello interval {{ ldp.targeted_neighbor.ipv6.hello_interval }} -{% endif %} -{% for addresses in ldp.targeted_neighbor.ipv6.address %} - neighbor {{addresses}} targeted -{% endfor %} -{% endif %} -{% for interfaces in ldp.interface %} - interface {{interfaces}} -{% endfor %} +{% endif %} +{% for addresses in ldp.targeted_neighbor.ipv6.address %} + neighbor {{ addresses }} targeted +{% endfor %} +{% endif %} +{% if ldp.interface is vyos_defined %} +{% for interface in ldp.interface %} + interface {{ interface }} +{% endfor %} +{% endif %} exit-address-family -{% else %} +{% else %} no address-family ipv6 -{% endif %} +{% endif %} ! -{% endif %} exit {% endif %} ! diff --git a/data/templates/frr/ospf6d.frr.tmpl b/data/templates/frr/ospf6d.frr.tmpl index 8279e5abb..325f05213 100644 --- a/data/templates/frr/ospf6d.frr.tmpl +++ b/data/templates/frr/ospf6d.frr.tmpl @@ -1,47 +1,47 @@ ! -{% if interface is defined and interface is not none %} +{% if interface is vyos_defined %} {% for iface, iface_config in interface.items() %} -interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} -{% if iface_config.area is defined and iface_config.area is not none %} +interface {{ iface }} +{% if iface_config.area is vyos_defined %} ipv6 ospf6 area {{ iface_config.area }} {% endif %} -{% if iface_config.cost is defined and iface_config.cost is not none %} +{% if iface_config.cost is vyos_defined %} ipv6 ospf6 cost {{ iface_config.cost }} {% endif %} -{% if iface_config.priority is defined and iface_config.priority is not none %} +{% if iface_config.priority is vyos_defined %} ipv6 ospf6 priority {{ iface_config.priority }} {% endif %} -{% if iface_config.hello_interval is defined and iface_config.hello_interval is not none %} +{% if iface_config.hello_interval is vyos_defined %} ipv6 ospf6 hello-interval {{ iface_config.hello_interval }} {% endif %} -{% if iface_config.retransmit_interval is defined and iface_config.retransmit_interval is not none %} +{% if iface_config.retransmit_interval is vyos_defined %} ipv6 ospf6 retransmit-interval {{ iface_config.retransmit_interval }} {% endif %} -{% if iface_config.transmit_delay is defined and iface_config.transmit_delay is not none %} +{% if iface_config.transmit_delay is vyos_defined %} ipv6 ospf6 transmit-delay {{ iface_config.transmit_delay }} {% endif %} -{% if iface_config.dead_interval is defined and iface_config.dead_interval is not none %} +{% if iface_config.dead_interval is vyos_defined %} ipv6 ospf6 dead-interval {{ iface_config.dead_interval }} {% endif %} -{% if iface_config.bfd is defined %} +{% if iface_config.bfd is vyos_defined %} ipv6 ospf6 bfd -{% if iface_config.bfd.profile is defined and iface_config.bfd.profile is not none %} +{% endif %} +{% if iface_config.bfd.profile is vyos_defined %} ipv6 ospf6 bfd profile {{ iface_config.bfd.profile }} -{% endif %} {% endif %} -{% if iface_config.mtu_ignore is defined %} +{% if iface_config.mtu_ignore is vyos_defined %} ipv6 ospf6 mtu-ignore {% endif %} -{% if iface_config.ifmtu is defined and iface_config.ifmtu is not none %} +{% if iface_config.ifmtu is vyos_defined %} ipv6 ospf6 ifmtu {{ iface_config.ifmtu }} {% endif %} -{% if iface_config.network is defined and iface_config.network is not none %} +{% if iface_config.network is vyos_defined %} ipv6 ospf6 network {{ iface_config.network }} {% endif %} -{% if iface_config.instance_id is defined and iface_config.instance_id is not none %} +{% if iface_config.instance_id is vyos_defined %} ipv6 ospf6 instance-id {{ iface_config.instance_id }} {% endif %} -{% if iface_config.passive is defined %} +{% if iface_config.passive is vyos_defined %} ipv6 ospf6 passive {% endif %} exit @@ -49,50 +49,46 @@ exit {% endfor %} {% endif %} ! -router ospf6 {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} -{% if area is defined and area is not none %} +router ospf6 {{ 'vrf ' ~ vrf if vrf is vyos_defined }} +{% if area is vyos_defined %} {% for area_id, area_config in area.items() %} -{% if area_config.area_type is defined and area_config.area_type is not none %} +{% if area_config.area_type is vyos_defined %} {% for type, type_config in area_config.area_type.items() %} - area {{ area_id }} {{ type }} {{ 'default-information-originate' if type_config.default_information_originate is defined }} {{ 'no-summary' if type_config.no_summary is defined }} + area {{ area_id }} {{ type }} {{ 'default-information-originate' if type_config.default_information_originate is vyos_defined }} {{ 'no-summary' if type_config.no_summary is vyos_defined }} {% endfor %} {% endif %} -{% if area_config.range is defined and area_config.range is not none %} +{% if area_config.range is vyos_defined %} {% for prefix, prefix_config in area_config.range.items() %} - area {{ area_id }} range {{ prefix }} {{ 'advertise' if prefix_config.advertise is defined }} {{ 'not-advertise' if prefix_config.not_advertise is defined }} + area {{ area_id }} range {{ prefix }} {{ 'advertise' if prefix_config.advertise is vyos_defined }} {{ 'not-advertise' if prefix_config.not_advertise is vyos_defined }} {% endfor %} {% endif %} -{% if area_config.export_list is defined and area_config.export_list is not none %} +{% if area_config.export_list is vyos_defined %} area {{ area_id }} export-list {{ area_config.export_list }} {% endif %} -{% if area_config.import_list is defined and area_config.import_list is not none %} +{% if area_config.import_list is vyos_defined %} area {{ area_id }} import-list {{ area_config.import_list }} {% endif %} {% endfor %} {% endif %} auto-cost reference-bandwidth {{ auto_cost.reference_bandwidth }} -{% if default_information is defined and default_information.originate is defined and default_information.originate is not none %} - default-information originate {{ 'always' if default_information.originate.always is defined }} {{ 'metric ' + default_information.originate.metric if default_information.originate.metric is defined }} {{ 'metric-type ' + default_information.originate.metric_type if default_information.originate.metric_type is defined }} {{ 'route-map ' + default_information.originate.route_map if default_information.originate.route_map is defined }} +{% if default_information.originate is vyos_defined %} + default-information originate {{ 'always' if default_information.originate.always is vyos_defined }} {{ 'metric ' + default_information.originate.metric if default_information.originate.metric is vyos_defined }} {{ 'metric-type ' + default_information.originate.metric_type if default_information.originate.metric_type is vyos_defined }} {{ 'route-map ' + default_information.originate.route_map if default_information.originate.route_map is vyos_defined }} {% endif %} -{% if distance is defined and distance is not none %} -{% if distance.global is defined and distance.global is not none %} +{% if distance.global is vyos_defined %} distance {{ distance.global }} -{% endif %} -{% if distance.ospfv3 is defined and distance.ospfv3 is not none %} - distance ospf6 {{ 'intra-area ' + distance.ospfv3.intra_area if distance.ospfv3.intra_area is defined }} {{ 'inter-area ' + distance.ospfv3.inter_area if distance.ospfv3.inter_area is defined }} {{ 'external ' + distance.ospfv3.external if distance.ospfv3.external is defined }} -{% endif %} {% endif %} -{% if log_adjacency_changes is defined %} - log-adjacency-changes {{ "detail" if log_adjacency_changes.detail is defined }} +{% if distance.ospfv3 is vyos_defined %} + distance ospf6 {{ 'intra-area ' + distance.ospfv3.intra_area if distance.ospfv3.intra_area is vyos_defined }} {{ 'inter-area ' + distance.ospfv3.inter_area if distance.ospfv3.inter_area is vyos_defined }} {{ 'external ' + distance.ospfv3.external if distance.ospfv3.external is vyos_defined }} +{% endif %} +{% if log_adjacency_changes is vyos_defined %} + log-adjacency-changes {{ "detail" if log_adjacency_changes.detail is vyos_defined }} {% endif %} -{% if parameters is defined and parameters is not none %} -{% if parameters.router_id is defined and parameters.router_id is not none %} +{% if parameters.router_id is vyos_defined %} ospf6 router-id {{ parameters.router_id }} -{% endif %} {% endif %} -{% if redistribute is defined and redistribute is not none %} +{% if redistribute is vyos_defined %} {% for protocol, options in redistribute.items() %} - redistribute {{ protocol }} {{ 'route-map ' + options.route_map if options.route_map is defined }} + redistribute {{ protocol }} {{ 'route-map ' + options.route_map if options.route_map is vyos_defined }} {% endfor %} {% endif %} exit diff --git a/data/templates/frr/ospfd.frr.tmpl b/data/templates/frr/ospfd.frr.tmpl index af66baf53..7c6738181 100644 --- a/data/templates/frr/ospfd.frr.tmpl +++ b/data/templates/frr/ospfd.frr.tmpl @@ -1,115 +1,117 @@ ! -{% if interface is defined and interface is not none %} +{% if interface is vyos_defined %} {% for iface, iface_config in interface.items() %} -interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} -{% if iface_config.authentication is defined and iface_config.authentication is not none %} -{% if iface_config.authentication.plaintext_password is defined and iface_config.authentication.plaintext_password is not none %} +interface {{ iface }} +{% if iface_config.authentication.plaintext_password is vyos_defined %} ip ospf authentication-key {{ iface_config.authentication.plaintext_password }} -{% elif iface_config.authentication.md5 is defined %} +{% elif iface_config.authentication.md5 is vyos_defined %} ip ospf authentication message-digest -{% if iface_config.authentication.md5.key_id is defined and iface_config.authentication.md5.key_id is not none %} -{% for key, key_config in iface_config.authentication.md5.key_id.items() %} +{% if iface_config.authentication.md5.key_id is vyos_defined %} +{% for key, key_config in iface_config.authentication.md5.key_id.items() %} ip ospf message-digest-key {{ key }} md5 {{ key_config.md5_key }} -{% endfor %} -{% endif %} +{% endfor %} {% endif %} {% endif %} -{% if iface_config.area is defined and iface_config.area is not none %} +{% if iface_config.area is vyos_defined %} ip ospf area {{ iface_config.area }} {% endif %} -{% if iface_config.bandwidth is defined and iface_config.bandwidth is not none %} +{% if iface_config.bandwidth is vyos_defined %} bandwidth {{ iface_config.bandwidth }} {% endif %} -{% if iface_config.cost is defined and iface_config.cost is not none %} +{% if iface_config.cost is vyos_defined %} ip ospf cost {{ iface_config.cost }} {% endif %} -{% if iface_config.priority is defined and iface_config.priority is not none %} +{% if iface_config.priority is vyos_defined %} ip ospf priority {{ iface_config.priority }} {% endif %} -{% if iface_config.hello_interval is defined and iface_config.hello_interval is not none %} +{% if iface_config.hello_interval is vyos_defined %} ip ospf hello-interval {{ iface_config.hello_interval }} {% endif %} -{% if iface_config.retransmit_interval is defined and iface_config.retransmit_interval is not none %} +{% if iface_config.retransmit_interval is vyos_defined %} ip ospf retransmit-interval {{ iface_config.retransmit_interval }} {% endif %} -{% if iface_config.transmit_delay is defined and iface_config.transmit_delay is not none %} +{% if iface_config.transmit_delay is vyos_defined %} ip ospf transmit-delay {{ iface_config.transmit_delay }} {% endif %} -{% if iface_config.dead_interval is defined and iface_config.dead_interval is not none %} +{% if iface_config.dead_interval is vyos_defined %} ip ospf dead-interval {{ iface_config.dead_interval }} -{% elif iface_config.hello_multiplier is defined and iface_config.hello_multiplier is not none %} +{% elif iface_config.hello_multiplier is vyos_defined %} ip ospf dead-interval minimal hello-multiplier {{ iface_config.hello_multiplier }} {% endif %} -{% if iface_config.bfd is defined %} +{% if iface_config.bfd is vyos_defined %} ip ospf bfd -{% if iface_config.bfd.profile is defined and iface_config.bfd.profile is not none %} +{% endif %} +{% if iface_config.bfd.profile is vyos_defined %} ip ospf bfd profile {{ iface_config.bfd.profile }} -{% endif %} {% endif %} -{% if iface_config.mtu_ignore is defined %} +{% if iface_config.mtu_ignore is vyos_defined %} ip ospf mtu-ignore {% endif %} -{% if iface_config.network is defined and iface_config.network is not none %} +{% if iface_config.network is vyos_defined %} ip ospf network {{ iface_config.network }} {% endif %} -{% if iface_config.passive is defined %} - {{ 'no ' if iface_config.passive.disable is defined }}ip ospf passive +{% if iface_config.passive is vyos_defined %} + {{ 'no ' if iface_config.passive.disable is vyos_defined }}ip ospf passive {% endif %} exit ! {% endfor %} {% endif %} ! -router ospf {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} -{% if access_list is defined and access_list is not none %} +router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }} +{% if access_list is vyos_defined %} {% for acl, acl_config in access_list.items() %} -{% for protocol in acl_config.export if acl_config.export is defined %} +{% for protocol in acl_config.export if acl_config.export is vyos_defined %} distribute-list {{ acl }} out {{ protocol }} {% endfor %} {% endfor %} {% endif %} -{% if area is defined and area is not none %} +{% if area is vyos_defined %} {% for area_id, area_config in area.items() %} -{% if area_config.area_type is defined and area_config.area_type is not none %} +{% if area_config.area_type is vyos_defined %} {% for type, type_config in area_config.area_type.items() if type != 'normal' %} - area {{ area_id }} {{ type }} {{ 'no-summary' if type_config.no_summary is defined }} -{% if type_config.default_cost is defined and type_config.default_cost is not none %} + area {{ area_id }} {{ type }} {{ 'no-summary' if type_config.no_summary is vyos_defined }} +{% if type_config.default_cost is vyos_defined %} area {{ area_id }} default-cost {{ type_config.default_cost }} {% endif %} {% endfor %} {% endif %} -{% if area_config.authentication is defined and area_config.authentication is not none %} - area {{ area_id }} authentication {{ 'message-digest' if area_config.authentication == 'md5' }} +{% if area_config.authentication is vyos_defined %} + area {{ area_id }} authentication {{ 'message-digest' if area_config.authentication is vyos_defined('md5') }} {% endif %} -{% for network in area_config.network if area_config.network is defined %} +{% for network in area_config.network if area_config.network is vyos_defined %} network {{ network }} area {{ area_id }} {% endfor %} -{% if area_config.range is defined and area_config.range is not none %} +{% if area_config.range is vyos_defined %} {% for range, range_config in area_config.range.items() %} -{% if range_config.cost is defined and range_config.cost is not none %} +{% if range_config.cost is vyos_defined %} area {{ area_id }} range {{ range }} cost {{ range_config.cost }} {% endif %} -{% if range_config.not_advertise is defined %} +{% if range_config.not_advertise is vyos_defined %} area {{ area_id }} range {{ range }} not-advertise {% endif %} -{% if range_config.substitute is defined and range_config.substitute is not none %} +{% if range_config.substitute is vyos_defined %} area {{ area_id }} range {{ range }} substitute {{ range_config.substitute }} {% endif %} {% endfor %} {% endif %} -{% if area_config.shortcut is defined and area_config.shortcut is not none %} +{% if area_config.export_list is vyos_defined %} + area {{ area_id }} export-list {{ area_config.export_list }} +{% endif %} +{% if area_config.import_list is vyos_defined %} + area {{ area_id }} import-list {{ area_config.import_list }} +{% endif %} +{% if area_config.shortcut is vyos_defined %} area {{ area_id }} shortcut {{ area_config.shortcut }} {% endif %} -{% if area_config.virtual_link is defined and area_config.virtual_link is not none %} +{% if area_config.virtual_link is vyos_defined %} {% for link, link_config in area_config.virtual_link.items() %} -{% if link_config.authentication is defined and link_config.authentication is not none %} -{% if link_config.authentication.plaintext_password is defined and link_config.authentication.plaintext_password is not none %} +{% if link_config.authentication.plaintext_password is vyos_defined %} area {{ area_id }} virtual-link {{ link }} authentication-key {{ link_config.authentication.plaintext_password }} -{% elif link_config.authentication.md5 is defined and link_config.authentication.md5.key_id is defined and link_config.authentication.md5.key_id is not none %} -{% for key, key_config in link_config.authentication.md5.key_id.items() %} +{% elif link_config.authentication.md5.key_id is vyos_defined %} +{% for key, key_config in link_config.authentication.md5.key_id.items() %} area {{ area_id }} virtual-link {{ link }} message-digest-key {{ key }} md5 {{ key_config.md5_key }} -{% endfor %} -{% endif %} +{% endfor %} {% endif %} {# The following values are default values #} area {{ area_id }} virtual-link {{ link }} hello-interval {{ link_config.hello_interval }} retransmit-interval {{ link_config.retransmit_interval }} transmit-delay {{ link_config.transmit_delay }} dead-interval {{ link_config.dead_interval }} @@ -117,72 +119,69 @@ router ospf {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} {% endif %} {% endfor %} {% endif %} -{% if auto_cost is defined and auto_cost.reference_bandwidth is defined and auto_cost.reference_bandwidth is not none %} +{% if auto_cost.reference_bandwidth is vyos_defined %} auto-cost reference-bandwidth {{ auto_cost.reference_bandwidth }} {% endif %} -{% if default_information is defined and default_information.originate is defined and default_information.originate is not none %} - default-information originate {{ 'always' if default_information.originate.always is defined }} {{ 'metric ' + default_information.originate.metric if default_information.originate.metric is defined }} {{ 'metric-type ' + default_information.originate.metric_type if default_information.originate.metric_type is defined }} {{ 'route-map ' + default_information.originate.route_map if default_information.originate.route_map is defined }} +{% if default_information.originate is vyos_defined %} + default-information originate {{ 'always' if default_information.originate.always is vyos_defined }} {{ 'metric ' + default_information.originate.metric if default_information.originate.metric is vyos_defined }} {{ 'metric-type ' + default_information.originate.metric_type if default_information.originate.metric_type is vyos_defined }} {{ 'route-map ' + default_information.originate.route_map if default_information.originate.route_map is vyos_defined }} {% endif %} -{% if default_metric is defined and default_metric is not none %} +{% if default_metric is vyos_defined %} default-metric {{ default_metric }} {% endif %} -{% if distance is defined and distance is not none %} -{% if distance.global is defined and distance.global is not none %} +{% if maximum_paths is vyos_defined %} + maximum-paths {{ maximum_paths }} +{% endif %} +{% if distance.global is vyos_defined %} distance {{ distance.global }} -{% endif %} -{% if distance.ospf is defined and distance.ospf is not none %} - distance ospf {{ 'intra-area ' + distance.ospf.intra_area if distance.ospf.intra_area is defined }} {{ 'inter-area ' + distance.ospf.inter_area if distance.ospf.inter_area is defined }} {{ 'external ' + distance.ospf.external if distance.ospf.external is defined }} -{% endif %} {% endif %} -{% if log_adjacency_changes is defined %} - log-adjacency-changes {{ "detail" if log_adjacency_changes.detail is defined }} +{% if distance.ospf is vyos_defined %} + distance ospf {{ 'intra-area ' + distance.ospf.intra_area if distance.ospf.intra_area is vyos_defined }} {{ 'inter-area ' + distance.ospf.inter_area if distance.ospf.inter_area is vyos_defined }} {{ 'external ' + distance.ospf.external if distance.ospf.external is vyos_defined }} +{% endif %} +{% if log_adjacency_changes is vyos_defined %} + log-adjacency-changes {{ "detail" if log_adjacency_changes.detail is vyos_defined }} {% endif %} -{% if max_metric is defined and max_metric.router_lsa is defined and max_metric.router_lsa is not none %} -{% if max_metric.router_lsa.administrative is defined %} +{% if max_metric.router_lsa.administrative is vyos_defined %} max-metric router-lsa administrative -{% endif %} -{% if max_metric.router_lsa.on_shutdown is defined and max_metric.router_lsa.on_shutdown is not none %} +{% endif %} +{% if max_metric.router_lsa.on_shutdown is vyos_defined %} max-metric router-lsa on-shutdown {{ max_metric.router_lsa.on_shutdown }} -{% endif %} -{% if max_metric.router_lsa.on_startup is defined and max_metric.router_lsa.on_startup is not none %} +{% endif %} +{% if max_metric.router_lsa.on_startup is vyos_defined %} max-metric router-lsa on-startup {{ max_metric.router_lsa.on_startup }} -{% endif %} {% endif %} -{% if mpls_te is defined and mpls_te.enable is defined %} +{% if mpls_te.enable is vyos_defined %} mpls-te on mpls-te router-address {{ mpls_te.router_address }} {% endif %} -{% if neighbor is defined and neighbor is not none%} +{% if neighbor is vyos_defined %} {% for address, address_config in neighbor.items() %} - neighbor {{ address }} {{ 'priority ' + address_config.priority if address_config.priority is defined }} {{ 'poll-interval ' + address_config.poll_interval if address_config.poll_interval is defined }} + neighbor {{ address }} {{ 'priority ' + address_config.priority if address_config.priority is vyos_defined }} {{ 'poll-interval ' + address_config.poll_interval if address_config.poll_interval is vyos_defined }} {% endfor %} {% endif %} -{% if parameters is defined and parameters is not none %} -{% if parameters.abr_type is defined and parameters.abr_type is not none %} +{% if parameters.abr_type is vyos_defined %} ospf abr-type {{ parameters.abr_type }} -{% endif %} -{% if parameters.router_id is defined and parameters.router_id is not none %} +{% endif %} +{% if parameters.router_id is vyos_defined %} ospf router-id {{ parameters.router_id }} -{% endif %} {% endif %} -{% if passive_interface is defined and passive_interface.default is defined %} +{% if passive_interface.default is vyos_defined %} passive-interface default {% endif %} -{% if redistribute is defined and redistribute is not none %} +{% if redistribute is vyos_defined %} {% for protocol, protocols_options in redistribute.items() %} {% if protocol == 'table' %} {% for table, table_options in protocols_options.items() %} - redistribute {{ protocol }} {{ table }} {{ 'metric ' + table_options.metric if table_options.metric is defined }} {{ 'metric-type ' + table_options.metric_type if table_options.metric_type is defined }} {{ 'route-map ' + table_options.route_map if table_options.route_map is defined }} + redistribute {{ protocol }} {{ table }} {{ 'metric ' + table_options.metric if table_options.metric is vyos_defined }} {{ 'metric-type ' + table_options.metric_type if table_options.metric_type is vyos_defined }} {{ 'route-map ' + table_options.route_map if table_options.route_map is vyos_defined }} {% endfor %} {% else %} - redistribute {{ protocol }} {{ 'metric ' + protocols_options.metric if protocols_options.metric is defined }} {{ 'metric-type ' + protocols_options.metric_type if protocols_options.metric_type is defined }} {{ 'route-map ' + protocols_options.route_map if protocols_options.route_map is defined }} + redistribute {{ protocol }} {{ 'metric ' + protocols_options.metric if protocols_options.metric is vyos_defined }} {{ 'metric-type ' + protocols_options.metric_type if protocols_options.metric_type is vyos_defined }} {{ 'route-map ' + protocols_options.route_map if protocols_options.route_map is vyos_defined }} {% endif %} {% endfor %} {% endif %} -{% if refresh is defined and refresh.timers is defined and refresh.timers is not none %} +{% if refresh.timers is vyos_defined %} refresh timer {{ refresh.timers }} {% endif %} -{% if timers is defined and timers.throttle is defined and timers.throttle.spf is defined and timers.throttle.spf is not none %} +{% if timers.throttle.spf.delay is vyos_defined and timers.throttle.spf.initial_holdtime is vyos_defined and timers.throttle.spf.max_holdtime is vyos_defined %} {# Timer values have default values #} timers throttle spf {{ timers.throttle.spf.delay }} {{ timers.throttle.spf.initial_holdtime }} {{ timers.throttle.spf.max_holdtime }} {% endif %} diff --git a/data/templates/frr/policy.frr.tmpl b/data/templates/frr/policy.frr.tmpl index d3d3957a5..814dbf761 100644 --- a/data/templates/frr/policy.frr.tmpl +++ b/data/templates/frr/policy.frr.tmpl @@ -1,18 +1,18 @@ -{% if access_list is defined and access_list is not none %} +{% if access_list is vyos_defined %} {% for acl, acl_config in access_list.items() | natural_sort %} -{% if acl_config.description is defined and acl_config.description is not none %} +{% if acl_config.description is vyos_defined %} access-list {{ acl }} remark {{ acl_config.description }} {% endif %} -{% if acl_config.rule is defined and acl_config.rule is not none %} +{% if acl_config.rule is vyos_defined %} {% for rule, rule_config in acl_config.rule.items() | natural_sort %} {% set ip = '' %} {% set src = '' %} {% set src_mask = '' %} -{% if rule_config.source is defined and rule_config.source.any is defined %} +{% if rule_config.source.any is vyos_defined %} {% set src = 'any' %} -{% elif rule_config.source is defined and rule_config.source.host is defined and rule_config.source.host is not none %} -{% set src = 'host ' + rule_config.source.host %} -{% elif rule_config.source is defined and rule_config.source.network is defined and rule_config.source.network is not none %} +{% elif rule_config.source.host is vyos_defined %} +{% set src = 'host ' ~ rule_config.source.host %} +{% elif rule_config.source.network is vyos_defined %} {% set src = rule_config.source.network %} {% set src_mask = rule_config.source.inverse_mask %} {% endif %} @@ -21,11 +21,11 @@ access-list {{ acl }} remark {{ acl_config.description }} {% if (acl|int >= 100 and acl|int <= 199) or (acl|int >= 2000 and acl|int <= 2699) %} {% set ip = 'ip' %} {% set dst = 'any' %} -{% if rule_config.destination is defined and rule_config.destination.any is defined %} +{% if rule_config.destination.any is vyos_defined %} {% set dst = 'any' %} -{% elif rule_config.destination is defined and rule_config.destination.host is defined and rule_config.destination.host is not none %} -{% set dst = 'host ' + rule_config.destination.host %} -{% elif rule_config.destination is defined and rule_config.destination.network is defined and rule_config.destination.network is not none %} +{% elif rule_config.destination.host is vyos_defined %} +{% set dst = 'host ' ~ rule_config.destination.host %} +{% elif rule_config.destination.network is vyos_defined %} {% set dst = rule_config.destination.network %} {% set dst_mask = rule_config.destination.inverse_mask %} {% endif %} @@ -36,28 +36,28 @@ access-list {{ acl }} seq {{ rule }} {{ rule_config.action }} {{ ip }} {{ src }} {% endfor %} {% endif %} ! -{% if access_list6 is defined and access_list6 is not none %} +{% if access_list6 is vyos_defined %} {% for acl, acl_config in access_list6.items() | natural_sort %} -{% if acl_config.description is defined and acl_config.description is not none %} +{% if acl_config.description is vyos_defined %} ipv6 access-list {{ acl }} remark {{ acl_config.description }} {% endif %} -{% if acl_config.rule is defined and acl_config.rule is not none %} +{% if acl_config.rule is vyos_defined %} {% for rule, rule_config in acl_config.rule.items() | natural_sort %} {% set src = '' %} -{% if rule_config.source is defined and rule_config.source.any is defined %} +{% if rule_config.source.any is vyos_defined %} {% set src = 'any' %} -{% elif rule_config.source is defined and rule_config.source.network is defined and rule_config.source.network is not none %} +{% elif rule_config.source.network is vyos_defined %} {% set src = rule_config.source.network %} {% endif %} -ipv6 access-list {{ acl }} seq {{ rule }} {{ rule_config.action }} {{ src }} {{ 'exact-match' if rule_config.source.exact_match is defined }} +ipv6 access-list {{ acl }} seq {{ rule }} {{ rule_config.action }} {{ src }} {{ 'exact-match' if rule_config.source.exact_match is vyos_defined }} {% endfor %} {% endif %} {% endfor %} {% endif %} ! -{% if as_path_list is defined and as_path_list is not none %} +{% if as_path_list is vyos_defined %} {% for acl, acl_config in as_path_list.items() | natural_sort %} -{% if acl_config.rule is defined and acl_config.rule is not none %} +{% if acl_config.rule is vyos_defined %} {% for rule, rule_config in acl_config.rule.items() | natural_sort %} bgp as-path access-list {{ acl }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.regex }} {% endfor %} @@ -65,9 +65,9 @@ bgp as-path access-list {{ acl }} seq {{ rule }} {{ rule_config.action }} {{ rul {% endfor %} {% endif %} ! -{% if community_list is defined and community_list is not none %} +{% if community_list is vyos_defined %} {% for list, list_config in community_list.items() | natural_sort %} -{% if list_config.rule is defined and list_config.rule is not none %} +{% if list_config.rule is vyos_defined %} {% for rule, rule_config in list_config.rule.items() | natural_sort %} {# by default, if casting to int fails it returns 0 #} {% if list|int != 0 %} @@ -80,9 +80,9 @@ bgp community-list expanded {{ list }} seq {{ rule }} {{ rule_config.action }} { {% endfor %} {% endif %} ! -{% if extcommunity_list is defined and extcommunity_list is not none %} +{% if extcommunity_list is vyos_defined %} {% for list, list_config in extcommunity_list.items() | natural_sort %} -{% if list_config.rule is defined and list_config.rule is not none %} +{% if list_config.rule is vyos_defined %} {% for rule, rule_config in list_config.rule.items() | natural_sort %} {# by default, if casting to int fails it returns 0 #} {% if list|int != 0 %} @@ -95,9 +95,9 @@ bgp extcommunity-list expanded {{ list }} seq {{ rule }} {{ rule_config.action } {% endfor %} {% endif %} ! -{% if large_community_list is defined and large_community_list is not none %} +{% if large_community_list is vyos_defined %} {% for list, list_config in large_community_list.items() | natural_sort %} -{% if list_config.rule is defined and list_config.rule is not none %} +{% if list_config.rule is vyos_defined %} {% for rule, rule_config in list_config.rule.items() | natural_sort %} {# by default, if casting to int fails it returns 0 #} {% if list|int != 0 %} @@ -110,206 +110,207 @@ bgp large-community-list expanded {{ list }} seq {{ rule }} {{ rule_config.actio {% endfor %} {% endif %} ! -{% if prefix_list is defined and prefix_list is not none %} +{% if prefix_list is vyos_defined %} {% for prefix_list, prefix_list_config in prefix_list.items() | natural_sort %} -{% if prefix_list_config.description is defined and prefix_list_config.description is not none %} +{% if prefix_list_config.description is vyos_defined %} ip prefix-list {{ prefix_list }} description {{ prefix_list_config.description }} {% endif %} -{% if prefix_list_config.rule is defined and prefix_list_config.rule is not none %} +{% if prefix_list_config.rule is vyos_defined %} {% for rule, rule_config in prefix_list_config.rule.items() | natural_sort %} -{% if rule_config.prefix is defined and rule_config.prefix is not none %} -ip prefix-list {{ prefix_list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.prefix }} {{ 'ge ' + rule_config.ge if rule_config.ge is defined }} {{ 'le ' + rule_config.le if rule_config.le is defined }} +{% if rule_config.prefix is vyos_defined %} +ip prefix-list {{ prefix_list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.prefix }} {{ 'ge ' ~ rule_config.ge if rule_config.ge is vyos_defined }} {{ 'le ' ~ rule_config.le if rule_config.le is vyos_defined }} {% endif %} {% endfor %} {% endif %} {% endfor %} {% endif %} ! -{% if prefix_list6 is defined and prefix_list6 is not none %} +{% if prefix_list6 is vyos_defined %} {% for prefix_list, prefix_list_config in prefix_list6.items() | natural_sort %} -{% if prefix_list_config.description is defined and prefix_list_config.description is not none %} +{% if prefix_list_config.description is vyos_defined %} ipv6 prefix-list {{ prefix_list }} description {{ prefix_list_config.description }} {% endif %} -{% if prefix_list_config.rule is defined and prefix_list_config.rule is not none %} +{% if prefix_list_config.rule is vyos_defined %} {% for rule, rule_config in prefix_list_config.rule.items() | natural_sort %} -{% if rule_config.prefix is defined and rule_config.prefix is not none %} -ipv6 prefix-list {{ prefix_list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.prefix }} {{ 'ge ' + rule_config.ge if rule_config.ge is defined }} {{ 'le ' + rule_config.le if rule_config.le is defined }} +{% if rule_config.prefix is vyos_defined %} +ipv6 prefix-list {{ prefix_list }} seq {{ rule }} {{ rule_config.action }} {{ rule_config.prefix }} {{ 'ge ' ~ rule_config.ge if rule_config.ge is vyos_defined }} {{ 'le ' ~ rule_config.le if rule_config.le is vyos_defined }} {% endif %} {% endfor %} {% endif %} {% endfor %} {% endif %} ! -{% if route_map is defined and route_map is not none %} +{% if route_map is vyos_defined %} {% for route_map, route_map_config in route_map.items() | natural_sort %} -{% if route_map_config.rule is defined and route_map_config.rule is not none %} +{% if route_map_config.rule is vyos_defined %} {% for rule, rule_config in route_map_config.rule.items() | natural_sort %} route-map {{ route_map }} {{ rule_config.action }} {{ rule }} -{% if rule_config.call is defined and rule_config.call is not none %} +{% if rule_config.call is vyos_defined %} call {{ rule_config.call }} {% endif %} -{% if rule_config.continue is defined and rule_config.continue is not none %} +{% if rule_config.continue is vyos_defined %} on-match goto {{ rule_config.continue }} {% endif %} -{% if rule_config.description is defined and rule_config.description is not none %} +{% if rule_config.description is vyos_defined %} description {{ rule_config.description }} {% endif %} -{% if rule_config.match is defined and rule_config.match is not none %} -{% if rule_config.match.as_path is defined and rule_config.match.as_path is not none %} +{% if rule_config.match is vyos_defined %} +{% if rule_config.match.as_path is vyos_defined %} match as-path {{ rule_config.match.as_path }} {% endif %} -{% if rule_config.match.community is defined and rule_config.match.community.community_list is defined and rule_config.match.community.community_list is not none %} - match community {{ rule_config.match.community.community_list }} {{ 'exact-match' if rule_config.match.community.exact_match is defined }} +{% if rule_config.match.community.community_list is vyos_defined %} + match community {{ rule_config.match.community.community_list }} {{ 'exact-match' if rule_config.match.community.exact_match is vyos_defined }} {% endif %} -{% if rule_config.match.extcommunity is defined and rule_config.match.extcommunity is not none %} +{% if rule_config.match.extcommunity is vyos_defined %} match extcommunity {{ rule_config.match.extcommunity }} {% endif %} -{% if rule_config.match.evpn is defined and rule_config.match.evpn.default_route is defined %} +{% if rule_config.match.evpn.default_route is vyos_defined %} match evpn default-route {% endif %} -{% if rule_config.match.evpn is defined and rule_config.match.evpn.rd is defined and rule_config.match.evpn.rd is not none %} +{% if rule_config.match.evpn.rd is vyos_defined %} match evpn rd {{ rule_config.match.evpn.rd }} {% endif %} -{% if rule_config.match.evpn is defined and rule_config.match.evpn.route_type is defined and rule_config.match.evpn.route_type is not none %} +{% if rule_config.match.evpn.route_type is vyos_defined %} match evpn route-type {{ rule_config.match.evpn.route_type }} {% endif %} -{% if rule_config.match.evpn is defined and rule_config.match.evpn.vni is defined and rule_config.match.evpn.vni is not none %} +{% if rule_config.match.evpn.vni is vyos_defined %} match evpn vni {{ rule_config.match.evpn.vni }} {% endif %} -{% if rule_config.match.interface is defined and rule_config.match.interface is not none %} +{% if rule_config.match.interface is vyos_defined %} match interface {{ rule_config.match.interface }} {% endif %} -{% if rule_config.match.ip is defined and rule_config.match.ip.address is defined and rule_config.match.ip.address.access_list is defined and rule_config.match.ip.address.access_list is not none %} +{% if rule_config.match.ip.address.access_list is vyos_defined %} match ip address {{ rule_config.match.ip.address.access_list }} {% endif %} -{% if rule_config.match.ip is defined and rule_config.match.ip.address is defined and rule_config.match.ip.address.prefix_list is defined and rule_config.match.ip.address.prefix_list is not none %} +{% if rule_config.match.ip.address.prefix_list is vyos_defined %} match ip address prefix-list {{ rule_config.match.ip.address.prefix_list }} {% endif %} -{% if rule_config.match.ip is defined and rule_config.match.ip.nexthop is defined and rule_config.match.ip.nexthop.access_list is defined and rule_config.match.ip.nexthop.access_list is not none %} +{% if rule_config.match.ip.nexthop.access_list is vyos_defined %} match ip next-hop {{ rule_config.match.ip.nexthop.access_list }} {% endif %} -{% if rule_config.match.ip is defined and rule_config.match.ip.nexthop is defined and rule_config.match.ip.nexthop.prefix_list is defined and rule_config.match.ip.nexthop.prefix_list is not none %} +{% if rule_config.match.ip.nexthop.prefix_list is vyos_defined %} match ip next-hop prefix-list {{ rule_config.match.ip.nexthop.prefix_list }} {% endif %} -{% if rule_config.match.ip is defined and rule_config.match.ip.route_source is defined and rule_config.match.ip.route_source.access_list is defined and rule_config.match.ip.route_source.access_list is not none %} +{% if rule_config.match.ip.route_source.access_list is vyos_defined %} match ip route-source {{ rule_config.match.ip.route_source.access_list }} {% endif %} -{% if rule_config.match.ip is defined and rule_config.match.ip.route_source is defined and rule_config.match.ip.route_source.prefix_list is defined and rule_config.match.ip.route_source.prefix_list is not none %} +{% if rule_config.match.ip.route_source.prefix_list is vyos_defined %} match ip route-source prefix-list {{ rule_config.match.ip.route_source.prefix_list }} {% endif %} -{% if rule_config.match.ipv6 is defined and rule_config.match.ipv6.address is defined and rule_config.match.ipv6.address.access_list is defined and rule_config.match.ipv6.address.access_list is not none %} +{% if rule_config.match.ipv6.address.access_list is vyos_defined %} match ipv6 address {{ rule_config.match.ipv6.address.access_list }} {% endif %} -{% if rule_config.match.ipv6 is defined and rule_config.match.ipv6.address is defined and rule_config.match.ipv6.address.prefix_list is defined and rule_config.match.ipv6.address.prefix_list is not none %} +{% if rule_config.match.ipv6.address.prefix_list is vyos_defined %} match ipv6 address prefix-list {{ rule_config.match.ipv6.address.prefix_list }} {% endif %} -{% if rule_config.match.ipv6 is defined and rule_config.match.ipv6.nexthop is defined and rule_config.match.ipv6.nexthop is not none %} - match ipv6 next-hop {{ rule_config.match.ipv6.nexthop }} +{% if rule_config.match.ipv6.nexthop is vyos_defined %} + match ipv6 next-hop address {{ rule_config.match.ipv6.nexthop }} {% endif %} -{% if rule_config.match.large_community is defined and rule_config.match.large_community.large_community_list is defined and rule_config.match.large_community.large_community_list is not none %} +{% if rule_config.match.large_community.large_community_list is vyos_defined %} match large-community {{ rule_config.match.large_community.large_community_list }} {% endif %} -{% if rule_config.match.local_preference is defined and rule_config.match.local_preference is not none %} +{% if rule_config.match.local_preference is vyos_defined %} match local-preference {{ rule_config.match.local_preference }} {% endif %} -{% if rule_config.match.metric is defined and rule_config.match.metric is not none %} +{% if rule_config.match.metric is vyos_defined %} match metric {{ rule_config.match.metric }} {% endif %} -{% if rule_config.match.origin is defined and rule_config.match.origin is not none %} +{% if rule_config.match.origin is vyos_defined %} match origin {{ rule_config.match.origin }} {% endif %} -{% if rule_config.match.peer is defined and rule_config.match.peer is not none %} +{% if rule_config.match.peer is vyos_defined %} match peer {{ rule_config.match.peer }} {% endif %} -{% if rule_config.match.rpki is defined and rule_config.match.rpki is not none %} +{% if rule_config.match.rpki is vyos_defined %} match rpki {{ rule_config.match.rpki }} {% endif %} -{% if rule_config.match.tag is defined and rule_config.match.tag is not none %} +{% if rule_config.match.tag is vyos_defined %} match tag {{ rule_config.match.tag }} {% endif %} {% endif %} -{% if rule_config.on_match is defined and rule_config.on_match is not none %} -{% if rule_config.on_match.next is defined %} +{% if rule_config.on_match.next is vyos_defined %} on-match next -{% endif %} -{% if rule_config.on_match.goto is defined and rule_config.on_match.goto is not none %} +{% endif %} +{% if rule_config.on_match.goto is vyos_defined %} on-match goto {{ rule_config.on_match.goto }} -{% endif %} {% endif %} -{% if rule_config.set is defined and rule_config.set is not none %} -{% if rule_config.set.aggregator is defined and rule_config.set.aggregator.as is defined and rule_config.set.aggregator.ip is defined %} +{% if rule_config.set is vyos_defined %} +{% if rule_config.set.aggregator.as is vyos_defined and rule_config.set.aggregator.ip is vyos_defined %} set aggregator as {{ rule_config.set.aggregator.as }} {{ rule_config.set.aggregator.ip }} {% endif %} -{% if rule_config.set.as_path_exclude is defined and rule_config.set.as_path_exclude is not none %} +{% if rule_config.set.as_path_exclude is vyos_defined %} set as-path exclude {{ rule_config.set.as_path_exclude }} {% endif %} -{% if rule_config.set.as_path_prepend is defined and rule_config.set.as_path_prepend is not none %} +{% if rule_config.set.as_path_prepend is vyos_defined %} set as-path prepend {{ rule_config.set.as_path_prepend }} {% endif %} -{% if rule_config.set.atomic_aggregate is defined %} +{% if rule_config.set.atomic_aggregate is vyos_defined %} set atomic-aggregate {% endif %} -{% if rule_config.set.comm_list is defined and rule_config.set.comm_list.comm_list is defined and rule_config.set.comm_list.comm_list is not none %} - set comm-list {{ rule_config.set.comm_list.comm_list }} {{ 'delete' if rule_config.set.comm_list.delete is defined }} +{% if rule_config.set.comm_list.comm_list is vyos_defined %} + set comm-list {{ rule_config.set.comm_list.comm_list }} {{ 'delete' if rule_config.set.comm_list.delete is vyos_defined }} {% endif %} -{% if rule_config.set.community is defined and rule_config.set.community is not none %} +{% if rule_config.set.community is vyos_defined %} set community {{ rule_config.set.community }} {% endif %} -{% if rule_config.set.distance is defined and rule_config.set.distance is not none %} +{% if rule_config.set.distance is vyos_defined %} set distance {{ rule_config.set.distance }} {% endif %} -{% if rule_config.set.extcommunity is defined and rule_config.set.extcommunity.bandwidth is defined and rule_config.set.extcommunity.bandwidth is not none %} +{% if rule_config.set.extcommunity.bandwidth is vyos_defined %} set extcommunity bandwidth {{ rule_config.set.extcommunity.bandwidth }} {% endif %} -{% if rule_config.set.extcommunity is defined and rule_config.set.extcommunity.rt is defined and rule_config.set.extcommunity.rt is not none %} +{% if rule_config.set.extcommunity.rt is vyos_defined %} set extcommunity rt {{ rule_config.set.extcommunity.rt }} {% endif %} -{% if rule_config.set.extcommunity is defined and rule_config.set.extcommunity.soo is defined and rule_config.set.extcommunity.soo is not none %} +{% if rule_config.set.extcommunity.soo is vyos_defined %} set extcommunity soo {{ rule_config.set.extcommunity.soo }} {% endif %} -{% if rule_config.set.ip_next_hop is defined and rule_config.set.ip_next_hop is not none %} +{% if rule_config.set.ip_next_hop is vyos_defined %} set ip next-hop {{ rule_config.set.ip_next_hop }} {% endif %} -{% if rule_config.set.ipv6_next_hop is defined and rule_config.set.ipv6_next_hop.global is defined and rule_config.set.ipv6_next_hop.global is not none %} +{% if rule_config.set.ipv6_next_hop.global is vyos_defined %} set ipv6 next-hop global {{ rule_config.set.ipv6_next_hop.global }} {% endif %} -{% if rule_config.set.ipv6_next_hop is defined and rule_config.set.ipv6_next_hop.local is defined and rule_config.set.ipv6_next_hop.local is not none %} +{% if rule_config.set.ipv6_next_hop.local is vyos_defined %} set ipv6 next-hop local {{ rule_config.set.ipv6_next_hop.local }} {% endif %} -{% if rule_config.set.ipv6_next_hop is defined and rule_config.set.ipv6_next_hop.prefer_global is defined %} +{% if rule_config.set.ipv6_next_hop.peer_address is vyos_defined %} + set ipv6 next-hop peer-address +{% endif %} +{% if rule_config.set.ipv6_next_hop.prefer_global is vyos_defined %} set ipv6 next-hop prefer-global {% endif %} -{% if rule_config.set.large_community is defined and rule_config.set.large_community is not none %} +{% if rule_config.set.large_community is vyos_defined %} set large-community {{ rule_config.set.large_community }} {% endif %} -{% if rule_config.set.large_comm_list_delete is defined and rule_config.set.large_comm_list_delete is not none %} +{% if rule_config.set.large_comm_list_delete is vyos_defined %} set large-comm-list {{ rule_config.set.large_comm_list_delete }} delete {% endif %} -{% if rule_config.set.local_preference is defined and rule_config.set.local_preference is not none %} +{% if rule_config.set.local_preference is vyos_defined %} set local-preference {{ rule_config.set.local_preference }} {% endif %} -{% if rule_config.set.metric is defined and rule_config.set.metric is not none %} +{% if rule_config.set.metric is vyos_defined %} set metric {{ rule_config.set.metric }} {% endif %} -{% if rule_config.set.metric_type is defined and rule_config.set.metric_type is not none %} +{% if rule_config.set.metric_type is vyos_defined %} set metric-type {{ rule_config.set.metric_type }} {% endif %} -{% if rule_config.set.origin is defined and rule_config.set.origin is not none %} +{% if rule_config.set.origin is vyos_defined %} set origin {{ rule_config.set.origin }} {% endif %} -{% if rule_config.set.originator_id is defined and rule_config.set.originator_id is not none %} +{% if rule_config.set.originator_id is vyos_defined %} set originator-id {{ rule_config.set.originator_id }} {% endif %} -{% if rule_config.set.src is defined and rule_config.set.src is not none %} +{% if rule_config.set.src is vyos_defined %} set src {{ rule_config.set.src }} {% endif %} -{% if rule_config.set.table is defined and rule_config.set.table is not none %} +{% if rule_config.set.table is vyos_defined %} set table {{ rule_config.set.table }} {% endif %} -{% if rule_config.set.tag is defined and rule_config.set.tag is not none %} +{% if rule_config.set.tag is vyos_defined %} set tag {{ rule_config.set.tag }} {% endif %} -{% if rule_config.set.weight is defined and rule_config.set.weight is not none %} +{% if rule_config.set.weight is vyos_defined %} set weight {{ rule_config.set.weight }} {% endif %} {% endif %} diff --git a/data/templates/frr/rip_ripng.frr.j2 b/data/templates/frr/rip_ripng.frr.j2 index de180ee6b..3732371b2 100644 --- a/data/templates/frr/rip_ripng.frr.j2 +++ b/data/templates/frr/rip_ripng.frr.j2 @@ -1,36 +1,36 @@ -{% if default_information is defined and default_information.originate is defined %} +{% if default_information is vyos_defined %} default-information originate {% endif %} -{% if default_metric is defined and default_metric is not none %} +{% if default_metric is vyos_defined %} default-metric {{ default_metric }} {% endif %} -{% if passive_interface is defined and passive_interface is not none %} +{% if passive_interface is vyos_defined %} {% for interface in passive_interface %} passive-interface {{ interface }} {% endfor %} {% endif %} -{% if network is defined and network is not none %} +{% if network is vyos_defined %} {% for prefix in network %} network {{ prefix }} {% endfor %} {% endif %} -{% if interface is defined and interface is not none %} +{% if interface is vyos_defined %} {% for ifname in interface %} network {{ ifname }} {% endfor %} {% endif %} -{% if route is defined and route is not none %} +{% if route is vyos_defined %} {% for prefix in route %} route {{ prefix }} {% endfor %} {% endif %} {# timers have default values #} timers basic {{ timers['update'] }} {{ timers.timeout }} {{ timers.garbage_collection }} -{% if redistribute is defined and redistribute is not none %} +{% if redistribute is vyos_defined %} {% for protocol, protocol_config in redistribute.items() %} -{% if protocol == 'ospfv3' %} +{% if protocol is vyos_defined('ospfv3') %} {% set protocol = 'ospf6' %} {% endif %} - redistribute {{ protocol }} {{ 'metric ' + protocol_config.metric if protocol_config.metric is defined }} {{ 'route-map ' + protocol_config.route_map if protocol_config.route_map is defined }} + redistribute {{ protocol }} {{ 'metric ' ~ protocol_config.metric if protocol_config.metric is vyos_defined }} {{ 'route-map ' ~ protocol_config.route_map if protocol_config.route_map is vyos_defined }} {% endfor %} {% endif %} diff --git a/data/templates/frr/ripd.frr.tmpl b/data/templates/frr/ripd.frr.tmpl index c44bb6d27..2dbb93052 100644 --- a/data/templates/frr/ripd.frr.tmpl +++ b/data/templates/frr/ripd.frr.tmpl @@ -1,11 +1,11 @@ {# RIP key-chain definition #} -{% if interface is defined and interface is not none %} +{% if interface is vyos_defined %} {% for iface, iface_config in interface.items() %} -{% if iface_config.authentication is defined and iface_config.authentication.md5 is defined and iface_config.authentication.md5 is not none %} +{% if iface_config.authentication.md5 is vyos_defined %} key chain {{ iface }}-rip {% for key_id, key_options in iface_config.authentication.md5.items() %} key {{ key_id }} -{% if key_options.password is defined and key_options.password is not none %} +{% if key_options.password is vyos_defined %} key-string {{ key_options.password }} {% endif %} exit @@ -16,20 +16,20 @@ exit {% endif %} ! {# Interface specific configuration #} -{% if interface is defined and interface is not none %} +{% if interface is vyos_defined %} {% for iface, iface_config in interface.items() %} interface {{ iface }} -{% if iface_config.authentication is defined and iface_config.authentication.plaintext_password is defined and iface_config.authentication.plaintext_password is not none %} +{% if iface_config.authentication.plaintext_password is vyos_defined %} ip rip authentication mode text ip rip authentication string {{ iface_config.authentication.plaintext_password }} -{% elif iface_config.authentication is defined and iface_config.authentication.md5 is defined and iface_config.authentication.md5 is not none %} +{% elif iface_config.authentication.md5 is vyos_defined %} ip rip authentication key-chain {{ iface }}-rip ip rip authentication mode md5 {% endif %} -{% if iface_config.split_horizon is defined and iface_config.split_horizon.disable is defined %} +{% if iface_config.split_horizon.disable is vyos_defined %} no ip rip split-horizon {% endif %} -{% if iface_config.split_horizon is defined and iface_config.split_horizon.poison_reverse is defined %} +{% if iface_config.split_horizon.poison_reverse is vyos_defined %} ip rip split-horizon poisoned-reverse {% endif %} exit @@ -38,63 +38,55 @@ exit {% endif %} ! router rip -{% if default_distance is defined and default_distance is not none %} +{% if default_distance is vyos_defined %} distance {{ default_distance }} {% endif %} -{% if network_distance is defined and network_distance is not none %} +{% if network_distance is vyos_defined %} {% for network, network_config in network_distance.items() %} -{% if network_config.distance is defined and network_config.distance is not none %} +{% if network_config.distance is vyos_defined %} distance {{ network_config.distance }} {{ network }} {% endif %} {% endfor %} {% endif %} -{% if neighbor is defined and neighbor is not none %} +{% if neighbor is vyos_defined %} {% for address in neighbor %} neighbor {{ address }} {% endfor %} {% endif %} -{% if distribute_list is defined and distribute_list is not none %} -{% if distribute_list.access_list is defined and distribute_list.access_list is not none %} -{% if distribute_list.access_list.in is defined and distribute_list.access_list.in is not none %} +{% if distribute_list is vyos_defined %} +{% if distribute_list.access_list.in is vyos_defined %} distribute-list {{ distribute_list.access_list.in }} in -{% endif %} -{% if distribute_list.access_list.out is defined and distribute_list.access_list.out is not none %} +{% endif %} +{% if distribute_list.access_list.out is vyos_defined %} distribute-list {{ distribute_list.access_list.out }} out -{% endif %} {% endif %} -{% if distribute_list.interface is defined and distribute_list.interface is not none %} +{% if distribute_list.interface is vyos_defined %} {% for interface, interface_config in distribute_list.interface.items() %} -{% if interface_config.access_list is defined and interface_config.access_list is not none %} -{% if interface_config.access_list.in is defined and interface_config.access_list.in is not none %} +{% if interface_config.access_list.in is vyos_defined %} distribute-list {{ interface_config.access_list.in }} in {{ interface }} -{% endif %} -{% if interface_config.access_list.out is defined and interface_config.access_list.out is not none %} +{% endif %} +{% if interface_config.access_list.out is vyos_defined %} distribute-list {{ interface_config.access_list.out }} out {{ interface }} -{% endif %} {% endif %} -{% if interface_config.prefix_list is defined and interface_config.prefix_list is not none %} -{% if interface_config.prefix_list.in is defined and interface_config.prefix_list.in is not none %} +{% if interface_config.prefix_list.in is vyos_defined %} distribute-list prefix {{ interface_config.prefix_list.in }} in {{ interface }} -{% endif %} -{% if interface_config.prefix_list.out is defined and interface_config.prefix_list.out is not none %} +{% endif %} +{% if interface_config.prefix_list.out is vyos_defined %} distribute-list prefix {{ interface_config.prefix_list.out }} out {{ interface }} -{% endif %} {% endif %} {% endfor %} {% endif %} -{% if distribute_list.prefix_list is defined and distribute_list.prefix_list is not none %} -{% if distribute_list.prefix_list.in is defined and distribute_list.prefix_list.in is not none %} +{% if distribute_list.prefix_list.in is vyos_defined %} distribute-list prefix {{ distribute_list.prefix_list.in }} in -{% endif %} -{% if distribute_list.prefix_list.out is defined and distribute_list.prefix_list.out is not none %} +{% endif %} +{% if distribute_list.prefix_list.out is vyos_defined %} distribute-list prefix {{ distribute_list.prefix_list.out }} out -{% endif %} {% endif %} {% endif %} {% include 'frr/rip_ripng.frr.j2' %} exit ! -{% if route_map is defined and route_map is not none %} +{% if route_map is vyos_defined %} ip protocol rip route-map {{ route_map }} {% endif %} ! diff --git a/data/templates/frr/ripngd.frr.tmpl b/data/templates/frr/ripngd.frr.tmpl index ca7b9b5fb..06c61dd48 100644 --- a/data/templates/frr/ripngd.frr.tmpl +++ b/data/templates/frr/ripngd.frr.tmpl @@ -1,11 +1,11 @@ {# Interface specific configuration #} -{% if interface is defined and interface is not none %} +{% if interface is vyos_defined %} {% for iface, iface_config in interface.items() %} interface {{ iface }} -{% if iface_config.split_horizon is defined and iface_config.split_horizon.disable is defined %} +{% if iface_config.split_horizon.disable is vyos_defined %} no ipv6 rip split-horizon {% endif %} -{% if iface_config.split_horizon is defined and iface_config.split_horizon.poison_reverse is defined %} +{% if iface_config.split_horizon.poison_reverse is vyos_defined %} ipv6 rip split-horizon poisoned-reverse {% endif %} exit @@ -13,53 +13,45 @@ exit {% endif %} ! router ripng -{% if aggregate_address is defined and aggregate_address is not none %} +{% if aggregate_address is vyos_defined %} {% for prefix in aggregate_address %} aggregate-address {{ prefix }} {% endfor %} {% endif %} -{% if distribute_list is defined and distribute_list is not none %} -{% if distribute_list.access_list is defined and distribute_list.access_list is not none %} -{% if distribute_list.access_list.in is defined and distribute_list.access_list.in is not none %} +{% if distribute_list is vyos_defined %} +{% if distribute_list.access_list.in is vyos_defined %} ipv6 distribute-list {{ distribute_list.access_list.in }} in -{% endif %} -{% if distribute_list.access_list.out is defined and distribute_list.access_list.out is not none %} +{% endif %} +{% if distribute_list.access_list.out is vyos_defined %} ipv6 distribute-list {{ distribute_list.access_list.out }} out -{% endif %} {% endif %} -{% if distribute_list.interface is defined and distribute_list.interface is not none %} +{% if distribute_list.interface is vyos_defined %} {% for interface, interface_config in distribute_list.interface.items() %} -{% if interface_config.access_list is defined and interface_config.access_list is not none %} -{% if interface_config.access_list.in is defined and interface_config.access_list.in is not none %} +{% if interface_config.access_list.in is vyos_defined %} ipv6 distribute-list {{ interface_config.access_list.in }} in {{ interface }} -{% endif %} -{% if interface_config.access_list.out is defined and interface_config.access_list.out is not none %} +{% endif %} +{% if interface_config.access_list.out is vyos_defined %} ipv6 distribute-list {{ interface_config.access_list.out }} out {{ interface }} -{% endif %} {% endif %} -{% if interface_config.prefix_list is defined and interface_config.prefix_list is not none %} -{% if interface_config.prefix_list.in is defined and interface_config.prefix_list.in is not none %} +{% if interface_config.prefix_list.in is vyos_defined %} ipv6 distribute-list prefix {{ interface_config.prefix_list.in }} in {{ interface }} -{% endif %} -{% if interface_config.prefix_list.out is defined and interface_config.prefix_list.out is not none %} +{% endif %} +{% if interface_config.prefix_list.out is vyos_defined %} ipv6 distribute-list prefix {{ interface_config.prefix_list.out }} out {{ interface }} -{% endif %} {% endif %} {% endfor %} {% endif %} -{% if distribute_list.prefix_list is defined and distribute_list.prefix_list is not none %} -{% if distribute_list.prefix_list.in is defined and distribute_list.prefix_list.in is not none %} +{% if distribute_list.prefix_list.in is vyos_defined %} ipv6 distribute-list prefix {{ distribute_list.prefix_list.in }} in -{% endif %} -{% if distribute_list.prefix_list.out is defined and distribute_list.prefix_list.out is not none %} +{% endif %} +{% if distribute_list.prefix_list.out is vyos_defined %} ipv6 distribute-list prefix {{ distribute_list.prefix_list.out }} out -{% endif %} {% endif %} {% endif %} {% include 'frr/rip_ripng.frr.j2' %} exit ! -{% if route_map is defined and route_map is not none %} +{% if route_map is vyos_defined %} ipv6 protocol ripng route-map {{ route_map }} {% endif %} ! diff --git a/data/templates/frr/rpki.frr.tmpl b/data/templates/frr/rpki.frr.tmpl index 7f9823f6b..3f4fd3236 100644 --- a/data/templates/frr/rpki.frr.tmpl +++ b/data/templates/frr/rpki.frr.tmpl @@ -1,17 +1,17 @@ ! {# as FRR does not support deleting the entire rpki section we leave it in place even when it's empty #} rpki -{% if cache is defined and cache is not none %} +{% if cache is vyos_defined %} {% for peer, peer_config in cache.items() %} {# port is mandatory and preference uses a default value #} -{% if peer_config.ssh is defined and peer_config.ssh.username is defined and peer_config.ssh.username is not none %} +{% if peer_config.ssh.username is vyos_defined %} rpki cache {{ peer | replace('_', '-') }} {{ peer_config.port }} {{ peer_config.ssh.username }} {{ peer_config.ssh.private_key_file }} {{ peer_config.ssh.public_key_file }} {{ peer_config.ssh.known_hosts_file }} preference {{ peer_config.preference }} {% else %} rpki cache {{ peer | replace('_', '-') }} {{ peer_config.port }} preference {{ peer_config.preference }} {% endif %} {% endfor %} {% endif %} -{% if polling_period is defined and polling_period is not none %} +{% if polling_period is vyos_defined %} rpki polling_period {{ polling_period }} {% endif %} exit diff --git a/data/templates/frr/static_routes_macro.j2 b/data/templates/frr/static_routes_macro.j2 index 3b432b49b..0b242a868 100644 --- a/data/templates/frr/static_routes_macro.j2 +++ b/data/templates/frr/static_routes_macro.j2 @@ -1,21 +1,24 @@ {% macro static_routes(ip_ipv6, prefix, prefix_config, table=None) %} -{% if prefix_config.blackhole is defined %} -{{ ip_ipv6 }} route {{ prefix }} blackhole {{ prefix_config.blackhole.distance if prefix_config.blackhole.distance is defined }} {{ 'tag ' + prefix_config.blackhole.tag if prefix_config.blackhole.tag is defined }} {{ 'table ' + table if table is defined and table is not none }} +{% if prefix_config.blackhole is vyos_defined %} +{{ ip_ipv6 }} route {{ prefix }} blackhole {{ prefix_config.blackhole.distance if prefix_config.blackhole.distance is vyos_defined }} {{ 'tag ' ~ prefix_config.blackhole.tag if prefix_config.blackhole.tag is vyos_defined }} {{ 'table ' ~ table if table is vyos_defined and table is not none }} {% endif %} -{% if prefix_config.dhcp_interface is defined and prefix_config.dhcp_interface is not none %} +{% if prefix_config.reject is vyos_defined %} +{{ ip_ipv6 }} route {{ prefix }} reject {{ prefix_config.reject.distance if prefix_config.reject.distance is vyos_defined }} {{ 'tag ' ~ prefix_config.reject.tag if prefix_config.reject.tag is vyos_defined }} {{ 'table ' ~ table if table is vyos_defined }} +{% endif %} +{% if prefix_config.dhcp_interface is vyos_defined %} {% set next_hop = prefix_config.dhcp_interface | get_dhcp_router %} -{% if next_hop is defined and next_hop is not none %} -{{ ip_ipv6 }} route {{ prefix }} {{ next_hop }} {{ prefix_config.dhcp_interface }} +{% if next_hop is vyos_defined %} +{{ ip_ipv6 }} route {{ prefix }} {{ next_hop }} {{ prefix_config.dhcp_interface }} {{ 'table ' ~ table if table is vyos_defined }} {% endif %} {% endif %} -{% if prefix_config.interface is defined and prefix_config.interface is not none %} +{% if prefix_config.interface is vyos_defined %} {% for interface, interface_config in prefix_config.interface.items() if interface_config.disable is not defined %} -{{ ip_ipv6 }} route {{ prefix }} {{ interface }} {{ interface_config.distance if interface_config.distance is defined }} {{ 'nexthop-vrf ' + interface_config.vrf if interface_config.vrf is defined }} {{ 'table ' + table if table is defined and table is not none }} +{{ ip_ipv6 }} route {{ prefix }} {{ interface }} {{ interface_config.distance if interface_config.distance is vyos_defined }} {{ 'nexthop-vrf ' ~ interface_config.vrf if interface_config.vrf is vyos_defined }} {{ 'table ' ~ table if table is vyos_defined }} {% endfor %} {% endif %} -{% if prefix_config.next_hop is defined and prefix_config.next_hop is not none %} +{% if prefix_config.next_hop is vyos_defined and prefix_config.next_hop is not none %} {% for next_hop, next_hop_config in prefix_config.next_hop.items() if next_hop_config.disable is not defined %} -{{ ip_ipv6 }} route {{ prefix }} {{ next_hop }} {{ next_hop_config.interface if next_hop_config.interface is defined }} {{ next_hop_config.distance if next_hop_config.distance is defined }} {{ 'nexthop-vrf ' + next_hop_config.vrf if next_hop_config.vrf is defined }} {{ 'table ' + table if table is defined and table is not none }} +{{ ip_ipv6 }} route {{ prefix }} {{ next_hop }} {{ next_hop_config.interface if next_hop_config.interface is vyos_defined }} {{ next_hop_config.distance if next_hop_config.distance is vyos_defined }} {{ 'nexthop-vrf ' ~ next_hop_config.vrf if next_hop_config.vrf is vyos_defined }} {{ 'table ' ~ table if table is vyos_defined}} {% endfor %} {% endif %} {% endmacro %} diff --git a/data/templates/frr/staticd.frr.tmpl b/data/templates/frr/staticd.frr.tmpl index bfe959c1d..c7138b12b 100644 --- a/data/templates/frr/staticd.frr.tmpl +++ b/data/templates/frr/staticd.frr.tmpl @@ -2,7 +2,7 @@ ! {% set ip_prefix = 'ip' %} {% set ipv6_prefix = 'ipv6' %} -{% if vrf is defined and vrf is not none %} +{% if vrf is vyos_defined %} {# We need to add an additional whitespace in front of the prefix #} {# when VRFs are in use, thus we use a variable for prefix handling #} {% set ip_prefix = ' ip' %} @@ -10,40 +10,40 @@ vrf {{ vrf }} {% endif %} {# IPv4 routing #} -{% if route is defined and route is not none %} +{% if route is vyos_defined %} {% for prefix, prefix_config in route.items() %} {{ static_routes(ip_prefix, prefix, prefix_config) }} {%- endfor -%} {% endif %} {# IPv4 default routes from DHCP interfaces #} -{% if dhcp is defined and dhcp is not none %} -{% for interface in dhcp %} +{% if dhcp is vyos_defined %} +{% for interface, interface_config in dhcp.items() %} {% set next_hop = interface | get_dhcp_router %} -{% if next_hop is defined and next_hop is not none %} -{{ ip_prefix }} route 0.0.0.0/0 {{ next_hop }} {{ interface }} tag 210 210 +{% if next_hop is vyos_defined %} +{{ ip_prefix }} route 0.0.0.0/0 {{ next_hop }} {{ interface }} tag 210 {{ interface_config.distance }} {% endif %} {% endfor %} {% endif %} {# IPv6 routing #} -{% if route6 is defined and route6 is not none %} +{% if route6 is vyos_defined %} {% for prefix, prefix_config in route6.items() %} {{ static_routes(ipv6_prefix, prefix, prefix_config) }} {%- endfor -%} {% endif %} -{% if vrf is defined and vrf is not none %} +{% if vrf is vyos_defined %} exit-vrf {% endif %} ! {# Policy route tables #} -{% if table is defined and table is not none %} +{% if table is vyos_defined %} {% for table_id, table_config in table.items() %} -{% if table_config.route is defined and table_config.route is not none %} +{% if table_config.route is vyos_defined %} {% for prefix, prefix_config in table_config.route.items() %} {{ static_routes('ip', prefix, prefix_config, table_id) }} {%- endfor -%} {% endif %} ! -{% if table_config.route6 is defined and table_config.route6 is not none %} +{% if table_config.route6 is vyos_defined %} {% for prefix, prefix_config in table_config.route6.items() %} {{ static_routes('ipv6', prefix, prefix_config, table_id) }} {%- endfor -%} @@ -52,7 +52,7 @@ vrf {{ vrf }} {% endfor %} {% endif %} ! -{% if route_map is defined and route_map is not none %} +{% if route_map is vyos_defined %} ip protocol static route-map {{ route_map }} ! {% endif %} diff --git a/data/templates/frr/vrf-vni.frr.tmpl b/data/templates/frr/vrf-vni.frr.tmpl index 299c9719e..916b5d05d 100644 --- a/data/templates/frr/vrf-vni.frr.tmpl +++ b/data/templates/frr/vrf-vni.frr.tmpl @@ -1,7 +1,7 @@ -{% if name is defined and name is not none %} +{% if name is vyos_defined %} {% for vrf, vrf_config in name.items() %} vrf {{ vrf }} -{% if vrf_config.vni is defined and vrf_config.vni is not none %} +{% if vrf_config.vni is vyos_defined %} vni {{ vrf_config.vni }} {% endif %} exit-vrf diff --git a/data/templates/frr/vrf.route-map.frr.tmpl b/data/templates/frr/vrf.route-map.frr.tmpl index cb0e07616..5e0c56a7b 100644 --- a/data/templates/frr/vrf.route-map.frr.tmpl +++ b/data/templates/frr/vrf.route-map.frr.tmpl @@ -1,10 +1,10 @@ ! -{% if vrf is defined and vrf is not none and route_map is defined and route_map is not none %} +{% if vrf is vyos_defined and route_map is vyos_defined %} vrf {{ vrf }} ip protocol {{ protocol }} route-map {{ route_map }} exit-vrf ! -{% elif route_map is defined and route_map is not none %} +{% elif route_map is vyos_defined %} ip protocol {{ protocol }} route-map {{ route_map }} {% endif %} ! diff --git a/data/templates/high-availability/keepalived.conf.tmpl b/data/templates/high-availability/keepalived.conf.tmpl index afd5f5383..68c707f17 100644 --- a/data/templates/high-availability/keepalived.conf.tmpl +++ b/data/templates/high-availability/keepalived.conf.tmpl @@ -28,6 +28,9 @@ vrrp_instance {{ name }} { virtual_router_id {{ group_config.vrid }} priority {{ group_config.priority }} advert_int {{ group_config.advertise_interval }} +{% if group_config.track is defined and group_config.track.exclude_vrrp_interface is defined %} + dont_track_primary +{% endif %} {% if group_config.no_preempt is not defined and group_config.preempt_delay is defined and group_config.preempt_delay is not none %} preempt_delay {{ group_config.preempt_delay }} {% elif group_config.no_preempt is defined %} @@ -61,8 +64,8 @@ vrrp_instance {{ name }} { {% endif %} {% if group_config.address is defined and group_config.address is not none %} virtual_ipaddress { -{% for addr in group_config.address %} - {{ addr }} +{% for addr, addr_config in group_config.address.items() %} + {{ addr }}{{ ' dev ' + addr_config.interface if addr_config.interface is defined }} {% endfor %} } {% endif %} @@ -73,6 +76,13 @@ vrrp_instance {{ name }} { {% endfor %} } {% endif %} +{% if group_config.track is defined and group_config.track.interface is defined and group_config.track.interface is not none %} + track_interface { +{% for interface in group_config.track.interface %} + {{ interface }} +{% endfor %} + } +{% endif %} {% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none %} track_script { healthcheck_{{ name }} @@ -103,7 +113,7 @@ vrrp_sync_group {{ name }} { {% endif %} {% endfor %} {% endif %} -{% if vrrp.conntrack_sync_group is defined and vrrp.conntrack_sync_group == name %} +{% if conntrack_sync_group is defined and conntrack_sync_group == name %} {% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %} notify_master "{{ vyos_helper }} master {{ name }}" notify_backup "{{ vyos_helper }} backup {{ name }}" @@ -113,8 +123,8 @@ vrrp_sync_group {{ name }} { {% endfor %} {% endif %} -# Virtual-server configuration {% if virtual_server is defined and virtual_server is not none %} +# Virtual-server configuration {% for vserver, vserver_config in virtual_server.items() %} virtual_server {{ vserver }} {{ vserver_config.port }} { delay_loop {{ vserver_config.delay_loop }} diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl index e8511bd62..a51505270 100644 --- a/data/templates/https/nginx.default.tmpl +++ b/data/templates/https/nginx.default.tmpl @@ -53,19 +53,6 @@ server { } error_page 497 =301 https://$host:{{ server.port }}$request_uri; - error_page 501 502 503 =200 @50*_json; - -{% if api_set %} - location @50*_json { - default_type application/json; - return 200 '{"error": "service https api unavailable at this proxy address: set service https api-restrict virtual-host"}'; - } -{% else %} - location @50*_json { - default_type application/json; - return 200 '{"error": "Start service in configuration mode: set service https api"}'; - } -{% endif %} } diff --git a/data/templates/ipsec/charon.tmpl b/data/templates/ipsec/charon.tmpl index 4d710921e..b9b020dcd 100644 --- a/data/templates/ipsec/charon.tmpl +++ b/data/templates/ipsec/charon.tmpl @@ -20,6 +20,17 @@ charon { # Send Cisco Unity vendor ID payload (IKEv1 only). # cisco_unity = no + # Cisco FlexVPN +{% if options is defined %} + cisco_flexvpn = {{ 'yes' if options.flexvpn is defined else 'no' }} +{% if options.virtual_ip is defined %} + install_virtual_ip = yes +{% endif %} +{% if options.interface is defined and options.interface is not none %} + install_virtual_ip_on = {{ options.interface }} +{% endif %} +{% endif %} + # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed. # close_ike_on_child_failure = no diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index c6b71f2a1..a622cbf74 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -5,6 +5,9 @@ peer_{{ name }} { proposals = {{ ike | get_esp_ike_cipher | join(',') }} version = {{ ike.key_exchange[4:] if ike is defined and ike.key_exchange is defined else "0" }} +{% if peer_conf.virtual_address is defined and peer_conf.virtual_address is not none %} + vips = {{ peer_conf.virtual_address | join(', ') }} +{% endif %} local_addrs = {{ peer_conf.local_address if peer_conf.local_address != 'any' else '0.0.0.0/0' }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} remote_addrs = {{ peer if peer not in ['any', '0.0.0.0'] and peer[0:1] != '@' else '0.0.0.0/0' }} {% if peer_conf.authentication is defined and peer_conf.authentication.mode is defined and peer_conf.authentication.mode == 'x509' %} @@ -57,6 +60,12 @@ {% set vti_esp = esp_group[ peer_conf.vti.esp_group ] if peer_conf.vti.esp_group is defined else esp_group[ peer_conf.default_esp_group ] %} peer_{{ name }}_vti { esp_proposals = {{ vti_esp | get_esp_ike_cipher(ike) | join(',') }} +{% if vti_esp.life_bytes is defined and vti_esp.life_bytes is not none %} + life_bytes = {{ vti_esp.life_bytes }} +{% endif %} +{% if vti_esp.life_packets is defined and vti_esp.life_packets is not none %} + life_packets = {{ vti_esp.life_packets }} +{% endif %} life_time = {{ vti_esp.lifetime }}s local_ts = 0.0.0.0/0,::/0 remote_ts = 0.0.0.0/0,::/0 @@ -74,11 +83,14 @@ start_action = start {% elif peer_conf.connection_type == 'respond' %} start_action = trap +{% elif peer_conf.connection_type == 'none' %} + start_action = none {% endif %} {% if ike.dead_peer_detection is defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %} +{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} {% endif %} + close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} } {% elif peer_conf.tunnel is defined %} {% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() if tunnel_conf.disable is not defined %} @@ -91,6 +103,12 @@ {% set remote_suffix = '[{0}/{1}]'.format(proto, remote_port) if proto or remote_port else '' %} peer_{{ name }}_tunnel_{{ tunnel_id }} { esp_proposals = {{ tunnel_esp | get_esp_ike_cipher(ike) | join(',') }} +{% if tunnel_esp.life_bytes is defined and tunnel_esp.life_bytes is not none %} + life_bytes = {{ tunnel_esp.life_bytes }} +{% endif %} +{% if tunnel_esp.life_packets is defined and tunnel_esp.life_packets is not none %} + life_packets = {{ tunnel_esp.life_packets }} +{% endif %} life_time = {{ tunnel_esp.lifetime }}s {% if tunnel_esp.mode is not defined or tunnel_esp.mode == 'tunnel' %} {% if tunnel_conf.local is defined and tunnel_conf.local.prefix is defined %} @@ -116,11 +134,14 @@ start_action = start {% elif peer_conf.connection_type == 'respond' %} start_action = trap +{% elif peer_conf.connection_type == 'none' %} + start_action = none {% endif %} {% if ike.dead_peer_detection is defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %} +{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} {% endif %} + close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} {% if peer_conf.vti is defined and peer_conf.vti.bind is defined %} updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}" {# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} diff --git a/data/templates/lldp/lldpd.tmpl b/data/templates/lldp/lldpd.tmpl index 3db955b48..819e70c84 100644 --- a/data/templates/lldp/lldpd.tmpl +++ b/data/templates/lldp/lldpd.tmpl @@ -1,3 +1,2 @@ ### Autogenerated by lldp.py ### -DAEMON_ARGS="-M 4{% if options.snmp %} -x{% endif %}{% if options.cdp %} -c{% endif %}{% if options.edp %} -e{% endif %}{% if options.fdp %} -f{% endif %}{% if options.sonmp %} -s{% endif %}" - +DAEMON_ARGS="-M 4{% if snmp is defined and snmp.enable is defined %} -x{% endif %}{% if legacy_protocols is defined and legacy_protocols.cdp is defined %} -c{% endif %}{% if legacy_protocols is defined and legacy_protocols.edp is defined %} -e{% endif %}{% if legacy_protocols is defined and legacy_protocols.fdp is defined %} -f{% endif %}{% if legacy_protocols is defined and legacy_protocols.sonmp is defined %} -s{% endif %}" diff --git a/data/templates/lldp/vyos.conf.tmpl b/data/templates/lldp/vyos.conf.tmpl index 07bbaf604..14395a223 100644 --- a/data/templates/lldp/vyos.conf.tmpl +++ b/data/templates/lldp/vyos.conf.tmpl @@ -1,20 +1,25 @@ ### Autogenerated by lldp.py ### configure system platform VyOS -configure system description "VyOS {{ options.description }}" -{% if options.listen_on %} -configure system interface pattern "{{ ( options.listen_on | select('equalto','all') | map('replace','all','*') | list + options.listen_on | select('equalto','!all') | map('replace','!all','!*') | list + options.listen_on | reject('equalto','all') | reject('equalto','!all') | list ) | unique | join(",") }}" +configure system description "VyOS {{ version }}" +{% if interface is defined and interface is not none %} +{% set tmp = [] %} +{% for iface, iface_options in interface.items() if not iface_options.disable %} +{% if iface == 'all' %} +{% set iface = '*' %} +{% endif %} +{% set _ = tmp.append(iface) %} +{% if iface_options.location is defined and iface_options.location is not none %} +{% if iface_options.location.elin is defined and iface_options.location.elin is not none %} +configure ports {{ iface }} med location elin "{{ iface_options.location.elin }}" +{% endif %} +{% if iface_options.location is defined and iface_options.location.coordinate_based is defined and iface_options.location.coordinate_based is not none %} +configure ports {{ iface }} med location coordinate latitude "{{ iface_options.location.coordinate_based.latitude }}" longitude "{{ iface_options.location.coordinate_based.longitude }}" altitude "{{ iface_options.location.coordinate_based.altitude }}m" datum "{{ iface_options.location.coordinate_based.datum }}" +{% endif %} +{% endif %} +{% endfor %} +configure system interface pattern "{{ tmp | join(",") }}" {% endif %} -{% if options.mgmt_addr %} -configure system ip management pattern {{ options.mgmt_addr | join(",") }} +{% if management_address is defined and management_address is not none %} +configure system ip management pattern {{ management_address | join(",") }} {% endif %} -{% for loc in location %} -{% if loc.elin %} -configure ports {{ loc.name }} med location elin "{{ loc.elin }}" -{% endif %} -{% if loc.coordinate_based %} -configure ports {{ loc.name }} med location coordinate {% if loc.coordinate_based.latitude %}latitude {{ loc.coordinate_based.latitude }}{% endif %} {% if loc.coordinate_based.longitude %}longitude {{ loc.coordinate_based.longitude }}{% endif %} {% if loc.coordinate_based.altitude %}altitude {{ loc.coordinate_based.altitude }} m{% endif %} {% if loc.coordinate_based.datum %}datum {{ loc.coordinate_based.datum }}{% endif %} -{% endif %} - - -{% endfor %} diff --git a/data/templates/monitoring/override.conf.tmpl b/data/templates/monitoring/override.conf.tmpl index 63f6d7391..f8f150791 100644 --- a/data/templates/monitoring/override.conf.tmpl +++ b/data/templates/monitoring/override.conf.tmpl @@ -3,5 +3,5 @@ After=vyos-router.service ConditionPathExists=/run/telegraf/vyos-telegraf.conf [Service] Environment=INFLUX_TOKEN={{ authentication.token }} -CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN +CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN diff --git a/data/templates/monitoring/telegraf.tmpl b/data/templates/monitoring/telegraf.tmpl index 62fa4df7a..d3145a500 100644 --- a/data/templates/monitoring/telegraf.tmpl +++ b/data/templates/monitoring/telegraf.tmpl @@ -17,7 +17,7 @@ [[outputs.influxdb_v2]] urls = ["{{ url }}:{{ port }}"] insecure_skip_verify = true - token = "{{ authentication.token }}" + token = "$INFLUX_TOKEN" organization = "{{ authentication.organization }}" bucket = "{{ bucket }}" [[inputs.cpu]] @@ -41,11 +41,7 @@ files = ["ip_conntrack_count","ip_conntrack_max","nf_conntrack_count","nf_conntrack_max"] dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"] [[inputs.ethtool]] -[[inputs.iptables]] - use_sudo = false - table = "filter" - chains = {{ nft_chains }} - use_lock = true + interface_include = {{ interfaces_ethernet }} [[inputs.ntpq]] dns_lookup = true [[inputs.internal]] @@ -56,8 +52,9 @@ syslog_standard = "RFC3164" [[inputs.exec]] commands = [ + "{{ custom_scripts_dir }}/show_firewall_input_filter.py", "{{ custom_scripts_dir }}/show_interfaces_input_filter.py", - "cat /tmp/vyos_services_input_filter" + "{{ custom_scripts_dir }}/vyos_services_input_filter.py" ] timeout = "10s" data_format = "influx" diff --git a/data/templates/nhrp/opennhrp.conf.tmpl b/data/templates/nhrp/opennhrp.conf.tmpl index 948327198..e9e9f692a 100644 --- a/data/templates/nhrp/opennhrp.conf.tmpl +++ b/data/templates/nhrp/opennhrp.conf.tmpl @@ -33,7 +33,7 @@ interface {{ name }} #{{ type }} {{ profile_name }} {% endfor %} {% if tunnel_conf.shortcut_target is defined and tunnel_conf.shortcut_target is not none %} {% for target, shortcut_conf in tunnel_conf.shortcut_target.items() %} - shortcut-target {{ target }} {{ shortcut_conf.holding_time if shortcut_conf.holding_time is defined else '' }} + shortcut-target {{ target }}{{ ' holding-time ' + shortcut_conf.holding_time if shortcut_conf.holding_time is defined }} {% endfor %} {% endif %} diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl index 38e68f24f..e7afcc16b 100644 --- a/data/templates/ntp/ntpd.conf.tmpl +++ b/data/templates/ntp/ntpd.conf.tmpl @@ -27,6 +27,7 @@ restrict -6 ::1 {% if allow_clients is defined and allow_clients.address is defined %} # Allowed clients configuration +restrict default ignore {% for address in allow_clients.address %} restrict {{ address|address_from_cidr }} mask {{ address|netmask_from_cidr }} nomodify notrap nopeer {% endfor %} diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 7a0470d0e..fb7ad9e16 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -141,11 +141,13 @@ ping {{ keep_alive.interval }} ping-restart {{ keep_alive.failure_count }} {% if device_type == 'tap' %} -{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %} -{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %} +{% if local_address is defined and local_address is not none %} +{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %} +{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %} ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} +{% endif %} {% else %} {% for laddr in local_address if laddr | is_ipv4 %} {% for raddr in remote_address if raddr | is_ipv4 %} diff --git a/data/templates/pmacct/override.conf.tmpl b/data/templates/pmacct/override.conf.tmpl new file mode 100644 index 000000000..216927666 --- /dev/null +++ b/data/templates/pmacct/override.conf.tmpl @@ -0,0 +1,17 @@ +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} +[Unit] +After= +After=vyos-router.service +ConditionPathExists= +ConditionPathExists=/run/pmacct/uacctd.conf + +[Service] +EnvironmentFile= +ExecStart= +ExecStart={{vrf_command}}/usr/sbin/uacctd -f /run/pmacct/uacctd.conf +WorkingDirectory= +WorkingDirectory=/run/pmacct +PIDFile= +PIDFile=/run/pmacct/uacctd.pid +Restart=always +RestartSec=10 diff --git a/data/templates/netflow/uacctd.conf.tmpl b/data/templates/pmacct/uacctd.conf.tmpl index f81002dc1..b58f7c796 100644 --- a/data/templates/netflow/uacctd.conf.tmpl +++ b/data/templates/pmacct/uacctd.conf.tmpl @@ -19,19 +19,19 @@ imt_mem_pools_number: 169 {% endif %} {% set plugin = [] %} -{% if disable_imt is not defined %} -{% set plugin = ['memory'] %} -{% endif %} {% if netflow is defined and netflow.server is defined and netflow.server is not none %} {% for server in netflow.server %} -{% set plugin = plugin.append('nfprobe[nf_' ~ server ~ ']') %} +{% set _ = plugin.append('nfprobe[nf_' ~ server ~ ']') %} {% endfor %} {% endif %} {% if sflow is defined and sflow.server is defined and sflow.server is not none %} {% for server in sflow.server %} -{% set plugin = plugin.append('sfprobe[sf_' ~ server ~ ']') %} +{% set _ = plugin.append('sfprobe[sf_' ~ server ~ ']') %} {% endfor %} {% endif %} +{% if disable_imt is not defined %} +{% set _ = plugin.append('memory') %} +{% endif %} plugins: {{ plugin | join(',') }} {% if netflow is defined and netflow.server is defined and netflow.server is not none %} diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl index 2f2b78a66..670cf85a1 100644 --- a/data/templates/ssh/sshd_config.tmpl +++ b/data/templates/ssh/sshd_config.tmpl @@ -29,6 +29,7 @@ UsePAM yes PermitRootLogin no PidFile /run/sshd/sshd.pid AddressFamily any +DebianBanner no # # User configurable section diff --git a/data/templates/syslog/logrotate.tmpl b/data/templates/syslog/logrotate.tmpl index f758265e4..c1b951e8b 100644 --- a/data/templates/syslog/logrotate.tmpl +++ b/data/templates/syslog/logrotate.tmpl @@ -1,12 +1,11 @@ -{% for file in files %} -{{files[file]['log-file']}} { +{{ config_render['log-file'] }} { missingok notifempty create - rotate {{files[file]['max-files']}} - size={{files[file]['max-size']//1024}}k + rotate {{ config_render['max-files'] }} + size={{ config_render['max-size'] // 1024 }}k postrotate invoke-rc.d rsyslog rotate > /dev/null endscript } -{% endfor %} + diff --git a/data/templates/zone_policy/nftables.tmpl b/data/templates/zone_policy/nftables.tmpl index fae6e8c4f..4a6bd2772 100644 --- a/data/templates/zone_policy/nftables.tmpl +++ b/data/templates/zone_policy/nftables.tmpl @@ -13,29 +13,32 @@ table ip filter { chain VZONE_{{ zone_name }}_IN { iifname lo counter return {% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is defined %} - iifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.name }} + iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }} iifname { {{ zone[from_zone].interface | join(",") }} } counter return {% endfor %} - counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }} + counter {{ zone_conf.default_action }} } chain VZONE_{{ zone_name }}_OUT { oifname lo counter return {% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.name is defined %} - oifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.name }} + oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }} oifname { {{ zone[from_zone].interface | join(",") }} } counter return {% endfor %} - counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }} + counter {{ zone_conf.default_action }} } {% else %} chain VZONE_{{ zone_name }} { iifname { {{ zone_conf.interface | join(",") }} } counter {{ zone_conf | nft_intra_zone_action(ipv6=False) }} +{% if zone_conf.intra_zone_filtering is defined %} + iifname { {{ zone_conf.interface | join(",") }} } counter return +{% endif %} {% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.name is defined %} {% if zone[from_zone].local_zone is not defined %} - iifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.name }} + iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }} iifname { {{ zone[from_zone].interface | join(",") }} } counter return {% endif %} {% endfor %} - counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }} + counter {{ zone_conf.default_action }} } {% endif %} {% endfor %} @@ -47,29 +50,32 @@ table ip6 filter { chain VZONE6_{{ zone_name }}_IN { iifname lo counter return {% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is defined %} - iifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.ipv6_name }} + iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }} iifname { {{ zone[from_zone].interface | join(",") }} } counter return {% endfor %} - counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }} + counter {{ zone_conf.default_action }} } chain VZONE6_{{ zone_name }}_OUT { oifname lo counter return {% for from_zone, from_conf in zone_conf.from_local.items() if from_conf.firewall.ipv6_name is defined %} - oifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.ipv6_name }} + oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }} oifname { {{ zone[from_zone].interface | join(",") }} } counter return {% endfor %} - counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }} + counter {{ zone_conf.default_action }} } {% else %} chain VZONE6_{{ zone_name }} { iifname { {{ zone_conf.interface | join(",") }} } counter {{ zone_conf | nft_intra_zone_action(ipv6=True) }} +{% if zone_conf.intra_zone_filtering is defined %} + iifname { {{ zone_conf.interface | join(",") }} } counter return +{% endif %} {% for from_zone, from_conf in zone_conf.from.items() if from_conf.firewall.ipv6_name is defined %} {% if zone[from_zone].local_zone is not defined %} - iifname { {{ zone[from_zone].interface | join(",") }} } counter jump {{ from_conf.firewall.ipv6_name }} + iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }} iifname { {{ zone[from_zone].interface | join(",") }} } counter return {% endif %} {% endfor %} - counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }} + counter {{ zone_conf.default_action }} } {% endif %} {% endfor %} |