summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/configd-include.json1
-rw-r--r--data/templates/firewall/nftables-nat66.tmpl20
-rw-r--r--data/templates/frr/bgp.frr.tmpl2
-rw-r--r--data/templates/frr/isis.frr.tmpl6
-rw-r--r--data/templates/frr/ospf.frr.tmpl4
-rw-r--r--data/templates/frr/static.frr.tmpl17
-rw-r--r--data/templates/frr/vrf.frr.tmpl25
-rw-r--r--data/templates/https/nginx.default.tmpl4
8 files changed, 37 insertions, 42 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index aabd7232e..eed858363 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -44,7 +44,6 @@
"protocols_ripng.py",
"protocols_static.py",
"protocols_static_multicast.py",
-"protocols_vrf.py",
"salt-minion.py",
"service_console-server.py",
"service_ids_fastnetmon.py",
diff --git a/data/templates/firewall/nftables-nat66.tmpl b/data/templates/firewall/nftables-nat66.tmpl
index cdaeaad6a..e5c1b1b8d 100644
--- a/data/templates/firewall/nftables-nat66.tmpl
+++ b/data/templates/firewall/nftables-nat66.tmpl
@@ -1,9 +1,13 @@
#!/usr/sbin/nft -f
{% macro nptv6_rule(rule,config, chain) %}
-{% set src_prefix = "ip6 saddr " + config.source.prefix if config.source is defined and config.source.prefix is defined and config.source.prefix is not none %}
-{% set dest_address = "ip6 daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %}
+{% set comment = '' %}
+{% set base_log = '' %}
+{% set src_prefix = "ip6 saddr " + config.source.prefix if config.source is defined and config.source.prefix is defined and config.source.prefix is not none %}
+{% set dest_address = "ip6 daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %}
{% if chain == "PREROUTING" %}
+{% set comment = "DST-NAT66-" + rule %}
+{% set base_log = '[NAT66-DST-' + rule %}
{% set interface = " iifname \"" + config.inbound_interface + "\"" if config.inbound_interface is defined and config.inbound_interface != 'any' else '' %}
{% if config.translation.address | is_ip_network %}
{# support 1:1 network translation #}
@@ -13,6 +17,8 @@
{% endif %}
{% set trns_address = dnat_type + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %}
{% elif chain == "POSTROUTING" %}
+{% set comment = 'SRC-NAT66-' + rule %}
+{% set base_log = '[NAT66-SRC-' + rule %}
{% if config.translation is defined and config.translation.address is defined and config.translation.address is not none %}
{% if config.translation.address == 'masquerade' %}
{% set trns_address = config.translation.address %}
@@ -28,10 +34,12 @@
{% endif %}
{% set interface = " oifname \"" + config.outbound_interface + "\"" if config.outbound_interface is defined else '' %}
{% endif %}
-{% set comment = "NPT-NAT-" + rule %}
-{% if rule.log %}
-{% set base_log = "[NPT-DST-" + rule %}
-{% set log = base_log + "]" %}
+{% if config.log is defined %}
+{% if config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %}
+{% set log = base_log +'-MASQ]' %}
+{% else %}
+{% set log = base_log + "]" %}
+{% endif %}
{% endif %}
{% set output = "add rule ip6 nat " + chain + interface %}
{# Count packets #}
diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl
index f7aeaeb9d..53e62928b 100644
--- a/data/templates/frr/bgp.frr.tmpl
+++ b/data/templates/frr/bgp.frr.tmpl
@@ -185,7 +185,7 @@
{% endif %}
{% endmacro %}
!
-router bgp {{ asn }}
+router bgp {{ local_as }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{% if parameters is defined and parameters.ebgp_requires_policy is defined %}
bgp ebgp-requires-policy
{% else %}
diff --git a/data/templates/frr/isis.frr.tmpl b/data/templates/frr/isis.frr.tmpl
index 4460ab3b5..7f996b134 100644
--- a/data/templates/frr/isis.frr.tmpl
+++ b/data/templates/frr/isis.frr.tmpl
@@ -1,5 +1,5 @@
!
-router isis {{ process }}
+router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
net {{ net }}
{% if dynamic_hostname is defined %}
hostname dynamic
@@ -133,8 +133,8 @@ router isis {{ process }}
!
{% if interface is defined and interface is not none %}
{% for iface, iface_config in interface.items() %}
-interface {{ iface }}
- ip router isis {{ process }}
+interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
+ ip router isis VyOS
{% if iface_config.bfd is defined %}
isis bfd
{% endif %}
diff --git a/data/templates/frr/ospf.frr.tmpl b/data/templates/frr/ospf.frr.tmpl
index 140b6b406..a47c64c89 100644
--- a/data/templates/frr/ospf.frr.tmpl
+++ b/data/templates/frr/ospf.frr.tmpl
@@ -1,7 +1,7 @@
!
{% if interface is defined and interface is not none %}
{% for iface, iface_config in interface.items() %}
-interface {{ iface }}
+interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{% if iface_config.authentication is defined and iface_config.authentication is not none %}
{% if iface_config.authentication.plaintext_password is defined and iface_config.authentication.plaintext_password is not none %}
ip ospf authentication-key {{ iface_config.authentication.plaintext_password }}
@@ -50,7 +50,7 @@ interface {{ iface }}
{% endfor %}
{% endif %}
!
-router ospf
+router ospf {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
{% if access_list is defined and access_list is not none %}
{% for acl, acl_config in access_list.items() %}
{% for protocol in acl_config.export if acl_config.export is defined %}
diff --git a/data/templates/frr/static.frr.tmpl b/data/templates/frr/static.frr.tmpl
index bb0ec80a5..db59a44c2 100644
--- a/data/templates/frr/static.frr.tmpl
+++ b/data/templates/frr/static.frr.tmpl
@@ -1,18 +1,29 @@
{% from 'frr/static_routes_macro.j2' import static_routes %}
!
+{% set ip_prefix = 'ip' %}
+{% set ipv6_prefix = 'ipv6' %}
+{% if vrf is defined and vrf is not none %}
+{# We need to add an additional whitespace in front of the prefix #}
+{# when VRFs are in use, thus we use a variable for prefix handling #}
+{% set ip_prefix = ' ip' %}
+{% set ipv6_prefix = ' ipv6' %}
+vrf {{ vrf }}
+{% endif %}
{# IPv4 routing #}
{% if route is defined and route is not none %}
{% for prefix, prefix_config in route.items() %}
-{{ static_routes('ip', prefix, prefix_config) }}
+{{ static_routes(ip_prefix, prefix, prefix_config) }}
{%- endfor -%}
{% endif %}
-!
{# IPv6 routing #}
{% if route6 is defined and route6 is not none %}
{% for prefix, prefix_config in route6.items() %}
-{{ static_routes('ipv6', prefix, prefix_config) }}
+{{ static_routes(ipv6_prefix, prefix, prefix_config) }}
{%- endfor -%}
{% endif %}
+{% if vrf is defined and vrf is not none %}
+ exit-vrf
+{% endif %}
!
{# Policy route tables #}
{% if table is defined and table is not none %}
diff --git a/data/templates/frr/vrf.frr.tmpl b/data/templates/frr/vrf.frr.tmpl
deleted file mode 100644
index 8d3d8e9dd..000000000
--- a/data/templates/frr/vrf.frr.tmpl
+++ /dev/null
@@ -1,25 +0,0 @@
-{% from 'frr/static_routes_macro.j2' import static_routes %}
-!
-{% if vrf is defined and vrf is not none %}
-{% for vrf_name, vrf_config in vrf.items() %}
-vrf {{ vrf_name }}
-{% if vrf_config.vni is defined and vrf_config.vni is not none %}
- vni {{ vrf_config.vni }}
-{% endif %}
-{% if vrf_config.static is defined and vrf_config.static is not none %}
-{# IPv4 routes #}
-{% if vrf_config.static.route is defined and vrf_config.static.route is not none %}
-{% for prefix, prefix_config in vrf_config.static.route.items() %}
- {{ static_routes('ip', prefix, prefix_config) }}
-{%- endfor -%}
-{% endif %}
-{# IPv6 routes #}
-{% if vrf_config.static.route6 is defined and vrf_config.static.route6 is not none %}
-{% for prefix, prefix_config in vrf_config.static.route6.items() %}
- {{ static_routes('ipv6', prefix, prefix_config) }}
-{%- endfor -%}
-{% endif %}
-{% endif %}
-{% endfor %}
-{% endif %}
-!
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
index 81f8b3b8c..916764410 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.tmpl
@@ -40,9 +40,11 @@ server {
{% endif %}
# proxy settings for HTTP API, if enabled; 503, if not
- location ~ /(retrieve|configure|config-file|image|generate|show) {
+ location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc) {
{% if server.api %}
proxy_pass http://localhost:{{ server.api.port }};
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600;
proxy_buffering off;
{% else %}