summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/templates/firewall/nftables-nat.tmpl31
-rw-r--r--data/templates/frr/bgp.frr.tmpl4
-rw-r--r--data/templates/frr/ospf.frr.tmpl2
-rw-r--r--data/templates/ntp/ntpd.conf.tmpl (renamed from data/templates/ntp/ntp.conf.tmpl)0
-rw-r--r--data/templates/ntp/override.conf.tmpl5
-rw-r--r--data/templates/openvpn/server.conf.tmpl6
-rw-r--r--data/templates/ssh/override.conf.tmpl1
-rw-r--r--data/templates/vrf/vrf.conf.tmpl9
8 files changed, 42 insertions, 16 deletions
diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl
index 770a24a95..5480447f2 100644
--- a/data/templates/firewall/nftables-nat.tmpl
+++ b/data/templates/firewall/nftables-nat.tmpl
@@ -21,18 +21,34 @@
{% set comment = 'DST-NAT-' + rule %}
{% set base_log = '[NAT-DST-' + rule %}
{% set interface = ' iifname "' + config.inbound_interface + '"' if config.inbound_interface is defined and config.inbound_interface != 'any' else '' %}
-{% set trns_addr = 'dnat to ' + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %}
+{% if config.translation is defined and config.translation.address is defined and config.translation.address is not none %}
+{# support 1:1 network translation #}
+{% if config.translation.address | is_ip_network %}
+{% set trns_addr = 'dnat ip prefix to ip daddr map { ' + config.source.address + ' : ' + config.translation.address + ' }' %}
+{# we can now clear out the src_addr part as it's already covered in aboves map #}
+{% set src_addr = '' %}
+{% else %}
+{% set trns_addr = 'dnat to ' + config.translation.address %}
+{% endif %}
+{% endif %}
{% elif chain == 'POSTROUTING' %}
{% set comment = 'SRC-NAT-' + rule %}
{% set base_log = '[NAT-SRC-' + rule %}
{% set interface = ' oifname "' + config.outbound_interface + '"' if config.outbound_interface is defined and config.outbound_interface != 'any' else '' %}
-{% if config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %}
-{% set trns_addr = config.translation.address %}
-{% if config.translation.port is defined and config.translation.port is not none %}
-{% set trns_addr = trns_addr + ' to ' %}
+{% if config.translation is defined and config.translation.address is defined and config.translation.address is not none %}
+{% if config.translation.address == 'masquerade' %}
+{% set trns_addr = config.translation.address %}
+{% if config.translation.port is defined and config.translation.port is not none %}
+{% set trns_addr = trns_addr + ' to ' %}
+{% endif %}
+{# support 1:1 network translation #}
+{% elif config.translation.address | is_ip_network %}
+{% set trns_addr = 'snat ip prefix to ip saddr map { ' + config.source.address + ' : ' + config.translation.address + ' }' %}
+{# we can now clear out the src_addr part as it's already covered in aboves map #}
+{% set src_addr = '' %}
+{% else %}
+{% set trns_addr = 'snat to ' + config.translation.address %}
{% endif %}
-{% else %}
-{% set trns_addr = 'snat to ' + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %}
{% endif %}
{% endif %}
{% set trns_port = ':' + config.translation.port if config.translation is defined and config.translation.port is defined and config.translation.port is not none %}
@@ -132,7 +148,6 @@ add rule ip raw NAT_CONNTRACK counter accept
{{ nat_rule(rule, config, 'PREROUTING') }}
{% endfor %}
{% endif %}
-
#
# Source NAT rules build up here
#
diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl
index b3aa8fe02..68731abab 100644
--- a/data/templates/frr/bgp.frr.tmpl
+++ b/data/templates/frr/bgp.frr.tmpl
@@ -198,8 +198,8 @@ router bgp {{ asn }}
{% endif %}
!
{% if neighbor is defined and neighbor is not none %}
-{% for n, config in neighbor.items() %}
-{{ bgp_neighbor(n, config) }}
+{% for peer, config in neighbor.items() %}
+{{ bgp_neighbor(peer, config) }}
{% endfor %}
{% endif %}
!
diff --git a/data/templates/frr/ospf.frr.tmpl b/data/templates/frr/ospf.frr.tmpl
new file mode 100644
index 000000000..465034f15
--- /dev/null
+++ b/data/templates/frr/ospf.frr.tmpl
@@ -0,0 +1,2 @@
+!
+!
diff --git a/data/templates/ntp/ntp.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl
index 2b56b53c3..2b56b53c3 100644
--- a/data/templates/ntp/ntp.conf.tmpl
+++ b/data/templates/ntp/ntpd.conf.tmpl
diff --git a/data/templates/ntp/override.conf.tmpl b/data/templates/ntp/override.conf.tmpl
index e0b947686..28eb61b21 100644
--- a/data/templates/ntp/override.conf.tmpl
+++ b/data/templates/ntp/override.conf.tmpl
@@ -1,11 +1,14 @@
{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
[Unit]
StartLimitIntervalSec=0
+ConditionPathExists={{config_file}}
After=vyos-router.service
[Service]
ExecStart=
-ExecStart={{vrf_command}}/usr/lib/ntp/ntp-systemd-wrapper
+ExecStart={{vrf_command}}/usr/sbin/ntpd -g -p {{config_file | replace('.conf', '.pid') }} -c {{config_file}} -u ntp:ntp
+PIDFile=
+PIDFile={{config_file | replace('.conf', '.pid') }}
Restart=always
RestartSec=10
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index b3b0c936a..79288e40f 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -281,6 +281,10 @@ compat-names
# Custom options added by user (not validated)
#
{% for option in openvpn_option %}
-{{ option }}
+{% for argument in option.split('--') %}
+{% if argument is defined and argument != '' %}
+--{{ argument }}
+{% endif %}
+{% endfor %}
{% endfor %}
{% endif %}
diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl
index 0abde6248..5f8f35e89 100644
--- a/data/templates/ssh/override.conf.tmpl
+++ b/data/templates/ssh/override.conf.tmpl
@@ -8,5 +8,6 @@ ConditionPathExists={{config_file}}
ExecStart=
ExecStart={{vrf_command}}/usr/sbin/sshd -f {{config_file}} -D $SSHD_OPTS
Restart=always
+RestartPreventExitStatus=
RestartSec=10
RuntimeDirectoryPreserve=yes
diff --git a/data/templates/vrf/vrf.conf.tmpl b/data/templates/vrf/vrf.conf.tmpl
index 6d01d2b89..29c0ba08d 100644
--- a/data/templates/vrf/vrf.conf.tmpl
+++ b/data/templates/vrf/vrf.conf.tmpl
@@ -1,8 +1,9 @@
### Autogenerated by vrf.py ###
#
# Routing table ID to name mapping reference
-
# id vrf name comment
-{% for vrf in vrf_add %}
-{{ "%-10s" | format(vrf.table) }} {{ "%-16s" | format(vrf.name) }} # {{ vrf.description }}
-{% endfor %}
+{% if name is defined and name is not none %}
+{% for vrf, vrf_config in name.items() %}
+{{ "%-10s" | format(vrf_config.table) }} {{ "%-16s" | format(vrf) }} {{ '# ' + vrf_config.description if vrf_config.description is defined and vrf_config.description is not none }}
+{% endfor %}
+{% endif %}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-22 18:25:54 +0000