16 files changed, 166 insertions, 175 deletions

diff --git a/data/templates/accel-ppp/chap-secrets.pppoe.tmpl b/data/templates/accel-ppp/chap-secrets.config_dict.tmpl
index da64b64d5..da64b64d5 100644
--- a/data/templates/accel-ppp/chap-secrets.pppoe.tmpl
+++ b/data/templates/accel-ppp/chap-secrets.config_dict.tmpl
diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2
new file mode 100644
index 000000000..c94e75a23
--- /dev/null
+++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2
@@ -0,0 +1,36 @@
+{% if authentication.mode is defined and authentication.mode == 'local' %}

+[chap-secrets]

+chap-secrets={{ chap_secrets_file }}

+{% elif authentication.mode is defined and authentication.mode == 'radius' %}

+[radius]

+verbose=1

+{%   for server, options in authentication.radius.server.items() if not options.disable is defined %}

+server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }}

+{%   endfor %}

+{%   if authentication.radius.acct_interim_jitter is defined and authentication.radius.acct_interim_jitter is not none %}

+acct-interim-jitter={{ authentication.radius.acct_interim_jitter }}

+{%   endif %}

+acct-timeout={{ authentication.radius.acct_timeout }}

+timeout={{ authentication.radius.timeout }}

+max-try={{ authentication.radius.max_try }}

+{%   if authentication.radius.nas_identifier is defined and authentication.radius.nas_identifier is not none %}

+nas-identifier={{ authentication.radius.nas_identifier }}

+{%   endif %}

+{%   if authentication.radius.nas_ip_address is defined and authentication.radius.nas_ip_address is not none %}

+nas-ip-address={{ authentication.radius.nas_ip_address }}

+{%   endif %}

+{%   if authentication.radius.source_address is defined and authentication.radius.source_address is not none %}

+bind={{ authentication.radius.source_address }}

+{%   endif %}

+{% if authentication.radius.called_sid_format is defined and authentication.radius.called_sid_format is not none %}

+called-sid={{ authentication.radius.called_sid_format }}

+{% endif %}

+{%   if authentication.radius.dynamic_author.server is defined and authentication.radius.dynamic_author.server is not none %}

+dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }}

+{%   endif -%}

+{% endif %}

+{# Both chap-secrets and radius block required the gw-ip-address #}

+{% if gateway_address is defined and gateway_address is not none %}

+gw-ip-address={{ gateway_address }}

+{% endif %}

+

diff --git a/data/templates/accel-ppp/config_ipv6_pool.j2 b/data/templates/accel-ppp/config_ipv6_pool.j2
index b764fc6f0..f45bf9442 100644
--- a/data/templates/accel-ppp/config_ipv6_pool.j2
+++ b/data/templates/accel-ppp/config_ipv6_pool.j2
@@ -13,4 +13,8 @@ delegate={{ prefix }},{{ options.delegation_prefix }}
 {%       endfor %}
 {%     endif %}
 {%   endif %}
+{%   if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %}
+[ipv6-dhcp]
+verbose=1
+{%   endif %}
 {% endif %}
diff --git a/data/templates/accel-ppp/config_modules_auth_mode.j2 b/data/templates/accel-ppp/config_modules_auth_mode.j2
new file mode 100644
index 000000000..5eca76f91
--- /dev/null
+++ b/data/templates/accel-ppp/config_modules_auth_mode.j2
@@ -0,0 +1,5 @@
+{% if authentication is defined and authentication.mode is defined and authentication.mode == 'local' %}

+chap-secrets

+{% elif authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %}

+radius

+{% endif %}

diff --git a/data/templates/accel-ppp/config_modules_auth_protocols.j2 b/data/templates/accel-ppp/config_modules_auth_protocols.j2
new file mode 100644
index 000000000..e122d6c48
--- /dev/null
+++ b/data/templates/accel-ppp/config_modules_auth_protocols.j2
@@ -0,0 +1,10 @@
+{% for protocol in authentication.protocols %}

+{#   this should be fixed in the CLI by a migrator #}

+{%   if protocol == 'chap' %}

+auth_chap_md5

+{%   elif protocol == 'mschap' %}

+auth_mschap_v1

+{%   else %}

+auth_{{ protocol.replace('-', '_') }}

+{%   endif %}

+{% endfor %}

diff --git a/data/templates/accel-ppp/config_modules_ipv6.j2 b/data/templates/accel-ppp/config_modules_ipv6.j2
new file mode 100644
index 000000000..e9ea4924b
--- /dev/null
+++ b/data/templates/accel-ppp/config_modules_ipv6.j2
@@ -0,0 +1,5 @@
+{% if ppp_options.ipv6 is defined and ppp_options.ipv6 != 'deny' %}

+ipv6pool

+ipv6_nd

+ipv6_dhcp

+{% endif %}

diff --git a/data/templates/accel-ppp/config_shaper_radius.j2 b/data/templates/accel-ppp/config_shaper_radius.j2
new file mode 100644
index 000000000..2a6641245
--- /dev/null
+++ b/data/templates/accel-ppp/config_shaper_radius.j2
@@ -0,0 +1,10 @@
+{% if authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %}

+{%   if authentication is defined and authentication.radius is defined and authentication.radius.rate_limit is defined and authentication.radius.rate_limit.enable is defined %}

+[shaper]

+verbose=1

+attr={{ authentication.radius.rate_limit.attribute }}

+{%     if authentication.radius.rate_limit.vendor is defined and authentication.radius.rate_limit.vendor is not none %}

+vendor={{ authentication.radius.rate_limit.vendor }}

+{%     endif %}

+{%   endif %}

+{% endif %}

diff --git a/data/templates/accel-ppp/ipoe.config.tmpl b/data/templates/accel-ppp/ipoe.config.tmpl
index 5086c386e..ab61f7f5a 100644
--- a/data/templates/accel-ppp/ipoe.config.tmpl
+++ b/data/templates/accel-ppp/ipoe.config.tmpl
@@ -33,6 +33,7 @@ noauth=1
 username=ifname
 password=csid
 {% endif %}
+proxy-arp=1
 
 {%- for interface in interfaces %}
 {% if (interface.shared == '0') and (interface.vlan_mon) %}
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl
index 8f1b9e7c5..19adbc890 100644
--- a/data/templates/accel-ppp/pppoe.config.tmpl
+++ b/data/templates/accel-ppp/pppoe.config.tmpl
@@ -2,25 +2,15 @@
 [modules]
 log_syslog
 pppoe
-{{ "radius" if authentication.mode is defined and authentication.mode == 'radius' }}
-chap-secrets
-ippool
-{% if ppp_options.ipv6 is defined and ppp_options.ipv6 != 'deny' %}
-ipv6pool
-ipv6_nd
-ipv6_dhcp
-{% endif %}
-{% for protocol in authentication.protocols %}
-{#   this should be fixed in the CLI by a migrator #}
-{%   if protocol == 'chap' %}
-auth_chap_md5
-{%   elif protocol == 'mschap' %}
-auth_mschap_v1
-{%   else %}
-auth_{{ protocol.replace('-', '_') }}
-{%   endif %}
-{% endfor %}
 shaper
+{# Common authentication backend definitions #}
+{% include 'accel-ppp/config_modules_auth_mode.j2' %}
+ippool
+{# Common IPv6 definitions #}
+{% include 'accel-ppp/config_modules_ipv6.j2' %}
+{# Common authentication protocols (pap, chap ...) #}
+{% include 'accel-ppp/config_modules_auth_protocols.j2' %}
+
 {% if snmp is defined %}
 net-snmp
 {% endif %}
@@ -60,41 +50,8 @@ wins{{ loop.index }}={{ server }}
 {%   endfor %}
 {% endif %}
 
-{% if authentication.mode is defined and authentication.mode == 'local' %}
-[chap-secrets]
-chap-secrets={{ chap_secrets_file }}
-{% elif authentication.mode is defined and authentication.mode == 'radius' %}
-[radius]
-verbose=1
-{%   for server, options in authentication.radius.server.items() if not options.disable is defined %}
-server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }}
-{%   endfor %}
-{%   if authentication.radius.acct_interim_jitter is defined and authentication.radius.acct_interim_jitter is not none %}
-acct-interim-jitter={{ authentication.radius.acct_interim_jitter }}
-{%   endif %}
-acct-timeout={{ authentication.radius.acct_timeout }}
-timeout={{ authentication.radius.timeout }}
-max-try={{ authentication.radius.max_try }}
-{%   if authentication.radius.nas_identifier is defined and authentication.radius.nas_identifier is not none %}
-nas-identifier={{ authentication.radius.nas_identifier }}
-{%   endif %}
-{%   if authentication.radius.nas_ip_address is defined and authentication.radius.nas_ip_address is not none %}
-nas-ip-address={{ authentication.radius.nas_ip_address }}
-{%   endif %}
-{%   if authentication.radius.source_address is defined and authentication.radius.source_address is not none %}
-bind={{ authentication.radius.source_address }}
-{%   endif %}
-{% if authentication.radius.called_sid_format is defined and authentication.radius.called_sid_format is not none %}
-called-sid={{ authentication.radius.called_sid_format }}
-{% endif %}
-{%   if authentication.radius.dynamic_author.server is defined and authentication.radius.dynamic_author.server is not none %}
-dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }}
-{%   endif -%}
-{% endif %}
-
-{% if gateway_address is defined and gateway_address is not none %}
-gw-ip-address={{ gateway_address }}
-{% endif %}
+{# Common chap-secrets and RADIUS server/option definitions #}
+{% include 'accel-ppp/config_chap_secrets_radius.j2' %}
 
 {% if session_control is defined and session_control != 'disable' %}
 [common]
@@ -170,5 +127,8 @@ timeout={{ limits.timeout }}
 {%   endif %}
 {% endif %}
 
+{# Common RADIUS shaper configuration #}
+{% include 'accel-ppp/config_shaper_radius.j2' %}
+
 [cli]
 tcp=127.0.0.1:2001
diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl
index c9e4a1d7d..7ca7b1c1e 100644
--- a/data/templates/accel-ppp/sstp.config.tmpl
+++ b/data/templates/accel-ppp/sstp.config.tmpl
@@ -3,22 +3,16 @@
 log_syslog
 sstp
 shaper
-{% if auth_mode == 'local' %}
-chap-secrets
-{% elif auth_mode == 'radius' %}
-radius
-{% endif -%}
+{# Common authentication backend definitions #}
+{% include 'accel-ppp/config_modules_auth_mode.j2' %}
 ippool
-ipv6pool
-ipv6_nd
-ipv6_dhcp
-
-{% for proto in auth_proto %}
-{{proto}}
-{% endfor %}
+{# Common IPv6 definitions #}
+{% include 'accel-ppp/config_modules_ipv6.j2' %}
+{# Common authentication protocols (pap, chap ...) #}
+{% include 'accel-ppp/config_modules_auth_protocols.j2' %}
 
 [core]
-thread-count={{thread_cnt}}
+thread-count={{ thread_count }}
 
 [common]
 single-session=replace
@@ -35,112 +29,37 @@ disable
 verbose=1
 ifname=sstp%d
 accept=ssl
-ssl-ca-file={{ ssl_ca }}
-ssl-pemfile={{ ssl_cert }}
-ssl-keyfile={{ ssl_key }}
-
-{% if client_ip_pool %}
-[ip-pool]
-gw-ip-address={{ client_gateway }}
-{% for subnet in client_ip_pool %}
-{{ subnet }}
-{% endfor %}
-{% endif %}
+ssl-ca-file={{ ssl.ca_cert_file }}
+ssl-pemfile={{ ssl.cert_file }}
+ssl-keyfile={{ ssl.key_file }}
 
-{% if dnsv4 %}
-[dns]
-{% for dns in dnsv4 -%}
-dns{{ loop.index }}={{ dns }}
-{% endfor -%}
-{% endif %}
+{# Common IP pool definitions #}
+{% include 'accel-ppp/config_ip_pool.j2' %}
 
-{% if dnsv6 %}
-[ipv6-dns]
-{% for dns in dnsv6 -%}
-{{ dns }}
-{% endfor -%}
-{% endif %}
+{# Common IPv6 pool definitions #}
+{% include 'accel-ppp/config_ipv6_pool.j2' %}
 
+{# Common DNS name-server definition #}
+{% include 'accel-ppp/config_name_server.j2' %}
 
-{% if auth_mode == 'local' %}
-[chap-secrets]
-chap-secrets={{ chap_secrets_file }}
-{% elif auth_mode == 'radius' %}
-[radius]
-verbose=1
-{% for r in radius_server %}
-server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
-{% endfor -%}
-
-acct-timeout={{ radius_acct_tmo }}
-timeout={{ radius_timeout }}
-max-try={{ radius_max_try }}
-
-{% if radius_nas_id %}
-nas-identifier={{ radius_nas_id }}
-{% endif -%}
-{% if radius_nas_ip %}
-nas-ip-address={{ radius_nas_ip }}
-{% endif -%}
-{% if radius_source_address %}
-bind={{ radius_source_address }}
-{% endif -%}
-
-
-{% if radius_dynamic_author %}
-dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }}
-{% endif -%}
-{% endif %}
-{% if client_gateway %}
-gw-ip-address={{ client_gateway }}
-{% endif %}
+{# Common chap-secrets and RADIUS server/option definitions #}
+{% include 'accel-ppp/config_chap_secrets_radius.j2' %}
 
 [ppp]
 verbose=1
 check-ip=1
-{% if mtu %}
+{# MTU #}
 mtu={{ mtu }}
-{% endif -%}
-{% if client_ipv6_pool %}
+{% if client_ipv6_pool is defined %}
 ipv6=allow
 {% endif %}
+mppe={{ ppp_options.mppe }}
+lcp-echo-interval={{ ppp_options.lcp_echo_interval }}
+lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }}
+lcp-echo-failure={{ ppp_options.lcp_echo_failure }}
 
-{% if ppp_mppe %}
-mppe={{ ppp_mppe }}
-{% endif -%}
-{% if ppp_echo_interval %}
-lcp-echo-interval={{ ppp_echo_interval }}
-{% endif -%}
-{% if ppp_echo_failure %}
-lcp-echo-failure={{ ppp_echo_failure }}
-{% endif -%}
-{% if ppp_echo_timeout %}
-lcp-echo-timeout={{ ppp_echo_timeout }}
-{% endif %}
-
-{% if client_ipv6_pool %}
-[ipv6-pool]
-{% for p in client_ipv6_pool %}
-{{ p.prefix }},{{ p.mask }}
-{% endfor %}
-{% for p in client_ipv6_delegate_prefix %}
-delegate={{ p.prefix }},{{ p.mask }}
-{% endfor %}
-{% endif %}
-
-{% if client_ipv6_delegate_prefix %}
-[ipv6-dhcp]
-verbose=1
-{% endif %}
-
-{% if radius_shaper_attr %}
-[shaper]
-verbose=1
-attr={{ radius_shaper_attr }}
-{% if radius_shaper_vendor %}
-vendor={{ radius_shaper_vendor }}
-{% endif -%}
-{% endif %}
+{# Common RADIUS shaper configuration #}
+{% include 'accel-ppp/config_shaper_radius.j2' %}
 
 [cli]
 tcp=127.0.0.1:2005
diff --git a/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl b/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl
index ff7822b0d..bdeea71da 100644
--- a/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl
+++ b/data/templates/dhcpv6-server/dhcpdv6.conf.tmpl
@@ -12,6 +12,15 @@ option dhcp6.preference {{ preference }};
 {% for network in shared_network %}
 {%- if not network.disabled -%}
 shared-network {{ network.name }} {
+    {%- if network.common.info_refresh_time %}
+    option dhcp6.info-refresh-time {{ network.common.info_refresh_time }};
+    {%- endif %}
+    {%- if network.common.domain_search %}
+    option dhcp6.domain-search "{{ network.common.domain_search | join('", "') }}";
+    {%- endif %}
+    {%- if network.common.dns_server %}
+    option dhcp6.name-servers {{ network.common.dns_server | join(', ') }};
+    {%- endif %}
     {%- for subnet in network.subnet %}
     subnet6 {{ subnet.network }} {
         {%- for range in subnet.range6_prefix %}
diff --git a/data/templates/dns-forwarding/recursor.conf.tmpl b/data/templates/dns-forwarding/recursor.conf.tmpl
index b0ae3cc61..8799718b0 100644
--- a/data/templates/dns-forwarding/recursor.conf.tmpl
+++ b/data/templates/dns-forwarding/recursor.conf.tmpl
@@ -10,8 +10,8 @@ threads=1
 allow-from={{ allow_from | join(',') }}
 log-common-errors=yes
 non-local-bind=yes
-query-local-address=0.0.0.0
-query-local-address6=::
+query-local-address={{ source_address_v4 | join(',') }}
+query-local-address6={{ source_address_v6 | join(',') }}
 lua-config-file=recursor.conf.lua
 
 # cache-size
diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl
index 0c29f536b..286c21859 100644
--- a/data/templates/firewall/nftables-nat.tmpl
+++ b/data/templates/firewall/nftables-nat.tmpl
@@ -28,6 +28,9 @@ add rule ip raw NAT_CONNTRACK counter accept
 {% endif %}
 
 {% macro nat_rule(rule, chain) %}
+{%   set comment  = "" %}
+{%   set base_log = "" %}
+
 {%   set src_addr  = "ip saddr " + rule.source_address if rule.source_address %}
 {%   set dst_addr  = "ip daddr " + rule.dest_address if rule.dest_address %}
 
@@ -45,13 +48,15 @@ add rule ip raw NAT_CONNTRACK counter accept
 {%     set dst_port  = "dport { " + rule.dest_port +" }" if rule.dest_port %}
 {%   endif %}
 
-{%   set comment   = "DST-NAT-" + rule.number %}
-
 {%   if chain == "PREROUTING" %}
+{%     set comment   = "DST-NAT-" + rule.number %}
+{%     set base_log  = "[NAT-DST-" + rule.number %}
 {%     set interface = " iifname \"" + rule.interface_in + "\"" if rule.interface_in is defined and rule.interface_in != 'any' else '' %}
 {%     set trns_addr = "dnat to " + rule.translation_address %}
 
 {%   elif chain == "POSTROUTING" %}
+{%     set comment   = "SRC-NAT-" + rule.number %}
+{%     set base_log  = "[NAT-SRC-" + rule.number %}
 {%     set interface = " oifname \"" + rule.interface_out + "\"" if rule.interface_out is defined and rule.interface_out != 'any' else '' %}
 {%     if rule.translation_address == 'masquerade' %}
 {%       set trns_addr = rule.translation_address %}
@@ -72,7 +77,6 @@ add rule ip raw NAT_CONNTRACK counter accept
 {%   endif %}
 
 {%   if rule.log %}
-{%     set base_log = "[NAT-DST-" + rule.number %}
 {%     if rule.exclude %}
 {%       set log = base_log + "-EXCL]" %}
 {%     elif rule.translation_address == 'masquerade' %}
diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl
index dbaa917e8..5f080d75f 100644
--- a/data/templates/frr/ldpd.frr.tmpl
+++ b/data/templates/frr/ldpd.frr.tmpl
@@ -15,6 +15,12 @@ neighbor {{neighbor_id}} password {{ldp.neighbors[neighbor_id].password}}
 {% endfor -%}
 address-family ipv4
 label local allocate host-routes
+{% if old_ldp.export_ipv4_exp -%}
+no label local advertise explicit-null
+{% endif -%}
+{% if ldp.export_ipv4_exp -%}
+label local advertise explicit-null
+{% endif -%}
 {% if old_ldp.d_transp_ipv4 -%}
 no discovery transport-address {{ old_ldp.d_transp_ipv4 }}
 {% endif -%}
@@ -33,6 +39,12 @@ no discovery hello interval {{ old_ldp.hello_interval }}
 {% if ldp.hello_interval -%}
 discovery hello interval {{ ldp.hello_interval }}
 {% endif -%}
+{% if old_ldp.ses_ipv4_hold -%}
+no  session holdtime {{ old_ldp.ses_ipv4_hold }}
+{% endif -%}
+{% if ldp.ses_ipv4_hold -%}
+session holdtime {{ ldp.ses_ipv4_hold }}
+{% endif -%}
 {% for interface in old_ldp.interfaces -%}
 no interface {{interface}}
 {% endfor -%}
@@ -46,6 +58,18 @@ exit-address-family
 {% if ldp.d_transp_ipv6 -%}
 address-family ipv6
 label local allocate host-routes
+{% if old_ldp.export_ipv6_exp -%}
+no label local advertise explicit-null
+{% endif -%}
+{% if ldp.export_ipv6_exp -%}
+label local advertise explicit-null
+{% endif -%}
+{% if old_ldp.ses_ipv6_hold -%}
+no  session holdtime {{ old_ldp.ses_ipv6_hold }}
+{% endif -%}
+{% if ldp.ses_ipv6_hold -%}
+session holdtime {{ ldp.ses_ipv6_hold }}
+{% endif -%}
 {% if old_ldp.d_transp_ipv6 -%}
 no discovery transport-address {{ old_ldp.d_transp_ipv6 }}
 {% endif -%}
diff --git a/data/templates/syslog/rsyslog.conf.tmpl b/data/templates/syslog/rsyslog.conf.tmpl
index bc3f7667b..a610d132f 100644
--- a/data/templates/syslog/rsyslog.conf.tmpl
+++ b/data/templates/syslog/rsyslog.conf.tmpl
@@ -22,19 +22,23 @@ $outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{f
 {% if hosts %}
 ## remote logging
 {% for host in hosts %}
-{% if hosts[host]['proto'] == 'tcp' %}
-{% if hosts[host]['port'] %}
+{%   if hosts[host]['proto'] == 'tcp' %}
+{%     if hosts[host]['port'] %}
+{%       if hosts[host]['oct_count'] %}
+{{hosts[host]['selectors']}} @@(o){{host}}:{{hosts[host]['port']}};RSYSLOG_SyslogProtocol23Format
+{%       else %}
 {{hosts[host]['selectors']}} @@{{host}}:{{hosts[host]['port']}}
-{% else %}
+{%       endif %}
+{%     else %}
 {{hosts[host]['selectors']}} @@{{host}}
-{% endif %}
-{% else %}
-{% if hosts[host]['port'] %}
+{%     endif %}
+{%   else %}
+{%     if hosts[host]['port'] %}
 {{hosts[host]['selectors']}} @{{host}}:{{hosts[host]['port']}}
-{% else %}
+{%     else %}
 {{hosts[host]['selectors']}} @{{host}}
-{% endif %}
-{% endif %}
+{%     endif %}
+{%   endif %}
 {% endfor %}
 {% endif %}
 {% if user %}
diff --git a/data/templates/tftp-server/default.tmpl b/data/templates/tftp-server/default.tmpl
index 18fee35d1..6b2d6a903 100644
--- a/data/templates/tftp-server/default.tmpl
+++ b/data/templates/tftp-server/default.tmpl
@@ -1,2 +1,2 @@
 ### Autogenerated by tftp_server.py ###
-DAEMON_ARGS="--listen --user tftp --address {% for a in listen-%}{{ a }}{% endfor %}{% if allow_upload %} --create --umask 000{% endif %} --secure {{ directory }}"
+DAEMON_ARGS="--listen --user tftp --address {{ listen_address }} {{ "--create --umask 000" if allow_upload is defined }} --secure {{ directory }}"