summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/templates/firewall/nftables.j28
-rw-r--r--data/templates/frr/daemons.frr.tmpl2
-rw-r--r--data/templates/frr/eigrpd.frr.j221
-rw-r--r--data/templates/frr/policy.frr.j228
-rw-r--r--data/templates/frr/ripd.frr.j29
-rw-r--r--data/templates/sla/owamp-override.conf.j216
-rw-r--r--data/templates/sla/owamp-server.conf.j220
-rw-r--r--data/templates/sla/twamp-override.conf.j216
-rw-r--r--data/templates/sla/twamp-server.conf.j218
9 files changed, 135 insertions, 3 deletions
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index fac3fad03..1f88ae40c 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -45,6 +45,14 @@ table ip filter {
{{ conf | nft_default_rule(name_text) }}
}
{% endfor %}
+{% if group is vyos_defined and group.domain_group is vyos_defined %}
+{% for name, name_config in group.domain_group.items() %}
+ set {{ name }} {
+ type ipv4_addr
+ flags interval
+ }
+{% endfor %}
+{% endif %}
{% for set_name in ns.sets %}
set RECENT_{{ set_name }} {
type ipv4_addr
diff --git a/data/templates/frr/daemons.frr.tmpl b/data/templates/frr/daemons.frr.tmpl
index ab7b14d6b..df98e74d6 100644
--- a/data/templates/frr/daemons.frr.tmpl
+++ b/data/templates/frr/daemons.frr.tmpl
@@ -8,7 +8,7 @@ isisd=yes
pimd=no
ldpd=yes
nhrpd=no
-eigrpd=no
+eigrpd=yes
babeld=no
sharpd=no
pbrd=no
diff --git a/data/templates/frr/eigrpd.frr.j2 b/data/templates/frr/eigrpd.frr.j2
new file mode 100644
index 000000000..67f8a3ad1
--- /dev/null
+++ b/data/templates/frr/eigrpd.frr.j2
@@ -0,0 +1,21 @@
+!
+router eigrp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
+{% if maximum_paths is vyos_defined %}
+maximum-paths {{ maximum_paths }}
+{% endif %}
+{% if metric.weights is vyos_defined %}
+metric weights {{ metric.weights }}
+{% endif %}
+{% if network is vyos_defined %}
+{% for net in network %}
+network {{ net }}
+{% endfor %}
+{% endif %}
+{% if redistribute is vyos_defined %}
+{% for protocol in redistribute %}
+redistribute {{ protocol }}
+{% endfor %}
+{% endif %}
+{% if variance is vyos_defined %}
+variance {{ variance }}
+{% endif %} \ No newline at end of file
diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2
index a42b73e98..33df17770 100644
--- a/data/templates/frr/policy.frr.j2
+++ b/data/templates/frr/policy.frr.j2
@@ -185,12 +185,24 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
{% if rule_config.match.ip.address.prefix_list is vyos_defined %}
match ip address prefix-list {{ rule_config.match.ip.address.prefix_list }}
{% endif %}
+{% if rule_config.match.ip.address.prefix_len is vyos_defined %}
+ match ip address prefix-len {{ rule_config.match.ip.address.prefix_len }}
+{% endif %}
{% if rule_config.match.ip.nexthop.access_list is vyos_defined %}
match ip next-hop {{ rule_config.match.ip.nexthop.access_list }}
{% endif %}
+{% if rule_config.match.ip.nexthop.address is vyos_defined %}
+ match ip next-hop address {{ rule_config.match.ip.nexthop.address }}
+{% endif %}
+{% if rule_config.match.ip.nexthop.prefix_len is vyos_defined %}
+ match ip next-hop prefix-len {{ rule_config.match.ip.nexthop.prefix_len }}
+{% endif %}
{% if rule_config.match.ip.nexthop.prefix_list is vyos_defined %}
match ip next-hop prefix-list {{ rule_config.match.ip.nexthop.prefix_list }}
{% endif %}
+{% if rule_config.match.ip.nexthop.type is vyos_defined %}
+ match ip next-hop type {{ rule_config.match.ip.nexthop.type }}
+{% endif %}
{% if rule_config.match.ip.route_source.access_list is vyos_defined %}
match ip route-source {{ rule_config.match.ip.route_source.access_list }}
{% endif %}
@@ -203,8 +215,20 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
{% if rule_config.match.ipv6.address.prefix_list is vyos_defined %}
match ipv6 address prefix-list {{ rule_config.match.ipv6.address.prefix_list }}
{% endif %}
-{% if rule_config.match.ipv6.nexthop is vyos_defined %}
- match ipv6 next-hop address {{ rule_config.match.ipv6.nexthop }}
+{% if rule_config.match.ipv6.address.prefix_len is vyos_defined %}
+ match ipv6 address prefix-len {{ rule_config.match.ipv6.address.prefix_len }}
+{% endif %}
+{% if rule_config.match.ipv6.nexthop.address is vyos_defined %}
+ match ipv6 next-hop address {{ rule_config.match.ipv6.nexthop.address }}
+{% endif %}
+{% if rule_config.match.ipv6.nexthop.access_list is vyos_defined %}
+ match ipv6 next-hop {{ rule_config.match.ipv6.nexthop.access_list }}
+{% endif %}
+{% if rule_config.match.ipv6.nexthop.prefix_list is vyos_defined %}
+ match ipv6 next-hop prefix-list {{ rule_config.match.ipv6.nexthop.prefix_list }}
+{% endif %}
+{% if rule_config.match.ipv6.nexthop.type is vyos_defined %}
+ match ipv6 next-hop type {{ rule_config.match.ipv6.nexthop.type }}
{% endif %}
{% if rule_config.match.large_community.large_community_list is vyos_defined %}
match large-community {{ rule_config.match.large_community.large_community_list }}
diff --git a/data/templates/frr/ripd.frr.j2 b/data/templates/frr/ripd.frr.j2
index df35150ca..e9e484cc2 100644
--- a/data/templates/frr/ripd.frr.j2
+++ b/data/templates/frr/ripd.frr.j2
@@ -32,6 +32,12 @@ interface {{ iface }}
{% if iface_config.split_horizon.poison_reverse is vyos_defined %}
ip rip split-horizon poisoned-reverse
{% endif %}
+{% if iface_config.receive.version is vyos_defined %}
+ ip rip receive version {{ iface_config.receive.version }}
+{% endif %}
+{% if iface_config.send.version is vyos_defined %}
+ ip rip send version {{ iface_config.send.version }}
+{% endif %}
exit
!
{% endfor %}
@@ -84,6 +90,9 @@ router rip
{% endif %}
{% endif %}
{% include 'frr/rip_ripng.frr.j2' %}
+{% if version is vyos_defined %}
+ version {{ version }}
+{% endif %}
exit
!
{% if route_map is vyos_defined %}
diff --git a/data/templates/sla/owamp-override.conf.j2 b/data/templates/sla/owamp-override.conf.j2
new file mode 100644
index 000000000..b5ec161d4
--- /dev/null
+++ b/data/templates/sla/owamp-override.conf.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description==OWAMP server
+After=vyos-router.service
+# Only start if there is a configuration file
+ConditionFileNotEmpty=/etc/owamp-server/owamp-server.conf
+
+[Service]
+KillMode=process
+Type=simple
+ExecStart=/usr/sbin/owampd -c /etc/owamp-server -R /var/run
+ExecReload=/bin/kill -HUP $MAINPID
+PIDFile=/run/owamp-server.pid
+LimitNOFILE=4096
+
+[Install]
+WantedBy=multi-user.target
diff --git a/data/templates/sla/owamp-server.conf.j2 b/data/templates/sla/owamp-server.conf.j2
new file mode 100644
index 000000000..6af963e57
--- /dev/null
+++ b/data/templates/sla/owamp-server.conf.j2
@@ -0,0 +1,20 @@
+### Autogenerated by service_twamp-server.py ###
+
+user owamp
+group owamp
+
+verbose
+vardir /var/run
+
+# location for "recv" session files.
+# The "catalog" subdirectory is completely cleaned and recreated each time
+datadir /var/lib/owamp
+
+srcnode :{{ port }}
+
+# This is used to limit testing to a specific port range. The valid values are:
+# 0 (twampd will let the system to pick the port number (ephemeral)
+# low-high (A range. high must be larger than low.)
+testports 8760-9960
+
+diskfudge 3.0
diff --git a/data/templates/sla/twamp-override.conf.j2 b/data/templates/sla/twamp-override.conf.j2
new file mode 100644
index 000000000..34bbd228b
--- /dev/null
+++ b/data/templates/sla/twamp-override.conf.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description==TWAMP server
+After=vyos-router.service
+# Only start if there is a configuration file
+ConditionFileNotEmpty=/etc/twamp-server/twamp-server.conf
+
+[Service]
+KillMode=process
+Type=simple
+ExecStart=/usr/sbin/twampd -c /etc/twamp-server -R /var/run
+ExecReload=/bin/kill -HUP $MAINPID
+PIDFile=/run/twamp-server.pid
+LimitNOFILE=4096
+
+[Install]
+WantedBy=multi-user.target
diff --git a/data/templates/sla/twamp-server.conf.j2 b/data/templates/sla/twamp-server.conf.j2
new file mode 100644
index 000000000..ea5bbb54a
--- /dev/null
+++ b/data/templates/sla/twamp-server.conf.j2
@@ -0,0 +1,18 @@
+### Autogenerated by service_twamp-server.py ###
+
+user twamp
+group twamp
+
+verbose
+vardir /var/run
+
+# location for "recv" session files.
+# The "catalog" subdirectory is completely cleaned and recreated each time
+datadir /var/lib/twamp
+
+srcnode :{{ port }}
+
+# This is used to limit testing to a specific port range. The valid values are:
+# 0 (twampd will let the system to pick the port number (ephemeral)
+# low-high (A range. high must be larger than low.)
+testports 18760-19960