1 files changed, 13 insertions, 17 deletions

diff --git a/src/conf_mode/policy.py b/src/conf_mode/policy.py
index 1a03d520b..ef6008140 100755
--- a/src/conf_mode/policy.py
+++ b/src/conf_mode/policy.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -87,6 +87,7 @@ def verify(policy):
 
             # human readable instance name (hypen instead of underscore)
             policy_hr = policy_type.replace('_', '-')
+            entries = []
             for rule, rule_config in instance_config['rule'].items():
                 mandatory_error = f'must be specified for "{policy_hr} {instance} rule {rule}"!'
                 if 'action' not in rule_config:
@@ -113,6 +114,10 @@ def verify(policy):
                     if 'prefix' not in rule_config:
                         raise ConfigError(f'A prefix {mandatory_error}')
 
+                    if rule_config in entries:
+                        raise ConfigError(f'Rule "{rule}" contains a duplicate prefix definition!')
+                    entries.append(rule_config)
+
 
     # route-maps tend to be a bit more complex so they get their own verify() section
     if 'route_map' in policy:
@@ -171,10 +176,8 @@ def verify(policy):
 
 def generate(policy):
     if not policy:
-        policy['new_frr_config'] = ''
         return None
-
-    policy['new_frr_config'] = render_to_string('frr/policy.frr.tmpl', policy)
+    policy['new_frr_config'] = render_to_string('frr/policy.frr.j2', policy)
     return None
 
 def apply(policy):
@@ -190,8 +193,9 @@ def apply(policy):
     frr_cfg.modify_section(r'^bgp community-list .*')
     frr_cfg.modify_section(r'^bgp extcommunity-list .*')
     frr_cfg.modify_section(r'^bgp large-community-list .*')
-    frr_cfg.modify_section(r'^route-map .*')
-    frr_cfg.add_before('^line vty', policy['new_frr_config'])
+    frr_cfg.modify_section(r'^route-map .*', stop_pattern='^exit', remove_stop_mark=True)
+    if 'new_frr_config' in policy:
+        frr_cfg.add_before(frr.default_add_before, policy['new_frr_config'])
     frr_cfg.commit_configuration(bgp_daemon)
 
     # The route-map used for the FIB (zebra) is part of the zebra daemon
@@ -200,19 +204,11 @@ def apply(policy):
     frr_cfg.modify_section(r'^ipv6 access-list .*')
     frr_cfg.modify_section(r'^ip prefix-list .*')
     frr_cfg.modify_section(r'^ipv6 prefix-list .*')
-    frr_cfg.modify_section(r'^route-map .*')
-    frr_cfg.add_before('^line vty', policy['new_frr_config'])
+    frr_cfg.modify_section(r'^route-map .*', stop_pattern='^exit', remove_stop_mark=True)
+    if 'new_frr_config' in policy:
+        frr_cfg.add_before(frr.default_add_before, policy['new_frr_config'])
     frr_cfg.commit_configuration(zebra_daemon)
 
-    # If FRR config is blank, rerun the blank commit x times due to frr-reload
-    # behavior/bug not properly clearing out on one commit.
-    if policy['new_frr_config'] == '':
-        for a in range(5):
-            frr_cfg.commit_configuration(zebra_daemon)
-
-    # Save configuration to /run/frr/config/frr.conf
-    frr.save_configuration()
-
     return None
 
 if __name__ == '__main__':