{% macro groups(group, is_ipv6, is_l3) %} {% if group is vyos_defined %} {% set ip_type = 'ipv6_addr' if is_ipv6 else 'ipv4_addr' %} {% if group.address_group is vyos_defined and not is_ipv6 %} {% for group_name, group_conf in group.address_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set A_{{ group_name }} { type {{ ip_type }} flags interval auto-merge {% if group_conf.address is vyos_defined or includes %} elements = { {{ group_conf.address | nft_nested_group(includes, group.address_group, 'address') | join(",") }} } {% endif %} } {% endfor %} {% endif %} {% if group.ipv6_address_group is vyos_defined and is_ipv6 %} {% for group_name, group_conf in group.ipv6_address_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set A6_{{ group_name }} { type {{ ip_type }} flags interval auto-merge {% if group_conf.address is vyos_defined or includes %} elements = { {{ group_conf.address | nft_nested_group(includes, group.ipv6_address_group, 'address') | join(",") }} } {% endif %} } {% endfor %} {% endif %} {% if group.domain_group is vyos_defined and is_l3 %} {% for name, name_config in group.domain_group.items() %} set D_{{ name }} { type {{ ip_type }} flags interval } {% endfor %} {% endif %} {% if group.mac_group is vyos_defined %} {% for group_name, group_conf in group.mac_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set M_{{ group_name }} { type ether_addr {% if group_conf.mac_address is vyos_defined or includes %} elements = { {{ group_conf.mac_address | nft_nested_group(includes, group.mac_group, 'mac_address') | join(",") }} } {% endif %} } {% endfor %} {% endif %} {% if group.network_group is vyos_defined and not is_ipv6 %} {% for group_name, group_conf in group.network_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set N_{{ group_name }} { type {{ ip_type }} flags interval auto-merge {% if group_conf.network is vyos_defined or includes %} elements = { {{ group_conf.network | nft_nested_group(includes, group.network_group, 'network') | join(",") }} } {% endif %} } {% endfor %} {% endif %} {% if group.ipv6_network_group is vyos_defined and is_ipv6 %} {% for group_name, group_conf in group.ipv6_network_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set N6_{{ group_name }} { type {{ ip_type }} flags interval auto-merge {% if group_conf.network is vyos_defined or includes %} elements = { {{ group_conf.network | nft_nested_group(includes, group.ipv6_network_group, 'network') | join(",") }} } {% endif %} } {% endfor %} {% endif %} {% if group.port_group is vyos_defined %} {% for group_name, group_conf in group.port_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set P_{{ group_name }} { type inet_service flags interval auto-merge {% if group_conf.port is vyos_defined or includes %} elements = { {{ group_conf.port | nft_nested_group(includes, group.port_group, 'port') | join(",") }} } {% endif %} } {% endfor %} {% endif %} {% if group.interface_group is vyos_defined %} {% for group_name, group_conf in group.interface_group.items() %} {% set includes = group_conf.include if group_conf.include is vyos_defined else [] %} set I_{{ group_name }} { type ifname flags interval auto-merge {% if group_conf.interface is vyos_defined or includes %} elements = { {{ group_conf.interface | nft_nested_group(includes, group.interface_group, 'interface') | join(",") }} } {% endif %} } {% endfor %} {% endif %} {% if group.dynamic_group is vyos_defined %} {% if group.dynamic_group.address_group is vyos_defined and not is_ipv6 and is_l3 %} {% for group_name, group_conf in group.dynamic_group.address_group.items() %} set DA_{{ group_name }} { type {{ ip_type }} flags dynamic, timeout } {% endfor %} {% endif %} {% if group.dynamic_group.ipv6_address_group is vyos_defined and is_ipv6 and is_l3 %} {% for group_name, group_conf in group.dynamic_group.ipv6_address_group.items() %} set DA6_{{ group_name }} { type {{ ip_type }} flags dynamic, timeout } {% endfor %} {% endif %} {% endif %} {% endif %} {% endmacro %}