1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
{% macro groups(group, is_ipv6, is_l3) %}
{% if group is vyos_defined %}
{% set ip_type = 'ipv6_addr' if is_ipv6 else 'ipv4_addr' %}
{% if group.address_group is vyos_defined and not is_ipv6 %}
{% for group_name, group_conf in group.address_group.items() %}
{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
set A_{{ group_name }} {
type {{ ip_type }}
flags interval
auto-merge
{% if group_conf.address is vyos_defined or includes %}
elements = { {{ group_conf.address | nft_nested_group(includes, group.address_group, 'address') | join(",") }} }
{% endif %}
}
{% endfor %}
{% endif %}
{% if group.ipv6_address_group is vyos_defined and is_ipv6 %}
{% for group_name, group_conf in group.ipv6_address_group.items() %}
{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
set A6_{{ group_name }} {
type {{ ip_type }}
flags interval
auto-merge
{% if group_conf.address is vyos_defined or includes %}
elements = { {{ group_conf.address | nft_nested_group(includes, group.ipv6_address_group, 'address') | join(",") }} }
{% endif %}
}
{% endfor %}
{% endif %}
{% if group.domain_group is vyos_defined and is_l3 %}
{% for name, name_config in group.domain_group.items() %}
set D_{{ name }} {
type {{ ip_type }}
flags interval
}
{% endfor %}
{% endif %}
{% if group.remote_group is vyos_defined and is_l3 and not is_ipv6 %}
{% for name, name_config in group.remote_group.items() %}
set R_{{ name }} {
type {{ ip_type }}
flags interval
auto-merge
}
{% endfor %}
{% endif %}
{% if group.remote_group is vyos_defined and is_l3 and is_ipv6 %}
{% for name, name_config in group.remote_group.items() %}
set R6_{{ name }} {
type {{ ip_type }}
flags interval
auto-merge
}
{% endfor %}
{% endif %}
{% if group.mac_group is vyos_defined %}
{% for group_name, group_conf in group.mac_group.items() %}
{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
set M_{{ group_name }} {
type ether_addr
{% if group_conf.mac_address is vyos_defined or includes %}
elements = { {{ group_conf.mac_address | nft_nested_group(includes, group.mac_group, 'mac_address') | join(",") }} }
{% endif %}
}
{% endfor %}
{% endif %}
{% if group.network_group is vyos_defined and not is_ipv6 %}
{% for group_name, group_conf in group.network_group.items() %}
{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
set N_{{ group_name }} {
type {{ ip_type }}
flags interval
auto-merge
{% if group_conf.network is vyos_defined or includes %}
elements = { {{ group_conf.network | nft_nested_group(includes, group.network_group, 'network') | join(",") }} }
{% endif %}
}
{% endfor %}
{% endif %}
{% if group.ipv6_network_group is vyos_defined and is_ipv6 %}
{% for group_name, group_conf in group.ipv6_network_group.items() %}
{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
set N6_{{ group_name }} {
type {{ ip_type }}
flags interval
auto-merge
{% if group_conf.network is vyos_defined or includes %}
elements = { {{ group_conf.network | nft_nested_group(includes, group.ipv6_network_group, 'network') | join(",") }} }
{% endif %}
}
{% endfor %}
{% endif %}
{% if group.port_group is vyos_defined %}
{% for group_name, group_conf in group.port_group.items() %}
{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
set P_{{ group_name }} {
type inet_service
flags interval
auto-merge
{% if group_conf.port is vyos_defined or includes %}
elements = { {{ group_conf.port | nft_nested_group(includes, group.port_group, 'port') | join(",") }} }
{% endif %}
}
{% endfor %}
{% endif %}
{% if group.interface_group is vyos_defined %}
{% for group_name, group_conf in group.interface_group.items() %}
{% set includes = group_conf.include if group_conf.include is vyos_defined else [] %}
set I_{{ group_name }} {
type ifname
flags interval
auto-merge
{% if group_conf.interface is vyos_defined or includes %}
elements = { {{ group_conf.interface | nft_nested_group(includes, group.interface_group, 'interface') | quoted_join(",") }} }
{% endif %}
}
{% endfor %}
{% endif %}
{% if group.dynamic_group is vyos_defined %}
{% if group.dynamic_group.address_group is vyos_defined and not is_ipv6 and is_l3 %}
{% for group_name, group_conf in group.dynamic_group.address_group.items() %}
set DA_{{ group_name }} {
type {{ ip_type }}
flags dynamic, timeout
}
{% endfor %}
{% endif %}
{% if group.dynamic_group.ipv6_address_group is vyos_defined and is_ipv6 and is_l3 %}
{% for group_name, group_conf in group.dynamic_group.ipv6_address_group.items() %}
set DA6_{{ group_name }} {
type {{ ip_type }}
flags dynamic, timeout
}
{% endfor %}
{% endif %}
{% endif %}
{% endif %}
{% endmacro %}
|
