summaryrefslogtreecommitdiff
path: root/data/templates/firewall/nftables-geoip-update.j2
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/firewall/nftables-geoip-update.j2')
-rw-r--r--data/templates/firewall/nftables-geoip-update.j233
1 files changed, 33 insertions, 0 deletions
diff --git a/data/templates/firewall/nftables-geoip-update.j2 b/data/templates/firewall/nftables-geoip-update.j2
new file mode 100644
index 0000000..832ccc3
--- /dev/null
+++ b/data/templates/firewall/nftables-geoip-update.j2
@@ -0,0 +1,33 @@
+#!/usr/sbin/nft -f
+
+{% if ipv4_sets is vyos_defined %}
+{% for setname, ip_list in ipv4_sets.items() %}
+flush set ip vyos_filter {{ setname }}
+{% endfor %}
+
+table ip vyos_filter {
+{% for setname, ip_list in ipv4_sets.items() %}
+ set {{ setname }} {
+ type ipv4_addr
+ flags interval
+ elements = { {{ ','.join(ip_list) }} }
+ }
+{% endfor %}
+}
+{% endif %}
+
+{% if ipv6_sets is vyos_defined %}
+{% for setname, ip_list in ipv6_sets.items() %}
+flush set ip6 vyos_filter {{ setname }}
+{% endfor %}
+
+table ip6 vyos_filter {
+{% for setname, ip_list in ipv6_sets.items() %}
+ set {{ setname }} {
+ type ipv6_addr
+ flags interval
+ elements = { {{ ','.join(ip_list) }} }
+ }
+{% endfor %}
+}
+{% endif %}