2017-09-11 23:49:11 +02:00
|
|
|
#
|
|
|
|
# {{ ansible_managed }}
|
|
|
|
#
|
|
|
|
|
|
|
|
# Variables
|
|
|
|
define ffrl_as = {{ as_public_ffrl }};
|
2017-10-03 14:37:39 +02:00
|
|
|
define ffrl_nat_address = {{ ffrl_public_ipv4_nat | ipaddr('address') }};
|
2017-09-11 23:49:11 +02:00
|
|
|
|
|
|
|
# Routing Table
|
|
|
|
table ffrl;
|
|
|
|
|
|
|
|
# Functions
|
|
|
|
function is_ffrl_nat() {
|
|
|
|
return net ~ [
|
2017-10-03 14:37:39 +02:00
|
|
|
{{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }}
|
2017-09-11 23:49:11 +02:00
|
|
|
];
|
|
|
|
}
|
|
|
|
|
|
|
|
function is_ffrl_tunnel_nets() {
|
|
|
|
return net ~ [
|
|
|
|
{% for peer_id, peer_value in ffrl_exit_server.iteritems() %}
|
|
|
|
{{ peer_value.tunnel_ipv4_network }}{{ "," if not loop.last else "" }}
|
|
|
|
{% endfor %}
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
|
|
|
# Filters
|
|
|
|
filter ebgp_ffrl_import_filter {
|
|
|
|
if is_default() then accept;
|
|
|
|
reject;
|
|
|
|
}
|
|
|
|
|
|
|
|
filter ebgp_ffrl_export_filter {
|
|
|
|
if is_ffrl_nat() then accept;
|
|
|
|
reject;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Protocols
|
|
|
|
protocol static ffrl_uplink_hostroute {
|
|
|
|
table ffrl;
|
2017-10-03 14:37:39 +02:00
|
|
|
route {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} reject;
|
2017-09-11 23:49:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
protocol direct ffrl_tunnels {
|
|
|
|
table ffrl;
|
|
|
|
interface "ffrl-*";
|
|
|
|
import where is_ffrl_tunnel_nets();
|
|
|
|
}
|
|
|
|
|
|
|
|
protocol kernel kernel_ffrl {
|
|
|
|
scan time 30;
|
|
|
|
import none;
|
|
|
|
export filter {
|
|
|
|
krt_prefsrc = ffrl_nat_address;
|
|
|
|
accept;
|
|
|
|
};
|
|
|
|
table ffrl;
|
|
|
|
kernel table ipt_internet;
|
|
|
|
};
|
|
|
|
|
|
|
|
# Templates
|
|
|
|
template bgp ffrl_uplink {
|
|
|
|
table ffrl;
|
|
|
|
local as mwu_as;
|
|
|
|
import keep filtered;
|
|
|
|
import filter ebgp_ffrl_import_filter;
|
|
|
|
export filter ebgp_ffrl_export_filter;
|
|
|
|
next hop self;
|
|
|
|
direct;
|
|
|
|
};
|
|
|
|
|
|
|
|
# Include FFRL IPv4 peers
|
|
|
|
include "ffrl_ipv4_peers.con?";
|