From 94da0613a444232ee36e3572775e18862d94e9aa Mon Sep 17 00:00:00 2001
From: Tobias Hachmer <tobias@hachmer.de>
Date: Wed, 4 Oct 2017 13:38:00 +0200
Subject: [PATCH] FFRL Internet Exit: move IPv4 NAT address to a single dummy
 interface

---
 roles/network-ffrl/tasks/main.yml                   | 6 ++++++
 roles/network-ffrl/templates/ffrl.j2                | 1 -
 roles/network-ffrl/templates/ffrl_nat.j2            | 7 +++++++
 roles/service-bird-ffrl/templates/ffrl_ipv4.conf.j2 | 5 +++--
 4 files changed, 16 insertions(+), 3 deletions(-)
 create mode 100644 roles/network-ffrl/templates/ffrl_nat.j2

diff --git a/roles/network-ffrl/tasks/main.yml b/roles/network-ffrl/tasks/main.yml
index 6a0050b..ae0870d 100644
--- a/roles/network-ffrl/tasks/main.yml
+++ b/roles/network-ffrl/tasks/main.yml
@@ -5,3 +5,9 @@
     dest: "/etc/network/interfaces.d/{{ item.key }}"
   notify: reload network interfaces
   with_dict: "{{ ffrl_exit_server }}"
+
+- name: create ffrl-nat dummy interface
+  template:
+    src: ffrl_nat.j2
+    dest: "/etc/network/interfaces.d/ffrl-nat"
+  notify: reload network interfaces
diff --git a/roles/network-ffrl/templates/ffrl.j2 b/roles/network-ffrl/templates/ffrl.j2
index 4dbc6f1..bf107db 100644
--- a/roles/network-ffrl/templates/ffrl.j2
+++ b/roles/network-ffrl/templates/ffrl.j2
@@ -13,4 +13,3 @@ iface {{ item.key }} inet tunnel
 
     address {{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('address') }}/{{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('prefix') }}
     address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('address')  }}/{{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('prefix') }}
-    address {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }}
diff --git a/roles/network-ffrl/templates/ffrl_nat.j2 b/roles/network-ffrl/templates/ffrl_nat.j2
new file mode 100644
index 0000000..8e0ff23
--- /dev/null
+++ b/roles/network-ffrl/templates/ffrl_nat.j2
@@ -0,0 +1,7 @@
+#
+# {{ ansible_managed }}
+#
+auto ffrl-nat
+iface ffrl-nat
+    link-type dummy
+    address {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }}
diff --git a/roles/service-bird-ffrl/templates/ffrl_ipv4.conf.j2 b/roles/service-bird-ffrl/templates/ffrl_ipv4.conf.j2
index 66d8fd8..4a16d6f 100644
--- a/roles/service-bird-ffrl/templates/ffrl_ipv4.conf.j2
+++ b/roles/service-bird-ffrl/templates/ffrl_ipv4.conf.j2
@@ -36,9 +36,10 @@ filter ebgp_ffrl_export_filter {
 }
 
 # Protocols
-protocol static ffrl_uplink_hostroute {
+protocol direct ffrl_nat {
     table ffrl;
-    route {{ ffrl_public_ipv4_nat | ipaddr('address') }}/{{ ffrl_public_ipv4_nat | ipaddr('prefix') }} reject;
+    interface "ffrl-nat";
+    import where is_ffrl_nat();
 }
 
 protocol direct ffrl_tunnels {