diff --git a/postconfig.sh b/postconfig.sh index 552584e..1eb9ba1 100644 --- a/postconfig.sh +++ b/postconfig.sh @@ -12,5 +12,3 @@ ipset restore < /config/hphr.ipset iptables-restore /config/hphr.rules.v4 ip6tables-restore /config/hphr.rules.v6 - -sysctl net.ipv4.conf.all.log_martians=0 diff --git a/vyos.conf.j2 b/vyos.conf.j2 index 99acfb3..a317091 100644 --- a/vyos.conf.j2 +++ b/vyos.conf.j2 @@ -70,13 +70,26 @@ interfaces { {% if iface_data['lag'] %}bond-group {{ iface_data['lag']['name'] }}{% endif %} {% for tagged_vlan in iface_data['tagged_vlans'] %} - {% set subiface_data = salt['pillar.get']('netbox:interfaces:%s.%04d'%(iface_name,tagged_vlan['vid']),{'description':'','addresses':[],'enabled':False}) %} + {% set subiface_data = salt['pillar.get']('netbox:interfaces:%s.%d'%(iface_name,tagged_vlan['vid']),{'description':'','addresses':[],'enabled':False}) %} vif {{ tagged_vlan['vid'] }} { description "{{ tagged_vlan['name'].replace('"','\\"') or "-" }} => {{ subiface_data['description'].replace('"','\\"') or "-" }}" {% for address in subiface_data['addresses'] %} address {{ address['address'] }} {% endfor %} {% if not subiface_data['enabled'] %}disable{% endif %} + + {% if salt['pillar.get']('interfaces:'+iface_name+"."+("%d"%tagged_vlan['vid'])+':ip') %} + ip { + {{ interface_ip_ospf(iface_name+"."+("%d"%tagged_vlan['vid'])) }} + } + {% endif %} + {% if salt['pillar.get']('interfaces:'+iface_name+"."+("%d"%tagged_vlan['vid'])+':ipv6') %} + ipv6 { + dup-addr-detect-transmits 1 + {{ interface_ipv6_ospfv3(iface_name+"."+("%d"%tagged_vlan['vid'])) }} + } + {% endif %} + } {% endfor %} @@ -1030,6 +1043,11 @@ system { all net.ipv4.conf.default.rp_filter { value 2 } + {% for sysctl, value in salt['pillar.get']('system:sysctl:custom', {}).items() %} + custom {{ sysctl }} { + value {{ value }} + } + {% endfor %} } syslog {