From 7e759055f0bf16892f4fc4aec1e03bbad4e49c27 Mon Sep 17 00:00:00 2001 From: GnomeZworc Date: Wed, 26 Nov 2025 22:09:51 +0100 Subject: [PATCH] add template for frr config Signed-off-by: GnomeZworc --- templates/etc/frr/frr.conf.j2 | 49 +++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 templates/etc/frr/frr.conf.j2 diff --git a/templates/etc/frr/frr.conf.j2 b/templates/etc/frr/frr.conf.j2 new file mode 100644 index 0000000..cddf508 --- /dev/null +++ b/templates/etc/frr/frr.conf.j2 @@ -0,0 +1,49 @@ +# default to using syslog. /etc/rsyslog.d/45-frr.conf places the log in +# /var/log/frr/frr.log +# +# Note: +# FRR's configuration shell, vtysh, dynamically edits the live, in-memory +# configuration while FRR is running. When instructed, vtysh will persist the +# live configuration to this file, overwriting its contents. If you want to +# avoid this, you can edit this file manually before starting FRR, or instruct +# vtysh to write configuration to a different file. +log syslog informational +router bgp 65000 + bgp router-id 192.168.14.101 + no bgp default ipv4-unicast + neighbor fabric peer-group + neighbor fabric remote-as 65000 + neighbor fabric capability extended-nexthop + neighbor 192.168.14.100 peer-group fabric + ! + address-family l2vpn evpn + neighbor fabric activate + advertise-all-vni + exit-address-family + ! + neighbor 192.168.14.1 remote-as 65001 + ! + address-family ipv4 unicast + redistribute static + redistribute connected + route-map PUBLIC_ONLY out + route-map INPUT_DENY in + exit-address-family + ! +! + +ip prefix-list PUBLIC_ONLY seq 10 deny 192.168.15.0/24 +ip prefix-list PUBLIC_ONLY seq 20 deny 10.0.0.0/8 +ip prefix-list PUBLIC_ONLY seq 30 deny 172.16.0.0/12 +ip prefix-list PUBLIC_ONLY seq 40 deny 192.168.0.0/16 +ip prefix-list PUBLIC_ONLY seq 50 deny 127.0.0.0/8 +ip prefix-list PUBLIC_ONLY seq 60 deny 169.254.0.0/16 +ip prefix-list PUBLIC_ONLY seq 70 deny 100.64.0.0/10 +ip prefix-list PUBLIC_ONLY seq 80 permit 0.0.0.0/0 le 32 + +route-map PUBLIC_ONLY permit 10 + match ip address prefix-list PUBLIC_ONLY +! + +route-map INPUT_DENY deny 10 +! \ No newline at end of file