From 79cd4b6be90ff445ba03a3c78dc8c4b9bd417026 Mon Sep 17 00:00:00 2001
From: Karl Grube <karl@hudlergrube.com>
Date: Wed, 25 Oct 2023 17:34:57 +0200
Subject: [PATCH] finished exports (now need the firewalls and internal network
 parts...)

---
 defaults/main.yml     |  3 +++
 templates/frr_conf.j2 | 20 +++++++++++++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index ae13054..7b44103 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,3 +5,6 @@ allow_default_ipv6: False
 
 dc_ranges: []
 dc4_ranges: []
+
+anycast_ranges: []
+anycast4_ranges: []
diff --git a/templates/frr_conf.j2 b/templates/frr_conf.j2
index 50caede..e8c62c5 100644
--- a/templates/frr_conf.j2
+++ b/templates/frr_conf.j2
@@ -23,6 +23,7 @@ router bgp {{bgp_asn}}
 {%     if ip|ansible.utils.ipv4 %}
   neighbor {{ip}} activate
   neighbor {{ip}} prefix-list internet in
+  neighbor {{ip}} prefix-list my-networks out
 {%     endif %}
 {%   endfor %}
 {% endfor %}
@@ -34,11 +35,11 @@ router bgp {{bgp_asn}}
 {%     if ip|ansible.utils.ipv6 %}
   neighbor {{ip}} activate
   neighbor {{ip}} prefix-list internet in
+  neighbor {{ip}} prefix-list my-networks out
 {%     endif %}
 {%   endfor %}
 {% endfor %}
 !
-
 {% if allow_default_ipv6 == True %}
 ipv6 prefix-list internet seq 5 permit ::/0
 {% endif %}
@@ -87,7 +88,14 @@ ipv6 prefix-list internet seq {{(loop.index|int)*10+400}} deny {{prefix|regex_re
 ipv6 prefix-list internet seq {{(loop.index|int)*10+410}} permit any
 {%   endif %}
 {% endfor %}
-
+!
+{% for range in dc_ranges + anycast_ranges %}
+ipv6 prefix-list my-networks seq {{(loop.index|int)*10}} permit {{range}}
+{%   if loop.last %}
+ipv6 prefix-list my-networks seq {{(loop.index|int)*10+10}} deny any
+{%   endif %}
+{% endfor %}
+!
 {% if allow_default_ipv4 == True %}
 ip prefix-list internet seq 5 permit 0.0.0.0/0
 {% endif %}
@@ -113,4 +121,10 @@ ip prefix-list internet seq {{(loop.index|int)*10+160}} deny {{prefix|regex_repl
 ip prefix-list internet seq {{(loop.index|int)*10+170}} permit any
 {%   endif %}
 {% endfor %}
-
+!
+{% for range in dc4_ranges + anycast4_ranges %}
+ip prefix-list my-networks seq {{(loop.index|int)*10}} permit {{range}}
+{%   if loop.last %}
+ip prefix-list my-networks seq {{(loop.index|int)*10+10}} deny any
+{%   endif %}
+{% endfor %}
-- 
GitLab