exit: leak outside routes into default VRF

So L3 servers can acces L2 servers.

roles/exit/templates/frr.conf.j2

@@ -99,7 +99,7 @@ router bgp {{ asn.asn }} vrf outside
 {% endfor %}
 
     redistribute static
-    redistribute connected route-map loopback-outside
+    redistribute connected
     import vrf default
     import vrf route-map outside-import
   exit-address-family
@@ -121,7 +121,7 @@ router bgp {{ asn.asn }} vrf outside
 {% endfor %}
 
     redistribute static
-    redistribute connected route-map loopback-outside
+    redistribute connected
     import vrf default
     import vrf route-map outside-import
   exit-address-family
@@ -226,6 +226,16 @@ ipv6 prefix-list default permit ::/0
 ip prefix-list fabric permit 10.34.0.0/24 ge 32
 ipv6 prefix-list fabric permit 2001:1470:fffd:3400::/64 ge 128
 
+# prefix list for outside networks
+{% for prefix in vrf_prefixes | selectattr('vrf.name', '==', 'outside')
+    | sort(attribute='family.value') | sort(attribute='vlan.vid') %}
+{% if prefix.family.value == 4 %}
+ip prefix-list outside permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+{% else %}
+ipv6 prefix-list outside permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+{% endif %}
+{% endfor %}
+
 # common prefix list for all inside networks
 {% for prefix in vrf_prefixes | selectattr('vrf.name', 'in', inside_vrfs)
     | sort(attribute='family.value') | sort(attribute='vlan.vid') %}
@@ -285,6 +295,10 @@ route-map default-import permit 30
   match ip address prefix-list nat
 route-map default-import permit 31
   match ipv6 address prefix-list vpn
+route-map default-import permit 40
+  match ip address prefix-list outside
+route-map default-import permit 41
+  match ipv6 address prefix-list outside
 
 route-map outside-import permit 10
   match ip address prefix-list dc