From 6c8309f1c9b5558e73d0c4bdbc09db260e1708f5 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Tue, 3 Sep 2024 17:15:12 +0200
Subject: [PATCH] exit: leak non-NATted inside routes into default VRF
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

So we don’t have to NAT inside our own network. We still firewall.
---
 roles/exit/templates/frr.conf.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/exit/templates/frr.conf.j2 b/roles/exit/templates/frr.conf.j2
index e73e6e9..24444e5 100644
--- a/roles/exit/templates/frr.conf.j2
+++ b/roles/exit/templates/frr.conf.j2
@@ -289,6 +289,8 @@ route-map default-import permit 10
   match ip address prefix-list default
 route-map default-import permit 11
   match ipv6 address prefix-list default
+route-map default-import permit 20
+  match ip address prefix-list office
 route-map default-import permit 21
   match ipv6 address prefix-list office
 route-map default-import permit 30