From ef1b00adce9ba6febc0d4168228d8b4f8b8012bb Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Sat, 21 Sep 2024 10:13:26 +0200
Subject: [PATCH] firewall: update backup route maps

To match the prefixes that are sent by firewalls.
---
 roles/exit/templates/frr.conf.j2 | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/roles/exit/templates/frr.conf.j2 b/roles/exit/templates/frr.conf.j2
index e9107a3..e02943c 100644
--- a/roles/exit/templates/frr.conf.j2
+++ b/roles/exit/templates/frr.conf.j2
@@ -448,11 +448,15 @@ route-map me->peer.4 permit 110
 route-map me->peer.4 permit 111
   match ipv6 address prefix-list default
 route-map me->peer.4 permit 120
-  match ip address prefix-list nat
+  match ip address prefix-list office
 route-map me->peer.4 permit 121
-  match ipv6 address prefix-list vpn
-route-map me->peer.4 permit 131
   match ipv6 address prefix-list office
+route-map me->peer.4 permit 130
+  match ip address prefix-list nat
+route-map me->peer.4 permit 140
+  match ip address prefix-list vpn
+route-map me->peer.4 permit 141
+  match ipv6 address prefix-list vpn
 
 # Received backup routes (same as above).
 route-map peer.4->me permit 110
@@ -460,8 +464,12 @@ route-map peer.4->me permit 110
 route-map peer.4->me permit 111
   match ipv6 address prefix-list default
 route-map peer.4->me permit 120
-  match ip address prefix-list nat
+  match ip address prefix-list office
 route-map peer.4->me permit 121
-  match ipv6 address prefix-list vpn
-route-map peer.4->me permit 131
   match ipv6 address prefix-list office
+route-map peer.4->me permit 130
+  match ip address prefix-list nat
+route-map peer.4->me permit 140
+  match ip address prefix-list vpn
+route-map peer.4->me permit 141
+  match ipv6 address prefix-list vpn