firewall: don’t import or advertise subnets for inside networks

This is part two to commit 3b3e759c.
2025-03-26 10:14:15 +01:00 · 2025-03-26 10:14:15 +01:00 · f9f71bb337
parent cafa938da3
commit f9f71bb337
1 changed files with 2 additions and 2 deletions
--- a/roles/firewall/templates/frr.conf.j2
+++ b/roles/firewall/templates/frr.conf.j2
@ -75,9 +75,9 @@ ip prefix-list fabric permit 10.34.0.0/24 ge 32
 {% for prefix in vrf_prefixes | rejectattr('vrf.name', '==', 'outside')
    | sort(attribute='family.value') %}
 {% if prefix.family.value == 4 %}
-ip prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+ip prefix-list office permit {{ prefix.prefix }}
 {% elif prefix.family.value == 6 %}
-ipv6 prefix-list office permit {{ prefix.prefix }} ge {{ prefix.prefix | ipaddr('prefix') }}
+ipv6 prefix-list office permit {{ prefix.prefix }}
 {% endif %}
 {% endfor %}