2 changed files with 3 additions and 5 deletions
--- a/roles/exit/templates/frr.conf.j2
+++ b/roles/exit/templates/frr.conf.j2
@ -188,6 +188,7 @@ router bgp {{ asn.asn }} vrf inside


 {% for vrf in vrfs.values() | selectattr('name', 'in', inside_vrfs) %}
+# VRF for L2 network {{ vrf.name }}. Imports gateway from inside VRF.
 router bgp {{ asn.asn }} vrf {{ vrf.name }}
  bgp bestpath as-path multipath-relax

@ -358,8 +359,6 @@ route-map firewall->outside permit 1
  match ip address prefix-list fabric
 route-map firewall->outside permit 2
  match ipv6 address prefix-list fabric
-route-map firewall->outside permit 20
-  match ip address prefix-list office
 route-map firewall->outside permit 21
  match ipv6 address prefix-list office
 route-map firewall->outside permit 30
--- a/roles/firewall/templates/frr.conf.j2
+++ b/roles/firewall/templates/frr.conf.j2
@ -136,11 +136,10 @@ route-map outside->default permit 10
 route-map outside->default permit 11
  match ipv6 address prefix-list default

-# Send inside and NAT addresses to outside peers so inbound packets go through the firewall.
+# Send IPv6 office addresses and IPv4 NAT addresses to outside peers
+# so inbound packets go through the firewall.
 route-map default->outside permit 1
  match interface lo
-route-map default->outside permit 10
-  match ip address prefix-list office
 route-map default->outside permit 11
  match ipv6 address prefix-list office
 route-map default->outside permit 20