{# VRF outside is special, all others are inside but also firewalled from each other. #}
{% set inside_vrfs = interfaces | selectattr('parent') | selectattr('parent.name', '==', 'bridge')
    | selectattr('vrf') | map(attribute='vrf') | rejectattr('name', '==', 'outside') | unique -%}

# A separate VRF for each inside network so we can firewall between them.
{% for vrf in inside_vrfs %}
auto {{ vrf.name }}
iface {{ vrf.name }}
    vrf-table auto

{% endfor %}