From c65529f6ad0f9d7c6adf5f977be24ea11638da82 Mon Sep 17 00:00:00 2001
From: toby <toby@wit.com>
Date: Mon, 19 Nov 2018 18:35:11 +0100
Subject: [PATCH] adding support for bastions public lo ipv4

---
 debian/wit-network-config.postinst | 23 +++++++++++++----------
 files/frr.conf.wit                 | 17 ++++++++++++++---
 2 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst
index 58c57b0..cdbf0af 100755
--- a/debian/wit-network-config.postinst
+++ b/debian/wit-network-config.postinst
@@ -84,20 +84,14 @@ case "$1" in
 
 	EOF
 
-        PUBLICLOIP=$(dig_a public.${HOSTNAME}) || true
-        if [[ ! -z $PUBLICLOIP ]]; then
+        BASTIONPUBLICIP=$(dig_a public.${HOSTNAME}) || true
+        if [[ ! -z $BASTIONPUBLICIP ]]; then
                 cat <<-EOF >>$IFCONFIG
 			iface lo inet static
-			    address ${PUBLICLOIP}/32
+			    address ${BASTIONPUBLICIP}/32
 
 
 		EOF
-
-		FRR_BASTION="${FRR_BASTION}route-map BASTION permit 10\n"
-		FRR_BASTION="${FRR_BASTION}  match ip address prefix-list DEFAULT\n"
-		FRR_BASTION="${FRR_BASTION}  set src ${PUBLICLOIP}\n"
-		FRR_BASTION="${FRR_BASTION}ip protocol bgp route-map BASTION\n"
-
         fi
 
 
@@ -246,6 +240,14 @@ case "$1" in
 
 
 		EOF
+
+                FRR_IFS="${FRR_IFS}interface ${ifname}\n"
+                FRR_IFS="${FRR_IFS} description $ifalias\n"
+                FRR_IFS="${FRR_IFS} ipv6 nd other-config-flag\n"
+                FRR_IFS="${FRR_IFS} ipv6 nd prefix 2604:bbc0:0:210::/64\n"
+                FRR_IFS="${FRR_IFS} ipv6 nd ra-interval 10\n"
+                FRR_IFS="${FRR_IFS} no ipv6 nd suppress-ra\n!\n"
+
             fi
 
 
@@ -326,7 +328,6 @@ case "$1" in
 
       # set frr config
         sed -i \
-                -e "s/^!!! FRR_BASTION/$FRR_BASTION/" \
                 -e "s/^!!! FRR_IFS/$FRR_IFS/" \
                 -e "s/^ !!! FRR_EDGE_NEIGH/$FRR_EDGE_NEIGH/"  \
                 -e "s/^  !!! FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/$FRR_IPV4_EDGE_SUMMARIES_AGGREGATS/"  \
@@ -337,11 +338,13 @@ case "$1" in
                 -e "s/^!!! FRR_IPV6_CUSTOMERS_PFLIST/$FRR_IPV6_CUSTOMERS_PFLIST/"  \
                 -e "s/^!!! FRR_IPV4_LOOPBACK_PFLIST/$FRR_IPV4_LOOPBACK_PFLIST/"  \
                 -e "s/^!!! FRR_IPV6_LOOPBACK_PFLIST/$FRR_IPV6_LOOPBACK_PFLIST/"  \
+                -e "s/BASTION-PUBLIC-IP/$BASTIONPUBLICIP/" \
                 -e "s/FRR_GRE_ASN/${FRR_GRE_ASN}/"  \
                 -e "s/FRRROUTERID/${LOOPBACKv4}/" \
                 -e "s/NODEASN/${NODEASN}/"  \
                 $FRRCONFIG
         [ -z $FRR_EDGE_NEIGH ] || sed -i -e 's/!!!  //' $FRRCONFIG
+        [ -z $BASTIONPUBLICIP ] || sed -i -e 's/!!BASTION  //' $FRRCONFIG
 
 
 
diff --git a/files/frr.conf.wit b/files/frr.conf.wit
index 7dd6267..9edb7f5 100644
--- a/files/frr.conf.wit
+++ b/files/frr.conf.wit
@@ -115,7 +115,7 @@ ip prefix-list rfc1918 seq 30 permit 192.168.0.0/16 le 32
 ip prefix-list rfc1918 seq 35 permit 224.0.0.0/3 le 32
 ip prefix-list rfc1918 seq 40 permit 100.64.0.0/10 le 32
 
-
+!!BASTION  ip prefix-list BASTION seq 5 permit BASTION-PUBLIC-IP/32
 
 !!! FRR_IPV6_LOOPBACK_PFLIST
 
@@ -149,7 +149,11 @@ route-map EIPv6 permit 5
 route-map LOCALNETSv4 permit 5
  description "permit loopback ips"
  match ip address prefix-list LOOPBACKv4
-!
+
+!!BASTION  route-map LOCALNETSv4 permit 10
+!!BASTION   description permit bastion public loopback ip
+!!BASTION   match ip address prefix-list BASTION
+
 route-map LOCALNETSv6 permit 5
  description "permit ipv6 loopback ips"
  match ipv6 address prefix-list LOOPBACKv6
@@ -228,7 +232,14 @@ route-map LOCALNETSv6 permit 5
 !!!  !
 
 
-!!! FRR_BASTION
+!!BASTION  route-map BASTION permit 5
+!!BASTION   match ip address prefix-len 0
+!!BASTION   set src BASTION-PUBLIC-IP
+
+!!BASTION  route-map BASTION permit 10
+!!BASTION   match ip address prefix-list ALL
+
+!!BASTION  ip protocol bgp route-map BASTION
 
 
 !