diff --git a/geant/gap_ansible/roles/bc_templates/routers/nokia/filters/fw_filters.j2 b/geant/gap_ansible/roles/bc_templates/routers/nokia/filters/fw_filters.j2
index 4b804948c8cd8419f5c45cbe29e2be24986b861d..02ae6e3d4d26edb2a72f731d43c2c80947e59cec 100644
--- a/geant/gap_ansible/roles/bc_templates/routers/nokia/filters/fw_filters.j2
+++ b/geant/gap_ansible/roles/bc_templates/routers/nokia/filters/fw_filters.j2
@@ -34,8 +34,10 @@
{% endif %}
{% if term.from is defined %}
- {# This is the case for TCP_ESTABLISHED #}
- {% if term.from.protocol is defined and term.from.protocol == "tcp" and term.from.tcp_flag is defined %}
+ {# Special cases where from.protocol is defined #}
+ {% if term.from.protocol is defined %}
+ {# This is the case for TCP_ESTABLISHED #}
+ {% if term.from.protocol == "tcp" and term.from.tcp_flag is defined %}
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description>
@@ -56,11 +58,11 @@
<{{ term.action }}></{{ term.action }}>
</action>
</entry>
- {% set ns3.entry_id = ns3.entry_id + 10 %}
- {% endif %}
- {# This is to cover CPM-ipv6 ND case where dst_prefix_list is defined, but not src_prefix_list #}
- {% if term.from.protocol is defined and term.from.protocol == "ipv6-icmp" and term.from.dst_prefix_list is defined %}
- {% for dst_prefix_list_item in term.from.dst_prefix_list %}
+ {% set ns3.entry_id = ns3.entry_id + 10 %}
+ {% endif %}
+ {# This is to cover CPM-ipv6 ND case where dst_prefix_list is defined, but not src_prefix_list #}
+ {% if term.from.protocol == "ipv6-icmp" and term.from.dst_prefix_list is defined %}
+ {% for dst_prefix_list_item in term.from.dst_prefix_list %}
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
<description>{{ term.name }}</description>
@@ -77,57 +79,58 @@
<{{ term.action }}></{{ term.action }}>
</action>
</entry>
- {% set ns3.entry_id = ns3.entry_id + 10 %}
- {% endfor %}
- {% endif %}
- {# Generic ICMP filters with ICMP types #}
- {% if term.from.protocol is defined and (term.from.protocol == "icmp" or term.from.protocol == "ipv6-icmp") %}
- {% if term.from.icmp_types is defined %}
- {% for icmp_type in term.from.icmp_types %}
- <entry>
- <entry-id>{{ ns3.entry_id }}</entry-id>
- <description>{{ term.name }}</description>
- {% if term.log is defined %}
- <log>{{ term.log }}</log>
- {% endif %}
- <match>
- {% if filter.family == "ipv4" %}
- <protocol>{{ term.from.protocol }}</protocol>
- {% else %}
- <next-header>{{ term.from.protocol }}</next-header>
- {% endif %}
- <icmp>
- <type>{{ icmp_type }}</type>
- </icmp>
- </match>
- <action>
- <{{ term.action }}></{{ term.action }}>
- </action>
- </entry>
- {% set ns3.entry_id = ns3.entry_id + 10 %}
+ {% set ns3.entry_id = ns3.entry_id + 10 %}
{% endfor %}
{% endif %}
- {% endif %}
- {# Case when only need to match on protocol, e.g. PIM #}
- {% if term.from.protocol is defined and term.from.protocol in ['pim', '58'] %}
- <entry>
- <entry-id>{{ ns3.entry_id }}</entry-id>
- <description>{{ term.name }}</description>
- {% if term.log is defined %}
- <log>{{ term.log }}</log>
- {% endif %}
- <match>
- {% if filter.family == "ipv4" %}
- <protocol>{{ term.from.protocol }}</protocol>
- {% else %}
- <next-header>{{ term.from.protocol }}</next-header>
- {% endif %}
- </match>
- <action>
- <{{ term.action }}></{{ term.action }}>
- </action>
- </entry>
- {% set ns3.entry_id = ns3.entry_id + 10 %}
+ {# Generic ICMP filters with ICMP types #}
+ {% if (term.from.protocol == "icmp" or term.from.protocol == "ipv6-icmp") %}
+ {% if term.from.icmp_types is defined %}
+ {% for icmp_type in term.from.icmp_types %}
+ <entry>
+ <entry-id>{{ ns3.entry_id }}</entry-id>
+ <description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
+ <match>
+ {% if filter.family == "ipv4" %}
+ <protocol>{{ term.from.protocol }}</protocol>
+ {% else %}
+ <next-header>{{ term.from.protocol }}</next-header>
+ {% endif %}
+ <icmp>
+ <type>{{ icmp_type }}</type>
+ </icmp>
+ </match>
+ <action>
+ <{{ term.action }}></{{ term.action }}>
+ </action>
+ </entry>
+ {% set ns3.entry_id = ns3.entry_id + 10 %}
+ {% endfor %}
+ {% endif %}
+ {% endif %}
+ {# Case when only need to match on protocol, e.g. PIM #}
+ {% if term.from.protocol in ['pim', '58'] %}
+ <entry>
+ <entry-id>{{ ns3.entry_id }}</entry-id>
+ <description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
+ <match>
+ {% if filter.family == "ipv4" %}
+ <protocol>{{ term.from.protocol }}</protocol>
+ {% else %}
+ <next-header>{{ term.from.protocol }}</next-header>
+ {% endif %}
+ </match>
+ <action>
+ <{{ term.action }}></{{ term.action }}>
+ </action>
+ </entry>
+ {% set ns3.entry_id = ns3.entry_id + 10 %}
+ {% endif %}
{% endif %}
{# Case when both src_prefix_list and dst_prefix_list are defined #}
{% if term.from.src_prefix_list is defined %}
@@ -172,7 +175,7 @@
</entry>
{% endfor %}
{% else %}
-{# This is the case of CPM-filters, where destination prefix is not defined #}
+ {# src_prefix_list is defined, dst_prefix_list is not #}
<entry>
<entry-id> {{ ns3.entry_id }} </entry-id>
<description>{{ term.name }}</description>
@@ -203,9 +206,8 @@
</entry>
{% endif %}
{% endfor %}
- {% endif %}
{# Case where only DST prefix list is defined #}
- {% if term.from.dst_prefix_list is defined %}
+ {% elif term.from.dst_prefix_list is defined %}
{% for dst_prefix_list_item in term.from.dst_prefix_list %}
<entry>
<entry-id>{{ ns3.entry_id }}</entry-id>
@@ -236,10 +238,31 @@
</action>
</entry>
{% endfor %}
+ {# term.from.protocol and ports are defined, but not SRC or DST prefix list - e.g. IPv4 traceroute #}
+ {% elif term.from.protocol is defined and term.from.protocol in ['udp'] %}
+ <entry>
+ <entry-id>{{ ns3.entry_id }}</entry-id>
+ <description>{{ term.name }}</description>
+ {% if term.log is defined %}
+ <log>{{ term.log }}</log>
+ {% endif %}
+ <match>
+ {% if filter.family == "ipv4" %}
+ <protocol>{{ term.from.protocol }}</protocol>
+ {% else %}
+ <next-header>{{ term.from.protocol }}</next-header>
+ {% endif %}
+ {% include 'filters/port_list_entries.j2' %}
+ </match>
+ <action>
+ <{{ term.action }}></{{ term.action }}>
+ </action>
+ </entry>
+ {% set ns3.entry_id = ns3.entry_id + 10 %}
{% endif %}
{% endif %}
{% endfor %}
-{# Terms end #}
+ {# Terms end #}
{% if filter.family == "ipv4" %}
</ip-filter>
{% elif filter.family == "ipv6" %}